Microsoft is detailing a number of new features coming to its Copilot service soon, including OpenAI's latest models. Copilot will get support for GPT-4 Turbo soon, alongside an updated DALL-E 3 model, a new code interpreter feature, and deep search functionality inside Bing. From a report: Copilot will soon be able to respond using OpenAI's latest GPT-4 Turbo model, which essentially means it will "see" more data thanks to a 128K context window. This larger context window will allow Copilot to better understand queries and offer better responses.

While you're waiting on the GPT-4 Turbo model to appear in Copilot, Microsoft is now using an improved DALL-E 3 model in Bing Image Creator and Copilot. Microsoft Edge, which includes a Copilot sidebar, is also getting the ability to compose text within websites' text input to rewrite sentences inline. You can also now use Copilot in Microsoft Edge to summarize videos you're watching on YouTube. Coders and developers might be interested in a new code interpreter feature coming to Copilot soon. This new feature will allow Copilot users to get more accurate calculations, data analysis, or even code from the AI chatbot.

An anonymous reader quotes a report from XDA Developers: A few days ago, we spotted that the HP Smart App was being installed on people's PCs without their consent. Even worse, the app would reappear if users tried to uninstall it or clean-installed Windows. Now, the cause has finally been identified: a recent Windows 10 and 11 update is renaming everyone's printers to "HP LaserJet M101-M106" regardless of what model it actually is. As reported on Windows Latest, the latest update for Windows 10 and 11 seems to think that people's printers are an HP LaserJet model, regardless of their actual brand. It's believed that the bug appeared after HP pushed its latest metadata to Windows Update, but something went awry in the code and caused other printers to be labeled as HP LaserJet printers.

This explains why the HP Smart App has been sneaking onto people's computers without their consent. A key part of Windows Update is keeping third-party drivers and devices updated, including downloading any apps that the devices depend on. After the printer metadata incorrectly identified everyone's printers as HP LaserJet printers, Windows installed all the software needed for an HP printer to work smoothly, including the HP Smart App. Fortunately, the bug only affects the metadata for the printer. While the printer may show up with a different name on your system, you should still be able to send print jobs to it. Microsoft has since removed the fault metadata from Windows Update, so anyone performing a clean install from now on should get their original printer's name back and stop the HP Smart App from re-downloading. Further reading: HP Exec Says Quiet Part Out Loud When It Comes To Locking in Print Customers

The API tokens of tech giants Meta, Microsoft, Google, VMware, and more have been found exposed on Hugging Face, opening them up to potential supply chain attacks. From a report: Researchers at Lasso Security found more than 1,500 exposed API tokens on the open source data science and machine learning platform -- which allowed them to gain access to 723 organizations' accounts. In the vast majority of cases (655), the exposed tokens had write permissions granting the ability to modify files in account repositories. A total of 77 organizations were exposed in this way, including Meta, EleutherAI, and BigScience Workshop - which run the Llama, Pythia, and Bloom projects respectively.

The three companies were contacted by The Register for comment but Meta and BigScience Workshop did not not respond at the time of publication, although all of them closed the holes shortly after being notified. Hugging Face is akin to GitHub for AI enthusiasts and hosts a plethora of major projects. More than 250,000 datasets are stored there and more than 500,000 AI models are too. The researchers say that if attackers had exploited the exposed API tokens, it could have led to them swiping data, poisoning training data, or stealing models altogether, impacting more than 1 million users.

The Atlantic writes: Failing a CAPTCHA isn't just annoying — it keeps people from navigating the internet. Older people can take considerably more time to solve different kinds of CAPTCHAs, according to the UC Irvine researchers, and other research has found that the same is true for non-native English speakers. The annoyance can lead a significant chunk of users to just give up.
But is it all also just a big waste of time? The article notes there's now even CAPTCHA-solving services you can hire. ("2Captcha will solve a thousand CAPTCHAs for a dollar, using human workers paid as low as 50 cents an hour. Newer companies, such as Capsolver, claim to instead be using AI and charge roughly the same price.")

And they also write that this summer saw more discouraging news: In a recent study from researchers at UC Irvine and Microsoft:

- most of the 1,400 human participants took 15 to 26 seconds to solve a CAPTCHA with a grid of images, with 81% accuracy.

- A bot tested in March 2020, meanwhile, was shown to solve similar puzzles in an average of 19.9 seconds, with 83% accuracy.
The article ultimately argues that for roughly 20 years, "CAPTCHAs have been engaged in an arms race against the machines," and that now "The burden is on CAPTCHAs to keep up" — which they're doing by evolving. The most popular type, Google's reCAPTCHA v3, should mostly be okay. It typically ascertains your humanity by monitoring your activity on websites before you even click the checkbox, comparing it with models of "organic human interaction," Jess Leroy, a senior director of product management at Google Cloud, the division that includes reCAPTCHA, told me.
But the automotive site Motor Biscuit speculates something else could also be happening. "Have you noticed it likes to ask about cars, buses, crosswalks, and other vehicle-related images lately?" Google has not confirmed that it uses the reCAPTCHA system for autonomous vehicles, but here are a few reasons why I think that could be the case. Self-driving cars from Waymo and other brands are improving every day, but the process requires a lot of critical technology and data to improve continuously.

According to an old Google Security Blog, using reCAPTCHA and Street View to make locations on Maps more accurate was happening way back in 2014... [I]t would ask users to find the street numbers found on Google Street View and confirm the numbers matched. Previously, it would use distorted text or letters. Using this data, Google could correlate the numbers with addresses and help pinpoint the location on Google Maps...

Medium reports that more than 60 million CAPTCHAs are being solved every day, which saves around 160,000 human hours of work. If these were helping locate addresses, why not also help identify other objects? Help differentiate a bus from a car and even choose a crosswalk over a light pole.
Thanks to Slashdot reader rikfarrow for suggesting the topic.

"As of this year, all new Mac computers are powered by Apple's own silicon, ending the company's 15-plus years of reliance on Intel," according to a new report from CNBC.

"Apple's silicon team has grown to thousands of engineers working across labs all over the world, including in Israel, Germany, Austria, the U.K. and Japan. Within the U.S., the company has facilities in Silicon Valley, San Diego and Austin, Texas..." The latest A17 Pro announced in the iPhone 15 Pro and Pro Max in September enables major leaps in features like computational photography and advanced rendering for gaming. "It was actually the biggest redesign in GPU architecture and Apple silicon history," said Kaiann Drance, who leads marketing for the iPhone. "We have hardware accelerated ray tracing for the first time. And we have mesh shading acceleration, which allows game developers to create some really stunning visual effects." That's led to the development of iPhone-native versions from Ubisoft's Assassin's Creed Mirage, The Division Resurgence and Capcom's Resident Evil 4.

Apple says the A17 Pro is the first 3-nanometer chip to ship at high volume. "The reason we use 3-nanometer is it gives us the ability to pack more transistors in a given dimension. That is important for the product and much better power efficiency," said the head of Apple silicon, Johny Srouji . "Even though we're not a chip company, we are leading the industry for a reason." Apple's leap to 3-nanometer continued with the M3 chips for Mac computers, announced in October. Apple says the M3 enables features like 22-hour battery life and, similar to the A17 Pro, boosted graphics performance...

In a major shift for the semiconductor industry, Apple turned away from using Intel's PC processors in 2020, switching to its own M1 chip inside the MacBook Air and other Macs. "It was almost like the laws of physics had changed," Ternus said. "All of a sudden we could build a MacBook Air that's incredibly thin and light, has no fan, 18 hours of battery life, and outperformed the MacBook Pro that we had just been shipping." He said the newest MacBook Pro with Apple's most advanced chip, the M3 Max, "is 11 times faster than the fastest Intel MacBook Pro we were making. And we were shipping that just two years ago." Intel processors are based on x86 architecture, the traditional choice for PC makers, with a lot of software developed for it. Apple bases its processors on rival Arm architecture, known for using less power and helping laptop batteries last longer.

Apple's M1 in 2020 was a proving point for Arm-based processors in high-end computers, with other big names like Qualcomm — and reportedly AMD and Nvidia — also developing Arm-based PC processors. In September, Apple extended its deal with Arm through at least 2040.
Since Apple first debuted its homegrown semiconductors in 2010 in the iPhone 4, other companies started pursuing their own custom semiconductor development, including Amazon, Google, Microsoft and Tesla.

CNBC reports that Apple is also reportedly working on its own Wi-Fi and Bluetooth chip. Apple's Srouji wouldn't comment on "future technologies and products" but told CNBC "we care about cellular, and we have teams enabling that."

The Linux Foundation's own "Open Software Security foundation" has an associated project called Alpha-Omega funded by Microsoft, Google, and Amazon with a mission to catalyze sustainable security improvements to critical open source projects and ecosystems.

It was established nearly two years ago in February of 2022 — and this month announced plans to continue supporting the Rust Foundation Security Initiative: 2022 was also the first full year of operation for the Rust Foundation — an independent nonprofit dedicated to stewarding the Rust programming language and supporting its global community. Given the considerable growth and rising popularity of the Rust programming language in recent years, it has never been more critical to have a healthy and well-funded foundation in place to help ensure the safety and security of this important language.

When the Rust Foundation emerged, OpenSSF recognized a shared vision of global open source security baked into their organizational priorities from day one. These shared security values were the driving force behind Alpha-Omega's decision to grant $460k USD to the Rust Foundation in 2022. This funding helped underwrite their Security Initiative — a program dedicated to improving the state of security within the Rust programming language ecosystem and sowing security best practices within the Rust community. The Security Initiative began in earnest this past January and has now been in operation for a full year with many achievements to note and exciting plans in development.

While security is a clear priority of the Rust language itself and can be seen in its memory safety-critical features, the Rust Project cannot reasonably be expected to foster long term, sustainable security without proper support and funding. Indeed, there is still a pervasive attitude across technology that cybersecurity is being managed and prioritized by "someone else." The unfortunate impact of this attitude is that critical security work often falls on overburdened and under-resourced open source maintainers. By prioritizing the Security Initiative during their first full year in operation, the Rust Foundation has taken on the responsibility of overseeing — and supporting — security improvements within the Rust ecosystem while ensuring meaningful progress...

Alpha-Omega is excited to announce our second year of supporting the Rust Foundation Security Initiative. We believe that this funding will build on the good work and momentum established by the Rust Foundation in 2023. Through this partnership, we are helping relieve maintainer burdens while paving an important path towards a healthier and more secure future within the Rust ecosystem.
Meanwhile, this month the Rust Foundation announced that downloads from Rust's package repository crates.io have now reached 45 billion — and that the foundation is "committed to facilitating the healthy growth of Rust through funding and resources for the community and the Project.

"After conducting initial planning and research and getting approval from our board of directors, we are pleased to announce our intention to help fulfill this commitment by developing a Rust Foundation training and certification program." We continue to be supportive of anyone creating Rust training and education materials. In fact, we are proud to have provided funding to a few individuals involved in this work via our Community Grants Program. Our team is also aware that commercial Rust training courses already exist and that global training entities are already developing their own Rust-focused programs. Given the value of Rust in professional open source, this makes sense. However, we are eager to introduce a program that will allow us to direct profits back into the Rust ecosystem.

As a nonprofit organization, we sit in a unique position thanks to the tools, connections, insights, administrative support, and resources at our disposal — all of which will add value to course material aimed at professional development and adoption. We see our forthcoming program as one tool of many that can be used to verify skills for prospective employers, and for those employers to build out their professional teams of Rust expertise. We will remain supportive of existing training programs offered by Rust Foundation member companies and we'll look for ways to ensure this remains the case as program development progresses... There is no set launch date for the Rust Foundation training and certification program yet, but we plan to continue laying high-quality groundwork in Q4 of 2023 and the first half of 2024.

Microsoft is talking to partners to help launch a mobile gaming store that will take on Apple and Google's dominant position in the business, according to Phil Spencer, who leads the company's Xbox video-game division. From a report: "It's an important part of our strategy and something we are actively working on today not only alone, but talking to other partners who'd also like to see more choice for how they can monetize on the phone," Spencer said in an interview in Sao Paulo during the CCXP comics and entertainment convention.

The executive declined to give a specific date for a launch of the online store, which earlier reports suggested could be next year. "I don't think this is multiple years away, I think this is sooner than that," he said. Microsoft earlier this year expanded its Game Pass subscription service for players on personal computers to 11 new Latin American countries, leading to a 7% increase in customers. Peru and Costa Rica are the standouts in terms of customer interest, accounting for almost half of new signups, Spencer said. Globally Brazil is the second-biggest market for the PC Game Pass. "In many ways Brazil leads a lot of the trends that we see globally," Spencer said.

According to Microsoft Gaming CEO Phil Spencer, the company is talking to partners to help launch a mobile gaming store that will take on Apple and Google. "It's an important part of our strategy and something we are actively working on today not only alone, but talking to other partners who'd also like to see more choice for how they can monetize on the phone," Spencer said in an interview in Sao Paulo during the CCXP comics and entertainment convention. From the report: The executive declined to give a specific date for a launch of the online store, which earlier reports suggested could be next year. "I don't think this is multiple years away, I think this is sooner than that,'' he said. [...] Microsoft's mobile store would also enter a challenging regulatory climate around smartphone-based digital marketplaces. Fortnite-maker Epic Games has sued both Apple and Alphabet's Google over their iOS and Android store practices, alleging they are unnecessarily restrictive and unfair. Apple doesn't allow competing stores on its iPhone and iPad platforms, and collects a 30% cut of sales for most purchases. Game makers have taken issue with the fees.

Epic lost its battle with Apple but in September asked the US Supreme Court to weigh in. Apple is also petitioning that court to reverse an order that would force the company to let developers steer customers to other payment methods. Epic is still in court fighting its case against Google, which does allow third-party app stores on its devices.The European Union's Digital Markets Act, which is just beginning to take effect, could force Apple to open up its app store ecosystem. Apple is challenging the regulation.

Microsoft may be able to use long-standing resentment against the market leaders to martial support for its store offering. Xbox's cloud gaming technology already lets users stream blockbuster games to mobile phones. "We've talked about choice, and today on your mobile phones, you don't have choice,'' Spencer said. "To make sure that Xbox is not only relevant today but for the next 10, 20 years, we're going to have to be strong across many screens." Earlier this week, Xbox CFO Tim Stuart said during the Wells Fargo TMT Summit that Microsoft wants to make first-party games and Game Pass available on "every screen that can play games," including rival consoles. "It's a bit of a change of strategy. Not announcing anything broadly here, but our mission is to bring our first-party experiences [and] our subscription services to every screen that can play games," Stuart said. "That means smart TVs, that means mobile devices, that means what we would have thought of as competitors in the past like PlayStation and Nintendo."

An anonymous reader quotes a report from Ars Technica: Security researchers are tracking what they say is the "mass exploitation" of a security vulnerability that makes it possible to take full control of servers running ownCloud, a widely used open source file-sharing server app. The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain passwords and cryptographic keys allowing administrative control of a vulnerable server by sending a simple Web request to a static URL, ownCloud officials warned last week. Within four days of the November 21 disclosure, researchers at security firm Greynoise said, they began observing "mass exploitation" in their honeypot servers, which masqueraded as vulnerable ownCloud servers to track attempts to exploit the vulnerability. The number of IP addresses sending the web requests has slowly risen since then. At the time this post went live on Ars, it had reached 13.

CVE-2023-49103 resides in versions 0.2.0 and 0.3.0 of graphapi, an app that runs in some ownCloud deployments, depending on the way they're configured. A third-party code library used by the app provides a URL that, when accessed, reveals configuration details from the PHP-based environment. In last week's disclosure, ownCloud officials said that in containerized configurations -- such as those using the Docker virtualization tool -- the URL can reveal data used to log in to the vulnerable server. The officials went on to warn that simply disabling the app in such cases wasn't sufficient to lock down a vulnerable server. [...]

To fix the ownCloud vulnerability under exploitation, ownCloud advised users to: "Delete the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. Additionally, we disabled the phpinfo function in our docker-containers. We will apply various hardenings in future core releases to mitigate similar vulnerabilities.

We also advise to change the following secrets:
- ownCloud admin password
- Mail server credentials
- Database credentials
- Object-Store/S3 access-key"

Windows users are reporting that Hewlett Packard's HP Smart application is appearing on their systems, despite them not having any of the company's hardware attached. From a report: While Microsoft has remained tight-lipped on what is happening, folks on various social media platforms noted the app's appearance, which seems to afflict both Windows 10 and Windows 11. The Windows Update mechanism is used to deploy third-party applications and drivers as well as Microsoft's updates, and we'd bet someone somewhere has accidentally checked the wrong box.

Up to now, the response from affected users has been one of confusion. One noted on Reddit: "I thought that was just me. I didn't install it, it just appeared on new apps in start menu out of nowhere." Another said: "I just checked and I had it installed too. Checking the event log for the Microsoft Store shows that it installed earlier today, but I definitely did [not] request or initiate it because I do not have any devices from HP." And, of course, there was the inevitable: "Would it be that hard for Microsoft to just provide an operating system without needless bloat?" To be clear, not all users are affected.

An anonymous reader shares a report: Until today, we'd never heard of "Project Boston." It was Activision Blizzard King's big plan to earn more money from its mobile games by changing its relationship with Google. And if things had gone differently, it would have given Activision Blizzard its own app store on Android. In late 2019, according to internal emails and documents I saw today in the courtroom during the Epic v. Google trial, the company decided it was going to dual-track two intriguing parallel plans.

The first plan was to build its own mobile game store -- either in partnership with Epic Games and Clash of Clans publisher Supercell or all by itself -- to bypass the Google Play Store. You'd download it from a website, sideload it onto your Android phone, and then you'd be able to purchase, download, and patch games like Candy Crush, Call of Duty: Mobile, and Diablo Immortal there. In private emails with Epic CEO Tim Sweeney, Activision Blizzard CFO Armin Zerza pitched it as the "Steam of Mobile" -- a single place to buy mobile games, with a single payment system. Documents suggest the store would charge a transaction fee of 10 to 12 percent, lower than the 30 percent fee Google (and Nintendo, Sony, Microsoft, and Steam) impose on gaming transactions.

The president of tech giant Microsoft said there is no chance of super-intelligent artificial intelligence being created within the next 12 months, and cautioned that the technology could be decades away. From a report: OpenAI cofounder Sam Altman earlier this month was removed as CEO by the company's board of directors, but was swiftly reinstated after a weekend of outcry from employees and shareholders. Reuters last week exclusively reported that the ouster came shortly after researchers had contacted the board, warning of a dangerous discovery they feared could have unintended consequences.

The internal project named Q* (pronounced Q-Star) could be a breakthrough in the startup's search for what's known as artificial general intelligence (AGI), one source told Reuters. OpenAI defines AGI as autonomous systems that surpass humans in most economically valuable tasks. However, Microsoft President Brad Smith, speaking to reporters in Britain on Thursday, rejected claims of a dangerous breakthrough. "There's absolutely no probability that you're going to see this so-called AGI, where computers are more powerful than people, in the next 12 months. It's going to take years, if not many decades, but I still think the time to focus on safety is now," he said.

Microsoft wants to bring Xbox Game Pass to PlayStation and Nintendo. From a report: Xbox CFO Tim Stuart said during the Wells Fargo TMT Summit this week that the goal is to make first-party games and Game Pass available on "every screen that can play games," and this includes rival consoles. "It's a bit of a change of strategy. Not announcing anything broadly here, but our mission is to bring our first-party experiences [and] our subscription services to every screen that can play games," Stuart said. "That means smart TVs, that means mobile devices, that means what we would have thought of as competitors in the past like PlayStation and Nintendo."

Stuart said Game Pass is a "high margin" business for Microsoft, along with first-party games and advertising. These are all areas that Microsoft plans to expand into significantly in the time ahead, Stuart said. The executive added that buying Activision Blizzard helps Microsoft get there faster than it might have been able to on its own. For the advertising part specifically, the Candy Crush mobile game series from King -- which is now owned by Microsoft -- is deeply embedded with ads and microtransactions.

Microsoft Phone Link, previously known as Microsoft Your Phone, lets you control your Android phone from your computer. Now, the company appears to be working on letting you use your Android phone as a webcam with Windows computers, similar to how you can use your iPhone as a webcam on Mac. Android Authority reports: Microsoft's Link to Windows v1.23102.190.0 for Android app includes code that suggests that the company is working on letting your Android phone provide a video stream to your Windows PC. This would effectively allow it to be used as a webcam. [...] These strings indicate that once Microsoft's Phone Link app is working on both connected devices, users would be able to start a camera stream that lets their phone's camera be available to their Windows PC. The strings do not explicitly mention "webcam," but other clues indicate that the feature would be related to video calls in some ways.

Phone Link can already access your camera and video conferencing apps, but this is just mirroring apps running on your phone. What you see on your phone screen is what you see on the computer. If you record a video, it gets saved to your phone as typical video recordings do. With the new functionality spotted above, Phone Link could potentially compete against Apple's Continuity Camera features. With Continuity Camera, users can mount their iPhone to their Mac and then use the iPhone's camera and microphone for FaceTime or other camera apps.

Sam Altman is officially OpenAI's CEO again after spending four days in exile. Meanwhile, Microsoft is getting a non-voting observer seat on the nonprofit board that controls OpenAI. "OpenAI adding Microsoft to the board as a 'non-voting observer' means that the tech giant will have more visibility into the company's inner workings but not have an official vote in big decisions," reports The Verge.

Altman said in a memo to employees: "I have never been more excited about the future. I am extremely grateful for everyone's hard work in an unclear and unprecedented situation, and I believe our resilience and spirit set us apart in the industry. I feel so, so good about our probability of success for achieving our mission." From the report: With three of the four board members who decided to suddenly fire Altman now gone, OpenAI's new board consists of chair Bret Taylor, Larry Summers, and Adam D'Angelo, the only remaining holdout from the previous board.

In his memo to employees, Altman said that he harbors "zero ill will" towards Ilya Sutskever, OpenAI's co-founder and chief scientist who initially participated in the board coup and changed his mind after nearly all of the company's employees threatened to quit if Altman didn't come back. "While Ilya will no longer serve on the board, we hope to continue our working relationship and are discussing how he can continue his work at OpenAI," Altman said. "The fact that we did not lose a single customer will drive us to work even harder for you," he told employees.

The tech industry has largely recovered from the downturn, but Silicon Valley learned a long-lasting lesson: how to do more with less. From a report: Amazon, Google, Microsoft and Meta Platforms have been cutting dozens or a few hundred employees at a time as executives keep tight controls on costs, even as their businesses and stock prices have rebounded sharply. The cuts are far smaller than the mass layoffs that reached tens of thousands in late 2022 and early this year. But they suggest a new era for an industry that in years past grew with little restraint, one in which companies are focusing on efficiency and acting more like their corporate peers that emphasize shareholder value and healthy margins.

The launch of the humanlike chatbot ChatGPT late last year served as a bright spot of growth in an industry that was otherwise scaling back. Challenges regarding the technology and calls for regulation remain, but some of the biggest tech companies are starting to make it their priority. There is a reallocation of resources from noncore areas to projects such as AI rather than hiring new people, said Ward, who was previously a director of recruiting at Facebook and the head of recruiting at Pinterest.

Amazon eliminated several hundred roles this month from its Alexa division to maximize its "resources and efforts focused on generative AI," according to an internal memo. The company has also made small cuts in recent weeks to its gaming and music divisions. Facebook's parent, Meta, recently posted its largest quarterly revenue in more than a decade. It laid off 20 people weeks later. Chief Executive Officer Mark Zuckerberg said on an earnings call that the company would continue to operate more efficiently going forward "both because it creates a more disciplined and lean culture, and also because it provides stability to see our long-term initiatives through in a very volatile world."

An anonymous reader shares a report: The biggest benefit Samsung Internet on a desktop operating system will provide is the syncing of browsing data between your phone and PC, the lack of which has prevented many users from using Samsung Internet as their primary browser app on their phones and tablets. Unfortunately, Samsung hasn't yet implemented full-fledged sync support on Samsung Internet for Windows. While you can log in with your Samsung account, only browsing history, bookmarks, saved pages and open tabs can be synced at this time. Password syncing is not available, which hopefully won't remain the case for long.

The first time you run Samsung Internet on Windows, you can import browsing history, bookmarks/favorites, and search engines from other browsers, including Google Chrome and Microsoft Edge. You can also import bookmarks using an HTML file. As for other features, Samsung Internet on Windows has ad blocker support, a secret (incognito) mode, extension support, light and dark mode themes, and a few others. Since Samsung Internet is based on the open-source Chromium project like Chrome and Microsoft Edge, it should support extensions and add-ons that work on those browsers.

An anonymous reader quotes a report from Ars Technica: A prolific espionage hacking group with ties to China spent over two years looting the corporate network of NXP, the Netherlands-based chipmaker whose silicon powers security-sensitive components found in smartphones, smartcards, and electric vehicles, a news outlet has reported. The intrusion, by a group tracked under names including "Chimera" and "G0114," lasted from late 2017 to the beginning of 2020, according to Netherlands national news outlet NRC Handelsblad, which cited "several sources" familiar with the incident. During that time, the threat actors periodically accessed employee mailboxes and network drives in search of chip designs and other NXP intellectual property. The breach wasn't uncovered until Chimera intruders were detected in a separate company network that connected to compromised NXP systems on several occasions. Details of the breach remained a closely guarded secret until now.

NRC cited a report published (and later deleted) by security firm Fox-IT, titled Abusing Cloud Services to Fly Under the Radar. It documented Chimera using cloud services from companies including Microsoft and Dropbox to receive data stolen from the networks of semiconductor makers, including one in Europe that was hit in "early Q4 2017." Some of the intrusions lasted as long as three years before coming to light. NRC said the unidentified victim was NXP. "Once nested on a first computer -- patient zero -- the spies gradually expand their access rights, erase their tracks in between and secretly sneak to the protected parts of the network," NRC reporters wrote in an English translation. "They try to secrete the sensitive data they find there in encrypted archive files via cloud storage services such as Microsoft OneDrive. According to the log files that Fox-IT finds, the hackers come every few weeks to see whether interesting new data can be found at NXP and whether more user accounts and parts of the network can be hacked."

NXP did not alert customers or shareholders to the intrusion, other than a brief reference in a 2019 annual report. It read: "We have, from time to time, experienced cyber-attacks attempting to obtain access to our computer systems and networks. Such incidents, whether or not successful, could result in the misappropriation of our proprietary information and technology, the compromise of personal and confidential information of our employees, customers, or suppliers, or interrupt our business. For instance, in January 2020, we became aware of a compromise of certain of our systems. We are taking steps to identify the malicious activity and are implementing remedial measures to increase the security of our systems and networks to respond to evolving threats and new information. As of the date of this filing, we do not believe that this IT system compromise has resulted in a material adverse effect on our business or any material damage to us. However, the investigation is ongoing, and we are continuing to evaluate the amount and type of data compromised. There can be no assurance that this or any other breach or incident will not have a material impact on our operations and financial results in the future."

Microsoft is returning to the Bliss hill once again with this year's entry in its now-traditional ugly retro-computing sweater series. From a report: Blue hemming at the bottom and on the sleeves evokes Windows XP's bright-blue taskbar, and in case people don't immediately recognize Bliss as "a computer thing," there's also a giant mouse pointer hovering over it. The sweater is available from size small up to a 3XL, and costs $70 regardless of which version you buy. All sizes are currently expected to arrive sometime between December 2 and 6.

Amazon on Tuesday announced a new chatbot called Q for people to use at work. From a report: The product, announced at Amazon Web Services' Reinvent conference in Las Vegas, represents Amazon's latest effort to challenge Microsoft and Google in productivity software. It comes one year after Microsoft-backed startup OpenAI launched its ChatGPT chatbot, which has popularized generative artificial intelligence for crafting human-like text in response to a few lines of human input.

A tier for business users will cost $20 per person per month. A version with additional features for developers and IT workers will cost $25 per person per month. The Copilot for Microsoft 365 and Duet AI for Google Workspace for business workers both cost $30 per person per month. Initially, Q can help people understand the capabilities of AWS and trouble-shoot issues. People will be able to talk with it in communication apps such as Salesforce's Slack and software developers' text-editing applications, Adam Selipsky, CEO of AWS, said onstage at Reinvent. It will also appear in AWS' online Management Console. Q can provide citations of documents to back up its chat responses. The tool can automatically make changes to source code so developers have less work to do, Selipsky said. The service will be able to connect to more than 40 enterprise systems, he said.