Podcasts about windows os

2025 年 7 月に、Windows OS にて管理者権限の奪取が可能となる脆弱性が報告されています。

Elizabeth Figura is a Wine developer at Code Weavers. We discuss how Wine and Proton make it possible to run Windows applications on other operating systems. Related links WineHQ Proton Crossover Direct3D MoltenVK XAudio2 Mesa 3D Graphics Library Transcript You can help correct transcripts on GitHub. Intro [00:00:00] Jeremy: Today I am talking to Elizabeth Figuera. She's a wine developer at Code Weavers. And today we're gonna talk about what that is and, uh, all the work that goes into it. [00:00:09] Elizabeth: Thank you Jeremy. I'm glad to be here. What's Wine [00:00:13] Jeremy: I think the first thing we should talk about is maybe saying what Wine is because I think a lot of people aren't familiar with the project. [00:00:20] Elizabeth: So wine is a translation layer. in fact, I would say wine is a Windows emulator. That is what the name originally stood for. it re implements the entire windows. Or you say win 32 API. so that programs that make calls into the API, will then transfer that code to wine and and we allow that Windows programs to run on, things that are not windows. So Linux, Mac, os, other operating systems such as Solaris and BSD. it works not by emulating the CPU, but by re-implementing every API, basically from scratch and translating them to their equivalent or writing new code in case there is no, you know, equivalent. System Calls [00:01:06] Jeremy: I believe what you're doing is you're emulating system calls. Could you explain what those are and, and how that relates to the project? [00:01:15] Elizabeth: Yeah. so system call in general can be used, referred to a call into the operating system, to execute some functionality that's built into the operating system. often it's used in the context of talking to the kernel windows applications actually tend to talk at a much higher level, because there's so much, so much high level functionality built into Windows. When you think about, as opposed to other operating systems that we basically, we end up end implementing much higher level behavior than you would on Linux. [00:01:49] Jeremy: And can you give some examples of what some of those system calls would be and, I suppose how they may be higher level than some of the Linux ones. [00:01:57] Elizabeth: Sure. So of course you have like low level calls like interacting with a file system, you know, created file and read and write and such. you also have, uh, high level APIs who interact with a sound driver. [00:02:12] Elizabeth: There's, uh, one I was working on earlier today, called XAudio where you, actually, you know, build this bank of of sounds. It's meant to be, played in a game and then you can position them in various 3D space. And the, and the operating system in a sense will, take care of all of the math that goes into making that work. [00:02:36] Elizabeth: That's all running on your computer and. And then it'll send that audio data to the sound card once it's transformed it. So it sounds like it's coming from a certain space. a lot of other things like, you know, parsing XML is another big one. That there's a lot of things. The, there, the, the, the space is honestly huge [00:02:59] Jeremy: And yeah, I can sort of see how those might be things you might not expect to be done by the operating system. Like you gave the example of 3D audio and XML parsing and I think XML parsing in, in particular, you would've thought that that would be something that would be handled by the, the standard library of whatever language the person was writing their application as. [00:03:22] Jeremy: So that's interesting that it's built into the os. [00:03:25] Elizabeth: Yeah. Well, and languages like, see it's not, it isn't even part of the standard library. It's higher level than that. It's, you have specific libraries that are widespread but not. Codified in a standard, but in Windows you, in Windows, they are part of the operating system. And in fact, there's several different, XML parsers in the operating system. Microsoft likes to deprecate old APIs and make new ones that do the same thing very often. [00:03:53] Jeremy: And something I've heard about Windows is that they're typically very reluctant to break backwards compatibility. So you say they're deprecated, but do they typically keep all of them still in there? [00:04:04] Elizabeth: It all still It all still works. [00:04:07] Jeremy: And that's all things that wine has to implement as well to make sure that the software works as well. [00:04:14] Jeremy: Yeah. [00:04:14] Elizabeth: Yeah. And, and we also, you know, need to make it work. we also need to implement those things to make old, programs work because there is, uh, a lot of demand, at least from, at least from people using wine for making, for getting some really old programs, working from the. Early nineties even. What people run with Wine (Productivity, build systems, servers) [00:04:36] Jeremy: And that's probably a good, thing to talk about in terms of what, what are the types of software that, that people are trying to run with wine, and what operating system are they typically using? [00:04:46] Elizabeth: Oh, in terms of software, literally all kinds, any software you can imagine that runs on Windows, people will try to run it on wine. So we're talking games, office software productivity, software accounting. people will run, build systems on wine, build their, just run, uh, build their programs using, on visual studio, running on wine. people will run wine on servers, for example, like software as a service kind of things where you don't even know that it's running on wine. really super domain specific stuff. Like I've run astronomy, software, and wine. Design, computer assisted design, even hardware drivers can sometimes work unwind. There's a bit of a gray area. How games are different [00:05:29] Jeremy: Yeah, it's um, I think from. Maybe the general public, or at least from what I've seen, I think a lot of people's exposure to it is for playing games. is there something different about games versus all those other types of, productivity software and office software that, that makes supporting those different. [00:05:53] Elizabeth: Um, there's some things about it that are different. Games of course have gotten a lot of publicity lately because there's been a huge push, largely from valve, but also some other companies to get. A lot of huge, wide range of games working well under wine. And that's really panned out in the, in a way, I think, I think we've largely succeeded. [00:06:13] Elizabeth: We've made huge strides in the past several years. 5, 5, 10 years, I think. so when you talk about what makes games different, I think, one thing games tend to do is they have a very limited set of things they're working with and they often want to make things run fast, and so they're working very close to the me They're not, they're not gonna use an XML parser, for example. [00:06:44] Elizabeth: They're just gonna talk directly as, directly to the graphics driver as they can. Right. And, and probably going to do all their own sound design. You know, I did talk about that XAudio library, but a lot of games will just talk directly as, directly to the sound driver as Windows Let some, so this is a often a blessing, honestly, because it means there's less we have to implement to make them work. when you look at a lot of productivity applications, and especially, the other thing that makes some productivity applications harder is, Microsoft makes 'em, and They like to, make a library, for use in this one program like Microsoft Office and then say, well, you know, other programs might use this as well. Let's. Put it in the operating system and expose it and write an API for it and everything. And maybe some other programs use it. mostly it's just office, but it means that office relies on a lot of things from the operating system that we all have to reimplement. [00:07:44] Jeremy: Yeah, that's somewhat counterintuitive because when you think of games, you think of these really high performance things that that seem really complicated. But it sounds like from what you're saying, because they use the lower level primitives, they're actually easier in some ways to support. [00:08:01] Elizabeth: Yeah, certainly in some ways, they, yeah, they'll do things like re-implement the heap allocator because the built-in heap allocator isn't fast enough for them. That's another good example. What makes some applications hard to support (Some are hard, can't debug other people's apps) [00:08:16] Jeremy: You mentioned Microsoft's more modern, uh, office suites. I, I've noticed there's certain applications that, that aren't supported. Like, for example, I think the modern Adobe Creative Suite. What's the difference with software like that and does that also apply to the modern office suite, or is, or is that actually supported? [00:08:39] Elizabeth: Well, in one case you have, things like Microsoft using their own APIs that I mentioned with Adobe. That applies less, I suppose, but I think to some degree, I think to some degree the answer is that some applications are just hard and there's, and, and there's no way around it. And, and we can only spend so much time on a hard application. I. Debugging things. Debugging things can get very hard with wine. Let's, let me like explain that for a minute because, Because normally when you think about debugging an application, you say, oh, I'm gonna open up my debugger, pop it in, uh, break at this point, see what like all the variables are, or they're not what I expect. Or maybe wait for it to crash and then get a back trace and see where it crashed. And why you can't do that with wine, because you don't have the application, you don't have the symbols, you don't have your debugging symbols. You don't know anything about the code you're running unless you take the time to disassemble and decompile and read through it. And that's difficult every time. It's not only difficult, every time I've, I've looked at a program and been like, I really need to just. I'm gonna just try and figure out what the program is doing. [00:10:00] Elizabeth: It takes so much time and it is never worth it. And sometimes you have to, sometimes you have no other choice, but usually you end up, you ask to rely on seeing what calls it makes into the operating system and trying to guess which one of those is going wrong. Now, sometimes you'll get lucky and it'll crash in wine code, or sometimes it'll make a call into, a function that we don't implement yet, and we know, oh, we need to implement that function. But sometimes it does something, more obscure and we have to figure out, well, like all of these millions of calls it made, which one of them is, which one of them are we implementing incorrectly? So it's returning the wrong result or not doing something that it should. And, then you add onto that the. You know, all these sort of harder to debug things like memory errors that we could make. And it's, it can be very difficult and so sometimes some applications just suffer from those hard bugs. and sometimes it's also just a matter of not enough demand for something for us to spend a lot of time on it. [00:11:11] Elizabeth: Right. [00:11:14] Jeremy: Yeah, I can see how that would be really challenging because you're, like you were saying, you don't have the symbols, so you don't have the source code, so you don't know what any of this software you're supporting, how it was actually written. And you were saying that I. A lot of times, you know, there may be some behavior that's wrong or a crash, but it's not because wine crashed or there was an error in wine. [00:11:42] Jeremy: so you just know the system calls it made, but you don't know which of the system calls didn't behave the way that the application expected. [00:11:50] Elizabeth: Exactly. Test suite (Half the code is tests) [00:11:52] Jeremy: I can see how that would be really challenging. and wine runs so many different applications. I'm, I'm kind of curious how do you even track what's working and what's not as you, you change wine because if you support thousands or tens thousands of applications, you know, how do you know when you've got a, a regression or not? [00:12:15] Elizabeth: So, it's a great question. Um, probably over half of wine by like source code volume. I actually actually check what it is, but I think it's, i, I, I think it's probably over half is what we call is tests. And these tests serve two purposes. The one purpose is a regression test. And the other purpose is they're conformance tests that test, that test how, uh, an API behaves on windows and validates that we are behaving the same way. So we write all these tests, we run them on windows and you know, write the tests to check what the windows returns, and then we run 'em on wine and make sure that that matches. and we have just such a huge body of tests to make sure that, you know, we're not breaking anything. And that every, every, all the code that we, that we get into wine that looks like, wow, it's doing that really well. Nope, that's what Windows does. The test says so. So pretty much any code that we, any new code that we get, it has to have tests to validate, to, to demonstrate that it's doing the right thing. [00:13:31] Jeremy: And so rather than testing against a specific application, seeing if it works, you're making a call to a Windows system call, seeing how it responds, and then making the same call within wine and just making sure they match. [00:13:48] Elizabeth: Yes, exactly. And that is obviously, or that is a lot more, automatable, right? Because otherwise you have to manually, you know, there's all, these are all graphical applications. [00:14:02] Elizabeth: You'd have to manually do the things and make sure they work. Um, but if you write automateable tests, you can just run them all and the machine will complain at you if it fails it continuous integration. How compatibility problems appear to users [00:14:13] Jeremy: And because there's all these potential compatibility issues where maybe a certain call doesn't behave the way an application expects. What, what are the types of what that shows when someone's using software? I mean, I, I think you mentioned crashes, but I imagine there could be all sorts of other types of behavior. [00:14:37] Elizabeth: Yes, very much so. basically anything, anything you can imagine again is, is what will happen. You can have, crashes are the easy ones because you know when and where it crashed and you can work backwards from there. but you can also get, it can, it could hang, it could not render, right? Like maybe render a black screen. for, you know, for games you could very frequently have, graphical glitches where maybe some objects won't render right? Or the entire screen will be read. Who knows? in a very bad case, you could even bring down your system and we usually say that's not wine's fault. That's the graphics library's fault. 'cause they're not supposed to do that, uh, no matter what we do. But, you know, sometimes we have to work around that anyway. but yeah, there's, there's been some very strange and idiosyncratic bugs out there too. [00:15:33] Jeremy: Yeah. And like you mentioned that uh, there's so many different things that could have gone wrong that imagine's very difficult to find. Yeah. And when software runs through wine, I think, Performance is comparable to native [00:15:49] Jeremy: A lot of our listeners will probably be familiar with running things in a virtual machine, and they know that there's a big performance impact from doing that. [00:15:57] Jeremy: How does the performance of applications compare to running natively on the original Windows OS versus virtual machines? [00:16:08] Elizabeth: So. In theory. and I, I haven't actually done this recently, so I can't speak too much to that, but in theory, the idea is it's a lot faster. so there, there, is a bit of a joke acronym to wine. wine is not an emulator, even though I started out by saying wine is an emulator, and it was originally called a Windows emulator. but what this basically means is wine is not a CPU emulator. It doesn't, when you think about emulators in a general sense, they're often, they're often emulators for specific CPUs, often older ones like, you know, the Commodore emulator or an Amiga emulator. but in this case, you have software that's written for an x86 CPU. And it's running on an x86 CPU by giving it the same instructions that it's giving on windows. It's just that when it says, now call this Windows function, it calls us instead. So that all should perform exactly the same. The only performance difference at that point is that all should perform exactly the same as opposed to a, virtual machine where you have to interpret the instructions and maybe translate them to a different instruction set. The only performance difference is going to be, in the functions that we are implementing themselves and we try to, we try to implement them to perform. As well, or almost as well as windows. There's always going to be a bit of a theoretical gap because we have to translate from say, one API to another, but we try to make that as little as possible. And in some cases, the operating system we're running on is, is just better than Windows and the libraries we're using are better than Windows. [00:18:01] Elizabeth: And so our games will run faster, for example. sometimes we can, sometimes we can, do a better job than Windows at implementing something that's, that's under our purview. there there are some games that do actually run a little bit faster in wine than they do on Windows. [00:18:22] Jeremy: Yeah, that, that reminds me of how there's these uh, gaming handhelds out now, and some of the same ones, they have a, they either let you install Linux or install windows, or they just come with a pre-installed, and I believe what I've read is that oftentimes running the same game on both operating systems, running the same game on Linux, the battery life is better and sometimes even the performance is better with these handhelds. [00:18:53] Jeremy: So it's, it's really interesting that that can even be the case. [00:18:57] Elizabeth: Yeah, it's really a testament to the huge amount of work that's gone into that, both on the wine side and on the, side of the graphics team and the colonel team. And, and of course, you know, the years of, the years of, work that's gone into Linux, even before these gaming handhelds were, were even under consideration. Proton and Valve Software's role [00:19:21] Jeremy: And something. So for people who are familiar with the handhelds, like the steam deck, they may have heard of proton. Uh, I wonder if you can explain what proton is and how it relates to wine. [00:19:37] Elizabeth: Yeah. So, proton is basically, how do I describe this? So, proton is a sort of a fork, uh, although we try to avoid the term fork. It's a, we say it's a downstream distribution because we contribute back up to wine. so it is a, it is, it is a alternate distribution fork of wine. And it's also some code that basically glues wine into, an embedding application originally intended for steam, and developed for valve. it has also been used in, others, but it has also been used in other software. it, so where proton differs from wine besides the glue part is it has some, it has some extra hacks in it for bugs that are hard to fix and easy to hack around as some quick hacks for, making games work now that are like in the process of going upstream to wine and getting their code quality improved and going through review. [00:20:54] Elizabeth: But we want the game to work now, when we distribute it. So that'll, that'll go into proton immediately. And then once we have, once the patch makes it upstream, we replace it with the version of the patch from upstream. there's other things to make it interact nicely with steam and so on. And yeah, I think, yeah, I think that's, I got it. [00:21:19] Jeremy: Yeah. And I think for people who aren't familiar, steam is like this, um, I, I don't even know what you call it, like a gaming store and a [00:21:29] Elizabeth: store game distribution service. it's got a huge variety of games on it, and you just publish. And, and it's a great way for publishers to interact with their, you know, with a wider gaming community, uh, after it, just after paying a cut to valve of their profits, they can reach a lot of people that way. And because all these games are on team and, valve wants them to work well on, on their handheld, they contracted us to basically take their entire catalog, which is huge, enormous. And trying and just step by step. Fix every game and make them all work. [00:22:10] Jeremy: So, um, and I guess for people who aren't familiar Valve, uh, softwares the company that runs steam, and so it sounds like they've asked, uh, your company to, to help improve the compatibility of their catalog. [00:22:24] Elizabeth: Yes. valve contracted us and, and again, when you're talking about wine using lower level libraries, they've also contracted a lot of other people outside of wine. Basically, the entire stack has had a tremendous, tremendous investment by valve software to make gaming on Linux work. Well. The entire stack receives changes to improve Wine compatibility [00:22:48] Jeremy: And when you refer to the entire stack, like what are some, some of those pieces, at least at a high level. [00:22:54] Elizabeth: I, I would, let's see, let me think. There is the wine project, the. Mesa Graphics Libraries. that's a, that's another, you know, uh, open source, software project that existed, has existed for a long time. But Valve has put a lot of, uh, funding and effort into it, the Linux kernel in various different ways. [00:23:17] Elizabeth: the, the desktop, uh, environment and Window Manager for, um, are also things they've invested in. [00:23:26] Jeremy: yeah. Everything that the game needs, on any level and, and that the, and that the operating system of the handheld device needs. Wine's history [00:23:37] Jeremy: And wine's been going on for quite a while. I think it's over a decade, right? [00:23:44] Elizabeth: I believe. Oh, more than, oh, far more than a decade. I believe it started in 1990, I wanna say about 1995, mid nineties. I'm, I probably have that date wrong. I believe Wine started about the mid nineties. [00:24:00] Jeremy: Mm. [00:24:00] Elizabeth: it's going on for three decades at this rate. [00:24:03] Jeremy: Wow. Okay. [00:24:06] Jeremy: And so all this time, how has the, the project sort of sustained itself? Like who's been involved and how has it been able to keep going this long? [00:24:18] Elizabeth: Uh, I think as is the case with a lot of free software, it just, it just keeps trudging along. There's been. There's been times where there's a lot of interest in wine. There's been times where there's less, and we are fortunate to be in a time where there's a lot of interest in it. we've had the same maintainer for almost this entire, almost this entire existence. Uh, Alexander Julliard, there was one person starting who started, maintained it before him and, uh, left it maintainer ship to him after a year or two. Uh, Bob Amstat. And there has been a few, there's been a few developers who have been around for a very long time. a lot of developers who have been around for a decent amount of time, but not for the entire duration. And then a very, very large number of people who come and submit a one-off fix for their individual application that they want to make work. [00:25:19] Jeremy: How does crossover relate to the wine project? Like, it sounds like you had mentioned Valve software hired you for subcontract work, but crossover itself has been around for quite a while. So how, how has that been connected to the wine project? [00:25:37] Elizabeth: So I work for, so the, so the company I work for is Code Weavers and, crossover is our flagship software. so Code Weavers is a couple different things. We have a sort of a porting service where companies will come to us and say, can we port my application usually to Mac? And then we also have a retail service where Where we basically have our own, similar to Proton, but you know, older, but the same idea where we will add some hacks into it for very difficult to solve bugs and we have a, a nice graphical interface. And then, the other thing that we're selling with crossover is support. So if you, you know, try to run a certain application and you buy crossover, you can submit a ticket saying this doesn't work and we now have a financial incentive to fix it. You know, we'll try to, we'll try to fix your, we'll spend company resources to fix your bug, right? So that's been so, so code we v has been around since 1996 and crossover, I don't know the date, but it's crossover has been around for probably about two decades, if I'm not mistaken. [00:27:01] Jeremy: And when you mention helping companies port their software to, for example, MacOS. [00:27:07] Jeremy: Is the approach that you would port it natively to MacOS APIs or is it that you would help them get it running using wine on MacOS? [00:27:21] Elizabeth: Right. That's, so that's basically what makes us so unique among porting companies is that instead of rewriting their software, we just, we just basically stick it inside of crossover and, uh, and, and make it run. [00:27:36] Elizabeth: And the idea has always been, you know, the more we implement, the more we get correct, the, the more applications will, you know, work. And sometimes it works out that way. Sometimes not really so much. And there's always work we have to do to get any given application to work, but. Yeah, so it's, it's very unusual because we don't ask companies for any of their code. We don't need it. We just fix the windows API [00:28:07] Jeremy: And, and so in that case, the ports would be let's say someone sells a MacOS version of their software. They would bundle crossover, uh, with their software. [00:28:18] Elizabeth: Right? And usually when you do this, it doesn't look like there's crossover there. Like it just looks like this software is native, but there is soft, there is crossover under the hood. Loading executables and linked libraries [00:28:32] Jeremy: And so earlier we were talking about how you're basically intercepting the system calls that these binaries are making, whether that's the executable or the, the DLLs from Windows. Um, but I think probably a lot of our listeners are not really sure how that's done. Like they, they may have built software, but they don't know, how do I basically hijack, the system calls that this application is making. [00:29:01] Jeremy: So maybe you could talk a little bit about how that works. [00:29:04] Elizabeth: So there, so there's a couple steps to go into it. when you think about a program that's say, that's a big, a big file that's got all the machine code in it, and then it's got stuff at the beginning saying, here's how the program works and here's where in the file the processor should start running. that's, that's your EXE file. And then in your DLL files are libraries that contain shared code and you have like a similar sort of file. It says, here's the entry point. That runs this function, this, you know, this pars XML function or whatever have you. [00:29:42] Elizabeth: And here's this entry point that has the generate XML function and so on and so forth. And, and, then the operating system will basically take the EXE file and see all the bits in it. Say I want to call the pars XML function. It'll load that DLL and hook it up. So it, so the processor ends up just seeing jump directly to this pars XML function and then run that and then return and so on. [00:30:14] Elizabeth: And so what wine does, is it part of wine? That's part of wine is a library, is that, you know, the implementing that parse XML and read XML function, but part of it is the loader, which is the part of the operating system that hooks everything together. And when we load, we. Redirect to our libraries. We don't have Windows libraries. [00:30:38] Elizabeth: We like, we redirect to ours and then we run our code. And then when you jump back to the program and yeah. [00:30:48] Jeremy: So it's the, the loader that's a part of wine. That's actually, I'm not sure if running the executable is the right term. [00:30:58] Elizabeth: no, I think that's, I think that's a good term. It's, it's, it's, it starts in a loader and then we say, okay, now run the, run the machine code and it's executable and then it runs and it jumps between our libraries and back and so on. [00:31:14] Jeremy: And like you were saying before, often times when it's trying to make a system call, it ends up being handled by a function that you've written in wine. And then that in turn will call the, the Linux system calls or the MacOS system calls to try and accomplish the, the same result. [00:31:36] Elizabeth: Right, exactly. [00:31:40] Jeremy: And something that I think maybe not everyone is familiar with is there's this concept of user space versus kernel space. you explain what the difference is? [00:31:51] Elizabeth: So the way I would explain, the way I would describe a kernel is it's the part of the operating system that can do anything, right? So any program, any code that runs on your computer is talking to the processor, and the processor has to be able to do anything the computer can do. [00:32:10] Elizabeth: It has to be able to talk to the hardware, it has to set up the memory space. That, so actually a very complicated task has to be able to switch to another task. and, and, and, and basically talk to another program and. You have to have something there that can do everything, but you don't want any program to be able to do everything. Um, not since the, not since the nineties. It's about when we realized that we can't do that. so the kernel is a part that can do everything. And when you need to do something that requires those, those permissions that you can't give everyone, you have to talk to the colonel and ask it, Hey, can you do this for me please? And in a very restricted way where it's only the safe things you can do. And a degree, it's also like a library, right? It's the kernel. The kernels have always existed, and since they've always just been the core standard library of the computer that does the, that does the things like read and write files, which are very, very complicated tasks under the hood, but look very simple because all you say is write this file. And talk to the hardware and abstract away all the difference between different drivers. So the kernel is doing all of these things. So because the kernel is a part that can do everything and because when you think about the kernel, it is basically one program that is always running on your computer, but it's only one program. So when a user calls the kernel, you are switching from one program to another and you're doing a lot of complicated things as part of this. You're switching to the higher privilege level where you can do anything and you're switching the state from one program to another. And so it's a it. So this is what we mean when we talk about user space, where you're running like a normal program and kernel space where you've suddenly switched into the kernel. [00:34:19] Elizabeth: Now you're executing with increased privileges in a different. idea of the process space and increased responsibility and so on. [00:34:30] Jeremy: And, and so do most applications. When you were talking about the system calls for handling 3D audio or parsing XML. Are those considered, are those system calls considered part of user space and then those things call the kernel space on your behalf, or how, how would you describe that? [00:34:50] Elizabeth: So most, so when you look at Windows, most of most of the Windows library, the vast, vast majority of it is all user space. most of these libraries that we implement never leave user space. They never need to call into the kernel. there's the, there only the core low level stuff. Things like, we need to read a file, that's a kernel call. when you need to sleep and wait for some seconds, that's a kernel. Need to talk to a different process. Things that interact with different processes in general. not just allocate memory, but allocate a page of memory, like a, from the memory manager and then that gets sub allocated by the heap allocator. so things like that. [00:35:31] Jeremy: Yeah, so if I was writing an application and I needed to open a file, for example, does, does that mean that I would have to communicate with the kernel to, to read that file? [00:35:43] Elizabeth: Right, exactly. [00:35:46] Jeremy: And so most applications, it sounds like it's gonna be a mixture. You're gonna have a lot of things that call user space calls. And then a few, you mentioned more low level ones that are gonna require you to communicate with the kernel. [00:36:00] Elizabeth: Yeah, basically. And it's worth noting that in, in all operating systems, you're, you're almost always gonna be calling a user space library. That might just be a thin wrapper over the kernel call. It might, it's gonna do like just a little bit of work in end call the kernel. [00:36:19] Jeremy: [00:36:19] Elizabeth: In fact, in Windows, that's the only way to do it. Uh, in many other operating systems, you can actually say, you can actually tell the processor to make the kernel call. There is a special instruction that does this and just, and it'll go directly to the kernel, and there's a defined interface for this. But in Windows, that interface is not defined. It's not stable. Or backwards compatible like the rest of Windows is. So even if you wanted to use it, you couldn't. and you basically have to call into the high level libraries or low level libraries, as it were, that, that tell you that create a file. And those don't do a lot. [00:37:00] Elizabeth: They just kind of tweak their parameters a little and then pass them right down to the kernel. [00:37:07] Jeremy: And so wine, it sounds like it needs to implement both the user space calls of windows, but then also the, the kernel, calls as well. But, but wine itself does that, is that only in Linux user space or MacOS user space? [00:37:27] Elizabeth: Yes. This is a very tricky thing. but all of wine, basically all of what is wine runs in, in user space and we use. Kernel calls that are already there to talk to the colonel, to talk to the host Colonel. You have to, and you, you get, you get, you get the sort of second nature of thinking about the Windows, user space and kernel. [00:37:50] Elizabeth: And then there's a host user space and Kernel and wine is running all in user, in the user, in the host user space, but it's emulating the Windows kernel. In fact, one of the weirdest, trickiest parts is I mentioned that you can run some drivers in wine. And those drivers actually, they actually are, they think they're running in the Windows kernel. which in a sense works the same way. It has libraries that it can load, and those drivers are basically libraries and they're making, kernel calls and they're, they're making calls into the kernel library that does some very, very low level tasks that. You're normally only supposed to be able to do in a kernel. And, you know, because the kernel requires some privileges, we kind of pretend we have them. And in many cases, you're even the drivers are using abstractions. We can just implement those abstractions kind of over the slightly higher level abstractions that exist in user space. [00:39:00] Jeremy: Yeah, I hadn't even considered the being able to use hardware devices, but I, I suppose if in, in the end, if you're reproducing the kernel, then whether you're running software or you're talking to a hardware device, as long as you implement the calls correctly, then I, I suppose it works. [00:39:18] Elizabeth: Cause you're, you're talking about device, like maybe it's some kind of USB device that has drivers for Windows, but it doesn't for, for Linux. [00:39:28] Elizabeth: no, that's exactly, that's a, that's kind of the, the example I've used. Uh, I think there is, I think I. My, one of my best success stories was, uh, drivers for a graphing calculator. [00:39:41] Jeremy: Oh, wow. [00:39:42] Elizabeth: That connected via USB and I basically just plugged the windows drivers into wine and, and ran it. And I had to implement a lot of things, but it worked. But for example, something like a graphics driver is not something you could implement in wine because you need the graphics driver on the host. We can't talk to the graphics driver while the host is already doing so. [00:40:05] Jeremy: I see. Yeah. And in that case it probably doesn't make sense to do so [00:40:11] Elizabeth: Right? [00:40:12] Elizabeth: Right. It doesn't because, the transition from user into kernel is complicated. You need the graphics driver to be in the kernel and the real kernel. Having it in wine would be a bad idea. Yeah. [00:40:25] Jeremy: I, I think there's, there's enough APIs you have to try and reproduce that. I, I think, uh, doing, doing something where, [00:40:32] Elizabeth: very difficult [00:40:33] Jeremy: right. Poor system call documentation and private APIs [00:40:35] Jeremy: There's so many different, calls both in user space and in kernel space. I imagine the, the user space ones Microsoft must document to some extent, but, oh. Is that, is that a [00:40:51] Elizabeth: well, sometimes, [00:40:54] Jeremy: Sometimes. Okay. [00:40:55] Elizabeth: I think it's actually better now than it used to be. But some, here's where things get fun, because sometimes there will be, you know, regular documented calls. Sometimes those calls are documented, but the documentation isn't very good. Sometimes programs will just sort of look inside Microsoft's DLLs and use calls that they aren't supposed to be using. Sometimes they use calls that they are supposed to be using, but the documentation has disappeared. just because it's that old of an API and Microsoft hasn't kept it around. sometimes some, sometimes Microsoft, Microsoft own software uses, APIs that were never documented because they never wanted anyone else using them, but they still ship them with the operating system. there was actually a kind of a lawsuit about this because it is an antitrust lawsuit, because by shipping things that only they could use, they were kind of creating a trust. and that got some things documented. At least in theory, they kind of haven't stopped doing it, though. [00:42:08] Jeremy: Oh, so even today they're, they're, I guess they would call those private, private APIs, I suppose. [00:42:14] Elizabeth: I suppose. Uh, yeah, you could say private APIs. but if we want to get, you know, newer versions of Microsoft Office running, we still have to figure out what they're doing and implement them. [00:42:25] Jeremy: And given that they're either, like you were saying, the documentation is kind of all over the place. If you don't know how it's supposed to behave, how do you even approach implementing them? [00:42:38] Elizabeth: and that's what the conformance tests are for. And I, yeah, I mentioned earlier we have this huge body of conformance tests that double is regression tests. if we see an API, we don't know what to do with or an API, we do know, we, we think we know what to do with because the documentation can just be wrong and often has been. Then we write tests to figure out what it's supposed to behave. We kind of guess until we, and, and we write tests and we pass some things in and see what comes out and see what. The see what the operating system does until we figure out, oh, so this is what it's supposed to do and these are the exact parameters in, and, and then we, and, and then we implement it according to those tests. [00:43:24] Jeremy: Is there any distinction in approach for when you're trying to implement something that's at the user level versus the kernel level? [00:43:33] Elizabeth: No, not really. And like I, and like I mentioned earlier, like, well, I mean, a kernel call is just like a library call. It's just done in a slightly different way, but it's still got, you know, parameters in, it's still got a set of parameters. They're just encoded differently. And, and again, like the, the way kernel calls are done is on a level just above the kernel where you have a library, that just passes things through. Almost verbatim to the kernel and we implement that library instead. [00:44:10] Jeremy: And, and you've been working on i, I think, wine for over, over six years now. [00:44:18] Elizabeth: That sounds about right. Debugging and having broad knowledge of Wine [00:44:20] Jeremy: What does, uh, your, your day to day look like? What parts of the project do you, do you work on? [00:44:27] Elizabeth: It really varies from day to day. and I, I, a lot of people, a lot of, some people will work on the same parts of wine for years. Uh, some people will switch around and work on all sorts of different things. [00:44:42] Elizabeth: And I'm, I definitely belong to that second group. Like if you name an area of wine, I have almost certainly contributed a patch or two to it. there's some areas I work on more than others, like, 3D graphics, multimedia, a, I had, I worked on a compiler that exists, uh, socket. So networking communication is another thing I work a lot on. day to day, I kind of just get, I, I I kind of just get a bug for some program or another. and I take it and I debug it and figure out why the program's broken and then I fix it. And there's so much variety in that. because a bug can take so many different forms like I described, and, and, and the, and then the fix can be simple or complicated or, and it can be in really anywhere to a degree. [00:45:40] Elizabeth: being able to work on any part of wine is sometimes almost a necessity because if a program is just broken, you don't know why. It could be anything. It could be any sort of API. And sometimes you can hand the API to somebody who's got a lot of experience in that, but sometimes you just do whatever. You just fix whatever's broken and you get an experience that way. [00:46:06] Jeremy: Yeah, I mean, I was gonna ask about the specialized skills to, to work on wine, but it sounds like maybe in your case it's all of them. [00:46:15] Elizabeth: It's, there's a bit of that. it's a wine. We, the skills to work on wine are very, it's a very unique set of skills because, and it largely comes down to debugging because you can't use the tools you normally use debug. [00:46:30] Elizabeth: You have to, you have to be creative and think about it different ways. Sometimes you have to be very creative. and programs will try their hardest to avoid being debugged because they don't want anyone breaking their copy protection, for example, or or hacking, or, you know, hacking in sheets. They want to be, they want, they don't want anyone hacking them like that. [00:46:54] Elizabeth: And we have to do it anyway for good and legitimate purposes. We would argue to make them work better on more operating systems. And so we have to fight that every step of the way. [00:47:07] Jeremy: Yeah, it seems like it's a combination of. F being able, like you, you were saying, being able to, to debug. and you're debugging not necessarily your own code, but you're debugging this like behavior of, [00:47:25] Jeremy: And then based on that behavior, you have to figure out, okay, where in all these different systems within wine could this part be not working? [00:47:35] Jeremy: And I, I suppose you probably build up some kind of, mental map in your head of when you get a, a type of bug or a type of crash, you oh, maybe it's this, maybe it's here, or something [00:47:47] Elizabeth: Yeah. That, yeah, there is a lot of that. there's, you notice some patterns, you know, after experience helps, but because any bug could be new, sometimes experience doesn't help and you just, you just kind of have to start from scratch. Finding a bug related to XAudio [00:48:08] Jeremy: At sort of a high level, can you give an example of where you got a specific bug report and then where you had to look to eventually find which parts of the the system were the issue? [00:48:21] Elizabeth: one, one I think good example, that I've done recently. so I mentioned this, this XAudio library that does 3D audio. And if you say you come across a bug, I'm gonna be a little bit generics here and say you come across a bug where some audio isn't playing right, maybe there's, silence where there should be the audio. So you kind of, you look in and see, well, where's that getting lost? So you can basically look in the input calls and say, here's the buffer it's submitting that's got all the audio data in it. And you look at the output, you look at where you think the output should be, like, that library will internally call a different library, which programs can interact with directly. [00:49:03] Elizabeth: And this our high level library interacts with that is the, give this sound to the audio driver, right? So you've got XAudio on top of, um. mdev, API, which is the other library that gives audio to the driver. And you see, well, the ba the buffer is that XAudio is passing into MM Dev, dev API. They're empty, there's nothing in them. So you have to kind of work through the XAudio library to see where is, where's that sound getting lost? Or maybe, or maybe that's not getting lost. Maybe it's coming through all garbled. And I've had to look at the buffer and see why is it garbled. I'll open up it up in Audacity and look at the weight shape of the wave and say, huh, that shape of the wave looks like it's, it looks like we're putting silence every 10 nanoseconds or something, or, or reversing something or interpreting it wrong. things like that. Um, there's a lot of, you'll do a lot of, putting in print fs basically all throughout wine to see where does the state change. Where was, where is it? Where is it? Right? And then where do things start going wrong? [00:50:14] Jeremy: Yeah. And in the audio example, because they're making a call to your XAudio implementation, you can see that Okay, the, the buffer, the audio that's coming in. That part is good. It, it's just that later on when it sends it to what's gonna actually have it be played by the, the hardware, that's when missing. So, [00:50:37] Elizabeth: We did something wrong in a library that destroyed the buffer. And I think on a very, high level a lot of debugging, wine is about finding where things are good and finding where things are bad, and then narrowing that down until we find the one spot where things go wrong. There's a lot of processes that go like that. [00:50:57] Jeremy: like you were saying, the more you see these problems, hopefully the, the easier it gets to, to narrow down where, [00:51:04] Elizabeth: Often. Yeah. Especially if you keep debugging things in the same area. How much code is OS specific?c [00:51:09] Jeremy: And wine supports more than one operating system. I, I saw there was Linux, MacOS I think free BSD. How much of the code is operating system specific versus how much can just be shared across all of them? [00:51:27] Elizabeth: Not that much is operating system specific actually. so when you think about the volume of wine, the, the, the, vast majority of it is the high level code that doesn't need to interact with the operating system on a low level. Right? Because Windows keeps putting, because Microsoft keeps putting lots and lots of different libraries in their operating system. And a lot of these are high level libraries. and even when we do interact with the operating system, we're, we're using cross-platform libraries or we're using, we're using ics. The, uh, so all these operating systems that we are implementing are con, basically conformed to the posix standard. which is basically like Unix, they're all Unix based. Psic is a Unix based standard. Microsoft is, you know, the big exception that never did implement that. And, and so we have to translate its APIs to Unix, APIs. now that said, there is a lot of very operating system, specific code. Apple makes things difficult by try, by diverging almost wherever they can. And so we have a lot of Apple specific code in there. [00:52:46] Jeremy: another example I can think of is, I believe MacOS doesn't support, Vulkan [00:52:53] Elizabeth: yes. Yeah.Yeah, That's a, yeah, that's a great example of Mac not wanting to use, uh, generic libraries that work on every other operating system. and in some cases we, we look at it and are like, alright, we'll implement a wrapper for that too, on top of Yuri, on top of your, uh, operating system. We've done it for Windows, we can do it for Vulkan. and that's, and then you get the Molten VK project. Uh, and to be clear, we didn't invent molten vk. It was around before us. We have contributed a lot to it. Direct3d, Vulkan, and MoltenVK [00:53:28] Jeremy: Yeah, I think maybe just at a high level might be good to explain the relationship between Direct 3D or Direct X and Vulcan and um, yeah. Yeah. Maybe if you could go into that. [00:53:42] Elizabeth: so Direct 3D is Microsoft's 3D API. the 3D APIs, you know, are, are basically a way to, they're way to firstly abstract out the differences between different graphics, graphics cards, which, you know, look very different on a hardware level. [00:54:03] Elizabeth: Especially. They, they used to look very different and they still do look very different. and secondly, a way to deal with them at a high level because actually talking to the graphics card on a low level is very, very complicated. Even talking to it on a high level is complicated, but it gets, it can get a lot worse if you've ever been a, if you've ever done any graphics, driver development. so you have a, a number of different APIs that achieve these two goals of, of, abstraction and, and of, of, of building a common abstraction and of building a, a high level abstraction. so OpenGL is the broadly the free, the free operating system world, the non Microsoft's world's choice, back in the day. [00:54:53] Elizabeth: And then direct 3D was Microsoft's API and they've and Direct 3D. And both of these have evolved over time and come up with new versions and such. And when any, API exists for too long. It gains a lot of croft and needs to be replaced. And eventually, eventually the people who developed OpenGL decided we need to start over, get rid of the Croft to make it cleaner and make it lower level. [00:55:28] Elizabeth: Because to get in a maximum performance games really want low level access. And so they made Vulcan, Microsoft kind of did the same thing, but they still call it Direct 3D. they just, it's, it's their, the newest version of Direct 3D is lower level. It's called Direct 3D 12. and, and, Mac looked at this and they decided we're gonna do the same thing too, but we're not gonna use Vulcan. [00:55:52] Elizabeth: We're gonna define our own. And they call it metal. And so when we want to translate D 3D 12 into something that another operating system understands. That's probably Vulcan. And, and on Mac, we need to translate it to metal somehow. And we decided instead of having a separate layer from D three 12 to metal, we're just gonna translate it to Vulcan and then translate the Vulcan to metal. And it also lets things written for Vulcan on Windows, which is also a thing that exists that lets them work on metal. [00:56:30] Jeremy: And having to do that translation, does that have a performance impact or is that not really felt? [00:56:38] Elizabeth: yes. It's kind of like, it's kind of like anything, when you talk about performance, like I mentioned this earlier, there's always gonna be overhead from translating from one API to another. But we try to, what we, we put in heroic efforts to. And try, try to make sure that doesn't matter, to, to make sure that stuff that needs to be fast is really as fast as it can possibly be. [00:57:06] Elizabeth: And some very clever things have been done along those lines. and, sometimes the, you know, the graphics drivers underneath are so good that it actually does run better, even despite the translation overhead. And then sometimes to make it run fast, we need to say, well, we're gonna implement a new API that behaves more like windows, so we can do less work translating it. And that's, and sometimes that goes into the graphics library and sometimes that goes into other places. Targeting Wine instead of porting applications [00:57:43] Jeremy: Yeah. Something I've found a little bit interesting about the last few years is [00:57:49] Jeremy: Developers in the past, they would generally target Windows and you might be lucky to get a Mac port or a Linux port. And I wonder, like, in your opinion now, now that a lot of developers are just targeting Windows and relying on wine or, or proton to, to run their software, is there any, I suppose, downside to doing that? [00:58:17] Jeremy: Or is it all just upside, like everyone should target Windows as this common platform? [00:58:23] Elizabeth: Yeah. It's an interesting question. I, there's some people who seem to think it's a bad thing that, that we're not getting native ports in the same sense, and then there's some people who. Who See, no, that's a perfectly valid way to do ports just right for this defacto common API it was never intended as a cross platform common API, but we've made it one. [00:58:47] Elizabeth: Right? And so why is that any worse than if it runs on a different API on on Linux or Mac and I? Yeah, I, I, I guess I tend to, I, that that argument tends to make sense to me. I don't, I don't really see, I don't personally see a lot of reason for, to, to, to say that one library is more pure than another. [00:59:12] Elizabeth: Right now, I do think Windows APIs are generally pretty bad. I, I'm, this might be, you know, just some sort of, this might just be an effect of having to work with them for a very long time and see all their flaws and have to deal with the nonsense that they do. But I think that a lot of the. Native Linux APIs are better. But if you like your Windows API better. And if you want to target Windows and that's the only way to do it, then sure why not? What's wrong with that? [00:59:51] Jeremy: Yeah, and I think the, doing it this way, targeting Windows, I mean if you look in the past, even though you had some software that would be ported to other operating systems without this compatibility layer, without people just targeting Windows, all this software that people can now run on these portable gaming handhelds or on Linux, Most of that software was never gonna be ported. So yeah, absolutely. And [01:00:21] Elizabeth: that's [01:00:22] Jeremy: having that as an option. Yeah. [01:00:24] Elizabeth: That's kind of why wine existed, because people wanted to run their software. You know, that was never gonna be ported. They just wanted, and then the community just spent a lot of effort in, you know, making all these individual programs run. Yeah. [01:00:39] Jeremy: I think it's pretty, pretty amazing too that, that now that's become this official way, I suppose, of distributing your software where you say like, Hey, I made a Windows version, but you're on your Linux machine. it's officially supported because, we have this much belief in this compatibility layer. [01:01:02] Elizabeth: it's kind of incredible to see wine having got this far. I mean, I started working on a, you know, six, seven years ago, and even then, I could never have imagined it would be like this. [01:01:16] Elizabeth: So as we, we wrap up, for the developers that are listening or, or people who are just users of wine, um, is there anything you think they should know about the project that we haven't talked about? [01:01:31] Elizabeth: I don't think there's anything I can think of. [01:01:34] Jeremy: And if people wanna learn, uh, more about the wine project or, or see what you're up to, where, where should they, where should they head? Getting support and contributing [01:01:45] Elizabeth: We don't really have any things like news, unfortunately. Um, read the release notes, uh, follow some, there's some, there's some people who, from Code Weavers who do blogs. So if you, so if you go to codeweavers.com/blog, there's some, there's, there's some codeweavers stuff, uh, some marketing stuff. But there's also some developers who will talk about bugs that they are solving and. And how it's easy and, and the experience of working on wine. [01:02:18] Jeremy: And I suppose if, if someone's. Interested in like, like let's say they have a piece of software, it's not working through wine. what's the best place for them to, to either get help or maybe even get involved with, with trying to fix it? [01:02:37] Elizabeth: yeah. Uh, so you can file a bug on, winehq.org,or, or, you know, find, there's a lot of developer resources there and you can get involved with contributing to the software. And, uh, there, there's links to our mailing list and IRC channels and, uh, and, and the GitLab, where all places you can find developers. [01:03:02] Elizabeth: We love to help you. Debug things. We love to help you fix things. We try our very best to be a welcoming community and we have got a long, we've got a lot of experience working with people who want to get their application working. So, we would love to, we'd love to have another. [01:03:24] Jeremy: Very cool. Yeah, I think wine is a really interesting project because I think for, I guess it would've been for decades, it seemed like very niche, like not many people [01:03:37] Jeremy: were aware of it. And now I think maybe in particular because of the, the Linux gaming handhelds, like the steam deck,wine is now something that a bunch of people who would've never heard about it before, and now they're aware of it. [01:03:53] Elizabeth: Absolutely. I've watched that transformation happen in real time and it's been surreal. [01:04:00] Jeremy: Very cool. Well, Elizabeth, thank you so much for, for joining me today. [01:04:05] Elizabeth: Thank you, Jeremy. I've been glad to be here.

Tonight we're talking about the June State of Play, EA cancelling the Black Panther game, a suspicious new military FPS on Steam, the latest technical comparison between SteamOS and Windows OS on handheld, People Can Fly pulling the chute on two projects and more! ***** Watch the show LIVE Tuesday nights at 7PM Eastern - @benishandsomeyt ***** Reviews and subscriptions help us out so much. If you enjoyed the show, make sure to subscribe and leave us a review on iTunes. ***** Follow us on Twitter! Twitter.com/BenSmith2588 Twitter.com/csfdave Twitter.com/_gloriousginger Learn more about your ad choices. Visit podcastchoices.com/adchoices

Hey folks, Alex here, welcome back to ThursdAI! And folks, after the last week was the calm before the storm, "The storm came, y'all" – that's an understatement. This wasn't just a storm; it was an AI hurricane, a category 5 of announcements that left us all reeling (in the best way possible!). From being on the ground at Google I/O to live-watching Anthropic drop Claude 4 during our show, it's been an absolute whirlwind.This week was so packed, it felt like AI Christmas, with tech giants and open-source heroes alike showering us with gifts. We saw OpenAI play their classic pre-and-post-Google I/O chess game, Microsoft make some serious open-source moves, Google unleash an avalanche of updates, and Anthropic crash the party with Claude 4 Opus and Sonnet live stream in the middle of ThursdAI!So buckle up, because we're about to try and unpack this glorious chaos. As always, we're here to help you collectively know, learn, and stay up to date, so you don't have to. Let's dive in! (TL;DR and links in the end) Open Source LLMs Kicking Things OffEven with the titans battling, the open-source community dropped some serious heat this week. It wasn't the main headline grabber, but the releases were significant!Gemma 3n: Tiny But Mighty MatryoshkaFirst up, Google's Gemma 3n. This isn't just another small model; it's a "Nano-plus" preview, a 4-billion parameter MatFormer (Matryoshka Transformer – how cool is that name?) model designed for mobile-first multimodal applications. The really slick part? It has a nested 2-billion parameter sub-model that can run entirely on phones or Chromebooks.Yam was particularly excited about this one, pointing out the innovative "model inside another model" design. The idea is you can use half the model, not depth-wise, but throughout the layers, for a smaller footprint without sacrificing too much. It accepts interleaved text, image, audio, and video, supports ASR and speech translation, and even ships with RAG and function-calling libraries for edge apps. With a 128K token window and responsible AI features baked in, Gemma 3n is looking like a powerful tool for on-device AI. Google claims it beats prior 4B mobile models on MMLU-Lite and MMMU-Mini. It's an early preview in Google AI Studio, but it definitely flies on mobile devices.Mistral & AllHands Unleash Devstral 24BThen we got a collaboration from Mistral and AllHands: Devstral, a 24-billion parameter, state-of-the-art open model focused on code. We've been waiting for Mistral to drop some open-source goodness, and this one didn't disappoint.Nisten was super hyped, noting it beats o3-Mini on SWE-bench verified – a tough benchmark! He called it "the first proper vibe coder that you can run on a 3090," which is a big deal for coders who want local power and privacy. This is a fantastic development for the open-source coding community.The Pre-I/O Tremors: OpenAI & Microsoft Set the StageAs we predicted, OpenAI couldn't resist dropping some news right before Google I/O.OpenAI's Codex Returns as an AgentOpenAI launched Codex – yes, that Codex, but reborn as an asynchronous coding agent. This isn't just a CLI tool anymore; it connects to GitHub, does pull requests, fixes bugs, and navigates your codebase. It's powered by a new coding model fine-tuned for large codebases and was SOTA on SWE Agent when it dropped. Funnily, the model is also called Codex, this time, Codex-1. And this gives us a perfect opportunity to talk about the emerging categories I'm seeing among Code Generator agents and tools:* IDE-based (Cursor, Windsurf): Live pair programming in your editor* Vibe coding (Lovable, Bolt, v0): "Build me a UI" style tools for non-coders* CLI tools (Claude Code, Codex-cli): Terminal-based assistants* Async agents (Claude Code, Jules, Codex, GitHub Copilot agent, Devin): Work on your repos while you sleep, open pull requests for you to review, asyncCodex (this new one) falls into category number 4, and with today's release, Cursor seems to also strive to get to category number 4 with background processing. Microsoft BUILD: Open Source Copilot and Copilot Agent ModeThen came Microsoft Build, their huge developer conference, with a flurry of announcements.The biggest one for me? GitHub Copilot's front-end code is now open source! The VS Code editor part was already open, but the Copilot integration itself wasn't. This is a massive move, likely a direct answer to the insane valuations of VS Code clones like Cursor. Now, you can theoretically clone GitHub Copilot with VS Code and swing for the fences.GitHub Copilot also launched as an asynchronous coding assistant, very similar in function to OpenAI's Codex, allowing it to be assigned tasks and create/update PRs. This puts Copilot right into category 4 of code assistants, and with the native Github Integration, they may actually have a leg up in this race!And if that wasn't enough, Microsoft is adding MCP (Model Context Protocol) support directly into the Windows OS. The implications of having the world's biggest operating system natively support this agentic protocol are huge.Google I/O: An "Ultra" Event Indeed!Then came Tuesday, and Google I/O. I was there in the thick of it, and folks, it was an absolute barrage. Google is shipping. The theme could have been "Ultra" for many reasons, as we'll see.First off, the scale: Google reported a 49x increase in AI usage since last year's I/O, jumping from 9 trillion tokens processed to a mind-boggling 480 trillion tokens. That's a testament to their generous free tiers and the explosion of AI adoption.Gemini 2.5 Pro & Flash: #1 and #2 LLMs on ArenaGemini 2.5 Flash got an update and is now #2 on the LMArena leaderboard (with Gemini 2.5 Pro still holding #1). Both Pro and Flash gained some serious new capabilities:* Deep Think mode: This enhanced reasoning mode is pushing Gemini's scores to new heights, hitting 84% on MMMU and topping LiveCodeBench. It's about giving the model more "time" to work through complex problems.* Native Audio I/O: We're talking real-time TTS in 24 languages with two voices, and affective dialogue capabilities. This is the advanced voice mode we've been waiting for, now built-in.* Project Mariner: Computer-use actions are being exposed via the Gemini API & Vertex AI for RPA partners. This started as a Chrome extension to control your browser and now seems to be a cloud-based API, allowing Gemini to use the web, not just browse it. This feels like Google teaching its AI to interact with the JavaScript-heavy web, much like they taught their crawlers years ago.* Thought Summaries: Okay, here's one update I'm not a fan of. They've switched from raw thinking traces to "thought summaries" in the API. We want the actual traces! That's how we learn and debug.* Thinking Budgets: Previously a Flash-only feature, token ceilings for controlling latency/cost now extend to Pro.* Flash Upgrade: 20-30% fewer tokens, better reasoning/multimodal scores, and GA in early June.Gemini Diffusion: Speed Demon for Code and MathThis one got Yam Peleg incredibly excited. Gemini Diffusion is a new approach, different from transformers, for super-speed editing of code and math tasks. We saw demos hitting 2000 tokens per second! While there might be limitations at longer contexts, its speed and infilling capabilities are seriously impressive for a research preview. This is the first diffusion model for text we've seen from the frontier labs, and it looks sick. Funny note, they had to slow down the demo video to actually show the diffusion process, because at 2000t/s - apps appear as though out of thin air!The "Ultra" Tier and Jules, Google's Coding AgentRemember the "Ultra event" jokes? Well, Google announced a Gemini Ultra tier for $250/month. This tops OpenAI's Pro plan and includes DeepThink access, a generous amount of VEO3 generation, YouTube Premium, and a whopping 30TB of storage. It feels geared towards creators and developers.And speaking of developers, Google launched Jules (jules.google)! This is their asynchronous coding assistant (Category 4!). Like Codex and GitHub Copilot Agent, it connects to your GitHub, opens PRs, fixes bugs, and more. The big differentiator? It's currently free, which might make it the default for many. Another powerful agent joins the fray!AI Mode in Search: GA and EnhancedAI Mode in Google Search, which we've discussed on the show before with Robby Stein, is now in General Availability in the US. This is Google's answer to Perplexity and chat-based search.But they didn't stop there:* Personalization: AI Mode can now connect to your Gmail and Docs (if you opt-in) for more personalized results.* Deep Search: While AI Mode is fast, Deep Search offers more comprehensive research capabilities, digging through hundreds of sources, similar to other "deep research" tools. This will eventually be integrated, allowing you to escalate an AI Mode query for a deeper dive.* Project Mariner Integration: AI Mode will be able to click into websites, check availability for tickets, etc., bridging the gap to an "agentic web."I've had a chat with Robby during I/O and you can listen to that interview at the end of the podcast.Veo3: The Undisputed Star of Google I/OFor me, and many others I spoke to, Veo3 was the highlight. This is Google's flagship video generation model, and it's on another level. (the video above, including sounds is completely one shot generated from VEO3, no processing or editing)* Realism and Physics: The visual quality and understanding of physics are astounding.* Natively Multimodal: This is huge. Veo3 generates native audio, including coherent speech, conversations, and sound effects, all synced perfectly. It can even generate text within videos.* Coherent Characters: Characters remain consistent across scenes and have situational awareness, who speaks when, where characters look.* Image Upload & Reference Ability: While image upload was closed for the demo, it has reference capabilities.* Flow: An editor for video creation using Veo3 and Imagen4 which also launched, allowing for stiching and continuous creation.I got access and created videos where Veo3 generated a comedian telling jokes (and the jokes were decent!), characters speaking with specific accents (Indian, Russian – and they nailed it!), and lip-syncing that was flawless. The situational awareness, the laugh tracks kicking in at the right moment... it's beyond just video generation. This feels like a world simulator. It blew through the uncanny valley for me. More on Veo3 later, because it deserves its own spotlight.Imagen4, Virtual Try-On, and XR Glasses* Imagen4: Google's image generation model also got an upgrade, with extra textual ability.* Virtual Try-On: In Google Shopping, you can now virtually try on clothes. I tried it; it's pretty cool and models different body types well.* XR AI Glasses from Google: Perhaps the coolest, but most futuristic, announcement. AI-powered glasses with an actual screen, memory, and Gemini built-in. You can talk to it, it remembers things for you, and interacts with your environment. This is agentic AI in a very tangible form.Big Company LLMs + APIs: The Beat Goes OnThe news didn't stop with Google.OpenAI (acqui)Hires Jony Ive, Launches "IO" for HardwareThe day after I/O, Sam Altman confirmed that Jony Ive, the legendary designer behind Apple's iconic products, is joining OpenAI. He and his company, LoveFrom, have jointly created a new company called "IO" (yes, IO, just like the conference) which is joining OpenAI in a stock deal reportedly worth $6.5 billion. They're working on a hardware device, unannounced for now, but expected next year. This is a massive statement of intent from OpenAI in the hardware space.Legendary iPhone analyst Ming-Chi Kuo shed some light on the possible device, it won't have a screen, as Jony wants to "wean people off screens"... funny right? They are targeting 2027 for mass production, which is really interesting as 2027 is when most big companies expect AGI to be here. "The current prototype is slightly larger than AI Pin, with a form factor comparable to iPod Shuffle, with one intended use cases is to wear it around your neck, with microphones and cameras for environmental detection" LMArena Raises $100M Seed from a16zThis one raised some eyebrows. LMArena, the go-to place for vibe-checking LLMs, raised a $100 million seed round from Andreessen Horowitz. That's a huge number for a seed, reminiscent of Stability AI's early funding. It also brings up questions about how a VC-backed startup maintains impartiality as a model evaluation platform. Interesting times ahead for leaderboards, how they intent to make 100x that amount to return to investors. Very curious.

Netflix acquires exclusive global streaming rights to Sesame Street starting with season 56. Tom highlights the big news from Microsoft BUILD. Why is Apple so behind on rolling out AI? And are you one of the millions who haven't upgraded their Windows OS installs? Starring Sarah Lane, Tom Merritt, Roger Chang, Joe. To read the show notes in a separate page click here! Support the show on Patreon by becoming a supporter!

Support the show Patreon: https://www.patreon.com/PSTrophyroom Discord: https://discord.gg/wPNp3kC  BSYK: https://tinyurl.com/3e24bn7y  Store: https://tinyurl.com/ktbsdw3s  This week on The Trophy Room:  A PlayStation Podcast hosts Teegan, Kyle, and Joe talk about the rumor that comes from the leaked screenshot of the new Xbox Ui showing Steam as an available service on the box that begs the question... IF this handheld is real and its essentially a PC with a Windows OS and a Gamer overlay ... can the next generation or next gen xbox technically run playstation games? If so can Sony Block PlayStation Games on the Rumored Xbox PC handheld if the ASUS ROG ALLY is in fact the device powering this new portable Xbox? There might be a God of War Greek Spin off thats a kin to Miles Morales game in the works and looking to release sometime this year according to Jeff Grubb. ALSO Assassin's Creed Shadows launch is a huge success BUT what more impressive is the social post that tares down the ideas of the culture war thats invaded the gaming space. BY mocking the fools that call the game woke. Also Indiana Jones PS5 Revealed its release date with nathan drake voice actor Nolan North and Indy VO Troy Baker which was super rad.

Deze talkshow wordt mede mogelijk gemaakt door MSI. Alle meningen in deze video zijn onze eigen. MSI heeft inhoudelijk geen inspraak op de content en zien de video net als jullie hier voor het eerst op de site.Er staat ons een heerlijk zonnig lenteweekend te wachten. Hoe fijn is dat wel niet. Even ergens op een terras een kopje koffie drinken of een biertje pakken. Dit vooruitzicht gaan we nog verder op pimpen met een nieuwe aflevering van Einde van de Week Vrijdag Live. De talkshow waarin we elke week het belangrijkste game gerelateerde nieuws van de afgelopen zeven dagen met elkaar én de kijkers doornemen. En don't worry, nu we met GK Daily zijn begonnen, betekent dat niet dat EvdWL een herhalingsoefening wordt. Hallo, we zijn Gamekings. Zo zitten we niet in elkaar. Topics zijn dit keer onder andere nieuwe info over Death Stranding 2, de prijs van GTA 6, nieuwe Far Cry spin-offs en een nieuwe fashion mode in Kingdom Come Deliverance 2. Dit alles en meer ga je zien en horen in de Einde van de Week Live van vrijdag 7 maart 2025.Scoor de MSI Claw nu voor een spotprijsMSI zet deze week hun handheld, de Claw, in de spotlights. De hardware is momenteel namelijk erg scherp geprijsd. De Claw draait op de power van de Intel® Core™ Ultra 5 processor en heeft verder een 512GB SSD, een 7” 120Hz Full HD Scherm, Hall-Effect Joysticks, Windows OS en een ThunderBolt 4 aansluiting aan boord. Heb je interesse dan kun je die voor slechts 449 scoren bij CoolBlue: https://msi.gm/SAD727C7 . Zijn ze daar op, dan kun je ook even buurten bij Alternate.LG Ultragear presenteert 's werelds snelste 27” 480 Hz QHD monitorZoals je weet zijn er een hoop presentatoren bij Gamekings erg happy met LG schermen en monitoren. Meerdere van ons hebben hun hardware thuis staan. LG Ultragear heeft sinds kort een nieuw paradepaardje, de 27” OLED 480 Hz QHD gaming monitor. Jelle is hem thuis aan het uitproberen en komt binnenkort met een video. Wil je meer info over deze krachtpatser van een monitor, dan is hier de pagina met alle ins en outs.Stap over naar KPN Glasvezel en ontvang een console naar keuzeKPN Glasvezel is terug van weg geweest met hun dikke actie: stap over naar KPN Glasvezel, neem een tweejarig abonnement en kies een PlayStation Slim, een Xbox Series S (1 TB) + 2 controllers of een Switch OLED als welkomstgeschenk. Heb je nog geen glasvezel in de straat liggen, dan kun je voor nu een normaal abonnement nemen die tegen de tijd dat er glasvezel ligt omgezet wordt. De huidige actie is nu dan wel geldig. Wil je meer info over de actie, hier vind je de website met alle ins & outs.Timestamps:00:00:00 Intro00:01:59 Huishoudelijke mededeling: MSI00:07:38 Wat hebben we deze week gespeeld?00:16:09 Huishoudelijke mededeling: Nieuwe Tokyo bonus content!00:18:57 Koos heeft gisteren een nieuwe videokaart van AMD op de kop getikt00:25:35 Er is nieuwe info over Death Stranding 2 verschenen00:33:20 GTA 6 kan 100 euro gaan kosten volgens Micheal Pachter.00:38:44 Samsung komt met een eigen handheld: De Samsung Flex Gaming.00:41:40 PlayStation start met PlayStation bèta: Gamers beta testen nieuwe PS-games. 00:44:48 De Far Cry extraction based shooter is rebooted00:48:19 Een beetje Nerd Culture: Volgende Marvel game wordt Marvel 1943 Ryse of Hydra. 00:52:20 In het Verenigd Koninkrijk kun je nu een PS5 huren.00:56:06 BULLETTÎME: LG Ultragear01:03:56 De stelling van de week!01:06:37 Nacon Connect: Updates over hun games en de game die er uitsprong was Hell is Us. 01:10:04 Nieuwe RoboCop DLC aangekondigd.01:11:43 Nieuwe beelden van Claire Obscure: Expedition 33.01:15:31 Nieuwe content voor Kingdom Come Deliverance 2, waaronder een kapper! 01:19:14 Split Fiction CEO Josef Fares wil geen microtransacties aan zijn games toe te voegen. 01:21:38 De Russo broers staan open voor Avengers games.01:28:02 Er is een nieuwe trailer voor Wuchang Fallen Feathers uitgekomen.01:30:01 BULLETTÎME: KPN Glasvezel01:39:05 Cool of serious uncool?

In this episode of Your Tech Report, Marc Aflalo dives into all things CES 2024 with Dan Ackerman, Editor-in-Chief of Micro Center News. The duo shares insights, anecdotes, and expert opinions on the year's biggest tech trends. From the transformative role of AI in GPUs to groundbreaking handheld gaming devices and the resurgence of wearable tech, this conversation is packed with fresh perspectives. Dan even reveals his personal must-have gadget from the show! Highlights include Nvidia's game-changing AI advancements, Lenovo's new handheld gaming systems, Dell's simplified product naming strategy, and the practical perks of Meta's Ray-Ban smart glasses. The discussion also touches on the ethical implications of AI and its role as an essential tool for the future. Show Notes: 1. Key CES Trends • This year's focus on chips and hardware innovation. • The shift towards locally run AI models for privacy and performance. 2. Nvidia Announcements • RTX 50-series GPUs: AI-powered frame generation and upscaling. • Mid-range 5070 priced at $549, delivering performance comparable to high-end 4090. • AI workstations starting at $3,000. 3. Gaming Devices • Lenovo Legion Go: New models featuring Steam OS. • MSI Claw and Acer Blaze handhelds, including an 11-inch AMD-powered tablet with detachable controllers. • The versatility of gaming tablets running full Windows OS. 4. Streaming and Game Access • Nvidia GeForce Now expanding to devices like Steam Deck, MetaQuest, and Apple Vision Pro. 5. Dell's Rebranding • Simplified product tiers: Dell, Dell Pro, Dell Plus, Dell Max. • Comparing the new structure to Apple's straightforward naming strategy. 6. Wearable Tech • Meta's Ray-Ban smart glasses: A CES favorite for practical phone calls and audio use. • The rise of smart wearables with AI functionality beyond flashy marketing. 7. Ethics and AI • The ongoing debate about responsible AI use. • AI as a tool to enhance human work rather than replace it. 8. Best Gadget of CES • ASUS XG Mobile: Portable Nvidia 5090 external GPU for Thunderbolt laptops. Why Listen: Marc and Dan's engaging discussion provides a comprehensive overview of CES 2024's standout products and trends. Whether you're into gaming, AI, or wearable tech, this episode breaks down the year's biggest innovations with humor, insight, and practical takeaways. Don't miss the expert predictions for how these technologies will shape the future of tech! Learn more about your ad choices. Visit megaphone.fm/adchoices

　2024 年 6 月に公開された Microsoft Windows OS に存在する脆弱性に対するエクスプロイトコードが公開されています。脆弱性が存在する Windows OS への侵入に当該脆弱性が悪用されると、OS の全権限が奪取されてしまいます。幅広い Microsoft Windows OS が当該脆弱性の影響を受けます。標的型攻撃などによる端末への侵入後に、端末の全権限を掌握するために悪用が試みられる可能性が高い脆弱性であると考えられます。

2024 年 7 月に公開された Microsoft Windows OS に存在する脆弱性に対するエクスプロイトコードが公開されています。

Base maps are one of the first hurdles in any tuning project, and while they often seem daunting at first, with hindsight and experience, they're actually much simpler than we expect but some people become so overwhelmed they throw in the towel before having the chance to get that far.Use ‘PODCAST75' for $75 off your first HPA course here: https://hpcdmy.co/hpa-tuned-inTo help car enthusiasts worldwide reduce stress and have a greater chance of easy success with their tuning projects, Haltech has developed a new app for their Rebel ECU range, specifically targeting the LS community (for now). This app, called Haltech Connect, offers a simple 7-step process to wire your V8-swapped project, get it running on a Haltech ECU, and even potentially driving with minimal further input (exceptions and common sense apply, of course).Why a phone app instead of the typical Windows OS software?What information is needed for the 7 steps, and where can you find it?Are system checks included to ensure everything is correct before firing up?With various LS engine variants, how is the wiring made universal?All these questions and more are answered in this quick interview from the World Time Attack Challenge paddock.What Haltech Connect can do:Connects via WiFiAndroid and iOS supportedView and clear DTCsView data display functions and monitor engine parameters in real-time on your smartphone, tablet and, in some cases, head unit.Change basic settings and adjust basic engine parametersWhat Haltech Connect can't do:Advanced tuning calibrationsFreely access any and all functions and settings (although it should let you get to most!)Data loggingSo who is the Haltech Connect app for? Someone who just wants to get their basic LS swap project up and running with minimal fuss and isn't worried about getting all the power possible out of their LS V8 engine. From there, they have the option to pull out a laptop and dive deeper if they wish.Who isn't the Haltech app for? Those with highly modified engines using aggressive aftermarket cams and/or high boost applications, as well as those using race fuels or ethanol blends who want to make as much power (reliably!) as possible.Basically, any setup that a 'self-tuning' function will be out of its depth on/dangerous

- Episode Antibes: Deep dive into AI, technology trends, entertainment and news hosted by Mananigas and Kolesky. Engage in exciting discussions on various topics including horror movies, comic books, iPad gaming and more on their Discord channel [here](https://discord.gg/T38WpgkHGQ).- Podcast trends: Analysis of the increase in podcast listenership based on the frequency of releases.- AI & Tech: Exploration of 'interruptible queries' in 'Codex Judge-y PT', their application in ad-hoc research, and potential usage in interactive reading.- IT News: Shared experiences and critiques on glitches experienced during Windows OS updates.- Future Reading: Discussion on potential advancements in e-readers, with a focus on AI integrations via platforms like Judge-y PT.- Gaming Review: Detailed review and comparison of Resident Evil game performance on iPad M2 and Xbox.- Comic Corners: Appreciation of comic books "Nice House by the Lake" and "Something Is Killing The Children"; in-depth discussion on Kindle's zoom feature for reading comics.- Literary Hour: Intricate exploration of the Russian classic, "Brothers Karamazov."- Pop Culture: Examination of the transition from old to new TV series, with "Breaking Bad" as the turning point in quality.- Horror House: Deep dive into the horror film genre, including titles like 'Hell House', 'The Blair Witch Project', and 'A Quiet Place.'- Futuristic Film: Examination of sensory deprivation focused movies- 'Bird Box' (sight), 'A Quiet Place' (sound), with prediction on upcoming themes in the genre.- Tech Trends: Detailed study on Tesla's self-driving strategy including design, regulations, data acquisition, and testing restrictions.- What's Next: Look into the "Master of The Air" TV series, and recommended watches like "Band of Brothers" and "The Pacific."- Book Club: Next episode's reading suggestion - "Good Strategy/Bad Strategy."

Video Episode: https://youtu.be/7et_7YkwAHs In today’s episode, we dive into the alarming rise of malware delivery through fake job applications targeting HR professionals, specifically focusing on the More_eggs backdoor. We also discuss critical gaming performance issues in Windows 11 24H2 and the vulnerabilities in DrayTek routers that expose over 700,000 devices to potential hacking. Lastly, we address the urgent exploitation of a remote code execution flaw in Zimbra email servers, emphasizing the need for immediate updates to safeguard against evolving threats. Links to articles: 1. https://thehackernews.com/2024/10/fake-job-applications-deliver-dangerous.html 2. https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-11-24h2-gaming-performance-issues/ 3. https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html 4. https://www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-exploited-to-backdoor-servers-using-emails/ Timestamps 00:00 – Introduction 01:14 – Zimbra RCE Vulnerability 02:17 – 700k DrayTek Routers Vulnerable 04:36 – Recruiters Targeted with Malware 06:14 – Microsoft blocks updates for gamers 1. What are today’s top cybersecurity news stories? 2. How is More_eggs malware targeting HR professionals? 3. What vulnerabilities exist in DrayTek routers? 4. Why did Microsoft block Windows 11 24H2 upgrades? 5. What is the impact of the Zimbra RCE flaw? 6. How do fake job applications spread malware? 7. What security measures can protect against More_eggs malware? 8. What are the latest gaming issues with Windows 11? 9. How can DrayTek router vulnerabilities be mitigated? 10. What are the latest tactics used by cybercriminals in email attacks? More_eggs, Golden Chickens, spear-phishing, credential theft, Microsoft, Windows 11, Asphalt 8, Intel Alder Lake+, DrayTek, vulnerabilities, exploits, cyber attackers, Zimbra, RCE, vulnerability, exploitation, # Intro HR professionals are under siege as a spear-phishing campaign disguised as fake job applications delivers the lethal More_eggs malware, leading to potentially devastating credential theft. Powered by the notorious Golden Chickens group, this malware-as-a-service targets recruiters with chilling precision. **How are recruitment officers unknowingly downloading malicious files, and what methods are threat actors using to bypass security measures?** “Microsoft is blocking Windows 11 24H2 upgrades on some systems due to critical gaming performance issues like Asphalt 8 crashes and Easy Anti-Cheat blue screens. The company is scrambling to resolve these problems that uniquely impact devices with Intel Alder Lake+ processors.” How can gamers with affected systems work around these issues until Microsoft releases a fix? Over 700,000 DrayTek routers are currently vulnerable to 14 newly discovered security flaws, with some critical exploits that could be used to take full control of the devices and infiltrate enterprise networks. Despite patches being released, many routers remain exposed, creating a lucrative target for cyber attackers. How can these vulnerabilities impact businesses that rely on DrayTek routers for network security? Hackers are leveraging a critical Zimbra RCE vulnerability to backdoor servers through specially crafted emails that execute malicious commands, revealing widespread exploitation just days after a proof-of-concept was published. Notable security experts warn of attackers embedding harmful code in the email’s CC field, which the Zimbra server inadvertently executes. How are attackers camouflaging their malicious emails to slip through security measures unnoticed? # Stories Welcome back to our podcast. Today, we’re talking about a new cyber threat targeting HR professionals. Researchers at Trend Micro have uncovered a spear-phishing campaign where fake job applications deliver a JavaScript backdoor called More_eggs to recruiters. This malware, sold as malware-as-a-service by a group known as Golden Chickens, can steal credentials for online banking, email accounts, and IT admin accounts. What’s unique this time is that attackers are using spear-phishing emails to build trust, as observed in a case targeting a talent search lead in engineering. The attack sequence involves downloading a ZIP file from a deceptive URL, leading to the execution of the More_eggs backdoor. This malware probes the host system, connects to a command-and-control server, and can download additional malicious payloads. Trend Micro’s findings highlight the persistent and evolving nature of these attacks, which are difficult to attribute because multiple threat actors can use the same toolkits. The latest insights also connect these activities to known cybercrime groups like FIN6. Stay vigilant, especially if you work in HR or recruitment. 1. **Spear-Phishing**: – **Definition**: A targeted phishing attack aiming at specific individuals or companies, typically using information about the victim to make fraudulent messages more convincing. – **Importance**: This method is specifically dangerous because it can trick even tech-savvy users by exploiting personalized details, leading to significant security breaches like credential theft. 2. **More_eggs**: – **Definition**: A JavaScript backdoor malware sold as a malware-as-a-service (MaaS) with capabilities to siphon credentials and provide unauthorized access to infected systems. – **Importance**: Due to its ability to latently steal sensitive information and its widespread use by various e-crime groups, More_eggs represents a significant threat to corporate cybersecurity. 3. **Malware-as-a-Service (MaaS)**: – **Definition**: A business model where malicious software is developed and sold to cybercriminals who can then use it to conduct attacks. – **Importance**: This model lowers the barrier of entry for cybercriminals, allowing even those with limited technical skills to launch sophisticated attacks using pre-made malware. 4. **Golden Chickens**: – **Definition**: A cybercriminal group (also known as Venom Spider) attributed with developing and distributing the More_eggs malware. – **Importance**: Understanding threat actors like Golden Chickens can help cybersecurity professionals anticipate and defend against specific threat tactics. 5. **Command-and-Control (C2) Server**: – **Definition**: A server used by threat actors to maintain communications with compromised systems within a target network to execute commands and control malware. – **Importance**: Disrupting C2 servers is crucial because it can cut off the attacker's control over their malware, mitigating the threat. 6. **LNK File**: – **Definition**: A shortcut file in Windows that points to another file or executable. – **Importance**: Misuse of LNK files in phishing campaigns can lead to automated execution of malicious payloads, making them an effective vector for malware distribution. 7. **PowerShell**: – **Definition**: A task automation framework from Microsoft consisting of a command-line shell and scripting language. – **Importance**: PowerShell is often used by attackers to execute and conceal malicious scripts due to its powerful capabilities and integration with Windows. 8. **Tactics, Techniques, and Procedures (TTPs)**: – **Definition**: The behavior patterns or methodologies used by cyber threat actors to achieve their goals. – **Importance**: Identifying TTPs helps security professionals understand, detect, and mitigate specific attack strategies used by threat actors. 9. **Obfuscation**: – **Definition**: The process of deliberately making code or data difficult to understand or interpret. – **Importance**: Obfuscation is commonly used by malware developers to conceal malicious activities and bypass security mechanisms. 10. **Cryptocurrency Miner**: – **Definition**: Software used to perform the computational work required to validate and add transactions to a blockchain ledger in exchange for cryptocurrency rewards. – **Importance**: Unauthorized cryptocurrency mining (cryptojacking) can misuse system resources for financial gain, leading to performance degradation and security vulnerabilities. — On today’s tech update: Microsoft has blocked upgrades to Windows 11 version 24H2 on certain systems due to gaming performance issues. Players of Asphalt 8 may encounter game crashes, while some systems running Easy Anti-Cheat might experience blue screens. These problems mainly affect devices with Intel Alder Lake+ processors. Until Microsoft resolves these issues, impacted users are advised not to manually upgrade using tools like the Media Creation Tool. Microsoft is working on fixes and will include them in upcoming updates. 1. **Windows 11 24H2**: A version of Microsoft’s Windows 11 operating system, released in the second half (H2) of 2024. It is significant because it represents Microsoft’s ongoing update cycle aimed at improving system performance and user experience, though it also highlights the challenges of software compatibility and stability. 2. **Asphalt 8 (Airborne)**: A popular racing video game often used for showcasing graphical and processing capabilities of devices. Its relevance lies in exposing potential software and hardware compatibility issues when new operating systems are released. 3. **Easy Anti-Cheat**: A software tool designed to detect and prevent cheating in multiplayer games. It is crucial for maintaining fair play and integrity in online gaming environments but can pose compatibility challenges with system updates. 4. **Blue Screen of Death (BSoD)**: An error screen displayed on Windows computers following a system crash. It is important as it signals serious software or hardware issues that could affect system stability and data integrity. 5. **Intel Alder Lake+ processors**: A generation of Intel’s microprocessors known for their hybrid architecture design. Understanding these chips is important for recognizing which systems might be more susceptible to the reported compatibility issues. 6. **vPro platform**: A set of Intel technologies aimed at enhancing business security and manageability. It’s critical to cybersecurity professionals because it allows for hardware-level encryption and more robust security management, but compatibility with OS updates can be problematic. 7. **MEMORY_MANAGEMENT error**: A specific type of error indicating system memory management problems, often leading to system crashes. It is crucial for cybersecurity and IT professionals as it affects the stability and reliability of a system. 8. **Compatibility holds (Safeguard IDs)**: Mechanisms employed by Microsoft to prevent system upgrades when known issues are detected. These are essential for protecting users from potential system failures and ensuring a stable computing environment. 9. **Media Creation Tool**: A Microsoft utility used for installing or upgrading Windows OS. It's important for IT professionals as it provides a means to manually deploy Windows updates, though it highlights the risks of bypassing automatic update safeguards. 10. **KB5043145 (Preview Update)**: A specific Windows update known to cause issues such as reboot loops and connection failures. Understanding these updates is crucial for maintaining system stability and ensuring that deployed systems are free from vulnerabilities and bugs. — In a recent cybersecurity alert, over 700,000 DrayTek routers have been identified as vulnerable to hacking due to 14 newly discovered security flaws. These vulnerabilities, found in both residential and enterprise routers, include two rated critical, with one receiving the maximum CVSS score of 10.0. This critical flaw involves a buffer overflow in the Web UI, potentially allowing remote code execution. Another significant vulnerability is OS command injection via communication binaries. The report highlights the widespread exposure of these routers’ web interfaces online, creating a tempting target for attackers, particularly in the U.S. DrayTek has released patches to address these vulnerabilities, urging users to apply updates, disable unnecessary remote access, and utilize security measures like ACLs and two-factor authentication. This development coincides with international cybersecurity agencies offering guidance to secure critical infrastructure, emphasizing the importance of safety, protecting valuable OT data, secure supply chains, and the role of people in cybersecurity. 1. **Vulnerability**: A weakness in a system or software that can be exploited by hackers. – **Importance**: Identifying vulnerabilities is crucial in cyber security because it helps protect systems from attacks. 2. **Router**: A device that routes data from one network to another, directing traffic on the internet. – **Importance**: Routers are essential for internet connectivity and their security is vital to prevent unauthorized access to networks. 3. **Buffer Overflow**: A coding error where a program writes more data to a buffer than it can hold, potentially leading to system crashes or unauthorized code execution. – **Importance**: Buffer overflows are common vulnerabilities that can be exploited to gain control of a system. 4. **Remote Code Execution (RCE)**: A type of vulnerability that allows an attacker to execute code on a remote system without authorization. – **Importance**: RCE vulnerabilities are highly critical as they enable attackers to take over affected systems. 5. **Cross-site Scripting (XSS)**: A web security vulnerability that allows attackers to inject malicious scripts into content from otherwise trusted websites. – **Importance**: XSS can be used to steal information, deface websites, and spread malware. 6. **Adversary-in-the-Middle (AitM) Attack**: An attack where the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. – **Importance**: AitM attacks can lead to data theft, man-in-the-middle proxy attacks, and unauthorized access to sensitive information. 7. **Denial-of-Service (DoS)**: An attack intended to shut down a machine or network, making it inaccessible to its intended users. – **Importance**: DoS attacks disrupt the availability of services and can cause significant downtime and financial loss. 8. **Access Control List (ACL)**: A list of permissions attached to an object that specifies which users or system processes can access the object and what operations they can perform. – **Importance**: ACLs are crucial for implementing security policies to control access to resources. 9. **Two-Factor Authentication (2FA)**: A security process in which the user provides two different authentication factors to verify themselves. – **Importance**: 2FA improves security by adding an additional layer of verification, making it harder for attackers to gain unauthorized access. 10. **Operational Technology (OT)**: Hardware and software that detects or causes changes through direct monitoring and control of physical devices, processes, and events in an enterprise. – **Importance**: OT security is critical for the functioning and safety of critical infrastructure systems, such as those in manufacturing, power generation, and transportation. — Today, we’re discussing a critical remote code execution (RCE) vulnerability in Zimbra email servers, tracked as CVE-2024-45519, which hackers are actively exploiting. This flaw allows attackers to trigger malicious commands simply by sending specially crafted emails, which are processed by Zimbra’s post journal service. First flagged by Ivan Kwiatkowski of HarfangLab and confirmed by Proofpoint, the exploit involves spoofed emails with commands hidden in the “CC” field. Once processed, these emails deliver a webshell to the server, giving attackers full access for data theft or further network infiltration. A proof-of-concept exploit was released by Project Discovery on September 27, prompting immediate malicious activity. Administrators are urged to apply security updates released in Zimbra’s latest versions—9.0.0 Patch 41 and later—or disable the vulnerable postjournal service and ensure secure network configurations to mitigate the threat. Stay vigilant and update your Zimbra servers immediately to protect against this critical vulnerability. 1. **Remote Code Execution (RCE)** – **Definition**: A type of security vulnerability that enables attackers to run arbitrary code on a targeted server or computer. – **Importance**: This flaw can be exploited to gain full control over the affected machine, leading to data theft, unauthorized access, and further network penetration. 2. **Zimbra** – **Definition**: An open-source email, calendaring, and collaboration platform. – **Importance**: Popular among organizations for its integrated communication tools, making it a significant target for cyberattacks due to the sensitive data it handles. 3. **SMTP (Simple Mail Transfer Protocol)** – **Definition**: A protocol used to send and route emails across networks. – **Importance**: Integral to email services, its exploitation can deliver malicious content to servers and users, forming a vector for cyber-attacks. 4. **Postjournal Service** – **Definition**: A service within Zimbra used to parse incoming emails over SMTP. – **Importance**: Its vulnerability can be leveraged to execute arbitrary commands, making it a crucial attack point for hackers. 5. **Proof-of-Concept (PoC)** – **Definition**: A demonstration exploit showing that a vulnerability can be successfully taken advantage of. – **Importance**: PoC exploits serve as proof that theoretical vulnerabilities are practical and dangerous, necessitating urgent security responses. 6. **Base64 Encoding** – **Definition**: A method of encoding binary data into an ASCII string format. – **Importance**: Often used to encode commands within emails or other data streams to evade basic security detections. 7. **Webshell** – **Definition**: A type of malicious script that provides attackers with remote access to a compromised server. – **Importance**: Webshells afford attackers sustained control over a server, allowing for ongoing data theft, disruptions, and further exploits. 8. **CVE (Common Vulnerabilities and Exposures)** – **Definition**: A list of publicly known cybersecurity vulnerabilities and exposures, identified by unique CVE IDs. – **Importance**: Helps standardize and track security issues, facilitating communication and management of vulnerabilities across the cybersecurity community. 9. **Patch** – **Definition**: An update to software aimed at fixing security vulnerabilities or bugs. – **Importance**: Patching vulnerabilities is critical for protecting systems from attacks exploiting known security flaws. 10. **Execvp Function** – **Definition**: A function in Unix-like operating systems that executes commands with an argument vector, featuring improved input sanitization. – **Importance**: By replacing vulnerable functions like ‘popen,’ ‘execvp’ helps prevent the execution of malicious code, thus enhancing system security. —

On this week's episode, I cover the possibility of security changes to the Windows OS being announced soon, I dive into fixes for some of the previously reported issues caused by Windows Updates and much more! Reference Links: https://www.rorymon.com/blog/sonicwall-vulnerability-disclosed-macs-move-to-16gb-standard-new-crowdstrike-incident/

2024 年 4 月に公開された、Windows OS にて管理者権限の奪取が可能となる脆弱性を悪用するエクスプロイトコードが公開されています。

In today's episode, we discuss fake browser updates distributing BitRAT and Lumma Stealer via Discord (https://thehackernews.com/2024/06/beware-fake-browser-updates-deliver.html), a malicious npm package targeting Gulp users with a RAT (https://thehackernews.com/2024/06/researchers-uncover-rat-dropping-npm.html), and the high-severity Atlassian Confluence RCE vulnerability (CVE-2024-21683) for which a PoC is now available (https://www.helpnetsecurity.com/2024/06/03/cve-2024-21683-poc/). Tune in to learn about these critical cybersecurity threats and how you can protect your systems.Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Browser Updates, Cybersecurity Threat, BitRAT, Lumma Stealer, eSentire, Fake Browser Updates, Discord, Malicious npm Package, Gulp Toolkit, Remote Access Trojans, Software Supply Chain Attacks, CVE-2024-21683, Atlassian Confluence, Remote Code Execution, Cyber Attackers, Cybersecurity Researchers, Downloader Malware, Exploit, Developer Security, Cyber Attack Mitigation Search Phrases: How to avoid fake browser updates BitRAT malware detection What is Lumma Stealer Discord used for malware distribution Malicious npm packages 2024 Latest remote access trojans CVE-2024-21683 Atlassian Confluence vulnerability Protect against software supply chain attacks eSentire cybersecurity report Remote code execution in Atlassian Confluence https://thehackernews.com/2024/06/beware-fake-browser-updates-deliver.html Rise of Fake Browser Updates as Malware Vectors: Cybercriminals now use fake browser updates to distribute BitRAT and Lumma Stealer malware. These attacks typically start when users visit compromised websites that redirect them to fraudulent update pages. Actionable Insight: Avoid downloading updates from unfamiliar sources; always verify the legitimacy of update prompts through official channels. Discord as a Malware Distribution Platform: Attackers use Discord to host malicious files, leveraging its widespread use among legitimate users. Bitdefender found over 50,000 harmful links on Discord in the past six months. Actionable Insight: Exercise caution when downloading files from Discord and report suspicious links to platform moderators. Sophisticated Attack Chain Mechanisms: Attacks involve JavaScript and PowerShell scripts within ZIP files to execute malware. These scripts load additional payloads disguised as PNG image files, adding a layer of obfuscation. Actionable Insight: Use advanced endpoint protection that can detect and mitigate script-based attacks. BitRAT and Lumma Stealer Capabilities: BitRAT can harvest data, mine cryptocurrency, and take control of infected devices. Lumma Stealer, available for rent, steals information from web browsers and crypto wallets. Actionable Insight: Regularly update and patch software, employ strong passwords, and use multi-factor authentication to protect sensitive information. Emerging Threats: Drive-by Downloads and Malvertising: Fake browser update attacks often utilize drive-by downloads and malvertising techniques. Recent campaigns trick users into manually executing malicious PowerShell code under the guise of browser updates. Actionable Insight: Educate users on the risks of drive-by downloads and ensure robust network defenses are in place. Lumma Stealer's Growing Popularity: Lumma Stealer logs for sale increased by 110% from Q3 to Q4 2023, indicating its effectiveness and high success rate. Actionable Insight: Implement continuous monitoring and threat intelligence to detect and respond to emerging threats promptly. Exploiting Pirated Software: Attackers use pirated software and adult game installers to distribute various malware, including Orcus RAT and XMRig miner. Actionable Insight: Avoid using pirated software and educate users about the risks involved. CryptoChameleon's DNSPod Utilization: CryptoChameleon uses DNSPod servers for fast flux evasion, making it difficult to track and mitigate. Actionable Insight: Employ advanced DNS security measures and stay updated on threat actor tactics to enhance detection capabilities. Malicious npm Package Alert: Cybersecurity researchers discovered a suspicious npm package named "glup-debugger-log" targeting Gulp users. This package aims to drop a remote access trojan (RAT) on compromised systems. [Source: Phylum] Target Audience: The malicious package specifically targets developers using the Gulp toolkit by posing as a logger for Gulp plugins. So far, it has been downloaded 175 times. [Source: Phylum] Technical Breakdown: The package contains two obfuscated files working together. One file acts as an initial dropper to compromise the target machine and download additional malware. The other file provides persistent remote access to the attacker. [Source: Phylum] Detection Evasion: The malware includes checks for network interfaces, specific Windows OS types, and the number of files in the Desktop folder. This step likely aims to avoid deployment in controlled environments like virtual machines (VMs) or new installations. [Source: Phylum] Persistence Mechanism: If all checks pass, the malware launches another script to set up persistence and execute commands from a URL or local file. It establishes an HTTP server on port 3004 to listen for incoming commands. [Source: Phylum] Capabilities: The RAT can execute arbitrary commands and send the output back to the attacker. Despite its minimal functionality, the malware is sophisticated due to its obfuscation techniques and targeted approach. [Source: Phylum] Industry Implications: This discovery highlights the evolving landscape of malware in open-source ecosystems. Attackers are increasingly using clever techniques to create compact, efficient, and stealthy malware. [Source: Phylum] Critical Update Alert: If you self-host Atlassian Confluence Server or Data Center, immediately upgrade to the latest version to fix a remote code execution (RCE) flaw, CVE-2024-21683. The PoC and technical details are already public. (Source: SonicWall) Vulnerability Details: CVE-2024-21683 allows attackers to exploit Confluence via a specially crafted JavaScript language file, with no user interaction required. However, attackers must be logged in and have privileges to add new macro languages. (Source: SonicWall) Technical Insight: The flaw lies in the input validation mechanism of the 'Add a new language' function in the 'Configure Code Macro' section. Insufficient validation allows the injection of malicious Java code. (Source: SonicWall) Exploit Conditions: To exploit, an attacker needs network access to the system, the ability to add new macro languages, and a forged JavaScript file containing malicious Java code. (Source: SonicWall) Proof of Concept: A working PoC is available on GitHub, showcased by security researcher Huong Kieu, highlighting the ease with which this vulnerability can be weaponized. (Source: GitHub) Upgrade Urgency: Given Confluence's critical role in many organizations' knowledge bases, users are strongly advised to upgrade to the latest versions as per the vendor advisory to mitigate potential exploits. (Source: SonicWall) Impact and Mitigation: The vulnerability has a high impact on system confidentiality, integrity, and availability. SonicWall has released IPS signatures (4437 and 4438) to protect against exploitation. (Source: SonicWall) Listener Engagement: Have you upgraded your Confluence instance yet? What's your strategy for handling such critical updates? Share your thoughts with us!

  How Big Tech Co's Make Money - Magnificent 7 - MSFT, FB, NVDA, Apple, Google, Amzn, Tesla AZ TRT S05 EP19 (234) 5-12-2024    What We Learned This Week: Tech Stocks - 7 Big Market Cap Stocks make up 29% of S&P Google, Microsoft & Amazon are biggest Co‘s in Cloud Service Tesla is the biggest EV Car Co,, & Apple biggest in Smart Phones Nvidia is the AI Superchip tech company Google & Meta / FB are the biggest advertising co‘s in the world     Notes:   Breakdown of Revenue Sources, Market Cap / CEO / Start   Google / Alphabet  – ads / search, playstore, hardware, services, YouTube premium content + TV, cloud Microsoft – gaming, services, software, devices, cloud Apple – devices, services, apps Nvidia – AI Chips, Graphic Cards, & components Tesla – EV Cars Amazon – E Commerce, cloud, services Meta / Facebook – ads, devices       Big drops in two of the Magnificent Seven stocks haven't dented the group's influence on the S&P 500. In fact, the trendy stocks dominate now more than ever. The seven megacap stocks — Microsoft (MSFT), Apple (AAPL), Nvidia (NVDA), Alphabet (GOOG), Amazon.com (AMZN), Meta (META) and Tesla (TSLA) — account for 29.7% of the S&P 500 as of April 17, says Datatrek Research. That's up from the group's 27.9% weight in the S&P 500 in 2023. Seeing the group's hold over the world's most popular index grow this year might surprise you. Shares of Tesla are down 37.4%. "Despite all the buzz around the death of the 'Magnificent 7,' U.S. big tech is actually a more dominant force in American stock markets than at the end of 2023," said Nicholas Colas of Datatrek in a report.   Source:4/2024 -  https://www.investors.com/etfs-and-funds/sectors/sp500-magnificent-7-stocks-dominate-even-more-now/       Google CEO Sundar Pinchai c 1998 Sergey Brin and Larry Page Mkt Cap $2.1 Tr   Source: https://www.oberlo.com/statistics/how-does-google-make-money Google / Alphabet  – ads / search 56% of rev at $175 bil in 2023, playstore, hardware, services, YouTube premium content + TV, cloud 11% of rev at $31 bil   Google revenue breakdown: top Google revenue sources in 2023 Ads ·         Ads (Google Search & other properties): $175.03 billion (56.9%) ·         YouTube ads: $31.51 billion (10.3%) ·         Google Network ads: $31.31 billion (10.2%) Google subscriptions, platforms, and devices: $34.69 billion (11.3%) Google Cloud: $33.09 billion (10.8%) Other bets: $1.53 billion (0.5%) Hedging gains: $236 million (0.1%)   Source: https://www.investopedia.com/articles/investing/020515/business-google.asp   KEY TAKEAWAYS Alphabet is a collection of different companies, including the popular search engine Google. The company leverages its search, web browsing, mobile operating systems, and cloud computing to make money through the sale of advertising and various service fees. Advertising generates the majority of revenue, but Google Cloud revenues are growing rapidly. The company has three reportable segments: Google Services, Google Cloud, and Other Bets. Google Services is the most profitable while Google Cloud and Other Bets often post operating losses.       Microsoft CEO Satya Nadella. C 1975 Bill Gates / Paul Allen Mkt Cap 3.1 tr   KEY TAKEAWAYS Microsoft sells computing devices, cloud systems and services, software, and other products to consumers and businesses. The company's Intelligent Cloud segment is the largest source of profit, as well as the fastest-growing. Microsoft is focused on delivering AI solutions to customers in a broad swath of industries. Some of its many competitors include Apple, Amazon, Meta, Alphabet, Oracle, and IBM. Microsoft's current CEO is Satya Nadella.   Source: https://www.investopedia.com/how-microsoft-makes-money-4798809   Source: https://techbehemoths.com/blog/how-microsoft-makes-billions   First thing's first and just before we dive into the financial story, we should identify the major sources of revenue Microsoft has:  ·         Cloud computing - The entire business suite of Microsoft is focused on cloud services. Microsoft Azure for example is the leading direction in the company's cloud services. But, things are more complicated ·         Windows OS - from Windows 95 till 10th version is only 15 years. And in May 2021 with the 21H1 update rumors are saying that the next thing that will happen in Autumn 2021 is the release of Windows 11. It was and continues to be one of the largest sources of revenue for Microsoft.  ·         Microsoft Teams - An alternative to Slack, some would say, but Microsoft is putting more than just a comfortable chat for users. It is designed to become a digital environment for companies and employees of any company in the world.  ·         Xbox - the gaming industry is growing, and Microsoft couldn't stay apart from this topic. Sony needed competition and Xbox is the best possible alternative to it at the moment ·         LinkedIn - Since 2016 when Microsoft acquired LinkedIn, the professional social network continued to grow and became a unique and indispensable tool for HR professionals all over the world.  ·         Minecraft - as if Xbox was not enough, Microsoft dive into the gaming industry even more with Minecraft.  So, there is a good portfolio for Microsoft which in its turn provides a series of exclusive services, or competitive Microsoft Azure is a top cloud service provider competing with Google Cloud and AWS from Amazon.   Revenue of Microsoft broken down by segment 2012-2023 Published by  Lionel Sujay Vailshery,  Mar 27, 2024  In its 2023 financial year, Microsoft generated 69 billion U.S. dollars from its productivity and business processes segment and a further 88 billion through its intelligent cloud segment. Thanks in part to the rapid growth in these two areas, 2023 proved to be the company's most successful year ever in terms of annual revenue, with the total figure reaching over 211 billion dollars.   Source: https://www.visualcapitalist.com/microsofts-revenue-by-product-line/   Microsoft's Most Lucrative Business Segments In 2023, Microsoft revenues soared to a record $211 billion as demand for AI services accelerated. As one of the world's largest companies by market cap, Microsoft reached a $2.8 trillion valuation as investors flocked to big tech and AI-related stocks last year. Amid strong growth, here's how much revenue was generated from Microsoft's product lines in 2023: Product LIne FY2023 Revenue Share of Revenue Cloud Computing Services $80B 38% Cloud Office Suite Software $49B 23% Operating Systems $22B 10% Gaming Consoles $15B 7% Employment Listing Platform $15B 7% AI-Enabled Search Engine $12B 6% Other $19B 9% Total Revenue $211B 100%   Source: https://blogs.microsoft.com/blog/2023/01/23/microsoftandopenaiextendpartnership/   Microsoft and OpenAI This agreement follows our previous investments in 2019 and 2021. It extends our ongoing collaboration across AI supercomputing and research and enables each of us to independently commercialize the resulting advanced AI technologies. ·         Supercomputing at scale – Microsoft will increase our investments in the development and deployment of specialized supercomputing systems to accelerate OpenAI's groundbreaking independent AI research. We will also continue to build out Azure's leading AI infrastructure to help customers build and deploy their AI applications on a global scale. ·         New AI-powered experiences – Microsoft will deploy OpenAI's models across our consumer and enterprise products and introduce new categories of digital experiences built on OpenAI's technology. This includes Microsoft's Azure OpenAI Service, which empowers developers to build cutting-edge AI applications through direct access to OpenAI models backed by Azure's trusted, enterprise-grade capabilities and AI-optimized infrastructure and tools. ·         Exclusive cloud provider – As OpenAI's exclusive cloud provider, Azure will power all OpenAI workloads across research, products and API services.       Meta / FB - Mark Zuckerburg + others c 2/2004 Mkt Cap 1.2 tr   Source: https://www.investopedia.com/ask/answers/120114/how-does-facebook-fb-make-money.asp KEY TAKEAWAYS Meta Platforms sells ads on social media websites and mobile applications and also sells augmented- and virtual-reality products and services. Advertising sales are the primary source of Meta's revenue. Facebook reported in 2021 that it lost daily active users for the first time in its history. Reality Labs is Meta's augmented and virtual reality technologies segment, which features and sells products such as the Oculus VR headset. Meta discloses data about the diversity and inclusion of its general management and employees.   Instagram, Messenger, WhatsApp  In 2023, the revenue general by Meta Platforms (formerly known as Facebook Inc.) amounted to roughly 134 billion US dollars, up from around 116 billion U.S. dollars in the previous fiscal year. In 2022, Meta's revenue stood at 117.9 billion USD.   Meta Revenue Breakdown 2022 % Advertising $113.64B 97.5% Other revenue (payments and fees) $809MM 0.7% Reality Labs (primarily sales of Oculus, now called Meta Quest) $2.16B 1.9% Total $116.6B         Apple c 1976 Steve Jobs and Steve Woz CEO Tim Cook Mkt Cap 2.9 tr   Source: https://www.tutor2u.net/economics/reference/why-is-apple-so-profitable#:~: . Diversified revenue streams: Apple generates revenue from a variety of different sources, including iPhone sales, iPad sales, Mac sales, as well as services like the App Store, Apple Music, and iCloud. This diversification helps to minimise risk and ensure a steady stream of income for the company.   Source: https://www.investopedia.com/how-apple-makes-money-4798689 KEY TAKEAWAYS Apple sells smartphones, personal computers, tablets, wearables and accessories, as well as a variety of services. iPhones are Apple's biggest source of revenue by product. Apple's services business generates the highest gross margins compared to its products business. Apple faces antitrust challenges regarding its App Store and ongoing unionization attempts by its retail workers.   Apple Revenue iPhone Accessories Mac iPad iPod Services 2023 $200.6B $39.8B $29.3B $28.3B - $85.2B Total 2023 Rev - $382 B       Nvidia  c 1997 CEO Jenson Huang – Hong Mkt Cap 2.3 Tr   Source: https://www.investopedia.com/how-nvidia-makes-money-4799532   KEY TAKEAWAYS Compute and Networking, which includes artificial intelligence (AI), is Nvidia's biggest revenue generator. The graphics business segment is Nvidia's second largest revenue generator. Nvidia (NVDA) introduced graphics processing units, known as GPUs, a key component of PC architecture and large-scale applications. It designs and sells GPUs for gaming, cryptocurrency mining, and professional applications. It also sells chip systems for use in vehicles, robotics, and more.     Revenue $26 bil in 2023, and $60 bil in 2024 so far Graphics and computers / networking – gaming, data centers     Nvidia partners with all – Google, FB, Amazon, Dell, Tesla, OpenAI, Oracle Source: https://nvidianews.nvidia.com/news/nvidia-blackwell-platform-arrives-to-power-a-new-era-of-computing#:~: .   NVIDIA Blackwell Platform Arrives to Power a New Era of Computing March 18, 2024 Blackwell Innovations to Fuel Accelerated Computing and Generative AI Blackwell's six revolutionary technologies, which together enable AI training and real-time LLM inference for models scaling up to 10 trillion parameters, include: World's Most Powerful Chip — Packed with 208 billion transistors, Blackwell-architecture GPUs are manufactured using a custom-built 4NP TSMC process with two-reticle limit GPU dies connected by 10 TB/second chip-to-chip link into a single, unified GPU. Second-Generation Transformer Engine — Fueled by new micro-tensor scaling support and NVIDIA's advanced dynamic range management algorithms integrated into NVIDIA TensorRT™-LLM and NeMo Megatron frameworks, Blackwell will support double the compute and model sizes with new 4-bit floating point AI inference capabilities. Fifth-Generation NVLink — To accelerate performance for multitrillion-parameter and mixture-of-experts AI models, the latest iteration of NVIDIA NVLink® delivers groundbreaking 1.8TB/s bidirectional throughput per GPU, ensuring seamless high-speed communication among up to 576 GPUs for the most complex LLMs. RAS Engine — Blackwell-powered GPUs include a dedicated engine for reliability, availability and serviceability. Additionally, the Blackwell architecture adds capabilities at the chip level to utilize AI-based preventative maintenance to run diagnostics and forecast reliability issues. This maximizes system uptime and improves resiliency for massive-scale AI deployments to run uninterrupted for weeks or even months at a time and to reduce operating costs. Secure AI — Advanced confidential computing capabilities protect AI models and customer data without compromising performance, with support for new native interface encryption protocols, which are critical for privacy-sensitive industries like healthcare and financial services. Decompression Engine — A dedicated decompression engine supports the latest formats, accelerating database queries to deliver the highest performance in data analytics and data science. In the coming years, data processing, on which companies spend tens of billions of dollars annually, will be increasingly GPU-accelerated.   A Massive Superchip The NVIDIA GB200 Grace Blackwell Superchip connects two NVIDIA B200 Tensor Core GPUs to the NVIDIA Grace CPU over a 900GB/s ultra-low-power NVLink chip-to-chip interconnect. For the highest AI performance, GB200-powered systems can be connected with the NVIDIA Quantum-X800 InfiniBand and Spectrum™-X800 Ethernet platforms, also announced today, which deliver advanced networking at speeds up to 800Gb/s. The GB200 is a key component of the NVIDIA GB200 NVL72, a multi-node, liquid-cooled, rack-scale system for the most compute-intensive workloads. It combines 36 Grace Blackwell Superchips, which include 72 Blackwell GPUs and 36 Grace CPUs interconnected by fifth-generation NVLink.      Tesla c 7/2003 CEO Elon Musk Mkt Cap 567 bil   Source: https://fourweekmba.com/tesla-revenue-breakdown/   Revenue Breakdown 2023 Contribution Automotive Sales $78.5B 81% Regulatory Credits $1.79B 1.85% Leasing $2.12B 2.19% Services $8.32B 8.6% Energy generation and storage $6.03B 6.24% Total $96.77B     Source: https://www.investopedia.com/tesla-s-largest-revenue-source-is-automotive-sales   KEY TAKEAWAYS Tesla makes, sells, and services all-electric vehicles in the U.S., Europe, and China. It also sells energy generation products. The company gets the vast majority of its revenue and all of its profits from automotive sales. Tesla is experiencing rapid growth in China. Tesla is facing investigations from regulators in different countries concerning safety-related issues with the electric automaker's vehicles. The company was recently sued by a California regulatory agency on allegations of racial discrimination and harassment at its factory in Fremont, CA.     Amazon c 1994 by Jeff Bezos CEO Andy Jassy Mkt Cap 1.9 tr   Amazon Revenue Breakdown - $575 B in 2023 Online stores $231.87B     Physical stores $20.03B     Third-party seller services $140.05B    Subscription services   $40.21B    AWS $90.76B    Advertising $46.9B        Other2023   $4.96B   Source: https://www.investopedia.com/how-amazon-makes-money-4587523   KEY TAKEAWAYS Amazon makes money through its retail, subscriptions, and web services, among other channels. Retail remains Amazon's primary source of revenue, with online and physical stores together accounting for the biggest share. Amazon Web Services (AWS) currently generates the majority of Amazon's operating profits and is growing at a robust pace.     AWS Amazon Web Services offers a broad set of global cloud-based products including compute, storage, databases, analytics, networking, mobile, developer tools, management tools, IoT, security, and enterprise applications: on-demand, available in seconds, with pay-as-you-go pricing.       Tech Topic: https://brt-show.libsyn.com/category/Tech-Startup-VC-Cybersecurity-Energy-Science   Best of Tech: https://brt-show.libsyn.com/size/5/?search=best+of+tech     Investing Topic: https://brt-show.libsyn.com/category/Investing-Stocks-Bonds-Retirement     ‘Best Of' Topic: https://brt-show.libsyn.com/category/Best+of+BRT     Thanks for Listening. Please Subscribe to the BRT Podcast.     AZ Tech Roundtable 2.0 with Matt Battaglia The show where Entrepreneurs, Top Executives, Founders, and Investors come to share insights about the future of business.  AZ TRT 2.0 looks at the new trends in business, & how classic industries are evolving.  Common Topics Discussed: Startups, Founders, Funds & Venture Capital, Business, Entrepreneurship, Biotech, Blockchain / Crypto, Executive Comp, Investing, Stocks, Real Estate + Alternative Investments, and more…    AZ TRT Podcast Home Page: http://aztrtshow.com/ ‘Best Of' AZ TRT Podcast: Click Here Podcast on Google: Click Here Podcast on Spotify: Click Here                    More Info: https://www.economicknight.com/azpodcast/ KFNX Info: https://1100kfnx.com/weekend-featured-shows/   Disclaimer: The views and opinions expressed in this program are those of the Hosts, Guests and Speakers, and do not necessarily reflect the views or positions of any entities they represent (or affiliates, members, managers, employees or partners), or any Station, Podcast Platform, Website or Social Media that this show may air on. All information provided is for educational and entertainment purposes. Nothing said on this program should be considered advice or recommendations in: business, legal, real estate, crypto, tax accounting, investment, etc. Always seek the advice of a professional in all business ventures, including but not limited to: investments, tax, loans, legal, accounting, real estate, crypto, contracts, sales, marketing, other business arrangements, etc.  

In episode 180 of our SAP on Azure video podcast we talk about Azure Center for SAP Solutions, ACSS. ACSS has been around for quite some time now. We have lots of customers AND partners using it to monitor, control and operate their SAP landscapes on Azure. In this episode we have Kalyani Namuduri and Sagar Keswani with us from our engineering team in India who will recap what's available today and take a closer look at the Quality Check features and how they can help you operate your SAP system on Azure even better. Find all the links mentioned here: https://www.saponazurepodcast.de/episode180 Reach out to us for any feedback / questions: * Robert Boban: https://www.linkedin.com/in/rboban/ * Goran Condric: https://www.linkedin.com/in/gorancondric/ * Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/ #Microsoft #SAP #Azure #SAPonAzure #ACSS #Operation ## Summary created by AI * Azure Center for SAP Solutions (ACSS) overview: Kalyani and Sagar introduced ACSS as an end-to-end solution for deploying and managing SAP systems on Azure, with a logical representation of SAP systems as virtual instances for SAP solutions (VIS) and integration with various Azure services. * ACSS quality checks feature: Sagar demonstrated how ACSS runs quality checks on the infrastructure, OS, file system, pacemaker, and load balancer configurations of SAP systems and provides recommendations for best practices, alerts, and remediation actions. * ACSS quality insights workbook: Sagar showed how customers can access a workbook that provides a summary of the quality checks results, as well as detailed information on the compute, disk, and extension configurations of their SAP systems. * ACSS feedback and roadmap: Kalyani and Sagar invited customers to provide feedback and suggestions on ACSS, and mentioned that they are working on expanding the list of quality checks to cover more scenarios, such as Oracle, DB2, and Windows OS.

On this week's episode of the Window's Central Podcast, Dan and Zac discuss why we're not getting Windows 12 this year at least,  Microsoft being the world's most valuable company for the next five years, Google finally bringing native Arm64 support to Chrome on Windows, the latest Windows Insider updates, initial Apple Vision Pro reviews, how Apple's malicious compliance with new EU rules is ruffling feathers, and more! Links:  Windows 12 might not arrive in 2024 -Windows Central 13 market analysts unanimously vote that Microsoft will be the world's most valuable company in the next five years - Windows Central Google Chrome for Windows on Arm is FINALLY happening - Windows Central Microsoft's new Windows OS installation UI is actually 10 years old - Windows Central 'Apple's new policy is a step in the wrong direction.' - Windows Central Follow us on Twitter: @Daniel_Rubino @ZacBowden

Greetings, fellow guardians of digital security! Today, we embark on an exhilarating journey to unravel the enigmatic world of Microsoft Windows and the clandestine data-gathering practices it conceals. Windows 11 and Windows 10, cherished by millions worldwide, harbor a well-kept secret—they quietly amass your personal information. Fret not, my dear readers, for I have armed myself with invaluable insights to reinforce your privacy defenses. Let us embark on this adventure, empowering ourselves against the lurking risks! In this captivating exposé, we'll delve into the lesser-known VPN risks that emerge when using Windows OS. I'll share essential tips on fortifying your online privacy against prying eyes. But that's not all; we'll also uncover the art of using fake emails to keep your identity safe from snoopers. The intrigue heightens as we venture into the depths of the dark web with the Onion Network TOR Browser and Windows. And for those of you intrigued by the intersection of technology and transportation, we'll explore how Electric Vehicles impact the power grid, raising questions about data security. To all tech enthusiasts! As we shed light on the Hi-Tech Job Market and H1B Visas, we'll unearth potential security implications for professionals and employers alike. But that's not where our journey ends. Brace yourselves as we discuss the controversial topic, "Beware of Gen Z kills," and how it relates to digital privacy and cybersecurity. Finally, we'll delve into the fascinating world of Artificial Intelligence Tools and Zoom Meetings, unearthing both the marvels and risks associated with these innovations. Dear reader, this is no ordinary article. It's an odyssey that traverses the realms of technology and privacy, unveiling hidden truths and equipping you with the knowledge to safeguard your digital existence. So, join me as we unmask the Windows wardrobe and embark on a quest to preserve our online sanctity. Click the link above, and let's embark on this gripping adventure together! Click the title link below to delve into our comprehensive guide on "Unmasking the Windows Wardrobe: Your Data is The Show, Microsoft is The Spectator! Secure it Now!" Your digital safety awaits. Let's fortify together! You can also catch Craig at the following stations and channels: With Jim Polito at 0836 Tuesdays WTAG AM 580 - FM 94.9  Talk 1200 News Radio 920 & 104.7 FM WHJJ NewsRadio 560 WHYN WXTK Craigs Show Airs 0600 Saturday and Sunday With  Jeff Katz 1630 - Tuesdays WRVA 96.1 FM, 1140 AM   WGAN  Matt Gagnon 0730 Wednesdays Craigs Show Airs 1700 Saturday  WGIR 610 & News Radio 96.7 Chris Ryan 0730 Mondays  Craigs Show Airs 1130 Saturday  On the Internet: Tune-In (WGAN) Radio.com (WRVA) iHeartRadio (WGIR, WTAG, and other stations)

In an Oxide and Friends tradition, Bryan and Adam invite the community to share book recommendations.In addition to Bryan Cantrill and Adam Leventhal, speakers on included Steve Klabnik, Tom Lyon, Ian Grunert, Owen Anderson, phillipov, makowski, and saethlin. (Did we miss your name and/or get it wrong? Drop a PR!)Some of the topics we hit on, in the order that we hit them: Elon Jet High Noon: The Inside Story of Scott McNealy and the Rise of Sun Microsystems by Southwick, Karen Making PCR: A Story of Biotechnology by Paul Rabinow Sun Labs vs. SunSoft Water Fight 1992 Cyberville: Clicks, Culture, and the Creation of an Online Town Hardcover by Stacy Horn Built to Fail: The Inside Story of Blockbuster's Inevitable Bust Kindle Edition by Alan Payne A History of Silicon Valley - Vol 1: The 20th Century Paperback by Piero Scaruffi H-E-B Moby Dick by Herman Melville (Arion Press) A Psalm for the Wild-Built by Becky Chambers Endurance: Shackleton's Incredible Voyage by Alfred Lansing Into the Raging Sea: Thirty-Three Mariners, One Megastorm, and the Sinking of El Faro If Then: How the Simulmatics Corporation Invented the Future Hardcover by Jill Lepore UNIVAC and the 1952 Presidential Election NPR: The Night A Computer Predicted The Next President Doom Guy: Life in First Person by John Romero From Secret Ballot to Democracy Sausage: How Australia Got Compulsory Voting by Judith Brett Bryan had a reading list for his wedding?! (his wife confirms) The Fatal Shore by Robert Hughes Harp in the South by Ruth Park Cloudstreet by Tim Winton Death of the Lucky Country by Donald Horne 30 Days in Sydney by Peter Carey Leviathan by John Birmingham The Fatal Shore: The Epic of Australia's Founding by Robert Hughes Barbarians Led by Bill Gates by Jennifer Edstrom and, Marlin Eller Murray Sargent's account of how his Scroll Screen Tracer got Windows to work in protected mode Startup: A Silicon Valley Adventure by Jerry Kaplan DeviceScript Washington: A Life by Chernow California Burning: The Fall of Pacific Gas and Electric--and What It Means for America's Power Grid Command and Control: Nuclear Weapons, the Damascus Accident, and the Illusion of Safety by Eric Schlosser The Color of Law: A Forgotten History of How Our Government Segregated America by Richard Rothstein Acts of the Apostles: Mind over Matter: Volume Blue by John F.X. Sundman Thunder Below!: The USS Barb Revolutionizes Submarine Warfare in World War II by Eugene B. Fluckey Thinking, Fast and Slow by Daniel Kahneman The Man Who Solved the Market: How Jim Simons Launched the Quant Revolution by Gregory Zuckerman The Predictors: How a Band of Maverick Physicists Used Chaos Theory to Trade Their Way to a Fortune on Wall Street by Thomas A. Bass The Eudaemonic Pie: The Bizarre True Story of How a Band of Physicists and Computer Wizards Took On Las Vegas by Thomas A Bass Some of the other books mentioned in the Discord channel: Herr aller Dinge/Lord of All Things by Andreas Eschbach Debt: The First 5,000 Years by David Graeber The Sciences of the Artificial by Herbert A. Simon California Burning: The Fall of Pacific Gas and Electric--and What It Means for America's Power Grid by Katherine Blunt The Man Who Solved the Market: How Jim Simons Launched the Quant Revolution Hardcover by Gregory Zuckerman The Predictors: How a Band of Maverick Physicists Used Chaos Theory to Trade Their Way to a Fortune on Wall Street by Thomas A. Bass The Eudaemonic Pie: The Bizarre True Story of How a Band of Physicists and Computer Wizards Took On Las Vegas by Thomas A Bass Models.Behaving.Badly.: Why Confusing Illusion with Reality Can Lead to Disaster, on Wall Street and in Life by Emanuel Derman It's a Nonlinear World by Richard H. Enns Not technically books, but suggested reading nonetheless by folks in Discord: The Night A Computer Predicted The Next President by Steve Henn, NPR How a brilliant debugger (Scroll Screen Tracer by Murray Sargent) turned Windows OS into the IBM OS/2 crusher and gave Microsoft its killer product. DeviceScript: TypeScript for Tiny IoT Devices Bob and Ray | Slow Talkers of America | Audio Recording (YouTube) Ursula K. Le Guin The Maintenance Race by Stewart Brand If we got something wrong or missed something, please file a PR! Our next show will likely be on Monday at 5p Pacific Time on our Discord server; stay tuned to our Mastodon feeds for details, or subscribe to this calendar. We'd love to have you join us, as we always love to hear from new speakers!

Living in a machine's world makes an obsolete man out of all of us.  Topics include: Columbus 9/11 Truth Group, truthing, film fest, Wind Storm 08, drive to California, Google Video views, interview requests, The Obsolete Man, burning DVDs, computer programming languages, Tandy, early PCs, Windows OS, knowledge limited to using app interfaces, machine world, Battlestar Galactica, training algorithmic systems, AI bias, Elon Musk, internet troll ethos, 3D printing, sculpture, 3D modeling, Fusion 360, art, JFK, martial law for freedom, military dictatorship, Smedley Butler

Brand new episode!In this episode we used our beta AI software for Pioneer DJ gadgets. This is the first live try! This software gives you free hands and our patented algorithm shows how to mix music live without stress! If you more interested in this contact us via email below! Enjoy and subscribe for more!!!Donate us on PayPal: https://www.paypal.me/iamquantom Follow our social media:https://instagram.com/iamquantomhttps://www.instagram.com/technocollectiverecords/https://www.instagram.com/wandeepsessionofficial/https://soundcloud.com/quantomofficialhttps://www.youtube.com/channel/UC3-KJIB3z5jM4WpBI-TKoTQFollow our Spotify Playlist: https://open.spotify.com/playlist/4i4M6A9QvdIAgOStjjWQPrTAG #wandeepsession on IGFollow our group on Telegram for more music: https://t.me/wanderlustrecordsListen the new single " Set Me Free " by QUANTOMhttps://open.spotify.com/track/31lz0wfLlcQOb8FyFaVxrK?si=cee31ee88b7a4b65or BUY on Beatport:https://www.beatport.com/track/set-me-free/17248579If you want to have a guestmix in our session, just send us link with 1,5h - 2h of your mix (WAV) including tracklist.Email: wanderlustrecords@outlook.comNote that WAN DEEP SESSION™ is the original and very first successful Techno show in the Czech Republic & only the #1 in your techno collection. For any business inquiries email to hello@quantom-production.comMIXED BY OUR NEW AI SOFTWARE "Nocturnal AI App" coming soon on Windows OS and MacOS - rekordbox app support. If you are interested in this or you want to invest in this project, contact us on info@nocturnalaidj.com © Techno Collective Records a division of Wanderlust Records Ltd. 2017-2023 All Rights Reserved

　Weekly newsletter #123 → https://net1us.substack.com/p/weekly-newsletter-123 　・TikTok CEOが公聴会に出席するも疑念は晴れず 　・生成型AIへの訴訟が始まる 　・ビル・ゲイツ - ChatGPTはWindows OS以来の快挙 　・VerisonとAT&T、景気後退のためファイバー敷設を縮小 　 　匿名メッセージはこちらから → marshmallow-qa.com/bayareanews_n1 　Twitterアカウント → twitter.com/BayAreaNews_n1 　コメント、フォローよろしくお願いします！ --- Send in a voice message: https://podcasters.spotify.com/pod/show/net1us/message

ServerWhere.com (SW) platform added Netherlands Dedicated Server Hosting, Private Cloud infrastructure, and Public Cloud Servers connected to 10-gigabit network ports to its service portfolio. SW's Clients can customize their bandwidth commitment starting with 1 Gbps and scaling up to a full 10-gigabit network.The budget 10 Gbps bare-metal server features Intel Single Xeon E5-2640v4, with 10 cores and 20 Threads at 2.4 GHz, 64 GB RAM and 1.92 TB enterprise SSD disk, and a 2 Gbps dedicated internet network.ServerWhere's clients can also get an AMD-powered server. The entry-level 10 Gbps Dedicated Server with AMD CPU features EPYC 7402P processor with 24 Cores, 48 Threads, 2.80Ghz, 32 GB RAM, two 480 enterprise SSD drives configurable in RAID 0 or RAID 1, and a 1 Gbps dedicated internet connection, scalable to 10 Gbps.The SW platform users can use a Linux OS or a Windows OS. Other available customizations are a choice of IPv4 and IPv6 address space, Web server software, backup storage, Management service, etc. All 10 Gbps-powered servers are Cloud-ready. They can be customized with VMware ESXi, Proxmox VE, or any other enterprise virtualization, and transformed into dedicated Cloud infrastructures. The storage solutions offered by SW include local, network-attached, or hyper-converged storage.In the Netherlands, the SW platform uses the EXA data center in Amsterdam and Greenhouse Datacenters in The Hague to deliver dedicated and cloud hosting services.ServerWhere has recently announced the availability of 1 Gbps Unmetered Dedicated Servers in Italy. About ServerWhere.comSW is the leading global digital currency-powered platform for delivering custom-built Cloud Servers and physical Dedicated Servers. SW increases the value of cryptocurrencies. The SW's IaaS platform charges its customers for the IT infrastructure services it provides only in cryptocurrencies and does not use fiat currencies.

On The Cloud Pod this week, Amazon announces Amazon Inspector's new support of Windows OS for continual software vulnerability scanning of EC2 workloads, Google has several exciting announcements regarding Chronicle, Azure is announcing pretty much everything under the sun, and Oracle announces OCI Lake in beta. Thank you to our sponsor, Foghorn Consulting, which provides top notch cloud and DevOps engineers to the world's most innovative companies. Initiatives stalled because you're having trouble hiring? Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week. Episode Highlights ⏰  Amazon Inspector now supports Windows operating system (OS) for continual software vulnerability scanning of EC2 workloads. ⏰  Google makes 3 announcements about Chronicle. ⏰  Azure has three–yes, three–new releases this week. ⏰ Oracle announces OCI Lake in beta. Top Quote

Industrial control system (ICS) security practitioners are responsible for securing mission-critical SCADA and ICS information systems. They are responsible for restricting digital and physical access to ICS devices, such as PLCs and RTUs, to maximize system uptime and availability. Extensive knowledge of OT and IT protocols, incident response, Linux and Windows OS, configuration management, air-gapped or closed networks, insider threats and physical security controls are important competencies for any ICS security practitioner.Learn more: https://www.infosecinstitute.com/skills/train-for-your-role/ics-security/O:00 - ICS security practitioners 0:25 - What is an industrial control system practitioner?2:22 - How to become an ICS practitioner 4:00 - Education required for an ICS practitioner 5:00 - Soft skills ICS practitioners need6:05 - Common tools ICS practitioners use 7:59 - Where do ICS practitioners work? 10:05 - Can I move to another role after ICS practitioner? 12:18 - Getting started as an ICS practitioner About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It's our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Podcast: Cyber Work (LS 43 · TOP 1.5% what is this?)Episode: What does an ICS security practitioner do? | Cybersecurity Career SeriesPub date: 2022-05-09Industrial control system (ICS) security practitioners are responsible for securing mission-critical SCADA and ICS information systems. They are responsible for restricting digital and physical access to ICS devices, such as PLCs and RTUs, to maximize system uptime and availability. Extensive knowledge of OT and IT protocols, incident response, Linux and Windows OS, configuration management, air-gapped or closed networks, insider threats and physical security controls are important competencies for any ICS security practitioner.Learn more: https://www.infosecinstitute.com/skills/train-for-your-role/ics-security/O:00 - ICS security practitioners 0:25 - What is an industrial control system practitioner?2:22 - How to become an ICS practitioner 4:00 - Education required for an ICS practitioner 5:00 - Soft skills ICS practitioners need6:05 - Common tools ICS practitioners use 7:59 - Where do ICS practitioners work? 10:05 - Can I move to another role after ICS practitioner? 12:18 - Getting started as an ICS practitioner About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It's our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.The podcast and artwork embedded on this page are from Infosec, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode, Actualize Consulting's Senior Manager Rob Granger and Senior Consultant Hunter Brown discuss automation in the treasury space and how API and RPA can be integrated into your TMS digital transformation.Listen to learn:-          Costs and benefits of current technologies-          Why API and RPA are key players in TMS automation-          How to avoid over-automation and optimize technologyAbout Rob Granger-          Rob is a Senior Manager at Actualize Consulting with over ten years working in financial technology with Treasury Management Software in multiple capacities as a developer, scrum master, and implementation consultant. His combination of technical and business expertise allows him to solve complex problems with any technical team and explore issues and requirements with business users. -          Email: rgranger@actualizeconsulting.comAbout Hunter Brown-           Hunter is a Senior Consultant at Actualize Consulting and a versatile IT Specialist with progressive experience in Windows OS, Linux, project management, and business analysis. He utilizes his treasury and banking background to analyze current state business processes and adapt for efficiency and regulatory compliance. His in-depth expertise ensures timely support and upkeep of new and existing enterprise applications.-          Email: hbrown@actualizeconsulting.comThanks for listening to this episode of the Actualizing Success Podcast! We hope you enjoyed the discussion and come back for more. In the meantime, don't forget to rate this episode and leave a review to let us know how you like it. If you have any questions, please contact Jay or Joe.More Info:Website: www.actualizeconsulting.comIf you have any questions or comments, we'd love to hear from you. You can contact us at podcast@actualizeconsulting.com

  Microsoft: 0:53 - Windows OS versions still in use   Apple: 5:42 - Apple claims to care about your security   General Tech: 14:07 - Meta is taking all the money - John Oliver on data privacy   Google: 21:36 - Pixel Watch could be coming soon   Gaming: 26:36 - Nintendo and Sony are also adding the canceling auto renew option similar to Microsoft - Microsoft may be adding ads to certain games - Arcane on Netflix - Rovio Classics: Angry Birds is back on iOS and Android     https://www.patreon.com/callingallplatforms    T-Shirts!   Contact: podcast@callingallplatforms.com Social: Facebook Twitter YouTube   Apple Podcasts Google Podcasts Spotify Android    

On The Cloud Pod this week, the team discusses Peter's concept of fun. Plus digital adventures with AWS Cloud Quest game, much-wanted Google price increases, and a labyrinthine run-through of the details of Azure Health Data Services. A big thanks to this week's sponsor, Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights

We have a chill episode of the GoGCast for you this week. We check out the games announced during the latest PlayStation State of Play, do a shocked Pikachu face as we learn that the Microsoft acquisition spawned some insider trading at ActiVision-Blizzard and vibe to our favourite Square Enix game soundtrack thanks to the new official YouTube account. What is Everyone Playing? (00:19:40) This Week's News (00:40:07) PlayStation State of Play (00:40:07) ActiVision-Blizzard share-holders being investigated for insider trading (00:55:14) Chill beats to farm materia to: Square Enix started a YT Music channel (00:58:23) Windows drivers now available on SteamDeck (Can install Windows OS) (01:01:51) Outro and Wrap-up (01:05:51) -- Thanks for listening! The GoGCast comes out weekly so make sure to subscribe and you won't miss an episode. For more about us, Girls on Games, check out girlsongames.ca. Find our Merch at http://www.designbyhumans.com/shop/GirlsOnGames/ Buy us a Ko-Fi at https://ko-fi.com/girlsongames

Welcome to episode 245 (“Roblox as Metaverse”) of the EdTech Situation Room from January 12, 2022, where technology news meets educational analysis. This week Jason Neiffer (@techsavvyteach) and Wesley Fryer (@wfryer) discussed a recent explosive Guardian article about Roblox and child labor. Rumored Apple glasses which auto-adjust to a user's prescription, Windows 11 post-install tips, a hotel chain which ransomware inspired to drop WindowsOS for ChromeOS, and a Google Street View mafia arrest story were also highlighted article topics. Improvements to Google File Stream for Google Drive, live translated captions in Google Meet, T-Mobile's blocking of iCloud Private Relay, and the overwhelming seriousness of the LOG4J security vulneratibility were topics rounding out this weeks' show. Geeks of the Week included the DD-WRT open source router firmware project, the Milkeshake web design app, and Infinite Painter software. Our show was live streamed and archived simultaneously on YouTube Live as well as our Facebook Live page via StreamYard.com, and compressed to a smaller video version (about 100MB) on AmazonS3 using Handbrake software. Please follow us on Twitter @edtechSR for updates, and join us LIVE on Wednesday nights (normally) if you can at 10 pm Eastern / 9 pm Central / 8 pm Mountain / 7 pm Pacific or 3 am UTC. All shownotes are available on http://edtechSR.com/links. Please sign up for our NEW SubStack newsletter to receive all our show links each week in your inbox, including links we are not able to discuss on edtechsr.substack.com. Stay savvy and safe!

How do you develop strong relationships that keep the family thriving for generations? David Bentall joins me today to bring some insight into just that with his years of multi-generational family business experience! For more than two decades, David worked in his family's real estate and construction business, and during his tenure as President and CEO of Dominion Construction, the family business doubled in size with almost $300,000 in sales! As the successor of such a thriving business, he'll share with us his experience as the NextGen leader, the appointed president who guided his family, and the owner who sold his shares then worked for the next family. So if you too want to build a business set to last for generations after you, this episode is perfect for you!   Listen as we draw out David's experience as a NextGen leader on: Choosing mentors and heroes that effectively inspire and guide family business leaders. Developing emotional intelligence in next-gen family leaders. Fostering the 9 family leadership traits that next-gen leaders need to create and sustain success. Implementing effective communication and decision-making processes in the family. Creating career, personal and professional development pathways.   Episode Highlights: David's personal experience with next-generation succession. How David transitioned into helping other families with their business. The importance of emotional intelligence and how to develop that into the next generation. David's life lessons for future successors of their family's business. David's definition of governance and why it's so important for business families. What role faith played in building Davids company  What David learned about managing expectations   Thank you! Thanks again for listening to the show! If it has helped you in any way, please share it using the social media buttons you see on the page.   We'd also really appreciate any feedback or questions that might guide what we talk about in future episodes. Additionally, reviews for the podcast on iTunes are extremely helpful and greatly appreciated! They do matter in the rankings of the show and we read every one of them.   JOIN THE SYSTEMS FOR SUCCESS COMMUNITY! Subscribe to the Systems for Success Podcast on IOS or Apple Itunes. Subscribe to the Systems for Success Podcast on Android or Windows OS. Follow Systems for Success on Instagram @systemsforsuccess Follow Lonnie Gienger on Instagram @lonniegienger  

Learn how to build your family's relational bank account as Tim and Michelle share how to create healthy boundaries between family members, how to create a cadence of communication in the extended family, and how to deal with failure both in your personal life and in business in a way that helps you and your kids see it as a growth opportunity. This is a rare opportunity to hear the wisdom Tim and Michelle Seneff are gaining as they learn to navigate challenging business and family transitions and intergenerational family dynamics in a way that brings deeper meaning and even joy. Tim Seneff worked up through the ranks of the private investment firm his father started. He eventually becomes President of CNL Financial Group which has formed or acquired companies with assets of over $25 billion. But everything started to change when a significant health crisis shifted his perspective and the focus he wanted for his wife and five kids. This forced them to grapple with two critical questions:  What happens when the personal priorities of the next generation change or differ from the prior generation?  How do you balance the priorities of work and family when you're a part of a family business?   Episode Highlights: How wealth and success can create lubrication for life that causes you to miss working on the hard stuff internally and in relationships. The pressure of wearing the family name or business name on your jersey every day. The value of crisis to reshape your perspective. The importance of having healthy feedback circles that call you on your stuff. Learning to enjoy the journey on a slower road where the people you love are with you. How to succeed as the second generation in the family business. Honoring prior generations (even when they make mistakes) while creating a culture of grace and truth and love. Thinking about what grace may I want my kids to give me when I'm older. How to be ready for major resets in life (e.g. relational fractures, divorce, or death in the family) Finding the balance between truth and love. Pressing onto peace instead of conflict. Leading with humility and diplomacy. Doing the deep work of knowing who you are and who you aren't. Families that play together, stay together. Wearing the right hand with each of your children based on the phase of life they are in. Creating a multigenerational mindset in your children through values transfer and storytelling. How divorce impacts adult next-gen and sibling relationships. The value of seeking personal counseling especially when not in crisis mode. Prioritizing your personal family over your family of origin while still loving your extended family well. Moving from predictable and controlled life to a position of risky adventure taking. The thrill and risk of measuring financial success are based on how much you give to others. Know the truth you believe, not just based on the truth your family believes. Shifting manhood identity to my pursuit of your wife and her heart instead of an identity based on achievement at work. Helping your kids develop the stewardship and entrepreneurship mindset especially when they are raised in affluence. Why it's valuable for your children to have failure being an option. Importance of not pushing the next-gen into your family business or into leadership roles too fast.   Thank you! Thanks again for listening to the show! If it has helped you in any way, please share it using the social media buttons you see on the page.   We'd also really appreciate any feedback or questions that might guide what we talk about in future episodes. Additionally, reviews for the podcast on iTunes are extremely helpful and greatly appreciated! They do matter in the rankings of the show and we read every one of them.   JOIN THE SYSTEMS FOR SUCCESS COMMUNITY! Subscribe to the Systems for Success Podcast on IOS or Apple Itunes. Subscribe to the Systems for Success Podcast on Android or Windows OS. Follow Systems for Success on Instagram @systemsforsuccess Follow Lonnie Gienger on Instagram @lonniegienger

It's really easy to complain about the sadly insecure state of many of our products and services, but the fact is that doing security right is hard - even when you're trying to get it right. Part of the problem is that there are just so many things to secure, even on a single product or service. Today we're going to discuss several recent security issues with popular products, and why getting it right can be such a daunting task. In today's show: a universal decryption key for all REvil ransomware victims prior to July 13th is now available; Microsoft patched a nasty security bug in all of its Windows OS versions, but it's still being actively exploited (hint: patch now!); it was recently argued that WhatsApp's end-to-end encryption has a "backdoor", but I'll explain why that's not true; a home security system maker refuses to patch a bug that would allow an attacker to disable your system just by knowing (or guessing) your email address; ProtonMail is forced to alter its "no IP logging" marketing in the face of a recent incident involving a French activist's account; new Mac malware has emerged that uses poisoned search results to trick its victims; and for my tip of the week, I'll tell you about a new fourth credit bureau where you should freeze your credit report. Article Links Free REvil ransomware master decrypter released for past victims https://www.bleepingcomputer.com/news/security/free-revil-ransomware-master-decrypter-released-for-past-victims/ Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says https://www.msn.com/en-us/news/technology/recently-reported-microsoft-zero-day-gaining-popularity-with-attackers-kaspersky-says/ar-AAOyUvR WhatsApp Fixes Its Biggest Encryption Loophole https://www.wired.com/story/whatsapp-end-to-end-encrypted-backups/ No, Facebook Isn't Reading Your Private WhatsApp Messages. The Problem Is Much Worse https://www.inc.com/jason-aten/no-facebook-isnt-reading-your-private-whatsapp-messages-problem-is-much-worse.html Pwned! The home security system that can be hacked with your email address https://nakedsecurity.sophos.com/2021/09/02/pwned-the-home-security-system-that-can-be-hacked-with-your-email-address/  ProtonMail Amends Its Policy After Giving Up an Activist's Data https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/ New Mac malware spreads via search results https://www.tomsguide.com/news/mac-malware-fake-iterm2Tip of the week: https://firewallsdontstopdragons.com/freeze-you-credit-at-innovis-too/  Further Info Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerStay tuned for a new challenge coin promotion! https://firewallsdontstopdragons.com/get-your-official-challenge-coin/ Generate secure passphrases! https://d20key.com/#/ 

We discuss bumper boats, prospects of the next Windows OS, gaming in India, and more.

It is important to ensure that your Azure Virtual Machine is meeting the performance and stability standards you have established in your organization. PerfInsights can help identify and report on your Azure SQL VM health and provide references to how administrators can mitigate the risks. PerfInsights is a self-help diagnostics tool that can be run through the portal or as a standalone tool that collects diagnostic data, produces analytic reporting, summarizes system information, and produces a system log output that can help troubleshoot virtual machine performance problems in Azure for various scenarios including SQL Server, Windows OS, Linux, Azure storage, and more. PerfInsights allows administrators to run quick analysis, produce a benchmark result, analyze slow virtual machines, analyze Azure files, and perform advanced scenarios including xperf, network tracing, storport tracing, perf counter traces, and diskspeed benchmarks. In part five of this seven-part series, we will analyze PerfInsights captures to review SQL Server findings, review storage analysis against Azure storage thresholds, resource reporting, and will review the system summary information that can make it a lot easier to document your Azure SQL Virtual Machine environment. [00:58] PerfInsights Overview[02:20] Demo[15:48] Getting started Resources:Advanced performance analysis: https://aka.ms/perfinsights/advancedAzure Files analysis: https://aka.ms/perfinsights/azurefilesQuick performance analysis: https://aka.ms/perfinsights/quickPerformance analysis: https://aka.ms/perfinsights/vmslowBPCheck - SQL Best Practices and Performance checks: http://aka.ms/BPCheckPremium storage disk sizes: https://docs.microsoft.com/en-us/azure/virtual-machines/premium-storage-performance#premium-storage-disk-sizesAzure SQL Virtual Machine Reimagined Series: https://aka.ms/azuresqlvmyt

It is important to ensure that your Azure Virtual Machine is meeting the performance and stability standards you have established in your organization. PerfInsights can help identify and report on your Azure SQL VM health and provide references to how administrators can mitigate the risks. PerfInsights is a self-help diagnostics tool that can be run through the portal or as a standalone tool that collects diagnostic data, produces analytic reporting, summarizes system information, and produces a system log output that can help troubleshoot virtual machine performance problems in Azure for various scenarios including SQL Server, Windows OS, Linux, Azure storage, and more. PerfInsights allows administrators to run quick analysis, produce a benchmark result, analyze slow virtual machines, analyze Azure files, and perform advanced scenarios including xperf, network tracing, storport tracing, perf counter traces, and diskspeed benchmarks. In part five of this seven-part series, we will analyze PerfInsights captures to review SQL Server findings, review storage analysis against Azure storage thresholds, resource reporting, and will review the system summary information that can make it a lot easier to document your Azure SQL Virtual Machine environment. [00:58] PerfInsights Overview[02:20] Demo[15:48] Getting started Resources:Advanced performance analysis: https://aka.ms/perfinsights/advancedAzure Files analysis: https://aka.ms/perfinsights/azurefilesQuick performance analysis: https://aka.ms/perfinsights/quickPerformance analysis: https://aka.ms/perfinsights/vmslowBPCheck - SQL Best Practices and Performance checks: http://aka.ms/BPCheckPremium storage disk sizes: https://docs.microsoft.com/en-us/azure/virtual-machines/premium-storage-performance#premium-storage-disk-sizesAzure SQL Virtual Machine Reimagined Series: https://aka.ms/azuresqlvmyt

Operating systems can end up being a lot of work for administrators. They need to work to configure the image, install the applications, and provide the best user experience possible. As with any software, what is provided to you is what the developer intended, but not necessarily what you want or need for your end users.This blog series introduces you to Microsoft Windows® Operating System (OS) optimizations, starting with version 1903. I will attempt to keep these optimizations as environment agnostic as possible. Hopefully, these optimizations will be just as good to administrators of physical machines as to a virtual environment utilizing Nutanix Frame, Citrix, or VMware Horizon VDI solutions.This series aims to share the seemingly infinite number of ways you can optimize a Windows environment, with something for beginners as well as administrators familiar with optimizations but looking to deliver an even better experience within their environment.Of course, the optimizations provided in this blog series are intended only as a guide. Be sure to test the optimizations described in this series internally before pushing the changes to your production environment.The previous entry of this series covered Active Setup. We discussed what Active Setup is, how it works, and how to optimize it.This blog addresses the Microsoft Store: its purpose, how it works, and what can be done with it. This particular area of the OS is continually changing and, as such, will require constant management to optimize in the way you desire. This blog potentially saves even more headaches than any other blog in this series.Host: Andy WhitesideCo-Host: Havery GreenCo-Host: Jirah CoxCo-Host: Jon Spallone

Operating systems can end up being a lot of work for administrators. Work to configure the image, work to install the applications, and work to provide the best user experience possible. As with any software, what is provided to you is what the developer intended, but not necessarily what you want or need for your end users.This blog series introduces you to Microsoft Windows® Operating System (OS) optimizations, starting with version 1903. I will attempt to keep these optimizations as environment agnostic as possible.  Hopefully, these optimizations will be just as good to administrators of physical machines as to a virtual environment utilizing Nutanix® Frame, Citrix®, or VMware® Horizon solutions.This series aims to share the seemingly infinite number of ways you can optimize a Windows environment, with something for beginners as well as administrators familiar with optimizations but looking to deliver an even better experience within your environment.Of course the optimizations provided in this blog series are intended only as a guide.  Be sure to test the optimizations described in this series internally before pushing the changes to your production environment.This installment addresses Active Setup: its purpose, how it works, and what can be done with it.  This particular area of the OS is criminally underused as a method of optimization.  As such, it should provide useful information to a wide range of readers.Host:  Andy WhitesideCo-Host: Harvey GreenCo-Host: Jon Spallone

Discover the sleeker, faster, less demanding and free operating system ready to rival Windows. Join Neil as he discusses the advantages Linux, the open source operating system that outperforms Windows in more ways than one from its cost efficiency to its reliability is Linux beginning to take over?   KEY TAKEAWAYS Linux is the open source OS that outperforms Windows, runs on low-spec machines, and never ruins your day with another infuriating auto-update.The most obvious advantage is that Linux is free whereas Windows is not.  Windows license cost is different for both desktop and server versions.  In the case of Linux OS either it can be desktop or server and still costs nothing. Windows OS is one of the simplest desktop OS available today.  Its graphical user-friendliness is exceptional – but Linux distros like Ubuntu, Elementary OS, Linux Mint, etc. are catching up, aiming to make the transition from Windows to Linux smooth and easy. Linux systems consume fewer system resources (RAM, disk space, etc.) when compared to Windows. Many Hardware vendors have realized the popularity of Linux and have started making Linux compliant hardware/drivers. But the big thing is this: when running older hardware, Windows is slower than the leaner, slicker Linux. This is why you might want to Keep your old PC and run it on Linux Linux is everywhere. From the smallest device to the largest supercomputer, Linux is everywhere. It can be a car, router, phone, medical devices, plane, TV, satellite, watch, or school tablet, Linux will be there. It's used so much because it works better than anything else – chances are it'll work for you and your soon-to-be-obsolete machines too.   BEST MOMENTS   “The most obvious advantage is that Linux is free whereas Windows is not” “We've covered Windows updates before on the show – and the chaos they can inflict!” “Geek alert,  Linux allows a user to control every aspect of the operating system.”   VALUABLE RESOURCES Listen to The Tutor Podcast on the Apple Podcasts (https://podcasts.apple.com/us/podcast/the-tutor-podcast/id1369191372)! Build Your Online Course Week 1: https://podcasts.apple.com/us/podcast/build-your-online-course/id1369191372?i=1000477109724 Course Planning Week 2: Who Am I?: https://podcasts.apple.com/us/podcast/build-your-online-course/id1369191372?i=1000477109724 Who are They? (Know Your Punters): https://podcasts.apple.com/gb/podcast/who-are-they-know-your-punters/id1369191372?i=1000478984529 Read the Weird Things Guitarists Do book by Neil Cowmeadow, which is available now on Amazon. Link - https://www.amazon.co.uk/Weird-Things-Guitarists-Do-Misconceptions/dp/1519026579/ Contact Neil via this website - com!   ABOUT THE HOST Neil Cowmeadow is a maverick peripatetic guitar teacher from Telford with over 19 years' experience in the business of helping people. Learn how to start, grow and love your business with Neil's invaluable advice and tips without the buzzwords and BS! CONTACT METHOD info@neilcowmeadow.com     See omnystudio.com/listener for privacy information.

Today we will look at a supplement security product. Why supplement, I heard you ask - well supplement to an already existing security tool. Before we get into that though, lets start with some current security news. - PrintNightmare -  A zero day for every supported Windows OS version in the wild -Cyber Insurance and the Cyber Security Challenge-rusi.org: Cyber Insurance and the Cyber Security Challenge-The DarkSide Ransomware GangBe sure to subscribe!If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.comYou will find a list of all previous episodes in there too.

Windows 11 ถือเป็น Windows OS ใหม่ล่าสุดของ Microsoft ที่เปิดตัวพร้อมกับการทำงานที่สอดคล้องกับพฤติกรรมการใช้งานคอมพิวเตอร์ของคนในยุคนี้ ซึ่งการเปิดตัวไม่เหมือนที่เซียนหลาย ๆ คนคาดหวังในบางเรื่อง เพราะปีนี้ Microsoft เน้นโฟกัสไปที่ "ผู้คน" มากกว่า "องค์กร" เราจะเห็นคนใน Keynote พูดถึงการใช้ชีวิต การอยู่กับครอบครัวมากกว่าเมื่อก่อน เพื่อสอดคล้องกับวิถีชีวิตใหม่ในช่วงเวลานี้ และนอกจากนั้น การทำงานของ Windows 11 ก็แปลกใหม่มากขึ้น ถ้า Mac โฟกัสไปที่ความปลอดภัยและความส่วนตัวของบุคคล Windows กลับโฟกัสไปที่การทำงานร่วมกัน การอยู่เป็นกลุ่มเป็นก้อน และคอนเนคชั่น ทิศทางของ Windows ในรุ่นนี้น่าสนใจมาก มาฟังกันครับ

A RE-UPLOAD on old episodes I had previously! I'll work on descriptions later on. In today's episode I'll be going over Windows 11, Is this the best Windows OS from Microsoft? You'll find out in today's episode! Get bonus content on Patreon See acast.com/privacy for privacy and opt-out information. Get full access to Leon's Substack at leonlagrey.substack.com/subscribe

Episode 53: On the First Hour of the show, We have a "Cold War Showdown" with Russia and the USA. Our security expert Nick Espinosa is here from Security Fanatics to give us the low down on this Rocky 4 technology heavyweight match. Next, we have Windows 11 sneak peek as Microsoft ends Windows 10, which was said to be the last Windows OS ever per CEO Satya Nadella. Next, we have a Nuclear Energy-based "Fusion plant" to be built in the UK by 2025? And just in time for the summer, we have a robot that can zap those pesky weeds. Finally, we have Mike's Mesmerizing Moment brought to us by StoriCoffee® along with our NFT and Whiskey Tastings, all in the first hour packed with technology information.On the Second Hour, we have our "Letters" segment reading this week's email scams and funny phishing attempts. Our featured piece is with James Riddle, Vice President of Research Services & Strategic Consulting for Advarra. James will join us on the topic of Scientists Using CRISPR to Engineer a new 'Superbug' that is invincible to all viruses, and some claim we found a pill to treat COVID-19? James has the answers we are seeking. In our segment "What you Didn't Know," we have a feature on China's latest technology global updates from a space crew to a driverless robot taxi.  I am sure that during this hour we will make you go hummm and hopefully make you laugh and have fun in technology. Welcome to two hours of TechTimeRadio, with your Host Nathan Mumm.“Welcome to TechTime Radio with Nathan Mumm, the show that makes you go "Hummmm" technology news of the week for June 19th - 25th, 2021. The radio show for the everyday common person, that will impact your future with insightful segments, weeks ahead of the mainstream media.” --- [Top Stories in 5 Minutes]: Starts at 8:15 Windows 10 to be retired in 2025, as new OS unveilsa.        https://tinyurl.com/astzre4a        Lina Khan: The 32-year-old taking on Big Tech as chair of the US Federal Trade Commission (FTC)a.        https://tinyurl.com/832bfe94Nuclear Energy: Fusion plant backed by Jeff Bezos to be built in UKa.        https://tinyurl.com/ybsknmhr--- [Technology Insider]: Starts at 19:31 Nick Espinosa from security fanatics and our TechTimeRadio security correspondent talks about Russia and USA talks with Biden-Putin security summit.  --- [Protect Yourself Today]: Starts at 41:32 A robot is killing weeds by zapping them with electricity. Small Robot says it has raised over $9.9 million in support. Scott-Robinson says the company hopes to launch its full system of robots by 2023.https://tinyurl.com/2y36x5kj--- [Mike's Mesmerizing Moment brought to us by StoriCoffee®]: Starts at 48:56  --- [Pick of the Day]: Starts at 51:47 Lismore Single Malt Scotch Whisky | 80 Proof | $35.00Nathan: Thumbs Up | Mike: Thumbs UpEpisode 53: Hour 2 - 1:06:10 --- [Letters]: Starts at 1:09:46Nathan reads this week's emails scams sent to him--- [Ask the Expert]: Starts 1:22:38James Riddle, Vice President of Research Services & Strategic Consulting for Advarra. James will join us on the topic of Scientists Using CRISPR to Engineer a new 'Superbug' that is invincible to all viruses, and some claim we found a pill to treat COVID-19.--- [Things You Didn't Know]: Starts 1:47:00  We have a feature on China's latest technology global updates from a space crew to a driverless robot taxi.

A mysterious cardboard box arrives at the doorstep of an aspiring web sleuth, who soon finds himself entangled in the unexpected absurdity of another dimension. A dimension not only of...sound, it's a podcast, but of (unsound) mind. A journey into an abhorrent wasteland whose boundaries are that of... well... there are no boundaries, pretty bottom of the barrel here... His next stop, the Darwinverse! ====================== This cinematic masterpiece was written, recorded, edited... and scripted, acted, produced... and directed by: Your Friendly Neighborhood Death Investigator No fruit was harmed during the making of this scene (cuz I murdered it beforehand) Check out their podcast, creatively named Autopsy. HERE Check out their website as well at www.autopsypod.com (yes, they are semi-professional) If you can't get enough of their logo and wish to help pay off my bill to this incredible indie podcast, check out their SWAG HERE ...or, If you are, like me, ashamed of exposing your disturbing podcast preferences to the public, then head on over to Patreon and give them some support! Support independent niche creators, because who else is going to provide detailed, objective medical information on the condition of a victim's remains, other than random "true crime" podcasters investigating from the comfort of their own home? ====================== Collaboration scene from Episode 19. Vampire Watermelons, with a Side of Garlic Bread LISTEN TO IT HERE Episode Art was created using Microsoft Paint. You can obtain it for free, by installing a Windows OS on any cheap ass PC. You don't even need to be a graphic designer

丘孔报科技。2020年11月15日。星期天。1、 针对“不可能打工男子当老板”的传闻，广西飞驴电动车科技有限公司发布说明回应称，11月11日周立齐（窃格瓦拉）签约成为飞驴科技联合创始人信息真实有效，部分网友猜测的天价签约费或炒作完全是子虚乌有，周立齐先生与飞驴科技属于共同创业。丘孔点评，这才是科技界的大事，当丑变成了美，当缺变成了德，当黑变成了白，这个世界还有什么意思？这个世界太有意思了。是宽容还是愤恨，是求同存异，还是誓死力争，我们要学会长大。2、 南非发现200万年前人类“表兄弟”头骨化石，这块头骨来自罗百氏傍人。据悉，罗百氏傍人是直立人的近亲，而直立人被认为是现代人类的直系祖先。这两个物种生活在同一时期，但罗百氏傍人灭绝得更早。3、 中国科学技术大学俞书宏院士团队使用“定向变形组装”方法，研制出具有仿生结构的高性能材料，具有比石油基塑料更好的机械与热性能，有望成为其替代品。4、11月14日讯，2020年“科学探索奖”颁奖典礼今日举行，来自九大领域的50位获奖人领奖。50位获奖人平均年龄不到40岁，其中最年轻获奖者仅30岁。“科学探索奖”在评选过程中重点关注四个因素：独立性、创造性、变革性和可行性。5、NASA 和 SpaceX 预计将在本周末向国际空间站（ISS）发射美国首枚可操作发射器。双方原计划在美国东部时间 19:49 进行 “ NASA SpaceX Crew-1”任务，届时将四名宇航员称载人龙飞船发射升空。但 NASA 透露，在执行任务的 “发射准备情况分析”（LRR）之后，该发射任务现在的目标改为周日 19:27 的备用时间。6、随着美国新冠确诊和住院病例本月创下纪录，更多美国人感到焦虑，不愿意外出就餐或购物。市场研究公司 DataTrek 的数据显示，上周，谷歌平台 “焦虑症”搜索量达到 16 年来最高水平，“餐馆”和 “商场”搜索量则几乎回落至 3、4 月份以来的最低水平。7、小鹏汽车推出全语音车载系统：只动口，不动手。丘孔点评，语言几乎是人类信息传输中最慢的手段，作为瞬息变化的认为驾驶，编码传递解码够用吗？男司机在副驾驶都无法指挥女司机，何况电脑？8、瑞典爱立信公司CEO鲍毅康（Börje Ekholm）接受采访时表示，支持华为在瑞典发起诉讼，这个世界需要公平竞争环境。华为确实是爱立信强大的竞争对手。在这场战争中，爱立信如果想要取胜，不靠其他方式，靠的是不断地投资技术研究、让客户满意的解决方案。丘孔点评，娘了个逼的，世界如此清明就好了。所有的不公正对待都有原因，都会有回报的。9、高通已获准向华为供货芯片：核心仍未放开，包括部分4G产品，5G并未涉及。丘孔点评，难道买成品都不行？川建国的确管的太宽了。10、根据微软官方微信公众号的消息，龙华医院是上海互联网医院中首家选择微软商用 Surface 作为日常办公机型的医院。从 2019 年起到 2020 年，龙华医院也成为三甲医院中采购微软商用 Surface 数量最多的医院之一。丘孔点评，为啥不用华为，崇洋媚外，膝盖跪久了，大清早就崛起了。还有一种可能，花粉俱乐部的华为太便宜了。11、长安汽车官宣将与华为、宁德时代三强联合，共同打造高端智能汽车品牌。此次长安汽车、华为、宁德时代联合打造的全新汽车品牌定位为智能汽车高端品牌，将搭载全球领先、自主可控的智能电动汽车平台，配备一系列智能汽车产品，还拥有超级 “人车家”智慧生活和智慧能源生态。另外，长安汽车还在央视《第一发布》节目公布 “5 年发布 105 款车型”的产品规划。丘孔点评，前面感觉还是靠谱的，有点新美大的逼格，有点腾百万的苗头，看到5年105款车型的时候，我笑了——喷漆换个颜色算不上？我觉得目前老百姓需要的不是高端品牌吧？需要的是更多汉这种性价比新能源车，价格区间在8-25万内，无论是在空间、安全性、配置、智能化、性能上都可以对同价位的燃油车形成优势的车型。资本市场需要做溢价，但人民到底需要什么，又有多少人考虑呢？不愧是花粉俱乐部。12、微软公布新款 Surface 更新支持终止日期：4 年后，设备终止日期是微软停止为 Surface 提供驱动更新和固件更新的时间，但是在设备终止日期之后，微软将继续提供 Windows OS 功能和安全更新。13、TikTok 周五在一份法庭文件中表示，美国外国投资委员会（CFIUS）批准其延长原定于周四生效的禁令期限至 11 月 27 日，以达成解决方案。14、北汽蓝谷披露北汽新能源10月份销量为2037辆，同比大降76.32%；1-10月累计销量仅为23123辆，较去年同期的106983辆下跌了78.39%。15、2020年“科学探索奖”颁奖典礼今天在北京钓鱼台国宾馆举行，来自九大领域的50位获奖人依次从饶毅、潘建伟、邬贺铨、程泰宁等发起人手中接过奖杯，继续他们探索基础科学和前沿技术“无人区”的征程。16、安卓和iOS版微信在最新版的聊天框中加入了话题功能，加 # 号可让内容变蓝色，点击可跳转至微信公众号、视频号和微信视频等内容。目前，话题功能尚在灰度测试阶段。17、苹果 M1 GPU 跑分出炉：达 16 英寸 MacBook Pro 独显水平。18、开源中国“OSC 中国开源项目评选”最佳人气项目投票正式结束。2020年度OSC中国开源项目TOP30名单正式公布。丘孔。帮你领先别人一点点，一定要每天跟呀。能够跟我一起的朋友转发一下，留个言。2020年11月15日。

Maintaining Internet privacy, VoIP (Ooma vs BasicTalk), Profiles in IT (Garrett M. Camp, co-founder StubleUpon and Uber), Tesla Model S hacked by Chinese hackers, David Burd suprise visit (Google Glass antics and more), Global Innovation Index (Switerland on top again, US ranks 6th), Chrome browser drains PC batteries (bug known for 2 years, Google finally fixing it, only affects Windows OS), and Supermoon (when the moon is full at closest point, three months in a row, next occurance August 10th). This show originally aired on Saturday, July 19, 2014, at 9:00 AM EST on WFED (1500 AM).