A mother expressed her concern about extremist content poisoning the minds of boys as they use the internet, in a post that went viral. She thinks there are warning signs parents should heed.

In an age where anyone can access just about anything on the internet, white boys in the US seem particularly at risk from dangerous radicalisation online.

Many mass shooting suspects in the US have three things in common: They are young, white and male.

The suspect behind the El Paso shooting that killed 22 people in Texas is believed to have posted a racist manifesto online.

Police investigating a deadly attack in Dayton the following day said the gunman was influenced by a “violent ideology”, although no motive has been disclosed.

The dangers of the internet are not a novel talking point for parents and teachers, but these most recent tragedies have sparked renewed debate over what families can – and should – do when it comes to raising white boys in America.

“The red flags started going up for us when, a year or so ago, [our kids] started asking questions that felt like they came directly from alt-right talking points,” says Joanna Schroeder, a Los Angeles-based writer, media critic and mother of three.

She tells the BBC one of her two sons began to argue “‘jokey’-toned alt right positions”, asking questions like why black people could “copy white culture but white people can’t copy black culture”. She began learning about how other boys their age were sharing sexist and racist memes – likely spreading from online forums.

Last week, Ms Schroeder’s Twitter thread about parenting white boys in a world rife with easy access to extremist viewpoints by monitoring their social media and teaching empathy became a widespread talking point, amassing nearly 180,000 likes, 8,500 comments and shares across social platforms.

“Not all jokes indicate your kid is buying into dangerous ideology,” she says. “The bigger question for parents to ask themselves when their kids make racist, sexist or homophobic jokes is whether their kids understand the deeper implications of what they’re saying.”

But some derided her suggestions to track social media as an infringement on a child’s privacy and an overreaction.

Others said the arguments did not apply just to white boys, and focusing on one race made the issue problematically less inclusive. They also pointed the finger at mainstream media for conflating conservative or non-liberal views and values with bigotry and white supremacy.

Some experts say social media algorithms are fuelling a worldwide rise in extremist views or conspiracies by creating echo-chambers online. And while it’s certainly not just boys who are affected by internet propaganda, in the US at least, it seems that it is driving young men in particular to lash out most violently.

One teenager who replied to Ms Schroeder’s tweet said: “I’ve seen this happen to people that I was surrounded by in high school. Watched how the divide formed between those that were heavily affected and those that weren’t.”

A gaming video on YouTube could include a suggestion to something political, for example.

“And that is likely to be content carefully curated to attract young men,” Ms Schroeder says. “After they watch one of those, the next videos in the series may grow more and more extreme.”

Earlier this month, the New York Times published an investigation into the ways YouTube helped empower Brazil’s far-right by systematically recommending conspiracy channels and far-right content to its users.

The Times reported that the effects of directing viewers to this content have been seen in Brazilian schools, its public health system, and of course, politics. Ahead of his election, President Jair Bolsonaro was a star in Brazil’s far-right YouTube community.

Tom Rademacher, an eighth grade teacher in Minnesota, says schools can do more to step in and “interrupt some of this radicalisation” without knocking down any particular political or ideological groups.

“We should be teaching critical thinking and empathy. We shouldn’t be teaching kids what to think, but we can teach kids how to listen to people who think differently from them.”

‘Domestic terrorism’

The motivation behind mass shootings can vary enormously, and sometimes the police are unable to find a reason at all.

But the FBI is increasingly ready to class such attacks as “domestic terror” when appropriate – as it did recently with El Paso and the garlic festival tragedy in California – which means it believes there is a connection to a US-based group espousing a violent ideology.

In July, FBI director Christopher Wray told the Senate that the majority of domestic terrorism cases were “motivated by some version of what you might call white supremacist violence”.

Sociology Prof Margaret Hagerman at Mississippi State University spent two years studying a group of affluent white families and the way they discussed and taught about race.

Prof Hagerman says she was surprised to learn that many of these parents believed their children had no ideas about race and were “colourblind”.

“When I spent time one-on-one with the kids or when they were with friends it was very apparent they had all kinds of ideas about race, racism and inequality,” she says. “Children are learning about race in America through all different aspects of their everyday lives.”

She says parents should think about how they construct their child’s upbringing, and how living in a primarily white neighbourhood and going to a primarily white school, for example, might “convey particular messages” that leave children unprepared to deal with encountering things like white supremacist ideologies online.

Media playback is unsupported on your device

“I often hear parents tell me they feel uncomfortable talking about racism with other adults. I’m struck by that, because if white adults can’t have conversations about racism in America with other white adults, I don’t understand how they think they’re prepared to have those conversations with children.”

Mr Rademacher described one group of white boys in his classroom who repeatedly mocked race, gender and sexuality in a way he believes came from online forums. Scolding did nothing to curb the behaviour, so Mr Rademacher invited them for a discussion over lunch instead.

One student told him that “as white boys, they were so consistently worried about being called racist that they made jokes to each other within their private group chat almost as a form of gallows humour – to toy with the thing that they were most scared of, felt the most attacked for.”

Mr Rademacher says that after a conversation about how to share their feelings, some of the boys even joined the school’s anti-racist leadership group.

“They’re still young boys,” Mr Rademacher emphasises. “They’re trying to figure out where the line is. Why things are funny and why things are offensive.” And white teenagers are “ripe for radicalisation” now amid broader cultural changes that make them “feel like they’re under attack” from mainstream society, he says.

Meme-culture, gamer-culture and white nationalist culture can overlap and inform each other, he adds, and it’s all too easy for them to start with one and travel to the other without knowing it.

What can be done?

Ms Schroeder says parents need to intervene because children will not often stop to critically examine the arguments they hear online. Ask where they heard the remark and say you want to understand the context, she suggests.

“I always try to start with, ‘I know you never want to hurt anyone, so I want to explain to you why that joke isn’t appropriate and why it’s hurtful. That way you’ll know why we don’t want you to say that again.'”

Mr Rademacher says it’s important teachers keep in mind that parents can get defensive too if their children are shamed. “Emailing a parent and saying I think your kid is going to be a white nationalist – that’s irresponsible.”

But many parents are worried about what their children have access to online.

“The dumb mistakes we used to make are now the dumb mistakes that make you national news for a week. So if you can have parents be partners in that situation it’s a lot better.”

Mr Rademacher says that implementing some of these ideas into a yearlong curriculum would be an easy way to tackle internet radicalisation. But parents who fear it would be “anti-white” are mistaken.

“What I mean is the classroom can be a place where kids can explore without being shamed. When we apply shame to a group we are pushing them down a much more negative path.”

In Ms Schroeder’s words: “Our kids need to know that we expect them to be kind, respectful and honest – not because we think they aren’t those things already – but because we know that they have innate goodness inside of them.”

Officials suspect a coordinated extortion campaign

Twenty-three towns in Texas have been targeted with ransomware in what appears to be a coordinated attack.

On Friday, the Texas Department of Information Resources (DIR), which handles state IT operations, said at least twenty local government entities had been affected.

The following day, the DIR said reports from local governments came in Friday morning and the State Operations Center began operating day and night to deal with the crisis.

“At this time, the evidence gathered indicates the attacks came from one single threat actor,” the DIR said in a statement. “Twenty-three entities have been confirmed as impacted. Responders are actively working with these entities to bring their systems back online.”

Ransomware involves malicious code that encrypts an organization’s files and demands payment for access to the encryption key that will – possibly – unlock the files.

In response to an inquiry from The Register, a spokesperson for the DIR said the agency has not named the affected entities or the attack vector used. Reports have suggested attack employed the Sodinokibi ransomware; the DIR declined to confirm this.

The DIR spokesperson had no information to provide about whether the towns in question have access to data backups.

On Monday afternoon, the City of Borger, Texas, said in a statement that it was among the municipalities affected by the attack. The statement says City operations have been affected but the City has activated its continuity of operations plan to assure continued delivery of basic and emergency services. Work is underway to restore affected systems but it’s not yet clear how long that will take.

Ransomware attackers have gone from ‘spray and pray’ to ‘slayin’ prey’

READ MORE

“Currently, Vital Statistics (birth and death certificates) remains offline, and the City is unable to take utility or other payments,” the City said. “Until such time as normal operations resume, no late fees will be assessed, and no services will be shut off.”

No customer credit card or personal information has been compromised, the City said, adding that no further information about the origin of the attack will be released until the investigation is complete.

Ransomware attacks have hit government entities in all US states except for Delaware and Kentucky, cybersecurity biz Recorded Future said in May. Examples of such incidents have occurred in Florida and Maryland, as well as cities in other countries, such as Johannesburg, South Africa last month.

The security shop said ransomware attacks on state and local governments are on the rise, though it conceded that its metrics may be incomplete because such incidents are not necessarily reported.

In a phone interview with The Register, Sean Curran, a senior director with West Monroe Partners, a management and technology consultancy, said there has been a shift over the past few years in the way attackers go after data.

“Ransoming data has a bigger impact and a bigger payday than trying to resell stolen personal information,” he said. “It’s a more direct, immediate return.”

Curran said ransomware appears to be extremely profitable and many organizations haven’t yet revised their security posture to account for the possibility. “Many companies don’t test their backups to make sure they’re functional or move them off-site so they can’t be deleted,” he said, noting that the first thing ransomware attackers do is delete accessible backups.

Organizations, he said, should make sure they’ve stored their data somewhere safe. “Sometimes old school is best,” he said. “Tapes are really hard to steal from.”

He also advised organizations to inform employees about the dangers of phishing, which is often how malware gets onto an organization’s network.

“In almost every ransomware attack we’ve looked at, the company was been compromised six to nine months before the attack was launched,” he said, noting that allows the attacker to conduct reconnaissance.

When the attack occurs, he said, it tends to happen at a time when few people are around monitoring IT systems, because it can take time to encrypt large amounts of data. ®

Sponsored: Your Data Deserves Better: From Analytics to Action

Order banning any further infringement stays, as does Big Red’s legal bill

The quantum legal battle between Oracle and Rimini Street continues, with an appeals judge this month confirming Rimini can’t claw back the $28.5m it was forced to cough up to foot Oracle’s lawyer bills. And, yes, Rimini is still banned from ripping off Oracle’s intellectual property.

We say quantum because the case always appears to be in a superposition of Oracle and Rimini both claiming victory simultaneously.

The case in question is that very long-running spat over copyright theft by bargain-basement enterprise software support biz Rimini Street. Back in 2015, after a five-year struggle through the courts, Rimini was ordered to pay Oracle damages for downloading and distributing Big Red’s support materials without proper permission. Ever since then, Rimini has been wrangling to overturn that finding, and slash the amount it has to pay out, appealing the matter all the way to the US Supreme Court and back again.

In Oracle’s corner, a spokesperson told us on Monday that a Ninth Circuit Court of Appeals ruled on Friday that Rimini can’t claim back the $28.5m it was ordered to pay out to cover the database giant’s attorneys’ fees from earlier court hearings, despite Rimini’s protests. According to Oracle, Rimini has, to date, handed $90m over to the Silicon Valley goliath as a result of the copyright debacle.

In addition, the appeals court upheld a permanent injunction [PDF] issued by a lower court ordering Rimini Street to not “reproduce, prepare derivative works from, or distribute [Oracle-owned] PeopleSoft, J.D. Edwards, or Siebel software or documentation,” without permission, subject to other conditions, and to simply never “reproduce, prepare derivative works from, or distribute Oracle Database software.”

What links US Supreme Court, copyright legal bills, and stadium hot dog prices? A: Oracle

READ MORE

“We are extremely gratified that the Ninth Circuit affirmed the permanent injunction and attorneys’ fees award,” said Dorian Daley, Oracle’s executive vice president and general counsel, in a canned statement.

“It is long past time for Rimini – a dishonest, serial infringer – to cease its unlawful conduct, to respect Oracle’s intellectual property rights, and to abide by the rulings in this case.”

The Larry-Ellison-founded biz added that it was glad the appeals court rejected “Rimini’s absurd claim that it had prevailed at a trial where the jury found Rimini infringed Oracle’s copyrights.”

Meanwhile, in Rimini’s corner on Monday, the support outfit was happy with last week’s ruling, and everything in general, pretty much.

“Oracle lost 23 of 24 claims it originally pursued against Rimini Street in this case, with the jury finding that Rimini Street engaged in ‘innocent infringement’ on the remaining claim,” Rimini beamed in a statement.

It also reiterated it stopped illegally sharing Oracle’s copyrighted materials way before it was ordered to cease doing so by a judge: “Rimini Street had voluntarily stopped using the legacy processes that were found to be infringing before the 2015 trial and before the district court issued an injunction barring the use of those legacy processes in 2018.”

Finally, it said the latest ruling “defines the manner in which Rimini Street can provide support services for certain Oracle product lines,” and said it was still pondering going back to court to get that lawyers’ bill refunded. The fun never ends. ®

Sponsored: Map, migrate, manage: how to navigate Office 365 adoption

Dell-EMC storage blunder leaves Canucks fuming for four days

Dealing with email is possibly the most tedious daily exercise that the modern digital world has forced on us. But 13 million customers of Canadian ISP Telus have discovered that not having that problem is more of a burden.

Starting Thursday morning, the connection biz’s entire email system went down, with not a single email in or out. Such outages happen occasionally but rarely last more than an hour. In Telus’ case, however, customers really started getting annoyed when the issue still wasn’t resolved that evening – eight hours later.

The ISP’s support team tweeted a sad looking cheetah cub with the message “we’re sorry” but that did little to dampen anger as the issue stretched in 24 hours. The next morning: still nothing.

Swamped with angry users, the internet provider explained that the outage had occurred as a result of some borked Dell-EMC-built storage equipment, and that in the course of repairing and replacing it, they accidentally took telus.net offline.

But as hours have bled into days, it has become clear that someone is responsible for some catastrophically bad system design. Despite getting the system back up and running for “more than 90 per cent of customers” on Friday, Telus was directing them to access their email by logging into their accounts through a browser.

For those able to login to webmail, however, they found an entirely empty inbox. “It’s important to note that the webmail inbox will be empty except for new emails sent or received while we work to restore data from the old servers,” Telus explained, strongly implying that it had lost all of its millions of customers’ data and is having to dig into backups to rebuild it.

Not exactly the kind of thing you expect a huge ISP to need to do – as Telus itself has recognized: “As a technology company with a rich history in providing excellent customer service, we feel sick about this disruption and are doing everything we can to restore service as quickly as possible. Our team has been working nonstop since early Thursday morning and has all hands on deck to make this right.”

What the Dell?

What the hell happened? Well according to a different explanation on the Telus’ website: “This issue occurred during an overnight update to our servers in the early hours of Thursday, August 15, in partnership with our vendor Dell EMC, when a flawed repair procedure took the Telus.net email system offline.”

So, basically, Telus tried repairing some servers with the help of Dell EMC, and lost all the data on it, taking everything down.

But the time Friday evening came around, nearly 48 hours after the initial cock-up, Telus’ chief customer officer Tony Geherean – looking distinctly worn-out and non-plussed – was shoved in front of some office plants and told to apologize to camera.

“We’ve let you down and we are sorry,” he began the e-mea-culpa. “I want to personally apologize for the extended extensive email outage that began on Thursday and prevented many of you from accessing, sending or receiving emails from your Telus.net account.

“We know how vital email is to conduct important business, to communicate with family and friends, and to manage schedules and finances. This disruption is unacceptable and we are doing everything we can to resolve the mater as soon as possible.”

But he was also forced to acknowledge that 10 per cent of customers are still in the dark. “The issues with the remaining servers are complicated and is taking far longer to resolve this problem than we would like.”

It really is. Fast forward to Monday morning – four days later – and this is the latest update. “Starting immediately, customers still experiencing issues can access their inbox by visiting webmail.telus.net from an Internet browser. Please note, the webmail inbox will be empty except for new emails you send or receive while we work to restore data and smoothly integrate the old and new mailboxes together.”

Progress?

In other words, no clear progress has been made over the entire weekend. And Telus is now talking about “old and new mailboxes” suggesting a complete rebuild.

“Work is now underway to smoothly integrate the old and new mailboxes. Once this work is complete and the data is recovered, old messages will be restored to the mailbox and full access will be available.”

Generous Google gives Chrome users Inbox Zero: Sign-in outage boots own browser out of webmail, services

READ MORE

“Our entire leadership team is committed to learning from this experience to augment the strength of our globally-leading networks and ensure our customers never find themselves in this situation again,” Telus explained as part of its update.

In the meantime, we can only suggest that Telus customer shift to a third-party email provider that is far more stable. Like Google’s Gmail… wait, what’s that? ®

Sponsored: Reboot your Future – Practical Steps to the Cloud

Flawed code traced to home build system, vulnerability can be attacked in certain configs

Updated The maintainers of Webmin – an open-source application for system administration tasks on Unix-flavored systems – have released Webmin version 1.930 and the related Usermin version 1.780 to patch a vulnerability that can be exploited to achieve remote code execution in certain configurations.

Joe Cooper, one of the contributing developers, announced the patch in a blog post over the weekend.

“This release addresses CVE-2019-15107, which was disclosed earlier today,” Cooper said. “We received no advance notification of it, which is unusual and unethical on the part of the researcher who discovered it. But, in such cases there’s nothing we can do but fix it ASAP.”

The patch also deals with several XSS issues that were responsibly disclosed, he said, noting that a bounty has been paid to the researcher who reported them.

The bug at issue is a command injection flaw in the &unix_crypt function* used in the password_change.cgi file, used to check the password against the system’s /etc/shadow file. By adding a pipe command (“|”), an attacker can execute remote code.

To be vulnerable, Cooper said, the Perl-based software must have the Webmin -> Webmin Configuration -> Authentication -> Password expiry policy set to Prompt users with expired passwords to enter a new one.

“This option is not set by default, but if it is set, it allows remote code execution,” he said.

Webmin hole allows attackers to wipe servers clean

READ MORE

That may be the case for most versions – the vulnerability exists in versions 1.882 through 1.920 – but Webmin 1.890 is vulnerable in its default configuration.

The bug appears to have been revealed on Saturday, August 10, by Özkan Mustafa Akkuş at DEF CON and to have been made available as an exploit in a module for the Metasploit framework. The Webmin maintainers didn’t hear about it until Saturday, August 17, when they noticed people discussing the issue on Twitter and Reddit. The CVE was created Thursday, August 15.

Webmin has about 215,000 installations, according to a Shodan search (account required), and about 13,000 instances of the particularly vulnerable version 1.890.

Tiago Henriques, developer relations lead for Microsoft Azure and founder of binaryedge.io, puts that number higher at about 598,000 Webmin instances and 29,000 instances of version 1.890.

According to Cooper, the malicious code was introduced into Webmin and Usermin through the project’s build infrastructure. “We’re still investigating how and when, but the exploitable code has never existed in our GitHub repositories, so we’ve rebuilt from git source on new infrastructure,” he said.

In an email to The Register, Cooper said the malicious code – which appeared in the Sourceforge repo but not the GitHub repo – was introduced to Webmin on local package build infrastructure before it reached Sourceforge.

“Jamie [Cameron, the project’s primary author,] would know more details, but my understanding is that it was a build server in his home that had been in service for many years,” Cooper said.

“It was shut down a few months ago, but the build directories were copied over from backups to the new build system…so, the exploit came along with it. The new build is from new infrastructure and from a fresh git checkout; Jamie compared the exploited code against the git code, as well, looking for any other introduced code.”

Cooper said the bug is of fairly limited risk in the version of the software (Webmin 1.920, Usermin 1.770) that immediately preceded today’s patch because it requires changes to the default configuration.

“An earlier iteration, presumably introduced by the same attacker since it was introduced through the same vector, was more serious (in Webmin 1.890, and did not need any non-default options for a similar attack), and it took Jamie a while to find it (or even realize the reported bug was real) because it was not in git, so we were looking at, and trying to reproduce, against code that didn’t have the problem,” he explained.

The Register asked Cameron if he could shed any light on the origin of the server compromise, but he didn’t immediately respond. Cooper however suggested the project’s ability to investigate may be limited.

“The build server that was originally exploited is no longer available for forensics, so we’re kinda left guessing about how the attacker got in, but that’s maybe less useful than just putting in place practices that make that vector impossible to exploit again,” said Cooper. ®

Updated to add

* Cooper got in touch with El Reg after this story was published to say that the researcher’s explanation of the bug misses the mark. The issue isn’t the &unix_crypt function. Rather, he said, it “was due to an injected `qx//` in one of the function calls. Specifically, this line in password_change.cgi:”

$enc eq $wuser->{'pass'} || &pass_error($text{'password_eold'},qx/$in{'old'}/);

qx// is equivalent to backticks in Perl, so it runs whatever is in the // in a shell,” he said.

Cameron’s reply also arrived after we published. He said he is unable to say how the compromise occurred because the server was decommissioned shortly afterwards, eliminating any log files that could have been used for forensics.

“Unfortunately the file with the vulnerability inserted was migrated to a new machine, so it persisted into later releases – even though the build had been moved to a new and more secure environment,” he said. “Since this was detected, I’ve cross checked all code in GitHub with code on the build system to detect any other hidden vulnerabilities (there were none) and spent a bunch of time reviewing all recent commits. In the interest of full disclosure, I’m going to write up more details of what happened and publish it on webmin.com in the next day or two.”

Sponsored: Your Data Deserves Better: From Analytics to Action

Baffling bug forces folks to use Safari, IE, etc

A bizarre outage left unlucky Chrome users unable to sign into Google services, from Gmail to Google Docs to even Chromebooks, earlier today.

Using Chrome in incognito mode, or using a non-Chrome browser – such as Safari, Firefox, Edge, or Internet Explorer – allowed folks to get into their accounts, strangely enough. The US ad goliath said in the past few minutes its systems are gradually returning to normal, and potentially letting people in as usual via Chrome.

Netizens across at least America and Europe began noticing problems around 1000 Pacific Time (1800 UTC) with weird messages preventing them from logging into their Google-hosted accounts. While those who were already logged into services could continue to use them, anyone who signed out, or had a session expire, was unable to get back in when using bog-standard Chrome.

The outage affected Gmail and account admin consoles, as well as the web giant’s online productivity suite. Those who tried to get in were served a completely useless “Sorry, something went wrong there. Please try again” error message.

Outage map marking where complaints from netizens are piling in … Source: Downdetector.com

Google’s cloud platform revealed a few more technical details. “The issue with authentication to Google App Engine sites, Google Cloud Console, Identity Aware Proxy, and Google OAuth 2.0 endpoints should be resolved for the majority of customers and we expect a full resolution in the near future. We will provide another status update by Monday, 2019-08-19 13:30 US/Pacific with current details,” a status page stated in the team’s most recent update at time of writing.

“Some customers have reported success attempting to utilize an incognito window under the Chrome browser to login.”

Meanwhile, the Gmail team has declared the downtime more or less over: “The problem with Gmail should be resolved for the vast majority of affected users. We will continue to work towards restoring service for the remaining affected users, but no further updates will be provided on the G Suite Status Dashboard. Please rest assured that system reliability is a top priority at Google, and we are making continuous improvements to make our systems better.”

Google has yet to respond to a request for further explanation of the authentication screw-up. ®

Sponsored: Reboot your Future – Practical Steps to the Cloud

I want to get Huawei, I want to fry Huawei, yeah, yeah, yeah

Uncle Sam today granted another “extension” to Huawei, allowing the Chinese equipment manufacturer to continue to buy and use American electronic components and software despite being on an “entity list” of banned recipients of US tech.

The latest extension comes on the day that the Commerce Department’s previous “temporary general license” was due to expire. The extension will last 90 days, and is a repeat of the previous 90-day extension, granted back in May. The move also adds more than three dozen companies affiliated with Huawei to the so-called “entity list,” effective today, preventing them from using American code and technology without Uncle Sam’s unlikely permission.

Being on the “entity list” blocks, by default, Huawei and its pals from obtaining US-designed semiconductors, software, and other supplies, such as Qualcomm system-on-chips and Android operating system code, which are required to manufacture, upgrade, and repair equipment sold around the world. Huawei flogs smartphones, routers, switches, cellular gear, and other kit, to businesses in the US, Europe, and beyond, and may struggle to do so if it’s cut off from American tech – and if so, it will be unable to service and supply Western organizations, such as rural farms and cellphone networks, that rely on its products. Hence why Huawei’s getting another three-month extension.

“As we continue to urge consumers to transition away from Huawei’s products, we recognize that more time is necessary to prevent any disruption,” Commerce secretary Wilbur Ross said in a statement on Monday.

In response, Huawei said that the US government’s actions “violate the basic principles of free market competition,” and that they were “in no one’s interests, including US companies.”

“We oppose the US Commerce Department’s decision to add another 46 Huawei affiliates to the Entity List,” a spokesperson told El Reg.

“It’s clear that this decision, made at this particular time, is politically motivated and has nothing to do with national security. These actions violate the basic principles of free market competition. They are in no one’s interests, including US companies. Attempts to suppress Huawei’s business won’t help the United States achieve technological leadership. We call on the US government to put an end to this unjust treatment and remove Huawei from the Entity List.

“The extension of the Temporary General License does not change the fact that Huawei has been treated unjustly. Today’s decision won’t have a substantial impact on Huawei’s business either way. We will continue to focus on developing the best possible products and providing the best possible services to our customers around the world.”

Huawei, Huawei. Huawei, Huawei. Feeling hot, hot, hot: US threatens to cut UK from intel sharing over Chinese tech giant

READ MORE

Huawei has become a focal point of the Trump administration’s ongoing trade war with China. US officials have repeatedly claimed the Chinese mobe’n’router maker represents a national security threat. That claim has been challenged by other Western nations, however, which have carried out security audits in response from significant pressure from the US government, and so far found no evidence of wrongdoing.

This latest extension adds weight to the argument that Huawei is being used as a bargaining chip in the trade war – something that Huawei addressed head-on in its statement. “It’s clear that this decision, made at this particular time, is politically motivated and has nothing to do with national security,” the mobe maker said.

Talks aimed at ending the growing trade war between the US and China are expected to continue this week and follow a phone call between US president Donald Trump and Chinese president Xi Jinping last weekend.

Deja vu

This is the second time this month that the Trump Administration has blustered about how it will continue to add pressure to China while at the same time granting “exemptions” to those same measures.

Last week, the US announced it would tack another levy on $300bn of Chinese imports starting September 1 – the fourth such increase in tariffs since the trade war was started by President Trump – but immediately excluded “cell phones, laptop computers, video game consoles, certain toys, computer monitors, and certain items of footwear and clothing” until mid-December to prevent American consumers from being hit with higher prices in the lead-up to the holiday season.

On Monday, the fact that Commerce was again delaying a ban on Huawei buying US goods was tucked behind a claim that it was adding “dozens of new Huawei affiliates to the Entity List.”

The decision is just the latest in a long series of short-term maneuvers by the US in an effort to force China to agree to new trade terms. But as time goes on and a trade deal remains out of reach, the combination of bluffs and ever increasing tariffs is causing growing economic problems and reducing room for negotiation.

Efforts to paint Huawei as an extension of the Chinese government and a potential spy threat have also become increasingly desperate and transparent, with the Wall Street Journal last week claiming to have seen internal police documents from Uganda that showed Huawei engineers allegedly helping the African nation’s authorities spy on an opposition politician.

Huawei has attacked that report, sending a letter on Friday to the WSJ calling its article “neither a fair nor a responsible representation of Huawei’s legitimate business activities in these countries.”

False

It claims, without going into details, that it has provided the WSJ with “specific information that a number of the statements in the article about Huawei’s alleged involvement with government cybersecurity forces were demonstrably false.”

Liang_Hua

US sanctions fail to get in Huawei as embattled Chinese vendor reports 23% revenue growth

READ MORE

It also pointed to possible legal action against the WSJ when it argued that “at a minimum, the Journal published these false statements in reckless disregard of their veracity.” It called parts of the story “false and defamatory”, said that the allegation in the report “damage Huawei’s reputation and business interests across the globe” and promised that it would “defend its conduct and reputation.” All of which is lawyer speak for “we believe we have grounds to sue.”

Meanwhile, Huawei is engaging in its own bluster, saying that the decision to extend the lack of ban for 90 days “won’t have a substantial impact on Huawei’s business either way.” Last month, Huawei chairman Liang Hua likened the company to a “plane riddled with bullet holes” that keeps on flying.

If Chinese and American trade negotiators don’t reach a deal by mid-November, the Commerce Department will have to consider whether to grant a third extension to its ban, and just weeks later decide whether to extend its exemption to consumer goods tariffs. ®

Sponsored: Reboot your Future – Practical Steps to the Cloud

A Californian-based start-up has unveiled what it says is the world’s largest computer chip.

The Wafer Scale Engine, designed by Cerebras Systems, is slightly bigger than a standard iPad.

The firm says a single chip can drive complex artificial intelligence (AI) systems in everything from driverless cars to surveillance software.

However, one expert suggested that the innovation would prove impractical to install in many data centres.

Why is the development important?

Computer chips have generally become smaller and faster over the years.

Dozens are typically manufactured on a single silicon “wafer”, which is then cut apart to separate them from each other.

The most powerful desktop CPUs (central processing units) have about 30 processor cores – each able to handle their own set of calculations simultaneously.

GPUs (graphics processing units) tend to have more cores, albeit less powerful ones.

This has traditionally made them the preferred option for artificial intelligence processes that cans be broken down into several parts and run simultaneously, where the outcome of any one calculation does not determine the input of another.

Examples include speech recognition, image processing and pattern matching. The most powerful GPUs have as many as 5,000 cores.

But Cerebras’ new chip has 400,000 cores, all linked to each other by high-bandwidth connections.

The firm suggests this gives it an advantage at handling complex machine learning challenges with less lag and lower power requirements than combinations of the other options.

Cerebras claims the Wafer Scale Engine will reduce the time it takes to process some complex data from months to minutes.

Its founder and chief executive Andrew Feldman said the company had “overcome decades-old technical challenges” that had limited chip size.

“Reducing training time removes a major bottleneck to industry-wide progress,” he said.

Cerebras has started shipping the hardware to a small number of customers.

It has not yet revealed how much the chips cost.

What are the disadvantages?

While the chips process information much faster, Dr Ian Cutress, senior editor at the news site AnandTech, said the advances in technology would come at a cost.

“One of the advantages of smaller computer chips is they use a lot less power and are easier to keep cool,” he explained.

“When you start to deal with bigger chips like this, companies need specialist infrastructure to support them, which will limit who can use it practically.

“That’s why it’s suited for artificial intelligence development as that’s where the big dollars are going at the moment.”

Is this the first AI-chip?

Cerebras is far from the first company to develop chips to power AI systems.

In 2016, Google developed TPU (tensor processing unit) chips to power software including its language translation app, and now sells the technology to third parties.

The following year, China’s Huawei announced that its smartphone Kirin chips had gained an NPU (neural processing unit) to help speed up the calculation of matrix multiplications – a type of mathematics commonly involved in AI tasks.

But not all such efforts have been successful.

In the early 1980s, the US company Trilogy received hundreds of millions of dollars in funding to create its own super-chip.

However, the processors got too hot in testing and were less powerful than initially thought.

Plagued by technical and personal challenges, the company gave up on the project five years later.

Write once, optimise everywhere amirite?

Microsoft has snapped up London-based jClarity in an effort to bump up the performance of Java workloads on Azure.

We’re pretty sure that somewhere, former Microsoft CEO Steve Ballmer’s brain just exploded, or he has a heck of a headache. For everyone else, it is further evidence of continued changes at the Beast of Redmond.

jClarity – founded by Martijn Verburg, Kirk Pepperdine and Ben Evans – has a product line aimed at identifying performance problems in cloud and on-premises Java applications. The company makes use of machine learning to hunt down memory leaks in its Censum tool and performance problems in its Illuminate diagnostic engine.

The gang also provides commercial support for AdoptOpenJDK binaries, a drop-in replacement for Oracle’s suddenly expensive Java/JDK.

Microsoft had already kicked a bit of sand Big Red’s way by bundling open-source Java outfit Azul Systems’ Zulu Embedded with SQL Server 2019 and shovelling Zulu for Azure onto its cloud.

The jClarity acquisition is further evidence of Microsoft’s acceptance of Java and open source as essential in the modern development world. After all, with workloads such as Minecraft running in its cloud as well as those of other customers such as Adobe and Daimler all needing Java, optimisation is essential.

And, of course, let’s not forget that more than half of Azure’s compute workload is now Linux-based.

Former jClarity CEO Verburg (now Principal Engineering Group Manager for Java at Microsoft) was understandably terribly excited about the turn of events.

He asked for patience from the community on which his company has depended in the past, proffering some reassurance: “Don’t worry – we are not going away whatsoever!”

While Microsoft remained tight-lipped on what it had paid for jClarity, it did highlight its sponsorship of the AdoptOpenJDK project since June 2018, aimed at building binaries of OpenJDK on different platforms including Linux and Windows. ®

Sponsored: Map, migrate, manage: how to navigate Office 365 adoption

Hop from 4.12 to 4.14 fixes ‘a boatload of bugs’. Hooray!

In contrast to the frenetic pace of updates now typical in the software industry, the team behind Xfce, a lightweight desktop for Linux, have released version 4.14 nearly four-and-a-half years since the last stable release, 4.12.

Xfce aims to be fast, consume minimal resources and embody the UNIX philosophy of modularity. Its features include a window manager, a desktop manager, a file manager and an application finder.

The product is not exclusively for Linux, but works on other UNIX-like operating systems including FreeBSD. Its origins go back to 1996, when it was created by Olivier Fourdan. The name initially stood for XForms Common Environment but is no longer relevant since in 2003 the project was converted to the GNOME Toolkit (Gtk).

Don’t expect a ton of new features in version 4.14, but the announcement does refer to fixing “a boatload of bugs”. The main goal was to port core components to Gtk 3 and from D-Bus Glib to GDBus, these last being client libraries for the Desktop Bus communication mechanism. Xfce’s slow pace of development is entirely in keeping with its minimalist approach.

There are some features that users will notice, including an improved display dialogue with support for saving and restoring multi-screen configurations, an updated file manager, better support for keyboard (as opposed to mouse) users, a screensaver, and official adoption of a file search tool called Catfish. The complete list of changes and bug fixes is here.

Although 4.14 has been released, it will not immediately appear for users of systems like Xubuntu (a version of Ubuntu that uses Xfce) as it takes some time for distro-specific packages to be updated. That said, we installed 4.14 on Xubuntu by opting into the Staging PPA (Personal Package Archive), and wrote this piece on LibreOffice, which is part of the Xubuntu default installation.

Why would you use Xfce? The main reason would be either because it runs better on old or low-end hardware than systems like GNOME Desktop (used by the main Ubuntu distribution) and KDE, or because you prefer its performance and minimalist approach.®

Sponsored: Map, migrate, manage: how to navigate Office 365 adoption