Agregátor RSS

IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow

Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection

Ucelený přehled článků, zpráviček a diskusí za minulých 7 dní.

Fyzici obvykle zacházejí s kvantovými jevy jako s křehkými květinkami. Poskytují jim ideální podmínky a téměř ani nedýchají, když s nimi experimentují. Rakouský tým nebyl tak ohleduplný a kvantovým kočkám přitopil. Bylo to sice jen na 1,8 kelvinu, i tak ale jde o významný průlom, který slibuje nové směry výzkumu i aplikace.

Klasická elektronika v datacentrech mele s nástupem umělých inteligencí z posledního. Do hry vstupují fotonické čipy. Q.ANT zahájil výrobu fotonického AI čipu v bývalé továrně na polovodiče IMS Chips v německém Stuttgartu. Nový čip nabízí 30krát vyšší energetickou účinnost a 50krát rychlejší výpočty oproti křemíku.

At a special 50th anniversary event on Friday, Microsoft executives reflected on the company’s storied past and on how it’s now reinventing itself for an AI-focused future.

With previous CEOs Bill Gates and Steve Ballmer in attendance, current CEO Satya Nadella boasted that the company is “leading this new wave of AI innovation, and more importantly, democratizing just like we did it with the PC.”

Details about the company’s plans were laid out by Microsoft Executive Vice President Mustafa Suleyman, who noted that the ability to customize Windows to every person’s specific needs is coming. “Years ago, Bill laid out a bold ambition, which at the time probably felt like a pretty crazy dream — to put a PC on every desk and in every home.

“Today, we’re creating a Copilot for everyone,” Suleyman said at the event, which was webcast. 

Suleyman talked about how the company is transforming its generative AI (genAI)-based Copilot into a personal assistant. Microsoft is replicating key sensory features from humans into the software.

“Today, we’re taking the very first steps towards rich memory and personalization, the very foundations of an AI companion,” Suleyman said.

Copilot is gradually adding a “Memory” feature that can personalize the tool to remember human preferences, dates, events and more. Suleyman pointed out how the AI agent over time will be able to remember birthdays, and provide reminders on tasks. It will also provide advice on how users go through each step in training sessions on specific topics and even memorize individual traits, such as whether a person greets others formally or informally.

The memory feature works with others such as “Actions,” which can complete tasks in the background.

Microsoft is also developing avatars for Copilot that make interacting with it more fun. Suleyman showed off avatars as animated characters, and in jest showcased the dreaded Clippy — of old Microsoft Office fame — as an avatar.

The company’s main announcements included Copilot Vision, a mobile app that can help users interact with the real-world. The app uses the phone’s camera to capture images and in real-time provide context of the surroundings.

“With our new mobile app, Copilot can actually see what you see and talk to you about it in real time,” Suleyman said.

The second piece to Copilot Vision is a Windows app, which can take a snapshot of a user’s PC screen and help explain what is being displayed. The app works across applications, browser tabs or files.

“It will read the screen and interact with the content. You’ll be able to use Copilot to search, change settings, organize files and collaborate on projects without switching between files or apps,” the company said in a blog post.

“With my permission it can see my screen like a second set of eyes,” Suleyman said at the event said. “It’s my sounding board. And most importantly, it can respond in the context of what I’m seeing on my screen.”

Suleyman made no reference to Windows Recall, the controversial Copilot feature that uses snapshots to log the history of activity on a PC. Recall was unveiled last year and quickly ran into a storm of controversy related to privacy concerns.

Microsoft has also started rolling out Copilot Search, with AI integrated into a conventional Bing search to provide better search results. The search results will be personalized and dynamically generated on the screen.

“With Copilot’s new search capabilities, you can get many magazine style cards made just for you, on any topic that you care about, with text, images, videos, and maps built right in,” Suleyman said.

Microsoft also unveiled “Podcasts,” an AI feature that can instantly generate podcasts with video and audio, and new AI technologies for Azure AI Foundry. 

For enterprise users, Microsoft recently rolled out Research and Analyst agents to boost enterprise search and employee productivity. 

AI will be the biggest change to the PC since the graphical user interface (GUI), and it may be as important as the first databases for enterprise users, said Jack Gold, principal analyst at J. Gold Associates.

But harnessing its potential is a challenge, with numerous usability, privacy and security challenges. “The ability to make AI most useful and efficient for enterprise needs still needs a lot of work. We’re in the first innings,” Gold said.

Microsoft’s challenge with AI is not just in the OS, but also in apps that support enterprise users, where Microsoft has a large installed base.

“While Copilot may make the way we interact with our devices through agents that implement and execute tasks for us more personal, it’s what AI may do to enhance our insights from our increasingly complex enterprise informational environment that could be a game changer,” Gold said.

It’s likely to be a decade-long maturing process before enterprises see the same level of maturity and creativity users have grown to expect in day-to-day go-to apps.

“Enterprises need to start down the path now, but don’t expect to achieve the end state in the short term,” Gold said.

'Nonpartisan' intelligence chief booted less than two years into the job

President Trump yesterday fired the head of the NSA and US Cyber Command and his deputy.…

Posted by Elie Burzstein and Marianna Tishchenko, Sec-Gemini team

Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers. 

As outlined a year ago, defenders face the daunting task of securing against all cyber threats, while attackers need to successfully find and exploit only a single vulnerability. This fundamental asymmetry has made securing systems extremely difficult, time consuming and error prone. AI-powered cybersecurity workflows have the potential to help shift the balance back to the defenders by force multiplying cybersecurity professionals like never before.

 

Effectively powering SecOps workflows requires state-of-the-art reasoning capabilities and extensive current cybersecurity knowledge. Sec-Gemini v1 achieves this by combining Gemini’s advanced capabilities with near real-time cybersecurity knowledge and tooling. This combination allows it to achieve superior performance on key cybersecurity workflows, including incident root cause analysis, threat analysis, and vulnerability impact understanding.

We firmly believe that successfully pushing AI cybersecurity frontiers to decisively tilt the balance in favor of the defenders requires a strong collaboration across the cybersecurity community. This is why we are making Sec-Gemini v1 freely available to select organizations, institutions, professionals, and NGOs for research purposes.

Sec-Gemini v1 outperforms other models on key cybersecurity benchmarks as a result of its advanced integration of Google Threat Intelligence (GTI), OSV, and other key data sources. Sec-Gemini v1 outperforms other models on CTI-MCQ, a leading threat intelligence benchmark, by at least 11% (See Figure 1). It also outperforms other models by at least 10.5% on the CTI-Root Cause Mapping benchmark (See Figure 2):

Figure 1: Sec-Gemini v1 outperforms other models on the CTI-MCQ Cybersecurity Threat Intelligence benchmark.

Figure 2: Sec-Gemini v1 has outperformed other models in a Cybersecurity Threat Intelligence-Root Cause Mapping (CTI-RCM) benchmark that evaluates an LLM's ability to understand the nuances of vulnerability descriptions, identify vulnerabilities underlying root causes, and accurately classify them according to the CWE taxonomy.

Below is an example of the comprehensiveness of Sec-Gemini v1’s answers in response to key cybersecurity questions. First, Sec-Gemini v1 is able to determine that Salt Typhoon is a threat actor (not all models do) and provides a comprehensive description of that threat actor, thanks to its deep integration with Mandiant Threat intelligence data.

Next, in response to a question about the vulnerabilities in the Salt Typhoon description, Sec-Gemini v1 outputs not only vulnerability details (thanks to its integration with OSV data, the open-source vulnerabilities database operated by Google), but also contextualizes the vulnerabilities with respect to threat actors (using Mandiant data). With Sec-Gemini v1, analysts can understand the risk and threat profile associated with specific vulnerabilities faster.

If you are interested in collaborating with us on advancing the AI cybersecurity frontier, please request early access to Sec-Gemini v1 via this form.

The tech market lost 29,000 jobs in March, even as the unemployment rate for tech-related jobs slipped 0.1% to 3.1%, according to an analysis of US Labor Department data released today.

At the same time, tech sector employment fell by 8,428 jobs last month, driven largely by job cuts in tech services and telecommunications, according to CompTIA, a non-profit IT trade association that analyzed figures from the US Bureau of Labor Statistics (BLS)

The BLS data, CompTIA said, sent conflicting signals about the IT job market as uncertainty around it “accelerated.”

“With many employers in wait-and-see mode, the jobs data is about in line with expectations for the month,” said Tim Herbert, chief research officer at CompTIA.

Overall, US job growth beat expectations, with the broader economy adding 228,000 positions. That’s nearly 100,000 more than the 135,000 economists had predicted would be added. Conversely, the federal government lost 4,000 jobs, due to reduction in force efforts by the unofficial Department of Government Efficiency (DOGE).

Victor Janulaitis, CEO of IT industry research firm Janco Associates, said DOGE’s impact is causing IT contracts to be delayed, leaving government IT professionals uncertain about their future.

The overall US unemployment rate rose slightly to 4.2% in March, just 0.1% higher than in February. Previous US job gains for January and February were revised down by a total of 48,000, with January reduced by 14,000 and February by 34,000, according to BLS data.

In the first quarter of 2025, the IT job market shrank by 34,200 jobs, according to Janulaitis. The number of unemployed IT professionals dropped slightly in March to 133,000 from 148,000 at the start of the year. “We believe that many low-skilled, legacy-skilled IT pros, or displaced IT professionals have stopped looking for jobs in the IT sector,” he said.

CompTIA said new employee job postings for tech occupations rose slightly to more than 213,000. In all, there were nearly 478,000 active tech job postings last month. Industry sectors adding the most new tech job postings included professional, scientific and technical services (52,526), administrative and support services (26,099) and manufacturing (21,975).

Software developers and engineers, tech support specialists, systems engineers and architects, and cybersecurity engineers and analysts were in highest demand, according to CompTIA’. Positions in artificial intelligence (AI) or that require AI skills accounted for 21% of all active tech job postings. And half of all tech job postings did not require a four-year academic degree.

Several industry experts saw the uptick in overall hiring and steady unemployment rates as a good omen.

Martha Heller, CEO of executive search firm Heller, called the BLS jobs report healthy, and said it reinforces “the plain truth that technology innovation (primarily AI) will drive up employment. In every sector, companies need people to realize the return on their AI investments, and while those people are often technologists, the AI employment boom will expand to include a broader range of skills.

“With the nearly certain instability that our current economic policy brings, technology and the people who can use it to navigate uncertainty will have job security for a long time,” Heller said.

Kye Mitchell, head of US tech recruiting firm Experis North America, sees AI as a boon for all businesses. “In the tech sector, our real-time data shows that businesses are addressing their AI needs by focusing on their data to be prepared to best leverage AI in this new era,” she said.

Quarter over quarter, demand for data analysis and cleansing has risen sharply, he said. For example, roles for data scientists are up 238%. Database architect positions rose 142%. And, job openings for mathematicians were up 1,272%, Mitchell said.

“Additionally, there’s a growing need for executive management, indicating businesses are relying on leadership to drive AI integration,” she said. “The impact of recent economic policy shifts on AI worker demand is still unfolding, and market uncertainty may lead to longer decision timelines and adjustments.”

Others familiar with the tech industry saw the latest jobs report as positive, including Ger Doyle, US country manager at global staffing firm ManpowerGroup. “Today’s jobs report is a welcome sign, given the negative indicators we saw leading into it. While the US labor market is proving to be resilient, there are signs of cooling that are consistent with employers navigating uncertainty.”

ManpowerGroup data shows a 2% overall decline in all job postings and a 3% drop in new job postings. While the labor market appears stable, Doyle said employers remain cautious, with the exception of healthcare and education sectors.

“Uncertainty is keeping both employers and employees from making moves, leading businesses to focus on maintaining current workforces but considering adjustments if the uncertainty persists,” he said.

Janulaitis said interviews he performed with more than 100 CFOs and CIOs revealed optimism about Trump administration, though many anticipate a mild economic downturn in mid-2025. “Unemployed IT pros found jobs faster than expected as CIOs quickly filled positions while hiring was still authorized,” he said.

`

The device fits in a syringe and melts away after use.

Scientists just unveiled the world’s tiniest pacemaker. Smaller than a grain of rice and controlled by light shone through the skin, the pacemaker generates power and squeezes the heart’s muscles after injection through a stint.

The device showed it could steadily orchestrate healthy heart rhythms in rat, dog, and human hearts in a newly published study. It’s also biocompatible and eventually broken down by the body after temporary use. Over 23 times smaller than previous bioabsorbable pacemakers, the device opens the door to minimally invasive implants that wirelessly monitor heart health after extensive surgery or other heart problems.

“The extremely small sizes of these devices enable minimally invasive implantation,” the authors, led by John Rogers at Northwestern University, wrote. Paired with a wireless controller on the skin’s surface, the system automatically detected irregular heartbeats and targeted electrical zaps to different regions of the heart.

The device could especially benefit babies who need smaller hardware to monitor their hearts. Although specifically designed for the heart, a similar setup could be adapted to manage pain, heal wounds, or potentially regenerate nerves and bones.

Achy Breaky Heart

The heart is a wonder of biomechanics.

Over a person’s lifetime, its four chambers reliably pump blood rich in oxygen and nutrients through the body. Some chambers cleanse blood of carbon dioxide—a waste product of cell metabolism—and infuse it with oxygen from the lungs. Others push nutrient-rich blood back out to rest of the body.

But like parts in a machine, heart muscles eventually wear down with age or trauma. Unlike skin cells, the heart can’t easily regenerate. Over time, its muscles become stiff, and after an injury—say, a heart attack—scar tissue replaces functional cells.

That’s a problem when it comes to keeping the heart pumping in a steady rhythm.

Each chamber contracts and releases in an intricate biological dance orchestrated by an electrical flow. Any glitches in these signals can cause heart muscles to squeeze chaotically, too rapidly or completely off beat. Deadly problems, such as atrial fibrillation, can result. Even worse, blood can pool inside individual chambers and increase the risk of blood clots. If these are dislodged, they could travel to the brain and trigger a stroke.

Risks are especially high after heart surgery. To lower the chances of complications, surgeons often implant temporary pacemakers for days or weeks as the organ recovers.

These devices are usually made up of two components.

The first of these is a system that detects and generates electrical zaps. It generally requires a power supply and control units to fine-tune the stimulation. The other bit “is kinda the business end” study author John Rogers told Nature. This part delivers electrical pulses to the heart muscles, directing them to contract or relax.

The setup is a wiring nightmare, with wires to detect heart rhythm threading through the skin. “You have wires designed to monitor cardiac function, but it becomes a somewhat clumsy collection of hardware that’s cumbersome for the patient,” said Rogers.

These temporary pacemakers are “essential life-saving technologies,” wrote the team. But most devices need open-heart surgery to implant and remove, which increases the risk of infection and additional damage to an already fragile organ. The procedure is especially difficult for babies or younger patients because they’re so small and grow faster.

Heart surgeons inspired the project with their vision of a “fully implantable, wirelessly controlled temporary pacemaker that would just melt away inside the body after it’s no longer needed,” said Rogers.

A Steady Beat

An ideal pacemaker should be small, biocompatible, and easily controllable. Easy delivery and multiplexing—that is, having multiple units to control heartbeat—are a bonus.

The new device delivers.

It’s made of biocompatible material that’s eventually broken down and dispelled by the body without the need for surgical removal. It has two small pieces of metal somewhat similar to the terminals of a battery. Normally, the implant doesn’t conduct electricity. But once implanted, natural fluids from heart cells form a liquid “bridge” that completes the electrical circuit when activated, transforming the device into both a self-powered battery and a generator to stimulate heart muscles. A Bluetooth module connects the implant with a soft “receiver” patch on the skin to wirelessly capture electrical signals from the heart for analysis.

Controlling the heart’s rhythm took more engineering. Each heart chamber needs to pump in a coordinated sequence for blood to properly flow. Here, the team used an infrared light switch to turn the implant on and off. This wavelength of light can penetrate skin, muscle, and bone, making it a powerful way to precisely control organs or tools that operate on electrical signals.

Although jam-packed with hardware, the final implant is roughly the size of a sesame seed. It’s “more than 23 times smaller than any bioresorbable alternative,” wrote the team.

Flashing infrared LED lights placed on the skin above the pacemaker turn the device on. Different infrared frequencies pace the heartbeat.

The team first tested their device in isolated pig and donated human hearts. After it was implanted by injection through a stint, the device worked reliably in multiple heart chambers, delivering the same amount of stimulation as a standard pacemaker.

They also tested the device in hound dogs, whose hearts are similar in shape, size, and electrical workings to ours. A tiny cut was enough to implant and position multiple pacemakers at different locations on the heart, where they could be controlled individually. The team used light to fine-tune heart rate and rhythm, changing the contraction of two heart chambers to pump and release blood in a natural beat.

“Because the devices are so small, you can pace the heart in very sophisticated ways that rely not just on a single pacemaker, but a multiplicity of them,” said Rogers. “[This] offers a greater control over the cardiac cycle than would be possible with a single pacemaker.”

Device Sprinkles

The team envisions that the finished device will be relatively off-the-shelf. Put together, a sensor monitors problematic heart rhythms from the skin’s surface, restores normal activity with light pulses, and includes an interface to visualize the process for users. The materials are safe for the human body—some are even recommended as part of a daily diet or added to vitamin supplements—and components largely dissolve after 9 to 12 months.

The devices aren’t specifically designed for the heart. They could also stimulate nerve and bone regeneration, heal wounds, or manage pain through electrical stimulation. “You could sprinkle them around…do a dozen of these things…each one controlled by a different wavelength [of light],” said Rogers.

The post World’s Tiniest Pacemaker Is Smaller Than a Grain of Rice appeared first on SingularityHub.

​Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. [...]

Posted by Mihai Maruseac, Google Open Source Security Team (GOSST)

In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library. Using digital signatures like those from Sigstore, we allow users to verify that the model used by the application is exactly the model that was created by the developers. In this blog post we will illustrate why this release is important from Google’s point of view.

With the advent of LLMs, the ML field has entered an era of rapid evolution. We have seen remarkable progress leading to weekly launches of various applications which incorporate ML models to perform tasks ranging from customer support, software development, and even performing security critical tasks.

However, this has also opened the door to a new wave of security threats. Model and data poisoning, prompt injection, prompt leaking and prompt evasion are just a few of the risks that have recently been in the news. Garnering less attention are the risks around the ML supply chain process: since models are an uninspectable collection of weights (sometimes also with arbitrary code), an attacker can tamper with them and achieve significant impact to those using the models. Users, developers, and practitioners need to examine an important question during their risk assessment process: “can I trust this model?”

Since its launch, Google’s Secure AI Framework (SAIF) has created guidance and technical solutions for creating AI applications that users can trust. A first step in achieving trust in the model is to permit users to verify its integrity and provenance, to prevent tampering across all processes from training to usage, via cryptographic signing. 

The ML supply chain

To understand the need for the model signing project, let’s look at the way ML powered applications are developed, with an eye to where malicious tampering can occur.

Applications that use advanced AI models are typically developed in at least three different stages. First, a large foundation model is trained on large datasets. Next, a separate ML team finetunes the model to make it achieve good performance on application specific tasks. Finally,  this fine-tuned model is embedded into an application.

The three steps involved in building an application that uses large language models.

These three stages are usually handled by different teams, and potentially even different companies, since each stage requires specialized expertise. To make models available from one stage to the next, practitioners leverage model hubs, which are repositories for storing models. Kaggle and HuggingFace are popular open source options, although internal model hubs could also be used.

This separation into stages creates multiple opportunities where a malicious user (or external threat actor who has compromised the internal infrastructure) could tamper with the model. This could range from just a slight alteration of the model weights that control model behavior, to injecting architectural backdoors — completely new model behaviors and capabilities that could be triggered only on specific inputs. It is also possible to exploit the serialization format and inject arbitrary code execution in the model as saved on disk — our whitepaper on AI supply chain integrity goes into more details on how popular model serialization libraries could be exploited. The following diagram summarizes the risks across the ML supply chain for developing a single model, as discussed in the whitepaper.

The supply chain diagram for building a single model, illustrating some supply chain risks (oval labels) and where model signing can defend against them (check marks)

The diagram shows several places where the model could be compromised. Most of these could be prevented by signing the model during training and verifying integrity before any usage, in every step: the signature would have to be verified when the model gets uploaded to a model hub, when the model gets selected to be deployed into an application (embedded or via remote APIs) and when the model is used as an intermediary during another training run. Assuming the training infrastructure is trustworthy and not compromised, this approach guarantees that each model user can trust the model.

Sigstore for ML models

Signing models is inspired by code signing, a critical step in traditional software development. A signed binary artifact helps users identify its producer and prevents tampering after publication. The average developer, however, would not want to manage keys and rotate them on compromise.

These challenges are addressed by using Sigstore, a collection of tools and services that make code signing secure and easy. By binding an OpenID Connect token to a workload or developer identity, Sigstore alleviates the need to manage or rotate long-lived secrets. Furthermore, signing is made transparent so signatures over malicious artifacts could be audited in a public transparency log, by anyone. This ensures that split-view attacks are not possible, so any user would get the exact same model. These features are why we recommend Sigstore’s signing mechanism as the default approach for signing ML models.

Today the OSS community is releasing the v1.0 stable version of our model signing library as a Python package supporting Sigstore and traditional signing methods. This model signing library is specialized to handle the sheer scale of ML models (which are usually much larger than traditional software components), and handles signing models represented as a directory tree. The package provides CLI utilities so that users can sign and verify model signatures for individual models. The package can also be used as a library which we plan to incorporate directly into model hub upload flows as well as into ML frameworks.

Future goals

We can view model signing as establishing the foundation of trust in the ML ecosystem. We envision extending this approach to also include datasets and other ML-related artifacts. Then, we plan to build on top of signatures, towards fully tamper-proof metadata records, that can be read by both humans and machines. This has the potential to automate a significant fraction of the work needed to perform incident response in case of a compromise in the ML world. In an ideal world, an ML developer would not need to perform any code changes to the training code, while the framework itself would handle model signing and verification in a transparent manner.

If you are interested in the future of this project, join the OpenSSF meetings attached to the project. To shape the future of building tamper-proof ML, join the Coalition for Secure AI, where we are planning to work on building the entire trust ecosystem together with the open source community. In collaboration with multiple industry partners, we are starting up a special interest group under CoSAI for defining the future of ML signing and including tamper-proof ML metadata, such as model cards and evaluation results.

A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. [...]

**Díky paměti Copilot nabídne personalizaci. **S Copilot Actions bude AI schopná rezervovat stůl online. **Funkce Vision zanalyzuje obraz a popíše vám ho.

We are still within the sequence of energies described in Newton’s Third Law of Motion, “every action has an equal and opposite reaction.” In this case, Apple, already badly bruised by Trump’s tariffs and their impact on its business, will now take another kicking as nations react to those oddly calculated trade taxes. Europe is gunning for Apple’s services, while China is about to stick some of the world’s rarest components behind its own trade wall. 

The third law

China, predictably, isn’t happy. Not only has it slapped a reciprocal 34% tariff against US goods, but it also introduced export restrictions on rare earth materials — this will have a direct and significant impact on tech, as these are used in almost every electronic device.

That includes Macs and PCs, smartphones and tablets, as well as weapons systems, energy-generation tech, and electric cars. China produces around 90% of the world’s refined rare earths and the new export restrictions are being applied against exports to all countries. The exports haven’t been banned, but the latest move does give Beijing the strategic power to restrict them or even turn them off. (Not all is lost, of course. Other nations also have some of these materials, including Canada, for example).

France, meanwhile, is warning that the EU’s second line response to these tariffs will be aimed at digital services, such as those provided by all the Big Tech firms — Amazon, Apple, Google, Meta, and Microsoft.

This is also a strategic approach, given that services are popular across the region and have already emerged as the bulwark against the recession those firms all knew was coming but never called out, preferring socialism for the rich. (And given Apple’s really under pressure in the EU, at what point will the US decide to relent in some fields to give its big tax revenue generator a break?)

Also, in the run up to this chapter, don’t be too surprised if Apple — and other companies selling products into the US — imported bigly piles of hardware to meet short-term demand. 

Tactical silence

Don’t expect to hear much from Apple’s leadership quite yet. Execs recognize that the sensible approach is to stay under water until others throw their own responding stones into the pool as the rocks of Trump’s tariff troubles ripple across an angry world trade pond.

They may have gamed out a whole range of potential scenarios, but must now wait to see what’s left after the storm. It’s only after both action and reaction have had time to play out that defensive plans can be put into effect.

I don’t imagine they feel particularly optimistic in the medium term. Investment bank JP Morgan now sees a 60% chance of global economic recession this year, up from a still uninspiring 40% before. A recession would further deepen the damage to consumer confidence, and no doubt cut tithes from product sales across every category, not just iPhones. But America’s biggest company will be especially impacted, and given it already supports 2.9 million US jobs, what’s good for Apple is good for America. 

As is what’s bad.

Battle of the bean counters

While the extent of the tariffs and the unpredictable nature of reactions to them makes the future hard to see, Apple’s leadership is shrewd. They’ll have read The Art of War enough times to understand the need to preserve what resources they do possess and use what defensive opportunities they can exploit.

Look at it this way: every company involved in hardware production rationally knows that the cost of repatriating production to the US would be trillions of dollars, and would take years, even if there were enough skilled workers to handle all that.

With trillions at stake, what do they do? Backstage, anticipate political maneuvering, lobbying, and a chance for a cohort of people not usually celebrated too much at Apple to shine. I’m talking about lawyers, accountants, tax experts, PR types, and corporate staff.

This really is their time.

Way I see it, just as product design saved Apple in the late ’90s with a message that echoed the zeitgeist then, tactical use of obscure tax and territorial law has now become equally important to the future of Apple and any other multinational company exposed to risk. In terms of profit and revenue, this is the time when the back room professionals must save the day. Defend. Delay. Navigate. Obfuscate. Be ready to innovate. Your shareholders are counting on you.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

On April 4, 1975, two childhood friends, Paul Allen and Bill Gates, started what is today one of the world’s leading technology companies. Inspired by the January cover of Popular Electronics magazine, they created Microsoft (then Micro-Soft, referring to microprocessors and software) to develop software for the Altair 8800, one of the first personal computers on the market.

Half a century later, and after establishing its operations center in Redmond, Washington, in 1986, the company has diversified its activity, from Windows operating systems to the cloud and the video game industry, reaching a present dominated by artificial intelligence (AI).

In the stock market — where it listed in March 1986 — it has always occupied the top positions on the Nasdaq, where it is known as one of “the magnificent seven” along with other major players in the digital landscape.

Throughout these five decades it has only had three global CEOs: Bill Gates himself, Steve Ballmer and Satya Nadella, in an industry accustomed to the constant dance of names. But in that time it has acquired and merged with hundreds of companies, including Hotmail, Nokia’s mobile devices division, and more recently Skype, GitHub, Linkedin and Activision Blizzard, the latter, related to gaming, being the most expensive at $68.7 billion.

But let’s look back to some of the earliest milestones in the development of the organization. In 1980, Gates and Allen signed an agreement to provide an operating system for IBM’s first personal computer. After presenting its MS-DOS PC in 1981, Windows came along in 1985 and, by the end of the decade, it was already the most recognized software brand on the planet. The first version of Microsoft Office arrived around that time, the productivity suite that today, under the Microsoft 365 brand, is used by more than 1.5 billion people.

One of the first images of the Microsoft team, TAKEN shortly after its founding. In the bottom row are Bill Gates (left) and Paul Allen (right).

Microsoft

During the 1990s, Bill Gates’ vision of the potential of the World Wide Web led to the integration of the company’s products and services into the network and the creation of one of the most famous browsers in the digital world, Internet Explorer. Gates has become one of the leading gurus of the computer industry and his thinking has permeated the world through numerous lectures, public appearances and published books.

In 1995 he set out a roadmap for the IT revolution in his first major text, The Road Ahead. Of the changes to come, he told Time magazine in a 1997 interview, “People always fear change. People feared electricity when it was invented, didn’t they?” That year he created the Bill and Melinda Gates Foundation to address health and education issues of our time.

The arrival of the new century crowned a new CEO, Steve Ballmer. Gates stepped back to let the company’s first business manager continue with his strategy. Through 2013 Ballmer laid the first stones of the company’s video game business with the launch of the Xbox game console, and of the cloud with the 2008 launch of Azure. It was in 2011 that Office made the leap to the cloud with Office 365, and the company too a further step in collaboration with the purchase of the Skype video calling tool. In Ballmer’s final years in charge the Surface line of tablets emerged.

Bill Gates and Steve Ballmer during a meeting in the 1990s.

Microsoft

In 2014 comes the Satya Nadella era, characterized by a hitherto unknown acceleration of the technology industry around the planet. It stands out for the consolidation of cloud business and video games while introducing new trends, such as AI. Along the way, Windows 10, the purchase of LinkedIn, GitHub, the launch of Teams, which became the fastest growing application for the company, and the strong investment in OpenAI, the creator of ChatGPT. His great achievement, perhaps, is to take Microsoft to a market value of $3 trillion dollars by 2024 thanks to this strategy. But it was in 2015 that he turns the technology around with a new corporate mission: “To empower every person and every organization on the planet to achieve more” through IT.

Today, Nadella leads a company of 228,000 employees spread across more than 190 countries.

Supplied Art (with Permission)

Paco Salcedo, head of the company’s Spanish subsidiary, says, “The most relevant learning in these 50 years is to have gone from believing we were a company ‘that knew everything’ to wanting to become a brand that ‘wants to learn everything’. And, if we look to the future, we believe that AI can enable the next billion jobs in all parts of the economy.”

A marathon journey

Reviewing this trajectory, Foundry consultant Fernando Maldonado says the company has adapted to change. “You have to know how to rise to disruptions in time,” he said, noting the company’s entry into the cybersecurity sector under the premise that “without protection there is nothing” when hardly anyone understood this need. Also, the company’s switch to embrace open source, even before its acquisition of GitHub. “At the beginning, open source was the enemy and, today, we can say that it also knew how to adapt. […] A lot of its software is already open source.”

“All this gives you an idea that it has always been able to react in time to macro-trends,” Maldonado said. Although, he added, the company has taken several hits, inevitable for a company that has been around for half a century, such as the flop of the Bing search engine. “If it hadn’t had any friction, we wouldn’t be talking about its achievements,” he says. “But it has worked on a very solid foundation with Office, which is the anchoring of all types of companies.”

Now, it remains to be seen how it fares in the still very young world of AI, with the billion-dollar investments it is making, although there is some slowdown in terms of data centers. In any case, says the analyst, “it is also making a very strong bet on the future”.

Nadella’s reflection regarding Microsoft’s anniversary is in line with the expert’s analysis: “I’ve found myself reflecting on how Microsoft has remained a consequential company decade after decade in an industry with no franchise value. And I realize that it’s because -time and time again, when tech paradigms have shifted- we have seized the opportunity to reinvent ourselves to stay relevant to our customers, our partners and our employees. And that’s what we are doing again today,” he said.

Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts. [...]

Možná nejslavnější videohra světa své filmové adaptaci dlouho unikala, kostičkový svět Minecraftu cílený na nekonečnou kreativitu ostatně nepřekypuje dějotvornými motivy, které mohly vytáhnout trn z paty studiu Warner Bros. Právě s takovým posláním ale do světových kin vstupuje šílený Minecraft ...