Right-to-repair advocates are applauding the passage of New York's Digital Fair Repair Act, which state assembly members approved Friday in a 145–1 vote.
The law bill, previously green-lit by the state senate in a 49-14 vote, now awaits the expected signature of New York Governor Kathy Hochul (D).
Assuming the New York bill becomes law as anticipated, it will be the first US state legislation to address the repairability of electronic devices. A week ago, a similar right-to-repair bill died in California due to industry lobbying.
The pending New York rules require original equipment manufacturers (OEMs) "to make available, for purposes of diagnosis, maintenance, or repair, to any independent repair provider, or to the owner of digital electronic equipment manufactured by or on behalf of, or sold by, the OEM, on fair and reasonable terms, documentation, parts, and tools, inclusive of any updates to information."
That is, digital product manufacturers will have to provide independent repair services and consumers with the documentation and parts to fix their products, which benefits the environment by creating less waste and prevents equipment makers from capturing all repair revenue through authorized repair programs. It also reinforces the rights of ownership by enabling those who possess electronic devices to do with them as they see fit, without needing to deal with the product maker or approved agents.
In a missive on Friday, Kyle Wiens, CEO of repair advocacy site iFixit, said the passage of the bill represents a huge win for independent repair shops, which otherwise risk being unable to compete if denied access to parts and documentation on reasonable terms.
"For the rest of us, the passage of this bill means that repairs should become less expensive and more comprehensive: People who want to fix their own stuff can," said Wiens. "And your repair experience should improve even if you’re intimidated by the thought of cracking open your laptop or phone."
The repair experience for those participating in Apple's recently launched self-repair program is not particularly good, according to early adopters, who say the difficulty of doing so allows companies that oppose repairability to appease regulators while dampening consumer enthusiasm for taking things into their own hands.
The Register asked Apple for comment and you know how that goes.
New York's Digital Fair Repair Act does not cover every electronic device. It excludes: motor vehicles and motor vehicle equipment (addressed via a national agreement between automakers and repair shops); medical devices; home appliances; public safety equipment; and off-road equipment (e.g. farm machinery).
“Legislators in dozens of states have introduced Right to Repair bills, but New York is the first state to pass a law that covers popular consumer devices such as cell phones," said Nathan Proctor, US Public Interest Research Groups' senior right-to-repair campaign director, in a statement.
"We’ve been close in several other states, only to have manufacturer opposition stall our progress. And we aren’t done yet. We know that farmers also need to fix their tractors, and people need to fix home appliances. We know we can overcome the opposition and win results for people who just want to fix their stuff."
On Thursday, Colorado Governor Jared Polis signed HB22-1031, which gives people in the state the right to repair electric wheelchairs. ®
Japan's parliament has passed legislation allowing Yen-linked stablecoin cryptocurrencies, thus becoming one of the first countries – and by far the largest economy – to regulate a form of non-fiat digital money.
The regulations stipulate that only banks and other registered financial institutions – like money transfer agents and trust companies – can issue the alterna-cash. Intermediaries, or those who are responsible for the circulation of the currencies, will be required to adopt stricter anti-money-laundering measures. The rules also define stablecoins as digital money and guarantee face value redemption.
Japan's Financial Services Agency (FSA) floated this regime in a March 2021 proposal. Parliamentary assent for the proposal means it will come into effect in 2023. The regulations will apply to domestic financial institutions as well as foreign operations that target Japanese users. The research material supporting the decision relied heavily on trends in the US and Europe.
Microsoft has updated its roadmap for Exchange Server and revealed that the next version will arrive in 2025 – four years later than planned.
A post opens with a reminder of Microsoft's previous promise to deliver a new subscription-only version of Exchange in late 2021, then details the many security improvements made to the messaging server during the same year – including plenty in response to the four zero-day vulns that attackers used to plunder data from US-based defense contractors, law firms, and infectious disease researchers.
Microsoft's post doesn't admit that those efforts were the reason it didn't deliver the planned late 2021 update, instead stating the product's developers "continue to focus on security" but are "now also ready to share our long-term roadmap for Exchange Server."
Linus Torvalds has announced the first release candidate for version 5.19 of the Linux kernel, and declared it represents a milestone in multiplatform development for the project.
After first commenting that the development process for this version has been made difficult by many late pull requests, then applauding the fact that most were properly signed, Torvalds opined that Linux 5.19 "is going to be on the bigger side, but certainly not breaking any records, and nothing looks particularly odd or crazy."
Around 60 percent of the release is drivers, and there's another big load of code that gets AMD GPUs playing nicely with the kernel.
In brief Last month the notorious Russian ransomware gang Conti threatened to overthrow Costa Rica's government if a ransom wasn't paid. This month, another band of extortionists has attacked the nation.
Fresh off an intrusion by Conti last month, Costa Rica has been attacked by the Hive ransomware gang. According to the AP, Hive hit Costa Rica's Social Security system, and also struck the island's public health agency, which had to shut down its computers on Tuesday to prevent the spread of a malware outbreak.
The Costa Rican government said at least 30 of the agency's servers were infected, and its attempt at shutting down systems to limit damage appears to have been unsuccessful. Hive is now asking for $5 million in Bitcoin to unlock infected systems.
Arkady Volozh, CEO of Russia's biggest internet company Yandex, has resigned after being added to the European Union's list of individuals sanctioned as part of its response to the illegal invasion of Ukraine.
Yandex is an analogue of Google, having started as a search engine and then added numerous productivity, cloud, and social services. The company has since expanded into ride-sharing and e-commerce.
The European Union (EU) last Friday named Volozh and many others as part of its sixth round of sanctions against Russia.
Interview After two years of claiming that its Arm-powered server processors provide better performance and efficiency for cloud applications than Intel or AMD's, Ampere Computing said real deployments by cloud providers and businesses are proving its chips are the real deal.
The Silicon Valley startup held its Annual Strategy and Product Roadmap Update last week to ostensibly give a product roadmap update. But the only update was the news that Ampere's 5nm processor due later this year is called Ampere One, it's sampling that with customers, and it will support PCIe Gen 5 connectivity and DDR5 memory.
Almost all cybersecurity professionals are stressed, and nearly half (46 percent) have considered leaving the industry altogether, according to a DeepInstinct survey.
For its annual Voice of SecOps Report, the endpoint security biz commissioned a poll of 1,000 senior-level security professionals in the US, UK, Germany and France.
It found that although 91 percent of those surveyed experience at least a low-degree of work-related stress, and almost half (46 percent) of those professionals claimed their stress levels had risen over the past 12 months, their root causes differed based on their jobs. While six percent of all professionals claim to be "highly stressed" due to their work, among CISOs, ITOs, CTOs and global IT strategy directors, the number climbs to 33 percent.
The Russian-based Evil Corp is jumping from one malware strain to another in hopes of evading sanctions placed on it by the US government in 2019.
You might be wondering why cyberextortionists in the Land of Putin give a bit flip about US sanctions: as we understand it, the sanctions mean anyone doing business with or handling transactions for gang will face the wrath of Uncle Sam. Evil Corp is therefore radioactive, few will want to interact with it, and the group has to shift its appearance and operations to keep its income flowing.
As such, Evil Corp – which made its bones targeting the financial sector with the Dridex malware it developed – is now using off-the-shelf ransomware, most recently the LockBit ransomware-as-a-service, to cover its tracks and make it easier to get the ransoms they demand from victims paid, according to a report this week out of Mandiant.
Australia's federal police and Monash University are asking netizens to send in snaps of their younger selves to train a machine-learning algorithm to spot child abuse in photographs.
Researchers are looking to collect images of people aged 17 and under in safe scenarios; they don't want any nudity, even if it's a relatively innocuous picture like a child taking a bath. The crowdsourcing campaign, dubbed My Pictures Matter, is open to those aged 18 and above, who can consent to having their photographs be used for research purposes.
All the images will be amassed into a dataset in an attempt to train an AI model to tell the difference between a minor in a normal environment and an exploitative, unsafe situation. The software could, in theory, help law enforcement better automatically and rapidly pinpoint child sex abuse material (aka CSAM) in among thousands upon thousands of photographs under investigation, avoiding having human analysts inspect every single snap.
Rick Smith, founder and CEO of body camera and Taser maker Axon, believes he has a way to reduce the risk of school children being shot by people with guns.
No, it doesn't involve reducing access to guns, which Smith dismisses as politically unworkable in the US. Nor does it involve relocating to any of the many countries where school shootings seldom, if ever, occur and – coincidentally – where there are laws that limit access to guns.
Here's a hint – his answer involves Axon.
A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people's communications and deny services.
The vulnerability in the baseband – or radio modem – of UNISOC's chipset was found by folks at Check Point Research who were looking for ways the silicon could be used to remotely attack devices. It turns out the flaw doesn't just apply to lower-end smartphones but some smart TVs, too.
Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment's cellular connectivity, at least, presumably until it's rebooted. This would be achieved by broadcasting non-access stratum (NAS) messages over the air that when picked up and processed by UNISOC's firmware would end in a heap memory overwrite.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022