Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

22 Apr 2022

Twitter might ask again, 'What are you doing?'

Twitter has changed a lot in recent years, and especially more recently with a subscription service, Spaces, and the ability to remove followers. Some might say the social media platform is virtually unrecognizable from the platform they first joined back in 2006. 

Actually, I might say that but now Twitter is, according to Tech Blogger and code-sleuth Jane Manchin Wong, a new feature that takes me all the way back to my own first Tweet on March 19, 2007. 

Code-named "Vibe," the "Set a status" feature would let you show followers what you're doing right now.

See more

In the captured feature screen, there's a "What are you doing?" prompt with a dropdown list of options like, "Driving highway," "Shopping grocery," and "Lurking Twitter".

This might appear with your profile, possibly even above your tweets. Wong likens it to what Instagram Threads does with "Status."

I, however, see it differently.

When Twitter launched in 2006, the idea was to let followers (usually co-workers, colleagues, friends) know what you were doing at any given moment.

The service's tag line back then was quite clear: "A global community of friends and strangers answering one simple question: What are you doing?"

Twitter in 2006

(Image credit: Future)

The last sentence appears in bright yellow as if Twitter had run a highlighter across it.

That's right. The wording is exactly the same.

Fifteen years ago, I had no idea how to use Twitter, so I followed the platform's instructions and simply listed what I was doing: "Listening to TWiT. Eating a bagel. Drinking my coffee. Typing this note."

See more

It was arguably a terrible post, but it did answer the question, "What are you doing?"

The Twitter of 2022 is, obviously, a far different beast. It asks "What's happening?" It's a place to post what you're thinking, explore ideas, argue, and share a wide array of information, photos, video, and audio. It's a media platform.

Twitter, perhaps sensing that it has moved oceans away from its original intent, is thinking that just a little hint of the past - of its roots - might make Twitter more engaging, fun, and less of a self-serious place.

Instead of an angry tweet about the latest political debate or a pitched battle regarding Android versus iOS, there might just be an old-school status update, one that says the Twitter member is driving, walking, or eating a bagel.

I have no idea if Twitter fully plans to launch "Set a status" (I've asked Twitter directly and am awaiting a response"), but I think it could use this nostalgic feature, especially as it faces the prospect of new ownership (Hi, Elon Musk!) and maybe some significant changes that could, again, change the face of the venerable platform.

Read more...
22 Apr 2022

One of the best free video editors just became an even better option

Blackmagic Design has rolled out DaVinci Resolve 18, a new version of the free video editing software that puts cloud collaboration front and center.

As part of the upgrade, the software has been beefed up with new remote collaboration tools and cloud-based workflows. Topping the list of improvements is a new integration with Blackmagic Cloud. 

According to the company, Blackmagic Cloud lets DaVinci Resolve users “share projects and work collaboratively with editors, colorists, VFX artists and audio engineers on the same project at the same time, anywhere in the world". The remote collaboration tool will also now let users host project libraries on the cloud-based Project Server.

Upgrades galore

Helping drive new cloud capabilities is the Blackmagic Proxy Generator App. The app creates H.264, H.265, or Apple ProRes proxies from camera originals to speed up online file transfers. Users are then able to switch between originals and proxies as they edit clips and move to post.

Intelligent path mapping further increases the collaboration workflow within the app by letting users link unique file paths without having to manually search and relink assets. 

The NLE app also builds up the toolkit for colorists, with the likes of the Neural Engine-powered object mask tool, which the firm says “is able to recognize and track the movement of thousands of unique objects.” A new depth map effect is also included, adding the option to create a 3D depth matte for individually coloring backgrounds and foregrounds, depending on what is need to highlight in each scene.  

Owners of Apple M1-powered devices will be delighted to hear that DaVinci Resolve 18 now fully supports Apple’s proprietary silicon too. The news comes just days after Adobe announced its video effects software After Effects will also get native M1 support.  

Hardware for the cloud

On the hardware side, Blackmagic has unveiled the smartly designed Cloud Store and the HyperDeck Shuttle HD.

Billed as a “high-performance network storage solution”, the Cloud Store unit is built to maximize transfer speeds with four 10G Ethernet connections and a parallel memory core. Retailing from $9,595, it’s available in 20TB, 80TB, and 320TB models from Q2 2022.

The HyperDeck Shuttle, on the other hand, is out now, priced $495. The recorder/player with built-in teleprompter features a commanding search dial and broadcast deck controls for faster navigation. 

Elsewhere, Blackmagic Design continues to roll out QoL improvements, like GPU acceleration, increased subtitle support, 5x5 multicam viewer, a new surface tracker, and expanded support for Dolby Atmos. 

The latest version of the video editor is now in public beta for users to try.    

Read more...
22 Apr 2022

Seagate plans to use only renewable energy to build its hard drives by 2030

The data storage company Seagate has pledged to power its entire global footprint with 100 percent renewable energy by 2030 and to achieve carbon neutrality by 2040.

The hard drive and SSD maker announced its new environmental sustainability goals in conjunction with the release of the company’s 16th Global Citizenship Annual Report. Seagate is also building on its Science Based Targets by expanding its actions in support of the company’s commitment to a sustainable datasphere and protecting the environment.

SVP of business sustainability and transformation at Seagate, Joan Mostinger explained in a press release that the company’s environmental goals will also extend to its suppliers and even its customers, saying:

“Seagate’s value of Integrity compels us to take meaningful and measurable action on climate change. Today, we publicly share our commitments, and we are well on our way to achieving these milestones both within our operations, with electricity sources, and with our suppliers and customers.”

Conserving energy, recycling and dealing with hazardous waste

According to Seagate’s 2021 Global Citizenship Annual Report, the company saved approximately 23k MWh that amounted to 14k tCO2e of electricity last year through both energy conservation and efficiency initiatives which exceeded its goal of 10k MWh for the year.

On the recycling front, the storage giant continued its product circularity partnerships with Dell and Google in 2021. These partnerships allowed Seagate to recycle components that use rare earth metals such as voice coil magnet assemblies.

As hard drives and SSDs grow in capacity, the company has decreased the intensity of the hazardous waste generated per exabyte by 17 percent last year. This was mostly achieved through recycling and it allowed Seagate to divert 84 percent of its waste away from landfills. At the same time, water recycling increased by more than nine percent year over year.

As the number of online services consumers and businesses use each day continue to increase, so too does the amount of data created which means that cloud storage, web hosting and other tech firms need to use more hard drives and SSDs in their data centers. By committing to power its global footprint with just renewable energy by 2030, Seagate is helping to curb the environmental effects of this huge influx in data.

Read more...
22 Apr 2022

Microsoft Edge update will make sure you're never locked out of an account again

Microsoft is preparing an update for web browser Edge that will offer users improved password management facilities.

In the near future, Edge users will be able to have their browser save all passwords automatically, minimizing the opportunity for credentials to be lost.

Users will need to activate the feature manually, by navigating to Settings > Passwords, and tapping on the “Save passwords automatically” option.

Microsoft Edge security features

Microsoft first introduced password management functionality to its flagship browser in January last year, offering users a simple alternative to fully-featured services like LastPass and Dashlane, which cost in the region of $40/year.

The idea was to give users a cost-effective way to limit the risk of credential stuffing, brute force attacks and identity theft.

Since then, the firm has rolled out a number of improvements for the service, including the ability to add credentials to the roster manually, without having to log into a service.

And now, users will benefit from the ability to save passwords to the Edge password manager automatically too.

The in-built password manager is one of a number of ways Microsoft is attempting to keep Edge users secure, however.

In November, for example, the company rolled out a new configuration, called Super Duper Secure Mode, that offers users the maximum level of security in exchange for a tax on performance and functionality.

And in January, Edge received an update designed to shield against potent zero-day exploits, offering an additional layer of protection.

Via Windows Latest

Read more...
22 Apr 2022

Microsoft Teams update offers a glimpse at the future of online collaboration

Microsoft is readying an update for Teams that offers a glimpse at the company’s long-term plans for its now-ubiquitous collaboration platform.

As per a new entry in the company’s product roadmap, Microsoft is preparing to expand its Suggested Replies feature (available via the Microsoft Teams mobile app) to cover a broader range of languages.

In addition to English, the feature will now support 19 new languages, including Spanish, French, German, Italian, Russian and Chinese.

The update is still currently under development, but should roll out to all users in the coming week.

Microsoft Teams and the next era of work

Since the start of the pandemic, Microsoft Teams has become a central part of many people’s remote working experiences. The latest data suggests the platform is now frequented by as many as 270 million users each month.

However, the transition to a remote or hybrid working arrangement has been kinder to some than others. In some cases, people find it difficult to communicate effectively over digital channels, often finding their messages misconstrued or themselves misinterpreting the messages of others.

This problem will only be compounded by the internationalization of the workforce as businesses unshackle themselves from the geographical restrictions imposed by traditional office culture.

To help address these communication barriers, and to improve productivity, Microsoft rolled out the Suggested Replies feature earlier this year. The system “uses assistive AI to create short responses based on the context of the previous message”.

This trend is echoed elsewhere in recent updates for Google products, with both Gmail and Docs receiving new features that effectively handle the composition of content on the user’s behalf.

With advances in the sophistication of natural language processing models like GPT-3 (created by a company in which Microsoft has invested), systems of this kind will only become better at intuiting the most effective or appropriate response in any given situation.

And we are just at the beginning; the logical conclusion of this trajectory is a system whereby replies are fired off automatically, without manual approval from the user. Although there is likely to be push-back, and there are a number of obvious risks inherent to such a system, the benefits from a productivity and clarity of communication perspective are clear.

Broadly, irrespective of the pitfalls, the movement in workplace collaboration is towards a system in which fewer and fewer of our words are truly our own.

Read more...
22 Apr 2022

Cisco warns of new bug that could let hackers run off with admin credentials

American networking giant Cisco has released a patch that prevents threat actors from remotely stealing credentials from Umbrella Virtual Appliance (VA) administrators. 

According to a security advisory published by the firm, the flaw was discovered by Pinnacol Assurance in the key-based SSH authentication mechanism.

The flaw, now tracked as CVE-2022-20773, can be leveraged by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. 

"A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA," said Cisco.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

No real-life examples

The flaw is present in Cisco Umbrella VA for Hyper-V and VMWare ESXi on versions older than 3.3.2. There are no workarounds or mitigations, so the only way to address the issue is to install the patch.

Thankfully, Cisco has found no evidence of anyone abusing the flaw in the wild. The company also said that the SSH service is not enabled by default on Umbrella on-prem VAs, which lowers the chances of the flaw being abused.

Those unsure if SSH is enabled in their VAs should log into the hypervisor console, navigate to the configuration mode (CTRL+B), and run config via show command. If SSH is indeed enabled, the command output should include “SSH access : enabled” at the end.

Cisco Umbrella is a cloud-delivered security service, protecting more than 24,000 clients against a wide variety of malware, ransomware and phishing attacks. 

Late last year, the company patched two high-severity flaws in the Catalyst PON Series Switches Optical Network Terminals, which would have allowed for unauthorized root access to endpoints.

The two vulnerabilities are tracked as CVE-2021-34795 and CVE-2021-40113, with the former described as an "unintentional debugging credential".

Whoever held the hidden credentials could get root access to the passive optical network switches, but to do that, the device needed to have Telnet support enabled, something that's usually off by default.

Read more...
22 Apr 2022

Framie.io brings pro-quality video editing to the home office

Frame.io has unveiled a raft of new features and updates for its remote video collaboration platform in advance of NAB 2022

A new Apple TV 4K app, which allows content professionals to view their video clips in up to 10-bit 4K HDR, will catch the eye. Especially after over 100 professional editors recently took Apple to task for its handling of video editing software Final Cut Pro. 

The new app is intended to harness the Apple TV 4K screen to reproduce high-quality professional screenings outside the studio environment.

“Imagine being able to view a color-correction session from your couch or your office. Or being able to actually see the details of shots that require extensive VFX,” wrote the firm.

From the camera to the cloud 

Cloud integration is also at the top of the agenda for Frame.io. Back in February 2021, the Adobe-owned firm announced Camera to Cloud, a service letting professionals securely transfer video from on-set to post-production suites. 

Now, it has revealed new integration partnerships with Teradek, Atomos, Viviana Cloud, FDX FilmDataBox, and FilmLight. 

Building on a commitment to support filmmakers at every level, Frame.io will also now connect with iPhone app FiLMiC Pro, easing the process of moving cell phone footage to a video editing tool.

Beefing up security

Fresh security measures have also been introduced by the company. 

A new digital rights management (DRM) tool has been deployed to prevent unauthorized access or sharing of videos and screen-grabs. Content will be encrypted on upload, and viewing can only be authorized through the Frame.io website, iPhone or Apple TV app.

For admins, two-factor authentication (2FA) has finally arrived. Adding an extra layer of security to logins, 2FA can be switched on account-wide, with colleagues using SMS or authentication apps like Authy, Google, Microsoft, Okta to verify their ID. 

Frame.io’s latest announcements follow on from the recent reveal of Frame.io for Creative Cloud. Playing an increasingly large role in the Adobe ecosphere, the platform now integrates with video effects tool Adobe After Effects (and it’s available free to Creative Cloud subscribers).

Read more...
22 Apr 2022

The latest Google Workspace update gives businesses one less thing to worry about

Google Workspace admins will now be able to specify how and when Android apps installed on employee devices update.

Admins will now be able to specify whether updates for tools such as Docs, Sheets and Slides are installed right away or postponed, giving them greater control over how Android apps are deployed within their fleet of business smartphones and tablets.

In addition, admins will be able to set these policies on a group level within their organizations.

Manage Android apps

Until now, the default behavior for app updates in Google Workspace was based around whether the device was connected to a Wi-Fi network, charging, and actively in use.

Google says that this behavior is not always suited to the needs of its customers, and that admins need more granular control over how apps are updated. 

With this update, admins can now set specific criteria for when their employees’ Workspace apps update.

Admins will now have access to a variety of update options. These include “High priority”, where updates are installed immediately, as well as “Postponed mode” where automatic updates are delayed for three months after a new version launched.

The product update is set for a gradual rollout, allowing up to 15 days for feature visibility, starting on April 21, 2022.

The new update is available for Google Workspace Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, the Teaching and Learning Upgrade, Education Plus, Frontline, legacy G Suite Business and Basic, and Cloud Identity premium customers.

The news comes as Google continues to remain active in terms of adding new features to its Workspace suite.

Google recently unveiled a series of updates to the suite, which included the ability to integrate Meet directly into Docs, Sheets and Slides, which allows Google Workspace users to quickly spin up a meeting when collaborating on a project. 

The update also included smaller additions, such as the ability to use emoji reactions during meetings.

Read more...
22 Apr 2022

Brave partners with Reddit to give you the search results you're really looking for

Brave Software has introduced a very useful new feature to its search engine, called Discussions, that will help surface the results users are really looking for.

"When people search, they want relevant, useful results, free of noise," the company wrote in a blog post. However, advances in the field of SEO have propelled less useful resources up the rankings.

A recent viral post took a look at the issues in more detail, provocatively arguing that Google Search was "dying", because useful answers are becoming harder and harder to find.

The solution, as many people have found, is to add "Reddit" to the end of results, surfacing discussions on the topic that have taken place in a relevant sub-reddit.

The Discussions feature for Brave Search introduces a panel directly into results highlighting any relevant discussions from popular online forums, including Reddit.

Brave reddit

(Image credit: Brave)

Brave says Discussions are especially useful for several specific types of searches: product questions, questions about current events, travel-related questions, computer programming / coding questions, and highly unique or specific questions.

Search wars 

Google is, in many ways, the best internet service ever to exist: cataloguing the entire web and helping people search for pretty much anything was such a massive breakthrough. 

But whether the dominance of Google has been healthy for the search market is another question. In its blog post, Brave argues that the focus on Google rankings among businesses has had a particularly detrimental impact.

"Unfortunately, search engine optimization has become such a science - and a big business - that results pages in Big Tech search engines like Google are often cluttered with ads and automated content (or “SEO spam”) from marketers trying to game the system and increase the rank of their sites," wrote the firm.

While Brave occupies a tiny share of the search market, it's interesting to see pressure applied to Google and perhaps there's a team at the search giant working on a Discussions-esque feature, too. 

Read more...
22 Apr 2022

Brave adopts Reddit to give you the search results you're really looking for

Brave Software has introduced a very useful new feature to its search engine, called Discussions, that will help surface the results users are really looking for.

"When people search, they want relevant, useful results, free of noise," the company wrote in a blog post. However, advances in the field of SEO have propelled less useful resources up the rankings.

A recent viral post took a look at the issues in more detail, provocatively arguing that Google Search was "dying", because useful answers are becoming harder and harder to find.

The solution, as many people have found, is to add "Reddit" to the end of results, surfacing discussions on the topic that have taken place in a relevant sub-reddit.

The Discussions feature for Brave Search introduces a panel directly into results highlighting any relevant discussions from popular online forums, including Reddit.

Brave reddit

(Image credit: Brave)

Brave says Discussions are especially useful for several specific types of searches: product questions, questions about current events, travel-related questions, computer programming / coding questions, and highly unique or specific questions.

Search wars 

Google is, in many ways, the best internet service ever to exist: cataloguing the entire web and helping people search for pretty much anything was such a massive breakthrough. 

But whether the dominance of Google has been healthy for the search market is another question. In its blog post, Brave argues that the focus on Google rankings among businesses has had a particularly detrimental impact.

"Unfortunately, search engine optimization has become such a science - and a big business - that results pages in Big Tech search engines like Google are often cluttered with ads and automated content (or “SEO spam”) from marketers trying to game the system and increase the rank of their sites," wrote the firm.

While Brave occupies a tiny share of the search market, it's interesting to see pressure applied to Google and perhaps there's a team at the search giant working on a Discussions-esque feature, too. 

Read more...
22 Apr 2022

The most powerful hacking tools are no longer in the hands of governments

Historically, zero-day exploits have been available to state-sponsored actors only, due to the high cost of development or purchase. However, new analysis shows that unaffiliated threat actors are increasingly getting their hands on these powerful hacking tools.

According to a report from MIT Technology Review, based on a Mandiant study, many modern cybercriminals are wealthy enough to fund the development of zero-day exploits, which can be used to launch devastating and highly lucrative attacks.

The report credits this industry shift to the rise of ransomware attacks, which have proven an effective method of extorting businesses for cash.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Zero-day vulnerabilities

The term 'zero-day' describes a vulnerability that is unknown to the victim, who is therefore defenseless in the face of an attack. When leveraged, they allow threat actors to deploy malware and control devices remotely, or siphon out data and other sensitive information.

The Mandiant report shows that the proportion of zero-day vulnerabilities exploited by cybercriminals is growing. A third of all hacking groups that exploited zero-days last year were not state-sponsored threat actors, but rather financially motivated groups.

In previous years, “only a very small fraction of zero-days” were deployed by cybercriminals, the report states.

These vulnerabilities don’t come cheap, though, with zero-days for iPhone and Android selling for upwards of $1 million.

In previous years, hacking groups did not have that kind of budget. However, ransomware has made it possible for them to demand ransom payments in the millions, as was seen in cases such as Colonian Pipeline, JBS and others. 

They are “picking up state-sponsored threat actors’ zero-days at a quicker pace,” said Adam Meyers, SVP Intelligence at the security firm Crowdstrike. “They quickly figure out how to use [zero-days], and then they leverage [them] for continued operations.”

Via MIT Technology Review

Read more...
22 Apr 2022

The most powerful hacking tools are no longer in the hands of governments alone

Historically, zero-day exploits have been available to state-sponsored actors only, due to the high cost of development or purchase. However, new analysis shows that unaffiliated threat actors are increasingly getting their hands on these powerful hacking tools.

According to a report from MIT Technology Review, based on a Mandiant study, many modern cybercriminals are wealthy enough to fund the development of zero-day exploits, which can be used to launch devastating and highly lucrative attacks.

The report credits this industry shift to the rise of ransomware attacks, which have proven an effective method of extorting businesses for cash.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Zero-day vulnerabilities

The term 'zero-day' describes a vulnerability that is unknown to the victim, who is therefore defenseless in the face of an attack. When leveraged, they allow threat actors to deploy malware and control devices remotely, or siphon out data and other sensitive information.

The Mandiant report shows that the proportion of zero-day vulnerabilities exploited by cybercriminals is growing. A third of all hacking groups that exploited zero-days last year were not state-sponsored threat actors, but rather financially motivated groups.

In previous years, “only a very small fraction of zero-days” were deployed by cybercriminals, the report states.

These vulnerabilities don’t come cheap, though, with zero-days for iPhone and Android selling for upwards of $1 million.

In previous years, hacking groups did not have that kind of budget. However, ransomware has made it possible for them to demand ransom payments in the millions, as was seen in cases such as Colonian Pipeline, JBS and others. 

They are “picking up state-sponsored threat actors’ zero-days at a quicker pace,” said Adam Meyers, SVP Intelligence at the security firm Crowdstrike. “They quickly figure out how to use [zero-days], and then they leverage [them] for continued operations.”

Via MIT Technology Review

Read more...
22 Apr 2022

Amazon will not spin out AWS, but more acquisitions incoming

Amazon is not ready to spin out its hugely profitable cloud computing division AWS, according to AWS CEO Adam Selipsky.

The executive told Bloomberg in an interview he believes that “customers are very well served by having AWS be a part of Amazon”.

The announcement comes as the cloud computing division continues to be a key money maker for ecommerce giant, representing 74% of the company’s operating profit of $62 billion, at $24.9 billion.

What’s next for AWS?

Selipsky indicated that more acquisitions are likely to be on the horizon for AWS.

The executive told Bloomberg that AWS is open to purchases of all sizes, but will prefer smaller ones as it is “more difficult to integrate big corporate mergers in the technology industry”.

Selipsky also expressed an optimistic outlook on expanding his operation’s already large share of the cloud computing market, telling the publication he believes AWS’s “segment share should absolutely be able to be maintained, or even potentially increased”. 

Amazon seems to have its sights set on significant expansion within the UK, recently announcing it is set to pump billions into the region as it looks to make a long-term commitment in the UK.

The cloud computing giant said it will spend more than £1.8 billion over the next two years on UK-related expansion, more than double its existing total investment in the country.

The funding will go towards building and operating data centers in the UK, including an expansion of the AWS London Region that was first launched in December 2016.

Selipsky’s statements on AWS’s future come as the entire cloud computing industry is primed for growth, driven by ever-growing corporate demand for cloud services.

In 2023, Gartner predicts end-user spending on public cloud will reach nearly $600 billion. The analyst house predicted global public cloud spending will rise 20.4% in 2022 to a total of $494.7 billion, up from $410.9 billion in 2021.

Read more...
22 Apr 2022

Google rolls out less confusing cookie pop-ups after EU intervention

Anyone who regularly browses the web in Europe will have clicked through thousands of cookie consent windows.

Traditionally, Google and others have made it difficult to opt-out of cookie-based tracking, by obscuring the option to reject cookies behind multiple layers of windows and toggles.

After a slap on the wrist from regulators, however, Google is now adding a "reject all" button to its cookie consent pop-ups, starting in France.

Google cookies

The new Google cookie consent pop-up on desktop.  (Image credit: Google)

"In the past year, regulators who interpret European laws requiring these banners, including data protection authorities in France, Germany, Ireland, Italy, Spain and the UK, have updated their guidance for compliance," said Google. 

"We’re committed to meeting the standards of that updated guidance and have been working with a number of these authorities." 

New Google cookie pop-ups

Google describes the changes as a "full redesign" and not "just a new button" and it's easy to see why: a lot has changed about how Google deals with tracking consent.

The company said it spent considerable time reworking its approach to cookies for the new pop-up, because of complexities that might not be apparent to the average web user.

"This update meant we needed to re-engineer the way cookies work on Google sites, and to make deep, coordinated changes to critical Google infrastructure," the company explained.

"Moreover, we knew that these changes would impact not only Search and YouTube, but also the sites and content creators who use them to help grow their businesses and make a living."

Read more...
22 Apr 2022

Google's Earth Day gift is the grim realization of how polluted your city is

Google has developed a new feature that allows you to view the air quality of major cities within the US. This is likely tied to other sustainability and environmental education efforts from the company for Earth Day on April 22. 

As reported by MSPoweruser, this feature was initially released in India but has since also been rolled out in Victoria, Australia, and various cities across the US, using data from airnow.gov and PurpleAir.

“We’re always working on new ways to connect people with helpful information when they come to Google,” a Google spokesperson said. “We continue to explore ways to make authoritative information on a range of sustainability and environmental topics readily accessible and look forward to sharing more in this space soon.”

A screengrab of the latest Google air quality feature

The new search feature can display the air quality of many major cities in the US. (Image credit: Google)

To use this feature you can simply type "Air quality in Washington DC" (or the name of the city you're searching for) into the search engine on your mobile, laptop, or computer, and you'll be presented with a map of the local area, alongside a US Air Quality Index (AQI) which measures air quality from a scale of 0 to 500.

This scale is also color-labeled with the usual Green = good and Red = bad, with specific areas on the map showing how the air quality can differ across the entire city. This is especially useful if you're wanting to relocate, but stay within the city area and wish to be mindful of local pollution.

We tried a few other major cities such as London and Paris and found that while metrics are provided in a graph, no map appears to clearly display the air quality in various zones of either city. It also isn't clear how many US cities are included within this feature right now, but we certainly hope that it gets rolled out on a more global scale so we can breathe easy in the knowledge that we can...well, breathe easy.


Analysis: good, but we need more

Google has a good habit of trying to include additional sustainability efforts across many of its hardware and search engine integrations. Being able to measure the air quality directly is a great asset and one that could benefit folks that live outside of the US.

Thing is, there are rival search engines that market themselves as an environmentally friendly alternative to Google, so why isn't it doing more to level the playing field? Ecosia comes to mind, with its promise that using its search engine will plant trees, using funds raised through ad revenues when you use the platform. 

Does Google do something similar? Perhaps, but I certainly can't find any trace of similar practices, and even searching for results on Google itself using the term 'Does Google plant trees' comes up with pages and pages of articles for Ecosia instead. If the tech giant was making such efforts, it would do well to shout about them more.

Thankfully there is a middle ground as Ecosia has a chrome extension that works alongside the Google web browser, though we found that our own company administration blocks this from being installed, which is likely to be a similar story across a lot of corporate devices.

Still, with Google integrating functions that allow you to check on pollution and air quality, it would be nice to see if the company was taking greater steps to improve the results given its status as one of the largest companies in the world. The environment is all of our responsibility after all, and Google certainly has more power and money to make changes than asthmatic individuals visiting a new city for the first time.

Read more...
22 Apr 2022

Ubuntu 22.04 LTS is live - and Raspberry Pi owners have plenty to celebrate

Canonical has taken the wraps off Ubuntu 22.04 LTS, the latest version of the popular Linux distribution. There are significant updates, the company says, both in terms of the aesthetics and how the distro operates under the hood. 

“Our mission is to be a secure, reliable and consistent open-source platform – everywhere,” said Canonical CEO Mark Shuttleworth. “Ubuntu 22.04 LTS unlocks innovation for industries with demanding infrastructure security requirements, such as telecommunications and industrial automation, underpinning their digital transformation.“

One of the main winners from this update are Raspberry Pi owners. The OS will run far better on the tiny computers than previous versions thanks to changes Canonical has made.

As The Register reports, Canonical has made tweaks to the optimisation of GNOME, alongside triple-buffering techniques and changes in swapping. We haven't had a change to test 22.04 on a Pi yet, but we're sure we'll get one soon. 

An especially exciting change is that even the low-end 2GB Pi can get in on the Ubuntu action, another feather in the cap of the delightful Pi series. While the main Raspberry Pi distro might be more suitable, the options are fun.

From Pi to AWS 

But it's not just Pi owners who should be excited. Pretty much anyone who runs Ubuntu can benefit from the latest changes, including cloud juggernauts like AWS and Azure. 

Data centres run on pretty bespoke tools and Linux has been a long-time favourite of the hyperscalers, but Ubuntu has a number of unique attributes. For example, Canonical claims that Ubuntu is "the only Linux distribution supporting Azure Confidential VMs".

If that's music to your ears, it's worth checking out Canonical's blog post for more technical details – there are a lot of under-the-hood changes specifically for the data centre industry. 

On the business side, Canonical is set to become a public company in 2023, according to Shuttleworth, after topping $175 million in revenue during 2021.

Read more...
22 Apr 2022

QNAP NAS owners are under attack once again

New vulnerabilities have been discovered in QNAP network-attached storage (NAS) devices, the company has confirmed.

As reported by BleepingComputer, the vulnerabilities - tracked as CVE-2022-22721, and CVE-2022-23943 - have both been awarded a severity score of 9.8/10. Discovered in Apache HTTP Server 2.4.52 and earlier, the bugs can be used to perform low complexity attacks that don’t require victim interaction.

QNAP has warned NAS owners to apply known mitigations, as a full patch is not yet available.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Mitigation available, patch pending

"We are thoroughly investigating the two vulnerabilities that affect QNAP products, and will release security updates as soon as possible," the company said.

"CVE-2022-22721 affects 32-bit QNAP NAS models, and CVE-2022-23943 affects users who have enabled mod_sed in Apache HTTP Server on their QNAP device."

While we await a full patch, QNAP has advised customers to keep the default value "1M" for LimitXMLRequestBody, and disable mod_sed, as these two things effectively plug the holes.

QNAP also said the mod_sed in-process content filter is disabled by default in Apache HTTP Server on NAS devices running the QTS operating system.

In the same announcement, QNAP revealed that it’s hard at work fixing “Dirty Pipe”, a high severity Linux vulnerability that was recently discovered.

Dirty Pipe affects NAS devices running multiple versions of QTS, QuTS hero, and QuTScloud, and allows threat actors to trigger denial of service (DoS) attacks, or crash endpoints remotely.

The Linux kernel team patched Dirty Pipe as soon as its existence was confirmed. A security update has been rolled out to all affected Linux versions, while Google also updated the Android operating system.

If left unpatched on vulnerable systems, Dirty Pipe can be exploited by an attacker to gain complete control over affected computers and smartphones. With this access, they would be able to read users' private messages, compromise banking apps and more.

Via BleepingComputer

Read more...
22 Apr 2022

New M2-powered Mac mini could steal the show at WWDC 2022

New rumors suggest that Apple won’t just be showing off a new MacBook Air at its WWDC 2022 event starting on June 6, but also a new Mac mini, with both devices using the rumored M2 chip.

In some respects, this isn’t too surprising, as when the MacBook Air (M1, 2020), which saw the debut of Apple’s M1 chip, launched, Apple also released a new Mac mini (M1, 2020) which also came with the M1 chip.

So, if Apple is indeed planning on releasing a new MacBook Air, it makes sense that it would also show off a Mac mini as well to help showcase the new M2 chip.

The M1 chip was Apple’s first attempt to create a chip for its computing products, after ending a long-running partnership with Intel. It ended up being a huge success, with Apple’s experience in making chips for its iPhones and iPads translating well to computers. M1-powered Macs and MacBooks offered excellent performance and battery lives, and sales have been some of the best the company has seen. We were so impressed with the MacBook Air (M1, 2020), that it has remained at the top of our best laptops list since it was released.

So it’s little surprise that Apple is working on a successor to the M1, as well two popular products to showcase it. What is surprising, however, is that rumors (reported by Notebookcheck) suggest they’ll be shown off at WWDC 2022.

While we had heard that Apple was readying two M1 Macs for WWDC 2022, the LeaksApplePro Twitter account, which often posts accurate Apple leaks, suggests that the M2 Mac mini and M2 MacBook Air will be the two Macs in question.

See more

Why WWDC?

Apple's WWDC (Worldwide Developers Conference) is, as the name suggests, primarily aimed at developers working on software and apps for Apple’s devices. It’s not usually associated with big hardware reveals.

Apple usually has its own events to launch brand-new iPhones, for example, and the last MacBook Air and M1 chip launched at a special event on November 10, 2020. So, in some ways, Apple’s decision to showcase it as WWDC is perplexing, especially for people who think a dedicated event later in the year would give any new Mac or MacBook more of a chance to shine.

However, it’s not beyond the realms of possibility, either. Apple has in the past announced new hardware at WWDC, such as the HomePod and iMac Pro in 2017 and the new Mac Pro in 2019.

There’s also the fact that a new and improved M2 chip will have big repercussions for developers, so announcing the M2 at WWDC 2022, and showing off its improved performance and new features, and explaining how developers can make use of them, does make sense.

If Apple is going to reveal the M2 at WWDC 2022, then it also makes sense to show off some devices that will be using it. After all, Apple’s not the kind of company to have someone come on stage and wave a chip around (unlike AMD or Intel).


Analysis: the Mac mini could steal the show

Apple Mac mini (M1, 2020)

(Image credit: Future)

If the new MacBook Air and Mac mini are indeed shown off at WWDC 2022, I actually think the Mac mini could be the star of the show. Most devices shown off at WWDC are aimed at professionals, and while the new MacBook Air would no doubt be a fantastic laptop, it’s a much more mainstream device.

A souped-up Mac mini with Apple’s latest tech, however, could really interest WWDC attendees. Without the constraints of having to be battery-powered and portable, the new Mac mini could really show off what the M2 chip can do.

Of course, there’s something else to consider. The M1 MacBook Air and Mac mini were launched alongside a third device: the MacBook Pro 13-inch (M1, 2020). While we’ve not heard any rumors, could Apple also release an M2 MacBook Pro at WWDC? If it does, then that may be the device that generates the most excitement by far.

Read more...
22 Apr 2022

Nasty new botnet exploits Docker containers to mine cryptocurrency

A new botnet comprised of compromised Microsoft Exchange servers is mining cryptocurrency for its operators, reports suggest. 

According to researchers from security firm CrowdStrike, an unknown threat actor is using the LemonDuck cryptomining botnet to target servers via ProxyLogon. 

By looking for exposed Docker APIs for initial access, the attackers are then able to run a malicious container by using a custom Docker ENTRYPOINT to download a “core.png” image file, which disguises a Bash script.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Mining Monero

After gaining initial access, the attackers are able to perform a number of actions: abuse EternalBlue, BlueKeep or similar exploits to escalate privileges, install cryptominers, and move laterally across the compromised networks.

They can also install files that allow them to avoid detection from any antivirus or malware scanning software installed on the compromised endpoints.

Of all the different cryptominers, the attackers are predominantly using XMRig to mine Monero, privacy-oriented cryptocurrency which is said to be more difficult to trace. 

The researchers further explained that LemonDuck comes with a file called “a.asp”, which has the ability to disable the aliyun service on Alibaba’s Cloud, and thus evade detection.

On why the campaign was not detected sooner, the researchers noted the threat actors weren’t mass scanning public IP ranges for exploitable attack surfaces, but rather moving laterally through LemonDuck, looking for SSH keys on filesystem. Once they find SSH keys, they use them to log into the servers, and run all of the aforementioned malicious scripts. 

Cryptominers have become extremely popular in these last few years, with the rising price of cryptocurrencies and ease with which they can be sold on the market attracting attention from honest and dishonest actors alike.

Read more...
22 Apr 2022

Spotify frees Video Podcasts to creators in the US, UK, and more

Spotify is expanding its Video Podcast feature to all creators across the U.S., the U.K., Canada, Australia, and New Zealand.

In recent years, Spotify has been experimenting and expanding its video support. The first iterations came out in 2020, around the time the company signed an exclusivity deal with The Joe Rogan Experience. Since then, the feature has been rolled out to podcasts like The WAN Show and Tap In w/ Harry Jowsey. 

With this rollout, creators will be able to upload to Spotify’s Anchor web platform and are given access to a collection of podcast-specific new features.

Suite of features

In total, there are six new features that creators can use to expand the reach of their show.

Users will be able to subscribe to their favorite video podcasts thanks to the aptly named Spotify Podcast Subscriptions. That way, you can directly support creators, and in return, get access to exclusive content.

There’s also a new partnership with Riverside.FM, an online recording studio for podcasts. It’s meant to make remote recording sessions easy to do, and best of all, it’s free for creators to record and publish video podcasts on Spotify.

Going down the list, there’s a new embedded video player to make sharing content easier, analytics so creators know how well their show is doing, and new interactive features like Polls and Q&A sessions. That way, listeners can directly interact with the podcast hosts.

And finally, there’s Bulk-replace on Anchor; a migration tool allowing creators to easily replace their audio-only episodes with the video version.

Future releases

Spotify did say they plan to launch Video Podcasts to other markets sometime in the future but didn’t say when or where.

It also teased new monetization features coming to Anchor; new ways for creators to make money off their podcasts, but was also vague on the details.

But it did mention one method. Spotify is adding automated commercials to its Ads by Anchor service, giving third-party brands access to a podcast’s audience. And as a final gift, Anchor posted a tutorial on how to make a video podcast.

Read more...

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us