Archive for May 3, 2023

Unilever Canada launches Leap Rewards

Posted in Commentary with tags on May 3, 2023 by itnerd

Unilever Canada has launched the Leap Rewards app, designed to help consumers save money on their purchases of responsibly made brand products, while also unlocking important rewards to help their community and the planet. 

With customers often facing issues of cost and convenience in their efforts to be sustainable, the Leap Rewards app is a free loyalty program that enables customers to make more responsible shopping choices. Serving as a dual proposition for customers, the app offers an opportunity to simultaneously earn points and Do Good rewards, with an ability to save money and do good during Earth Month and all year long. The app also curates’ great content for consumers to educate themselves on sustainable practices. 

How does it work?

  • Buy products with sustainable attributes: Make purchases at your preferred retailer from familiar brands like Dove, Hellmann’s, Axe, TRESemmé, Schmidt’s, Knorr, Olly and many more.
    • The selection of brands and products on the app follow specific sustainability guidelines including, PETA Approved certification, Plant-based, made with at least 70% recycled material and is sustainably sourced (certified by external sustainable bodies like Rainforest Alliance, Fairtrade or Organic or adheres to the Unilever Sustainable Agriculture Code).
  • Share your receipts: Scan your receipts on the Leap Rewards app, which will analyse your product scores.​
  • Collect and spend points: Get rewarded with points. The amount is based on how many sustainable attributes the products you buy are linked to. ​Customers can then spend their points on coupons and unlock rewards, like donating a meal or planting a tree with organisations like Second Harvest and EcoMatcher.
  • Use your coupons on products with sustainable attributes and share your receipts, which will enable you to collect more points and unlock additional Do Good rewards. ​

To learn more, download the app today on the Apple Store or Google Play store

Commvault a Leader in Cloud Backup for Ransomware Protection: Kuppinger

Posted in Commentary with tags on May 3, 2023 by itnerd

Commvault, an enterprise data protection leader for the complex and mission critical hybrid environments of today’s global businesses, announced that KuppingerCole Analysts AG has positioned the company as an Overall Leader in its Leadership Compass on Cloud Backup for Ransomware Protection. Within this rating, Commvault has also been named a Product Leader, Innovation Leader, and Market Leader.

The KuppingerCole Leadership Compass provides an overview of the Cloud Backup for Ransomware Protection market, analyzing vendors based on innovativeness, market position, financial strength, and ecosystem, as well as their respective products and services across a range of capabilities, including security, functionality, deployment, interoperability, and usability.

Commvault’s enterprise-grade DPaaS excels in all of these categories and is championed in the report for delivering a wide range of cloud-native data protection solutions that cover a broad spectrum of workloads, including databases, endpoints, file & object, VM & Kubernetes, Microsoft 365, Microsoft Dynamics 365, Microsoft Active Directory, and Salesforce. The report also spotlights the enhanced security and compliance protection from Metallic DPaaS via its Security IQ security tools and insights, ThreatWise cyber deception technology, and Government Cloud protection.

To learn more, download the full KuppingerCole Leadership Compass on Cloud Backup for Ransomware Protection on Commvault’s website.

Twitter U-Turns On Posting Emergency Alerts

Posted in Commentary with tags on May 3, 2023 by itnerd

The news coming from Twitter is non-stop today.

One of the things that was a side effect of Elon Musk’s attempt to get people and companies to pay for Twitter’s API access is that emergency alerts such as weather alerts and public transit alerts would no longer be possible as those are generated by apps that used the Twitter API. That came to a head when the MTA which runs New York’s transit system said that it would reduce its presence on Twitter as a result.

Cue the u-turn by Twitter.

That’s vague as hell. What does “Verified gov or publicly owned services” mean precisely? Does that mean that these organizations need to pay Elon to get access to this? That’s a theory that The Verge is floating:

Exactly what the company means by “verified” is unclear. Does it only apply if the agency has enabled a new “verified” account, and do they have to pay to get checkmarks on any sub accounts that may require API access?

My belief is that this isn’t the end of this story. I fully expect that Elon will pull some sort of stunt to try and get paid somehow.

Elon Musk Threatens NPR Reporter Over NPR Not Tweeting…. WTF?

Posted in Commentary with tags on May 3, 2023 by itnerd

The behaviour of Elon Musk is really heading into a place where you have to wonder if he should be a CEO of any company. I say that because his battle with NPR over the fact that NPR was labeled as “State-funded media”, and then quit posting to Twitter has taken a really bizarre turn:

Elon Musk has threatened to reassign NPR’s Twitter account to “another company.” 

In a series of emails sent to this reporter, Musk said he would transfer the network’s main account on Twitter, under the @NPR handle, to another organization or person. The idea shocked even longtime observers of Musk’s spur-of-the-moment and erratic leadership style. 


In an unprompted Tuesday email, Musk wrote: “So is NPR going to start posting on Twitter again, or should we reassign @NPR to another company?”

Under Twitter’s terms of service, an account’s inactivity is based on logging in, not tweeting. Those rules state that an account must be logged into at least every 30 days, and that “prolonged inactivity” can result in it being permanently removed. 

Musk did not answer when asked whether he planned to change the platform’s definition of inactivity and he declined to say what prompted his new questions about NPR’s lack of participation on Twitter. 

“Our policy is to recycle handles that are definitively dormant,” Musk wrote in another email. “Same policy applies to all accounts. No special treatment for NPR.”

The threat of retaliation is the latest volley in a months-long conflict between Musk and established media organizations since the billionaire purchased Twitter in October.

The reporter is Bobby Allyn and I truly have no words for this. It’s pretty clear that Elon has not only lost the plot, but he’s gone off the deep end. And I have to wonder about his mental state as this sort of behaviour makes no sense. To be clear I don’t say that last sentence lightly. If I were anyone on the board or directors of SpaceX or Tesla, I would be looking at what’s going on at Twitter and question if Elon has the ability to run a public company. And take action by removing him as CEO if this behaviour concerns them in the slightest. Because this is simply beyond the pale and cannot be excused.

Employer Disqualifies Any Candidate That Doesn’t Have An iPhone…. WTF?

Posted in Commentary with tags , on May 3, 2023 by itnerd

From the “is this guy for real?” department comes this Tweet from a guy named Nick Huber. His Twitter profile looks like this:

He’s got a blue checkmark next to his name that I won’t hold against him. Even though for whatever reason he thought it was a good idea to pay Elon Musk $8 a month for it. Oh wait, he’s on iPhone so it’s actually $11 a month. But I digress. The reason why I am talking about him today is that a Tweet that he put out has set the Twitterverse, or what’s left of it, alight:

Well, if he wants to disqualify talent because someone does not use a phone that is Steve Jobs approved, that’s his choice I guess. But that’s also pretty stupid as in my opinion as he’s likely missing out on talent simply by doing that. But again, that’s his choice I guess. Though Twitter showed that it wasn’t shy about taking a few shots at this guy:

I have to wonder if he’s going to reconsider the wisdom of Tweeting this at some point. Because I have to admit that he doesn’t look like the best employer at the moment.

Samsung Bans Internal Use of AI After ChatGPT Source Code Leak

Posted in Commentary with tags on May 3, 2023 by itnerd

On Monday, Bloomberg reported that Samsung notified staff of a new policy banning employee use of AI tools in response to discovering in April that its engineers had accidentally leaked internal source code by uploading it to ChatGPT.

The company is concerned that once data is transmitted to AI platforms it is then stored on external servers, difficult to retrieve and delete, and is then available to other users, according to the document disclosed to Bloomberg.

Furthermore, last month Samsung conducted an internal survey which revealed that 65% of respondents believe the use of AI tools poses a security risk.

Meanwhile, the company claims to be creating its own internal AI tools for translating and summarizing documents as well as for software development. It’s also working on blocking staff’s ability to upload proprietary information to external services. 

Other companies that have either banned or restricted the use of AI tools include JPMorgan Chase & Co., Bank of America Corp., Citigroup Inc., Deutsche Bank, Goldman Sachs, and Wells Fargo.

Roy Akerman, Co-Founder & CEO, Rezonate had this comment:

   “The wide adoption of AI language models is becoming widely accepted as a means of accelerating delivery of code creation and analysis. Yet, data leakage is most often a by-product of that speed, efficiency, and quality. Developers worldwide are anxious to use these technologies, yet guidance from engineering management has yet to be put in place on the do’s and don’ts of AI usage to ensure data privacy is respected and maintained.

   “The aspect of AI consuming all input as source material for others queries presents a black box of uncertainty as to exactly how and where a company’s data would end up and completely upends the tight data security at the heart of most all companies today. 

   “Blanket restrictions are not a permanent solution and will only limit an organization’s visibility to this problem. Instead, increased control, with education of developers on the cause and effect of using these tools for code reviews, code optimization, debugging and syntax will help harness the technology for the betterment of the organization.”

Clearly there are advantages and benefits to using AI, but there are risks as well. Companies need to weigh those risks so that they aren’t inadvertently creating a situation where AI does more harm than good.

Twitter’s Purge Of Legacy Verification Checkmarks Has Made No Difference To The Number Of Twitter Blue Subscribers

Posted in Commentary with tags on May 3, 2023 by itnerd

Recently in his latest attempt to get Twitter to make money. Elon Musk nuked the legacy verification checkmark from anyone who had one. Then he kind of walked that back by then giving them out to celebrities, people who criticized him, and dead people. It now turns out that this has made close to no difference in terms of Twitter Blue sign ups:

Approximately 619,858 Twitter users were subscribed to Twitter Blue as of the end of April. That’s around $5 million per month or $60 million per year.

The latest data was provided to Mashable by developer and researcher Travis Brown who has been tracking Twitter Blue subscriptions since early this year. Based on previous internal leaks from the company, Brown estimates his methodology for tracking Twitter Blue subscriptions pulls in somewhere around 90 percent of all Twitter Blue users.

Brown estimates that there could be between 640,000 and 680,000 Twitter Blue subscribers in total as of April 30.

To compare, Snapchat, a competing social networking platform, launched a premium paid subscription service last June and reached 1 million paying subscribers in just two months. Musk’s version of Twitter Blue launched in November. As of mid-April, Snapchat shared that its Snapchat+ premium service now has more than 3 million paying subscribers.

And these latest estimates include somewhere around 9,000 Twitter users with over 1 million followers who have been provided with a free “complimentary” subscription to Twitter Blue. The numbers also include users who have canceled their subscription previously, yet still show up as paid subscribers due to a long-reported apparent glitch.

When factoring in those free subscriptions that were handed out, the net growth of Twitter Blue subscribers falls in line with previous weeks. Unfortunately for Musk, the removal of Twitter’s legacy verified users just did not drive subscriptions.

The reason behind this is simple. There is zero value in having a blue checkmark because Elon has completely devalued it. And the fact that browser extensions like this one and this one which auto mute or auto block Twitter Blue subscribers cause that value to nosedive even further. The bottom line is nobody wants to pay Elon for something that people find to be a negative and not a positive.

Elon has really shot himself in the foot and achieved the opposite of what he wanted. Great job Elon! This illustrates how bad you are at coming up with viable strategies to drive revenue.

Flashpoint Discloses Details Of A Vulnerability With Netgear’s NMS300 ProSAFE Network Management System

Posted in Commentary with tags on May 3, 2023 by itnerd

Flashpoint has published research that details a vulnerability in Netgear’s NMS300 ProSAFE Network Management System. Here’s what Flashpoint found:

NETGEAR NMS300 ProSAFE Network Management System provides a web-based management interface for managing devices on the network. By default, the interface listens on port 8080/tcp. Apart from a standard ‘Admin’ role account the interface offers two additional lesser privileged account roles: ‘Operator’ and ‘Observer’. For our analysis, we focused on the least privileged account i.e. ‘Observer’ that per the user manual “can only monitor and view enterprise network functions.”

During analysis, we found various issues with the product. Most notable are the following two vulnerabilities along with the product’s use of old third-party components with publicly known vulnerabilities.

The web-based management interface provides a “User Management” tab for managing user accounts. Users with the “Observer” privilege have access to this tab but can only view information about users i.e. whether the account is active, user name, account type, and various contact details like email address, name, and phone number.

When a user accesses the “User Management” tab two requests are sent. First, a request is sent to initialise the page. Second, another request is sent to populate the page with the user information. The second request is of interest with regard to this vulnerability.

Behind the scenes, a SQL query is made to the MySQL database to retrieve all information stored in the database table containing user details. This is then returned in a JSON response and inserted in the relevant columns on the page. The problem is that as everything stored in the database table is returned, this includes the cleartext passwords for every single account. While this information is not displayed on the page to the user, it can be obtained by simply viewing the JSON data in the HTTP response.

This of course isn’t good. And what is worse, Netgear has no fix for this. And Flashpoint’s recommendation is for Netgear to EOL the product as the Flashpoint team found other issues with this product that should cause concern among anyone using it.

You can read the research here.