Technology

• House, Senate leaders nearing deal on landmark online privacy bill
• Marissa Mayer's eternal Sunshine
• Elon Musk says Tesla will unveil its robotaxi on Aug. 8; shares pop
• Amazon's Grocery Stores to Drop Just Walk Out Checkout Tech
• X's 'complimentary' Premium push gives people blue checks they didn't ask for
• President Biden is now posting into the fediverse
• Yahoo is acquiring Artifact to bring its AI features to Yahoo News
• MrBeast calls for slowing down video editing styles
• A TikTok Whistleblower Got DC's Attention. Do His Claims Add Up?
• Price of zero-day exploits rises as companies harden products against hackers
• App Store guidelines now allow game emulators; more
• How Tech Giants Cut Corners to Harvest Data for A.I.
• Google Pledges to Destroy Browsing Data to Settle 'Incognito' Lawsuit
• SF Giants using facial recognition tech to fast-track ticket line
• Apple (AAPL) Explores Home Robots After Abandoning Car Efforts

Host: Leo Laporte

Guests: Mikah Sargent, Lisa Schmeiser, and Harry McCracken

Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

Sponsors:

• kolide.com/twit
• bitwarden.com/twit
• robinhood.com/boost
• zscaler.com/zerotrustAI
• mylio.com/TWIT25

The Eclipse Foundation announced that it is partnering with the Apache Software Foundation and other open source foundations to establish common specifications for secure software development based on existing open source best practices.

In an April 2 blog post, Eclipse said that the goal of the initiative was to meet the challenges of cybersecurity in the open source ecosystem and demonstrate cooperation with the European Union’s Cyber Resilience Act (CRA). Participants include Apache, Eclipse, the Rust Foundation, the PHP Foundation, the Blender Foundation, the OpenSSL Software Foundation, and the Python Software Foundation.

To read this article in full, please click here

Microsoft has updated its Azure AI Search service to increase storage capacity and vector index size at no additional cost, a move it said will make it more economical for enterprises to run generative AI-based applications.

Formerly known as Azure Cognitive Search, the Azure AI Search service connects external data stores containing un-indexed data with an application that sends queries or requests to a search index. It consists of three components—a query engine, indexes, and the indexing engine—and is mostly used in retrieving information to enhance the performance of generative AI, a process known as retrieval-augmented generation (RAG).

To read this article in full, please click here

Cohere has unveiled its latest large language model (LLM), Command R+, which is engineered to enhance enterprise workflows and applications. 

The company said the new model is its most advanced and scalable LLM yet. Building on the foundations of the earlier Command R model, Command R+ boosts performance for various enterprise tasks, including data categorization and workflow automation, the company said.

Although Cohere said in March that it would train and deploy its models on Oracle Cloud Infrastructure (OCI) under its partnership with Oracle, it has chosen to make Command R+ available first on Microsoft Azure. The software is set to launch on OCI shortly, with plans to expand to more cloud platforms in the upcoming weeks, said Cohere spokesman Kyle Lastovica. It’s already available through Cohere’s own hosted API.

To read this article in full, please click here

The latest data from the IDC Worldwide Quarterly Enterprise Infrastructure Tracker paints a compelling picture of growth in cloud infrastructure sales on demand. The fourth quarter of 2023 saw an 18.5% year-over-year increase in spending on compute and storage infrastructure for cloud deployments. It is a significant shift in the technological landscape, where AI is now front and center in the push to find cloud infrastructure to run it.

The spending surge indicates shifting budgets; a contrasting trend is the decline in the total number of units shipped. IDC says this shows a strategic move towards high-capacity, GPU-heavy servers with higher average price tags favored by hyperscalers. The idea is that these servers can do more than those driven by traditional CPU-based servers, thus, you need fewer.

To read this article in full, please click here

With the release of .NET 8, Microsoft introduced a plethora of new features and enhancements in the .NET Core and ASP.NET Core frameworks. One such feature is the SearchValues class, which marks a significant step forward in efficiently fetching data from data sets.

SearchValues is a new type introduced in .NET 8 designed to improve application performance. By using optimization techniques like vectorization and hardware acceleration, SearchValues delivers speed enhancements while seamlessly blending with .NET Core and ASP.NET Core.

In this article, we’ll explain how you can use SearchValues to improve the speed of searches in .NET Core applications.

To read this article in full, please click here

Microsoft has unveiled Visual Studio Code 1.88, also known as the March 2024 release of the company’s popular code editor. The update brings capabilities such as a test coverage API, custom editor labels, and locked scrolling.

Introduced on April 4, Visual Studio Code 1.88 can be downloaded for Windows, Linux, or Mac from the project website.

In this release, Microsoft has finalized its Test Coverage API, bringing native coverage support to VS Code. If a developer’s testing system supports it, coverage can be accessed using the new Run With Coverage button. Using test coverage requires that your VS Code extension implements the new API.

To read this article in full, please click here

JetBrains has added full-line code autocompletion to its family of IDEs (integrated development environments), powered by locally run AI models. Full line code complеtion is available for Java, Kotlin, Python, JavaScript, TypeScript, CSS, PHP, Go, and Ruby with the 2024.1 versions of the respective IDEs.

To read this article in full, please click here

A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.

The real Privnote, at privnote.com.

Launched in 2008, privnote.com employs technology that encrypts each message so that even Privnote itself cannot read its contents. And it doesn’t send or receive messages. Creating a message merely generates a link. When that link is clicked or visited, the service warns that the message will be gone forever after it is read.

Privnote’s ease-of-use and popularity among cryptocurrency enthusiasts has made it a perennial target of phishers, who erect Privnote clones that function more or less as advertised but also quietly inject their own cryptocurrency payment addresses when a note is created that contains crypto wallets.

Last month, a new user on GitHub named fory66399 lodged a complaint on the “issues” page for MetaMask, a software cryptocurrency wallet used to interact with the Ethereum blockchain. Fory66399 insisted that their website — privnote[.]co — was being wrongly flagged by MetaMask’s “eth-phishing-detect” list as malicious.

“We filed a lawsuit with a lawyer for dishonestly adding a site to the block list, damaging reputation, as well as ignoring the moderation department and ignoring answers!” fory66399 threatened. “Provide evidence or I will demand compensation!”

MetaMask’s lead product manager Taylor Monahan replied by posting several screenshots of privnote[.]co showing the site did indeed swap out any cryptocurrency addresses.

After being told where they could send a copy of their lawsuit, Fory66399 appeared to become flustered, and proceeded to mention a number of other interesting domain names:

You sent me screenshots from some other site! It’s red!!!!
The tornote.io website has a different color altogether
The privatenote,io website also has a different color! What’s wrong?????

A search at DomainTools.com for privatenote[.]io shows it has been registered to two names over as many years, including Andrey Sokol from Moscow and Alexandr Ermakov from Kiev. There is no indication these are the real names of the phishers, but the names are useful in pointing to other sites targeting Privnote since 2020.

DomainTools says other domains registered to Alexandr Ermakov include pirvnota[.]com, privatemessage[.]net, privatenote[.]io, and tornote[.]io.

A screenshot of the phishing domain privatemessage dot net.

The registration records for pirvnota[.]com at one point were updated from Andrey Sokol to “BPW” as the registrant organization, and “Tambov district” in the registrant state/province field. Searching DomainTools for domains that include both of these terms reveals pirwnote[.]com.

Other Privnote phishing domains that also phoned home to the same Internet address as pirwnote[.]com include privnode[.]com, privnate[.]com, and prevnóte[.]com. Pirwnote[.]com is currently selling security cameras made by the Chinese manufacturer Hikvision, via an Internet address based in Hong Kong.

It appears someone has gone to great lengths to make tornote[.]io seem like a legitimate website. For example, this account at Medium has authored more than a dozen blog posts in the past year singing the praises of Tornote as a secure, self-destructing messaging service. However, testing shows tornote[.]io will also replace any cryptocurrency addresses in messages with their own payment address.

These malicious note sites attract visitors by gaming search engine results to make the phishing domains appear prominently in search results for “privnote.” A search in Google for “privnote” currently returns tornote[.]io as the fifth result. Like other phishing sites tied to this network, Tornote will use the same cryptocurrency addresses for roughly 5 days, and then rotate in new payment addresses.

Tornote changed the cryptocurrency address entered into a test note to this address controlled by the phishers.

Throughout 2023, Tornote was hosted with the Russian provider DDoS-Guard, at the Internet address 186.2.163[.]216. A review of the passive DNS records tied to this address shows that apart from subdomains dedicated to tornote[.]io, the main other domain at this address was hkleaks[.]ml.

In August 2019, a slew of websites and social media channels dubbed “HKLEAKS” began doxing the identities and personal information of pro-democracy activists in Hong Kong. According to a report (PDF) from Citizen Lab, hkleaks[.]ml was the second domain that appeared as the perpetrators began to expand the list of those doxed.

HKleaks, as indexed by The Wayback Machine.

The address 186.2.163[.]216 also is home to the website rustraitor[.]info, a website erected after Russia invaded Ukraine in early 2022 that doxed Russians perceived to have helped the Ukrainian cause.

An archive.org copy of Rustraitor.

DomainTools shows there are more than 1,000 other domains whose registration records include the organization name “BPW” and “Tambov District” as the location. Virtually all of those domains were registered through one of two registrars — Hong Kong-based Nicenic and Singapore-based WebCC — and almost all appear to be phishing or pill-spam related.

In keeping with the overall theme, these phishing domains appear focused on stealing usernames and passwords to some of the cybercrime underground’s busiest shops, including Brian’s Club. What do all the phished sites have in common? They all accept payment via virtual currencies.

It appears MetaMask’s Monahan made the correct decision in forcing these phishers to tip their hand: Among the websites at that DDoS-Guard address are multiple MetaMask phishing domains, including metarrnask[.]com, meternask[.]com, and rnetamask[.]com.

How profitable are these private note phishing sites? Reviewing the four malicious cryptocurrency payment addresses that the attackers swapped into notes passed through privnote[.]co (as pictured in Monahan’s screenshot above) shows that between March 15 and March 19, 2024, those address raked in and transferred out nearly $18,000 in cryptocurrencies. And that’s just one of their phishing websites.

Database and related services provider DataStax is acquiring Logspace, creator of the open source package Langflow, for an undisclosed sum, in order to help developers build generative AI applications faster, it said Thursday.

Langflow is an open-source, web-based no-code graphical user interface (GUI) that allows developers to visually prototype LangChain flows and iterate them to develop applications faster. LangChain is a modular framework for Python and JavaScript that simplifies the development of applications that are powered by generative AI language models or LLMs.  

To read this article in full, please click here

Once you get past the chatbot hype, it’s clear that generative AI is a useful tool, providing a way of navigating applications and services using natural language. By tying our large language models (LLMs) to specific data sources, we can avoid the risks that come with using nothing but training data.

While it is possible to fine-tune an LLM on specific data, that can be expensive and time-consuming, and it can also lock you into a specific time frame. If you want accurate, timely responses, you need to use retrieval-augmented generation (RAG) to work with your data.

The neural networks that power LLMs are, at heart, sophisticated vector search engines that extrapolate the paths of semantic vectors in an n-dimensional space, where the higher the dimensionality, the more complex the model. So, if you’re going to use RAG, you need to have a vector representation of your data that can both build prompts and seed the vectors used to generate output from an LLM. That’s why it’s one of the techniques that powers Microsoft’s various Copilots.

To read this article in full, please click here

At my company, Descope, we are building a customer authentication and identity management product, meaning the end user and the developer are two sides of the same coin. Providing a great developer experience—by enabling our customers to easily add auth flows and user management to their apps—leads to a great end-user experience as the customer’s customers seamlessly and securely log in.

This kind of virtuous cycle exists at many developer-focused companies. When building a successful developer-first business, it’s critical to tie together the similarities between the customer experience and the developer experience while clearly delineating the differences.

To read this article in full, please click here

Discover why following up with past prospects could be an easy win for your MSP.

Source: Easy MSP Wins in One Email - Technibble.com

Google has introduced Jpegli, a JPEG library for image encoding. The new library is intended to be faster, more visually pleasing, and more efficient than traditional JPEGs. Proponents of the technology said it has the potential to make the Internet faster and more beautiful.

Announced April 3 and accessible from GitHub, Jpegli maintains high backward compatibility while offering enhanced capabilities and a 35% compression ratio at high-quality compression settings, Google said. Jpegli works by using new techniques to reduce noise and improve image quality. New or improved features include adaptive quantization heuristics from the JPEG XL reference implementation, improved quantization matrix selection, calculation of intermediate results, and the possibility to use more advanced colorspace.

To read this article in full, please click here

GitHub Actions, an automated CI/CD platform for GitHub, has been enhanced for enterprise customers, with capabilities including stronger security and GPU-enhanced runners for machine learning.

GitHub announced updates to its hosted runner fleet for Actions on April 2.  To strengthen security, GitHub Actions now offers Azure private networking for GitHub-hosted runners. The feature combines compute-in-the-cloud with secure access and control over network security, eliminating the overhead of maintaining infrastructure. Hosted runners for every major operating system are intended to make it easy to build and test a project, which can be run directly on a virtual machine or a container.

To read this article in full, please click here

OpenTofu’s founders had a mission. Upset by HashiCorp licensing changes in August 2023 to its popular Terraform infrastructure-as-code tool, OpenTofu set out to be the “open source successor to the MPLv2-licensed Terraform,” further promising that it “will be community-driven, impartial, layered and modular, and backward-compatible.”

Hugely promising, but extraordinarily difficult to pull off. So difficult in fact, that OpenTofu may have illegally taken HashiCorp’s code to keep pace.

To read this article in full, please click here

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “The Manipulaters,” a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities.

In May 2015, KrebsOnSecurity published a brief writeup about the brazen Manipulaters team, noting that they openly operated hundreds of web sites selling tools designed to trick people into giving up usernames and passwords, or deploying malicious software on their PCs.

Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com. “Antibot” refers to functionality that attempts to evade automated detection techniques, keeping a phish deployed as long as possible. Image: DomainTools.

The core brand of The Manipulaters has long been a shared cybercriminal identity named “Saim Raza,” who for the past decade has peddled a popular spamming and phishing service variously called “Fudtools,” “Fudpage,” “Fudsender,” “FudCo,” etc. The term “FUD” in those names stands for “Fully Un-Detectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances.

A September 2021 story here checked in on The Manipulaters, and found that Saim Raza and company were prospering under their FudCo brands, which they secretly managed from a front company called We Code Solutions.

That piece worked backwards from all of the known Saim Raza email addresses to identify Facebook profiles for multiple We Code Solutions employees, many of whom could be seen celebrating company anniversaries gathered around a giant cake with the words “FudCo” painted in icing.

Since that story ran, KrebsOnSecurity has heard from this Saim Raza identity on two occasions. The first was in the weeks following the Sept. 2021 piece, when one of Saim Raza’s known email addresses — bluebtcus@gmail.com — pleaded to have the story taken down.

“Hello, we already leave that fud etc before year,” the Saim Raza identity wrote. “Why you post us? Why you destroy our lifes? We never harm anyone. Please remove it.”

Not wishing to be manipulated by a phishing gang, KrebsOnSecurity ignored those entreaties. But on Jan. 14, 2024, KrebsOnSecurity heard from the same bluebtcus@gmail.com address, apropos of nothing.

“Please remove this article,” Sam Raza wrote, linking to the 2021 profile. “Please already my police register case on me. I already leave everything.”

Asked to elaborate on the police investigation, Saim Raza said he was freshly released from jail.

“I was there many days,” the reply explained. “Now back after bail. Now I want to start my new work.”

Exactly what that “new work” might entail, Saim Raza wouldn’t say. But a new report from researchers at DomainTools.com finds that several computers associated with The Manipulaters have been massively hacked by malicious data- and password-snarfing malware for quite some time.

DomainTools says the malware infections on Manipulaters PCs exposed “vast swaths of account-related data along with an outline of the group’s membership, operations, and position in the broader underground economy.”

“Curiously, the large subset of identified Manipulaters customers appear to be compromised by the same stealer malware,” DomainTools wrote. “All observed customer malware infections began after the initial compromise of Manipulaters PCs, which raises a number of questions regarding the origin of those infections.”

A number of questions, indeed. The core Manipulaters product these days is a spam delivery service called HeartSender, whose homepage openly advertises phishing kits targeting users of various Internet companies, including Microsoft 365, Yahoo, AOL, Intuit, iCloud and ID.me, to name a few.

A screenshot of the homepage of HeartSender 4 displays an IP address tied to fudtoolshop@gmail.com. Image: DomainTools.

HeartSender customers can interact with the subscription service via the website, but the product appears to be far more effective and user-friendly if one downloads HeartSender as a Windows executable program. Whether that HeartSender program was somehow compromised and used to infect the service’s customers is unknown.

However, DomainTools also found the hosted version of HeartSender service leaks an extraordinary amount of user information that probably is not intended to be publicly accessible. Apparently, the HeartSender web interface has several webpages that are accessible to unauthenticated users, exposing customer credentials along with support requests to HeartSender developers.

“Ironically, the Manipulaters may create more short-term risk to their own customers than law enforcement,” DomainTools wrote. “The data table “User Feedbacks” (sic) exposes what appear to be customer authentication tokens, user identifiers, and even a customer support request that exposes root-level SMTP credentials–all visible by an unauthenticated user on a Manipulaters-controlled domain. Given the risk for abuse, this domain will not be published.”

This is hardly the first time The Manipulaters have shot themselves in the foot. In 2019, The Manipulaters failed to renew their core domain name — manipulaters[.]com — the same one tied to so many of the company’s past and current business operations. That domain was quickly scooped up by Scylla Intel, a cyber intelligence firm that focuses on connecting cybercriminals to their real-life identities.

Currently, The Manipulaters seem focused on building out and supporting HeartSender, which specializes in spam and email-to-SMS spamming services.

“The Manipulaters’ newfound interest in email-to-SMS spam could be in response to the massive increase in smishing activity impersonating the USPS,” DomainTools wrote. “Proofs posted on HeartSender’s Telegram channel contain numerous references to postal service impersonation, including proving delivery of USPS-themed phishing lures and the sale of a USPS phishing kit.”

Reached via email, the Saim Raza identity declined to respond to questions about the DomainTools findings.

“First [of] all we never work on virus or compromised computer etc,” Raza replied. “If you want to write like that fake go ahead. Second I leave country already. If someone bind anything with exe file and spread on internet its not my fault.”

Asked why they left Pakistan, Saim Raza said the authorities there just wanted to shake them down.

“After your article our police put FIR on my [identity],” Saim Raza explained. “FIR” in this case stands for “First Information Report,” which is the initial complaint in the criminal justice system of Pakistan.

“They only get money from me nothing else,” Saim Raza continued. “Now some officers ask for money again again. Brother, there is no good law in Pakistan just they need money.”

Saim Raza has a history of being slippery with the truth, so who knows whether The Manipulaters and/or its leaders have in fact fled Pakistan (it may be more of an extended vacation abroad). With any luck, these guys will soon venture into a more Western-friendly, “good law” nation and receive a warm welcome by the local authorities.

Over the past decade, Rust has emerged as a language of choice for people who want to write fast, machine-native software that also has strong guarantees for memory safety.

Other languages, like C, may run fast and close to the metal, but they lack the language features to ensure program memory is allocated and disposed of properly. As noted recently by the White House Office of the National Cyber Director, these shortcomings enable software insecurities and exploits with costly real-world consequences. Languages like Rust, which put memory safety first, are getting more attention.

To read this article in full, please click here

Bun and HTMX are two of the most interesting things happening in software right now. Bun is an incredibly fast, all-in-one server-side JavaScript platform, and HTMX is an HTML extension used to create simple, powerful interfaces. In this article, we'll use these two great tools together to develop a full-stack application that uses MongoDB for data storage and Elysia as its HTTP server.

To read this article in full, please click here