On Friday March 29, Microsoft employee Andres Freund shared that he had found odd symptoms in the xz package on Debian installations. Freund noticed that ssh login was requiring a lot of CPU and decided to investigate leading to the discovery.
The vulnerability has received the maximum security ratings with a CVS score of 10 and a Red Hat Product Security critical impact rating.
Red Hat assigned the issue CVE-2024-3094 but based on the severity and a previous major bug being named Heartbleed, the community has cheekily named the vulnerability a more vulgar name and inverted the Heartbleed logo.
Luckily the vulnerability has been caught early
Red Hat wrote: "Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library."
The malicious injection can be found only in the tarball download package of xz versions 5.6.0 and 5.6.1 libraries. The Git distribution does not include the M4 Macro that triggers the code. The second-stage artifacts are present in the Git repository for the injection during the build time, if the malicious M4 macro is present. Without the merge into the build, the 2nd-stage file is innocuous.
You are recommended to check for xz version 5.6.0 or 5.6.1 in the following distributions and downgrade to 5.4.6. If you cannot you should disable public facing SSH servers.
Whether you're a new subscriber or already have an account, this deal from StackSocial will net you a one-month of Xbox Game Pass ultimate for just $8.
Gmail, the email service that almost started out as a joke but rose to become a dominant player in the space, is exactly 20 years old on April 1.
It is for most of us, as hard to imagine a world without Gmail as it is for us to search without Google. But Gmail was a latecomer to the email game, arriving decades after we started using computers to deliver electronic messages to third-party providers who would, like the old-school post office, sort and send them along to their proper digital destination. It was well after MSMail and ccMail but early enough that we still demanded a hyphen between “e” and “mail.”
Ever the cheeky upstart (despite by then being the most-used search engine), Google launched Gmail on April Fool’s Day to mostly widespread confusion. At PCMag, where I worked at the time, we admitted that “Google's release included language which sounded like a ruse” and no one was quite sure if the search giant was serious about entering the crowded email space. Part of that had to do with the quite limited availability of the platform.
Google was among the first Internet companies to offer invite-only access to a new service. It was a brilliant bit of marketing but also had a more practical purpose. Google had struggled to launch Gmail and was still learning when it moved into public beta. Open access would’ve overwhelmed the system, forcing untold crashes, possibly un-delivered mail, and probably made it almost impossible to learn about what people wanted, needed, and used most often in the IMAP mail platform (there was no POP3 support at launch).
Welcome to the party, pal
On April 22, 2004, almost four weeks after the launch, I got access. I still have the welcome message, that told me I was “one of the very first people to use Gmail,” and thanked me for “agreeing to test Gmail.” The email described some of the key differences, like “searching instead of filing.” Gmail didn’t use folders, a time-honored way of organizing email, and instead focused on labels and conversations. To this day, the concept of folders in Gmail is foreign and I’m not sure I have ever loved the more amorphous “labels”.
It had some advanced features like filters and address autocomplete. And, of course, it came with 1GB of storage, an amount unheard of at the time for a free email service, which now seems woefully inadequate. Google's pitch at the time was that we could stop wasting time deleting emails and save everything. I think I over-committed to this concept.
While Gmail didn’t have pop-up or banner ads (thank God), there were text-based ads in a column to the right (Gmail ads now mostly live under the “Promotions” tab). This turned out to be Gmail’s most controversial “innovation”. To provide contextual ads, Google would have to “read” the contents of your email. That sounded like an insane privacy violation, and I wrote about the concern right before I gained access. I reminded readers that computers, at least back then, didn’t really “read” anything. They had neither the eyes nor the consciousness to understand the context. Google was, of course, already anonymizing the data and delivering contextual ads without delivering your private bits to third parties. I also noted that, without those ads, we might not get all that, at the time, free storage. It’s worth noting that those early concerns did nothing to hinder Gmail’s growth.
Along with access to Gmail came some invites that I could dole out. They arrived in small bunches, and I would give them to co-workers, colleagues, and friends. Some people who knew I had a Gmail account sent me emails and AOL messages pleading for access. Whenever I gave someone access, Gmail would notify me of when they signed up and created their new Gmail address “so we could stay in touch with Gmail!” While not a social network, Google was aware of the inherently social nature of email. Keeping newbies connected was how it built that network and generated just enough FOMO to keep the service growing.
All the information
Google took a risk when it launched Gmail, and it knew it. In the original FAQ, Google had to explain why a Search company would launch an email service:
“Why is Google offering email? I thought you were a search company.
Google's mission is to organize the world's information and make it universally useful and accessible. For many people, email contains valuable information that can be difficult to retrieve. We believe we can help with that.”
It was further evidence that Google’s strategic aim was never just about search results, it was about information, yours, mine, and everyone else’s. Google wanted to organize the world’s information no matter the form, from search results, to mail, to video and images, and location. That quest never stops and not everyone is happy about it.
Even so, it’s worth celebrating Gmail, an online service that entered an entrenched market and ultimately remade it in its image. It never was and will likely never be a joke.
March isn't traditionally known for its gaming laptop deals, but there are some absolutely outstanding options on the market right now. Dell and Best Buy, in particular, are offering massive price cuts of up to $600 on some of our favorite gaming laptops.
Our top choice for those on a budget is this RTX 4060-equipped MSI Cyborg for $849 (was $1,099) at Best Buy - one of the cheapest machines we've ever seen to feature the powerful graphics card. Pound for pound, this machine is a great budget buy if you need something relatively powerful without breaking the bank.
For something with a little more oompth, consider this outstandingly cheap MSI Crosshair for $1,199 (was $1,399), which features an RTX 4070 graphics card, 16GB of RAM, and 1TB SSD. This machine isn't the cheapest out there right now but it's really great value considering the level of specs you're getting here.
And, for a premium gaming laptop where looks are as important as performance, consider the excellent Asus Zephyrus G14 for $999 (was $1,599) at Best Buy or the Alienware M16 for $1,499 (was $2,199) at Dell. Both these choices feature superb components for the price - but also an eye-catching design that sets them apart from the usual cheaper models.
You can read more about our choices just down below, or head on over to ourgaming laptop dealspage for even more recommendations.
I've seen this MSI Cyborg on sale for $799 before over Black Friday, but this deal at Best Buy is almost as good. For the money, this mid-range machine is offering almost unbeatable bang for the buck with its RTX 4060 and Core i7 chipset. Put together, you're getting great performance here, well under $900 - more than enough to max out the graphical settings at 1080p resolutions.View Deal
Asus Zephyrus G14 gaming laptop:was $1,599now $999 at Best Buy Processor: AMD Ryzen 9-7940HS Graphics card: RTX 4060 RAM: 16GB SSD: 512GB
Speaking of amazing gaming laptop deals on mid-range machines, here's a record-low price on one of our favorite laptops ever. This Asus Zephyrus G14 is a slightly older model, but it's still a great buy if you'd like a smaller 14-inch laptop. This particular configuration is packed in an RTX 4060 and Ryzen 9, meaning it's capable of outputting some serious performance despite its diminutive size. View Deal
Need a more powerful machine? This MSI Crosshair is easily one of the cheapest gaming laptop deals on the market right now, and it features a speedy RTX 4070 graphics card. This GPU, combined with a 13th-generation Intel Core i7, means this MSI is an exceptionally capable gaming laptop. While pricey compared to some of the RTX 4060 options on our list, this one is just as good value.View Deal
Last year's Alienware M16 is a great buy if you don't mind getting a slightly older model - especially with this huge price cut courtesy of the Dell TechFest sale. Right now, you can get this premium RTX 4070 gaming laptop for just under $1,500, which isn't bad considering you're getting a premium design, a whopping 32GB of RAM, and one of the most powerful Intel chipsets on the market. While pricey, we'd still highly recommend this deal if you want a powerful and stylish laptop.View Deal
from TechRadar - All the latest technology news https://ift.tt/asZkeFp
Many versions of Linux may be vulnerable to a flaw that allowed hackers to steal passwords, or change the contents of their clipboard.
The vulnerability, however, comes with a major caveat that makes exploitations somewhat unlikely (or at least heavily limited).
Cybersecurity researcher Skyler Ferrante recently discovered an “improper neutralization of escape sequences in wall” vulnerability, a flaw impacting the “wall” command. This command is usually used to broadcast messages to the terminals of all users logged to the same system.
WallEscape
With escape sequences not being properly filtered when processing input through command line arguments, a threat actor could, theoretically, launch a prompt to all connected users and have them type in their administrator password. Escape sequences could also be used to change the clipboard of a target user, although this method may not work with all terminal emulators.
The vulnerability is tracked as CVE-2024-28085, and dubbed WallEscape. It was fixed in Linux version 2.40, released in March 2024, but that means it has been present in Linux versions for the past 11 years.
While a proof-of-concept (PoC) for the vulnerability exists, and a practical application could occur, multiple factors need to align, first. For example, the attacker needs to have physical access to a Linux server, to which multiple other potential victims are already connected through the terminal. If you’re still worried about your Linux server being targeted, there is a solution. Linux released an upgrade to linux-utils v.2.40, which patches the vulnerability.
Usually, these updates are available through the LInux distribution’s standard update channel, so keep an eye out. Furthermore, system administrators can fix the issue by removing the setgid permission from the “wall” command, or by disabling the message broadcast functionality using the “mesg” command to set its flag to “n”.
Small business owners are increasingly turning to artificial intelligence to gain a competitive advantage in the market, new research has claimed.
A GoDaddy study of over 500 US entrepreneurs found a growing confidence in the power of generative AI tools to drive business success.
The findings indicate a positive shift in attitude towards AI among small and medium-sized businesses. Three in four believe that GenAI will give them an edge over similar-sized competitors. More than two-thirds (68%) also see AI as enabling them to compete better with larger enterprises.
GenAI is helping SMBs
Nearly three-quarters (73%) said that they’ve already experimented with the technology, and more than a quarter (26%) already use AI for business purposes – up from 11% in the year before.
Generative AI really took off back in November 2022 when ChatGPT hit public preview, but SMBs are now expanding their use cases beyond simple content generation. More than two in five (44%) now use AI to enhance sales performance – twice as many as in 2023.
Amy Jennette, Senior Director of Marketing at GoDaddy, commented on the trend, stating: “We’re at the beginning of the AI revolution and small businesses are already taking advantage of the technology, which is really unprecedented.”
Despite initial concerns about AI potentially replacing human jobs, the survey found very low levels of concern among SMBs – only one in 10 believed that GenAI could outperform them in their roles, and the majority (89%) expressed confidence that AI would have a positive impact on their business.
Jennette also highlighted the tangible benefits of deploying AI across the SMB landscape, revealing that small businesses could save over $4,000 and 300 hours of work annually, underscoring the potential cost-saving benefits of productivity tools that use artificial intelligence.
Built with a supportive hybrid design that’s available in three firmness levels, the Brooklyn Bedding Signature Hybrid mattress is well-suited for almost any sleeper, making it our favorite mattress.
The Ray framework, an open source tool for AI and Python workload scaling, is vulnerable to half a dozen flaws that allow hackers to hijack the devices and steal sensitive data.
This is according to cybersecurity researchers from Oligo, who published their findings on a new hacking campaign they dubbed “ShadowRay”.
Apparently active since early September 2023, ShadowRay’s operators abused five distinct Ray vulnerabilities to target firms in education, cryptocurrency, biopharma, and other verticals.
"Shadow vulnerability"
Four of the vulnerabilities are tracked as CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, and CVE-2023-48023, and Anyscale, Ray’s developer, fixed them. The fifth one, deemed a critical remote code execution (RCE) flaw by researchers, and tracked as CVE-2023-48022, was not fixed.
Anyscale argues that this was not a bug, but a feature: "The remaining CVE (CVE-2023-48022) - that Ray does not have authentication built in - is a long-standing design decision based on how Ray's security boundaries are drawn and consistent with Ray deployment best practices, though we intend to offer authentication in a future version as part of a defense-in-depth strategy," it said.
As per the developers, this RCE flaw can only be abused in deployments that go against Anyscale’s recommendations and don’t limit Ray’s use to a strictly controlled network environment.
Oligo, on the other hand, says that by disputing the CVE, Anyscale is leaving many developers in the dark on the potential holes. "We have observed instances of CVE-2023-48022 being actively exploited in the wild, making the disputed CVE a "shadow vulnerability"—a CVE that doesn't show up in static scans but can still lead to breaches and significant losses."
The researchers said they observed “hundreds” of publicly exposed Ray servers, compromised via this vulnerability. As a result, threat actors were stealing sensitive data such as AI models, production database credentials, and more. In some instances they were even installing cryptominers.
Google is reportedly experimenting with its search results and looking to add AI overviews for more users. Previously, the feature was being tested for people who had opted into the Google Search Generative Experience (SGE), which would allow them to try Google’s latest innovations with generative AI. Google claims that this update will give users more information and context to users’ searches.
Users can sign up to try search features that Google is testing and looking to receive feedback on via Search Labs. The Google Search Experience that Google has been working on displays an AI-generated answer which would be followed by the usual search result listings we’re used to. The AI-generated answer would be pre-empted by a very explicit ‘Generative AI is experimental’ disclaimer, and would be indicated visually by being sectioned off with a differently-colored background.
Google will also show citations for where its AI model would source its information to give you your answer. You could then follow those citations and check out the sources for yourself, continue your search with another query or by perusing the other results, or toggle the AI-generated answer with options that Google provided at the bottom of it.
(Image credit: Google)
The experiment is going outside the Search Labs
Search Engine Land reports that Google is expanding AI-generated answers to more users, even if they haven’t opted into the Search Labs program. A Google spokesperson told Search Engine Land that this is being trialed on a “subset of queries, on a small percentage of search traffic in the U.S.”
The experimental search experience was announced in a Google Keyword blog post in May 2023, encouraging users to embrace the newer AI-powered features of search. These include searching visually with Google Lens and using multiple modalities, meaning different types of data, namely using text and images, to make search queries. Google claims it’s making progress in the way we can search, and now will be able to answer queries that it claims weren’t possible to answer earlier.
The spokesperson continued that Google wants “feedback from searchers who have not opted into SGE specifically,” to get a sense of users' impressions from a more general population of searchers.
(Image credit: Shutterstock/Ground Picture)
A major twist to a classic - big risk, big reward?
I can see why Google is pushing hard for this. Microsoft is going ahead at full steam to inject its AI tools into multiple apps, including many beloved classic applications. Google is still very much in the AI race with its recent release of the generative AI model, Gemini.
Right now, it still seems like a very limited run of testing, but I expect that Google will expand this to more and more users. Now, I’ve found generative AI answers useful, especially for longer queries with more context, and having the sources there is a huge plus. That said, I’ve used it probably only a handful of times so far in place of when I maybe would have used a search engine. The way that legacy search engines, particularly Google Search, currently display results has become the industry standard, and it's pretty clear and straightforward.
A change like this would be a pretty considerable shakeup to the status quo, and some industry observers are already concerned that Google is being too persistent with its efforts to integrate AI into existing products like Google Search. This could also affect how news and media sites operate in a significant way, as they largely depend on traffic from Google Search results, which would likely end up much further down the page.
Changes to things that have become staples of our day-to-day lives are almost always controversial, but maybe the proof is in the pudding and Google might be right that this will be a preferable way to search. The only way to know is to test it, which it’s doing, but I would be wary of making it a default search results format. Perhaps it would be better for Google to make it an opt-in change, even if prominently displayed, as that would give users the choice of whether they’d like to try the new format. If users aren’t even willing to try it after being offered, that’s also valuable feedback that Google should take on board.
As a reminder, the ban isn’t a political move on Microsoft’s part, but several cloud storage providers’ hands being forced by economic sanctions imposed by the European Union on Russian-owned companies back in December 2023 as a result of the ongoing Russia-Ukraine conflict.
The latest update on the imminent blockade, from BleepingComputer, is that the delay so far appears to only be something that Microsoft is offering, in response to correspondence with Softline, despite the latter issuing a press release (Russian language, machine-translated by us) last week in which it claimed that it has ‘all the necessary resources’ to ensure a smooth transition to its own infrastructure from Microsoft and Amazon services.
EU economic sanctions on Russian tech
Before the extension, in a letter that Softline has since published on its Telegram channel, Microsoft broke the news gently to Softline, but stated its ‘[commitment] to compliance with EU trade laws and regulations, as well as all other jurisdictions in which it operates’.
That’s not to mention the collateral damage caused by providers such as Google and Amazon withholding their own services without postponing the deadline. BleepingComputer also revealed that business customers of those companies based in Russia received notice of service termination last week.
It’s too early to say whether the sanctions will be effective in applying pressure on Russia to withdraw from the conflict: they could, for instance, merely drive the popularity of local cloud and IT providers among businesses, and fuel their expansion.
But regardless of the European Union’s ruling, there is one upside to all this: individuals and solo professionals based in Russia using cloud services from these and similar cloud services aren't affected.
You don't have to sacrifice good sleep while out on the road. Our sleep experts tested and selected the best mattresses for RVs -- here are our top picks.
While 300TB is unquestionably an impressive amount of storage, the company has revealed that it expects to be able to deliver 1200TB SSD modules... eventually.
Shawn Rosemarin, Pure VP for R&D, explained to Blocks & Files that the limitations of DRAM prevent commercial off-the-shelf (COTS) SSDs from exceeding 30TB capacities. Typically, he said, 1GB of DRAM is needed for every 1TB of raw NAND capacity, which means a 30TB drive would require 30GB of DRAM. The problem arises when considering larger capacities, as the amount of DRAM required matches or even exceeds the amount found in current servers.
300TB and beyond
Rosemarin highlighted three main issues with using more DRAM. Firstly, DRAM fails more frequently than NAND. Secondly, DRAM is significantly more expensive. Lastly, DRAM's energy efficiency is much lower, leading to higher energy consumption.
DRAM is required for the Flash Translation Layer (FTL) software, which serves as firmware in the SSD's controller. It allows incoming data to be written to different physical flash pages regardless of the intended logical block. The DRAM holds the FTL mappings and metadata for this process, making it crucial for SSD operation.
However, as SSD capacities increase, the cost of DRAM becomes a larger portion of the overall SSD cost.
Pure Storage's solution to this problem is its Direct Flash Modules (DFMs), which do not rely on DRAM at the drive level. Instead, the FTL is done at the system-wide level in Pure’s controller and its software. This method, Pure claims, DFMs to increase capacity much faster than off-the-shelf SSDs.
The company plans to release 150TB DFMs in 2025 and in its roadmap it says “by the time the industry is widely shipping 25-30TB HDDs and 30-60TB SSDs in 2026, we expect to ship 300TB DFMs.”
That’s just the start. Although he didn’t even hint at a timescale for it, Rosemarin told Blocks & Files, “We have every intention to scale beyond 300, to 600, and even to 1.2 petabyte per DFM.”
It won’t be cheap of course. Last year, the firm said the price-per-gigabyte of its 300TB drive would be “less than” $0.15/GB. Doing some simple calculations, and not taking into account inflation and everything else that might occur before it even comes to market, a 1.2PB drive would be priced well north of $180,000.
Engineers at StorageReview decided to do something incredibly geeky for this year’s Pi day (March 14 - 3/14) – beat their own record for calculating Pi. Considering that the previous record, achieved last year, was 100 trillion digits, the challenge was no mean feat. While – spoiler alert – they smashed the record, it did take them 75 days to accomplish it.
The task was achieved using a dual processor 128-core AMD EPYC 9754 Bergamo system, equipped with 1.5TB of DRAM and nearly a petabyte of Solidigm QLC SSDs.
The team started their computation on December 14, 2023, and finished on February 27, 2024, spanning 75 days. They used the Chudnovsky (1988) algorithm to calculate Pi, and the computation required a total memory of 1.36 TiB.
New challenges
The journey to 105 trillion digits of Pi – the new record - was not without fresh challenges. The team had to deal with performance-related issues, which led them to delve into the intricacies of parallel computing and hardware interactions. They discovered a CPU hazard specific to the Zen4 architecture involving super-alignment and its effects on memory access patterns.
The engineers also encountered a critical floating-point arithmetic error within the AVX512 code path of the N63 multiply algorithm. With remote assistance from the developer, Alexander Yee, they were able to diagnose and fix the problem, resulting in the successful computation.
Summing up, StorageReview’s Jordan Ranous noted, “The run to 105 trillion digits of Pi was much more complex than we expected. Upon reflection, we should have expected to encounter new issues; after all, we’re completing a computation that had never been done before. But with the 100 trillion computation completed with a much more “duct tape and chicken wire” configuration, we thought we had it made. Ultimately, it took a collaborative effort to get this rig across the finish line.”
Was it worth it? Ranous says, “While we rejoice with our partners in this record-breaking run, we must ask, “What does this even mean?” Five more trillion digits of Pi probably won’t make a huge difference to mathematics. Still, we can draw some lines between computational workloads and the need for modern underlying hardware to support them. Fundamentally, this exercise reflects that the proper hardware makes all the difference, whether an enterprise data center cluster or a large HPC installment. For the Pi computation, we were completely restricted by storage. Faster CPUs will help accelerate the math, but the limiting factor to many new world records is the amount of local storage in the box.”
You can watch the video of the record breaking attempt below.
Epic deal alert: Amazon has just reduced both the Google Pixel 8 and Pixel 8 Pro down to new record-low prices ahead of the retailer's upcoming Spring Deal Days sale.
Right now in the US, you can get the standard Pixel 8 for just $499 (was $699) and the Pixel 8 Pro for $749 (was $999) - both exceptionally low prices considering the power in both of these devices. For comparison's sake, the latest Samsung Galaxy S24 is $749 at Amazon right now so Google's devices are an absolute steal.
Over in the UK, shoppers can get the Google Pixel 8 for £504.99 (was £699) and the Pixel 8 Pro for £754.99 (was £999) thanks to some handy coupons you can apply at checkout. Again, these are record-low prices that are well worth checking out ahead of the big Amazon sale this Wednesday.
At $200 off, the standard Google Pixel 8 is a particularly great value buy with its superb cameras, 120Hz display, and Tensor G3 chipset. Sure, it doesn't quite match the S24 when it comes to outright power but it's a whopping $250 cheaper and it's plenty quick for everyday use.
The Pixel 8 Pro gets you a bigger display, more advanced camera features (mainly a much better zoom), and more RAM under the hood. These upgrades come at a high upcharge but it's worth it if you're an avid mobile photographer who loves a larger phone.
Plus, unlike most Google Pixel 8 deals you don't need to trade-in for either discount here - it's simply an upfront discount on an unlocked device that you can bring to any carrier or network you desire.
------
Amazon has just massively discounted both the Google Pixel 8 and Pixel 8 Pro this week thanks to the retailer's massive Big Spring Sale - so much so, in fact, that both devices are now down to a record-low price.
Over in the US, you can currently get the standard Pixel 8 for just $499 (was $699) and the Pixel 8 Pro for $749 (was $999), with huge discounts of up to $200. Both these are incredible prices for unlocked flagships and square up favorably to the competition. The Samsung Galaxy S24, for example, is currently $749 at Amazon.
Readers in the UK will be pleased with the retailer's exceptionally low price of just £504.99 (was £699) today, which again is record-low price. Note that you'll need to apply a coupon at checkout to get your full discount (it's an extra £50 off the current listing price). Unfortunately, the Pro model isn't also on sale right now in the UK, although we'll update this page if we spot anything else.
At $200 off, the standard Google Pixel 8 is a particularly great value buy with its superb cameras, 120Hz display, and Tensor G3 chipset. Sure, it doesn't quite match the S24 when it comes to outright power but it's a whopping $250 cheaper and it's plenty quick for everyday use.
The Pixel 8 Pro gets you a bigger display, more advanced camera features (mainly a much better zoom), and more RAM under the hood. These upgrades come at a high upcharge but it's worth it if you're an avid mobile photographer who loves a larger phone.
Unlike most Google Pixel 8 deals at the major carriers, you don't need to trade-in to get a discount with these Amazon discounts. They're simply upfront price cuts that anyone can take advantage of - and pair up with their plan of choice.
Google Pixel 8 at record-low price
Google Pixel 8 (unlocked):was $699 now $499 at Amazon Pick up the excellent Google Pixel 8 for a record-low price at Amazon today thanks to this massive $200 discount. With an excellent pair of rear cameras, a 120Hz display, and a host of excellent AI-integrated features, the standard Pixel 8 is an absolute steal at just $500. Is it the most powerful device on the market? No, but it might just be the best value right now. Check out our Google Pixel 8 review to see why we recommend this excellent device.
Google Pixel 8 Pro (unlocked):was $999 now $749 at Amazon Looking for a more premium device? The Google Pixel 8 Pro is also down to a record-low price in today's sale at Amazon. While arguably not quite as good value as the standard device at $500, the Pro features more RAM, a bigger and more advanced display, and better lenses on the camera. It's a worthwhile upgrade - especially if you prefer a larger display on your phone. Head on over to our Google Pixel 8 Pro review for more details on this device.View Deal
Want to see what else is available this week? Check out our page for thebest cell phone deals, which covers Samsung, Apple, and other leading brands too.
from TechRadar - All the latest technology news https://ift.tt/A8aVGc4
Microsoft has unveiled its latest flagship enterprise devices, with the new Surface Pro 10 and Surface Laptop 6 packed full of the latest software and AI capabilities to make it a serious contender as the best laptop for business.
The company says both devices offer promising improvements over their predecessors in both performance and design, with both devices being the first true Microsoft AI PCs.
The Surface Pro 10 offers all the latest and greatest Copilot experiences in a sleek and compact package for the workers on the go, while the Surface Laptop 6 packs the processing power of a desktop tower into a laptop without compromising on weight.
AI-powered everything
Before getting into the nitty gritty specs of the two latest Microsoft devices, lets delve in to the Copilot AI capabilities for business.
Copilot for Windows 11 and Microsoft 365 can help employees catch up on missed meetings when returning from vacation or sickness, thanks to its meeting summaries with user-specific actionable priority suggestions.
Moreover, Windows 11 for enterprise offers an AI enabled platform that gives users highly customizable accessibility options, auto-patching, and the ability to easily manage cloud PCs with AI.
Employees will also have an increased ability to personalize the device to them, optimize the power performance to increase battery life, and see suggested performance improvements and troubleshooting suggestions from Copilot.
The AI offerings for Windows 365 also help to increase device and organization security with single sign-on, cloud PC encryption and zero-trust access capabilities.
(Image credit: Microsoft)
Surface Pro 10
The Surface Pro 10 offers a significant performance boost over the previous Pro 9 model, utilizing the latest Intel Core Ultra processors to boost its performance over its predecessor by 50%.
But more excitingly, the Pro 10 now utilizes a neural processing unit (NPU) that is the powerhouse behind all of the latest integrated Copilot AI features, freeing up capacity on the main processor to handle the tasks that matter.
There is the option for 5G connectivity, allowing the Surface Pro 10 to be used on the go, which comes especially in handy with the custom anti-reflective display for use in any lighting conditions.
Moreover, the Pro 10 also comes with enhanced inking technology which can be used with Copilot to turn messy written notes into organized documents, with Copilot suggestions to help optimize your workflow and boost productivity.
No compromise was made for collaboration, with the Pro 10 offering the largest field of view camera on a tablet, with 140 degrees of HD video angle alongside AI powered auto-framing to keep you at the center of attention.
The Surface Pro 10 can be configured to your performance needs, with Core Ultra 5 135U and Core Ultra 7 165U processors available, alongside 8GB of ram that can be custom configured all the way up to 64GB depending on your expected workload.
With two Thunderbolt 4 ports as standard, and will set you back $1,199 for the base model, which ships with a 256GB Gen4 SSD. The screen is an LCD, unfortunately dispelling the rumors that Microsoft would be releasing an OLED device.
(Image credit: Microsoft)
Surface Laptop 6
In Microsoft's own release event demo, the Surface Laptop 6 was able to handle multiple application workloads, including a running Visual Studio and a 10 project NET Aspire solution, all while streaming to a 6k and 4k monitor while being on a Teams call.
This is thanks to the Core Ultra 5 135H or Core Ultra 7 165H, depending on how hard you're looking to run this workhorse, giving it twice the performance of the Laptop 5, Microsoft claims. The RAM is configurable just like the Surface Pro 10, with 8GB as standard configurable all the way up to 64GB.
You also have the choice of sticking with the base model 256GB Gen4 SSD, or you can upgrade all the way to 1TB of storage. The base model ships out at $1,199, but there are a few additional options that may pique your interest.
The Surface Laptop 6 can be configured to include a smart card reader and NFC reader to increase device security, alongside the zero-trust principles and secure core capabilities.
Surface Laptop 6 can also be configured to use biometric login, alongside user specific pins to provide secure dual-factor authenticated access. And thanks to Windows 365, you can have instant access to your cloud PC with everything right where you left off.
The chassis is constructed from recycled aluminum, with the internals featuring QR code guidance for increased reparability, lowering the repair costs to your business and reducing the environmental impact of the device itself.
YouTube TV’s Multiview feature is reportedly rolling out to iOS devices, giving iPhone owners a new, more immersive way to watch sports.
News of this update comes from multiple users on the YouTubeTV subreddit claiming that they had just received the option on their smartphones. One person even shared a short video of their iPhone playing four different basketball games at once – well, one’s a commercial, but you can tell it’s basketball due to the ESPN banner.
We don’t know the full capabilities of Multiview on YouTube for iOS. According to 9To5Google it can be activated from the app’s Home tab, however it “only works with select games,” and it doesn't have all of the same features as the smart TV version.
Multiview on iOS apparently can’t show sports scores alongside a broadcast, nor does it have the Last Channel Shortcut to hop between recently viewed channels. There is a gap in performance, but regardless of what it can’t do, Multiview on mobile is still very useful to have, especially now during March Madness.
Availability
It appears this isn’t a limited roll out as a company representative told Reddit users the feature will appear in a patch that will be available on all iOS devices. You need to have YouTube version 8.11 installed to see the option.
The feature is also coming to iPadOS, as another user claims to have the patch on their iPad Pro 12.9. Admittedly, it’s difficult to watch four sports games on their iPhone since the small screen shrinks each window considerably, but iPad owners should have a better viewing experience.
An Android version is apparently in the works, however it won’t be out for a while. The same representative said that the update will arrive within “the coming months” although it may arrive sooner than expected. One user claims to have received a notification after opening the YouTube app on their Android informing them of Multiview. But, when they checked, it wasn’t actually there.
We reached out to Google asking them to confirm whether or not the iOS release will reach everyone or just a select few. We'll update this story if we learn anything new.
Until then, check out TechRadar's list of the best iPhone for 2024 if you're looking to upgrade.
At Google's AI Health event in NYC, company executives show how artificial intelligence will play a role in the future of health through a series of demos. Check out our recap here.
The beloved ‘Hackintosh’ may be on its last legs, as Apple’s macOS 14 Sonoma kills off a selection of older Wi-Fi drivers in its signature operating system allowing users to run it properly on purpose-built hardware.
For the uninitiated, a Hackintosh was the term given to a non-Apple computer or other device running macOS. The benefits of this are pretty obvious: for starters, Apple’s best MacBooks and Macs can cost a pretty penny, and are usually the only way to access macOS.
On top of that, Apple’s hardware can be limited for some users – if you want a super-powered scientific modeling PC with a ludicrous amount of RAM, for example, you’d normally be limited to purpose-built Windows and Linux machines. Then there's also the silly (but fun) edge cases, like running macOS on a Nintendo DS.
The latest version of macOS, Sonoma, has removed driver support for a selection of old Broadcom Wi-Fi cards found in some Mac models from 2012/13. That might not sound like a big problem in itself (after all, that hardware is more than a decade old now). But Hackintosh fan and app developer Aleksandar Vacić has pointed out that those cards were integral to fully-functioning Hackintosh builds, and a driver shift from .kext to .dext formats has similarly hamstrung other workarounds.
A sad day for macOS lovers… who don’t like Macs
Hackintosh fans formed a small but lively online community around their custom macOS rigs, and some users are already bemoaning the impending death of their favorite homebrew hardware.
As one commenter on OSNews put it Hackintoshes were “a great way to have a machine that Apple doesn’t offer anymore – unsightly big box full of hardware.” Many have noted that Apple dropping Intel and shifting to ARM-based chips for its Macs, starting the release of the very impressive M1 chip seen in the 2020 MacBook Air, was the first sign that the Hackintosh glory days might be coming to an end, and that prophecy seems to be ringing true.
Without proper Wi-Fi driver support, the only way to run Sonoma on non-Apple hardware now seems to be doing so without Wi-Fi at all, which has the knock-on effect of borking many apps in macOS, including FaceTime, AirDrop, and Continuity. With one of the aforementioned Wi-Fi cards and an older version of macOS, all of those tools worked just fine.
At the end of the day, the humble Hackintosh represented a path forward for users who loved the OS, but hated (or simply couldn’t afford) the hardware. It’s no surprise that some fans are upset by its slow death, but the writing was on the wall; the Hackintosh community has undeniably been shrinking ever since the tech giant abandoned Intel’s x86 processors.
Google’s time to shine?
Personally, as TechRadar’s resident macOS hater, I won’t really shed a tear about this. There was one comment on OSNews that resonated with me, though: user ‘cpcf’, who said “we discard so much hardware long, long before its natural use-by-date simply because some software somewhere says ‘No!’”
It’s an excellent point, although I’m not dragging Apple directly here; ending support for decade-plus-old kit isn’t ridiculous. But killing users’ ability to keep their old home-made Macs running is a shame, especially considering that Apple hasn’t historically hated the ‘Hackintosh’ trend too much. Another user speculates about macOS being given the open API license treatment, suggesting Apple takes a stance of “Here’s our driver API so 3rd parties can make drivers, here’s the OS. If you want to run it on an x86 PC, pay us $200.”
It’s not a bad idea, and could be a way for Apple to make a bit of side cash off its older macOS versions, but I doubt it’ll ever happen. Apple prides itself on its tightly insulated software ecosystem, and Google beat macOS to the punch anyway. ChromeOS Flex already offers a cheap and easy alternative OS for almost any machine, an admirable way to beat the current e-waste crisis. Good job, Google; sorry you missed the boat, Apple.
Find your perfect espresso maker: We've tested the best espresso makers on the market, including Breville, Cuisinart and more, to find the ones worth your money
A newly-discovered, Microsoft-branded SSD suggests the tech giant may be – or has been at least - exploring new ways to optimize its data center storage.
The leaked images of a Microsoft Z1000 SSD show a 1TB NVMe M.2 drive, apparently boasting sequential read speeds of up to 2,400MB/s and write speeds of 1,800MB/s.
The Z1000 SSD, originally revealed by @yuuki_ans on X, is made up of a mix of components from various companies, including Toshiba NAND flash chips, Micron's DDR4 RAM cache, and a controller from CNEX Labs, a company best known for its work with data center hyperscalers.
(Image credit: @yuuki_ans on X)
Up to 4TB capacity
Back in 2018, CNEX Labs closed a $23 million Series D funding round led by Dell Technologies Capital which also included Microsoft’s venture fund M12. This money was partially used to fund a proprietary, advanced CNX-2670 controller that delivered 550,000 IOPS, a 25% performance increase over previously available M.2 form-factor SSDs at the time. The CNEX Labs controller in the leaked photos is CNX-2670AA-0821.
The SSD has a capacity of 960GB made up of four 256GB Toshiba BiCS4 96-layer eTLC chips and features a 1GB DDR4 RAM cache made by Micron to boost performance.
The leaked "engineering sample", produced on May 18, 2020 when much of the world was in Covid lockdowns, suggests the drive is part of a broader portfolio of SSD models. Its design allows for the addition of more DRAM and capacitors, hinting at larger versions.
As Tom’s Hardware notes "several unused solder pads are on both sides of the PCB, presumably for additional capacitors. This implies that there may be larger versions of the Z1000 with 2TB and perhaps even 4TB of room, given that more capacity would require more DRAM and capacitors to ensure data protection."
This isn't the first time Microsoft has experimented with hardware design for its data centers, having recently revealed its own-brand silicon hardware in order to help further the development and use of AI in businesses.
Default installations of Kubernetes were vulnerable to a high-severity flaw, which allowed threat actors to remotely execute code with elevated privileges.
Researchers from Akamai discovered the flaw, which has since been patched, uncovering what’s now known as “insufficient input sanitization in in-tree storage plugin”, a flaw that’s tracked as CVE-2023-5588.
It carries a severity score of 7.2, and impacts all versions of kubelet, including 1.8.0 and newer.
Multiple vulnerabilities
"The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai explained. "To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster.
A user, with the ability to create pods and persistent volumes on Windows nodes, could elevate their privileges to admin status on those nodes, Kubernetes explained on GitHub. As a result, they might be able to completely take over all Windows nodes in a cluster.
The vulnerability was patched in mid-November last year, so make sure you bring your kubelet to one of these versions:
v1.28.4 v1.27.8 v1.26.11 v1.25.16
In September 2023, Akamai’s researchers found a similar flaw - a command injection vulnerability that could be exploited with a malicious YAML file in the cluster. That flaw, now tracked as CVE-2023-3676, and with a severity score of 8.8, was the one that paved the way for today’s findings, the researchers explained.
“The lack of sanitization of the subPath parameter in YAML files that creates pods with volumes opens up an opportunity for a malicious injection,” they said. “This was the original finding, but at the tail end of that research, we noticed a potential place in the code that looked like it could lead to another command injection vulnerability. After several tries, we managed to achieve a similar outcome.”
For businesses, verifying Kubernetes configuration YAMLs is “crucial”, as input sanitization is “lacking in several code areas in Kubernetes itself”.
Nab this subscription offer from StackSocial and get lifetime access to over 10,000 hours of language learning content at a deep discount before the deal is gone.
If you buy one of next year’s best Android phones, then chances are it will be equipped with a Snapdragon 8 Gen 4 chipset.
This chipset hasn’t been unveiled yet, but Qualcomm’s Snapdragon chipsets power most of the top Android handsets, and in 2024 we’ve seen the Snapdragon 8 Gen 3 in the likes of the Samsung Galaxy S24 Ultra (along with the other Samsung Galaxy S24 models in some regions), the OnePlus 12, the Xiaomi 14 Ultra, and more, with numerous other phones expected to use it too.
So the next generation of this chipset is a big deal, and it’s sure to be extremely powerful. If you want an idea of just how powerful, what that might mean for 2025’s phones, and which handsets are likely to use it, read on.
Cut to the chase
What is it? Qualcomm's next flagship mobile chipset
When is it out? Sometime in October
How much will it cost? It will be found in flagship phones
Snapdragon 8 Gen 4: potential release date
The Snapdragon 8 Gen 4 will be announced at the Snapdragon Summit in October, as confirmed by the company itself in a post on X (formerly Twitter).
We don’t know the exact date of the Snapdragon Summit yet, but for reference, last year’s was held from October 24 to October 26.
Of course, you’ll probably be waiting a while after that before any phones ship with the Snapdragon 8 Gen 4. But there’s a good chance that at least a couple of phones will launch with it before the end of the year – though possibly initially only in China, much like the Xiaomi 14 and OnePlus 12 landed in China last year with the Snapdragon 8 Gen 3, before going global early this year.
Snapdragon 8 Gen 4: news and leaks
Qualcomm itself has revealed in a video on X that the Snapdragon 8 Gen 4 will have a “supercharged” Oryon CPU, and that it will have an improved neural processing unit (NPU), the latter of which should boost its AI capabilities.
The Oryon CPU isn’t a new thing, having previously appeared in the Snapdragon X Elite chipset. But this chipset was designed for laptops, so bringing that sort of power to mobile sounds impressive.
Leaks certainly suggest the performance might impress, with one source claiming that the Snapdragon 8 Gen 4 might be clocked at up to 4.0GHz. For reference, the Snapdragon 8 Gen 3’s fastest core is clocked at 3.30GHz (or 3.39GHz in the Snapdragon 8 Gen 3 for Galaxy variant), so this would make for a huge increase.
In fact, it might be an even bigger increase, as another leaker claims that the Snapdragon 8 Gen 4 will be clocked at up to 4.3GHz, and that it can achieve a single-core score of around 3,500 on Geekbench. The same source claims this is a higher score than the A18 Pro expected to power the iPhone 16 Pro Max can achieve.
(Image credit: Qualcomm)
However, we’d take this clock speed, and the resulting scores, with a pinch of salt, as the power draw for a 4.3GHz clock speed would likely be too high to be viable for a smartphone.
Indeed, another benchmark leak provides more conservative results, with a post on a Vietnamese forum (spotted by 91Mobiles) pointing to a 2,845 single-core score and a 10,628 multi-core result.
For comparison, the Snapdragon 8 Gen 3-powered Samsung Galaxy S24 Ultra tends to score in the region of 2,200-2,300 for single-core and 6,500-7,000 for multi-core. So even if the more conservative leak above is accurate, that should make the Snapdragon 8 Gen 4 significantly more powerful than the Gen 3.
But it’s not just the clock speed that might be high here, we’ve also heard that there’s a chance the Snapdragon 8 Gen 4 will support LPDDR6 (Low-Power Double Data Rate 6) RAM, which is expected to debut later this year, and is faster than the RAM currently used in phones. If it does support this, then that should particularly aid on-device AI capabilities.
Finally, the Snapdragon 8 Gen 4 will probably be paired with a Snapdragon X80 5G modem. This has already been announced and it’s the successor to the X75 used by the Snapdragon 8 Gen 3.
The X80 has a dedicated 5G AI processor, which essentially makes it smarter – letting it figure out the best masts and 5G bands to connect to at any given time for example. It should also be capable of higher data speeds than the X75, while being more power efficient.
Snapdragon 8 Gen 4: supported phones
The Samsung Galaxy S24's successor might have a Gen 4 chip(Image credit: Future | Roland Moore-Colyer)
We don’t know for sure what phones will use the Snapdragon 8 Gen 4, but based on past form we can take some good guesses. The following handsets are all expected successors to phones that use, or are likely to use, the Snapdragon 8 Gen 3, so there’s a good chance they will use the Gen 4:
The Samsung Galaxy S25 series, Samsung Galaxy Z Fold 7, Samsung Galaxy Z Flip 7, OnePlus 13, Xiaomi 15 line, Sony Xperia 1 VII, and Sony Xperia 5 VII. That’s not a complete list, but it includes the most high-profile handsets we’re expecting to use the Snapdragon 8 Gen 4. But really, the majority of high-end Android phones released in 2025 probably will.
There are some exceptions though. While we mentioned the Galaxy S25 line here, the standard Samsung Galaxy S24 and the Samsung Galaxy S24 Plus only use a Snapdragon chipset in some parts of the world (primarily the US), with other regions getting an Exynos chipset, so the same might happen with the S25.
We also don’t expect any Google Pixel phones to use the Snapdragon 8 Gen 4, since Google equips these phones with Tensor chipsets. And of course, you won’t find an iPhone using it either, as Apple develops its own A-series chipsets.
