By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

The Tor Project team has announced the release of Tor Browser 12.0, a major version release introducing support for Apple Silicon chips and several enhancements for the Android version. Tor is a Firefox-based browser created for accessing special .onion domains only accessible on the Onion network and browsing the web with more anonymity and privacy. The browser achieves this by routing traffic through network nodes while encrypting network data. The connection requests reach the destination through an exit node that is used to relay the information back to the user. Tor browser version 12.0 is based on Firefox 102, an upgrade from Firefox version 91, which was used as the base for the previous Tor release, v11.5. This means that all security fixes, performance enhancements, and code improvements Firefox implemented in the new ESR (Extended Support Release) have now landed on Tor. One notable new feature on Tor 12.0 is the introduction of native support for Apple Silicon chips, i.e., M1 and M2 devices. Tor now uses a universal binary that bundles x86-64 and ARM64 builds and automatically picks the correct version for the platform it runs on. The main benefit of native support for Apple's new architecture is better performance of the Tor browser on macOS systems. Android, which has been previously neglected by the Tor Project team, receiving infrequent updates and delays in getting new features, is now catching up to the desktop version. "Since the beginning of the year, our developers have been working hard to recommence regular updates for Android, improve the app's stability, and catch up to Fenix's (Firefox for Android's) release cycle," reads Tor's release announcement. "The next phase in our plan for Android is to begin porting selected, high-priority features that have recently been launched for desktop over to Android." Tor version 12.0 introduces the http-only mode that first landed on version 11.5 for desktops, which enables the browser to automatically switch to the http version of visited sites when available. http is preferable to HTTP connections because the information exchange between the site visitor and the server hosting the site is encrypted, preventing man-in-the-middle attacks and sensitive data exposure. Another new feature added in the Android version of the Tor browser is "prioritize .onion sites," which redirects to the '.onion' version of the visited site if available. The new option was added to the 'Privacy and security settings menu. To learn more or to download please visit OUR FORUM.

Intel's plans for the workstation market with its Sapphire Rapids-WS are taking shape as a well-known hardware leaker published preliminary specifications for the new CPUs. Intel's lineup of next-generation Xeon products for workstations and high-end desktops will include overclockable CPUs with up to 56 cores, eight memory channels, and 112 PCIe lanes if the information revealed by reputable hardware leaker Enthusiastic Citizen (ECSM_Official) is correct. Intel's family of next-generation Xeon W processors for W790-based workstations will reportedly consist of two families of products that will offer slightly different capabilities. The Xeon W 3400-series CPUs will be derived from a multi-chiplet Sapphire Rapids design and will feature up to 56 cores, eight DDR5 memory channels, and 112 PCIe lanes. In addition, CPU cores used by these processors will be Golden Cove-derived cores with AVX-512 and AMX instructions enabled. By contrast, the Xeon W-2400-series processors will use a single-die design with up to 24 cores, four DDR5 memory channels, and 64 PCIe lanes. Intel's Xeon W-2400 and W3400-series processors are expected to come in LGA4677 packaging and use W790-based workstation motherboards. One of the first W790 mainboards leaked last week, which suggests that some of Intel's partners are getting ready to ship these products sooner rather than later. Meanwhile, a rumor suggests that Intel only intends to roll out its W790 platform next April, so it is too early to ship appropriate motherboards. Then again, Intel has never officially confirmed the launch timeframe for its W790 platform and only confirmed that this one is designed for workstations. Intel's Xeon W-3400-series lineup will allegedly include nine models, four of which will be overclockable. Even the flagship Xeon W9-3495X is expected to come with an unlocked multiplier making for overclocking support. Linux boot logs unearthed earlier this year essentially confirm the existence of Intel's Xeon W-3400-series CPUs (which come with AVX-512 and AMX enabled). Still, they also mention the Xeon W9-3495 (non-X) CPU clocked at 1.80 GHz base, which Enthusiastic Citizen does not list. We have no idea whether Intel changed its plans concerning its Sapphire Rapids-WS lineup in July, but we are dealing with preliminary information, so some details may be inaccurate. Intel's Xeon W-3400-series relies on Sapphire Rapids silicon, which will offer AVX-512 support and AMX instructions for artificial intelligence and machine learning applications. Advanced Matrix Extensions is a tiled matrix multiplication accelerator, a grid of fused multiply-add units supporting BF16 and INT8 input types that can be programmed using only 12 instructions and perform up to 1024 TMUL BF16 or 2048 TMUL INT8 operations per cycle per core. More complete details can be found on OUR FORUM.

You can't update to Windows 12 yet, but here's when you might be able to, and what features to expect. Windows 12 could be Microsoft's replacement for Windows 11... in 2024.  Yes, it's still very early to be giving this any serious thought, plus nothing is official yet. But Windows' long history has us wondering what's in the queue for the next big update. Some changes we think Windows 12 could bring include UI enhancements, better Android app support, and increased reliance on the Settings app. We should start by saying we can't verify yet that Windows 12 is even real. It's not that we think Microsoft will pull a Windows 9 move and skip over this version to land on W13—we just haven't heard anything official from the company. That said, we do think it's coming. It's just not clear when. There is one rumor we've seen that points to an upgraded OS. Tom's Hardware spotted a mention by the German website Deskmodder.de that Microsoft would begin working on Windows 12. Remarkably, that was in February 2022, less than six months after Windows 11 was first available to the public! We're not sure if that source is reliable, but whether this version is being actively developed or not, Windows 12 won't arrive for a while longer, considering how close we still are to the Windows 11 launch. Looking back at the last several major Windows versions, there isn't a consistent timeline we can use to gauge when Windows 12 will come. But, we can still guess.  Before its public release, Windows 12 will probably follow a similar release structure as other versions of Windows. For example, the first Windows 11 Insider Preview build was available a few days after Microsoft announced the OS and a few months before its public release. A similar timeline is expected for this version, so you should be able to access a pre-release build of Windows 12 through the Windows Insider Program whenever that time comes. There's a good chance Windows 12 will be offered as an optional, free update for Windows 11 users, and possibly Windows 10 users, who have a valid copy of Windows. If you need a new license, we think you'll be able to get the digital version from Microsoft's website, or through other retailers on a USB device. As with any big OS update, there will surely be countless minor updates and changes under the hood. This should translate to things like better overall performance, new icons and animations, and additional settings you can tweak. Nothing is confirmed, and won't be for a while, but here are some bigger ideas that could make their way into Windows 12: The 2022 Microsoft Ignite keynote might have given us a glimpse at the Windows 12 user interface. The taskbar is only a little different from the existing one we've grown familiar with over the years because it's just slightly hovering over the bottom of the screen. The search bar, however, has never existed at the top like that and is definitely not entirely detached from the taskbar. Windows Central claims that there are plans for other UI changes, too, like a new lock screen and notification center, all in an effort to create a consistent interface across Microsoft's product line that will work for both touch and keyboard users. And that's to be expected with any major release. Below is a neat look at what Windows 12 could look like from Concept Central. It shows a new Start menu, an idea for a built-in messaging client called Windows Messenger, a redesigned volume hub, and desktop widgets. We also like this W12 concept from designer Kevin Kall. Follow this thread and more on OUR FORUM.

Sometime soon, Twitter will crash badly. Here's why. Elon Musk has taken over Twitter, and it appears he's already failing on his promise not to turn Twitter into a 'free-for-all hellscape.' But, I'm not here to talk about his policy blunders. That's a story for another day. No, I'm here to predict that Twitter, the site, will soon crash. And, once it fails, it won't be coming up for a while. Why? Simple. You can't lay off half of the staff of a cloud-based social network and expect things to keep running smoothly for Twitter's 450 million monthly active users. Indeed, Twitter accounts are already failing in odd ways. For example, Benjamin Dreyer, author of "Dreyer's English" and copy chief of Random House, found that the vast majority of replies to one of his tweets were vanishing into the aether. He wasn't the only one. Even Musk appears to have realized that maybe firing every other person was a mistake. On Monday, November 7th, he tried to get workers, especially software engineers, to return. Good luck with that. According to my Twitter sources and tweets on the site, they're not coming back. As Gergely Orosz, editor and author of the popular software engineering and management blog, The Pragmatic Engineer, said, "Several people who were let go on Friday, then asked to come back were given less than an hour as a deadline. Software engineers who got this call ... all said 'no' and the only ones who could eventually say 'yes' are on visas." Managers, according to my sources and Orosz, are "getting desperate, trying to call back more people. People are saying 'no' + more sr engineers are quitting." Orosz added, "None of this is surprising. As a rule of thumb, you get an additional half attrition after you lay off X% of people. Lay off 10%: expect another 5% to quit. Lay off 50%... not unreasonable to expect another 25% to quit." And, you can't expect to replace social network and cloud experts with Tesla embedded system engineers and get anything done. I'm a good technology and business writer, but no one in their right mind would hire me to write opera arias. Let's look at Twitter's technology, shall we? Twitter runs on CentOS 7. This free Red Hat Enterprise Linux (RHEL) clone comes to the end of its life at the end of June 2024. The leading choices for what to replace it with should be RHEL 9, Rocky Linux, or AlmaLinux. But instead of working on that transition, what few system administrators Twitter has left are both trying to get the platform ready for Musk's laundry list of new features and keeping it patched and up-to-date. That's a problem. You see, unlike RHEL, where a big part of the attraction is that you can depend on Red Hat for first-rate support, CentOS, Rocky, and AlmaLinux are all primarily meant for companies with in-house staff who already know Linux servers backward and forward. That's no longer the case at Twitter. For more visit OUR FORUM.

Containers are meant to be immutable. Once the image is made, it is what it is, and all container instances spawned from it will be identical. The container is defined as code, so its contents, intents, and dependencies are explicit. Because of this, if used carefully, containers can help reduce supply chain risks. However, these benefits have not gone unnoticed by attackers. A number of threat actors have started to leverage containers to deploy malicious payloads and even scale up their own operations. For the Sysdig 2022 Cloud-Native Threat Report, the Sysdig Threat Research Team (Sysdig TRT) investigated what is really lurking in publicly available containers. Docker Hub is the most popular free public-facing container registry. It houses millions of pre-made container images in convenient, self-contained packages with all required software installed and configured. Public registries also host official content and images signed by Verified Publishers, which adds some level of trust that they are not malicious and can be used safely. While public registries save developers time, if a user is not careful, there could be malicious aspects to the container they pull. With so many containers to choose from, it is easy to choose the wrong one. Threat actors also appreciate how much friction this technology removes from developer workflows. They count on the fact that many developers may not examine what exactly is being installed. According to the Sysdig threat report, DockerHub is being used by malicious actors to deliver malware, backdoors, and other unwelcome surprises to users and companies. One specific practice to watch out for is typosquatting, which is when an image is disguised as legitimate while hiding something nefarious within its layers. Its name can be just a letter off the real thing, or the attacker might rely on a developer carelessly copying some instructions containing the bad path. Sysdig TRT found images shared by suspicious users with names to appear as popular open-source software in order to trick users. For example, popular packages like Drupal and Joomla have had their names used in order to disguise malicious payloads. Deploying these images means opening the doors of our environment to attackers, letting them pursue their goals or move internally to business-critical assets. The Sysdig TRT analyzed more than 250,000 Linux images over several months. During the research, 1,777 images were found to contain various kinds of malicious IPs or domains and embedded credentials. Upon taking a closer look, we see that cryptomining images are the most common malicious image type. This is quite expected because mining cryptocurrency on someone else’s compute resources is the most prevalent type of attack targeting cloud and container environments today. Embedded secrets in Docker images is the second most prevalent attack technique. In this case, attackers insert secrets in an image and use this information to get a foothold in your environment and then try to move laterally. For example, an SSH key can be added, which could allow for simple remote access or AWS keys could be added to give them cloud capabilities. This highlights the persistent challenges of secrets management is still a battle we need to win. To learn more visit OUR FORUM.

The birth of the Internet in the 1990s and its subsequent expansion into every aspect of our lives began a digital revolution that has since refused to slow down. With it has come unimagined functionality, equipping us with instant access to information and communication. Those born before the Digital Enlightenment could never have imagined the power to cast aside unanswered questions with a mere "Google". Gazing across the digital expanse with our infantile stare, we failed to notice another set of eyes looking back at us. Those eyes belong to the world’s largest companies -- Big Tech giants like Facebook and Google -- who are continuously monitoring our movements across the Internet. Every time we open a website or App, our journeys are tracked and hunted down by a pack of algorithms designed to determine our interests -- products, ideas, and brands that we may feel positively towards. This data is coveted by advertisers; it is the elixir that enhances their powers of persuasion and consumer targeting and, inevitably, sales. This insatiable demand has propelled Big Tech’s rampant profiteering and extraction of consumer data. Stunned by the pace of digital expansion, consumers have failed to recognize how our data -- of which we are the sole producers -- is sold off to help influence our future decisions and expenditure. Although there have been some advancements made, such as the withdrawal of third-party cookies in some applications and regions, these have only come about due to societal pressure. Further change will not come until that pressure intensifies. We may have been the children of the Digital Age, but we must recognize that the Internet is no longer in its infancy, and neither are we. We must re-evaluate our perceptions with the experience of more than two decades behind us. We must consider how we fooled ourselves into believing that our data holds no personal value and that the sharing of our digital diaries is an inescapable part of the Internet…But what precisely is that value? To give an estimate, advertisers spend approximately £27 billion a year on digital marketing in the UK alone, which for the most part goes straight to Big Tech. This equates to around £80 per household per month. This staggering evaluation leaves little doubt as to why our data has been so exploited -- it is a precious commodity, yet one in which its creators hold no share of the reward. Advertisers are partially responsible for encouraging such pervasive and unjust looting of consumer data. Ultimately, it is the enormous paycheck that they have provided Twitter, Facebook and co. that has encouraged this activity. Advertisers must play their part in changing this. But first, consumers must embolden themselves by resisting this digital hegemony. We must demand remuneration for our data by moving en masse to direct-consumer marketing platforms that return cash rewards in exchange for data. Advertisers must also facilitate this transition; with direct access to target consumers through such platforms, they have a unique opportunity to change their mission statement from selling to selling and rewarding, realizing this by offering consumers exclusive benefits and cash rewards for their data. Such platforms allow consumers to determine the level of data access they wish to share, with rewards varying dependently. For instance, a consumer may choose to provide copies of their shopping receipts while remaining anonymous for an entry-level cash reward. Meanwhile, the most active consumers help develop the platform’s feedback loop and in exchange receive access to higher-value cash rewards. Within this setup exists an intrinsic market evaluation for consumer data that commissions its creators on a quid pro quo basis. Follow this thread on OUR FORUM.