Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge.

I can’t remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. (Okay, he created both—I helped.) It was before 1998, when we wrote about the problems with key escrow systems. I was one of the people he brought to the Newton Institute for the six-month cryptography residency program he ran (I mistakenly didn’t stay the whole time)—that was in 1996.

I know I was at the first Fast Software Encryption workshop in December 1993, another conference he created. There I presented the Blowfish encryption algorithm. Pulling an old first-edition of Applied Cryptography (the one with the blue cover) down from the shelf, I see his name in the acknowledgments. Which means that sometime in early 1993—probably at Eurocrypt in Lofthus, Norway—I, as an unpublished book author who had only written a couple of crypto articles for Dr. Dobb’s Journal, asked him to read and comment on my book manuscript. And he said yes. Which means I mailed him a paper copy. And he read it. And mailed his handwritten comments back to me. In an envelope with stamps. Because that’s how we did it back then.

I have known Ross for over thirty years, as both a colleague and a friend. He was enthusiastic, brilliant, opinionated, articulate, curmudgeonly, and kind. Pick up any of his academic papers—there are many—and odds are that you will find an unexpected insight. He was a cryptographer and security engineer, but also very much a generalist. He published on block cipher cryptanalysis in the 1990s, and the security of large-language models last year. He started conferences like nobody’s business. His masterwork book, Security Engineering—now in its third edition—is as comprehensive a tome on cybersecurity and related topics as you could imagine. (Also note his fifteen-lecture video series on that same page. If you have never heard Ross lecture, you’re in for a treat.) He was the first person to understand that security problems are often actually economic problems. He was the first person to make a lot of those sorts of connections. He fought against surveillance and backdoors, and for academic freedom. He didn’t suffer fools in either government or the corporate world.

He’s listed in the acknowledgments as a reader of every one of my books from Beyond Fear on. Recently, we’d see each other on only a couple of occasions every year: at this or that workshop or event. The last time I saw him was last June, at SHB 2023, in Pittsburgh. We were having dinner on Alessandro Acquisti‘s rooftop patio, celebrating another successful workshop. He was going to attend my Workshop on Reimagining Democracy, but he had to cancel at the last minute. (He sent me the talk he was going to give. I will see about posting it.) The day before he died, we were discussing how to accommodate everyone who registered for this year’s SHB workshop. I learned something from him every single time we talked. And I am not the only one.

My heart goes out to his wife Shreen and his family. We lost him much too soon.

from Schneier on Security https://ift.tt/R0YNnmo

The news that XZ Utils, a compression utility present in most Linux distributions, has been backdoored by a supposedly trusted maintainer has rattled the open-source software community on Friday, mere hours until the beginning of a long weekend for many.

Nearly two days have passed since then. What do we currently know about the entire affair?

The discovery

The backdoor was discovered by Andres Freund, a software engineer at Microsoft, when testing some things on Debian sid (i.e., development) installations and wanting to find out why the SSH logins were using a lot of CPU power and why errors were popping up.

The problem, he found, was in the liblzma data compression library, which is part of the XZ package, and he concluded that “the upstream xz repository and the xz tarballs have been backdoored.”

While noting that he’s not a security researcher nor a reverse engineer, he managed to glean quite a few things during his testing and, more importantly, he reported the issue to Debian and other Linux distros.

The public revelation, followed by Red Hat’s confirmation that some versions of Fedora Linux contain the backdoored versions of XZ libraries, were just the beginning of an avalanche of information and speculation getting published in the following days.

Which Linux distributions have been affected by the backdoored XZ packages?

Before we begin talking about the backdoor: Should you worry that your machine may be compromised?

Red Hat has confirmed that Fedora Rawhide (the current development version of Fedora Linux) and Fedora Linux 40 beta contained affected versions (5.6.0, 5.6.1) of the xz libraries, and that no versions of Red Hat Enterprise Linux (RHEL) are affected.

OpenSUSE maintainers say that openSUSE Tumbleweed and openSUSE MicroOS included an affected xz version between March 7th and March 28th, and have provided advice on what users of those should do. “It has been established that the malicious file introduced into Tumbleweed is not present in SUSE Linux Enterprise and/or Leap.”

Debian maintainers announced that “no Debian stable versions are known to be affected”, but that compromised packages were part of the Debian testing, unstable and experimental distributions, and users of those “are urged to update the xz-utils packages.”

Users of Kali Linux that have updated their installation between March 26th to March 29th are affected, OffSec confirmed.

Some Arch Linux virtual machine and container images and an installation medium contained the affected XZ versions.

Ubuntu says that no released versions of Ubuntu were affected by this issue.

Linux Mint is not affected. Gentoo Linux is not affected. Amazon Linux customers are not affected. Alpine Linux – not affected.

Users should follow the guidance provided by the maintainers of their Linux distribution, and there’s a script for checking whether your system uses a backdoored version of the liblzma library.

“Any system that had affected packages installed should be treated as a potential security incident and investigated to determine if the backdoor was used,” notes Bar Kaduri, Research Team Leader at Orca Security.

“At minimum, we recommend [that you] check for any sensitive information or sensitive keys on the machine, rotate any credentials found on the machine or related to the machine, [and] review all the assets that are within the blast radius of the affected machine.”

The XZ backdoor

XZ Utils is a command line tool for compressing/decompressing .xz files.

It has been established that XZ Utils versions 5.6.0 and 5.6.1 have been compromised. The backdoor is in the package’s liblzma library, which is used by sshd (i.e., SSH daemon app) that listens for SSH connections.

Security researchers, open-source maintainers and others have been analyzing the compromised versions and the backdoor, and have published their preliminary findings.

“The backdoor discovered in xz-utils is intricate and indirect, manifesting only under specific conditions. While the full extent of its capabilities is still being investigated, we known it can be triggered by remote unprivileged systems connecting to public SSH ports. This activation can lead to performance issues and potentially compromise system integrity,” security researcher Ofek Haviv pointed out.

Who did it?

XZ Utils was authored by and is still led by Lasse Collin, but the backdoor was introduced by someone that went by “Jia Tan” (JiaT75 on GitHub), who became – over several years, with the help of sock puppet accounts and trust-building via social engineering – a prolific maintainer of the software, and did other things to keep the existence of the backdoor under wraps.

We might never know who the threat actor behind this supply chain attack is, but it is generally agreed by the cybersecurity and OSS community that the protracted, concerted effort made by “Jia Tan” points to an advanced threat actor.

“The backdoor attempt was a very serious one, with a very high bar of knowledge, research, development and tradecraft to reach this far into the Linux ecosystem. Additionally, changes made by the threat actor on Github span multiple years, and include things like introducing functions incompatible with OSS Fuzzer due to outstanding small issues since 2015, then getting OSS Fuzzer to exclude XZ Utils from scanning last year,” researcher Kevin Beaumont noted.

“The backdoor itself is super well put together, and even includes the ability to remotely deactivate and remove the backdoor via a kill command. Several days in, despite global focus, I haven’t seen anybody who has finished reverse engineering it.”

Freund discovered the backdoor by accident and that was an extremely lucky break for the Linux and the wider open-source software community. First and foremost, the backdoor didn’t end up in stable versions of major Linux distributions. But also, this incident is proof that the debate on how to keep crucial open-source projects secure MUST soon result in at least a few practical solutions.

from Help Net Security https://ift.tt/yOzSbAo

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)
A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns.

Strengthening critical infrastructure cybersecurity is a balancing act
In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks.

Essential elements of a strong data protection strategy
In this Help Net Security interview, Matt Waxman, SVP and GM for data protection at Veritas Technologies, discusses the components of a robust data protection strategy, emphasizing the escalating threat of ransomware.

20 essential open-source cybersecurity tools that save you time
Here are 20 essential open-source cybersecurity tools that are freely available and waiting for you to include them in your arsenal.

Drozer: Open-source Android security assessment framework
Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier.

Cybersecurity jobs available right now: March 27, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

APT29 hit German political parties with bogus invites and malware
APT29 (aka Cozy Bear, aka Midnight Blizzard) has been spotted targeting German political parties for the first time, Mandiant researchers have shared.

Scammers steal millions from FTX, BlockFi claimants
Customers of bankrupt crypto platform BlockFi have been targeted with a very convincing phishing email impersonating the platform, asking them to connect their wallet to complete the withdrawal of remaining funds.

Apps secretly turning devices into proxy network nodes removed from Google Play
Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it.

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns
Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office for Information Security (BSI) has warned today.

Attackers leverage weaponized iMessages, new phishing-as-a-service platform
Scammers are leveraging the Darcula phishing-as-a-service platform, iMessages and Google Messages to great effect.

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)
Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells.

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that US federal civilian agencies implement the patch for it by April 16.

NHS Scotland confirms ransomware attackers leaked patients’ data
NHS Dumfries and Galloway (part of NHS Scotland) has confirmed that a “recognised ransomware group” was able to “access a significant amount of data including patient and staff-identifiable information,” and has published “clinical data relating to a small number of patients.”

Zero-day exploitation surged in 2023, Google finds
2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack.

Reinforcement learning is the path forward for AI integration into cybersecurity
AI’s algorithms and machine learning can cull through immense volumes of data efficiently and in a relatively short amount of time. This is instrumental to helping network defenders sift through a never-ending supply of alerts and identify those that pose a possible threat (instead of false positives).

How immersive AI transforms skill development
In this Help Net Security video, David Harris, Principal Generative AI Author at Pluralsight, discusses how a base-level understanding of key principles of AI and machine learning and developing soft skills like problem-solving should be prioritized throughout all levels of an organization.

8 cybersecurity predictions shaping the future of cyber defense
Among Gartner’s top predictions are the collapse of the cybersecurity skills gap and the reduction of employee-driven cybersecurity incidents through the adoption of generative AI (GenAI).

How security leaders can ease healthcare workers’ EHR-related burnout
Staff experiencing burnout in healthcare settings is not something that security leaders typically worry about – unless, maybe, it is the security team itself that is suffering from it.

How threat intelligence data maximizes business operations
In this Help Net Security video, Brandon Hoffman, Chief Strategy Officer at Intel 471, discusses how leaders can best leverage this information to grow their organization safely and efficiently.

Scams are becoming more convincing and costly
Scams directly targeting consumers continue to increase in both complexity and volume, according to Visa.

Debunking compliance myths in the digital era
Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 billion by 2030. It’s evident the industry is fueled by an increasing reliance on software and other digital services in the cloud.

Cybersecurity essentials during M&A surge
In this Help Net Security video, Craig Davies, CISO at Gathid, discusses why early due diligence is critical, how to plan for integration, and the most effective communication method to ensure success.

Scammers exploit tax season anxiety with AI tools
25% of Americans has lost money to online tax scams, according to McAfee.

How much does cloud-based identity expand your attack surface?
We all know using a cloud-based identity provider (IdP) expands your attack surface, but just how big does that attack surface get? And can we even know for sure?

How CISOs tackle business payment fraud
In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs.

New infosec products of the week: March 29, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Bedrock Security, CyberArk, GitGuardian, Legit Security, and Malwarebytes.

from Help Net Security https://ift.tt/qHo7VFW

A rainy day makes food delivery more tempting than usual. For me, if I’m ordering anything then it’s probably not pad see ew or a quinoa salad, it’s likely fast food—I have a weakness for fried chicken sandwiches. The trouble is, ordering fried food has a habit of turning the corner really quickly, especially on a rainy day. I’m talking about soggy food, folks, and it’s not pretty. Luckily, there’s help.

There’s a reason I rarely order fast-food delivery, and it’s not because I’m a food writer and recipe developer. That would be perfectly reasonable, but no. It’s the cost. In New York City at least (but everywhere, I’m sure), the price sneaks up on you at the end of your order. If I’ve committed to throwing down $40 on burgers and nuggets then I’d like to eat them at the peak, or damn close to it. 

How to revive your soggy fast food

Air frying can help bring your deeply humidified fast food back from the dead. Waiting 45 minutes just to find that the food is soggy is infuriating, and I know it’s hard to convince you to wait another five to 10, but it’s absolutely worth it. 

---

Air fryers to consider for your fried food revival needs:

• Breville Smart Oven Air Fryer Pro

• Ninja Foodi 6-in-1 DualZone FlexBasket

• Emeril Lagasse Dual Zone 360 Air Fryer Oven Combo

---

Fried sides are easy

French fries, chicken nuggets, chicken fries, onion rings, and sides like these are by far the easiest to resuscitate. I’m pretty sure the air fryer was created simply to reheat leftover fries, and as a happy accident it heats other stuff, too. Any item that was once deep fried has oil imbued into the outer layer. There’s no need to do anything to these special items. 

Spread the food out in the air fryer basket. Set the machine to 375°F on the “air fry” setting and let it rip for three to five minutes. They reheat with surprising speed, so be sure to check on them after about two minutes and give the basket a shake. They’ve already cooked once; you’re just removing the moisture that’s weighing down the crust.

Divide and conquer sandwiches

Sandwiches are tough. While reheating something like fast food fried chicken is a breeze, sandwiches are glorious compositions of multiple parts. Simply chucking the entire sando in an air fryer can be troublesome—some of those parts cook differently, or aren't meant to be cooked at all. 

Fried chicken sandwiches

The breading under the tomato is soft and peeling off. Not my favorite. Credit: Allie Chanthorn Reinmann

You can see in the picture that my fried chicken sandwich had mush-i-fied so completely that the breading was far from crispy—it was bloated and ripping off. I wanted to get the chicken hot and crisp up the outside while not cooking the mayo/lettuce/tomato mess, and gently warm the bun. I decided the best course of action was to perform minor surgery.

Different parts will reheat for different amounts of times, and some not at all. Credit: Allie Chanthorn Reinmann

Keeping the air fryer at 375°F on the “air fry” setting, I added the chicken patty (scraped free of the lettuce, tomato, and special sauce) and bun halves, cut side up, to the basket. The bun takes only a minute or two to lose the soggy feeling, so you’ll remove those relatively quickly.

Credit: Allie Chanthorn Reinmann

The chicken and buns, luckily, have the residual scrapings of mayonnaise. While this might seem like a problem, it’s actually helpful. Mayo is primarily composed of oil, which means it’ll conduct heat well onto the chicken’s crust and help re-crisp it. Same with the bun. Air fry the chicken for five to seven minutes in total, depending on how crispy you like it. 

That's much better. Credit: Allie Chanthorn Reinmann

Burgers and cheeseburgers

Burgers heat up much faster than chicken sandwiches (there’s no fried layer on the outside to crisp) but, alas, the cheeseburger presented me with a bit of a problem. The melted cheese congealed in the car ride over to me and because I got a double cheeseburger, both patties were completely, absolutely, and irrevocably attached to their buns. Honestly, I’ve never seen anything like it. One side even had pickles and ketchup involved and still the bond was secure. 

The meat and bun are inseparable. No need to work too hard, just throw it in the air fryer. Credit: Allie Chanthorn Reinmann

I was able to split the sandwich in half, the burgers parted from each other peacefully, but it was impossible to take off the bread without destroying it. In order to best protect the bread from drying out, I placed the open-faced burger pieces meat-side up and air fried them for two minutes. Since my basket-style air fryer only heats from the top (where the heating element and fan are located) the meat patty sizzled while the bun underneath received just enough ambient heat to dry off the sogginess.

Reassembly and toppings

No question about it. In 10 minutes the air fryer revived my meal. Credit: Allie Chanthorn Reinmann

Add a personal touch

Once your freshly revived morsels come out of the air fryer, you can simply plate the fried sides and reassemble your sandwiches. It might be my experimental food habits at play, but since you’re home, why not add some fresh toppings? I know, the point of ordering delivery is to do less work. You certainly don’t have to do this, but I like to zhuzh up my sandwiches if I have the resources.

I added a fresh sprinkle of salt to my fries (they must have run out of salt in the burger kingdom near me) and poured those into a bowl. I scraped the original pile of mayo/lettuce/tomato mess back onto the bun, but I also applied some newly torn iceberg and added a few slices of my favorite half-sour pickles from Grillo’s. Depending on what you ordered and what survived, you might benefit from adding a fresh dollop of ketchup or mayonnaise, new lettuce, a couple slices of American cheese, or freshly sliced onion. 

My air-fried delivery was crispy, hot, and maintained all of its original flavor. Admittedly, there was some collateral moisture loss from the travel and re-warming, but I wouldn’t say it suffered. It made for a toastier bun and crispier chicken nuggets, and I'd take that over wet bread any day. Use this quick air-frying technique for any floppy fried-food delivery. Even if it’s freshly delivered, sometimes fast food needs some help. Take the extra five to 10 minutes to rescue it, and you’ll be glad you did.

from LifeHacker https://ift.tt/sXbJ072

You can get this sonic toothbrush and water flosser with a compact, inductive charging base on sale for $64.99 right now (reg. $79.95). The base holds two spare brush and floss heads that are color coded for sharing. The toothbrush gives 31,000 pulses per minute and has a timer that pulses every 30 seconds, and the water flosser has 40-80psi.

You can get this sonic toothbrush and water flosser with a compact, inductive charging base on sale for $64.99 right now (reg. $79.95), though prices can change at any time.

from LifeHacker https://ift.tt/qwTuhHV

The Roborock S8 MaxV Ultra ($1799.99, available in April) is a mouthful of a name, but this iteration of the S8 line has earned every syllable. Roborock’s new flagship has kept everything that I loved about the S8 and added a voice assistant, improved the cleaning base, jacked up the suction, and given the brushes extending arms to reach out to edges of rooms.The result keeps the S8 line as my favorite robot vacuum cleaner, and the one to beat. 

Better disguised water tanks and an additional cleaning solution reservoir

This version of the S8 doesn’t appear fundamentally different from the S8 I reviewed previously. The tower is substantial, although less so than recent Eufy or Ecovacs vacuums. The important distinction here is that the S8 is now available with a conventional base, where you have clean and dirty water tanks, or the R&D (rinse and drain) version, which has a very small base, but is piped directly into your water line, so it can fill and drain on its own. For this review, we tested the conventional base.

Roborock offers the S8 in black or white, and it has the same matte and gloss molded plastic details on the base and the robot. The tanks are now a bit more hidden in the base, rather than being part of the architecture. From the front you just see a solid panel, but the tanks are still easily accessed from the top of the unit. In fact, the front of the unit is held on magnetically and pops off so you can access the vacuum bag behind it, as well as another new feature—a tank just for cleaning solution. I loved this feature; it meant I didn’t have to add it to the water each and every time I topped up. The robot itself looks like previous Roborock entries—the upgrades are only evident if you flip the robot over.

Easy setup and integration

I’ve never had trouble connecting getting Roborock models set up; they come basically assembled out of the box, and connecting the unit is as simple as pressing a few buttons. The machine will announce what step it’s completing in the setup, and the app will guide you as well. As with previous floorbots from this brand, I never had a problem with the machine going offline during the time I tested it. I easily paired the vacuum in Google Home, and Roborock works with Apple Homekit and Alexa as well. As with the Q Revo I reviewed earlier this week, the S8 MaxV Ultra ships with Rocky, a voice assistant, on board. As I noted before, the voice assistant is a fun addition that works, but has a very limited vocabulary and command list. If you learn the exact phrasing you need, you can ask the bot to clean a specific room, the whole house, or return to base by getting its attention using the call, “Hello, Rocky.” Supposedly, you can ask Rocky to get the robot to come to you and clean where you are, but all my tests of this have failed—the robot sailed past the spot I was standing in. I imagine there will be updates to Rocky in the future.

Exceptional vacuum power

The previous S8 model earned my respect for the way it was exceptional at both mopping and vacuuming. Usually floorbots excel in only one area, like the Switchbot K10+, an exceptional vacuum but poor mop. Like its predecessor, the S8 MaxV Ultra does a remarkable job as a vacuum on deep pile carpet—enough that you get the distinctive tracks in your carpet a good vacuum leaves behind. This was true of the S8 Pro Ultra, but the MaxV Ultra almost doubles the suction power, going from 6000Pa to 10000Pa, one of the highest in the industry, and you’ll notice a difference. I could occasionally hear something rattling around in the S8 as it vacuumed away, which isn’t a bad thing necessarily—it means the bot won’t shut down all the time, it can deal with something foreign and keep going. Occasionally I’d get called to clear the rollers, but that’s expected. It happened even less with this model than the previous S8.

On hard floors and rugs, the S8 MaxV Ultra continued to impress. The latest models have taken the brushes almost every floorbot has and given them extending arms (Roborock calls them “Flexi-arms”), so they can shoot out from under the robot, reaching into corners, under toe kicks, under nearby items. This is a huge leap forward, as it allows the robots to hug the wall, whereas previously the few inches along the wall were a blind spot. It was fascinating to watch the brushes kick out to capture debris.

Enhanced mopping performance

While the S8 is an exceptional vacuum, there are other good vacuum robots on the market—but Roborock has the best mopping robots on the market. My floor constantly has muddy paw prints and stains of unknown outdoor origin. My kitchen floor is often a battlefield of dried peanut butter or yogurt from dog toys. The S8, which has a mop pad that is constantly rinsed and then flushed with clean, hot water as the robot moves, tackled even the most stubborn stains on the floor. Sometimes it would require an extra pass, but the job gots done. That mop pad has been improved, too: It now is larger and also extends a bit to get edge-to-edge. The Q Revo MaxV has spinning brushes instead of the mop pad, and they can extend well away from the robot. I expected those to work better than the mop pad, but the S8 continues to surprise me. The mop pad vibrates to get rid of dirt and stains. Like the Q Revo, you’ll need to occasionally step in with a manual assist, but it’ll be less often with the S8. 

How to choose Roborock models

The Q Revo is a highly competent and reliable floorbot and substantially less, at $1199. Still, I think the S8 distinguishes itself with extra conveniences and features. If you could directly connect it to your water line, the S8 would be a no brainer. Even without that feature, the additional suction power makes a difference, and though it might seem small, the cleaning solution tank is a really convenient addition that makes the mop work better. The Q Revo has spinning brushes versus a mopping pad, but both reach out to hug the wall. Only the S8 has high-speed sonic mopping, which helps to bust up stains and gunk on the floor. You’ll be happy with the Q Revo, but there’s a reason the S8 is the flagship for Roborock. 

Other robot vacuums to consider:

• Switchbot K10+ for a smaller vacuum that can get into tiny spaces: $499.99

• Roborock S8 Pro Ultra is my previous favorite mop/vac combo: $1,399.99

• Roomba Combo J9 is well-reviewed: $1,399.99

• Eufy X10 Combo is a good mid-range entry: $799.99

• Ecovacs Deebot X2 Omni has many of the same features as the Q Revo: $999.99

The app remains easy to use

Roborock’s app continues to be easy to use, and offers at least as much features as any other bot I’ve found, without being overwhelming. You can just let the robot clean the whole house each time, but it’s quite easy to edit maps and set up rooms and zones so you can clean select areas instead. Choose between four levels of intensity for mopping and vacuuming, although the only reason to use less than the max is noise—while not loud (67 decibels), you won’t want to conduct a Zoom with the S8 running at your feet. You can set schedules and get very satisfying reports on the ground covered. The S8 MaxV Ultra has the remote control feature I really like and has added on-board video to the floorbot. 

Bottom line: there's a reason this is the flagship model

I firmly believe that robots are one way we’ll equalize the burden of housework in the future, but that’s only true if the robots work really well autonomously. Over the last two years I’ve watched floorbots take gigantic leaps forward toward this goal, and while even the best of them needs intervention occasionally, Roborock bots need it less. The S8 MaxV Ultra is the most reliable vacuum/mop combo on the market right now, with exceptional performance in both areas, and the ability to continue working, even when there’s a small issue to be fixed later, like clearing the rollers. This cleaning ability has really become edge-to-edge, which gets you one step closer to never having to mop or vacuum again. The app and the integration with most voice assistants and multi system hubs means you can easily get the robot to do what you want, and the on-board voice assistant, Rocky, can only improve. $1,799 is a lot to drop on a vacuum, but the S8 is a vacuum and mop that is at your beck and call call, and reliably so. If you can afford it, it’s a fair price to pay for a competent household assistant. The S8 MaxV Ultra will be available in early April.

from LifeHacker https://ift.tt/5vKYhOi

Snowflake introduced Snowflake Data Clean Rooms to customers in AWS East, AWS West, and Azure West, revolutionizing how enterprises of all sizes can securely share data and collaborate in a privacy-preserving manner to achieve high value business outcomes in the Data Cloud.

The general availability follows Snowflake’s acquisition of data clean room technology provider Samooha, which was named one of the most innovative data science companies of 2024 by Fast Company. Samooha is now integrated into the Data Cloud and enhanced by the unified set of compliance, security, privacy, interoperability, and access capabilities of Snowflake Horizon.

Businesses across industries need solutions to navigate the complexities of sharing sensitive data with external partners and customers, while maintaining data privacy and security. Data clean rooms have emerged as the technology to meet this need, enabling interoperability where multiple parties can collaborate on and analyze sensitive data in a governed way, without exposing direct access to the underlying data.

Until now, data clean room technology was generally deployed by large organizations with access to technical data privacy experts.

Enterprises of any size can now quickly deploy a cross-cloud data clean room with Snowflake Data Clean Rooms, available as a Snowflake Native App. Organizations can unlock new business value from data across sources, all within the governance, security, and privacy parameters of Snowflake.

Snowflake Data Clean Rooms allow customers to:

• Unlock value with secure collaboration on sensitive data easily and with no additional cost: Teams can stand up new data clean rooms quickly, easily, and with no additional cost. Built for business and technical users alike, Snowflake Data Clean Rooms allow organizations to unlock value from data faster with industry-specific workflows and templates such as audience overlap, reach and frequency, last touch attribution, and more.
• Tap into the open and interoperable ecosystem of the Snowflake Data Cloud: Connect to Snowflake’s open, neutral, and interoperable data clean room ecosystem offering turn-key third-party integrations and solutions across enrichment, identity, activation, and public cloud providers. Customers can collaborate with business partners seamlessly, regardless of whether they are already on Snowflake.
• Take advantage of Snowflake’s built-in privacy and governance features: Built on the Snowflake Native App Framework (generally available on AWS and Azure, private preview on GCP), Snowflake Data Clean Rooms come to your data, removing the need for data to ever leave the governance, security, and privacy parameters of Snowflake, and helping customers maintain privacy while allowing for deeper analytical insight with business partners.

“Data Clean Rooms have become a staple across industries in the face of third-party cookie deprecation and Snowflake is uniquely positioned to help marketers across the ecosystem realize the benefits of secure, cloud-agnostic data collaboration,” said Kamakshi Sivaramakrishnan, Samooha Co-Founder and Snowflake Data Clean Rooms Director of Product Management. “Snowflake Data Clean Rooms allow customers to unlock high value business outcomes with their data, all while ensuring data stays private and secure.”

Data clean rooms have been initially adopted by media and entertainment companies as a way to provide personalized experiences and services for their customers especially given the evolving technology and regulatory privacy context. The technology continues to gain traction in other highly regulated industries like financial services and healthcare for secure collaboration on highly sensitive data.

Customers across industries are already using Snowflake’s platform for secure data collaboration and, with the introduction of Snowflake Data Clean Rooms, will now have access to additional privacy and governance capabilities.

from Help Net Security https://ift.tt/ulQkMnR