Xbox has announced the games it’s bringing to Xbox Game Pass in the second half of January, including Death’s Door, Hitman, and Danganronpa.Read More
Xbox Game Pass adds Death’s Door, Danganronpa in second half of January
Manslaughter charges follow Tesla driver’s Autopilot red light run
Enlarge (credit: Aurich Lawson | Getty Images)
Prosecutors in California have charged a Tesla driver with two counts of manslaughter as a result of a fatal crash in December 2019. According to the Associated Press, the National Highway Traffic Safety Administration confirmed that the Autopilot driver-assistance feature was active at the time of the crash. That makes this case notable in that these are the first felony charges to result from a fatal crash involving a partially automated driving system.
The fatal crash took place in Gardena, California, on December 29, 2019. According to reports, the Tesla Model S owned by Kevin Riad exited I-91, failed to stop at a red light, and then collided with a Honda Civic, killing both of that car’s occupants, Gilberto Alcazar Lopez and Maria Guadalupe Nieves-Lopez. Within days, the NHTSA announced it would investigate the incident—one of a growing number of cases involving Tesla Autopilot that the agency is looking into.
The AP reports that no one involved with the case is prepared to talk publicly ahead of a preliminary hearing on February 23, although it notes that Riad pleaded not guilty. The families of both victims are suing Riad and Tesla in separate lawsuits, alleging that Riad was negligent and that Tesla has sold defective vehicles. The cases are expected to reach court in 2023.
Read 1 remaining paragraphs | Comments
Samsung announces Exynos 2200 with AMD “Xclipse” GPU
Enlarge / The Exynos 2200. There’s an AMD GPU in there. (credit: Samsung)
The bizarre story of the Exynos 2200 continues. Samsung LSI’s flagship smartphone chip was supposed to be announced a week ago at a widely publicized event, but the day came and went with no announcement. Samsung made the unprecedented move of no-showing its own launch event, fueling rumors of troubled chip development and behind-the-scenes dysfunction at Samsung.
The day after the chip was supposed to launch, Samsung said, “We are planning to unveil the new application processor at the time of launching a new Samsung smartphone,” which most watchers assumed was the Galaxy S22 launch in February. It turns out that wasn’t the right timing for the unveiling, either, and the chip was surprise-announced last night.
Now, the Exynos 2200 is finally official. The headline feature is a new “Samsung Xclipse 920 GPU” that was co-developed by AMD. Samsung says the GPU uses AMD’s RDNA 2 architecture, the same as AMD’s Radeon desktop GPUs, and will bring “hardware-accelerated ray tracing” to mobile devices.
Read 5 remaining paragraphs | Comments
Safari and iOS users: Your browsing activity is being leaked in real time
Enlarge (credit: Getty Images)
For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time.
The same-origin policy is a foundational security mechanism that forbids documents, scripts, or other content loaded from one origin—meaning the protocol, domain name, and port of a given webpage or app—from interacting with resources from other origins. Without this policy, malicious sites—say, badguy.example.com—could access login credentials for Google or another trusted site when it’s open in a different browser window or tab.
Obvious privacy violation
Since September’s release of Safari 15 and iOS and iPadOS 15, this policy has been broken wide open, research published late last week found. As a demo site graphically reveals, it’s trivial for one site to learn the domains of sites open in other tabs or windows, as well as user IDs and other identifying information associated with the other sites.
Read 9 remaining paragraphs | Comments
Peugeot thinks its wingless 9X8 race car can win Le Mans
Enlarge / Peugeot’s 9X8 seen testing at Aragorn in Spain in late December 2021. (credit: Peugeot)
With the introduction of the new Hypercar class, Peugeot will try to do something unheard of in more than 50 years—win the 24 Hours of Le Mans without a rear wing. The French automaker raised a few eyebrows when the first pictures of its wingless race car became public last summer, since big rear wings have been part and parcel of racing for decades. But the 9X8 took to the track last month for its first test, and as you can see, it’s still sans aile.
The 9X8 is designed to compete under the new Hypercar rules, which are complicated and unfriendly to the casual fan. Not all Hypercars have to be hybrids, but the 9X8 is. Behind the cockpit and ahead of the rear wheels that it powers is a new 2.6 L Biturbo gasoline V6, good for 500 kW (670hp). Ahead of the driver’s feet, you’ll find a 200 kW (268 hp) electric motor-generator unit. To keep speeds safe, the total output is capped at 500 kW by the 9X8’s electronic brain.
The 908 Hybrid4 should have raced against the Audi R18 e-tron quattro and the Toyota TS030 hybrids in 2012. (credit: Peugeot)
Although the 9X8’s powertrain is all new, it’s not actually Peugeot’s first hybrid endurance racer. That honor goes to the 908 Hybrid4, which was meant to contest Le Mans in 2012. Instead, Peugeot shuttered its racing program early after an economic downturn and layoffs made such side activities untenable.
Read 7 remaining paragraphs | Comments
AI is the key to fixing identity security, ForgeRock CEO says
ForgeRock CEO Fran Rosch says the company’s zero trust approach to identity security is driven by advanced AI algorithms.Read More
GamesBeat Summit metaverse event will feature Women in Gaming virtual breakfast
Our GamesBeat Summit: Into the Metaverse 2 event will feature our third Women in Gaming virtual breakfast on January 27.Read More
Security Tools Help Bring Dev and Security Teams Together
Software development teams are increasingly focused on identifying and mitigating any issues as quickly and completely as possible. This relates not only to software quality but also software security. Different organizations are at different levels when it comes to having their development teams and security teams working in concert, but the simple fact remains that there are far more developers out there than security engineers.
Those factors are leading organizations to consider security tooling and automation to proactively discover and resolve any software security issues throughout the development process. In the recent report, “GigaOm Radar for Developer Security Tools,” Shea Stewart examines a roundup of security tools aimed at software development teams.
Stewart identified three critical criteria to bear in mind when evaluating developer security tools. These include:
- Vendors providing tools to improve application security can and should also enhance an organization’s overall security posture.
- The prevailing “shift-left” mindset doesn’t necessarily mean the responsibility for reducing risk should shift to development, but instead focusing on security earlier in the process and continuing to do so throughout the development process will reduce risk and the need for extensive rework.
- Security throughout the entire software development lifecycle (SDLC) is critical for any organization focused on reducing risk.
Figure 1. How Cybersecurity Applies Across Each Stage of the Software Development Lifecycle *Note: This report focuses only on the Developer Security Tooling area
Individual vendors have made varying levels of progress and innovation toward enhancing developer security. Following several acquisitions, Red Hat, Palo Alto Networks, and Rapid7 have all added tooling for developer security to their platforms. Stewart sees a couple of the smaller vendors like JFrog and Sonatype as continuing to innovate to remain ahead of the market.
Vendors delving into this category and moving deeper into “DevSecOps” all seem to be taking different approaches to their enhanced security tooling. While they are involving security in every aspect of the development process, some tend to be moving more quickly to match the pace of the SDLC. Others are trying to shore up existing platforms by adding functionality through acquisition. Both infrastructure and software developers are now sharing toolsets and processes, so these development security tools must account for the requirements of both groups.
While none of the 12 vendors evaluated in this report can provide comprehensive security throughout the entire SDLC, they all have their particular strengths and areas of focus. It is therefore incumbent upon the organization to fully and accurately assess its SDLC, involve the development and security teams, and match the unique requirements with the functionality provided by these tools. Even if it involves using more than one at different points throughout the process, focus on striking a balance between stringent security and simplifying the development process.
Read more: Key Criteria for Evaluating Developer Security Tools, and the Gigaom Radar for Developer Security Tool Companies.
The post Security Tools Help Bring Dev and Security Teams Together appeared first on Gigaom.
APM Solutions Venture into AI and DevOps
For a market segment as stable as application performance monitoring (APM), for individual vendors—even mature established vendors—to stand out requires a unique approach or feature set. At the very least, APM tools must now keep tabs on applications running in myriad locations, whether on-premises, on public or private cloud platforms, distributed as a microservice, or on a mobile device.
In his latest report, “GigaOm Radar for Application Performance Monitoring (APM),” analyst Ron Williams evaluates a number of current APM offerings. He reports standards within the APM space are minimal, but several solutions are starting to differentiate themselves by sharing data in vendor-agnostic formats.
The use of AI is increasing among virtually all vendors reviewed in this report. While AI/ML can analyze massive amounts of data and more quickly provide valuable insights, all the APM vendors are delivering differing levels of true AI functionality.
Adopting OpenTelemetry is becoming a factor, but remains slightly less prevalent than AI. The open-source project OpenTelemetry could provide a consistent method of transferring vendor-agnostic libraries and APIs to help gather and distribute trace, metric, and log data; which should help APM vendors focus more on system functionality and less on data transfer. While almost all vendors are incorporating AI, not all are embracing OpenTelemetry, so this will remain a factor to watch.
Table 1: Impact of Features on Metrics
Some of the more established APM vendors have made implementation easier within existing environments already invested in their other solutions. This includes companies like BMC, Broadcom, and Micro Focus. Adopting their APM offerings is more straightforward when added to their other infrastructure components.
Not surprisingly, Microsoft follows a similar path. In his report, Williams states Microsoft’s APM tool fits in well for shops adopting “everything Microsoft.” There are advantages to this approach, as other APM solutions can indeed monitor .NET environments, but don’t quite reach the scope or depth of which Microsoft is capable.
Among the more present challenges to be mindful of when considering APM are deployment and implementation costs. These costs can be a challenge to accurately determine across hybrid cloud and on-site environments. Vendors naturally provide professional services to assist with implementation, but that further adds to the cost.
Something to watch for in the future of APM solutions is increasing levels of DevOps integration and predictive analysis. IBM Instana is already moving in that direction by featuring CI/CD integration, and the Netreo now features anomaly prediction.
Read more here: Key Criteria for Evaluating APMs, and Gigaom Radar for APMs
The post APM Solutions Venture into AI and DevOps appeared first on Gigaom.
Walnut, a personalized product demo and analytics platform, raises $35M
Walnut is a “sales and marketing demo experience platform,” which basically means that it helps anyone create interactive product demos.Read More