Enlarge / This otherworldly photo was taken of the debut launch of the Terran 1 rocket on March 23, 2023. (credit: Relativity Space/John Kraus)

As always, we welcome reader submissions, and if you don’t want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets and a quick look ahead at the next three launches on the calendar.

Enlarge

The support team for 3CX, the VoIP/PBX software provider with more than 600,000 customers and 12 million daily users, was aware its desktop app was being flagged as malware, but decided to take no action for a week when it learned it was on the receiving end of a massive supply chain attack, a thread on the company’s community forum shows.

“Is anyone else seeing this issue with other A/V vendors?” one company customer asked on March 22, in a post titled “Threat alerts from SentinelOne for desktop update initiated from desktop client.” The customer was referring to an endpoint malware detection product from security firm SentinelOne. Included in the post were some of SentinelOne’s suspicions: the detection of shellcode, code injection to other process memory space, and other trademarks of software exploitation.

Is anyone else seeing this issue with other A/V vendors?

Post Exploitation
Penetration framework or shellcode was detected
Evasion
Indirect command was executed
Code injection to other process memory space during the target process’ initialization
DeviceHarddiskVolume4Users**USERNAME**AppDataLocalProgramsCXDesktopAppCXDesktopApp.exe
SHA1 e272715737b51c01dc2bed0f0aee2bf6feef25f1

I’m also getting the same trigger when attempting to redownload the app from the web client ( 3CXDesktopApp-18.12.416.msi ).

Defaulting to trust

Other users quickly jumped in to report receiving the same warnings from their SentinelOne software. They all reported receiving the warning while running 18.0 Update 7 (Build 312) of the 3CXDesktopApp for Windows. Users soon decided the detection was a false positive triggered by a glitch in the SentinelOne product. They created an exception to allow the suspicious app to run without interference. On Friday, a day later, and again on the following Monday and Tuesday, more users reported receiving the SentinelOne warning.

Enlarge / The crew of the Enterprise in Star Trek II: The Wrath of Khan, a film with many references to Starfleet Academy. (credit: Paramount)

There’s officially another Star Trek series on the way, and this time it’s one we’ve been hearing rumors about since 2018: Starfleet Academy.

Announced today in a press release and reported by Deadline, the CBS Studios-produced series will follow a group of teenage Starfleet Academy students as they come of age while enduring rigorous training for future interstellar missions.

The central characters will reportedly have to navigate friendships, rivalries, and romances as they face a new enemy that threatens the Federation.

Enlarge / Stills from an AI-generated video of Will Smith eating spaghetti that has been heating up the Internet. (credit: chaindrop / Reddit)

Amid this past week’s controversies in AI over regulation, fears of world-ending doom, and job disruption, the clouds have briefly parted. For a brief and shining moment, we can enjoy an absolutely ridiculous AI-generated video of Will Smith eating spaghetti that is now lighting up our lives with its terrible glory.

On Monday, a Reddit user named “chaindrop” shared the AI-generated video on the r/StableDiffusion subreddit. It quickly spread to other forms of social media and inspired mixed ruminations in the press. For example, Vice said the video will “haunt you for the rest of your life,” while the AV Club called it the “natural end point for AI development.”

We’re somewhere in between. The 20-second silent video consists of 10 independently generated two-second segments stitched together. Each one shows different angles of a simulated Will Smith (at one point, even two Will Smiths) ravenously gobbling up spaghetti. It’s entirely computer-generated, thanks to AI.

Enlarge / The lettering “Hey Google” on the Google pavilion at the CES consumer electronics show in Las Vegas in 2018. These words activate Google Assistant, Google’s virtual personal assistant. (credit: Andrej Sokolow/picture alliance)

Is the Google Assistant doomed? The evidence is starting to pile up that the division is going down the tubes. The latest is news from CNBC’s Jennifer Elias that says the Google Assistant division has been “reshuffled” to “heavily prioritize” Bard over the Google Assistant. It all sounds like the team is being reassigned.

We’ll get into the report details in a minute, but first a quick recap of the past two years of what the Assistant has gone through under Google:

• The Google Assistant saw eight major speaker/smart display hardware releases in five years from 2016-2021, but the hardware releases seem to have stopped. The last Assistant hardware release was in March 2021. That was two full years ago.
• 2022 saw Google remove Assistant support from two in-house product lines: Nest Wi-Fi and Fitbit wearables.
• 2022 also saw a report from The Information that said Google wanted to “invest less in developing its Google Assistant voice-assisted search for cars and for devices not made by Google.”
• The Google Assistant’s driving mode was shut down in 2022.
• The Google Assistant’s “Duplex on the web” feature was also shut down in 2022.
• One of the Google Assistant’s core unique features, Reminders, is being shut down in favor of Google Task Reminders soon.
• The Google Assistant has never made money. The hardware is sold at cost, it doesn’t have ads, and nobody pays a monthly fee to use the Assistant. There’s also the significant server cost to process all those voice commands, though some newer devices have moved to on-device processing in a stealthy cost-cutting move. The Assistant’s biggest competitor, Amazon Alexa, is in the same boat and loses $10 billion a year.

Each one of those developments could maybe be dismissed individually, but together they start to paint the familiar picture of a looming Google shutdown.

Enlarge (credit: Getty Images | VCG)

OpenAI “has released a product GPT-4 for the consumer market that is biased, deceptive, and a risk to privacy and public safety. The outputs cannot be proven or replicated. No independent assessment was undertaken prior to deployment,” said a complaint to the FTC submitted today by the Center for Artificial Intelligence and Digital Policy (CAIDP).

Calling for “independent oversight and evaluation of commercial AI products offered in the United States,” CAIDP asked the FTC to “open an investigation into OpenAI, enjoin further commercial releases of GPT-4, and ensure the establishment of necessary guardrails to protect consumers, businesses, and the commercial marketplace.”

Enlarge / An electron micrograph of a number of Marburg virions responsible for causing Marburg virus disease. (credit: Getty | BSIP)

Equatorial Guinea’s first-ever outbreak of Marburg virus—a relative of Ebola virus that causes similarly deadly hemorrhagic fever—is continuing to grow, spreading over a wide geographic area with potentially undetected chains of transmission, officials for the World Health Organization said.

As of Wednesday morning, officials in Equatorial Guinea had reported nine confirmed cases, with seven confirmed deaths across three provinces since early February.

“However, these three provinces are 150 kilometers apart, suggesting wider transmission of the virus,” WHO’s Director General Tedros Adhanom Ghebreyesus said in a press conference Wednesday.

Enlarge (credit: NurPhoto / Contributor | NurPhoto)

Meta announced that starting next Wednesday, some Facebook and Instagram users in the European Union will for the first time be able to opt out of sharing first-party data used to serve highly personalized ads, The Wall Street Journal reported. The move marks a big change from Meta’s current business model, where every video and piece of content clicked on its platforms provides a data point for its online advertisers.

People “familiar with the matter” told the Journal that Facebook and Instagram users will soon be able to access a form that can be submitted to Meta to object to sweeping data collection. If those requests are approved, those users will only allow Meta to target ads based on broader categories of data collection, like age range or general location.

This is different from efforts by other major tech companies like Apple and Google, which prompt users to opt in or out of highly personalized ads with the click of a button. Instead, Meta will review objection forms to evaluate reasons provided by individual users to end such data collection before it will approve any opt-outs. It’s unclear what cause Meta may have to deny requests.

Enlarge (credit: Getty Images)

The attack compromised the software build system used to create and distribute Windows and macOS versions of the app, which provides both VoIP and PBX services to “600,000+ customers,” including American Express, Mercedes-Benz, and Price Waterhouse Cooper. Control of the software build system gave the attackers the ability to hide malware inside 3CX apps that were digitally signed using the company’s official signing key. The macOS version, according to macOS security expert Patrick Wardle, was also notarized by Apple, indicating that the company analyzed the app and detected no malicious functionality.

In the making since 2022

“This is a classic supply chain attack, designed to exploit trust relationships between an organization and external parties,” Lotem Finkelstein, Director of Threat Intelligence & Research at Check Point Software, said in an email. “This includes partnerships with vendors or the use of a third-party software which most businesses are reliant on in some way. This incident is a reminder of just how critical it is that we do our due diligence in terms of scrutinizing who we conduct business with.”

Enlarge / You’ve got the brains, I’ve got the looks… let’s make lots of money. (credit: Apple TV+)

All this is immediately apparent if you’ve read books like The Tetris Effect or Tetris: The Games People Play, which lay out the actual history of the game’s long journey outside Russia with much more care and detail. Alternatively, you could hunt down a 2004 BBC documentary that also provides a more direct account of the real drama surrounding Tetris‘ complicated Soviet-era licensing drama.

Enlarge / US Senator Joe Manchin (D-W.V.) is a millionaire thanks to coal, gas, and oil interests. He was responsible for rewriting the US electric vehicle incentives. (credit: Aaron M. Sprecher/Bloomberg via Getty Images)

US Senator Joe Manchin was instrumental in rewriting the nation’s electric vehicle incentives, but now the West Virginia Democrat says he wants to sue the federal government “if I’m allowed to” in order to stop too many EVs from reaching US customers with battery packs that contain materials and components refined, processed, or manufactured abroad. The politician made the remarks during a panel on Wednesday, according to S&P Global.

Originally, the IRS tax credits offered to car buyers to incentivize them to purchase a plug-in electric vehicle were linked to the size of the car’s battery. But as part of the Inflation Reduction Act of 2022, the rules were changed. Now, the $7,500 tax credit is only applicable to “clean vehicles”—either battery EVs or hydrogen fuel cell EVs, not plug-in hybrids.

Where do your minerals come from?

There are several more requirements, including final assembly in North America, but for most new EVs, the stumbling block is a requirement that battery components be domestically sourced.

Enlarge / Locked out. (credit: Sean Gladwell / Getty Images)

The campaign, which also targets officials of European nations, uses malicious JavaScript that’s customized for individual webmail portals belonging to various NATO-aligned organizations, a report Proofpoint published Thursday said. The threat actor—which Proofpoint has tracked since 2021 under the name TA473—employs sustained reconnaissance and painstaking research to ensure the scripts steal targets’ usernames, passwords, and other sensitive login credentials as intended on each publicly exposed webmail portal being targeted.

Tenacious targeting

“This actor has been tenacious in its targeting of American and European officials as well as military and diplomatic personnel in Europe,” Proofpoint threat researcher Michael Raggi wrote in an email. “Since late 2022, TA473 has invested an ample amount of time studying the webmail portals of European government entities and scanning publicly facing infrastructure for vulnerabilities all in an effort to ultimately gain access to emails of those closely involved in government affairs and the Russia-Ukraine war.”

Enlarge / Slam that bash pad!

A blurry picture of the SF1 Deluxe Arcade Cabinet. This is the stock photo from KLOV/VAPS and was one of the few images of the pneumatic machine available during my initial research. (credit: KLOV)

Rumor had it that there was this fighting video game, like Karate Champ, except the harder you hit the buttons, the stronger your attacks were. It was also said that if you hit a button hard enough, you could knock out your opponent with one hit! Certain people were supposedly seen climbing on and jumping up and down on the buttons of the machine in the hope of making a killing strike.

As a child of the ’80s who loved video games, this game intrigued me.

I soon discovered that the game was called Street Fighter (SF1), and it was made by a company called Capcom. In my local arcade, it consisted of a large, curvy cabinet with two sets of controls to accommodate two players at once. Each player had a start button, an eight-way joystick, and two large pressure-sensitive rubber buttons. This cabinet is now often called the “deluxe” or “crescent” cab, and the pressure-sensitive buttons are often called “bash pads” or “pneumatic buttons.” It looked totally rad.

Enlarge / The Cayenne gets a facelift for model-year 2024, and that includes a lot of Taycan-like touches. But we’re most excited by the fact that Porsche is pulling back from touchscreen overload. (credit: Porsche)

Something many of us can agree on is that there are too many touchscreens in modern cars. They’re distracting to use, particularly when it’s for often-used things like the car’s climate controls. Consider this a feel-good story then, because Porsche has shown us the interior of its next Cayenne SUV, and it seems that in Stuttgart, buttons are back on the menu. Some, at least.

An almost entirely touchscreen user interface was probably Porsche’s only misstep with the otherwise-excellent Taycan. Indeed, when Audi used that car’s platform to make its own electric express, the e-tron GT, it was notable that the climate control touchscreen was gone, replaced with actual buttons to make it hotter or cooler, more or less windy. There’s no need to use a touchscreen to aim the air vents in an e-tron GT, either, unlike in a Taycan.

It is therefore encouraging to see that Porsche’s design team is listening to feedback, because in many other ways the refreshed interior of the Cayenne incorporates a lot of Taycan-like touches.

Android manufacturers occasionally try to push this idea of a “gaming smartphone”—usually, these companies try to extend the “PC gamer” design motif to smartphones, with RGB LEDs and aggressive marketing. Since Android games are mostly casual pay-to-win tap fests, though, we often have to ask, does anyone want a gaming smartphone? If you’re Lenovo, the answer is apparently “no,” as Android Authority reports Lenovo is killing the “Legion” gaming phone business.

The site quoted a Lenovo spokesperson:

Lenovo is discontinuing its Android-based Legion mobile gaming phones as part of a wider business transformation and gaming portfolio consolidation. As a leader in gaming devices and solutions, Lenovo is committed to advancing the gaming category across form factors, as well as focusing on where it can bring the most value to the global gaming community.

While gaming phones often seem like a product without a market, we are a bit sad to see Lenovo pack it in since the Lenovo Legion Phone Duel 2 was the most extreme version of the idea. That phone had what must have been the most powerful cooling system ever fitted to an Android phone, with two internal cooling fans, copper heat pipes, and loads of graphite pads. While most passively cooled Android phones would quickly throttle in a graphics-intensive game, this was one of the rare phones with what looked like sustainable cooling. Of course, it didn’t fit into a normal smartphone body—the phone’s center (in landscape) was about twice as thick as normal, but it was a neat product.

Enlarge / A woman uses AutoCAD on a MacBook Pro in this promotional image from Autodesk. (credit: Autodesk)

The availability of AutoCAD for Mac 2024 was announced in a blog post on Autodesk’s website on March 28. Like other major AutoCAD updates, it adds new features like expanded automation tools and easier workflows, but the announcement that “for the first time, AutoCAD for Mac 2024 and AutoCAD LT for Mac 2024 now run natively on both Intel and Apple Silicon architectures, including M1 and M2 chips in the M-series chips” is clearly the headlining feature.

Autodesk claims that Apple Silicon support “can increase overall performance by up to two times” compared to the 2023 version of AutoCAD.