Project Maven (officially Algorithmic Warfare Cross Functional Team) is a United States Department of Defense initiative launched in 2017 to accelerate the adoption of machine learning and data integration across U.S. military intelligence workflows, specifically in intelligence, surveillance, target acquisition, and reconnaissance as well as in geospatial intelligence. It initially focused on applying computer vision for processing images and videos for intelligence purposes. Currently, the program operates under the National Geospatial-Intelligence Agency (NGA) and encompasses multiple applications across the Department of Defense spanning military operation targeting support, data integration and visualization for analysts, and training machine learning models on labeled datasets of military assets and infrastructure. It integrates data from drones, satellites, and other sensors to flag potential targets, present findings to human analysts, and relay their decisions to operational systems. The program originated under Deputy Secretary Robert O. Work after he raised concerns about China's advances in defense applications of artificial intelligence. Project leaders, Colonel Drew Cukor, USMC, and Lt. Gen. Jack Shanahan, framed the program as human-in-the-loop decision support inside the Department of Defense rather than as an autonomous weapons platform. Contractors supporting Maven have included Google, which withdrew in 2018 after internal protests, and follow-on integrators such as Palantir, Anduril, Amazon Web Services, and Anthropic (withdrew in 2026). The Pentagon credits Maven with providing 2024 targeting support for U.S. airstrikes in Iraq, Syria, and Yemen, along with locating hostile maritime assets in the Red Sea. == Administrative history == Initially, the effort was led by Robert O. Work who was concerned about China's military use of the emerging technology. Reportedly, Pentagon development stops short of acting as an AI weapons system capable of firing on self-designated targets. The project was established in a memo by the U.S. Deputy Secretary of Defense on 26 April 2017 proposing an "Algorithmic Warfare Cross-Functional Team". With the help of Defense Innovation Unit, the project obtained the support of top talents in AI outside of the traditional defense contracting base. It was initially funded for $70 million. Jack Shanahan was the director of the project during April 2017 to December 2018. At the second Defense One Tech Summit in July 2017, Cukor said that the investment in a "deliberate workflow process" was funded by the Department [of Defense] through its "rapid acquisition authorities" for about "the next 36 months". In the defense industry, the standard procedure for the military to acquire hardware is by way of research, development, test, and evaluation (RDT&E), followed by production and sustainment. In 2017, acquiring software was done in the same way as hardware. This created a problem, since software is constantly updated. Project Maven procured software using Broad Agency Announcements, a flexible contracting vehicle that categorized software as consistently RDT&E, allowing constant updating. Another issue was that the government usually acquired the intellectual property (IP) for procured software, and with the project, only parts of the IP of the software was acquired. Cukor used the principle of "platform IP belongs to the vendor, configurations on top are the customer's". For example, Palantir retained IP to their core platform, while the government obtained the IP to Maven-specific logic configured on top of it. According to US Air Force Lt. Gen. Jack Shanahan in November 2017, it is "designed to be that pilot project, that pathfinder, that spark that kindles the flame front of artificial intelligence across the rest of the [Defense] Department". Its chief, U.S. Marine Corps Col. Drew Cukor, said: "People and computers will work symbiotically to increase the ability of weapon systems to detect objects." Project Maven has been noted by allies, such as Australia's Ian Langford, for the ability to identify adversaries by harvesting data from sensors on UAVs and satellites. As of 2017 December, 150,000 images had been manually labelled to establish the first training data sets, and it was projected to reach one million by January 2018. Project Maven was funded for $221 million in fiscal 2020. In 2020, the House and Senate conferees on the National Defense Authorization Act for Fiscal Year 2021, agreed to the Senate's recommendation to fund the Pentagon's $250 million request for Project Maven. At the GEOINT Symposium of 2022, it was announced that Project Maven was transferred from the Office of the Under Secretary of Defense for Intelligence and Security to the NGA, under President Biden’s proposed budget for Fiscal Year 2023. It became a Program of Record on 2023 November 7. Frank "Trey" Whitworth, vice admiral, was the director of NGA from June 2022 to November 2025. Whitworth was initially skeptical of the program, suspecting it was incautious about the targeting principles, but later regarded it as "important work". As of 2024, the project is jointly administered by the NGA and the CDAO, and its director is Rachel Martin. Before 2025, Biden appointees within CDAO had held back AI development for safety and reliability concerns, though as of 2025, this has stopped. As of 2024, Maven provided the cloud infrastructure, software capabilities, and AI for CDAO's Combined Joint All-Domain Command and Control initiatives. As of summer 2025, there were eight Maven initiatives. Of these, five were in the NGA, including analyzing drone feeds and satellite imagery. On 18 September 2025, the UK government announced a new partnership with Palantir to develop AI-powered military capabilities for decision-making and targeting, identifying opportunities worth up to £750 million over five years. On 25 March 2025, the NATO Communications and Information Agency and Palantir finalized the acquisition of the Palantir Maven Smart System NATO (MSS NATO) for employment within NATO's Allied Command Operations. It was planned to be used within 30 days of acquisition. In a letter to Pentagon on 9 March 2026, Steve Feinberg stated that Project Maven will become an official program of record by September 2026, the close of the current fiscal year. The project would transfer from the NGA to the CDAO within 30 days. Future contracting with Palantir would be handled by the US Army. In 2026-03, it was announced that the US Army Combined Arms Command would integrate Maven into its training. == Technology == Project Maven uses machine learning algorithms to analyze and fuse vast amounts of surveillance data from multiple sources made possible through data integration using Palantir Technologies. The data sources include photographs, satellite imagery, geolocation data (IP address, geotag, metadata, etc) from communications intercepts, infrared sensors, synthetic-aperture radar, and more. The system is mainly used for assisting analysts in intelligence, surveillance, target acquisition, and reconnaissance. Machine learning systems, including object recognition systems, process the data and identify potential targets, such as enemy tanks or location of new military facility. The training dataset included at least 4 million images of military objects such as warships, labelled by humans. The user interface is called Maven Smart System. It could display information such as aircraft movements, logistics, locations of key personnel, locations on the no-strike list, ships, etc. Yellow-outlined boxes show potential targets. Blue-outlined boxes show friendly forces or no-strike zones. It could also transmit, directly to weapons, a human decision to fire weapons. Internal documentation referred to "Maven ATR: automatic target recognition". Initially the project focused on applications of computer vision. The project's leaders were particularly impressed by model performance on ImageNet. As of 2018, the purpose of the system was AI-enabled analysis of full-motion video. In 2022 it expanded to combatant commands under the AI and Data Acceleration Initiative. In 2022, it was reported that the project expanded to non-image data, including captured enemy material, maritime intelligence, and publicly available information. In 2024, it was stated that Maven's key technical contribution was data management: Maven standardizes heterogeneous data through an ontology layer so data can be fused, exchanged across cloud and edge systems, and used by multiple applications. The system was presented as a broader data-centric warfighting system that feeds apps for planning, preparing, and executing operations. In 2024, the Broad Area Surveillance-Targeting (BAS-T) is a part of Maven. The system detects objects in images and uses data fusion to produce a common operational picture containing "priority based, in-depth assessment of the enemy systems pre
SAP Cloud Infrastructure
SAP Cloud Infrastructure is an SAP-operated IaaS cloud platform, used to run SAP’s cloud business and customer-facing deployments for SAP and non-SAP workloads. It is developed and operated with open-source technologies within SAP’s data center network, based on OpenStack and Kubernetes and supporting SAP S/4HANA and general-purpose applications. It offers compute, storage, and platform services that are accessible to SAP customers. == History == In 2012, SAP promoted aspects of cloud computing. In October 2012, SAP announced a platform as a service called the SAP Cloud Platform. In May 2013, a managed private cloud called the S/4HANA Enterprise Cloud service was announced. SAP Converged Cloud was announced in January 2015. SAP Converged Cloud was originally developed as SAP's internal standardized Infrastructure as a Service (IaaS) offering to support SAP’s cloud solutions. Originating from SAP Converged Cloud, SAP Cloud Infrastructure was developed and announced as SAP’s cloud computing offering that is provided for both SAP and customer workloads. In 2025, it had a global footprint of 15 regions and 29 data centers, encompassing more than 200,000 active VMs and over 6,000 hypervisors. In September 2025, SAP announced an expansion of its European “SAP Sovereign Cloud” portfolio, explicitly naming SAP Cloud Infrastructure (alongside SAP Sovereign Cloud On-Site) as part of the stack positioned for public sector and regulated environments. == Services and Features == SAP Cloud Infrastructure (SCI) is an infrastructure-as-a-service (IaaS) offering by SAP that provides virtual compute, storage, and networking services, together with identity, key management, and operational services. SCI follows a self-service model and is managed via APIs and a web-based user interface. === Compute === SCI provides virtual machine instances that can be provisioned from operating system images and selected in predefined sizes (“flavors”). It supports lifecycle operations such as create/modify/resize/delete, power control, and snapshots; instances can be organized into server groups to influence placement policies. === Storage === SCI provides persistent storage services including: Block storage (virtual volumes) with attach/detach to instances, online expansion, cloning, snapshots, and provisioning volumes from images or snapshots. Object storage (containers and objects) managed via API/CLI with access control lists (ACLs) and configurable redundancy options. File storage (shared file systems) with access controls, online resize, snapshots/restore, and replication across availability zones. === Networking === SCI provides software-defined networking (SDN) for tenant networks (networks, subnets, routers) and connectivity features such as floating IPs for public reachability. Network security controls include security groups and firewall policies; connectivity options include BGP-based VPN networking. === Load balancing and DNS === SCI includes managed load balancing for distributing traffic across backend instances and an authoritative DNS service (DNSaaS) with API-based management of DNS zones and records, including options for zone sharing/transfer across projects/tenants and service integrations for automated record creation. === Identity, access, and key management === SCI includes identity and access management for authentication/authorization in projects/tenants (for example token handling, role assignment, and credential management) and key/secrets management for storing and controlling access to secret material such as keys and certificates, including support for different backends (depending on configuration). === Cloud-native services === SCI includes a container image registry (image push/pull, access policies, and lifecycle controls) and an auto-scaling capability for file shares based on configurable rules. === Observability and audit === SCI includes metrics and audit logging capabilities for operational monitoring and for listing/filtering audit-relevant events across services. === Availability and service levels === SCI documentation describes availability-related features such as load balancing, storage redundancy options, and replication for file shares across availability zones. SAP cloud services are governed by contractual service-level agreements (SLA); SAP Cloud Infrastructure references an SLA supplement defining infrastructure-specific terms when referenced in order forms. === SAP cloud services === SAP cloud services can run on different underlying infrastructures, including SAP Cloud Infrastructure in addition to SAP NS2 or hyperscalers. SAP cloud solutions available on SAP Cloud Infrastructure include SAP Cloud ERP, SAP HCM, SAP Solutions for Spend Management, Supply Chain Management, Business Transformation Management, and SAP Business Technology Platform (including related analytics and business data solutions). For example, SAP HANA Cloud documentation lists SAP Cloud Infrastructure as one of the supported infrastructures alongside hyperscalers. === Sustainability === SAP describes sustainability initiatives for its data centers, including energy-efficient infrastructure (for example, advanced cooling systems and power management), renewable electricity usage where feasible, and operational practices such as recycling electronic waste and minimizing water usage. SAP also references environmental management and energy management standards such as ISO 14001 and ISO 50001 for its data center operations. SAP-owned data centers run with 100% renewable electricity and that renewable electricity has been used since 2014 to power SAP facilities including owned data centers and co-locations. == SAP Cloud Infrastructure for SAP Sovereign Cloud == SAP Sovereign Cloud is a portfolio of SAP solutions designed to help organizations adopt SAP cloud solutions such as the SAP Cloud ERP while maintaining control over data, infrastructure, and compliance in line with local laws and regulations. The portfolio offers multiple deployment options, including SAP Cloud Infrastructure and SAP Sovereign Cloud On-Site, alongside sovereign hyperscaler-based options such as via SAP NS2, and targets customers such as public-sector bodies and other highly regulated organizations. In Europe, SAP Cloud Infrastructure is an Infrastructure-as-a-Service (IaaS) deployment option within SAP Sovereign Cloud for SAP and customer / third party workloads, operated on SAP’s data center network and developed using open-source technologies, with customer data stored within the European Union. Sovereignty-related characteristics for the SAP Cloud Infrastructure include: EU footprint and ownership model: SAP-operated data centers in Germany include sites in St. Leon-Rot and Walldorf, and co-location sites in Frankfurt. EU AI Cloud: EU AI Cloud is a sovereign AI offering for Europe that provides secure, compliant environments for building and running AI, including governed access to auditable large language models from SAP and partners. It offers AI models on the SAP Cloud Infrastructure and SAP Business Technology Platform (SAP BTP), enabling deployment of AI applications and models on high-performance European infrastructure (including accelerator/GPU-based compute for AI workloads). Availability zones and secure interconnect: Three availability zones in three independent data centers in Germany, connected via SAP-owned fiber on SAP-owned property. Facility and security standards: ISO/IEC 27001 governance of delivery and operations of SAP cloud services and SAP-owned data centers. Additional facility and availability standards: EN 50600 availability class 3 (European data centre standard) and/or ISO/IEC 22237 availability class 3 (international equivalent). Technology foundation: Based on open-source cloud infrastructure framework (OpenStack) and Kubernetes, without dependencies on hyperscaler technologies. Sovereignty controls: Data sovereignty (data residency), operational sovereignty (administration and maintenance restricted to approved, security-cleared personnel), technical sovereignty (locally hosted control planes with separation via encryption or dedicated infrastructure), and legal sovereignty (use of locally based legal entities or those in approved countries). Classified information processing: Roadmap to meet high and very high requirements for handling classified or sensitive information under European regulatory and security regimes. Public-sector readiness and EU sovereignty assurance levels: Implemented to meet SEAL-3 (Digital Resilience) and SEAL-4 (Full Digital Sovereignty) of the European Commission’s Cloud Sovereignty Framework. Staffing constraints: Operations model selectable to restrict sensitive operations to vetted personnel from EU or NATO countries.
Artificial Intelligence for Digital Response
Artificial Intelligence for Digital Response (AIDR) is a free and open source platform to filter and classify social media messages related to emergencies, disasters, and humanitarian crises. It has been developed by the Qatar Computing Research Institute and awarded the Grand Prize for the 2015 Open Source Software World Challenge. Muhammad Imran stated that he and his team "have developed novel computational techniques and technologies, which can help gain insightful and actionable information from online sources to enable rapid decision-making" - according to him the system "combines human intelligence with machine learning techniques, to solve many real-world challenges during mass emergencies and health issues". == How to use == It can be used by logging in with ones Twitter credentials and by collecting tweets by specifying keywords or hashtags, like #ChileEarthquake, and possibly a geographical region as well. == Use == It has been deployed in conjunction with UNICEF in Zambia to classify short messages related to AIDS/HIV received through the U-Report platform. AIDR was used for the first time during the 2010 Pakistan floods. The first real test of AIDR took place during the 2014 Iquique earthquake in Chile. == Related talks and events == Muhammad Imran delivered a keynote talk on the science behind the AIDR system at the International Conference on Information Systems for Crisis Response And Management (ISCRAM). Abdelkader Lattab and Ji Lucas also presented the system at the 2016 QCRI-IBM Data Science Connect event.
Comparison of user features of operating systems
Comparison of user features of operating systems refers to a comparison of the general user features of major operating systems in a narrative format. It does not encompass a full exhaustive comparison or description of all technical details of all operating systems. It is a comparison of basic roles and the most prominent features. It also includes the most important features of the operating system's origins, historical development, and role. == Overview == An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also include accounting software for cost allocation of processor time, mass storage, printing, and other resources. For hardware functions such as input and output and memory allocation, the operating system acts as an intermediary between programs and the computer hardware, although the application code is usually executed directly by the hardware and frequently makes system calls to an OS function or is interrupted by it. Operating systems are found on many devices that contain a computer – from cellular phones and video game consoles to web servers and supercomputers. As of June 2024, the dominant general-purpose desktop operating system is Microsoft Windows with a market share of around 72.91%. macOS by Apple Inc. is in second place (14.93%), and the varieties of Linux are collectively in third place (4.04%). In the mobile sector, including both smartphones and tablets, Android is dominant with a market share of 71%, followed by Apple's iOS with 28%; for smartphones alone, Android has 72% and iOS has 28%. Linux distributions are dominant in the server and supercomputing sectors. Other specialized classes of operating systems (special-purpose operating systems)), such as embedded and real-time systems, exist for many applications. Security-focused operating systems also exist. Some operating systems have low system requirements (i.e. light-weight Linux distribution). Others may have higher system requirements. Some operating systems require installation or may come pre-installed with purchased computers (OEM-installation), whereas others may run directly from media (i.e. live cd) or flash memory (i.e. USB stick). == MS-DOS == === Overview === MS-DOS (acronym for Microsoft Disk Operating System) is an operating system for x86-based personal computers mostly developed by Microsoft. Collectively, MS-DOS, its rebranding as IBM PC DOS, and some operating systems attempting to be compatible with MS-DOS, are sometimes referred to as "DOS" (which is also the generic acronym for disk operating system). MS-DOS was the main operating system for IBM PC compatible personal computers during the 1980s, from which point it was gradually superseded by operating systems offering a graphical user interface (GUI), in various generations of the graphical Microsoft Windows operating system. IBM licensed and re-released it in 1981 as PC DOS 1.0 for use in its PCs. Although MS-DOS and PC DOS were initially developed in parallel by Microsoft and IBM, the two products diverged after twelve years, in 1993, with recognizable differences in compatibility, syntax, and capabilities. During its lifetime, several competing products were released for the x86 platform, and MS-DOS went through eight versions, until development ceased in 2000. Initially, MS-DOS was targeted at Intel 8086 processors running on computer hardware using floppy disks to store and access not only the operating system, but application software and user data as well. Progressive version releases delivered support for other mass storage media in ever greater sizes and formats, along with added feature support for newer processors and rapidly evolving computer architectures. Ultimately, it was the key product in Microsoft's development from a programming language company to a diverse software development firm, providing the company with essential revenue and marketing resources. It was also the underlying basic operating system on which early versions of Windows ran as a GUI. == Microsoft Windows == === Overview === Microsoft Windows, commonly referred to as Windows, is a group of several proprietary graphical operating system families, all of which are developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. Active Microsoft Windows families include Windows NT and Windows IoT; these may encompass subfamilies, (e.g. Windows Server or Windows Embedded Compact) (Windows CE). Defunct Microsoft Windows families include Windows 9x, Windows Mobile, and Windows Phone. Microsoft announced an operating environment named Windows on 10 November 1983, as a graphical operating system shell for MS-DOS in response to the growing interest in graphical user interfaces (GUIs); Windows 1.0 first shipped on 20 November 1985. Microsoft Windows came to dominate the world's personal computer (PC) market with over 90% market share, overtaking Mac OS, which had been introduced in 1984, while Microsoft has in 2020 lost its dominance of the consumer operating system market, with Windows down to 30%, lower than Apple's 31% mobile-only share (65% for desktop operating systems only, i.e. "PCs" vs. Apple's 28% desktop share) in its home market, the US, and 32% globally (77% for desktops), where Google's Android leads. Apple came to see Windows as an unfair encroachment on their innovation in GUI development as implemented on products such as the Lisa and Macintosh (eventually settled in court in Microsoft's favor in 1993). As of January 2023, on PCs, Windows is still the most popular operating system in all countries. However, in 2014, Microsoft admitted losing the majority of the overall operating system market to Android, because of the massive growth in sales of Android smartphones. In 2014, the number of Windows devices sold was less than 25% that of Android devices sold. This comparison, however, may not be fully relevant, as the two operating systems traditionally target different platforms. Still, numbers for server use of Windows (that are comparable to competitors) show one third market share, similar to that for end user use. As of October 2020, the most recent version of Windows for PCs, tablets and embedded devices is Windows 10, version 20H2. The most recent version for server computers is Windows Server, version 20H2. A specialized version of Windows also runs on the Xbox One video game console. === Windows 95 === Windows 95 introduced a redesigned shell based around a desktop metaphor; File shortcuts (also known as shell links) were introduced and the desktop was re-purposed to hold shortcuts to applications, files and folders, reminiscent of Mac OS. In Windows 3.1 the desktop was used to display icons of running applications. In Windows 95, the currently running applications were displayed as buttons on a taskbar across the bottom of the screen. The taskbar also contained a notification area used to display icons for background applications, a volume control and the current time. The Start menu, invoked by clicking the "Start" button on the taskbar or by pressing the Windows key, was introduced as an additional means of launching applications or opening documents. While maintaining the program groups used by its predecessor Program Manager, it also displayed applications within cascading sub-menus. The previous File Manager program was replaced by Windows Explorer and the Explorer-based Control Panel and several other special folders were added such as My Computer, Dial Up Networking, Recycle Bin, Network Neighborhood, My Documents, Recent documents, Fonts, Printers, and My Briefcase among others. AutoRun was introduced for CD drives. The user interface looked dramatically different from prior versions of Windows, but its design language did not have a special name like Metro, Aqua or Material Design. Internally it was called "the new shell" and later simply "the shell". The subproject within Microsoft to develop the new shell was internally known as "Stimpy". In 1994, Microsoft designers Mark Malamud and Erik Gavriluk approached Brian Eno to compose music for the Windows 95 project. The result was the six-second start-up music-sound of the Windows 95 operating system, The Microsoft Sound and it was first released as a startup sound in May 1995 on Windows 95 May Test Release build 468. When released for Windows 95 and Windows NT 4.0, Internet Explorer 4 came with an optional Windows Desktop Update, which modified the shell to provide several additional updates to Windows Explorer, including a Quick Launch toolbar, and new features integrated with Internet Explorer, such as Active Desktop (which allowed Internet content to be displayed directly on the desktop). Some of the user interface elements introduced in Windows 95, such as the desktop, taskbar, Start menu and Windows
Awwwards
Awwwards (Awwwards Online SL) is an organization that hosts web design competitions and conferences across Europe and the United States. Website owners and developers can participate by submitting their websites for review. Submissions are assessed by a jury, and top entries are presented and awarded prizes on a rotational basis. == Nomination process == Web designers submit their websites through Awwwards' platform for consideration for the Site of the Day. A jury, composed of industry professionals, and the Awwwards community evaluate the entries. The best daily sites are published annually in "The 365 Best Websites Around the World" book. == Jury == The jury consists of international designers, developers, and agencies who assess the creativity, technical skills, and insight of the submitted web projects. The panel's expertise ensures a comprehensive review process. === Developer Award === Awwwards, in partnership with Microsoft, created the Developer Award to recognize web developers who demonstrate excellence in creating websites that meet modern standards. The award highlights websites that work seamlessly across various platforms and devices, using best practices in HTML5, JavaScript, and CSS. == Annual winners == Some prominent Site of the Year winners include Mercedes-Benz, Bloomberg L.P., Bose Corporation, Warner Brothers, Volkswagen, Uber, and Google. == Awwwards conference == Awwwards also organizes two-day conferences featuring speakers from major tech companies and industry leaders such as Microsoft, Google, Spotify, Adobe, Opera, and Smashing Magazine. These events focus on the latest trends in web design and development. Speakers at Awwwards conferences have included notable figures in the design and technology industry such as Stefan Sagmeister, Paula Scher, and design leaders from companies including Wix. == Corporate affairs == === Platform === Awwwards operates an online platform where web designers and developers submit websites for evaluation and awards. Submitted projects are reviewed by a jury based on design, usability, creativity, and content. The platform also serves as a community hub for discovering digital trends, showcasing work, and accessing educational resources including talks and interviews. Design professionals from international companies have participated in Awwwards events and platform content. For example, Wix, a cloud-based web development company known for its website builder tools, has featured prominently in Awwwards conferences, with its design leadership contributing to discussions on design trends and creative thinking.
Thunderspy
Thunderspy is a type of security vulnerability, based on the Intel Thunderbolt 3 port, first reported publicly on 10 May 2020, that can result in an evil maid (i.e., attacker of an unattended device) attack gaining full access to a computer's information in about five minutes, and may affect millions of Apple, Linux and Windows computers, as well as any computers manufactured before 2019, and some after that. According to Björn Ruytenberg, the discoverer of the vulnerability, "All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop. All of this can be done in under five minutes." The malicious firmware is used to clone device identities which makes classical DMA attack possible. == History == The Thunderspy security vulnerabilities were first publicly reported by Björn Ruytenberg of Eindhoven University of Technology in the Netherlands on 10 May 2020. Thunderspy is similar to Thunderclap, another security vulnerability, reported in 2019, that also involves access to computer files through the Thunderbolt port. == Impact == The security vulnerability affects millions of Apple, Linux and Windows computers, as well as all computers manufactured before 2019, and some after that. However, this impact is restricted mainly to how precise a bad actor would have to be to execute the attack. Physical access to a machine with a vulnerable Thunderbolt controller is necessary, as well as a writable ROM chip for the Thunderbolt controller's firmware. Additionally, part of Thunderspy, specifically the portion involving re-writing the firmware of the controller, requires the device to be in sleep, or at least in some sort of powered-on state, to be effective. Machines that force power-off when the case is open may assist in resisting this attack to the extent that the feature (switch) itself resists tampering. Due to the nature of attacks that require extended physical access to hardware, it's unlikely the attack will affect users outside of a business or government environment. == Mitigation == The researchers claim there is no easy software solution, and may only be mitigated by disabling the Thunderbolt port altogether. However, the impacts of this attack (reading kernel level memory without the machine needing to be powered off) are largely mitigated by anti-intrusion features provided by many business machines. Intel claims enabling such features would substantially restrict the effectiveness of the attack. Microsoft's official security recommendations recommend disabling sleep mode while using BitLocker. Using hibernation in place of sleep mode turns the device off, mitigating potential risks of attack on encrypted data.
Elonis v. United States
Elonis v. United States, 575 U.S. 723 (2015), was a United States Supreme Court case concerning whether conviction of threatening another person over interstate lines (under 18 U.S.C. § 875(c)) requires proof of subjective intent to threaten or whether it is enough to show that a "reasonable person" would regard the statement as threatening. In controversy were the purported threats of violent rap lyrics written by Anthony Douglas Elonis and posted to Facebook under a pseudonym. The ACLU filed an amicus brief in support of the petitioner. It was the first time the Court has heard a case considering true threats and the limits of speech on social media. == Background == In May 2010, Elonis was in the process of divorce and made a number of public Facebook posts. Prior to his postings, he had lost his job at an amusement park. He "posted the script of a sketch" by The Whitest Kids U' Know, which originally referenced saying "I want to kill the President of the United States" and replaced the president with his wife: Elonis ended the post with this statement: "Art is about pushing limits. I'm willing to go to jail for my constitutional rights. Are you?" A week later, Elonis posted about local law enforcement and a kindergarten class, which caught the attention of the Federal Bureau of Investigation. Then, he wrote a post on Facebook about one of the agents who visited him: He concluded: == Arrest and Conviction == These actions led to Elonis's arrest on December 8, 2010. He was indicted by a grand jury on five counts of threats to his estranged ex-wife, park employees and visitors, local law enforcement, an FBI agent, and a kindergarten class that had been relayed through interstate communication. At the district court, Elonis moved to dismiss the indictment for failing to allege that he had intended to threaten anyone, claiming his Facebook post was not were not intended as a threat. He argued that, as an aspiring rap artist, his posts were intended to be a form of artistic expression to help him cope with his recent loses. According to him, he did not mean anything said in his posts in a literal sense. His motion was denied. He requested a jury instruction that "the government must prove that he intended to communicate a true threat", which was also denied. He was convicted on the last four of the five counts, and was sentenced to 44 months in prison and three years on supervised release. He appealed unsuccessfully to the Third Circuit, renewing his challenge to the jury instructions. He then appealed to the U.S. Supreme Court based on lack of any attempt to show intent to threaten and on First Amendment rights. == Decision == On June 1, 2015, the U.S. Supreme Court reversed Elonis's conviction in an 8–1 decision. Chief Justice John Roberts wrote for a seven-justice majority, Samuel Alito authored an opinion concurring in part and dissenting in part, and Clarence Thomas authored a dissenting opinion. The finding of the circuit court was reversed and the matter remanded. === Majority opinion === The majority opinion, written by Roberts, did not rule on First Amendment matters or on the question of whether recklessness was sufficient mens rea to show intent. It ruled that mens rea was required to prove the commission of a crime under §875(c). Importantly, the mens rea issue had been preserved for review, since Elonis had raised that objection at every stage of the previous proceedings. The government contended that the presence of the words "intent to extort" in §875(b) and §875(d) implied that the absence in §875(c) was constructive. The court disagreed, holding that the absence of the language in §875(c) was because the section was intended to have a broader scope than threats relating to extortion. The opinion drew on many Supreme Court cases holding that in criminal law, mens rea was required though it had not been mentioned explicitly in statute. Consequently, the Supreme Court ruled in favor of Elonis. === Alito's concurrence === Justice Samuel Alito, concurring in part and dissenting in part, opined that while agreeing that mens rea was required and specifically that showing negligence was not sufficient, the court should have ruled on the question of recklessness. He further opined that recklessness was sufficient to show a crime under that provision on the basis that going further would amount to amending the statute, rather than interpreting it. Since Elonis explicitly argued that recklessness was not sufficient, Alito said: I would therefore remand for the Third Circuit to determine if Elonis’s failure (indeed, refusal) to argue for recklessness prevents reversal of his conviction. The Third Circuit should also have the opportunity to consider whether the conviction could be upheld on harmless error grounds. Alito also addressed the First Amendment question, elided by the majority opinion. He held that "lyrics in songs that are performed for an audience or sold in recorded form are unlikely to be interpreted as a real threat to a real person. ... Statements on social media that are pointedly directed at their victims, by contrast, are much more likely to be taken seriously." === Thomas's dissent === Justice Clarence Thomas, dissenting, wrote against discarding the "general intent" standard without replacing it with a clearer standard. Thomas argued that "there is no historical practice requiring more than general intent when a statute regulates speech." Thomas cited Rosen v. United States, arguing that general intent was sufficient in this case. However, the majority opinion offers refutation in that Rosen turned on ignorance of the law: knowledge as to whether material was legally obscene, not on whether it was intended to be obscene. Thomas also supported the government's claim that the presence of "intent to extort" language in the adjacent §875(b) and did not address the majority's reasoning on that language. Thomas used precedent, notably from the states and 18th-century England based on other but similar and, arguably, influencing legislation to support his "general intent" claim. Thomas also drew a parallel with general intent in tort. While he sought to address the First Amendment issues, he never strayed far from "general intent". == Aftermath == On remand, the Third Circuit reaffirmed the conviction "concluding beyond a reasonable doubt that Elonis would have been convicted if the jury had been properly instructed" and therefore was harmless error. In 2022, Elonis was once again arrested and indicted on three counts of cyberstalking involving three people. It was discovered that between 2018 and 2021, Elonis had sent numerous threatening messages over email, text, voice mail, and social media platforms like Twitter to a former prosecutor of the Eastern District of Pennsylvania, his ex-girlfriend, and ex-wife. On August 5, after a five-day trial, Elonis was found guilty on all three counts, and on March 23, 2023, he was sentenced by U.S. District Court Judge Edward G. Smith of Easton, Pennsylvania to twelve years and seven months in prison.