A code execution bug in Apple’s macOS allows remote attackers to run arbitrary commands on your device. And the worst part is, Apple hasn’t fully patched it yet, as tested by Ars.
Those shortcut files can take over your Mac
Independent security researcher Park Minchan has discovered a vulnerability in the macOS that lets threat actors execute commands on your computer. Shortcut files that have the inetloc extension are capable of embedding commands inside. The flaw impacts macOS Big Sur and prior versions.
“A vulnerability in the way macOS processes inetloc files causes it to run commands embedded inside, the commands it runs can be local to the macOS allowing the execution of arbitrary commands by the user without any warning / prompts,” explains Minchan. “Originally, inetloc files are shortcuts to an Internet location, such as an RSS feed or a telnet location; and contain the server address and possibly a username and password for SSH and telnet connections; can be created by typing a URL in a text editor and dragging the text to the Desktop.”
New funding: Seattle-based Omnidian announced a $33 million investment round today, bringing the climate tech company’s total funding to $53.4 million. The company operates software platforms that monitor the performance of solar power assets for more than 80 corporate customers, including developers, utilities, financial organizations and corporations. Omnidian also manages assets for thousands of homeowners.
Ready for renewables: The Biden administration set a goal of net zero carbon emissions from the power sector by 2035, requiring the country to bring massive amounts of solar, wind and other clean energy online in a short amount of time. Omnidian, which bills itself as the only nationwide company to provide reporting on solar power performance, currently manages 1,700 megawatts of power, roughly enough power for 1.3 million homes.
“Residential and commercial solar are moving into mainstream adoption and with that comes demand for a higher level of service and assurance that a customer’s system is operating as expected,” said Mark Liffmann, Omnidian’s founder and CEO, in a statement.
In addition to tracking solar power output, the company has launched a similar service for assessing energy storage, namely batteries, at residential and commercial levels. Its platform provides service alerts and field service to ensure reliable performance of the power sources.
The team: Omnidian launched in 2016 and has grown to more than 100 employees in 16 states. The new funding will allow for international expansion, possibly into Australia, Europe and Latin America.
Liffmann has worked for solar and clean energy companies for nearly two decades.
Investors: The Series B round was led by Activate Capital. Additional investors include Liberty Mutual Insurance and WIND Ventures, the strategic venture capital arm of Chilean multinational energy firm Copec, as well as existing investors City Light Capital, IA Capital, Evergy Ventures, Avista Development Inc., Congruent Ventures, Centrica, National Grid Partners, Energy Foundry and Blue Bear Capital.
The Bellevue, Wash.-based company is requiring vaccinations in its “badge-controlled” offices and customer service locations through at least March 1, 2022. The policy does not apply to T-Mobile retail locations, where T-Mobile encourages vaccination and requires employees and customers to wear masks if unvaccinated.
T-Mobile has delayed a required return to the office from Sept. 20 to Oct. 25. After that, employees will need special approval to continue working remotely.
“Because we took the step to require vaccinations at our offices, we added extra time from our previously announced September 20 return to office timeframe and extended the date to October 25,” a T-Mobile spokesperson said via email in response to an inquiry from GeekWire. “We are still, however, highly encouraging vaccinated employees to return to the office starting now.”
The spokesperson said, “Employees of course make their own health choices, and can request to continue to work remotely during this timeframe, which will be approved based on their role and circumstances.”
The company will be requiring employees who work in the office to provide proof of vaccination by Oct. 25, and likely sooner, the spokesperson said.
Many companies previously planned to bring employees back to the office on a regular basis this fall, but the rise of the COVID-19 Delta variant thwarted their plans.
Companies including Amazon and Expedia have now pushed their returns to the office back to January 2022. Microsoft, Redfin and others are leaving their timelines open-ended, promising to give employees ample notice when they set new dates.
The policies apply to the broad workforces of those companies. In many cases, individual employees can go into the office if vaccinated.
Amazon contributed $7.5 million to complete the Wilburton and Wilburton Trestle trail segments in Bellevue, Wash., the city just east of Seattle where it eventually plans to employ 25,000 people.
The project will connect The 85th Street overcrossing and existing east side bicycle trail system, and restore and transform the 102-foot tall, 975-foot long Wilburton wooden railway trestle built in 1904.
“Amazon’s contribution puts us over the top, providing the remaining funds we need to restore and transform the iconic Wilburton Trestle into an elevated trail connected to high-capacity transit,” said King County Executive Dow Constantine.
“The successful partnership to add the century-old trestle to our growing regional trail network shows that we are most effective when we mobilize the efforts of public and private sectors to achieve shared goals.”
Upon completion, the project known as the Eastrail will run 42 miles and connect a series of existing bike paths and, eventually, the four light rail stations being completed along the east side. It is part of the federal rail-to-trails program that led to the completion of the Burke-Gilman trail, for example.
The Wilburton and Wilburton Trestle segments will be completed in 2024, according to King County estimates. One potential hangup is the conversion of the existing, 117-year-old rail trellis, which is considered both a delicate and expensive engineering project.
In a statement, King County officials said upon completion the trestle will “offer skyline views of Bellevue.”
And that skyline is undergoing a renovation of its own thanks to Amazon, which effectively has made Bellevue its HQ2.
With more than 75,000 employees now in the region it calls home, Amazon has exhibited a strong desire to stretch further beyond the limits of Seattle, driven in part by disputes with the Seattle City Council over its impact on the community, and efforts by the city to impose new taxes on big businesses. In 2019, after a prior tax battle, the company announced plans to move its worldwide operations to Bellevue.
Last year, Amazon nabbed two million square feet of office space in downtown Bellevue with leases at new properties being developed by Vulcan: 555 Tower and West Main.
Amazon is also building two towers at 600 Bellevue, and announced in early March that it leased a 600,000-square-foot office building called The Artise,
This expansion would be in addition to the thousands of employees it already has in Bellevue — the city where Jeff Bezos originally started Amazon in a residential garage 26 years ago.
“Amazon is excited to help complete these two key segments on the Eastrail and bring this once-in-a-lifetime opportunity to reality,” said Patrick Miller, Amazon’s director of Global Real Estate and Facilities for the Puget Sound region.
“It is an honor to be part of this public-private partnership and we appreciate our collaboration with King County and all of the public agencies involved.”
Seattle-based UX and design firm Blink has been acquired by Mphasis, a publicly-traded IT services giant based in Bangalore, India.
Founded 21 years ago, Blink works with companies such as Amazon, Apple, Microsoft, NASA, and Starbucks. The firm employs more than 130 people across offices in Seattle, Austin, Boston, San Diego, and San Francisco. It has earned $34 million in revenue so far this year, according to CEO and co-founder Karen Clark Cole.
Blink will retain its name following the acquisition, and all employees are staying aboard.
Founded in 1998, Mphasis reported revenue of more than $1.3 billion for its fiscal year ending March 31. It reached a market capitalization of $4.5 billion last year.
In 2016, Blackstone Group acquired a majority stake in the company from Hewlett Packard.
“The acquisition of Blink, consistent with our M&A focus, is in the forefront of providing well researched design and high impact digital experiences to our clients and their end customers,” Mphasis CEO Nitin Rakesh said in a statement.
Blink grew slowly for years before ramping up. Big corporations recently began knocking on the door, interested in buying Blink. Instead, Clark Cole and co-founder Kelly Franznick launched a strategy to themselves acquire smaller companies, aiming to become the biggest UX business around, Cole told GeekWire last year.
Blink did not raise any outside capital, Cole said.
“Designing products that meet needs, and are friction free, is how we delight customers and enrich their lives with technology,” Clark Cole said in a statement. “We are so thrilled to now have Mphasis’s engineering skills as part of our core, providing end-to-end services for our clients and following our designs through to launch.”
Theropods and Triceratops and hadrosaurs, oh my! Seattle’s Burke Museum of Natural History and Culture is making significant additions to its dinosaur holdings, thanks to a summer expedition to Montana’s Hell Creek Formation.
Four distinct dinosaurs were dug up, and all of the fossils will be brought back to the Burke Museum on the University of Washington’s campus, where the public can watch paleontologists remove the surrounding rock in the museum’s fossil prep lab.
“Each fossil that we collect helps us sharpen our views of the last dinosaur-dominated ecosystems and the first mammal-dominated ecosystems,” Gregory Wilson Mantilla, the Burke Museum’s curator of vertebrate paleontology and a biology professor at UW, said today in a news release. “With these, we can better understand the processes involved in the loss and origination of biodiversity and the fragility, collapse and assembly of ecosystems.”
This summer’s Hell Creek field season was organized by UW and the museum, which is part of the university. Participants included volunteers, paleontologists and educators associated with the DIG Field School program, as well as students from UW and other universities.
The Burke Museum said the excavation focused on four sets of fossils:
The hip bones of an ostrich-sized theropod, representing a group of meat-eating, two-legged dinosaurs that includes T. rex and raptor dinosaurs.
The pelvis, toe claw and limbs from another ostrich-like theropod that may be a rare specimen of the species Anzu wylie, also known as “the chicken from hell,” or even a previously unknown species.
The hips and legs of a duck-billed dinosaur, also known as a hadrosaur.
The skull and other fossilized bones of a horned Triceratops.
All of the fossils except for the Triceratops will be prepared in the museum’s fossil prep lab this fall and winter. The team hasn’t completed excavating the Triceratops and will return to finish the job next summer.
The Triceratops fossil is nicknamed the “Flyby Trike,” in honor of the rancher who first identified the dinosaur while flying his airplane over the land that he’s leasing from the Bureau of Land Management.
So far, the Burke Museum team has uncovered the Triceratops’ fossilized frill, horn bones, rib bones, lower jaw and teeth — as well as a ball-shaped occipital condyle bone from the back of the skull that’s called the “trailer hitch.” The team estimates that about 30% of the dinosaur’s skull bones have been found to date, and more bones are likely to be uncovered next year.
The Triceratops bones were scattered on top of each other in hardened mud, in patterns that were unlike how the bones would have been found in an intact animal. That suggests that the dinosaur died on a flood plain, and that its bones were mixed together after its death — either by a scavenger or by a flood or flowing river.
“Previous to this year’s excavations, a portion of the Flying Trike frill and a brow horn were collected and subsequently prepared by volunteer preparators in the fossil preparation lab,” said field-work leader Kelsie Abrams, who manages the museum’s prep lab. “The frill was collected in many pieces and puzzled together fantastically by volunteers. Upon puzzling the frill portion together, it was discovered that the specimen is likely an older ‘grandparent’ Triceratops.”
Amber and seed pods were found alongside the Flyby Trike, and those clues should help paleontologists flesh out their picture of what the Hell Creek ecosystem was like when dinosaurs walked the earth.
“Not only can plant material tell us what these dinosaurs were perhaps eating, but plants can more broadly tell us what their environment looked like,” said Paige Wilson, a UW graduate student working with the Burke Museum. “Plants are the base of the food chain and a crucial part of the fossil record. It’s exciting to see this new material found so close to vertebrate fossils.”
Visitors to the Burke Museum can now watch paleontologists remove rock from the theropod hips in the fossil prep lab. Additional fossils will be prepared in the coming weeks. All four dinosaurs will be held in trust by the museum on the BLM’s behalf.
Expedia Group says it will unify its loyalty programs, allowing travelers to accumulate rewards across brands including Expedia, Hotels.com, Orbitz, Vrbo, Travelocity, Hotwire and others.
The announcement results from a longstanding effort inside the Seattle-based online travel giant to simplify and streamline its overall business, including an initiative to bridge its different travel brands with a common technology backend.
The larger effort has been a major focus for Expedia Group CEO Peter Kern since taking over the top executive role last year. Expedia Group Chairman Barry Diller’s previous dissatisfaction with the progress of the initiative was one of the reasons for a shakeup of the company’s top leadership in December 2019.
Expedia Group says it has more than 145 million members across the separate rewards programs currently operated separately by its different brands.
The company said Tuesday morning that the unified program will launch soon, but did not provide a specific date.
“The program will consist of unique member pricing discounts and the ability to earn and redeem rewards across all Expedia Group brands, such as Expedia, Vrbo, Hotels.com, Travelocity, and Orbitz,” the company said in a news release, noting that the new program “will span flights, hotels, vacation rentals, car rentals, cruises, and activities.”