Latest Tech News

Businesses are slowly moving away from open source software, due to growing fears of security risks that come from open source elements, new research has shown.

Virtualization giant VMware recently released a report that states that the number of companies willing to deploy open source software in production environments fell from 95% last year, to 90% this year. 

The two biggest concerns that are forcing companies to look elsewhere are the ability to identify and address vulnerabilities found in open source software. In fact, dependency on the community to address flaws and vulnerabilities is at the top of the list (61%), followed by increased security risks (53%), and the lack of service-level agreements (SLA) for patches from the community (50%). 

Too many tools, manual tasks, and people

To address the issue, businesses would love to see improvements in packaging security, as open source software packaging is essential in securing the supply chain, the report claims.

Apparently, there are too many tools, too many manual tasks, and too many teams working on packaging at most companies, which makes the process sluggish, inefficient and risky.

When asked which software packaging capabilities would improve security, almost two-thirds (60%) would appreciate immediate access to trusted security patches to applications or runtimes, dependencies, and operating system components, while half (55%) want centralized visibility to all scans, as it would simplify security audits. Half (51%) also want to automate CVE and virus scanning for every container.

Read more

> The love for open source software is showing no signs of slowing down

> Open source security is rapidly becoming a major concern

> These are the best endpoint protection services out there

While open source software remains an indispensable part of every project, this is not the first time questions of security have been raised. Last June, cybersecurity firm Snyk, together with the Linux Foundation, published a report claiming open-source software poses a “significant security risk”.

Based on a survey of more than 550 respondents, as well as data pulled from 1.3 billion open source projects via Snyk Open Source, the report states that two in five (41%) firms are not confident in the security of their open source code.

The average application development project, it was found, has 49 vulnerabilities, as well as 80 direct dependencies. Usually, it now takes 110 days to remedy a vulnerability in an open source project, up from 49 days four years ago.

• Here's our take on the best firewalls around

from TechRadar - All the latest technology news https://ift.tt/7CmeLZq

Here Are 7 Prime Day Bluetooth Speaker Deals You Shouldn't Miss - CNET

Looking for a bargain on a Bluetooth speaker? Here are some deals worth checking out from Amazon's Early Access Sale.

from CNET https://ift.tt/U7IMXmY

Latest Tech News

A significant proportion (43 percent) of all business devices are still unable to upgrade to Windows 11 because of hardware requirements imposed by Microsoft, according to new research published by IT management company Lansweeper.

TechRadar Pro previously reported in March 2022 that many millions of business PCs were ineligible to upgrade to Windows 11, in part due to their processors lacking Trusted Platform Module (TPM) 2.0 compatibility, a feature Windows 11 requires.

Lansweeper claims that the situation has eased since we covered its last report, with the percentage of devices clearing the CPU and TPM requirements rising by 12%. At this level of growth, all devices should be compatible with Windows 11 by 2026.

Windows 11 in the workplace

However, Lansweeper still found that only 57% of the devices tested had CPUs that met Microsoft’s requirements. More than a third (35%) of workstations tested were incompatible with TPM or had it disabled, while virtual machines fared worse - with only 1% supporting or having TPM enabled.

Furthermore, the growth level of Windows-11 compatible devices that Lansweeper has seen still falls short of the end-of-life deadline for Windows 10: October 14, 2025. On this date, Windows 10 will stop receiving vital security and feature updates. 

This is important, as 82% of all Windows devices are still running Windows 10. A steady growth rate for compatible devices isn’t guaranteed, and any devices still running the previous iteration of the operating system will become increasingly vulnerable to malware and ransomware attacks.

This is a large part of why a great deal of cyberattacks target healthcare and educational institutions. Organizations neglect to update operating systems, usually to preserve a software or database solution that “just works”, and so become easy targets for malicious threat actors who value their sensitive personal data.

READ MORE

> Check out our list of the best mobile workstations right now

> Windows 11 is getting an update that IT admins will celebrate

> Windows 11 now has much better protection against brute-force attacks

Only 3% of all Windows users currently use Windows 11. By comparison, 1% of users are still using the 21-year-old Windows XP, and so it’s fair to say that businesses are still unaware as to why they ought to invest in new hardware.

As much as it may seem counterproductive, especially in a recession, organizations are advised to update the hardware powering their business for long-term confidence in their security posture, and look to save money in other areas, such as their software solutions.

•  Here’s a list of the best business laptops right now 

from TechRadar - All the latest technology news https://ift.tt/Wv91EjJ

Latest Tech News

It has been discovered that Android devices are designed to leak some user data when connecting to a new Wi-Fi network, and even the best VPN services cannot stop it. 

Mullvad VPN identified the quirk during a recent security audit, reporting that data leakage also occurs when the "Block connections without VPN (or VPN lockdown)" and/or "Always-on VPN" options are enabled. 

The data exposed during the connectivity check includes people's real IP address, DNS lookups, HTTPS and NTP traffic.

However, the leak does not appear to be a malfunction. In response to questions from the provider, Google explained that both of the features work as intended. 

Android leaks traffic when performing its connectivity check and neither VPN services nor you can prevent it, https://t.co/FPhhqyYXiiOctober 10, 2022

See more

Android features deceiving VPN users 

A VPN is a tool that people use, among other things, to encrypt internet traffic while hiding their real IP location. This allows access to censored sites, avoids bandwidth throttling and secures online anonymity - the latter point being especially important on public Wi-Fi connections. 

However, certain wireless networks (like hotel or public transport Wi-Fi, for example) might require a connectivity check before establishing the connection. And it's exactly on these occasions that Android VPN services leak some traffic details, whether or not the option to block unprotected connections has been activated. 

"We understand why the Android system wants to send this traffic by default," wrote  Mullvad VPN in a blog post. "However, this can be a privacy concern for some users with certain threat models."

Read more

> VPNs on iOS are "broken" and Apple doesn't seem to be doing anything to fix it

> How to protect your privacy on your Android phone

> Our pick of the best Android VPN apps around right now

Following Mullvad's request for an additional option to disable these connectivity checks when the "VPN lockdown" is on, Google developers explained that the leak is actually a design choice.

Specifically, the company claims that some VPN apps rely on these checks to properly function. The developers also said there are other exemptions that might be more risky, like those applied to some privileged applications. They also believe that the impact on users' privacy is minimal.

After taking into consideration the points raised by Google, Mullvad still thinks that its suggested additional feature could be beneficial for users. Most importantly, the provider is calling the big tech giant to at least be more transparent about its features.

"Even if you are fine with some traffic going outside the VPN tunnel, we think the name of the setting ('Block connections without VPN') and Android’s documentation around it is misleading. The impression a user gets is that no traffic will leave the phone except through the VPN."  

What's at stake for Android users?

According to Google, the privacy risks are basically non-existent for most people. However, Mullvad argues that the metadata exposed could be enough for experienced hackers to de-anonymize this information and track down users. 

"The connection check traffic can be observed and analyzed by the party controlling the connectivity check server and any entity observing the network traffic," explained the secure VPN provider. 

"Even if the content of the message does not reveal anything more than 'some Android device connected,' the metadata (which includes the source IP) can be used to derive further information, especially if combined with data such as Wi-Fi access point locations."

This might not be relevant for everyday users, but it could negatively affect those for whom privacy is paramount. After all, it's likely they have turned on the VPN lockdown feature exactly for this reason. 

TechRadar Pro has contacted Google for further information, but did not receive an immediate response.

from TechRadar - All the latest technology news https://ift.tt/cPHId7Z

Latest Tech News

Microsoft has announced a new Microsoft 365 app called Microsoft Places that will look to “optimize” the management of hybrid workplaces.

Introducing the app at its Ignite event, the company explained the idea is to inform team members as to when colleagues are coming into the office, and suggest whether certain meetings may be best held in-person.

It also teased “intelligent recap”, a feature that will use artificial intelligence to analyze meeting recordings in order to assign tasks to team members, take minutes, and share “personalized insights”. Intelligent recap will be available as part of the new Teams Premium package.

Microsoft Places and hybrid working

The introduction of Microsoft Places, so the company claims, is backed up by survey data. According to the company’s recent Work Trend Index, over 80% of employees go to the office for the sake of meeting and collaborating with each other.

Microsoft believes that a software solution is required to bridge the gap between the pre-pandemic world of physically present work and the allowance for remote work spurred on by the Covid-19 pandemic.

Places, it claims, will offer granular insight into the workplace, and advice on how offices could benefit from being reconfigured as companies adapt to hybrid working environments.

Other features will include a “modernized” conference booking system, as well as insights for business leaders to assess how office space is being used, and how to best approach hybrid working policy.

But employees who have grown comfortable with video conferencing needn’t despair. Places, Microsoft claims, is being developed to “[connect] virtual and physical spaces”, and to make offices safer and more transparent following the onset of the pandemic. 

READ MORE

 > Check out our list of the best online collaboration tools right now

> Businesses are feeling more confident about securing hybrid work

> The rise of the smart office in hybrid work 

While at least some allowance for remote working has stuck at many workplaces, the transparency into office spaces that Microsoft wants to offer with Places may renew the trust employees have in office environments, with a renewed focus on employee safety.

But discussion of the tool’s long-term impact on working practices will have to wait. As of right now, Microsoft Places is only “coming soon in preview”.

•  Here’s our list of the best conference phones right now 

from TechRadar - All the latest technology news https://ift.tt/38nAV6p

Latest Tech News

Microsoft has made the latest iteration of its Azure Premium range of solid state drive (SSD) cloud storage available for general sale.

The company announced the release of the latest Azure Premium SSD v2 storage at its Ignite event, following an invite-only preview release in May 2022.

The new range of high-capacity drives for enterprises is designed to offer the lowest latency for “performance-critical workloads”, while also allowing for storage expansion up to 64 terabytes (TiB). 

Microsoft Azure Premium v2 improvements

Microsoft claims to have achieved “sub-millisecond” latency with the new drives, offering 80,000 input/output operations per second (IOPS) - a 60% improvement over Azure Premium V1. 

Data transfers should also be lightning fast, with a guaranteed baseline throughput of 125 megabytes per second (MBPS) across all drives under the new specification, and a peak throughput of 1,200 MBPS - an overall improvement of 33% over V1.

The increases to storage capacity may also be of interest to Azure Premium SSD v1 users who feel limited by the maximum 32 TiB available. 

Microsoft claims that the all-round increases to performance in the new drive range will suit a number of production workloads and purposes, from database software like SQL Server and Oracle, to analytics, virtual machines (VMs), and gaming.

READ MORE

> Check out our list of the best high-capacity drives right now

> Cloud storage vs Local storage: Balancing your needs

> SSD could hasten demise of HDD as price parity looms in 2023

The company is even looking to court enterprise customers who may not immediately need the benefits of Azure Premium V2, promising that companies may provision storage capacity, IOPS, and throughput “based on their workload requirements”.

This could make the new set of drives appeal even to smaller businesses who may go on to see steady growth, while simultaneously helping large companies cut their cloud costs during a recession.

•  Here’s our list of the best cloud hosting providers right now 

from TechRadar - All the latest technology news https://ift.tt/L3ZpyoA

Meta Quest Pro VR Headset Hands-On: A New $1,500 Headset Is Unveiled - CNET

This expensive, new pro-level headset from Meta arrives Oct. 25, blending VR and AR with eye and face tracking. We got an early test-drive at Meta's research lab.

from CNET https://ift.tt/YDb16Ze

Latest Tech News

Amazon Web Services (AWS) has launched EC2 instances it says are specifically optimized for deep learning training.

The new Amazon EC2 Trn1 instances are powered by AWS Trainium chips, a second-generation ML chip designed by AWS, following on from its AWS Inferentia chips.

The cloud giant claims these new instances are well-suited for large-scale distributed training of complex deep learning models, such as natural language processing and image recognition.

What do users get?

Trn1 instances are available in two configurations and are powered by up to 16 AWS Trainium chips with 128 vCPUs. 

The instances apparently offer up to 512 GB of high-bandwidth memory and deliver up to 3.4 petaFLOPS of TF32/FP16/BF16 compute power and feature a NeuronLink interconnect between chips. NeuronLink helps avoid communication bottlenecks when scaling workloads across multiple Trainium chips.

In addition, Amazon says Trn1 instances are the first EC2 instances to enable up to 800 Gbps of Elastic Fabric Adapter (EFA) network bandwidth for high-throughput network communication. And Trn1 instances come with up to 8 TB of local NVMe SSD storage for ultra-fast access to large datasets.

AWS also said its Trainium chips include specific scalar, vector, and tensor engines that are purpose-built for deep learning algorithms. 

Other new features of Trainium chips include support for a wide range of data types, including FP32, TF32, BF16, FP16, and UINT8, Stochastic rounding,  as well as custom operators written in C++ and dynamic tensor shapes.

AWS Trainium shares the same AWS Neuron SDK as AWS Inferentia, which could make the transition to AWS Trainium easier.

Where can I sign up?

READ MORE:

> Ubuntu is now available on AWS

> AWS is upping its security and malware protection

> Our guide to the best database software

You can launch Trn1 instances today in certain regions such as AWS US East (N. Virginia) and US West (Oregon).

These Trn1 instances can be deployed using AWS Deep Learning AMIs, and container images are available via managed services such as Amazon SageMaker, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS), and AWS ParallelCluster.

To learn more, you can head to Amazon EC2's Trn1 instances page.

• Interested in moving away from public cloud? Check out our guide to the best bare metal hosting

from TechRadar - All the latest technology news https://ift.tt/RFnK1Vt

Everything Revealed at Meta Connect 2022 video - CNET

During Meta's 2022 Connect event, Mark Zuckerberg revealed a new $1,500 mixed reality headset the Quest Pro, updated avatars with legs and a new partnership with Microsoft.

from CNET https://ift.tt/D02tENO

Latest Tech News

Hong Kong-based single-board computer maker Pine64 is reportedly about to take on Raspberry Pi with its upcoming Ox64, according to CNX Software.

The Ox64 will be built on RISC-V architecture to directly challenge the Raspberry Pi Pico W. While Pine64 has not yet made an official announcement, a wiki post does give us a fairly detailed hint at what to expect.

Its CPU features two Alibaba T-head cores, one 62-bit and the other 32-bit, and the machine has 64MB of DRAM (compared with the Pico W’s 264Kb). It also uses a Bouffalo Lab AI engine for video and audio detection and recognition.

Pine64 Ox64 specs

In terms of connectivity, like the Raspberry Pi Pico W, there’s built-in Wi-Fi. The Ox64 uses the same Wi-Fi 4 standard and only connects to 2.4GHz channels. While Wi-Fi 6 is beginning to gain serious traction in household devices, Wi-Fi 4 should be sufficient for most microcontroller users.

There’s also Bluetooth 5 with support for Bluetooth Low Energy, and for smart home aficionados, Zigbee (specifically IEEE 802.15.4).

Read more

> The best Python online courses

> Good luck getting hold of the latest Raspberry Pi any time soon

> The cheapest Raspberry Pi board now comes in three new flavors

Onboard storage is capped at 128Mb/16MB, however there’s support for SDHC/SDXC microSD cards. Further expansion comes courtesy of a USB 2.0 port, 26 GPIO pins dotted around the outside of the module with SPI, I2C and UART functionality, and a USB-C port for power.

Like the Raspberry Pi Pico W, the Ox64’s footprint measures 51x21mm. It is slightly thicker than the Pico W, though, at 19mm (compared with 3.9mm for the Pico W or 12.9mm for the Pico WH). 

Little is known about the future applications of the Ox64, though it’s likely to support a Linux operating system, including many of the Raspberry Pi distros that are readily available. It’s also expected to come in at under $10/£10, much like its key rival.

TechRadar Pro has reached out to the company for further information on the Ox64 and will update this article accordingly.

• Check out our list of the best laptops for programming right now

Via Tom's Hardware

from TechRadar - All the latest technology news https://ift.tt/YTK7RFG

Latest Gadgets News

Apple will reportedly introduce 5G update to iPhone 12 and other compatible smartphones by December. This may come combined with a new iOS update. Moreover, Google Pixel 5G-compatible devices could also receive 5G services by December with a new software update.

from Gadgets 360 https://ift.tt/vtXs3A1

Meta's New Quest VR Accessory Might Keep Your Headset From Getting Sweaty - CNET

The new accessory bundle is meant to let Quest users work out without getting their headsets sweaty.

from CNET https://ift.tt/ZkTcnOI

Call of Duty: Modern Warfare Joins Overwatch 2 in Requiring Phone Number Verification - CNET

Gamers with prepaid plans might be out of luck.

from CNET https://ift.tt/xqLw9Vn

Extremism Glossary: Be Aware of These 11 Terms Used Online - CNET

Red pill, black pill, accelerationist and other red flags you should be aware of.

from CNET https://ift.tt/BAhsze9

iOS 16.0.3 Update Brings Security, Bug Fixes - CNET

iPhone users can download the update now.

from CNET https://ift.tt/EzOwasi