Archive for March 4, 2024

Canadians Affected By “Battery Gate” To Get Paid By Apple

Posted in Commentary with tags on March 4, 2024 by itnerd

If you’re Canadian and you were affected by “Battery Gate”, I have some news for you. A court in BC has approved a settlement related to this where Apple will pony up $14.4 million CAD to make this issue go away. More information on how to submit a claim will be shared on the settlement website, but here’s the TL:DR in terms of who this covers:

  • You are a current or former resident of Canada (excluding Quebec)
  • You have to have owned a iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, and/or iPhone SE with iOS 10.2.1 or later installed or downloaded, and/or an iPhone 7 or iPhone 7 Plus with iOS 11.2 or later installed or downloaded, before December 21, 2017.
  • You need the serial number of said phone.

Now as usual for these sorts of things, Apple denies that it did anything wrong. And to be frank, $14.4 million CAD is a rounding error for Apple. But “Battery Gate” is done and dusted in Canada.

And I guess that it goes without saying that if you were affected by “Battery Gate”, you need to dig up that serial number and make sure you get your share of this.

3 Comments »

American Express Service Provider Pwned Exposing American Express Customer Data

Posted in Commentary with tags on March 4, 2024 by itnerd

American Express is warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked. In the data breach notification filed with the state of Massachusetts, Amex said the breach occurred at one of its service providers used by their travel service division, American Express Travel Related Services Company. 

Darren Williams, CEO and Founder, BlackFog had this comment:

     “The potential impact of the American Express data breach is not yet known, as it is unclear whether customers’ data was simply accessed or if it has been exfiltrated through the third party provider. If the sensitive data of customers, including card numbers and expiration dates, has been exfiltrated by attackers, it can be used to not only make fraudulent purchases, but also to extort customers into further payments. All service providers who hold customer data should be investing in threat intelligence and anti data exfiltration technology to avoid attacks just like these.”

Since American Express filed a data breach notification, I assume that more details will be forthcoming. Because this data breach could be bad, or really really bad. And it is in everyone’s best interests to find out which.

Leave a comment »

Action1 Achieves 376% YoY Growth in 2023

Posted in Commentary with tags on March 4, 2024 by itnerd

Action1 Corporation, a provider of the #1 risk-based patch management platform designed for distributed enterprise networks, today announced outstanding results for 2023, including 376% global sales growth. Other key highlights include recognition by trusted review platforms G2 and Gartner Digital Markets and achievement of authoritative security certifications.

Market Momentum:

  • Action1 reported a 376% global sales growth compared to 2022, thanks to the rapid expansion in the US, Europe, and worldwide.
  • Action1 demonstrated exceptional growth in multiple sectors, including education, healthcare, and technology.

Product Enhancement:

  • Action1 has introduced real-time vulnerability discovery and remediation to empower organizations to reduce the mean time to remediate (MTTR) vulnerabilities.
  • The company extended its Software Repository maintained in-house by security experts for streamlined third-party patching, which now includes 99% patching coverage for most enterprise environments.
  • Action1 has established a data center in Europe, enabling EU customers to meet the stringent GDPR standards, ensuring data residency and sovereignty, and is now looking to further expand by opening a data center in Australia.

Industry Certifications:

  • Action1 became the first patch management vendor to achieve SOC 2 and ISO 27001 certifications, underscoring its commitment to security.

Recognition:

  • Action1 has been consistently rated as the #1 easiest-to-use patch management solution by G2.
  • Gartner Digital Markets awarded Action1 31 badges in six categories.
  • G2 recognized Action1 as High Performer and Momentum Leader for patch management in its quarterly reports for multiple times, rewarding the company for excellence and for its high-growth trajectory.

Research:

Leave a comment »

ServiceNow, Hugging Face, and NVIDIA Release New Open-Access LLMs to Help Developers Tap Generative AI to Build Enterprise Applications

Posted in Commentary with tags on March 4, 2024 by itnerd

ServiceNowHugging Face, and NVIDIA, has announced StarCoder2 which was released on February 28th, a family of open‑access large language models (LLMs) for code generation that sets new standards for performance, transparency, and cost‑effectiveness.

StarCoder2 was developed by the BigCode community, stewarded by ServiceNow, the leading digital workflow company making the world work better for everyone, and Hugging Face, the most‑used open‑source platform where the machine learning community collaborates on models, datasets and applications.

Trained on 619 programming languages, StarCoder2 can be further trained and embedded in enterprise applications to perform specialized tasks such as application source code generation, workflow generation, text summarization, and more. Developers can use its code completion, advanced code summarization, code snippets retrieval, and other capabilities to accelerate innovation and improve productivity.

StarCoder2 offers three model sizes: a 3 billion‑parameter model trained by ServiceNow, a 7 billion‑parameter model trained by Hugging Face, and a 15 billion‑parameter model built by NVIDIA with NVIDIA NeMo and trained on NVIDIA accelerated infrastructure. The smaller variants provide powerful performance while saving on compute costs, as fewer parameters require less computing during inference. In fact, the new StarCoder2 3 billion‑parameter model also matches the performance of the original StarCoder 15 billion‑parameter model.

Fine‑Tuning Advances Capabilities with Business‑Specific Data

StarCoder2 models share a state‑of‑the‑art architecture and carefully curated data sources from BigCode that prioritize transparency and open governance to enable responsible innovation at scale.  

The foundation of StarCoder2 is a new code dataset called The Stack v2 which is more than 7x larger than The Stack v1. In addition to the advanced data set, new training techniques help the model understand low‑resource programming languages (such as COBOL), mathematics, and program source code discussions.

StarCoder2 advances the potential of future AI‑driven coding applications, including text‑to‑code and text‑to‑workflow capabilities. With broader, deeper programming training, it provides repository context, enabling accurate, context‑aware predictions. These advancements serve seasoned software engineers and citizen developers alike, accelerating business value and digital transformation.

Users can fine‑tune the open‑access models with industry or organization‑specific data using open‑source tools such as NVIDIA NeMo or Hugging Face TRL.

Organizations have already fine‑tuned the foundational StarCoder model to create specialized task‑specific capabilities for their businesses.

ServiceNow’s text‑to‑code Now LLM was purpose‑built on a specialized version of the 15 billion‑parameter StarCoder LLM, fine‑tuned and trained for ServiceNow workflow patterns, use‑cases, and processes. Hugging Face also used the model to create its StarChat assistant.

BigCode Fosters Open Scientific Collaboration in AI

BigCode represents an open scientific collaboration jointly led by Hugging Face and ServiceNow. Its mission centers on the responsible development of LLMs for code.

The BigCode community actively participated in the technical aspects of the StarCoder2 project through working groups and task forces, leveraging ServiceNow’s Fast LLM framework to train the 3 billion‑parameter model, Hugging Face’s nanotron framework for the 7 billion‑parameter model, and the end‑to‑end NVIDIA NeMo cloud‑native framework and NVIDIA TensorRT‑LLM software to train and optimize the 15 billion‑parameter model.

Fostering responsible innovation is at the core of BigCode’s purpose, demonstrated through its open governance, transparent supply chain, use of open‑source software, and the ability for developers to opt data out for training. StarCoder2 was built using responsibly sourced data under license from the digital commons of Software Heritage, hosted by Inria.

StarCoder2, as with its predecessor, will be made available under the BigCode Open RAIL‑M license, allowing royalty‑free access and use. Furthermore, the supporting code for the models resides on the BigCode project’s GitHub page.

All StarCoder2 models will also be available for download from Hugging Face and the StarCoder2 15B model is available on NVIDIA AI Foundation models for developers to experiment with directly from their browser, or through an API endpoint.

For more information on StarCoder2, visit https://huggingface.co/bigcode.

Leave a comment »

CyberProtonics Redefines Data Protection with the Most Powerful, Lightweight, Quantum-Resistant Software-Based Cryptosystem for Digital Ecosystem, IoT and Generative AI

Posted in Commentary with tags on March 4, 2024 by itnerd

CyberProtonics, trailblazers in quantum-resistant data protection, today introduced the first lightweight, software-based cryptosystem that makes being quantum-ready easy, affordable, and practical. Embeddable virtually anywhere, any time, the advanced cryptosystem generates blistering-fast encryption speeds of 512 bits to up to 10K bits, rendering data useless when a breach occurs. CyberProtonics also today announced a major OEM agreement with Simplifi, leaders in secure remote computing.

Legacy-friendly and plug-and-play features allow its cryptosystem to seamlessly integrate in all types of applications, including IoT, e-sim, and generative AI Private Large Language Models (PLLMs). CyberProtonics protects data at rest and in transit, without performance impacts, and is recognized as the first truly lightweight quantum-resistant commercial solution for rendering stolen data completely useless.

Anywhere, Anything, Every Time Protection

In today’s increasingly hostile cyber threat landscape, everyone should be protected from bad actors and malicious cyberattacks, wherever their data resides. CyberProtonics adds an indispensable, affordable additional layer of quantum-resistant security at the source where data is created to protect legacy, current, and future cybersecurity system architectures, networks, and devices.

Among applications are:

Work from Home: Employees continue to work from home, and cybersecurity is more important than ever for the hybrid workforce. CyberProtonics keeps confidential work data secure, at rest or in transit.

Internet of Things (IoT): CyberProtonics’ cybersecurity protocols protect IoT devices and networks from the latest threats with reliable and robust security.

Generative AI: Large Language Models that companies want to keep private are protected by CyberProtonics’ proprietary cryptosystem.

Defense: CyberProtonics’ 512-bit to 10k-bit encryption protects data at rest or in transit in theaters of operations, supporting unmanned aerial vehicles (UAVs), wearable devices, connected vehicles, smart infrastructure, and portable communications.

Satellite: End-to-end encryption in the ground terminal and in the satellite itself safeguards transmissions, ensuring data security and confidentiality.

Industrial Control Panel: Protects critical infrastructure with next-generation quantum-resistance technology, designed to ensure reliable and resilient security for factories, power plants, and wastewater treatment facilities.

Commercial Data: Banking and finance, healthcare, hyperconnected commerce, and more.

A New Era in Data Protection

CyberProtonics’ proprietary software employs a robust licensing engine for both connected and air-gapped models and solutions, with varying time periods and iterations. It delivers:

Strength: Post-quantum symmetric key-based encryption, with key lengths of 512 bits, increasing up to 10k bits.

Speed: Lightning-fast operation does not affect a device’s computing or memory cycles, even for the smallest sensor or IoT device.

Size: The lightweight footprint of CyberProtonics’ cryptosystem’s binary runtime enables end-to-end encryption at the data generation source, with single-digit MB of code.

Security: Encryption of data in transit and at rest for both on-premises legacy systems and modern secure access service edge.

Breach Immunity and Unwavering Compliance: Valuable data is made useless. Full compliance with regulatory mandates and industry standards such as GDPR, HIPAA, PCI DSS, and SOX is automatic and assured.

Market-Proven SDK: Symmetric key encryption optimized for small footprint applications (crucial for IoT devices), stronger than any currently deployed application of AES, RSA, or ChaCha20. Fully automated key management that eliminates manual key distribution human errors. C language callable APIs.

Leave a comment »

Apple Gets Slapped With An Almost $2 Billion Fine For Taking Shots At Spotify

Posted in Commentary with tags on March 4, 2024 by itnerd

On a day where Apple wanted to control the narrative by launching new MacBook Air models, the EU has decided to rain on their parade. The European Commission has fined Apple €1.8 billion which is $1.95 billion USD for anti-competitive conduct against rival music streaming services. By rival music streaming services, that would be Spotify:

The European Commission has fined Apple over €1.8 billion for abusing its dominant position on the market for the distribution of music streaming apps to iPhone and iPad users (‘iOS users’) through its App Store. In particular, the Commission found that Apple applied restrictions on app developers preventing them from informing iOS users about alternative and cheaper music subscription services available outside of the app (‘anti-steering provisions’). This is illegal under EU antitrust rules.

I encourage you to read the full decision as I’m not sure that I buy into this reasoning. Regardless of whether you do or don’t buy into that reasoning, Apple is pretty ticked off about this decision:

Today, the European Commission announced a decision claiming the App Store has been a barrier to competition in the digital music market. The decision was reached despite the Commission’s failure to uncover any credible evidence of consumer harm, and ignores the realities of a market that is thriving, competitive, and growing fast.

The primary advocate for this decision — and the biggest beneficiary — is Spotify, a company based in Stockholm, Sweden. Spotify has the largest music streaming app in the world, and has met with the European Commission more than 65 times during this investigation.

Today, Spotify has a 56 percent share of Europe’s music streaming market — more than double their closest competitor’s — and pays Apple nothing for the services that have helped make them one of the most recognizable brands in the world. A large part of their success is due to the App Store, along with all the tools and technology that Spotify uses to build, update, and share their app with Apple users around the world.

That’s pretty much why I don’t buy into the EU’s decision. Spotify the last time I checked was the big boy on the block. So I unless I am missing something, I can’t see how Apple is the bad guy here. Yes, Apple aren’t saints and have been known to do things to take out or impair competition. But I’m honestly not seeing it here. Apple is going to appeal the decision and that appeal will be interesting to watch.

Leave a comment »