An anonymous reader shares a report: Microsoft has had a rough few years of cybersecurity incidents. It found itself at the center of the SolarWinds attack nearly three years ago, one of the most sophisticated cybersecurity attacks we've ever seen. Then, 30,000 organizations' email servers were hacked in 2021 thanks to a Microsoft Exchange Server flaw. If that weren't enough already, Chinese hackers breached US government emails via a Microsoft cloud exploit earlier this year. Something had to give.

Microsoft is now announcing a huge cybersecurity effort, dubbed the Secure Future Initiative (SFI). This new approach is designed to change the way Microsoft designs, builds, tests, and operates its software and services today. It's the biggest change to security efforts inside Microsoft since the company announced its Security Development Lifecycle (SDL) in 2004 after Windows XP fell victim to a huge Blaster worm attack that knocked PCs offline in 2003. That push came just two years after co-founder Bill Gates had called on a trustworthy computing initiative in an internal memo.

Microsoft now plans to use automation and AI during software development to improve the security of its cloud services, cut the time it takes to fix cloud vulnerabilities, enable better security settings out of the box, and harden its infrastructure to protect against encryption keys falling into the wrong hands. In an internal memo to Microsoft's engineering teams today, the company's leadership has outlined its new cybersecurity approach. It comes just months after Microsoft was accused of "blatantly negligent" cybersecurity practices related to a major breach that targeted its Azure platform. Microsoft has faced mounting criticism of its handling of a variety of cybersecurity issues in recent years.

Mozilla Foundation's decision to switch the search engine built into its Firefox browser to Yahoo from Google was a "failed" bet that degraded the user experience, the company's chief executive said. From a report: Chief Executive Officer Mitchell Baker said Mozilla decided to switch to Yahoo's technology in 2014 after CEO Marissa Mayer took over and promised "to make a big bet on us."

"That bet failed," Baker said in a videotaped interview from 2022 played Wednesday in Google's defense during the Justice Department's antitrust trial. "The search experience that Yahoo was providing to Firefox users deteriorated." The Mozilla example -- the only situation in which a browser has switched the default search engine provider -- has been cited by both Google and the Justice Department to support their arguments in the case. [...] Yahoo agreed to pay Mozilla a minimum of $375 million -- more than the $276 million a year that Google was offering, Baker said. It also agreed to reduce the number of ads and offer less user tracking than Google, but over time Yahoo reneged on that and began showing more advertising, she added.

Ivan Mehta reports via TechCrunch: Instagram head Adam Mosseri said today that a Threads API is in the works. This will give developers a chance to create different apps and experiences around Threads. Mosseri was responding to journalist Casey Newton, who was conversing with a user about a TweetDeck-like experience for Threads. The Instagram head expressed apprehension about publishers posting a bunch of content and in turn, overshadowing creator content.

"We're working on it. My concern is that it'll mean a lot more publisher content and not much more creator content, but it still seems like something we need to get done," Mosseri said in a post. Later, an engineer working on Threads said that the team would start with endpoints for publishing content for the API. [...]

While Mosseri is concerned about publishers pushing an overwhelming amount of content through API integration, creators also need different tools to post various types of content. It also makes it easier for developers to design features suited for a specific platform if there is the option for an API integration.

An anonymous reader shares a report: The former head of search at Alphabet's Google told colleagues in February 2019 that his team was "getting too involved with ads for the good of the product and company," according to emails shown at the Justice Department's landmark antitrust trial against the search giant. Google maintains a firewall between its ads and search teams so that its engineers can innovate on Google's search engine, unsullied by the influence of the team whose goal is to maximize advertising revenue. But in February 2019, testimony at the antitrust trial revealed Tuesday, Google internally declared a "Code Yellow" amid concerns the company might not meet its goals for search revenue for the quarter.

As part of the emergency, which lasted for seven weeks, engineers from Google's search and Chrome browser teams were reassigned to figure out why user queries had slowed, according to the documents. Ben Gomes, Google's former head of search, was called by the company in its defense to show that it had made various advancements in search, particularly in mobile. However, cross examination by Justice Department lawyer David Dahlquist revealed the tensions between Gomes' search team and its advertising counterparts. The questioning sought to undermine Google's contentions that its search team focuses solely on improving the user experience and has sometimes been pulled into the advertising side, where the Justice Department alleges Google has been able to raise prices without pushback.

Microsoft has decided to axe the Windows Insider MVP program, which is now scheduled to be discontinued at the end of the year. From a report: A Microsoft spokesperson told The Register: "In an effort to consolidate MVP-style programs across Microsoft, we have decided to retire the Windows Insider MVP Program effective December 31, 2023. All our existing Windows Insider MVPs will be nominated to participate in the Microsoft MVP Program which has similar benefits and opportunities to continue networking with us and interacting with many other Microsoft MVPs globally."

The Windows Insider MVPs are usually enthusiasts of Microsoft's wares who are rewarded for their loyalty with access to the engineering teams, complimentary subscriptions to products such as Visual Studio Enterprise and Office 365, as well as the odd paperweight or two. A nomination must come from another MVP or a Microsoft employee to achieve this coveted status. An application is then scrutinized, and if one has demonstrated sufficient passion for all things Microsoft, the nod is given. Microsoft has plenty of Insider programs where users can play with pre-release versions of the company's software.

One of the world's top bullion banks is bringing blockchain to the antiquated London gold market. From a report: HSBC has launched a platform that uses distributed ledger technology to tokenize ownership of physical gold held in its London vault, Mark Williamson, global head of FX and commodities partnerships and propositions, said in an interview. The new system creates digital tokens that represent gold bars, which can then be traded through the bank's single-dealer platform. [...] What sets HSBC apart is its clout in the bullion market. It is one of the world's largest custodians of precious metals and one of four clearers on the London gold market, where over $30 billion of the metal changes hands every day.

Around 698,000 gold bars are stored in vaults in the Greater London area, valued at around $525 billion, according to the London Bullion Market Association. Despite its vast size, London's gold market still relies heavily on manual record keeping and trades entirely over-the-counter. Using blockchain technology makes the process "quicker and less cumbersome" as clients can more easily track the gold they own through the platform, down to the serial number of each bar, Williamson said. HSBC plans to eventually expand its system to include other precious metals, he added.

An anonymous reader shares a report: Not all Google searches make Google money. Google often says that it only shows ads on about 20 percent of queries, the ones it calls "commercial queries." This week, during the US v. Google antitrust trial, we got a rare glimpse at a closely guarded secret: which search terms make the most money. The list is only for the week of September 22nd, 2018, and it is the list of top queries ordered by revenue and nothing else. Still, we've never seen anything quite like this before, and the list was only made public after long deliberations from Judge Amit Mehta, who has, over the course of the trial, begun to push both sides to be more public with information and data like this.

Okay, here are the top 20 queries for that week ordered by revenue: iphone 8, iphone 8 plus, auto insurance, car insurance, cheap flights, car insurance quotes, direct tv, online colleges, at&t, hulu, iphone, uber, spectrum, comcast, xfinity, insurance quotes, free credit report, cheap car insurance, aarp, and lifelock.

Twenty-eight countries including the US, UK and China have agreed to work together to ensure artificial intelligence is used in a "human-centric, trustworthy and responsible" way, in the first global commitment of its kind. From a report: The pledge forms part of a communique signed by major powers including Brazil, India and Saudi Arabia, at the inaugural AI Safety Summit. The two-day event, hosted and convened by British prime minister Rishi Sunak at Bletchley Park, started on Wednesday. Called the Bletchley Declaration, the document recognises the "potential for serious, even catastrophic, harm" to be caused by advanced AI models, but adds such risks are "best addressed through international co-operation." Other signatories include the EU, France, Germany, Japan, Kenya and Nigeria.

The communique represents the first global statement on the need to regulate the development of AI, but at the summit there are expected to be disagreements about how far such controls should go. Country representatives attending the event include Hadassa Getzstain, Israeli chief of staff at the ministry of innovation, science and technology, and Wu Zhaohui, Chinese vice minister for technology. Gina Raimondo, US commerce secretary, gave an opening speech at the summit and announced a US safety institute to evaluate the risks of AI. This comes on the heels of a sweeping executive order by President Joe Biden, announced on Monday, and intended to curb the risks posed by the technology.

LinkedIn, the business-focused social network owned by Microsoft, on Wednesday said it now has more than 1 billion members and is adding more AI features for paying users. From a report: Crossing the billion-users mark puts LinkedIn -- where members maintain a resume-like profile of their education, work experience and professional skills -- in the top-tier of social media networks that include rivals such as Meta Platforms. About 80% of recent members are signing up from outside of the United States, the company has said.

LinkedIn has a free tier of membership but also offers subscriptions. Members of its $39.99-a-month tier will get new AI features that can tell a user, who may be plowing through dozens of job postings, whether they're a good candidate based on the information in their profile. The system can also recommend profile changes to make the user more competitive for a job.

WeWork plans to file for bankruptcy as early as next week, Reuters reported Tuesday, citing a source familiar with the matter, as the SoftBank Group-backed company struggles with a massive debt pile and hefty losses. From the report: Shares of the flexible workspace provider fell 32% in extended trading after the Wall Street Journal first reported the news. They have fallen roughly 96% this year. [...] The company had net long-term debt of $2.9 billion as of June end and more than $13 billion in long-term leases, at a time when rising borrowing costs are hurting the commercial real estate sector. WeWork's filing for bankruptcy would mark a stunning reversal of fortune for the company that was privately valued at $47 billion in 2019 and a black spot for investor SoftBank that sunk billions.

Google Registry has added domains ending in ".ing" -- "a situation seem/ing ripe for exceed.ing amounts of wordplay," reports 9to5Google. From the report: Google Registry -- which is different from Google Domains, the service Google is sell.ing off to SquareSpace -- tries to push the boundaries of domain names by launch.ing options like ".dev," ".app," and ".meme" (soon). After first be.ing announced in August, Google Registry is officially open.ing registration of .ing domains through partner companies like GoDaddy and 101Domain. As you might expect, the new domain end.ing is meant to inspire a sense of action, as exemplified by the first wave of companies debut.ing new domain names:

If you want a .ing domain of your own, you can do so from the official ".ing" site, but you'll be pay.ing an extra one-time fee dur.ing the Early Access Period, which runs until December 5, 2023, with fees decreas.ing on a "daily schedule." Register.ing during "Phase 1" will set you back over $1 million -- quite a lot of cha-ch.ing -- while "Phase 9" drops down as low as $144.99.

Emma Roth reports via The Verge: YouTube is broadening its efforts to crack down on ad blockers. The platform has "launched a global effort" to encourage users to allow ads or try YouTube Premium, YouTube communications manager Christopher Lawton says in a statement provided to The Verge. If you run into YouTube's block, you may see a notice that says "video playback is blocked unless YouTube is allowlisted or the ad blocker is disabled." It also includes a prompt to allow ads or try YouTube Premium. You may get prompts about YouTube's stance on ad blockers but still be able to watch a video, though, for one Verge staffer, YouTube now fully blocks them nearly every time.

YouTube confirmed that it was disabling videos for users with ad blockers in June, but Lawton described it as only a "small experiment globally" at the time. Now, YouTube has expanded this effort. Over the past several weeks, more users with ad blockers installed have found themselves unable to watch YouTube videos, with a post from Android Authority highlighting the increase in reports. Lawton maintains that the "use of ad blockers" violates the platform's terms of service, adding that "ads support a diverse ecosystem of creators globally and allow billions to access their favorite content on YouTube."

An anonymous reader quotes a report from TorrentFreak: The head of the Russian department responsible for identifying threats to the "stability, security and integrity" of the internet, has revealed the extent of the Kremlin's VPN crackdown. Former FSO officer Sergei Khutortsev, a central figure in Russia's 'sovereign internet' project, confirmed that 167 VPN services are now blocked along with over 200 email services. Russia is also reported as stepping up measures against protocols such as OpenVPN, IKEv2 and WireGuard. [...]

An in-depth report published by TheIns.ru has details of the monitoring/blocking system reportedly deployed in Russia, how much it costs (4.3 billion rubles/$43 million in 2020, 24.7 billion rubles/$247 million for 2022-2024), and the names of the companies supplying the components. The publication also obtained original documents that apparently show some of the protocols Russia initially intended to block. They include older VPN protocols IPSec, L2TP, and PPTP, plus the BitTorrent protocol still widely used today. The full report on the system, which reveals the use of Intel chips/chipsets in 965 servers manufactured by Huawei and already purchased by Russia, plus another 2400+ servers for 2023/24, is available here.

China's popular social media platforms are requiring "self-media" accounts with over 500,000 followers to disclose real-name information, prompting concerns over increased doxxing and privacy among some users. Reuters reports: China's most popular social media platforms on Tuesday announced that "self-media" accounts with more than 500,000 followers will be asked to display real-name information, a controversial measure that has prompted concerns over doxxing and privacy among some users. "Self-media" includes news and information not necessarily approved by the government, a genre of online content regulators have cracked down on in recent years to "purify" China's cyberspace. [...]

Rumors of the new policy had prompted lively debate among users. Some, like former state media editor Hu Xijin, have defended the measure as necessary in order to force influential accounts to use more responsible speech. Others, however, have expressed concerns that the measure would make doxxing easier and platforms would further remove online users' anonymity in the future.

The new measures will remove the anonymity of thousands of influencers on social media platforms that are used daily by hundreds of millions of Chinese. Several of the platforms said that accounts with over 1 million followers would be affected first and those that do not comply would face restrictions in their online traffic and income as a consequence.

An anonymous reader quotes a report from Ars Technica: Android is slowly entering the RISC-V era. So far we've seen Google say it wants to give the up-and-coming CPU architecture "tier-1" support in Android, putting RISC-V on equal footing with Arm. Qualcomm has announced the first mass-market RISC-V Android chip, a still-untitled Snapdragon Wear chip for smartwatches. Now Google has announced a timeline for developer tools via the Google Open Source Blog. The last post is titled "Android and RISC-V: What you need to know to be ready."

Getting the Android OS and app ecosystem to support a new architecture is going to take an incredible amount of work from Google and developers, and these tools are laying the foundation for that work. First up, Google already has the "Cuttlefish" virtual device emulator running, including a gif of it booting up. This isn't the official "Android Emulator" -- which is targeted at app developers doing app development -- Cuttlefish is a hardware emulator for Android OS development. It's the same idea as the Android Emulator but for the bottom half of the tech stack -- the kernel, framework, and hardware bits. Cuttlefish lets Google and other Android OS contributors work on a RISC-V Android build without messing with an individual RISC-V device. Google says it's working well enough now that you can download and emulate a RISC-V device today, though the company warns that nothing is optimized yet.

The next step is getting the Android Emulator (for app developers) up and running, and Google says: "By 2024, the plan is to have emulators available publicly, with a full feature set to test applications for various device form factors!" The nice thing about Android is that most app code is written with no architecture in mind -- it's all just Java/Kotlin. So once the Android RunTime starts spitting out RISC-V code, a lot of app code should Just Work. That means most of the porting work will need to go into things written in the NDK, the native developer kit, like libraries and games. The emulator will still be great for testing, though.

Google says it'll issue a system update to fix a major storage bug in Android 14 that has caused some users to be locked out of their devices. Ars Technica reports: Apparently one more round of news reports was enough to get the gears moving at Google. Over the weekend the Issue tracker bug has been kicked up from a mid-level "P2" priority to "P0," the highest priority on the issue tracker. The bug has been assigned to someone now, and Googlers have jumped into the thread to make official statements that Google is looking into the matter. Here's the big post from Google on the bug tracker [...]. The highlights here are that Google says the bug affects devices with multiple Android users, not multiple Google accounts or (something we thought originally) users with work profiles. Setting up multiple users means going to the system settings, then "Multiple users," then "Allow multiple users," and you can add a user other than the default one. If you do this, you'll have a user switcher at the bottom of the quick settings. Multiple users all have separate data, separate apps, and separate Google accounts. Child users are probably the most popular reason to use this feature since you can lock kids out of things, like purchasing apps.

Shipping a Google Play system update as a quick Band-Aid is an interesting solution, but as Google's post suggests, this doesn't mean the problem is fixed. Play system updates (these are alternatively called Project Mainline or APEX modules) allow Google to update core system components via the Play Store, but they are really not meant for critical fixes. The big problem is that the Play system updates don't aggressively apply themselves or even let you know they have been downloaded. They just passively, silently wait for a reboot to happen so they can apply. For Pixel users, it feels like the horse has already left the barn anyway -- like most Pixel phones have automatically applied the nearly 13-day-old update by now. Users can force Play system updates to happen themselves by going to the system settings, then "Security & Privacy," then "System & updates," then "Google Play system update." If you have an update, you'll be prompted to reboot the phone. Also note that this differs from the usual OS update checker location, which is in system settings, then "System," then "System update." The system update screen will happily tell you "Your system is up to date" even if you have a pending Google Play system update. It would be great to have a single location for OS updates, Google Play System/Mainline updates, and app updates, but they are scattered everywhere and give conflicting "up to date" messages.

"Windows 11's last major update, 22H2 introduced native support for managing RAR archives, eliminating the need for third-party software," writes Slashdot reader jjslash. "This enhancement is part of the OS's broader capability improvements for handling various archive file formats." TechSpot reports: Microsoft finally introduced native support for RAR archives earlier this year, just three decades after the format's official introduction in 1993. Windows 11 development is now progressing at an accelerated pace, therefore support for a whole lot of new (ancient) archive formats is coming soon.

Microsoft recently released KB5031455, an optional, feature-rich preview cumulative update for Windows 11, refreshing the list of archive formats natively supported in the OS. Windows 11 22H2 and later versions can now manage files compressed in the following archive types: .rar, .7z, .tar, .tar.gz, .tar.bz2, .tar.zst, .tar.xz, .tgz, .tbz2, .tzst, .txz. Support for password-encrypted archives is not available yet.

Redmond programmers added support for the aforementioned archive files thanks to the libarchive library, an open source project designed to develop a portable, efficient C library that can "read and write streaming archives" in a variety of formats. Libarchive supports additional archive types (Lzh, Xar) that could eventually come to Windows 11 as well.

Pete Syme reports via Insider: A British software company is giving Meta 30 days to stop using the name Threads in the UK because it owns the trademark. Threads Software Limited says its lawyers wrote to the Facebook and Instagram parent company on Monday. If Meta doesn't stop using the name Threads, Threads Software Limited says it will seek an injunction from the courts.

The British company trademarked Threads in 2012 for its intelligent messaging hub, which can store a company's emails, tweets, and voice over internet protocol phone calls in a cloud database. In a press release, it said it had declined the four offers that Meta's lawyers made to purchase its domain name "threads.app." Then when Meta launched Threads, its social media app designed to compete with Elon Musk's X, the British company says it was removed from Facebook. John Yardley, the managing director of Threads Software Limited, said the business "faces a serious threat from one of the largest technology companies in the world."

"We recognize that this is a classic 'David and Goliath' battle with Meta," said Yardley. "And whilst they may think they can use whatever name they want, that does not give them the right to use the Threads brand name."

An anonymous reader quotes a report from TechCrunch: After a weekend of almost complete internet blackout, connectivity in Gaza has been partially restored. On Friday, internet monitoring firms and experts reported that access to the internet had significantly degraded in the Palestinian enclave. The local internet service NetStream "collapsed," according to NetBlocks, a firm that tracks internet access across the world. At the same time, IODA, another internet monitoring system, showed outages and degradation across several Palestinian internet providers. The lack of internet communications caused emergency lines to stop ringing, made it hard for paramedics to locate the wounded, and for family members to reach relatives and friends, according to The New York Times.

On Sunday, IODA reported "marginal restoration" of internet connectivity in Gaza. Abdulmajeed Melhem, chief executive of the Palestinian main telecommunications company Paltel Group, told The Times that the internet had come back even though the company had not made any repairs. Then on Monday, Gaza had roughly the same access to internet connectivity as before Friday, according to several experts and firms that are monitoring the internet in the region, including Doug Madory, an expert who for years has focused on monitoring networks across the world. "There was the 34 hour complete blackout from Friday to Sunday -- a first for Gaza. Then there was last night's partial outage in northern Gaza," Madory, who is the director of internet analysis at Kentik, told TechCrunch on Monday. "The situation is still very precious: no power, little water. Service could potentially drop out again at any time." [...]

It's unclear what caused the internet outages in Gaza on Friday and what caused the improvements on Sunday and Monday. The Washington Post reported on Sunday that the U.S. government put pressure on the Israeli government to switch the internet back on in Gaza, citing an unnamed U.S. official. "We made it clear they had to be turned back on," the official said. "The communications are back on. They need to stay on," The Post quoted the official as saying. Also on Sunday, The Times reported that the U.S. government believed that the Israeli government was responsible for the near-blackout of the internet in Gaza.

Microsoft's dedicated OS for embedded and pocket devices, Windows CE, has reached the end of its support lifetime. From a report: Windows CE -- and there's never been an official explanation of what the WinCE-inducing name stood for -- debuted in November 1996, just a few months after Windows NT 4, the first version of NT with the Explorer desktop from Windows 95. Earlier this month, as reported by HPC Factor, the last ever version, CE 8, branded Compact Embedded 2013, reached its end of support.

In 2011, Microsoft said it would be replaced by a unified platform based on Windows 8, but we know how well that went down. By 2020, the official migration path was set -- to a container on top of Win10 IoT. Its fortunes have always fluctuated. In 1999, we asked does MS care about WinCE? By 2003, we reported that eTForecasts said it would outship PCs. Indirectly, the researchers were right -- smartphones did end up massively outselling PCs. They just weren't Microsoft ones.