New MacBooks, a Big New WatchOS Update, and Apple’s Mixed Reality Headset To Be Announced At WWDC

In addition to the company’s long-rumored mixed reality headset, Apple is expected to launch new MacBooks, as well as a “major” update to the Apple Watch’s watchOS software at its Worldwide Developers Conference (WWDC) in June. All told, WWDC 2023 could end up being one of Apple’s “biggest product launch events ever,” according to Bloomberg’s Mark Gurman. The Verge reports: Let’s start with the Macs. Gurman doesn’t explicitly say which macOS-powered computers Apple could announce in June, but lists around half a dozen devices it currently plans to release this year or early 2024. There’s an all new 15-inch MacBook Air, an updated 13-inch MacBook Air, and new 13-inch and “high-end” MacBook Pros. Meanwhile on the Mac side Apple still needs to replace its last Intel-powered device, the Mac Pro, with an Apple Silicon model, and it also reportedly has plans to refresh its all-in-one 24-inch iMac.

Bloomberg’s report notes that “at least some of the new laptops” will make an appearance. The bad news is that none are likely to run Apple’s next-generation M3 chips, and will instead ship with M2-era processors. Apple apparently also has a couple of new Mac Studio computers in development, but Bloomberg is less clear on when they could launch.

Over on the software side, which is WWDC’s traditional focus, watchOS will reportedly receive a “major” update that includes a revamped interface. Otherwise, we could be in for a relatively quiet show on the operating system front as iOS, iPadOS, macOS, and tvOS are not expected to receive major updates this year. Gurman does say that work to allow sideloading on iOS to comply with upcoming EU legislation is ongoing.

Read more of this story at Slashdot.

YouTube TV Nabs Its First Technical Emmy Win For ‘Views’ Feature

YouTube TV just won its first Technical Emmy award for its “Views” suite of features, which lets users access sports highlights, key plays, player stats and game scores. TechCrunch reports: At the 74th annual Technology & Engineering Emmy Awards last night, YouTube TV was declared the winner for the category “AI-ML Curation of Sports Highlights.” The tech company also announced today that Key Plays reached a notable milestone — the feature was used in over 10 million watch sessions on the platform. Last year, viewers used key plays the most during the World Cup, regular season NFL games and Premier League matches.

The Key Plays view tracks important plays in a game. Users can tap on the plays to rewatch when it occurs in the game. This is helpful for users that missed a live game and want to catch up on key moments. When YouTube TV launched Views in 2018, it was only available for baseball, basketball, football and hockey. Soccer and golf were added later on. The suite of features was also initially limited to phones and tablets. Today, the feature is available within the YouTube TV app across smart TVs and mobile devices.

In addition to Stats, Key Plays and Scores View, there’s also Fantasy Football View, which is a mobile-only feature and lets users link their existing fantasy football account. That way, when a user is watching NFL games on YouTube TV, the feature allows them to see how their team is performing in real time. Plus, there’s a “Jump to” function for users to quickly access a segment they want to view, which is especially handy for tennis fans and for users watching the Olympics. “Views came out of a team brainstorm about five years ago and launched about a year after YouTube TV,” said Kathryn Cochrane, YouTube TV’s group project manager, in a company blog post. “A lot of our viewers are devoted sports fans, and we found that when they watch sports, they aren’t just looking at what’s on the big screen. They were also actively on their phones, finding more details such as stats for their fantasy football league, updates from other games, and more, all to enhance what they were already watching.”

Read more of this story at Slashdot.

Google Releases Emergency Chrome Security Update

“Earlier this week, Google released an emergency security update for the Chrome browser due to a vulnerability that is being actively exploited in the wild,” reports Hot Hardware:

On Friday, Google highlighted CVE-2023-2033, reported by Clément Lecigne of Google’s own Threat Analysis Group (TAG). This vulnerability is a ‘type confusion’ bug in the JavaScript engine for Chromium browsers useing the V8 Javascript engine. In short, type confusion is a bug that allows memory to be accessed with the wrong type, allowing for the reading or writing of memory out of bounds. The CVE page says that an attacker could create an HTML page that allows the exploitation of heap corruption.

While there is no Common Vulnerability Scoring System (CVSS) score attached to the vulnerability yet, Google is tracking this as a “high” severity issue. This is likely due in part to the fact that “Google is aware that an exploit for CVE-2023-2033 exists in the wild.”
The article notes that Chrome updates are generally done automatically, but you can also check for updates by clicking Chrome’s three-dots menu in the top-right corner, then “Help” and “About Chrome.”

Read more of this story at Slashdot.

Compromised Sites Use Fake Chrome Update Warnings to Spread Malware

Bleeping Computer warned this week about compromised web sites “that display fake Google Chrome automatic update errors that distribute malware to unaware visitors.”
The campaign has been underway since November 2022, and according to NTT’s security analyst Rintaro Koike, it shifted up a gear after February 2023, expanding its targeting scope to cover users who speak Japanese, Korean, and Spanish. BleepingComputer has found numerous sites hacked in this malware distribution campaign, including adult sites, blogs, news sites, and online stores…

If a targeted visitor browses the site, the scripts will display a fake Google Chrome error screen stating that an automatic update that is required to continue browsing the site failed to install. “An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update,” reads the fake Chrome error message. The scripts will then automatically download a ZIP file called ‘release.zip’ that is disguised as a Chrome update the user should install.

However, this ZIP file contains a Monero miner that will utilize the device’s CPU resources to mine cryptocurrency for the threat actors. Upon launch, the malware copies itself to C:Program FilesGoogleChrome as “updater.exe” and then launches a legitimate executable to perform process injection and run straight from memory. According to VirusTotal, the malware uses the “BYOVD” (bring your own vulnerable driver) technique to exploit a vulnerability in the legitimate WinRing0x64.sys to gain SYSTEM privileges on the device.

The miner persists by adding scheduled tasks and performing Registry modifications while excluding itself from Windows Defender. Additionally, it stops Windows Update and disrupts the communication of security products with their servers by modifying the IP addresses of the latter in the HOSTS file. This hinders updates and threat detection and may even disable an AV altogether.

Read more of this story at Slashdot.

How Should AI Be Regulated?

A New York Times opinion piece argues people in the AI industry “are desperate to be regulated, even if it slows them down. In fact, especially if it slows them down.” But how?

What they tell me is obvious to anyone watching. Competition is forcing them to go too fast and cut too many corners. This technology is too important to be left to a race between Microsoft, Google, Meta and a few other firms. But no one company can slow down to a safe pace without risking irrelevancy. That’s where the government comes in — or so they hope… [A]fter talking to a lot of people working on these problems and reading through a lot of policy papers imagining solutions, there are a few categories I’d prioritize.

The first is the question — and it is a question — of interpretability. As I said above, it’s not clear that interpretability is achievable. But without it, we will be turning more and more of our society over to algorithms we do not understand… The second is security. For all the talk of an A.I. race with China, the easiest way for China — or any country for that matter, or even any hacker collective — to catch up on A.I. is to simply steal the work being done here. Any firm building A.I. systems above a certain scale should be operating with hardened cybersecurity. It’s ridiculous to block the export of advanced semiconductors to China but to simply hope that every 26-year-old engineer at OpenAI is following appropriate security measures.

The third is evaluations and audits. This is how models will be evaluated for everything from bias to the ability to scam people to the tendency to replicate themselves across the internet. Right now, the testing done to make sure large models are safe is voluntary, opaque and inconsistent. No best practices have been accepted across the industry, and not nearly enough work has been done to build testing regimes in which the public can have confidence. That needs to change — and fast.
The piece also recommends that AI-design companies “bear at least some liability for what their models.” But what legislation should we see — and what legislation will we see? “One thing regulators shouldn’t fear is imperfect rules that slow a young industry,” the piece argues.

“For once, much of that industry is desperate for someone to help slow it down.”

Read more of this story at Slashdot.

Government Cybersecurity Agencies Unite to Urge Secure Software Design Practices

Several government cybersecurity agencies united to urge secure-by-design and secure-by-default software. Releasing “joint guidance” for software manufactuers were two U.S. security agencies — the FBI and the NSA — joined with the U.S. Cybersecurity and Infrastructure Security Agency and the cybersecurity authorities of Australia, Canada, the United Kingdom, Germany, Netherlands, and New Zealand. “To create a future where technology and associated products are safe for customers,” they wrote in a joint statement, “the authoring agencies urge manufacturers to revamp their design and development programs to permit only secure-by-design and -default products to be shipped to customers.”

The Washington Post reports:
Software manufacturers should put an end to default passwords, write in safer programming languages and establish vulnerability disclosure programs for reporting flaws, a collection of U.S. and international government agencies said in new guidelines Thursday. [The guidelines also urge rigorous code reviews.]

The “principles and approaches” document, which isn’t mandatory but lays out the agencies’ views on securing software, is the first major step by the Biden administration as part of its push to make software products secure as part of the design process, and to make their default settings secure as well. It’s part of a potentially contentious multiyear effort that aims to shift the way software makers secure their products. It was a key feature of the administration’s national cybersecurity strategy, which was released last month and emphasized shifting the burden of security from consumers — who have to manage frequent software updates — to the companies that make often insecure products… The administration has also raised the prospect of legislation on secure-by-design and secure-by-default, but officials have said it could be years away….

The [international affairs think tank] Atlantic Council’s Cyber Statecraft Initiative has praised the Biden administration’s desire to address economic incentives for insecurity. Right now, the costs of cyberattacks fall on users more than they do tech providers, according to many policymakers. “They’re on a righteous mission,” Trey Herr, director of the Atlantic Council initiative, told me. If today’s guidelines are the beginning of the discussion on secure-by-design and secure-by-default, Herr said, “this is a really strong start, and an important one.”
“It really takes aim at security features as a profit center,” which for some companies has led to a lot of financial growth, Herr said. “I do think that’s going to rub people the wrong way and quick, but that’s good. That’s a good fight.”
In the statement CISA’s director says consumers also have a role to play in this transition. “As software now powers the critical systems and services we collectively rely upon every day, consumers must demand that manufacturers prioritize product safety above all else.”

Among other things, the new guidelines say that manufacturers “are encouraged make hard tradeoffs and investments, including those that will be ‘invisible’ to the customers, such as migrating to programming languages that eliminate widespread vulnerabilities.”

Read more of this story at Slashdot.

Should Managers Permanently Stop Requiring Degrees for IT Positions?

CIO magazine reports on “a growing number of managers and executives dropping degree requirements from job descriptions.”

Figures from the 2022 study The Emerging Degree Reset from The Burning Glass Institute quantify the trend, reporting that 46% of middle-skill and 31% of high-skill occupations experienced material degree resets between 2017 and 2019. Moreover, researchers calculated that 63% of those changes appear to be “‘structural resets’ representing a measured and potentially permanent shift in hiring practices” that could make an additional 1.4 million jobs open to workers without college degrees over the next five years.

Despite such statistics and testimony from Taylor and other IT leaders, the debate around whether a college education is needed in IT isn’t settled. Some say there’s no need for degrees; others say degrees are still preferred or required…. IBM is among the companies whose leaders have moved away from degree requirements; Big Blue is also one of the earliest, largest, and most prominent proponents of the move, introducing the term “new collar jobs” for the growing number of positions that require specific skills but not a bachelor’s degree….

Not all are convinced that dropping degree requirements is the way to go, however. Jane Zhu, CIO and senior vice president at Veritas Technologies, says she sees value in degrees, value that isn’t always replicated through other channels. “Though we don’t necessarily require degrees for all IT roles here at Veritas, I believe that they do help candidates demonstrate a level of formal education and commitment to the field and provide a foundation in fundamental concepts and theories of IT-related fields that may not be easily gained through self-study or on-the-job training,” she says. “Through college education, candidates have usually acquired basic technical knowledge, problem-solving skills, the ability to collaborate with others, and ownership and accountability. They also often gain an understanding of the business and social impacts of their actions.”
The article notes an evolving trend of “more openness to skills-based hiring for many technical roles but a desire for a bachelor’s degree for certain positions, including leadership.” (Kelli Jordan, vice president of IBMer Growth and Development tells CIO that more than half of the job openings posted by IBM no longer require degrees.)
Thanks to Slashdot reader snydeq for sharing the article.

Read more of this story at Slashdot.

Germany Quits Nuclear Power, Closes Its Final Three Plants

“Germany’s final three nuclear power plants close their doors on Saturday,” reports CNN, “marking the end of the country’s nuclear era that has spanned more than six decades….”
[D]espite last-minute calls to keep the plants online amid an energy crisis, the German government has been steadfast. “The position of the German government is clear: nuclear power is not green. Nor is it sustainable,” Steffi Lemke, Germany’s Federal Minister for the Environment and Consumer Protection and a Green Party member, told CNN.”We are embarking on a new era of energy production,” she said.

The closure of the three plants — Emsland, Isar 2 and Neckarwestheim — represents the culmination of a plan set in motion more than 20 years ago. But its roots are even older. In the 1970s, a strong anti-nuclear movement in Germany emerged. Disparate groups came together to protest new power plants, concerned about the risks posed by the technology and, for some, the link to nuclear weapons. The movement gave birth to the Green Party, which is now part of the governing coalition…

For critics of Germany’s policy, however, it’s irrational to turn off a low-carbon source of energy as the impacts of the climate crisis intensify. “We need to keep existing, safe nuclear reactors operating while simultaneously ramping up renewables as fast as possible,” Leah Stokes, a professor of climate and energy policy at the University of California, Santa Barbara, told CNN. The big risk, she said, is that fossil fuels fill the energy gap left by nuclear. Reductions in Germany’s nuclear energy since Fukushima have been primarily offset by increases in coal, according to research published last year.

Germany plans to replace the roughly 6% of electricity generated by the three nuclear plants with renewables, but also gas and coal…. Now Germany must work out what do with the deadly, high-level radioactive waste, which can remain dangerous for hundreds of thousands of years.

CNN also notes how other countries approach nuclear power:

Denmark passed a resolution in the 1980s not to construct nuclear power plants
Finland opened a new nuclear plant last year
Switzerland voted in 2017 to phase out nuclear power
France, which gets about 70% of its power from nuclear, is planning six new reactors.
Italy closed its last reactors in 1990

Read more of this story at Slashdot.

France Eyeing Antitrust Action Against Apple

The French Competition Authority is likely to move forward soon with an antitrust investigation into Apple over complaints tied to 2021 changes to its app tracking policies, Axios reported, citing sources. From the report: A formal investigation would mark the first major government move taken globally against Apple related to privacy rule changes that upended the digital advertising world. French regulators are favoring issuing a formal “Statement of Objections” to parties involved in the matter in coming weeks, sources told Axios.

That step would signal to groups that issued initial complaints about Apple’s actions and Apple that the authority found evidence of illegal anticompetitive behavior in its initial review of the complaints it received. The 2020 complaint argues that Apple’s app tracking changes did not adequately adhere to European Union privacy rules and that Apple failed to hold itself to the same ad targeting standards that it forced on its competitors because it targeted iOS users with ads from app tracking data. The complaint was filed jointly by four French advertising trade groups — IAB France, Mobile Marketing Association (MMA), SRI and UDECAM.

Read more of this story at Slashdot.

Apple To Invest Another $200 Million In Carbon Removal Fund

Apple said it will invest up to an additional $200 million in its Restore Fund, which was created in 2021 to remove carbon from the atmosphere. Reuters reports: The additional investment is expected to help the fund start new projects and carry forward its previously stated goal to remove about 1 million metric tons of carbon dioxide per year, the company said. Apple is making efforts to become carbon neutral through its entire supply chain and the life cycle of every product by 2030.

The fund, launched with Goldman Sachs Group Inc (GS.N) and nonprofit Conservation International, has invested in forest properties in Brazil and Paraguay in the last two years. The expanded fund will be managed by Climate Asset Management, a joint venture of HSBC Asset Management and Pollination, Apple added.

Read more of this story at Slashdot.