One of the most fascinating and frightening incidents in the history of computer security began in 2022 with a few emails to the mailing list of a small, one-person open source project.

A user had submitted a complex piece of code that was now waiting for the maintainer to review it. But a different user by the name of Jigar Kumar thought that wasn’t happening fast enough. Patches spend years on this mailing list, he complained. Version 5.2.0 was 7 years ago. There is no reason to think that anything will come soon…

A month later, he followed up – over 1 month and no closer to being merged. It’s not a surprise. [sic]

And a month later: is there any progress on this? Kumar stayed for about four months complaining about the pace of updates and then was never heard from again.

A few weeks ago, the world learned a shocking twist. Jigar Kumar doesn’t seem to exist at all. There are no records of anyone with that name outside of pushy emails. He, along with other accounts, was apparently part of a campaign to compromise nearly every computer in the world with Linux. (Linux is an open source operating system unlike the closed systems of companies like Apple that run on tens of millions of devices.)

That campaign, experts believe, was likely the work of a well-resourced state actor, one that nearly pulled off an attack that could have made it possible for attackers to remotely access millions of computers by logging in effective as anyone wanted. The security ramifications would have been enormous.

How to (almost) hack everything

Here’s how things unfolded: In 2005, software engineer Lasse Collin wrote a series of tools to better compress files (similar to the process behind a .zip file). He made these tools freely available online, and many larger projects incorporated Collins’ work, eventually becoming XZ Utils.

The Collins tool became a part of the vast open source ecosystem that powers much of the modern Internet. We might think that something as central to modern life as the Internet has a professionally maintained structure, but like an XKCD comic published long before the hack. shows, it’s closer to the truth that the entire modern digital infrastructure is based on a project that some random person in Nebraska has been maintaining since 2003. XZ Utils was one such project and yes , you should find it a little worrying that there are so many of them. .

Starting in 2021, a user named Jia Tan, who also doesn’t seem to exist anywhere else, started making contributions to the XZ project. At first, they were small, harmless fixes. Then Tan started sending out bigger additions.

The way an open source project like this works is that a Collin maintainer, in this case, has to read and approve each submission. Sure enough, Tan was overloading Collin with homework.

That’s when Kumar showed up to complain that Collin was taking too long. Another account that doesn’t seem to exist joined the chorus. They argued that Collin was clearly not up to the task of maintaining his project alone and pushed for you to add Jia Tan as another lead.

It seems likely that they were fakes created to push Lasse to give Jia more control, engineer Russ Cox writes in a detailed timeline of the incident. it has worked Over the next few months, Jia began responding to xz-devel threads with authority on the upcoming 5.4.0 release. He had become a trusted maintainer who could add code to XZ Utils.

Why does any of this matter? Because one of the many, many open source tools that XZ Utils incorporated was OpenSSH, which is used to access computers remotely and is used by millions of servers worldwide.

Tan carefully added to XZ Utils a well-disguised code that compromised OpenSSH, allowing developers to remotely log into any computer running OpenSSH. The files containing the (heavily disguised) code were accepted as part of the larger project.

Fortunately, almost all of the millions of potentially targeted computers were not affected because their new update routine was first published as unstable (ie expected to have some bugs) and most administrators expect a later stable release.

Before this happened, Jia Tans work was stuck. Andres Freund, a software engineer at Microsoft, was off work doing some testing on a computer that had the new unstable version. Under most circumstances the hack ran smoothly, but under the circumstances I was testing it slowed down SSH performance. He dug deep and quickly unraveled the whole scheme.

Which means that thanks to a Microsoft engineer doing some after-hours work, your computer remains safe, at least as far as I know.

Can we do better than being lucky?

There was nothing inevitable about this hack being discovered. Many other people were running the new unstable build without noticing any problems. What made Freund suspicious in the first place was not the suspicious code, but a bug that had been accidentally introduced by Jia Tan.

If Jia Tan’s team had avoided this mistake, they might have succeeded. Capturing the suspect code actually required a lot of matches, Freund later told Mastadon.

No one wants to believe that modern computer security is essentially based on a lot of coincidences. We would prefer to have reliable processes. But I hope this narrative makes clear how difficult it is to reliably defend the jury-rigged Internet we have against an attack like this.

The people behind Jia Tan spent more than two years building the access they needed for this attack. Some of the details have to do with the dynamics of open source software, where decades-old projects are often in a silent maintenance stage that, as we’ve seen, can be taken over by an aggressive actor. But with the same resources and dedication behind Jia Tan, you could also hire a software company to do the same with closed source software.

Above all, it is very difficult to guess whether this attempted attack was unprecedented or unusual simply because it was caught. This means we have no idea if there are other landmines lurking in the bowels of the Internet.

Personally, as someone who doesn’t work in IT security, the biggest thing I took away from this was less a prescription for specific policies and more a sense of awe and appreciation. Our world runs on the unacknowledged contributions of engineers like Collin and Freund, people who spend their free time building things, testing things, and sharing what they build for the benefit of everyone. This is a downside for security, but it’s also great.

Collin could not be reached for comment. (His website said: To the media and journalists: I will not respond for now because I need to understand the situation thoroughly enough first. It is enough to reload this page once every 48 hours to check if (this message has changed.) But I hope he eventually comes around to thinking that being the personal target of this rather extraordinary effort to make his work at XZ utils feel inadequate is, in fact, a remarkable claim to his importance .

A version of this story originally appeared on the Future Perfect newsletter Register here!

The 2023 Turing Award, the computing world’s equivalent of the Nobel Prize, has been awarded to mathematician Avi Wigderson for his innovative and broadly applicable contributions to computing. The honor comes with a $1 million prize.

During his decades-long career, the 67-year-old Institute for Advanced Study professor was concerned with whether a problem could be solved, rather than what the answer might be in a specialization known as theoretical computing .

As far as we know, for every problem we face and try to solve, we can’t rule out that it has an algorithm that can solve it, Wigderson says. Quanta magazines Stephen Ornes. This is the most interesting problem for me.

At the center of his work is chance and unpredictability. Computers tend to work in predictable ways, following certain patterns. But starting with his research in the early 1980s, Wigderson discovered that in some cases, adding an unknown or randomness to particular algorithms could lead to an easier and faster solution. Conversely, he found that randomness could be removed from other algorithms, making it easier to reach a solution.

His work to study and refine this relationship between randomness and the difficulty and solvability of problems has had profound impacts on modern computing.

It’s very difficult to work in any space of computing without actually crossing paths with Avis’ work, says Madhu Sudan, a computer scientist at Harvard University who has collaborated with Wigderson on research in the past. Quanta magazine. And everywhere, you will find very deep knowledge.

Yannis Ioannidis, president of the Association for Computing Machinery, the organization that awards the Turing Award, called Wigderson a towering intellectual force in theoretical computing, in a statement this week.

His contributions, for example, helped researchers better understand one of the field’s most famous untested conjectures, called the P versus NP problem. Question: If the solution to a problem is easy to verify, is the problem easy to solve? The conjecture suggests that easy and hard problems for computers are fundamentally different. By chance, Wigderson helped clarify particular proofs and discover unique cases where easy and hard problems were the same.

Wigderson also wrote about how the concepts of theoretical computing can be applied to various natural and man-made processes, chance could play a role in solving difficult problems, such as finding a cure for cancer, he writes the News from New York Cade Metz Chance governs many processes in the world, from stock markets to Internet gossip to the spread of disease to the activity of bacteria in a petri dish.

As such, the impact of Wigderson’s work has expanded far beyond computing. The modern fields of cryptography, cloud computing, and blockchain development are steeped in Wigderson’s principles and discoveries.

Avi Wigderson, Turing Award 2023 Q&A with David Nirenberg | Institute of Advanced Studies

For example, his work with randomness and algorithms helped advance zero-knowledge protocols, a crucial method within computer security that allows the transfer and confirmation of sensitive information between parties. In its simplest operation, one party is able to demonstrate that a condition is true to another party, without revealing any other details. Unique and random digital keys also help protect data online.

In another testament to how the description and exploitation of randomness extends into various fields, the discipline has recently received recognition in mathematics. The 2024 Abel Prize, the world’s most important prize in mathematics, was awarded last month to French mathematician Michel Talagrand for his advances in stochastic systems, which help model random variables more accurately.

Among a variety of other awards, Wigderson won the 2021 Abel Prize along with mathematician Lszl Lovsz for work that helped connect mathematics with computing. This new honor makes Wigderson the only person to have won both a Turing Award and an Abel Award.

Avis’ impact on the theory of computation over the past 40 years is unparalleled, according to Oded Goldreich, a professor of computer science at the Weizmann Institute of Science in Israel. New Scientists Alex Wilkins. The diversity of areas in which he has contributed is impressive.

For all his successes in predictability, one process that Wigderson did not solve was his own announcement of the Turing Award.

The [Turing] The committee misled me into believing we were going to have a conversation about collaborating, says Wigderson New Scientist. When I zoomed in, the whole committee was there and they told me. I was excited, surprised and happy.

A Jacksonville-based Internet company that announced in September plans to bring its fiber-optic network to Gainesville is finally ready to activate its $50 million investment.

IQ Fiber co-founders Ted Schremp and Kim Smithers told The Sun in an interview Thursday that they were in the final stages of setup and testing, and that the service will go live sometime this month.

Schremp, who also serves as the company’s president and CEO, said he is excited to bring a new option to Gainesville residents when it comes to home Internet.

“People perceive their cable provider to be a monopoly because, whether they’re really a monopoly or not, they’re often the only option, and an option isn’t an option,” Schremp said.

Gainesville Mayor Harvey Ward, in a press release when the original IQ Fiber announcement was made, expressed a similar sentiment.

It has always been a priority of my policy to extend broadband competition in our community. I am pleased to see IQ Fiber expand into the Gainesville market and look forward to its presence here creating a variety of opportunities for all of our neighbors,” he said.

“When we look at things like what’s happening with VMware, if you have your partnership with VMware, great, we’re not here to completely replace that,” says Christie Kanen, Canadian channel manager at Scale Computing. “We’re understanding what’s happening in the market and the trends and understanding that customers want options.”

From partner enablement to improving security offerings to being another VMware alternative, seven executives from vendors selling through Climb Channel Solutions discuss how they’re doubling down in the channel.

Vendor executives took the stage at Climb’s partner conference in Birmingham, Alabama this week to discuss a range of topics in front of a packed room of MSPs.

The panels were moderated by Carlos Rodrigues, VP of Sales, Climb’s Canadian and US Vendor Manager Team; and Sarah Peters, Director of National Alliances at Climb.

Panelists included Rick Fredrickson, director of global channels at Canonical; Shane Popham, Director of Channels, OpenText; Phil Trickovic, Senior Vice President, Tintri; DNS Filter Partner Evangelist Mikey Pruitt; Craig Pfister, Global Vice President of Sales Engineering at Kiteworks; Christie Kanen, Canadian Channel Manager, Scale Computing;

and Leslie Lorenco, vice president of global channel sales at Security Compass.

We’re not just pushing the product, Popham said. We are helping to solve global challenges unique to different industries.

Popham even talked about AI and how OpenText is helping partners leverage the technology.

Having great AI means great information, he said. We have a big drive to enable artificial intelligence in all organizations because it will become mainstream. Things will evolve and become automated, so we need to be ready. We’re securing the AI ​​and securing all that information to make sure there’s no breach.”

When it comes to working with partners, Scale Computing’s Kanen said it’s about a mutual relationship.

It’s not the partner dictating things and it’s not us dictating things, it’s really understanding the business model between both companies, understanding what the go-to-market strategies are and what your customers need at the end of the day, he said .

And that has recently influenced the channel transformation involved in Broadcom’s November 2023 acquisition of VMware for $61 billion.

When we look at things like what’s happening with VMware, if you have your partnership with VMware, great, we’re not here to completely replace that, Kanen said. We’re understanding what’s happening in the market and trends and understanding that customers want options. It’s about making sure we understand what that go-to-market strategy is, but also understanding that at the end of the day we know that [MSPs] they are the ones being trusted by your client to be these consultants.

See what vendors had to say about a range of topics, including customer issues, being an ideal partner, and helping MSPs grow their business.

Tintris Trickovic on the most important customer pain points

The answer is the VMware-Broadcom mess. This over the past four months has dominated market conversations. There is also confusion around AI and how it provides a training model that actually adds real value to the business. So those two things I would say are the most important. We are starting to see some of these LLMs (large language models) and other associated training models develop and they are very chaotic and disorganized. Obviously, it will be freezing and it will be a very beautiful world in the future. Legacy architectures are beginning to fall. Traditional architectures don’t really work efficiently in these new stacks that are emerging, so we’re very focused on that and providing clarity.

OpenText’s Popham on Partner Consolidation Issues

What customers say is, “I have 100 different cyber products.” I don’t know what they all do. Can you help me understand? Are there other ways to simplify this? Can I join or can I get rid of something? Can I work with partners to help provide services to link them together?’

Canonical’s Fredrickson on using the channel to resolve end-customer issues

There are several ways that channel companies can help a company like ours. It could be demand generation, sales efforts, delivery services, first-tier support, managed service providers, or all those other things in between. We talked to our partners and put it out there and said, “We’re in this matrix.” What is most relevant to you and your partners and how do you support them?’

of Tintri Trickovic about partners looking to expand into emerging markets

We are looking for partners who want to expand in this emerging market. We’ve seen that there are some forks or trifurcations within the channel and some are focused on how to simplify what’s coming. We’re really trying to push to simplify what comes to the VAR community. Simplicity is coming, so we’re really looking for partners to focus on simplicity, effectiveness, and being able to deliver really easy ROI.

Canonical’s Fredrickson on the ideal MSP partner

The strongest thing is the desire to do something different, it’s someone who is really trying to take their customers to a different place and push the envelope. This can take all sorts of forms. It could be them providing support at a much higher level of service or smaller solution-oriented players bringing us the problems. Most important are those partners who have these aggressive conversations.

Scale Computing’s Kanen on VMware Partner Capture

Continue to understand what these trends are within the edge computing space, earning the name Scale Computing and helping to address these local applications. The other side is the acquisition of Broadcom and VMware. Our goal this year is to take advantage of this opportunity, run as far as we can and get as many customers as we can out of VMware and into Scale Computing.

Lorenco Security Compass on improving security offerings for the mid-market

Security by Design is really much more of a business game. They’re big government and high compliance companies like Bank of America, financial services, companies like that. This year we’re launching a mid-market product that targets smaller shops that don’t have 2,000 developers. We’re really trying to go down from that enterprise lake to the middle market. The goal as we go into next year is to start really pushing this MSP game and going after the partners who are doing this work on behalf of their customers and helping them do more.

DNS filter Pruitt on MSP relationships

Our journey is based on communication and building our relationships. We are relatively new to the channel and are still getting the feel of everything. We really want to make relationships possible. There is a lot of willingness on our part to be flexible [MSP] they need to make sure they have what they need, technology-wise. We’ve just released our reseller training that will tell MSPs all about DNS filtering and what filtering is, and then all about what kind of customers to consider and who are prime candidates for our solution.

Kitework’s Pfister in a holistic partner approach

What was being seen in the market or customer demand is that it is not just about technology, people are looking for holistic solutions. People are looking for specific technology, and then there’s a process and documentation that goes with it. Our organization strategically does not provide services. Once we get into the after-sales world, there are things we will do to help customers, such as being able to hold them in a matter of hours. I will do my best to allow you and help you along the way though [the customer] is relying on you for your business, advice and market understanding. You will lead them down this path which is the only way forward. He is willing to be activated, willing to understand things and understand the business value that goes into it. Once you structurally understand the business value, we move on to the services side and you can really manage that relationship from start to finish.

• Kinetic recently completed fiber optic construction in the community of Mount Pleasant, North Carolina

• This project collectively brings fiber optic internet to 1,257 homes, increasing the availability of high speed broadband internet to 44% of the community.

• Members in attendance included Mount Pleasant Mayor Tony Lapish and Kinetic North Carolina President of Operations Stacy Hale.

MOUNT PLEASANT, NC, April 12, 2024–(BUSINESS WIRE)–Kinetic, a leading high-speed broadband Internet provider, is pleased to announce the completion of its fiber broadband Internet construction in Mount Pleasant, North Carolina By to commemorate this milestone, a ribbon-cutting ceremony was held in April. 12, 2024, at Kinetics’ central location in downtown Mount Pleasant.

Kinetic’s commitment to bridging the digital divide and providing fast fiber internet to communities is exemplified by the completion of this project. Kinetic successfully equipped 1,257 homes in Mount Pleasant with fiber internet, representing an impressive 44% coverage of the city.

The ribbon cutting ceremony will mark the official launch of Kinetic’s fiber broadband Internet service in Mount Pleasant. Residents can now enjoy blazing fast internet speeds, seamless streaming and enhanced connectivity for their homes and businesses. This important infrastructure development will undoubtedly contribute to the city’s economic growth, educational opportunities and quality of life in general.

“We are thrilled to celebrate the completion of our fiber broadband Internet construction in Mount Pleasant,” said Kinetic North Carolina President of Operations Stacy Hale. “Kinetic is dedicated to providing reliable, high-speed Internet access to communities, and we are proud to have reached this milestone. We thank the residents of Mount Pleasant for their patience during the construction process and look forward to providing Internet services exceptional at its doors”.

The story continues

Attendees at today’s event witnessed the official unveiling of the fiber broadband infrastructure and learned about the benefits it brings to the community.

Kinetic remains committed to expanding its next-generation network across the region, ensuring more communities have access to reliable, high-speed Internet services. With a focus on bridging the digital divide, Kinetic continues to play a vital role in empowering individuals, businesses and educational institutions with the tools they need to thrive in the digital age.

“I want to applaud Kinetic for their efforts to bring high-speed fiber Internet to the city of Mount Pleasant,” state Sen. Paul Newton (R-Cabarrus) said in a written statement. “As a Kinetic customer, I cannot stress enough the positive impact fiber has on the lives of those who have access to Kinetics high-speed Internet. This new infrastructure provides Internet capable of supporting work, the school and the everyday needs of our community.”

Homes and businesses can visit GoKinetic.com to find out if they are eligible for a speed upgrade and learn how Kinetic can meet their needs. They can also visit or call the Kinetic Connection Center retail store at 250 N First Street in Albemarle or call them to make an appointment at 704-722-3355.

The Kinetics Mount Pleasant fiber project is part of a $2 billion multi-year capital investment strategy by Kinetic to dramatically expand gigabit fiber service across the company’s 18-state footprint.

Superfast and reliable Kinetic Fiber connections in Cabarrus County allow residential customers at concert speeds to surf the Internet securely from home with no lag time while working, participating in virtual classrooms, or streaming entertainment services. Businesses from small to enterprise can take advantage of the fiber-backed network to implement solutions that make their businesses more efficient and profitable, such as OfficeSuite UC and SD-WAN.

About Kinetic: Kinetic, a Windstream company, provides fiber-based broadband to residential and small business customers in 18 states. The company’s quality approach connects customers to new opportunities and possibilities by offering a full suite of advanced communications services. Kinetic is one of three brands managed by Windstream. The company also provides managed cloud communications and security services to medium and large enterprises and US government entities, as well as custom wavelength and dark fiber solutions to carriers, content providers and hyperscalers in the US and Canada. Windstream is a privately held company headquartered in Little Rock, Ark. Find out more about Kinetic at GoKinetic.com or windstream.com.

Category: Kinetics

View the source version at businesswire.com: https://www.businesswire.com/news/home/20240411300367/ca/

contacts

Victoria Carman, victoria.carman@windstream.com

Zack Medlin, zackary.medlin@windstream.com

The FITARA 17.0 Scorecard highlights a major gap in federal cybersecurity that has existed among government agencies for the better part of the past two decades. With scores falling this year, largely due to the introduction of a new cloud security category, it’s clear that opportunities exist to better protect and adopt cloud technologies.

As more organizations and federal agencies move to the cloud to improve productivity and maximize cost efficiency, bad actors are also seeing unequivocal success in targeting vulnerabilities in hybrid cloud environments. In the past year alone, nearly half of all cyberattacks originated in the cloud, underscoring the critical need for a reassessment of current security measures and the implementation of robust strategies to strengthen cloud operations.

As agencies grapple with the complexity of protecting their most essential digital assets in cloud environments, it is imperative to recognize and understand current cloud security deficiencies while establishing a plan for continuous improvement.

The evolving landscape of cloud security

Ninety-eight percent of all organizations currently store their most sensitive data in the cloud, making them lucrative targets for exploitation. The economic impact of these breaches, with $4.1 million lost last year alone, underscores the gravity of the situation.

Traditional security measures, which rely primarily on perimeter-based defenses, face significant challenges in effectively safeguarding cloud assets. The dynamic nature of cloud environments, along with the complexities of shared responsibility models, cloud misconfigurations, and an increasingly connected software supply chain, complicate security efforts significantly.

Misconfigurations, weak authentication mechanisms, and inadequate access controls emerge as common vulnerabilities, exposing agencies to high risks and unintended consequences. In addition, bad actors’ relentless pursuit of exploiting weaknesses underscores the urgent need for agencies to reassess their security posture and adopt proactive measures to mitigate emerging threats, strengthen operational efficiency, and build resilience in sensitive environments.

Key strategies to improve cloud security

Prioritize greater end-to-end visibility: The first step for agencies looking to build resiliency in the cloud is to first gain end-to-end visibility into hybrid IT environments. Agency leaders should focus on understanding and monitoring all layers of the cloud infrastructure, from the network and applications to user activity and data flows. Limited visibility can have significant consequences, such as blind spots in monitoring and detection capabilities. These blind spots not only prevent timely identification of security incidents, but also exacerbate risk exposure, leaving agencies vulnerable to prolonged attacks.

Cloud visibility isn’t just a convenience; it is a strategic necessity. In a world where cyber threats are becoming more sophisticated and regulatory scrutiny is increasing, organizations cannot afford blind spots in their cloud environments. By understanding the complexities of cloud environments, agencies can more proactively identify vulnerabilities, detect anomalous behavior, and respond to security incidents in a timely manner.

Continuous monitoring of workloads Once end-to-end visibility is established, agency leaders will have a much easier time monitoring and managing cloud activities and communications. By implementing robust monitoring mechanisms that provide real-time information about cloud activities, agencies will be able to continuously monitor workloads, detect threats early, and respond quickly when breaches or attacks occur to minimize potential damage.

Continuous monitoring offers many benefits, including early detection of threats and rapid response to incidents. Real-time alerts and notifications also play a crucial role in this regard, quickly notifying security teams of suspicious activity or anomalies. Leveraging monitoring tools and technologies designed specifically for cloud environments improves visibility, allowing agencies to gain insight into resource usage, network traffic, and user behavior.

Adopt a default assumption mentality In addition, it is imperative that federal agencies do so arecognize and operate under the mindset that security incidents are inevitable. Rather than focusing solely on prevention, this approach emphasizes proactive detection and response strategies.

Threat intelligence sharing and cross-sector collaboration play a crucial role in staying ahead of evolving threats, enabling agencies to anticipate and prepare for potential risks and strengthen their defenses accordingly.

An effective incident response plan is also essential to effectively manage security incidents, once they occur. This plan should clearly define roles and responsibilities, establish communication protocols and define escalation procedures. By preparing for various scenarios in advance, agencies can minimize the impact of security incidents and mitigate potential damage.

Adopt containment strategies to limit the inevitable Finally, proactively preparing for and mitigating the impact of security incidents helps safeguard critical assets and preserve business continuity. This proactive approach to security enables agencies to remain resilient in the face of evolving threats, preventing breaches from becoming cyber disasters and ensuring the integrity of their cloud environments.

Segmentation using zero-trust principles provides an effective approach to containment, limiting lateral movement and preventing the spread of threats in the IT environment. Fine-grained access controls further enhance security by restricting access to sensitive resources and data based on the principle of least privilege.

Building a more resilient future

With the increasing adoption of new technologies by bad actors, it is critical that agencies prioritize security measures to safeguard sensitive data and protect networks in mission-critical environments. Agencies must take proactive approaches to cloud security, including increasing visibility, enabling continuous monitoring, and applying a breach assumption mindset to better detect and respond to threats more effectively, allowing them to also minimize the risk of data breaches and disruptions.

Improving cloud security requires a concerted effort by federal agencies, emphasizing the importance of proactive measures, continuous improvement, and innovation. And while cloud security may not yet be up to par among federal agencies, I’m hopeful that agencies will reflect on the latest scores and prioritize more effective cloud security strategies in the coming year.

Gary Barlet is Illumino’s Chief Federal Technology Officer.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located in the European Economic Area.

---

Mini PCs have become a huge hit in recent years, with users opting for these smaller, more streamlined PCs as an alternative to desktops or laptops. But few have made the waves that the Ayaneo Retro Mini PC AM01 has.

I’ve been using one of the higher-end variants of the Ayaneo Retro Mini PC AM01 for a few months now, and I honestly have to say that it’s one of the best mini PCs money can buy, even if you have to make the leap. a few hoops to get it right now.

Retro indie paradise

Capturing the iconic look of the classic 1984 Mac computer, the Retro Mini PC AM01 is a dream come true for retro lovers and collectors alike. The affordable price (starting at $259) of this Ayaneo Mini PC is packed with a lot of potential, but how well it uses that potential can definitely vary depending on what you’re doing.

If you’ve ever thought about buying a mini PC, you probably already know what kind of drawbacks you’re looking at, namely the lower performance and more limited upgradeability that comes with these smaller packages. Still, they’ve come a long way in recent years, and these PCs can handle a bit now, especially as they incorporate newer hardware like RAM, SSDs, and faster CPUs. The AMD 5700U included in my Retro Mini PC AM01 is more than capable of running some of the newer games (albeit at lower settings), but there’s no dedicated graphics card, so you’ll definitely have to play around with the settings if you try to run the newest titles.

However, when it comes to retro or indie gaming, the Retro Mini PC AM01 is a great replacement for a desktop PC, and it has loads of ports and even support for 4K at 60Hz, which makes be an easy purchase for much more. an expensive desktop computer that you might want to do similar things with. The model I’ve been using for the past few months is equipped with the aforementioned AMD 5700U, 32GB of DDR4 RAM, a 1TB SSD, and Windows 11 Home. It’s not the gaming beast that is my main desktop, but it doesn’t need to be.

The Retro Mini PC AM01 is not designed to replace your gaming desktop. Instead, Ayaneo has gone all retro with its design, even going so far as to showcase a slew of retro games in the company’s built-in app. And since it’s equipped with a solid, if aging, processor like the AMD 5700U (you can also go as far as an AMD 5800U), you can do all your daily tasks here, too. I’ve used it to play indie and retro games, as well as for productivity tasks. I’m actually writing this review on PC right now.

As a mini PC geared more toward “light gaming,” the Ayaneo offers everything you’d expect, along with great performance in those low-end games. Titles like Stardew Valley, Dead cells, and a ton of old and emulated titles will work just fine here, and it’ll all cost you less than $500, depending on what model you build. I saw problems with some titles, such as Baldur’s Gate 3 i Cyberpunk 2077but I also didn’t expect any of these titles to do very well in the first place.

However, if you use one of the lower RAM variants here, it will probably cost you more. As such, I would definitely recommend upgrading your RAM or trying to get a higher RAM setting just to keep things as smooth as possible.

Iconic design

The design, of course, is what first drew me to the Ayaneo Retro Mini PC AM01. As I noted above, it’s designed to look like that iconic first Mac computer, and Ayaneo really nailed the look and design here.

But it doesn’t stop there. The Retro Mini PC combines all this iconic design with modern ports, offering plenty of space to connect different accessories and peripherals. The four included USB-A ports, as well as the USB-C port on the front, allow you to connect various items such as keyboards, mice and wireless headphones. You can also connect directly to Ethernet via an Ethernet port on the back, in case you prefer that over wifi.

There’s also a DisplayPort and HDMI port on the back, allowing you to connect up to two displays. I was able to run the Retro Mini PC AM01 smoothly in my 4K dual monitor setup and it looks pretty good on my desktop.

What makes the Retro Mini PC stand out even more is the customization that Ayaneo has designed around the iconic Mac look. You can use various magnets and stickers to create a certain look, and while you’ll need to place it on the back during use (this is best for heat dissipation), it offers a small way to make the mini PC feel like your own.

Jumping through hoops

Perhaps the most disappointing part of the Ayaneo Retro Mini PC is the many hoops you have to jump through to get your hands on it. Right now, Ayaneo is only selling it as part of an IndieGoGo campaign, which means you’ll essentially have to back the campaign to get your hands on one.

The configurations they offer now are also extremely limited as they only have a certain amount of units distributed for each option. The different options offered on the IndieGoGo page may change, but it’s hard to say what will be available and what won’t. (Ayaneo has yet to share any plans to offer the Retro Mini PC AM01 outside of its IndieGoGo campaign.) Fortunately, even if you end up with a smaller RAM or SSD setup, the Retro Mini PC AM01 is extremely easy to upgrade with new parts, you can take it apart, although this could void any warranty, so be careful if you go that route.

Overall, I’m very happy with what Ayaneo has contributed here. As I pointed out earlier, playing really demanding games won’t be a great option. But if you want a great little mini PC that can handle your daily tasks, run some retro and indie games without much trouble, and look great on your desktop, the Ayaneo Retro Mini PC AM01 is easily one of the best market options. . Its iconic design and easy upgradeability are also big highlights.

The AMD 5700U configuration sent me listings for $420 on Ayaneo’s IndieGoGo page, and I’d recommend it as a great starting point for anyone planning to pick one up.

The need for sovereignty over our online experiences has never been more pressing. As data breaches and data farming practices become the new normal, and internet users are continually seen as the perfect target, it’s time for a change. Enter xyOS, XYOs innovative sovereign platform poised to redefine how we engage in the digital world. As we stand on the cusp of a new era in the evolution of the Internet, xyOS gives users unprecedented control and autonomy to navigate the digital frontier.

What is xyOS?

xyOS, or XYO Operating System, is a revolutionary sovereign platform designed to streamline the operation of an XYO node by providing an easy-to-use graphical interface that democratizes access to the XYO platform, protocol, and network. Gone are the days of needing specialized technical skills to navigate the complexities of blockchain technology. With xyOS, users of all backgrounds and comfort levels can seamlessly interact with the XYO ecosystem, unlocking its full potential with just a few clicks.

With xyOS, we take a giant leap forward in the pursuit of a more sovereign Internet, one that allows users to take back ownership of their online interactions. From simplifying node configuration to providing real-time information on XYO technologies, xyOS is a catalyst for change in the digital ecosystem.

Key features:

• Access to Core and dApps by default: Includes Settings, System Viewer, System Dashboard, and Identity that allow for user customization and node enhancements.
• Third Party DApps:It enables the development of third-party dApps through comprehensive documentation and guides.
• xyons: Also known as the XYO Name System for both xyOS and the XYO Network, xyoNS allows users to display friendly names instead of addresses and hashes to access modules and data. It also provides a collective namespace for public name resolution.
• Daily payload: Our (previously) secret minigame will be released soon. Get ready for daily challenges, badges, leaderboards and more fun surprises to come!

Why xyOS matters

At its core, xyOS embodies the principles of freedom, autonomy and innovation. By prioritizing user sovereignty and data control, xyOS sets the stage for more equitable and empowering online experiences. No longer bound by the limitations of centralized platforms, users can explore, create, exchange and connect with confidence, knowing that these engagements are truly theirs.

What’s next for xyOS?

As we look to the future, xyOS is just getting started. Ahead of the official launch of the xyOS beta, we invite the XYO community to join us for early access opportunities and engagement initiatives later this month. There are countless ways to get involved and make your mark on the evolution of the Internet, including:

• COIN users: COIN users will receive an exclusive first look at xyOS and its innovative features.
• XYO users: For our XYO community, users will be able to register for early access to the xyOS experience and provide valuable feedback.
• Community involvement: As access is rolled out to early users, the community will be invited to participate in comments, discussions, and other interactions. Stay tuned to see how you can get involved!
• Builder the Future initiative: Join our community of builders and innovators to contribute to the development of xyOS and earn rewards for your efforts.

Join us on our journey

Now is the time to seize the opportunity of a sovereign Internet. With xyOS leading the way, we have the power to shape a digital future that is truly ours. Follow us on social media, sign up for our newsletter, and join the conversation as we embark on this transformative journey together. Together, we can redefine the Internet and unlock its full potential for generations to come.

Sign up for early access to xyOS herewhile there are still places available.