comments powered by Disqus.
Norco has announced an updated Fluid FS platform, its full-suspension mid-range trail mountain bike. The brand says the new bike is designed for “every rider and every trail”.
The new Fluid FS sees the platform’s suspension travel increased by 10mm over the outgoing model, sporting 140mm at the front and 130mm at the rear.
It also sees updated longer, lower and slacker geometry. The Fluid FS now runs exclusively on 29in wheels, with the old Fluid being available in both 29er and 27.5in flavours. That said, the outgoing Fluid in XS 27.5in will continue to be offered as a youth platform.
The brand says it will continue to produce and sell the current hardtail equivalent, the Fluid HT.
The bikes are said to be available now in the USA and from October internationally. The Fluid FS will not initially be available in the UK, but the brand says this might change in the future.
Prices start at $2,699 / €2,699 / AU$3,199 for the entry-level Fluid FS A4 model and rise to $4,449 / €4,499 / AU$5,199 for the top-end Fluid FS A1.
The Fluid FS uses a 6061 aluminium frame with a four-bar suspension design. Its 130mm rear travel is delivered by custom-tuned dampers, which Norco says it has co-developed with Fox, RockShox and X-Fusion.
BikeRadar asked Norco for a claimed frameset weight, this was unavailable at the time of writing.
On some of its bikes, the brand uses ‘Size-Scaled Tubing’, where it alters the wall thicknesses of the frame material so that each size retains the desired ride feel and stiffness. Norco says it is using two distinct tubesets for the Fluid FS, with the S and M bikes using a smaller tubeset and L, XL and XXL using a larger tubeset.
Norco’s Optic relies on a 140mm-travel fork and 125mm rear shock, but the brand is keen to point out that the new Fluid FS is not an aluminium Optic.
Norco says the Optic is more focused on “confident high-speed descending and challenging terrain”, whereas the Fluid FS is focused on more “complete, well-rounded performance trail character”.
The brand says it used the Optic as a mule, though, to test variations of trail bike geometry for the new Fluid FS and it served as an initial test platform for the suspension kinematics. The testing “highlighted the need for a more progressive leverage curve to reduce dependence on volume spacers in the rear shock to achieve additional support”.
The cables are internally routed through the frame. They are fixed where they exit the down tube near the shock and foam sleeves are utilised over the cables and hose as they pass through the down tube to eliminate any rattles.
This is different to the Revolver, Optic and Sight, where the cables are routed without foam sleeves through the down tube and secured by a cable tie that can be accessed via the underside face of the down tube.
Norco says it paid particular attention to the rear brake hydraulic hose routing in an effort to reduce cable rub and paint damage.
All of the frames can accept a 750ml water bottle but the new, largest XXL size can also fit a secondary 620ml bottle, contained on the inside face of the down tube.
Like its premium full-suspension siblings, the Fluid FS now has mounts on the underside of the top tube for carrying additional cargo or tools.
The Fluid FS has a BSA threaded bottom bracket for mechanical ease. It uses its own proprietary rear derailleur hanger rather than SRAM’s universal derailleur hanger standard. Ribbed chainstay protection is utilised to minimise chain slap.
Norco has migrated its Ride Aligned Design system found on the Optic, Sight and Range bikes to the Fluid FS, which aims to give personalised setup recommendations.
Norco’s Ride Aligned system accounts for your height, weight, skill level, gender and body type and offers recommendations for your ideal position, correct suspension setup and tyre pressure. As your riding develops, you can re-enter your data into the setup guide to receive updated recommendations.
The brand says the Fluid FS represents the “perfect mid-range bike for new and evolving mountain bike riders, who are looking to expand their capabilities”.
Norco adds the Ride Aligned system incorporates rider-first geometry and suspension kinematics combined with custom fit and suspension tuning for personalised performance.
Norco says the Fluid FS suits riders from 5ft 1in to 6ft 7in and is available in sizes S to XXL.
The XXL is a new size that Norco has introduced “to provide taller riders with a viable, incredibly capable full-suspension trail bike that actually fits with a ride tuned specifically to their height and centre of gravity”.
All sizes feature a 65-degree head tube angle, but the seat tube angle ranges from 76 to 77.3 degrees depending on the size. It is 76.3 degrees on a size medium, coupled with a 450mm reach.
Norco continues to offer varying chainstay lengths for each size to keep riders centred on the bike. It is uncommon for brands to vary chainstay lengths across frames.
The Fluid FS is specced around an 800mm-width handlebar that can be trimmed and a 40mm-length stem.
Norco Fluid FS range details
All models use a long-travel, size-specific 34.9mm dropper seatpost (S: 150mm; M: 170mm; L, XL, XXL: 200mm).
They also feature wide-ranging 1x drivetrains and four-piston hydraulic disc brakes.
Norco says the disc brake rotors can be upgraded to 200mm from the 180mm specced if you want more powerful stoppers.
Norco Fluid FS A1
- Fork: Fox 34 Float Factory GRIP2, 44mm offset
- Shock: Fox Float X Performance Elite, 2-position
- Drivetrain: Shimano XT M8100 with Praxis G2 Cadet M24 crankset and bottom bracket
- Brakes: TRP Trail EVO, 4-piston
- Wheelset: Stans Flow S1 rims on Bear Pawls sealed bearing hubs
- Price: $4,449 / €4,499 / AU$5,199
Norco Fluid FS A2
- Fork: Marzocchi Bomber Z2, 44mm offset
- Shock: Fox Float X Performance, 2-position
- Drivetrain: Shimano SLX M7100 with Deore chain, XT M8100 rear derailleur and Praxis G2 Cadet M24 crankset and bottom bracket
- Brakes: TRP Slate EVO, 4-piston
- Wheelset: Stans Flow D rims on Bear Pawls sealed bearing hubs
- Price: $3,599 / €3,499 / AU$4,199
Norco Fluid FS A3
- Fork: RockShox 35 Silver TK, 44mm offset
- Shock: X-Fusion 02 Pro R AV
- Drivetrain: SRAM SX Eagle
- Brakes: Tektro HD-745, 4-piston
- Wheelset: Stans Flow D rims on Bear Pawls sealed bearing hubs
- Price: $2,999 / €2,949 / AU$3,599
Norco Fluid FS A4
- Fork: RockShox Recon Silver RL, 42mm offset
- Shock: X-Fusion 02 Pro R
- Drivetrain: Shimano Deore M5100 with SunRace CSMS8 cassette, KMC X11 chain, FSA Comet 1x DM crankset and SRAM DUB bottom bracket
- Brakes: Tektro HD-M535, 4-piston
- Wheelset: Stans Flow D rims on Bear Pawls sealed bearing hubs
- Price: $2,699 / €2,699 / AU$3,199
New Microsoft Security Alert: State-Sponsored 0Day Exchange Server Attacks Confirmed – Forbes
Microsoft confirmed on September 30 that it is investigating two zero-day vulnerabilities that impact Exchange Server 2013, 2016 and 2019. Between them, there are more than 200,000 installations in businesses worldwide. Microsoft goes on to warn that a single, likely state-sponsored, threat group has been confirmed as exploiting both vulnerabilities by chaining them together. Microsoft adds that the CVE-2022-41040 and CVE-2022-41082 chain attacks have facilitated “hands-on-keyboard access, which the attackers used to perform Active Directory reconnaissance and data exfiltration.” While Microsoft says, it has observed these attacks against ten organizations so far, given the Exchange Server user base and the fact that the vulnerabilities are now known, the potential for further attacks is great.
The risk is significant
As such, Mike Walters, the vice-president of vulnerability and threat research at Action1, has warned that “the risk from these zero-days is significant” to many SME and enterprise companies with “vast amounts of critical data.” Security Researchers at GTSC initially disclosed that attacks were underway.
CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 enables remote code execution (RCE) via PowerShell. The former is being used to trigger the latter in a chain exploit if the attacker is authenticated at the user level in Exchange Server.
CISA advises Exchange Server users and admins to act now
Indeed, the Cybersecurity & Infrastructure Security Agency (CISA) has issued a statement urging both users and administrators to apply mitigations while awaiting an official patch from Microsoft. Microsoft is working on releasing this as soon as possible, although a timescale has not yet been given. Microsoft has further confirmed that this impacts on-premise Exchange Server installations, and Exchange Online users are unaffected by the vulnerabilities.
Microsoft has released a script for on-premise users that will mitigate the exploited SSRF vector and has released an automatic URL rewrite mitigation for users of the Exchange Server Emergency Mitigation Service.
Google Stadia Will Shut Down in 2023, All Purchases to Be Refunded – CNET
Cloud gaming service Google Stadia will shut down on Jan. 18, the search giant said in blog post Thursday. Google will refund all Stadia hardware purchased through its Google Store, along with all games and add-on content purchased from the Stadia store.
The tech giant aims to have all the refunds completed by mid-January.
People using Stadia will still to be able to access to their game libraries, including Pro games if you had an active Pro subscription as of Thursday. In an email sent to players, Google warned that publisher support for games may vary, and it’s possible that your gameplay experience may be affected during the shut-down period (suggesting that some games could vanish or lose features early).
It appears that Google didn’t tell many developers about the shut-down prior to the public blog post. coming up with “a plan of action” in the wake of the announcement. developer Ubisoft intends to allow players who’ve bought its games on Stadia to bring them to PC through its Ubisoft Connect digital distribution service, it said Friday.tweeted on Thursday about
Explaining the move, Stadia vice president and general manager Phil Harrison noted Google’s investments in gaming through its Google Play digital distribution service, its cloud tech and YouTube streaming.
“A few years ago, we also launched a consumer gaming service, Stadia,” he said in the blog post. “And while Stadia’s approach to streaming games for consumers was built on a strong technology foundation, it hasn’t gained the traction with users that we expected so we’ve made the difficult decision to begin winding down our Stadia streaming service.”
Many employees on the Stadia team will be reassigned to other roles within Google, the blog post noted.
The cloud gaming service launched in November 2019, to a mixed reception.
“Stadia isn’t delivering new games [at the moment], it’s just trying to deliver a new way to play through streaming. One that you can already get from other providers,” CNET’s Scott Stein wrote at the time. “Until Google finds a way to loop in YouTube and develop truly unique competitive large-scale games, Stadia isn’t worth your time yet.”
Despite having some, Stadia failed to evolve. Google in 2021, hinting that its gaming ambitions were shifting away from Stadia.
Stadia also had plenty of Nvidia and all offering alternatives., with , ,
It hasn’t been a total bust for the company, with Harrison saying the tech can be applied to YouTube, Google Play and its augmented reality projects.
That tech will also be made available to Google’s industry partners. Sony gave its own streaming service a headstart in 2015 by— an — shortly before the once-promising startup shut down.
High-severity Microsoft Exchange 0-day under attack threatens 220,000 servers – Ars Technica
Microsoft late Thursday confirmed the existence of two critical vulnerabilities in its Exchange application that have already compromised multiple servers and pose a serious risk to an estimated 220,000 more around the world.
The currently unpatched security flaws have been under active exploit since early August, when Vietnam-based security firm GTSC discovered customer networks had been infected with malicious webshells and that the initial entry point was some sort of Exchange vulnerability. The mystery exploit looked almost identical to an Exchange zero-day from 2021 called ProxyShell, but the customers’ servers had all been patched against the vulnerability, which is tracked as CVE-2021-34473. Eventually, the researchers discovered the unknown hackers were exploiting a new Exchange vulnerability.
Webshells, backdoors, and fake sites
“After successfully mastering the exploit, we recorded attacks to collect information and create a foothold in the victim’s system,” the researchers wrote in a post published on Wednesday. “The attack team also used various techniques to create backdoors on the affected system and perform lateral movements to other servers in the system.”
On Thursday evening, Microsoft confirmed that the vulnerabilities were new and said it was scrambling to develop and release a patch. The new vulnerabilities are: CVE-2022-41040, a server-side request forgery vulnerability, and CVE-2022-41082, which allows remote code execution when PowerShell is accessible to the attacker.
“At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems,” members of the Microsoft Security Response Center team wrote. “In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082.” Team members stressed that successful attacks require valid credentials for at least one email user on the server.
The vulnerability affects on-premises Exchange servers and, strictly speaking, not Microsoft’s hosted Exchange service. The huge caveat is that many organizations using Microsoft’s cloud offering choose an option that uses a mix of on-premises and cloud hardware. These hybrid environments are as vulnerable as standalone on-premises ones.
Searches on Shodan indicate there are currently more than 200,000 on-premises Exchange servers exposed to the Internet and more than 1,000 hybrid configurations.
Wednesday’s GTSC post said the attackers are exploiting the zero-day to infect servers with webshells, a text interface that allows them to issue commands. These webshells contain simplified Chinese characters, leading the researchers to speculate the hackers are fluent in Chinese. Commands issued also bear the signature of the China Chopper, a webshell commonly used by Chinese-speaking threat actors, including several advanced persistent threat groups known to be backed by the People’s Republic of China.
GTSC went on to say that the malware the threat actors eventually install emulates Microsoft’s Exchange Web Service. It also makes a connection to the IP address 137[.]184[.]67[.]33, which is hardcoded in the binary. Independent researcher Kevin Beaumont said the address hosts a fake website with only a single user with one minute of login time and has been active only since August.
The malware then sends and receives data that’s encrypted with an RC4 encryption key that’s generated at runtime. Beaumont went on to say that the backdoor malware appears to be novel, meaning this is the first time it has been used in the wild.
People running on-premises Exchange servers should take immediate action. Specifically, they should apply a blocking rule that prevents servers from accepting known attack patterns. The rule can be applied by going to “IIS Manager -> Default Web Site -> URL Rewrite -> Actions.” For the time being, Microsoft also recommends people block HTTP port 5985 and HTTPS port 5986, which attackers need to exploit CVE-2022-41082.
Microsoft’s advisory contains a host of other suggestions for detecting infections and preventing exploits until a patch is available.
Jaded, cynical, disillusioned: report says federal whistleblowers fear reprisal
Former MPs find new paths and purpose after politics – CBC News
At 18, I only recently realized the importance of community engagement and politics – CBC.ca
Silver investment demand jumped 12% in 2019
Europe kicks off vaccination programs | All media content | DW | 27.12.2020 – Deutsche Welle
Global Media Markets, 2015-2020, 2020-2025F, 2030F – TV and Radio Broadcasting, Film and Music, Information Services, Web Content, Search Portals And Social Media, Print Media, & Cable – GlobeNewswire
Health20 hours ago
Human Brain Project researchers identify new marker of ALS outcome – Medical Xpress
Media21 hours ago
Brock Media Clips for Friday, Sept. 30 – The Brock News – Brock University
Business19 hours ago
Lululemon settles lawsuit with Peloton over allegations of 'copycat' clothing – CBC.ca
Science18 hours ago
See NASA's DART Asteroid Crash Through the Lens of Webb, Hubble Telescopes – CNET
Tech18 hours ago
Apple iPhone 14 Pro achieves top DxOMark scores for selfie camera and video performance
Media20 hours ago
LETTER: Hughes has shown 'disregard' for residents, media – OrilliaMatters
Business18 hours ago
Ontario Securities Commission files allegations of fraud in multimillion-dollar crypto offering – CP24
Science20 hours ago
NASA reveals first image of Jupiter's moon Europa by Juno spacecraft – Xinhua