Agregátor RSS

Microsoft broke European Union competition law by bundling Teams with other Office 365 applications, the European Commission said in a preliminary finding published Tuesday. If Microsoft fails to defend itself, the company could face billions of dollars in fines and other penalties.

The EU’s antitrust regulator said it had sent Microsoft a statement of objections outlining its finding that the company had given its Teams communications service an unfair advantage by bundling it with subscriptions to Office 365 and Microsoft 365, the suite of software-as-a-service applications that also includes Word, Excel, and PowerPoint.

Teams enables workforce collaboration via video and chat and surged in popularity during the Covid-19 pandemic, reaching over 300 million global users in 2023.

“The Commission preliminarily finds that Microsoft is dominant worldwidein the market for SaaS productivity applications for professional use,” it said in a news release posted Tuesday.

The company’s practice since at least April 2019 to tie Teams to its core SaaS productivity apps has restricted market competition for similar products as well as defended Microsoft’s own “market position in productivity software as well as its suites-centric model from competing suppliers of individual software,” the Commission concluded.

“In particular, the Commission is concerned that Microsoft may have granted Teams a distribution advantage by not giving customers the choice whether or not to acquire access to Teams when they subscribe to their SaaS productivity applications,” the Commission’s said.

Interoperability limits between competing offerings and Microsoft’s apps also bolstered Microsoft’s advantage and prevented its rivals from competing, and in turn innovating, to the detriment of customers in the European Economic Area, the Commission said, referring to the 27 EU countries plus Iceland, Norway and Liechtenstein.

Investigation a year in the making

The decision follows a nearly year-long investigation that started last July and was sparked by a July 2020 competition complaint against the software giant by then enterprise messaging application Slack, which has since been bought by Salesforce.

Microsoft first unbundled Teams from its Office suites in the European Economic Area and Switzerland in August 2023 to try to appease EU officials during the investigation, then extended that move worldwide in April.

Neither effort apparently did anything to dissuade the Commission from considering Microsoft in violation of competition rules, a decision that was foreshadowed when the Competition said in May that it planned to include Teams in its inivestigation of Microsoft for anticompetitive practices despite the company’s concessions.

For its part, Microsoft plans to continue to address remaining concerns the Commission has over Teams as it awaits further decisions by the Commission, such as what, if any, financial consequences the company will face.

“Having unbundled Teams and taken initial interoperability steps, we appreciate the additional clarity provided today and will work to find solutions to address the Commission’s remaining concerns,” Brad Smith, Microsoft vice chair and president, said in a statement emailed to Computerworld.

The road ahead

Microsoft now gets a chance to present its defense. However, if it’s unable to sway the Commission from its preliminary decision, it could be forced to pay a fine of up to 10% of its annual worldwide revenue under EU law, and the Commission may also impose remedies to end the infringement.

“This EU chargesheet proves what was feared: Microsoft didn’t do enough to provide a level playing field to the Team’s competitors,” noted Pareekh Jain, CEO of EIIRTrend & Pareekh Consulting.

It now has its work cut out for it to unbundle Teams and create interoperability for competitors’ software to avoid penalties and damages, Jain noted.

It’s about a decade since EU regulators last levelled anti-trust charges against Microsoft: Its failure to offer Windows 7 users a choice of browser drew a €561 million (then about $731 million) fine.

To date, Microsoft has racked up around €2.2 billion ($2.4 billion) in fines for tying or bundling products together in a way that was deemed anti-competitive by EU regulators.

Kosmické závody studené války byly do značné míry převlečený vojenský souboj. Zbraně ve vesmíru se sice snaží zakazovat mezinárodní smlouvy, ale k jistým testům přece jen došlo. Sověti vynesli na oběžnou dráhu vesmírnou stanici s dělem. A skutečně z něj vystřelili. Od startu Saljutu 3 je to 25. ...

Motorola představuje dvojici véčkových smartphonů • Razr 50 a Razr 50 Ultra mají opravdu velké vnější displeje • Štíhlé telefony mají dobrou výbavu a podporují AI

The rush to build global cloud infrastructure to support artificial intelligence (AI) has turned Nvidia into a top three tech stock and will likely nurture innovation in processor design and energy creation — but Apple may need to serve itself.

Apple needs to bring more for less

The IEA says global electricity demand to drive data centers will more than double by 2026. That’s even as consumption of AI services such as OpenAI spikes when devices (including new iPhones) gain easy access to them.

To satisfy demand, tech firms must tweak more computational performance and additional energy efficiency from the chips they put inside both servers and edge devices. But this push for efficiency and low power reflects what Apple has been trying to do with its own silicon development for years. Apple Silicon chips were way ahead of the wider industry on both metrics (at least for consumer devices) long before generative AI (genAI) climbed through the Overton Window. 

While attention on server processors rests with Nvidia, the M4 processor inside the iPad Pro could be seen as harbinger of what is to come. At 38 trillion operations per second, we know it has the fastest Neural Engine you can get. Ever modest, Apple has described the M4 iPad as the best AI PC money can buy, and those same processors are also coming to servers.

Apple is now in the server market

The company’s Private Cloud Compute (PCC) system consists of proprietary Apple servers running Apple Silicon chips to provide responses to Apple Intelligence queries.  

While these are only being situated in US data centers at this time (as that’s the only place Apple Intelligence will be made available on launch), it’s easy to expect the company will deploy these highly secure systems globally *except in the EU in the coming months. 

It must. As Apple Intelligence launches globally, Apple will find itself needing to ramp up its international server infrastructure to meet the demands for AI its billion or so customers might make. 

But one data center at a time, server by server, Apple is already in the server market. Motivated by privacy, these Apple servers also meet wider industry needs around energy consumption and performance requirements.

It makes sense for Apple to expand this provision, perhaps even to offer highly secure, low energy server services to enterprise users, but it’s more likely to drive its streaming services while lowering energy consumption.

There’s another chip coming

It is worth noting that Apple hasn’t yet hit a performance ceiling. Very likely to be tumbling off production lines right now, the next iPhone chip is expected to be a 3nm processor. This might deliver even faster Neural Engine performance than you get inside the M4, which means the next iPhone will be capable of handling even bigger calculations at higher speeds for less energy than Apple’s best available current chip delivers now. Apple also has a road map toward 2nm chips, which will maintain that pattern of performance and energy efficiency.

All of this means the company already has a road map toward processor performance that it can now apply to the server market it abandoned in 2011, when it discontinued the Xserve. 

This is true corporate social responsibility

Apple already knows it isn’t good enough to just put high-performance chips inside servers and edge devices if they consume vast quantities of energy. To mitigate this, the company has already invested hundreds of millions of dollars in reducing energy consumption across its entire ecosystem, including major investments in renewable energy supply. It will not turn back time.

With that in mind, it will want to widen its ecosystem of low power, high performance iCloud servers, and when doing so it makes sense for it adopt those servers across its other online services over time. After all, if it can build servers and services that can be delivered at lower energy requirements without compromise on performance, why wouldn’t it do so?

For Apple, adoption of these may be an easy win in terms of its environmental performance data. But at what point will these systems become a service offering in their own right? What value could they unlock for the company?

However the eventual story ends, it’s interesting that by focusing on energy efficiency and computational performance for iPhone chips (and the PA Semi purchase), Apple put itself in a good position to meet the then-unseen challenges of server-based AI — and the space between the lines suggests we’re not near the end of that particular story just yet….

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Tyto filmy a seriály jsou na českém Amazon Prime nejoblíbenější. Nerozlišujeme žánr, stáří ani hodnocení na filmových webech. Jde o souhrnnou oblíbenost, kterou zjišťuje web FlixPatrol.

ByteDance, čínská společnost, která vlastní sociální síť TikTok, začala vyvíjet vlastní pokročilé procesory pro umělou inteligenci. S odkazem na dva zdroje z výrobního prostředí o tom informovala agentura Reuters. ByteDance čipy vyvíjí ve spolupráci s americkým Broadcomem, samotnou výrobu by měl ...

Nedávno představená služba Raspberry Pi Connect pro vzdálený přístup k Raspberry Pi z webového prohlížeče nově podporuje všechny Raspberry Pi a umožňuje povolit pouze vzdálený shell (Connect Lite). Detaily v dokumentaci.

Apple si patentoval vyměnitelné kryty pro iPhony... •...které by měly specifickou funkci ve stylu Moto Mods. • Díky blížící se regulaci EU to zase nemusí být až takový nesmysl...

During her chemistry Nobel Prize lecture in 2018, Frances Arnold said, “Today we can for all practical purposes read, write, and edit any sequence of DNA, but we cannot compose it.”

That isn’t true anymore.

Since then, science and technology have progressed so much that artificial intelligence has learned to compose DNA, and with genetically modified bacteria, scientists are on their way to designing and making bespoke proteins.

The goal is that with AI’s design talents and gene editing’s engineering abilities, scientists can modify bacteria to act as mini-factories producing new proteins that can reduce greenhouse gases, digest plastics, or act as species-specific pesticides.

As a chemistry professor and computational chemist who studies molecular science and environmental chemistry, I believe that advances in AI and gene editing make this a realistic possibility.

Gene Sequencing: Reading Life’s Recipes

All living things contain genetic materials—DNA and RNA—that provide the hereditary information needed to replicate themselves and make proteins. Proteins constitute 75 percent of human dry weight. They make up muscles, enzymes, hormones, blood, hair, and cartilage. Understanding proteins means understanding much of biology. The order of nucleotide bases in DNA, or RNA in some viruses, encodes this information, and genomic sequencing technologies identify the order of these bases.

The Human Genome Project was an international effort that sequenced the entire human genome between 1990 to 2003. Thanks to rapidly improving technologies, it took seven years to sequence the first 1 percent of the genome and another seven years for the remaining 99 percent. By 2003, scientists had the complete sequence of 3 billion nucleotide base pairs coding for the 20,000 to 25,000 genes in the human genome.

However, understanding the functions of most proteins and correcting their malfunctions remained a challenge.

AI Learns Proteins

Each protein’s shape is critical to its function and is determined by the sequence of its amino acids, which is in turn determined by the gene’s nucleotide sequence. Misfolded proteins have the wrong shape and can cause illnesses such as neurodegenerative diseases, cystic fibrosis, and Type 2 diabetes. Understanding these diseases and developing treatments requires knowledge of protein shapes.

Before 2016, the only way to determine the shape of a protein was through X-ray crystallography, a laboratory technique that uses the diffraction of X-rays by single crystals to determine the precise arrangement of atoms and molecules in three dimensions in a molecule. At that time, the structure of about 200,000 proteins had been determined by crystallography, costing billions of dollars.

AlphaFold, a machine learning program, used these crystal structures as a training set to determine the shape of the proteins from their nucleotide sequences. And in less than a year, the program calculated the protein structures of all 214 million genes that have been sequenced and published. The protein structures AlphaFold determined have all been released in a freely available database.

To effectively address noninfectious diseases and design new drugs, scientists need more detailed knowledge of how proteins, especially enzymes, bind small molecules. Enzymes are protein catalysts that enable and regulate biochemical reactions.

AlphaFold3, released May 8, 2024, can predict protein shapes and the locations where small molecules can bind to these proteins. In rational drug design, drugs are designed to bind proteins involved in a pathway related to the disease being treated. The small molecule drugs bind to the protein binding site and modulate its activity, thereby influencing the disease path. By being able to predict protein binding sites, AlphaFold3 will enhance researchers’ drug development capabilities.

AI + CRISPR = Composing New Proteins

Around 2015, the development of CRISPR technology revolutionized gene editing. CRISPR can be used to find a specific part of a gene, change or delete it, make the cell express more or less of its gene product, or even add an utterly foreign gene in its place.

In 2020, Jennifer Doudna and Emmanuelle Charpentier received the Nobel Prize in chemistry “for the development of a method (CRISPR) for genome editing.” With CRISPR, gene editing, which once took years and was species specific, costly, and laborious, can now be done in days and for a fraction of the cost.

AI and genetic engineering are advancing rapidly. What was once complicated and expensive is now routine. Looking ahead, the dream is of bespoke proteins designed and produced by a combination of machine learning and CRISPR-modified bacteria. AI would design the proteins, and bacteria altered using CRISPR would produce the proteins. Enzymes produced this way could potentially breathe in carbon dioxide and methane while exhaling organic feedstocks or break down plastics into substitutes for concrete.

I believe that these ambitions are not unrealistic, given that genetically modified organisms already account for 2 percent of the US economy in agriculture and pharmaceuticals.

Two groups have made functioning enzymes from scratch that were designed by differing AI systems. David Baker’s Institute for Protein Design at the University of Washington devised a new deep-learning-based protein design strategy it named “family-wide hallucination,” which they used to make a unique light-emitting enzyme. Meanwhile, biotech startup Profluent, has used an AI trained from the sum of all CRISPR-Cas knowledge to design new functioning genome editors.

If AI can learn to make new CRISPR systems as well as bioluminescent enzymes that work and have never been seen on Earth, there is hope that pairing CRISPR with AI can be used to design other new bespoke enzymes. Although the CRISPR-AI combination is still in its infancy, once it matures it is likely to be highly beneficial and could even help the world tackle climate change.

It’s important to remember, however, that the more powerful a technology is, the greater the risks it poses. Also, humans have not been very successful at engineering nature due to the complexity and interconnectedness of natural systems, which often leads to unintended consequences.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Image Credit: Gerd Altmann / Pixabay

Crafty crims broke in but encryption stopped any nastiness

US cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool (CSAT) portal.…

Oliver Chang, Jonathan Metzman, OSS-Fuzz and Alex Rebert, Security Engineering

The US Defense Advanced Research Projects Agency, DARPA, recently kicked off a two-year AI Cyber Challenge (AIxCC), inviting top AI and cybersecurity experts to design new AI systems to help secure major open source projects which our critical infrastructure relies upon. As AI continues to grow, it’s crucial to invest in AI tools for Defenders, and this competition will help advance technology to do so. 

Google’s OSS-Fuzz and Security Engineering teams have been excited to assist AIxCC organizers in designing their challenges and competition framework. We also playtested the competition by building a Cyber Reasoning System (CRS) tackling DARPA’s exemplar challenge. 

This blog post will share our approach to the exemplar challenge using open source technology found in Google’s OSS-Fuzz,  highlighting opportunities where AI can supercharge the platform’s ability to find and patch vulnerabilities, which we hope will inspire innovative solutions from competitors.

Leveraging OSS-Fuzz

AIxCC challenges focus on finding and fixing vulnerabilities in open source projects. OSS-Fuzz, our fuzz testing platform, has been finding vulnerabilities in open source projects as a public service for years, resulting in over 11,000 vulnerabilities found and fixed across 1200+ projects. OSS-Fuzz is free, open source, and its projects and infrastructure are shaped very similarly to AIxCC challenges. Competitors can easily reuse its existing toolchains, fuzzing engines, and sanitizers on AIxCC projects. Our baseline Cyber Reasoning System (CRS) mainly leverages non-AI techniques and has some limitations. We highlight these as opportunities for competitors to explore how AI can advance the state of the art in fuzz testing.

Fuzzing the AIxCC challenges

For userspace Java and C/C++ challenges, fuzzing with engines such as libFuzzer, AFL(++), and Jazzer is straightforward because they use the same interface as OSS-Fuzz.

Fuzzing the kernel is trickier, so we considered two options:

• Syzkaller, an unsupervised coverage guided kernel fuzzer

• A general purpose coverage guided fuzzer, such as AFL

Syzkaller has been effective at finding Linux kernel vulnerabilities, but is not suitable for AIxCC because Syzkaller generates sequences of syscalls to fuzz the whole Linux kernel, while AIxCC kernel challenges (exemplar) come with a userspace harness to exercise specific parts of the kernel. 

Instead, we chose to use AFL, which is typically used to fuzz userspace programs. To enable kernel fuzzing, we followed a similar approach to an older blog post from Cloudflare. We compiled the kernel with KCOV and KSAN instrumentation and ran it virtualized under QEMU. Then, a userspace harness acts as a fake AFL forkserver, which executes the inputs by executing the sequence of syscalls to be fuzzed. 

After every input execution, the harness read the KCOV coverage and stored it in AFL’s coverage counters via shared memory to enable coverage-guided fuzzing. The harness also checked the kernel dmesg log after every run to discover whether or not the input caused a KASAN sanitizer to trigger.

Some changes to Cloudflare’s harness were required in order for this to be pluggable with the provided kernel challenges. We needed to turn the harness into a library/wrapper that could be linked against arbitrary AIxCC kernel harnesses.

AIxCC challenges come with their own main() which takes in a file path. The main() function opens and reads this file, and passes it to the harness() function, which takes in a buffer and size representing the input. We made our wrapper work by wrapping the main() during compilation via $CC -Wl,--wrap=main harness.c harness_wrapper.a  

The wrapper starts by setting up KCOV, the AFL forkserver, and shared memory. The wrapper also reads the input from stdin (which is what AFL expects by default) and passes it to the harness() function in the challenge harness. 

Because AIxCC's harnesses aren't within our control and may misbehave, we had to be careful with memory or FD leaks within the challenge harness. Indeed, the provided harness has various FD leaks, which means that fuzzing it will very quickly become useless as the FD limit is reached.

To address this, we could either:

• Forcibly close FDs created during the running of harness by checking for newly created FDs via /proc/self/fd before and after the execution of the harness, or

• Just fork the userspace harness by actually forking in the forkserver. 

The first approach worked for us. The latter is likely most reliable, but may worsen performance.

All of these efforts enabled afl-fuzz to fuzz the Linux exemplar, but the vulnerability cannot be easily found even after hours of fuzzing, unless provided with seed inputs close to the solution.

Improving fuzzing with AI

This limitation of fuzzing highlights a potential area for competitors to explore AI’s capabilities. The input format being complicated, combined with slow execution speeds make the exact reproducer hard to discover. Using AI could unlock the ability for fuzzing to find this vulnerability quickly—for example, by asking an LLM to generate seed inputs (or a script to generate them) close to expected input format based on the harness source code. Competitors might find inspiration in some interesting experiments done by Brendan Dolan-Gavitt from NYU, which show promise for this idea.

Another approach: static analysis

One alternative to fuzzing to find vulnerabilities is to use static analysis. Static analysis traditionally has challenges with generating high amounts of false positives, as well as difficulties in proving exploitability and reachability of issues it points out. LLMs could help dramatically improve bug finding capabilities by augmenting traditional static analysis techniques with increased accuracy and analysis capabilities.

Proof of understanding (PoU)Once fuzzing finds a reproducer, we can produce key evidence required for the PoU:

1. The culprit commit, which can be found from git history bisection.

2. The expected sanitizer, which can be found by running the reproducer to get the crash and parsing the resulting stacktrace.

Next step: “patching” via delta debugging

Once the culprit commit has been identified, one obvious way to “patch” the vulnerability is to just revert this commit. However, the commit may include legitimate changes that are necessary for functionality tests to pass. To ensure functionality doesn’t break, we could apply delta debugging: we progressively try to include/exclude different parts of the culprit commit until both the vulnerability no longer triggers, yet all functionality tests still pass.

This is a rather brute force approach to “patching.” There is no comprehension of the code being patched and it will likely not work for more complicated patches that include subtle changes required to fix the vulnerability without breaking functionality. 

Improving patching with AI

These limitations highlight a second area for competitors to apply AI’s capabilities. One approach might be to use an LLM to suggest patches. A 2024 whitepaper from Google walks through one way to build an LLM-based automated patching pipeline.

Competitors will need to address the following challenges:

• Validating the patches by running crashes and tests to ensure the crash was prevented and the functionality was not impacted

• Narrowing prompts to include only the functions present in the crashing stack trace, to fit prompt limitations

• Building a validation step to filter out invalid patches

Using an LLM agent is likely another promising approach, where competitors could combine an LLM’s generation capabilities with the ability to compile and receive debug test failures or stacktraces iteratively.

Advancing security for everyoneCollaboration is essential to harness the power of AI as a widespread tool for defenders. As advancements emerge, we’ll integrate them into OSS-Fuzz, meaning that the outcomes from AIxCC will directly improve security for the open source ecosystem. We’re looking forward to the innovative solutions that result from this competition!

Coros před pár lety vtrhnul do světa chytrých hodinek a pořádně zatopil zavedeným hráčům. Teď něco podobného zkouší s cyklopočítači. První pokus se jmenuje Coros Dura, má zajímavé parametry (zejména energetický management), ale také řadu praktických nevýhod a dětských nemocí. Vlastní ...

Attacking the NHS is a very bad move

UK and US cops have reportedly joined forces to find and fight Qilin, the ransomware gang wreaking havoc on the global healthcare industry.…

Apple na WWDC představil několik užitečných AI pro běžné uživatele, má ale také jednu zaměřenou na vývojáře. Do prostředí Xcode 16 zamířila funkce predictive code completion, našeptávač zdrojových kódů podobný GitHub Copilotu, který je dostupný ve Visual Studio Code od Microsoftu. Jenže zatímco ...

Přišel s nimi před lety Messenger, ale podporují je i další aplikace • Tzv. bubliny si zapnete i v aplikaci Google Zprávy na Androidu • Funkce je sice trochu schovaná, ale snadno ji zapnete

Seznam dělá každé úterý odstávku svého datacentra a simuluje tak správnost jejich HA řešení. Dnes se ovšem něco pokazilo a má kompletní výpadek. Nejdou webové služby, mapy apod. Kdo by rád věděl něco více o tom, na čem Seznam běží, tak nelze nepřipomenout LinuxDays 2023: Podvozek Seznamu - od cloudu až po Datacentrum (Michal Toužín, Miroslav Bezdička).

Menší černé díry splývají a tím vznikají větší černé díry • Jak ukazují výsledky výzkumu z nedávné doby, černé díry mohou procházet celou řadou takových splynutí • Tím vznikají stále větší a větší gravitační monstra

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact ("sccm-updater.msc") that was uploaded to the VirusTotal malware

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact ("sccm-updater.msc") that was uploaded to the VirusTotal malware Newsroomhttp://www.blogger.com/profile/[email protected]