Connect with us

Gadgets

Luminar eyes production vehicles with $100M round and new Iris lidar platform – TechCrunch

Published

on

Luminar is one of the major players in the new crop of lidar companies that have sprung up all over the world, and it’s moving fast to outpace its peers. Today the company announced a new $100 million funding round, bringing its total raised to more than $250 million — as well as a perception platform and a new, compact lidar unit aimed at inclusion in actual cars. Big day!

The new hardware, called Iris, looks to be about a third of the size of the test unit Luminar has been sticking on vehicles thus far. That one was about the size of a couple hardbacks stacked up, and Iris is more like a really thick sandwich.

Size is very important, of course, as few cars just have caverns of unused space hidden away in prime surfaces like the corners and windshield area. Other lidar makers have lowered the profiles of their hardware in various ways; Luminar seems to have compactified in a fairly straightforward fashion, getting everything into a package smaller in every dimension.

Test model, left, Iris on the right.

Photos of Iris put it in various positions: below the headlights on one car, attached to the rear-view mirror in another and high up atop the cabin on a semi truck. It’s small enough that it won’t have to displace other components too much, although of course competitors are aiming to make theirs even more easy to integrate. That won’t matter, Luminar founder and CEO Austin Russell told me recently, if they can’t get it out of the lab.

“The development stage is a huge undertaking — to actually move it towards real-world adoption and into true series production vehicles,” he said (among many other things). The company that gets there first will lead the industry, and naturally he plans to make Luminar that company.

Part of that is of course the production process, which has been vastly improved over the last couple of years. These units can be made quickly enough that they can be supplied by the thousands rather than dozens, and the cost has dropped precipitously — by design.

Iris will cost less than $1,000 per unit for production vehicles seeking serious autonomy, and for $500 you can get a more limited version for more limited purposes like driver assistance, or ADAS. Luminar says Iris is “slated to launch commercially on production vehicles beginning in 2022,” but that doesn’t mean necessarily that they’re shipping to customers right now. The company is negotiating more than a billion dollars in contracts at present, a representative told me, and 2022 would be the earliest that vehicles with Iris could be made available.

LUMINAR IRIS TRAFFIC JAM PILOT

The Iris units are about a foot below the center of the headlight units here. Note that this is not a production vehicle, just a test one.

Another part of integration is software. The signal from the sensor has to go somewhere, and while some lidar companies have indicated they plan to let the carmaker or whoever deal with it their own way, others have opted to build up the tech stack and create “perception” software on top of the lidar. Perception software can be a range of things: something as simple as drawing boxes around objects identified as people would count, as would a much richer process that flags intentions, gaze directions, characterizes motions and suspected next actions and so on.

Luminar has opted to build into perception, or rather has revealed that it has been working on it for some time. It now has 60 people on the task split between Palo Alto and Orlando, and hired a new VP of Software, former robo-taxi head at Daimler, Christoph Schroder.

What exactly will be the nature and limitations of Luminar’s perception stack? There are dangers waiting if you decide to take it too far, because at some point you begin to compete with your customers, carmakers that have their own perception and control stacks that may or may not overlap with yours. The company gave very few details as to what specifically would be covered by its platform, but no doubt that will become clearer as the product itself matures.

Last and certainly not least is the matter of the $100 million in additional funding. This brings Luminar to a total of over a quarter of a billion dollars in the last few years, matching its competitor Innoviz, which has made similar decisions regarding commercialization and development.

The list of investors has gotten quite long, so I’ll just quote Luminar here:

G2VP, Moore Strategic Ventures, LLC, Nick Woodman, The Westly Group, 1517 Fund / Peter Thiel, Canvas Ventures, along with strategic investors Corning Inc, Cornes, and Volvo Cars Tech Fund.

The board has also grown, with former Broadcom exec Scott McGregor and G2VP’s Ben Kortlang joining the table.

We may have already passed “peak lidar” as far as sheer number of deals and startups in the space, but that doesn’t mean things are going to cool down. If anything, the opposite, as established companies battle over lucrative partnerships and begin eating one another to stay competitive. Seems like Luminar has no plans on becoming a meal.

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Gadgets

More top-tier companies targeted by new type of potentially serious attack

Published

on

Getty Images

A new type of supply chain attack unveiled last month is targeting more and more companies, with new rounds this week taking aim at Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of others. In weeks past, Apple, Microsoft, Tesla, and 32 other companies were targeted by a similar attack that allowed a security researcher to execute unauthorized code inside their networks.

The latest attack against Microsoft was also carried out as a proof-of-concept by a researcher. Attacks targeting Amazon, Slack, Lyft, and Zillow, by contrast, were malicious, but it’s not clear if they succeeded in executing the malware inside their networks. The npm and PyPi open source code repositories, meanwhile, have been flooded with more than 5,000 proof-of-concept packages, according to Sonatype, a firm that helps customers secure the applications they develop.

“Given the daily volume of suspicious npm packages being picked up by Sonatype’s automated malware detection systems, we only expect this trend to increase, with adversaries abusing dependency confusion to conduct even more sinister activities,” Sonatype researcher Ax Sharma, wrote earlier this week.

A slick attack

The goal of these attacks is to execute unauthorized code inside a target’s internal software build system. The technique works by uploading malicious packages to public code repositories and giving them a name that’s identical to a package stored in the target developer’s internal repository.

Developers’ software management apps often favor external code libraries over internal ones, so they download and use the malicious package rather than the trusted one. Alex Birsan—the researcher who tricked Apple and the other 34 companies into running the proof-of-concept packages he uploaded to NPM and PyPi—dubbed the new type of supply chain attack dependency confusion or namespace confusion because it relies of software dependencies with misleading names.

Software dependencies are code libraries that an application must incorporate for it to work. Normally, developers closely guard the names of dependencies inside their software build systems. But Birsan found that the names often leak when package.json files—which hold various metadata relevant to a development project—are embedded into public script files. Internal paths and public scripts that contain the require() programming call can also leak dependency names.

In the event the file with the same name isn’t available in a public repository, hackers can upload a malicious package and give it the same file name and a version number that’s higher than the authentic file stored internally. In many cases, developers either accidentally use the malicious library or their build application automatically does so.

“It’s a slick attack,” HD Moore, co-founder and CEO of network discovery platform Rumble, said. “My guess is it affects a ton of folks,” He added that most at risk are organizations that use large numbers of internal packages and don’t take special steps to prevent public packages from replacing internal ones.

Raining confusion

In the weeks since Birsan published his findings, dependency confusion attacks have flourished. Already hit by a proof-of-concept attack that executed Birsan’s unauthorized package in its network, Microsoft recently fell to a second attack, which was done by researchers from firm Contrast Security.

Matt Austin, director of security research at Contrast, said he started by looking for dependencies used in Microsoft’s Teams desktop application. After finding a JavaScript package called “Optional Dependencies,” he seized on a way to get a Teams development machine to download and run a package he put on NPM. The package used the same name as a module listed as an optional dependency.

Shortly after doing so, a script Austin put into the module started contacting him from several internal Microsoft IP addresses. Austin wrote:

Whether the responses I saw were automated or manual, the fact that I was able to generate this reaction poses significant risk. By taking advantage of the post-install script, I was able to execute code in whatever environment this was being installed on. If attackers were to execute code the way I did on a build server for a desktop application update that was about to be distributed, they could insert anything they wanted into that update, and that code would go out to every desktop using Teams—more than 115 million machines. Such an attack could have monumental repercussions, potentially affecting as many organizations as the massive attack on the SolarWinds software factory that was revealed in December.

He provided the following figure illustrating how a malicious attack might work under this theoretical scenario:

Contrast Security

A Microsoft spokeswoman wrote: “As part of our larger efforts to mitigate package substitution attacks, we quickly identified the issue mentioned and addressed it, and at no point did it pose a serious security risk to our customers.” The spokeswoman added that system that executed Ausin’s code was part of our security testing infrastructure. Microsoft has more about the risks and ways to mitigate them here.

Attacks turn malicious

Like the packages uploaded by Birsan and Austin, the thousands of files that flooded NPM and PyPi have mostly contained benign scripts that send the researchers the IP address and other generic details of the computer that runs them.

But not all of the uploads have observed such restraint. On Monday, Sonatype researchers reported files uploaded to NPM that attempted to steal password hashes and bash script histories from companies including Amazon, Slack, Lyft, Zillow.

A .bash_history file being accessed by the package uploaded to npm.<br />
Enlarge / A .bash_history file being accessed by the package uploaded to npm.

Sonatype

“These activities would take place as soon as a dependency confusion attack succeeds and would need no action from the victim, given the nature of the dependency/namespace hijacking issue,” Sharma, the researcher at Sonatype, wrote.

Bash histories, which store commands and other input that administrators type into their computers, often contain plaintext passwords and other sensitive data. Files stored in the /etc/shadow path of Linux machines store the cryptographic hashes of passwords needed to access user accounts on the computer. (For hashes to be compromised, the NPM app would have to be running in super user mode, an extremely elevated set of privileges that are almost never given to software management apps.)

Sonatype said it had no way of knowing whether the files were executed by any of the companies targeted by the scripts.

The targets respond

In a statement, Slack officials wrote:

The mimicked library in question is not part of Slack’s product, nor is it maintained or supported by Slack. We have no reason to believe the malicious software was executed in production. Our security team regularly scans the dependencies used in our product with internal and external tools to prevent attacks of this nature. Additionally, Slack’s secure development practices, such as using a private scope when using private dependencies, make it unlikely that a dependency-related attack would be successful against our product.

A Lyft statement read: “Lyft was not harmed in this attempt.There is no indication that this malicious software was executed on Lyft’s network. Lyft has a dedicated information security program to defend against such supply chain attacks and runs an active bug bounty program to continuously test its security controls.”

Zillow officials wrote:

We are aware of the recent security report involving a possible attack involving spoofed software packages. After an investigation by our security team, we found no evidence that our systems were compromised or exploited by the disclosed technique. Our team is also taking a number of actions to monitor and defend against any future possible attempts to gain unauthorized access to our systems.

NPM representatives, meanwhile, wrote: “We’ve provided guidance on how to best protect against these types of substitution attacks in this blog post. We’re committed to keeping npm secure and continuing to improve the security of the ecosystem.”

Amazon representatives didn’t respond to an email seeking comment. A representative for PyPi didn’t immediately have a comment.

The recent hack against network tools provider Solar Winds—which compromised the Texas company’s software build system and used it to distribute malicious updates to 18,000 customers—was a stark reminder of the damage that can result from supply-side attacks. Dependency confusion attacks have the potential to inflict even more damage unless developers take precautionary measures.

Continue Reading

Gadgets

Microsoft adds Startup Boost, Sleeping Tabs to Edge build 89

Published

on

Enlarge / We’re not sure why Chromium-based Edge’s branding seems so thoroughly wet.

Microsoft

This week, Microsoft announced several more features trickling down to Edge Stable from its Beta insider channel. These features include Startup Boost, Sleeping Tabs, Vertical Tabs, and a more navigable History dialog. The company also announced some welcome interface tweaks to Bing—which Microsoft insists on categorizing as Edge features, but these items seem to apply equally to Bing in any browser so far.

If you’re not familiar with Microsoft Edge’s release and download system, there are three Insider channels (Canary, Dev, and Beta) that represent daily, weekly, and six-weekly updates in increasing order of stability. New features debut there before eventually making their way into Stable, where normal users will encounter them.

If you’re a Windows user, you can’t actually download new builds in the Stable channel directly. Instead, you must either look for them in Windows Update or navigate to edge://settings/help in-browser and ask Edge to check for updates to itself. If you’d also like to check out the Edge Insider builds, you can do so safely—they won’t replace your Edge Stable; they install side-by-side, with separate icons on your taskbar making them easy to distinguish.

Startup Boost

When we updated Edge Stable to Build 89, we found Startup Boost (shown here as "Continue running background apps") and Sleeping Tabs already enabled.
Enlarge / When we updated Edge Stable to Build 89, we found Startup Boost (shown here as “Continue running background apps”) and Sleeping Tabs already enabled.

Jim Salter

Edge’s new Startup Boost feature is pretty simple. Instead of killing all processes when you close the browser, it leaves a minimal set open and running. Microsoft says that these always-on background processes decrease Edge launch times—whether opened from an Edge icon or opened automatically as an association with hyperlinks from other applications—by 29% to 41%.

Microsoft also says that the background processes have very little impact on CPU and memory footprint of the system as a whole. The new feature is enabled by default in Edge Stable Build 89, but if you don’t like it, you can disable it on your system—go to edge://settings/system and disable Continue running background apps when Microsoft Edge is closed.

Sleeping Tabs

Edge’s new Sleeping Tabs feature automatically puts tabs to sleep—building upon Chromium’s “tab freezing” feature—after two hours of background status without interaction. You can adjust this timeout period manually if it’s not right for you, and Edge also uses heuristics to detect cases when sleep might be inappropriate (for example, tabs that are streaming music in the background).

You can see which tabs have gone to sleep due to their faded appearance in the tab bar; clicking a sleeping tab wakes it up and brings it back into the foreground. To our disappointment, there’s no option to right-click a tab and put it to sleep manually yet—all you can do is wait for the browser to do it for you after a sufficiently long inactivity period.

Vertical tabs

Behold, vertical tabs in action.

Vertical tabs—a feature we first reported nearly a year ago—finally made it to release this week in Edge Stable 89.

Modern displays generally have nearly twice as much horizontal screen real estate as vertical, and arranging tabs, application icons, and so forth across the display’s horizontal axis rather than its vertical makes more efficient use of the working space you have.

Edge certainly isn’t the first application to notice this fact—Ubuntu began using a vertical application launcher (its equivalent to the Windows taskbar) by default almost 10 years ago, for one example. We’ve found that the more efficient use of screen real estate is a great idea, but many users have an immediate, strong negative reaction to such a basic change to their navigation concepts.

Probably for that reason, Microsoft left the default tab bar orientation horizontal. If you’d like to browse like it’s 2021, though, the new vertical tab bar is a single click away—as is putting it back the way you found it.

History Hub

History Hub in action.

Edge’s new History Hub is another welcome UX update, and it’s simpler to use than it is to describe. Navigating to History from the hamburger menu (or hitting the Ctrl+H hotkey) opens your browsing history as a drop-down menu rather than a full page.

The drop-down History menu also has a stickpin icon on its upper right—clicking the pin dynamically resizes the browser pane, making room for a persistent, pinned History pane to its right. The History pane remains in place and is visible as you navigate the web, whether through links in pages or clicking the History links themselves. This makes it much easier to find what you’re looking for in the recent past.

Bing updates

Rounding out the goodies this week, Microsoft announced some updates to how it displays search results. These updates were also billed as Edge improvements, but when we checked bing.com in Google Chrome on a Linux workstation, we saw the same results there.

Local search results in Bing will begin showing stickpins on a map, dynamically updated as you browse them. This makes it easier to sort your search results by geographical area—which isn’t always as simple as “what’s closest” or “what’s furthest away.” This feature isn’t fully implemented yet; Microsoft says it will be fully available in the US in the coming weeks.

The search engine is also adapting its search results contextually when it understands the broad category of what you’re searching for in the first place. Carousel results for recipes now include dynamically updated panes showing caloric information alongside the picture and meta text of the recipe, for one example. Documentary film search results are another good showcase for this update. They pop up in tiles showing box art, title, and little else; hovering over each tile slides open further detailed information about the film.

Finally, educational searches may give more easily digestible, infographic-style returns instead of the simple dense-text based output we’ve become familiar with in the last two decades. It’s not clear exactly what topics will or will not receive the infographic returns or how those are generated, but Microsoft showcases the result of a Bing search for “giraffe animal” as one example.

Continue Reading

Gadgets

Visual Studio Code now runs natively on M1 Macs

Published

on

Enlarge / The 2020, M1-equipped Mac mini.

Samuel Axon

Microsoft has released a new version of source-code editor Visual Studio Code that runs natively on Apple Silicon Macs like the MacBook Air, MacBook Pro, and Mac mini models with Apple M1 chips.

The change came in Visual Studio Code 1.54 (now 1.54.1 thanks to a bug fix update), which is available as a universal 64-bit binary, as is standard for apps with Apple Silicon support. That said, Microsoft also offers downloads for x86-64 and Arm64 versions specifically, if desired.

There are no differences in features between the two versions, of course. And the non-Apple Silicon version worked just fine on M1 Macs previously via Rosetta, but Microsoft says M1 users can expect a few optimizations with the new binaries:

We are happy to announce our first release of stable Apple Silicon builds this iteration. Users on Macs with M1 chips can now use VS Code without emulation with Rosetta, and will notice better performance and longer battery life when running VS Code. Thanks to the community for self-hosting with the Insiders build and reporting issues early in the iteration.

Other key features in Visual Studio Code 1.54 include the ability to retain terminal processes on window reload, performance improvements in the Windows version, product icon themes, improvements when viewing Git history timeline entries, and various accessibility improvements.

This is the latest in a slow march of productivity and power user apps that have launched native Apple Silicon versions, such as Adobe Photoshop. But many popular apps are still not native, including Visual Studio Code’s IDE sibling, Visual Studio 2019 for Mac.

However, native Apple Silicon support is expected to come to Visual Studio 2019 for Mac with .NET 6, which is expected to ship in November. The first .NET 6 preview was distributed last month.

Many makers of development and creative production software have committed to releasing Apple Silicon versions of apps, including Adobe and Unity. But others, like Autodesk, haven’t made much noise about Apple Silicon support yet.

Apple is expected to shift its entire Mac lineup to the new architecture by the end of 2022. Reports citing people familiar with Apple’s plans have indicated that more Apple Silicon-based MacBook Pros are coming this year, as well as significant redesigns for both the iMac and MacBook Air, which will also have Apple Silicon chips.

Continue Reading

Trending