Agregátor RSS

Do AI jsme nahráli články, které na Živě vyšly v uplynulém týdnu • Požádali jsme o výběr nejzajímavějších témat a jejich shrnutí • Dnešní článek připravil Claude 3.5 Sonnet, obrázek je z Midjourney.

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.5), has been described as a spoofing flaw that affects the following versions of Office - Microsoft Office 2016 for 32-bit edition and 64-bit editions Microsoft

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.5), has been described as a spoofing flaw that affects the following versions of Office - Microsoft Office 2016 for 32-bit edition and 64-bit editions Microsoft Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Svobodný citační manažer Zotero (Wikipedie, GitHub) byl vydán v nové major verzi 7. Přehled novinek v příspěvku na blogu.

Ucelený přehled článků, zpráviček a diskusí za minulých 7 dní.

Morální hodnoty často vnímáme jako maják, který nám ukazuje cestu bouřlivou realitou. Poslední dobou ale vychází najevo, že tenhle maják je až překvapivě ve vleku pocitů, dojmů a emocí. Teď tomu nasazuje korunu výzkum, podle něhož se základní hodnoty konzervativního či autoritářského typu v populaci mění v průběhu roku. Na jaře a na podzim jsou silnější, v létě a v zimě slábnou.

Povstání, láska, politika… Láska zrozená při povstání, nenaplněná pro zvůli politiků. Postupný zmar nejen lásky, ale taky idejí svobody a humanity ve prospěch osobních ambic protivníků, bývalých spojenců, a extrémního národovectví. Čím větší a prázdnější něčí ambice, tím absurdnější velikášská idea.

Čínský maglev T-Flight, který jezdí tunely s hrubým vakuem, by měl mít na svém kontě rychlostní rekord 623 km/h a dělá si zálusk na 1 100 km/h, což je rychlost, která pokoří i běžné dopravní letouny. Pokud dojde i na třetí fázi vývoje, mluví se o rychlostech kolem 4 tisíce km/h. Z toho se točí hlava.

Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, could result in serious consequences. "The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data

Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, could result in serious consequences. "The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Dnes, v pátek 9. srpna 2024, se v brazilském São Paulu stala letecká nehoda, kdy pád letounu ATR 72 společnosti Voepass Linhas s velkou pravděpodobností nepřežila žádná z 62 osob na palubě. Letadlo letělo jako let 2283 z letiště Regional West v Cascavelu na mezinárodní letiště São Paulo/Guarulos. ...

Is that a lot? Depends on the context. GHz, no. Voltage, yes

Intel has divulged more details on its Raptor Lake family of 13th and 14th Gen Core processor failures and the 0x129 microcode that's supposed to prevent further damage from occurring.…

Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE). "This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information

Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE). "This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive informationRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Většina dosavadních plánů na terraformaci Marsu zahrnuje přepravu obrovského množství různého materiálu ze Země, což by bylo pochopitelně velice nákladné. Nyní však vědci přišli s mnohem levnější variantou. Konkrétně jde o rychle zahřátí rudé planety pomocí speciálně upravených prachových částic ...

S naším vrchním bastlířem, kutilem a makerem rozebíráme fenomén bastlení, kutilství a makerství. Lidé si vyráběli a ohýbali věci pro vlastní účely zřejmě odnepaměti. Z nutnosti nedostatku se do značné míry stal koníček, jak ale Jakub Čížek říká, pořád může být přínosné. Když si např. sestavíte ...

V tomto týdnu se sešlo hne několik novinek souvisejících se nadcházející generací SSD. Veškeré inovace nicméně nejprve zamíří do datacentrových úložišť, v běžných počítačích budeme ještě několik let čekat. Western Digital na akci FMS 2024 demonstroval 128TB SSD postavené na osmé generaci BiCS 3D ...

Apple has once again tweaked its terms of business for developers as it continues to seek alignment with Europe’s Digital Markets Act (DMA) while looking to protect its business. 

The latest changes followed accusations from the European Commission that the conditions Apple had made so far to meet the DMA did not go far enough. Regulators felt the terms prevented developers from freely guiding customers to alternative ways to pay and were threatening very costly legal action for non-compliance with the law. In hopes of avoiding a large fine, Apple has now completely relaxed those rules, while introducing a new fee structure. 

As usual, the changes still won’t satisfy the company’s fiercest critics. But at this stage of the game, it appears very little will — though for the vast majority of developers Apple’s EU offer is better than before.

What changes has Apple made?

The primary change involves relaxed restrictions on how apps in the EU can link out to external sites. While some of the changes are relatively complex to easily summarize, the tweaks give developers a lot more flexibility as to where and how to promote external offers, including via competing app stores.

Apple is permitting developer links to open inside the app, rather than in a web browser. The company has also changed the way it charges fees for the service. Among the tweaks:

• First, it is introducing an Initial Acquisition Fee (5%), which must be paid for the first 12 months subsequent to a new customer being won on Apple’s platforms. This reflects the value of Apple’s platform as a way to find new customers and ends after 12 months.
• An additional 10% Store Services fee is charged for all sales of digital goods and services across 12 months following any app install, update, or reinstall, though the vast majority of developers will pay just 5%. The way this fee is structured means Apple will continue to collect it in future.
• Apple also takes a €0.50 Core Technology Fee for apps distributed via the App Store, Web distribution or alternative app marketplaces. This fee is paid for each first annual install over 1 million first annual installs in the year, and reflects a contribution to maintaining the company’s platforms.
• Users can opt-out of reading the disclosure sheet Apple provides to warn people when they are about to make purchases outside the protection of the Apple platform.
• Apple revised its fee calculator to help developers understand the consequences of the new fee structure.
• All the changes are described in full in Apple’s revised guidance on apps distributed in the European Union.

The guidance also notes that developers can communicate and promote offers for purchases at a destination of their choice (not just their own website) and can design those in-app promotions as they wish. This gives developers a lot more flexibility as to where and how to promote external offers and where those offers are made available.

There are plenty of nuances to the guidance that might apply to you or your business, but the basic outcome is most developers will be paying less and developers of free apps will continue to pay nothing at all. Fee-based apps with fewer than 1 million downloads (which is most of them) will pay just 5% Store Services Fee, or 7% for developers remaining in the App Store ecosystem.

How much is fair?

For all the complexity, it seems reasonable to believe Apple’s problems with regulators will inevitably coalesce around the question of how much is appropriate to charge for access to its ecosystem. It’s not as if globally accepted and used computing platforms create themselves; they are the sum of decades of work, investment, and effort that requires reward. Otherwise, why bother trying? 

Apple’s biggest critic, Epic CEO Tim Sweeney, doesn’t see it that way, arguing that Apple’s top rate 15% fee is an “illegal junk fee.” But it is difficult within that argument to discern any recognition for the value provided by Apple’s platforms. It can’t be that Sweeney doesn’t understand this intrinsic value. After all, Epic charges application developers using Unreal Engine 5% of revenue after the first $1 million. Is that a “junk fee?”

Logically therefore, it makes sense that those who profit from the existence of the platforms should compensate platform providers for the tools they use to build on them. You cannot warm yourselves beside the fire if you don’t go out and seek some fuel for those flames from time to time. 

While critics seem to think Apple (and by inference, every Apple customer) should bear all the costs of maintaining the platforms, that seems unreasonable. A competitive marketplace cannot and should not demand one entity stokes the fire, while everyone else casts happy shadows in the smoke. It requires at least some shared reward, and shared risk.

Where is the value?

With this new fee system, Apple has taken fresh steps toward defining the value of its business, by which I mean, addressing what it brings in terms of customer introductions, platform creation and development, and tools and support to developers. All three of these are uniquely provided by Apple and have inherent value. The only stumbling block is now and always has been, how much should that value be?

Apple meanwhile continues to work with EU regulators. The company has been in talks with them for years over these matters and will continue to engage as it works toward building a viable business proposition that works for Apple, EU, developers who value its platforms, and Apple’s European customers. 

We must now wait and see whether Europe feels Apple’s new changes meet their expectations of its behavior under the DMA.

More from Jonny Evans

• Why health might be Apple’s AI profit center
• Macs are becoming more locked down
• Here’s why Apple will become the world’s leading AI vendor

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

AnitaB.org has announced new measures it’s taking to avoid a repeat of the debacle at last year’s Grace Hopper Celebration (GHC).

The nonprofit organization’s annual event to support the advancement of women and nonbinary technologists was named for computing pioneer Rear Admiral Grace Hopper. It combines conference sessions with an expo and job fair.

At GHC 2023, the job fair was invaded by large numbers of men, some of whom had lied about their gender identity when registering, and who monopolized recruiters from large tech employers, butting into line and preventing the conference’s target attendees from getting interview slots. Attendees reported being physically pushed, demeaned, and sexually harassed by some of the men.

In a LinkedIn post after the conference, AnitaB.org pledged to address the problem. It said, “We are dedicated to bringing structural changes to ensure that GHC continues to be an uplifting experience and provides opportunities for women and non-binary technologists.”

A tale of two events

Bo Young Lee, president of AnitaB.org advisory, said this week in an email interview, “GHC 23 was a tale of two events. Those conference attendees who largely participated through attendance at sessions and talks had the same joyful, celebratory, and community-based experience that GHC has come to be known for.

“The most problematic behavior we witnessed was concentrated in our Expo Hall. It was there that we had a minority of attendees, mostly students and male, engage in aggressive behavior that violated our code of conduct.”

Lee cited three factors for this that the organization’s subsequent investigation revealed:

• A scarcity mindset brought on by reduced recruiting at universities and colleges that, Lee said, resulted in a larger number of job seekers than in previous years and “resulted in more aggressive behavior than we’ve seen in the past.”
• A larger number of male job-seeking attendees than in years past. “These male attendees were not at GHC to participate in any of the content sessions, and instead stayed fixed in the Expo Hall,” Lee said.
• Coordinated efforts: An investigation conducted after GHC 23 revealed that there was a coordinated effort by far-right anti-DEI groups “to undermine and disrupt GHC, both in person and online.”

Actions for GHC 2024

“Our commitment to inclusivity remains strong, focusing on engaging members, participants, and attendees who support the advancement of women, nonbinary technologists, and the LGBTQIA+ community,” AnitaB.org said in a recent email to members. “Our goal is to ensure that everyone involved in our celebration feels safe and valued.”

The email outlined a list of process changes for GHC 24, which will be held October 8 – 11 both virtually and in person in Philadelphia, Pennsylvania, that the organization believes will prevent the recurrence of last year’s issues.

First, it is modifying its registration procedure to require valid ID, such as a driver’s license, when registering. It will also require proof of student status if appropriate.

But, Lee said, “GHC has always been open to women, nonbinary, and ally technologists. We will never discriminate against who can buy a registration and participate.”

At the event, there will be stricter badge checks and ID verification for entry to the venue, as well as when entering the expo. In addition, attendees will be assigned to timed expo entry groups to allow everyone to experience the expo without having to fight crowds.

Finally, an update to the code of conduct holds everyone accountable for behavior that aligns with the organization’s mission. Attendees must agree to abide by it when registering.

Lee said there will also be enhanced cybersecurity monitoring to detect any coordinated efforts early, so they can be dealt with, and onsite security personnel to handle problems that might arise at the venue. These measures were created in consultation with external security consultants, local law enforcement, and cybersecurity consultants.

Why events like GHC are needed

The events at GHC 23 underscore the need for industry events aimed at underrepresented communities as a means to build and develop diverse talent, said Erin Pierre, principal analyst at Gartner.

“Our research has shown that women make up nearly half of the global workforce, and they only represent about 26% of IT employees. I’m not sure what the numbers are for nonbinary talent, but the numbers show us that more than half — a majority, at least — of IT employees are predominantly male,” she said. “So these types of events, where women and nonbinary talent can come together and learn and develop their skill sets and get some networking opportunities or even potential interviewing opportunities, are incredibly important.”

A spokesperson for QueerTech, an organization that focuses on breaking down barriers, creating spaces, and connecting communities to support and empower 2SLGBTQ+ people to thrive, agreed.

“At QueerTech we recognize that many industries — including the tech industry — have been shaped by and for cisgender men, resulting in a system that largely overlooks and excludes diverse communities. This systemic bias has created significant barriers for underrepresented communities, including members of the 2SLGBTQIA+ community, ranging from discrimination and a stark lack of representation, to limited access to mentorship and professional networks,” they said in a statement. 

“Equity is not about treating everyone the same; it’s the recognition that existing barriers require varying levels and types of support in order to ensure fair and equal access to opportunities,” the QueerTech spokesperson added.

Creating safe event and career-building environments is crucial to empowering underrepresented communities, they said. “In order to create safe, equitable environments, we must always remember who it is we aim to serve, thoroughly understand their lived experiences and barriers to success, and work tirelessly to ensure these values, and understandings, are reflected in every single programming decision.”

It is all the more jarring for participants when a supposedly safe environment turns out not to be, as happened at GHC 23.

Said Pierre, “When something like this happens, it is usually a symptom of a larger issue. So even if we could wave our magic wand and magically change this, and they could change the celebration for this year to be a little more safe and inclusive, we still have a larger issue at play here. And that’s why it feels so catastrophic when it happens, because really what this shows us is that there’s still a severe lack of resources and opportunities for female and nonbinary talent.”

Organizations need to do a better job of attracting and retaining a diverse workforce, Pierre added. We need to look at diversity, equity, and inclusion (DEI) as something that benefits everyone, not just  female and nonbinary talent, she noted, since many of the things that make an employer attractive for underrepresented groups, including flexibility, work-life balance, and development opportunities, are good for all employees.

“I think we need to have more of an actionable approach and making sure that we’re really embedding DEI into our overall culture,” she said.