Agregátor RSS

Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE). "This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive informationRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Většina dosavadních plánů na terraformaci Marsu zahrnuje přepravu obrovského množství různého materiálu ze Země, což by bylo pochopitelně velice nákladné. Nyní však vědci přišli s mnohem levnější variantou. Konkrétně jde o rychle zahřátí rudé planety pomocí speciálně upravených prachových částic ...

S naším vrchním bastlířem, kutilem a makerem rozebíráme fenomén bastlení, kutilství a makerství. Lidé si vyráběli a ohýbali věci pro vlastní účely zřejmě odnepaměti. Z nutnosti nedostatku se do značné míry stal koníček, jak ale Jakub Čížek říká, pořád může být přínosné. Když si např. sestavíte ...

V tomto týdnu se sešlo hne několik novinek souvisejících se nadcházející generací SSD. Veškeré inovace nicméně nejprve zamíří do datacentrových úložišť, v běžných počítačích budeme ještě několik let čekat. Western Digital na akci FMS 2024 demonstroval 128TB SSD postavené na osmé generaci BiCS 3D ...

Apple has once again tweaked its terms of business for developers as it continues to seek alignment with Europe’s Digital Markets Act (DMA) while looking to protect its business. 

The latest changes followed accusations from the European Commission that the conditions Apple had made so far to meet the DMA did not go far enough. Regulators felt the terms prevented developers from freely guiding customers to alternative ways to pay and were threatening very costly legal action for non-compliance with the law. In hopes of avoiding a large fine, Apple has now completely relaxed those rules, while introducing a new fee structure. 

As usual, the changes still won’t satisfy the company’s fiercest critics. But at this stage of the game, it appears very little will — though for the vast majority of developers Apple’s EU offer is better than before.

What changes has Apple made?

The primary change involves relaxed restrictions on how apps in the EU can link out to external sites. While some of the changes are relatively complex to easily summarize, the tweaks give developers a lot more flexibility as to where and how to promote external offers, including via competing app stores.

Apple is permitting developer links to open inside the app, rather than in a web browser. The company has also changed the way it charges fees for the service. Among the tweaks:

• First, it is introducing an Initial Acquisition Fee (5%), which must be paid for the first 12 months subsequent to a new customer being won on Apple’s platforms. This reflects the value of Apple’s platform as a way to find new customers and ends after 12 months.
• An additional 10% Store Services fee is charged for all sales of digital goods and services across 12 months following any app install, update, or reinstall, though the vast majority of developers will pay just 5%. The way this fee is structured means Apple will continue to collect it in future.
• Apple also takes a €0.50 Core Technology Fee for apps distributed via the App Store, Web distribution or alternative app marketplaces. This fee is paid for each first annual install over 1 million first annual installs in the year, and reflects a contribution to maintaining the company’s platforms.
• Users can opt-out of reading the disclosure sheet Apple provides to warn people when they are about to make purchases outside the protection of the Apple platform.
• Apple revised its fee calculator to help developers understand the consequences of the new fee structure.
• All the changes are described in full in Apple’s revised guidance on apps distributed in the European Union.

The guidance also notes that developers can communicate and promote offers for purchases at a destination of their choice (not just their own website) and can design those in-app promotions as they wish. This gives developers a lot more flexibility as to where and how to promote external offers and where those offers are made available.

There are plenty of nuances to the guidance that might apply to you or your business, but the basic outcome is most developers will be paying less and developers of free apps will continue to pay nothing at all. Fee-based apps with fewer than 1 million downloads (which is most of them) will pay just 5% Store Services Fee, or 7% for developers remaining in the App Store ecosystem.

How much is fair?

For all the complexity, it seems reasonable to believe Apple’s problems with regulators will inevitably coalesce around the question of how much is appropriate to charge for access to its ecosystem. It’s not as if globally accepted and used computing platforms create themselves; they are the sum of decades of work, investment, and effort that requires reward. Otherwise, why bother trying? 

Apple’s biggest critic, Epic CEO Tim Sweeney, doesn’t see it that way, arguing that Apple’s top rate 15% fee is an “illegal junk fee.” But it is difficult within that argument to discern any recognition for the value provided by Apple’s platforms. It can’t be that Sweeney doesn’t understand this intrinsic value. After all, Epic charges application developers using Unreal Engine 5% of revenue after the first $1 million. Is that a “junk fee?”

Logically therefore, it makes sense that those who profit from the existence of the platforms should compensate platform providers for the tools they use to build on them. You cannot warm yourselves beside the fire if you don’t go out and seek some fuel for those flames from time to time. 

While critics seem to think Apple (and by inference, every Apple customer) should bear all the costs of maintaining the platforms, that seems unreasonable. A competitive marketplace cannot and should not demand one entity stokes the fire, while everyone else casts happy shadows in the smoke. It requires at least some shared reward, and shared risk.

Where is the value?

With this new fee system, Apple has taken fresh steps toward defining the value of its business, by which I mean, addressing what it brings in terms of customer introductions, platform creation and development, and tools and support to developers. All three of these are uniquely provided by Apple and have inherent value. The only stumbling block is now and always has been, how much should that value be?

Apple meanwhile continues to work with EU regulators. The company has been in talks with them for years over these matters and will continue to engage as it works toward building a viable business proposition that works for Apple, EU, developers who value its platforms, and Apple’s European customers. 

We must now wait and see whether Europe feels Apple’s new changes meet their expectations of its behavior under the DMA.

More from Jonny Evans

• Why health might be Apple’s AI profit center
• Macs are becoming more locked down
• Here’s why Apple will become the world’s leading AI vendor

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

AnitaB.org has announced new measures it’s taking to avoid a repeat of the debacle at last year’s Grace Hopper Celebration (GHC).

The nonprofit organization’s annual event to support the advancement of women and nonbinary technologists was named for computing pioneer Rear Admiral Grace Hopper. It combines conference sessions with an expo and job fair.

At GHC 2023, the job fair was invaded by large numbers of men, some of whom had lied about their gender identity when registering, and who monopolized recruiters from large tech employers, butting into line and preventing the conference’s target attendees from getting interview slots. Attendees reported being physically pushed, demeaned, and sexually harassed by some of the men.

In a LinkedIn post after the conference, AnitaB.org pledged to address the problem. It said, “We are dedicated to bringing structural changes to ensure that GHC continues to be an uplifting experience and provides opportunities for women and non-binary technologists.”

A tale of two events

Bo Young Lee, president of AnitaB.org advisory, said this week in an email interview, “GHC 23 was a tale of two events. Those conference attendees who largely participated through attendance at sessions and talks had the same joyful, celebratory, and community-based experience that GHC has come to be known for.

“The most problematic behavior we witnessed was concentrated in our Expo Hall. It was there that we had a minority of attendees, mostly students and male, engage in aggressive behavior that violated our code of conduct.”

Lee cited three factors for this that the organization’s subsequent investigation revealed:

• A scarcity mindset brought on by reduced recruiting at universities and colleges that, Lee said, resulted in a larger number of job seekers than in previous years and “resulted in more aggressive behavior than we’ve seen in the past.”
• A larger number of male job-seeking attendees than in years past. “These male attendees were not at GHC to participate in any of the content sessions, and instead stayed fixed in the Expo Hall,” Lee said.
• Coordinated efforts: An investigation conducted after GHC 23 revealed that there was a coordinated effort by far-right anti-DEI groups “to undermine and disrupt GHC, both in person and online.”

Actions for GHC 2024

“Our commitment to inclusivity remains strong, focusing on engaging members, participants, and attendees who support the advancement of women, nonbinary technologists, and the LGBTQIA+ community,” AnitaB.org said in a recent email to members. “Our goal is to ensure that everyone involved in our celebration feels safe and valued.”

The email outlined a list of process changes for GHC 24, which will be held October 8 – 11 both virtually and in person in Philadelphia, Pennsylvania, that the organization believes will prevent the recurrence of last year’s issues.

First, it is modifying its registration procedure to require valid ID, such as a driver’s license, when registering. It will also require proof of student status if appropriate.

But, Lee said, “GHC has always been open to women, nonbinary, and ally technologists. We will never discriminate against who can buy a registration and participate.”

At the event, there will be stricter badge checks and ID verification for entry to the venue, as well as when entering the expo. In addition, attendees will be assigned to timed expo entry groups to allow everyone to experience the expo without having to fight crowds.

Finally, an update to the code of conduct holds everyone accountable for behavior that aligns with the organization’s mission. Attendees must agree to abide by it when registering.

Lee said there will also be enhanced cybersecurity monitoring to detect any coordinated efforts early, so they can be dealt with, and onsite security personnel to handle problems that might arise at the venue. These measures were created in consultation with external security consultants, local law enforcement, and cybersecurity consultants.

Why events like GHC are needed

The events at GHC 23 underscore the need for industry events aimed at underrepresented communities as a means to build and develop diverse talent, said Erin Pierre, principal analyst at Gartner.

“Our research has shown that women make up nearly half of the global workforce, and they only represent about 26% of IT employees. I’m not sure what the numbers are for nonbinary talent, but the numbers show us that more than half — a majority, at least — of IT employees are predominantly male,” she said. “So these types of events, where women and nonbinary talent can come together and learn and develop their skill sets and get some networking opportunities or even potential interviewing opportunities, are incredibly important.”

A spokesperson for QueerTech, an organization that focuses on breaking down barriers, creating spaces, and connecting communities to support and empower 2SLGBTQ+ people to thrive, agreed.

“At QueerTech we recognize that many industries — including the tech industry — have been shaped by and for cisgender men, resulting in a system that largely overlooks and excludes diverse communities. This systemic bias has created significant barriers for underrepresented communities, including members of the 2SLGBTQIA+ community, ranging from discrimination and a stark lack of representation, to limited access to mentorship and professional networks,” they said in a statement. 

“Equity is not about treating everyone the same; it’s the recognition that existing barriers require varying levels and types of support in order to ensure fair and equal access to opportunities,” the QueerTech spokesperson added.

Creating safe event and career-building environments is crucial to empowering underrepresented communities, they said. “In order to create safe, equitable environments, we must always remember who it is we aim to serve, thoroughly understand their lived experiences and barriers to success, and work tirelessly to ensure these values, and understandings, are reflected in every single programming decision.”

It is all the more jarring for participants when a supposedly safe environment turns out not to be, as happened at GHC 23.

Said Pierre, “When something like this happens, it is usually a symptom of a larger issue. So even if we could wave our magic wand and magically change this, and they could change the celebration for this year to be a little more safe and inclusive, we still have a larger issue at play here. And that’s why it feels so catastrophic when it happens, because really what this shows us is that there’s still a severe lack of resources and opportunities for female and nonbinary talent.”

Organizations need to do a better job of attracting and retaining a diverse workforce, Pierre added. We need to look at diversity, equity, and inclusion (DEI) as something that benefits everyone, not just  female and nonbinary talent, she noted, since many of the things that make an employer attractive for underrepresented groups, including flexibility, work-life balance, and development opportunities, are good for all employees.

“I think we need to have more of an actionable approach and making sure that we’re really embedding DEI into our overall culture,” she said.

Explore the latest trends in cybersecurity with expert insight from Cloudflare

Webinar  As cyber threats grow more sophisticated, staying informed is crucial for IT professionals.…

50 let staré vzorky, které na Zemi přivezly mise Apollo, odhalily tajemství tenké atmosféry Měsíce. Může za ni neustálý „déšť“ drobných meteoritů, který víří měsíční prach a pomáhá tak vytvářet tenkou vrstvu atomů, která tvoří jeho exosféru. Podrobnosti přináší web Scienmag. Vědci odhalili ...

Open source platforma Home Assistant (Demo, GitHub, Wikipedie) pro monitorování a řízení inteligentní domácnosti byla vydána ve verzi 2024.8.

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being able to compromise several devices over the air," NCC Group security researchers Alex Plaskett and

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being able to compromise several devices over the air," NCC Group security researchers Alex Plaskett and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Political officials, advisors targeted in cyber attacks as fake news sites deliver lefty zingers

Microsoft says Iran's efforts to influence the November US presidential election have gathered pace recently and there are signs that point toward its intent to incite violence against key figures.…

Security company Oligo is warning that hackers can bypass firewalls and gain full access to local networks with the help of a bug found in most browsers for macOS and Linux. According to Oligo, the bug has been around for 18 years and all the hackers have to do is use the 0.0.0.0 address instead of 127.0.0.1.

Recently, more and more hackers have started exploiting the bug; updates to block the 0.0.0.0 address are on the way for Safari, Firefox, Chrome and Edge.

Note: the bug is not found in browsers for Windows.

Oživeno 9. 8. | Medicína pro umírající procesory je tady. Intel poslal výrobcům základních desek opravu mikrokódu pro 22 zasažených desktopových procesorů Core 13. a 14. generace a ti již dnes začali vydávat nové biosy. Po nainstalování by se do procesorů měla dostat oprava, která už nebude ...

Dnešním dnem jdou na trh nové procesory AMD Ryzen 7 9700X a také AMD Ryzen 5 9600X, na nové Zen5 osmijádro se dnes podíváme.

The world of enterprise solutions relies heavily on effective data management. Standard systems, which work great for small businesses, simply break down once you have thousands of moving components operating worldwide - if not hundreds of thousands. Maintaining unstructured data, primarily if your business operates on a global scale, isn't just a waste of resources; it's also a risk to your company.

Na konci dubna vyšel webový prohlížeč Arc pro Windows v první stabilní verzi. Disciplínu surfování pojímá výrazně jinak než zaběhlá konkurence, povídali jsme si o tom v Podcastu Živě. Původně podporoval pouze Windows 11, od srpna však oficiálně běží i ve Windows 10. Od prvopočátku je zřejmé, že ...

META founder and CEO Mark Zuckerberg recently said that hundreds of millions of people might wear AR glasses. (He was speaking with Nvidia CEO Jensen Huang at this year’s SIGGRAPH conference.)

I have to say, I agree; I’ve made similar predictions in this space during the past couple of years. I think AR glasses —first without, then with, holographic images projected onto the lenses — will be the next big thing in consumer technology.

I also agree with Zuckerberg’s claimed approach to the category. During that same conversation, he said: “Let’s constrain the form factor to just something that looks great. And within that, let’s put in as much technology as we can.” 

That’s the opposite approach of most AR glasses makers. TCL RayNeo X2, Vuzix Ultralite, Rokid Max, XREAL Air and others start with: What’s the best visual experience we can ship within a reasonable price? They sacrifice appearance for quality imagery and lower price, but it’s a fatal sacrifice for mainstream acceptance. 

The result tends to be something that’s great to use but which nobody wants to be seen wearing outside. 

As Google learned with Google Glass, socially unacceptable glasses will never go mainstream. 

Ray-Ban Meta glasses, meanwhile, Meta’s only market success in hardware ever, follows the Zuckerberg model. (Zuckerberg claimed on a recent earnings called that Ray-Ban Meta “demand is still outpacing our ability to build them.”) The glasses look like normal glasses. And to make that work within a low price (starting at $300) there is no visual element in the lens. All output is audio. The camera can process multimodal input (photos, not video), but there is no light engine, no special lenses and no need for a bigger battery.

Still, Meta is clearly working on holographic visual AR glasses. The company is working on custom chips and partnering with Luxottica on getting the form factor right. Rumors circulating in Silicon Valley say Meta could publicly demonstrate AR glasses as early as October. 

Another interesting player is Brilliant Labs, which sells its Frame AI glasses. In theory, these sound fantastic. The glasses feature a microOLED display with a 20-degree diagonal field of view in the right eye. Frame accesses familiar generative AI chatbots like ChatGPT, Whisper and Perplexity. A forward-facing camera enables live translation, visual analysis and internet queries. The open-source design allows developers to customize and enhance the glasses’ functionality using provided tools and plugins. And they’re surprisingly inexpensive: $349 for standard lenses, $448 for prescription lenses.

Frames have clear downsides, as well. They lack built-in speakers and require connection to a smartphone for full functionality. Battery life ranges from two to six hours. But the biggest downside is their appearance. While they’re in the ballpark of ordinary looking glasses, the round frames stand out and draw attention in a bad way. While interesting for curious makers and tinkerers, the combination of poor battery life and dorky appearance make it clear that Frames glasses are not something an office professional could wear at work. 

Both startups and major tech companies are in a hot race to get to market with AR/AI glasses that look like regular glasses. That includes Apple, Google, Microsoft and dozens of other companies.

Which raises the questions: Where are the glasses? Why is it taking so long?

Components are too big, power-hungry and expensive

It’s possible right now to build great AR glasses. They would look like regular glasses, project holographic images anchored in physical space. And a camera would hoover up video for multi-modal input to advanced AI. That’s the good news. 

The bad news is that the battery would last maybe 45 minutes and they would cost oh, say, $10,000 a pair. 

I’m making those numbers up. The point is that we have the technology to create  great AI glasses, but need component shrinking, cost reductions and power efficiency on a whole new scale to make them viable in the market.

Huge strides have been made in the miniaturization of components, but more work remains. AR glasses need to fit all those electronic components into a regular-size frame. Even more difficult is keeping the weight down.

And while glasses must be made smaller and lighter, batteries must be bigger and more powerful. 

Even more challenging: Batteries need high energy density to provide sufficient power for the displays, processors and sensors in a compact form factor. Heat management is also an engineering challenge — the batteries can’t get hot because they’ll be right up against users’ temples. Companies are exploring advanced materials, like solid-state electrolytes and nano-materials. Big benefits could come from flexible and curved batteries for better integration into eyeglass frames. And technologies like solar cells or kinetic energy harvesting could help extend battery life. 

There are also qualitative hurdles to overcome. Light engines, which are the part of AR glasses that projects images onto lenses, tend to suffer from light leakage (where other people can see your screen and your glasses “light up” in low light), ghosting, rainbow artifacts, low resolution and more.

What’s interesting about the light engine component industry is that the major players — a group that includes Avegant, VitreaLab, Lumus and TriLite Technologies — are all working on the same problems, but with radically different approaches. For example, Avegant’s use of various display technologies and VCSEL contrasts with VitreaLab’s focus on quantum photonics and 3D waveguides. Lumus’s reflective waveguide technology differs from both, offering a unique method of image projection. TriLite’s laser beam scanning technology represents yet another distinct approach.

It will be interesting to see how these approaches shake out, and which approach offers the best combination of price, performance and size and weight.

So when do we all get all-day, everywhere AR glasses?

Following Zuckerberg’s maxim — “Let’s constrain the form factor to just something that looks great. And within that, let’s put in as much technology as we can” — we could see something creative from a major player soon.

As we learned with Ray-Ban Meta glasses, by making the right trade-offs, it’s possible to get a great, wearable product at low cost. The key now is adding a holographic display. 

One cost-cutting measure will be a display in one eye instead of two. Also: By offering visual elements sparingly, and mainly focusing on an audio interface, battery problems might be solved.

Another possibility — what if the display information showed only text and not pictures? I think most people would enjoy what might look like subtitles, offering language translation, contextual information, turn-by-turn directions and other information. Pictures and graphics can wait, if that improves battery life and cuts down on light engine problems like light leakage. 

Another shortcut is to offer just a heads-up display, rather than a display showing text and objects anchored in physical space — like Google Glass rather than Apple Vision Pro. 

And yet another point to consider is that AR glasses with holographic image capability don’t have to be as inexpensive as todays audio-only AI glasses. Ray-Ban Metas start at $300, but the right price for a great pair of AR glasses might be as much as $1,000.

The bottom line is that amazing AR glasses that look like ordinary eyeglasses are still coming. But truly high-quality, no-compromise devices won’t arrive anytime soon. It make take five years for more advanced developments in batteries, light engines, lenses and other components to be available at reasonable prices. 

In the meantime, the platform will benefit from creative trade-offs that provide something useful and appealing, though not perfect.

With the right combination components, persistent access to AI and glasses people really want to wear in public, Zuckerberg’s predictions about hundreds of millions of people wearing AR glasses might well turn out to be actually conservative.