Cornell Tech researchers have developed a portable device called SoilScanner that uses radio frequency signals and machine learning to detect lead contamination in soil. It offers a cost-effective alternative to traditional methods of testing that "generally involves either sending samples to a lab for analysis, which relies upon harsh chemicals and can be expensive, or using a portable X-ray fluorescence device," notes Phys.org. From the report: "In recent years, especially during COVID, a lot of us got excited about having our own backyard garden, or spending more time at home," said [Rajalakshmi Nandakumar, assistant professor at the Jacobs Technion-Cornell Institute at Cornell Tech] who's also a member of the Department of Information Science in the Cornell Ann S. Bowers College of Computing and Information Science. "But if you look at instructions for how to grow tomatoes, no one actually tells you that you have to check your soil for lead," she said. "It's all about pH levels. A lot of us, even though we interact very often with soils, are totally unaware of possible lead contamination."

[Yixuan Gao, a doctoral candidate in computer science] said the group was motivated by a map of lead contamination in New York City that Cheng's Urban Soils Lab (USL) had produced over the course of several years of testing for hundreds of soil samples throughout the five boroughs. The testing revealed dangerously high levels of lead in many locations, most notably in northern Brooklyn. About 45% of the soil samples tested by USL had lead levels above 400 parts per million (ppm), the previous EPA recommended screening level (revised a year ago to 200 ppm for residential soils). "This means there is a significant risk when gardening in these urban soils," Gao said. You can learn more about the device here (PDF).

Windows 11 24H2 continues to experience issues with multifunction devices using the eSCL scan protocol, despite Microsoft marking the problem as resolved. According to a Register reader, "It works on a Windows 10 machine, but not on Windows 11, unless both the computer and the scanner are on wired Ethernet." From the report: Microsoft issued a compatibility safeguard hold on USB-connected devices using the Scanner Communication Language (eSCL) protocol in November after users who installed the Windows update experienced glitches with device discovery. The issue was reported resolved by Microsoft in December. However, it seems that KB5048667 might not have fixed all the problems for Canon owners. According to our reader: "Canon support tells me that the 24H2 eSCL issue still is not fixed." We asked Microsoft about the situation, but despite telling us it was looking into the problem on Friday, December 20, the company has yet to provide any further details. Canon was more forthcoming. A spokesperson told The Register it was aware of a problem impacting devices using ScanGear MF.

ScanGear MF is a scanner driver provided by Canon and allows customers to configure advanced settings for scanning. Canon does not appear to be changing its code to rectify whatever problems had been brought on by the Windows 11 update. The spokesperson said: "Microsoft is currently working on an OS amendment to resolve this and we are keeping in close contact with them. The timing for resolving this is yet to be confirmed by Microsoft, however we expect to receive the plan to fix in January 2025." Customers affected by the issue, which manifests itself with a communications error message, according to Canon's support forum, are advised to use either native Microsoft software solutions or go fully wired via USB.

The UK's Information Commissioner's Office (ICO) warns that while most adults recognize the importance of wiping personal data from old devices, nearly 30% don't know how, and a significant number of young people either don't care or find it too cumbersome. The Register reports: Clearing personal data off an old device is an important step before ditching it or handing it on to another user. However, almost three in ten (29 percent) of adults don't know how to remove the information, according to a survey of 2,170 members of the UK public. Seventy-one percent agreed that wiping a device was important, but almost a quarter (24 percent) reckoned it was too arduous. This means that the drawer of dusty devices is set to swell -- three-quarters of respondents reported hanging on to at least one old device, and a fifth did so because they were worried about their personal information. [...]

More than one in five (21 percent) of young people in the survey didn't think it was important to wipe personal data, while 23 percent said they didn't care about what might happen to that data. Fourteen percent of people aged 18-34 said they wouldn't bother wiping their devices at all, compared to just 4 percent of people over 55. On the plus side, the majority (84 percent) of respondents said they would ensure data was erased before disposing of a device. Alternatively, some might not worry about it and stick it in that special drawer alongside all the cables that might be needed one day. The survey also found that more than a quarter (27 percent) of UK adults were planning to treat themselves to a new device over the festive season [...].

An anonymous reader quotes a report from PCWorld: Smart home devices compatible with the Matter standard have garnered most of our attention lately, but the compelling features in the latest generation of Z-Wave chips convinced the IoT developer Shelly Group to build no fewer than 11 new products powered by Z-Wave technology. The new collection includes a smart plug, in-wall dimmers, relays, and various sensors aimed at DIYers, installers, and commercial builders. Citing the ability of Z-Wave 800 (aka Z-Wave Long Range or LR) chips to operate IoT devices over extremely long range -- up to 1 mile, line of sight -- while running on battery power for up to 10 years, Shelly Group CTO Leon Kralj said "Shelly is helping break down smart home connectivity barriers, empowering homeowners, security installers, and commercial property owners and managers with unmatched range, scalability, and energy efficiency to redefine their automation experience."

[...] While most homeowners won't need to worry about the number of IoT devices their networks can support, commercial builders will appreciate the scalability of Z-Wave 800-powered devices -- namely, you can deploy as many as 4,000 nodes on a single mesh network. That's a 20x increase over what was possible with previous generations of the chip. And since Z-Wave LR is backward compatible with those previous generations, there should be no worries about integrating the new devices into existing networks. Shelly says all 11 of its new Z-Wave 800-powered IoT devices will be available in the first half of 2025. The new Shelly devices will be available in the U.S. in the first half of 2025.

Here's a list of the devices enhanced with the new long-range capabilities:
- Shelly Wave Plug US
- Shelly Wave Door/Window
- Shelly Wave H&T
- Shelly Wave Motion
- Shelly Wave Dimmer
- Shelly Wave Pro Dimmer 1 PM
- Shelly Wave Pro Dimmer 2 PM
- Shelly Wave 1
- Shelly Wave 1 PM
- Shelly Wave 2 PM
- Shelly Wave Shutter

D-Link confirmed no fix will be issued for the over 60,000 D-Link NAS devices that are vulnerable to a critical command injection flaw (CVE-2024-10914), allowing unauthenticated attackers to execute arbitrary commands through unsanitized HTTP requests. The networking company advises users to retire or isolate the affected devices from public internet access. BleepingComputer reports: The flaw impacts multiple models of D-Link network-attached storage (NAS) devices that are commonly used by small businesses: DNS-320 Version 1.00; DNS-320LW Version 1.01.0914.2012; DNS-325 Version 1.01, Version 1.02; and DNS-340L Version 1.08. [...] A search that Netsecfish conducted on the FOFA platform returned 61,147 results at 41,097 unique IP addresses for D-Link devices vulnerable to CVE-2024-10914.

In a security bulletin today, D-Link has confirmed that a fix for CVE-2024-10914 is not coming and the vendor recommends that users retire vulnerable products. If that is not possible at the moment, users should at least isolate them from the public internet or place them under stricter access conditions. The same researcher discovered in April this year an arbitrary command injection and hardcoded backdoor flaw, tracked as CVE-2024-3273, impacting mostly the same D-Link NAS models as the latest flaw.

Longtime Slashdot reader AmiMoJo shares a report from The Verge: It's been two long years since the launch of Matter -- the one smart home standard designed to rule them all -- and there's been a fair amount of disappointment around a sometimes buggy rollout, slow adoption by companies like Apple, Amazon, and Google, and frustrating setup experiences. However, the launch of the Matter 1.4 specification this week shows some signs that the Connectivity Standards Alliance (CSA, the organization behind Matter) is using more sticks and fewer carrots to get the smart home industry coalition to cooperate.

The new spec introduces 'enhanced multi-admin,' an improvement on multi-admin -- the much-touted interoperability feature that means your Matter smart light can work in multiple ecosystems simultaneously. It brings a solution for making Thread border routers from different companies play nicely together and introduces a potentially easier way to add Matter infrastructure to homes through Wi-Fi routers and access points. Matter 1.4 also brings some big updates to energy management support, including adding heat pumps, home batteries, and solar panels as Matter device types.

After a couple of years of regular use, Samsung's $400 Galaxy Ring will end up contributing to the growing e-waste problem. "The Galaxy Ring -- and all smart rings like it -- comes with a huge string attached," writes iFixit in a blog post. "It's 100% disposable, just like the AirPod-style Buds3 that Samsung just released. The culprit? The lithium ion batteries." ZDNet reports: The problem is the battery, and how they have a finite lifespan. Usually that's about 400 recharge cycles, and after that the batteries are finished. And if you can't replace it, then it's the end of the line for the gadget, and it's tossed onto the e-waste pile. [...]

iFixit is damning about this sort of tech. "There's nothing wrong with simple but there is something wrong with unrepairable. Just like the Galaxy Buds3, the Galaxy Ring is a disposable tech accessory that isn't designed to last more than two years." And the bottom line is simple: "We can't recommend buying disposable tech like this." Here's what iFixit's Shahram Mokhtari had to say about the Galaxy Ring's battery, after putting it through a CT scanner: On the right hand side of the ring is the faint outline of a lithium polymer battery pouch. There's an inductive coil sitting right on top of the battery (the lines that look like a rectangular track) and another very similar inductive coil that's parallel and slightly separated from the first. That second inductive coil is inside the charging case and works together with the inductive coil in the ring to recharge the battery inside the Galaxy Ring. Inductive charging is the only practical way to deliver power to a device that doesn't have any ports. But there's something else here that sticks out like a sore thumb ... that is a press connector joining the battery to the rest of the board! This is a surprising use of space, why isn't this directly soldered? Nobody is getting back in there to disconnect this thing!

We love press connectors, they're easy to work with and make replacing batteries a sight easier than desoldering a half dozen wires. But this one is sealed into the device and serves no purpose in replacement or repair. Our best guess as to why it's in the Galaxy Ring: The battery and wireless charging coil were made in one place, the circuit board somewhere else, and it all comes to a production line somewhere where the two need to be connected together quickly and cheaply. Hence the press connector. It's not for your benefit, it's for the manufacturers.

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what's known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://github.com/raywu-aaeon..., and it's not clear when it was taken down. The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot.

Binarly researchers said their scans of firmware images uncovered 215 devices that use the compromised key, which can be identified by the certificate serial number 55:fb:ef:87:81:23:00:84:47:17:0b:b3:cd:87:3a:f4. A table appearing at the end of this article lists each one. The researchers soon discovered that the compromise of the key was just the beginning of a much bigger supply-chain breakdown that raises serious doubts about the integrity of Secure Boot on more than 300 additional device models from virtually all major device manufacturers. As is the case with the platform key compromised in the 2022 GitHub leak, an additional 21 platform keys contain the strings "DO NOT SHIP" or "DO NOT TRUST." These keys were created by AMI, one of the three main providers of software developer kits that device makers use to customize their UEFI firmware so it will run on their specific hardware configurations. As the strings suggest, the keys were never intended to be used in production systems. Instead, AMI provided them to customers or prospective customers for testing. For reasons that aren't clear, the test keys made their way into devices from a nearly inexhaustive roster of makers. In addition to the five makers mentioned earlier, they include Aopen, Foremelife, Fujitsu, HP, Lenovo, and Supermicro.

Cryptographic key management best practices call for credentials such as production platform keys to be unique for every product line or, at a minimum, to be unique to a given device manufacturer. Best practices also dictate that keys should be rotated periodically. The test keys discovered by Binarly, by contrast, were shared for more than a decade among more than a dozen independent device makers. The result is that the keys can no longer be trusted because the private portion of them is an open industry secret. Binarly has named its discovery PKfail in recognition of the massive supply-chain snafu resulting from the industry-wide failure to properly manage platform keys. The report is available here. Proof-of-concept videos are here and here. Binarly has provided a scanning tool here. "It's a big problem," said Martin Smolar, a malware analyst specializing in rootkits who reviewed the Binarly research. "It's basically an unlimited Secure Boot bypass for these devices that use this platform key. So until device manufacturers or OEMs provide firmware updates, anyone can basically... execute any malware or untrusted code during system boot. Of course, privileged access is required, but that's not a problem in many cases."

Binarly founder and CEO Alex Matrosov added: "Imagine all the people in an apartment building have the same front door lock and key. If anyone loses the key, it could be a problem for the entire building. But what if things are even worse and other buildings have the same lock and the keys?"

Arm is launching its Arm Accuracy Super Resolution (ASR) upscaler that "can make games look better, while lowering power consumption on your phone," according to The Verge. "It's also making the upscaling technology available to developers under an MIT open-source license." From the reprot: Arm based its technology on AMD's FidelityFX Super Resolution 2 (FSR 2), which uses temporal upscaling to make PC games look better and boost frame rates. Unlike spatial upscaling, which upscales an image based on a single frame, temporal upscaling involves using multiple frames to generate a higher-quality image.

You can see just how Arm ASR stacks up to AMD's FSR 2 and Qualcomm's GSR tech in [this chart] created by Arm. Arm claims ASR produced 53 percent higher frame rates than rendering at native resolution on a device with an Arm Immortalis-G720 GPU and 2800 x 1260 display, beating AMD FSR 2. It also tested ASR on a device using MediaTek's Dimensity 9300 chip and found that rendering at 540p and upscaling with ASR used much less power than running a game at native 1080p resolution.

storagedude shares a report from the Cyber Express: Some of the most widely used web and social media applications could be vulnerable to three newly discovered CocoaPods vulnerabilities -- including potentially millions of Apple devices, according to a report by The Cyber Express, the news service of threat intelligence vendor Cyble Inc. E.V.A Information Security researchers reported three vulnerabilities in the open source CocoaPods dependency manager that could allow malicious actors to take over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications, potentially affecting "almost every Apple device." The researchers found vulnerable code in applications provided by Meta (Facebook, Whatsapp), Apple (Safari, AppleTV, Xcode), and Microsoft (Teams); as well as in TikTok, Snapchat, Amazon, LinkedIn, Netflix, Okta, Yahoo, Zynga, and many more.

The vulnerabilities have been patched, yet the researchers still found 685 Pods "that had an explicit dependency using an orphaned Pod; doubtless there are hundreds or thousands more in proprietary codebases." The newly discovered vulnerabilities -- one of which (CVE-2024-38366) received a 10 out of 10 criticality score -- actually date from a May 2014 CocoaPods migration to a new 'Trunk' server, which left 1,866 orphaned pods that owners never reclaimed. While the vulnerabilities have been patched, the work for developers and DevOps teams that used CocoaPods before October 2023 is just getting started. "Developers and DevOps teams that have used CocoaPods in recent years should verify the integrity of open source dependencies used in their application code," the E.V.A researchers said. "The vulnerabilities we discovered could be used to control the dependency manager itself, and any published package." [...] "Dependency managers are an often-overlooked aspect of software supply chain security," the researchers wrote. "Security leaders should explore ways to increase governance and oversight over the use these tools." "While there is no direct evidence of any of these vulnerabilities being exploited in the wild, evidence of absence is not absence of evidence." the EVA researchers wrote. "Potential code changes could affect millions of Apple devices around the world across iPhone, Mac, AppleTV, and AppleWatch devices."

While no action is required by app developers or users, the EVA researchers recommend several ways to protect against these vulnerabilities. To ensure secure and consistent use of CocoaPods, synchronize the podfile.lock file with all developers, perform CRC validation for internally developed Pods, and conduct thorough security reviews of third-party code and dependencies. Furthermore, regularly review and verify the maintenance status and ownership of CocoaPods dependencies, perform periodic security scans, and be cautious of widely used dependencies as potential attack targets.

According to Bloomberg's Mark Gurman, Apple appears ready to embrace a thinner design language with the upcoming MacBook Pro, Apple Watch, and iPhone. MacRumors reports: When the M4 iPad Pro was unveiled last month, Apple touted it as the company's thinnest product ever, and even compared it to the 2012 iPod nano to emphasize its slim dimensions. Writing in the latest edition of his Power On newsletter, Gurman says that like the iPad Pro, Apple is now focused on delivering the thinnest possible devices across its lineups without compromising on battery life or major new features. Gurman writes that the new iPad Pro is the "beginning of a new class of Apple devices," and that Apple's aim is to offer "the thinnest and lightest products in their categories across the whole tech industry." Apple now reportedly has its sights on making thinner versions of iPhone, Apple Watch, and MacBook Pro over the next couple of years.

Gurman's sources tell him Apple is now focused on developing a significantly skinnier iPhone in time for the iPhone 17 line in 2025, corroborating a May report by The Information. According to the latter report, Apple is planning to launch an all-new thinner iPhone 17 model next year that will allegedly feature a "major redesign" akin to the iPhone X. Gurman previously reported that Apple is planning a complete revamp of the Apple Watch for the device's tenth anniversary, dubbed "Apple Watch X." Since the original Apple Watch was unveiled in 2014 and launched in 2015, Gurman is unsure whether the Apple Watch X will be released in 2024 or 2025. However, Apple analyst Ming-Chi Kuo today claimed that this year's upcoming Apple Watch will have a larger screen and thinner design, which sounds like the sort of major overhaul and design signature that Gurman has suggested.

Following in the European Union's footsteps, Japan's parliament has enacted a law on Wednesday that will prohibit big tech from blocking third-party app stores. AppleInsider reports: The intention of the bill is that it will facilitate competition and reduce app prices. Japan's government reportedly believes that Apple and Google are a duopoly, and that they charge developers high fees that are then passed on to users. Big tech companies with App Stores will also prohibit companies from prioritizing their own services. Google is likely to be hit hardest by this. Violators will initially be fined up to 20% of the domestic revenue of the specific service that broke the law. The fee can increase to 30%, if the behavior continues.

The Japanese government's Fair Trade Commission (FTC) will choose which firms to apply it to. Companies that will be regulated will be required to submit compliance reports annually. While it hasn't been explicitly said that Apple and Google must comply, It seems certain that the announcement that they'll be held to the provisions is imminent. The Japan FTC isn't expected to add any Japanese firms to the list. The law likely won't take effect until the end of 2025.

Apple has quietly added a Thread radio to nearly all of its newest iPads, MacBooks, and iMacs. The Verge reports: While the company doesn't list Thread on the specs of any of these products, FCC reports indicate that many of Apple's latest devices have had Thread radios tested for compliance. Generally, you don't test a radio that's not there. We found evidence of Thread testing in the following models: iPad Pro 13-inch (M4) (Wi-Fi + Cellular), iPad Pro 11-inch (M4) (Wi-Fi + Cellular), iPad Pro 11-inch (M4) (Wi-Fi), iPad Air 11-inch (M2) (Wi-Fi + Cellular), iPad Air 13-inch (M2) Wi-Fi, MacBook Air 15-inch (M3), MacBook Pro 14-inch (M3), MacBook Pro 14-inch (M3 Pro or M3 Max), MacBook Pro 16-inch (M3 Pro or M3 Max), iMac (M3, two ports), and iMac (M3, four ports).

The FCC requires manufacturers to list every radio contained in a device and to test them in every possible scenario to make sure they comply with its transmission regulations. Tom Sciorilli, director of certification for Thread Group, told The Verge that the FCC reports reference FCC 15.247, "which confirms the device will essentially 'stay in its lane' and not interfere with other radios when operating." The reports we found are tests of the IEEE 802.15.4 transmitter functionality -- 802.15.4 is the radio standard Thread runs on. While it supports a number of technologies, the reports mention Thread explicitly.

Thread is the primary wireless protocol for the new smart home standard Matter, which Apple helped develop and that is now the underlying architecture for its Apple Home smart home platform. A low-power, low-bandwidth, mesh networking protocol specifically designed for IoT devices, Thread is shown to be faster than Bluetooth and offers better range, making it ideal for connecting products like smart lights, locks, thermostats, and sensors. [...] So why is it there? The Apple Home app runs on Macs and iPads, and Thread radios could allow them to communicate directly with smart home devices and act as Thread border routers. It's possible Apple is planning to turn your Mac or iPad into a home hub, but iPads used to be home hubs, and the company discontinued that capability for its new Apple Home architecture. Those iPads didn't have Thread radios, though.

If you contact Spotify's customer service with a valid receipt, the company will refund your Car Thing purchase. That's the latest development reported by Engadget. When Spotify first announced that it would brick every Car Thing device on December 9, 2024, it said that it wouldn't offer owners any subscription credit or automatic refund. From the report: Spotify has taken some heat for its announcement last week that it will brick every Car Thing device on December 9, 2024. The company described its decision as "part of our ongoing efforts to streamline our product offerings" (read: cut costs) and that it lets Spotify "focus on developing new features and enhancements that will ultimately provide a better experience to all Spotify users."

TechCrunch reports that Gen Z users on TikTok have expressed their frustration in videos, while others have complained directed toward Spotify in DMs on X (Twitter) and directly through customer support. Some users claimed Spotify's customer service agents only offered several months of free Premium access, while others were told nobody was receiving refunds. It isn't clear if any of them contacted them after last Friday when it shifted gears on refunds.

Others went much further. Billboard first reported on a class-action lawsuit filed in the US District Court for the Southern District of New York on May 28. The suit accuses Spotify of misleading Car Thing customers by selling a $90 product that would soon be obsolete without offering refunds, which sounds like a fair enough point. It's worth noting that, according to Spotify, it began offering the refunds last week, while the lawsuit was only filed on Tuesday. If the company's statement about refunds starting on May 24 is accurate, the refunds aren't a direct response to the legal action. (Although it's possible the company began offering them in anticipation of lawsuits.) Editor's note: As a disgruntled Car Thing owner myself, I can confirm that Spotify is approving refund requests. You'll just have to play the waiting game to get through to a Spotify Advisor and their "team" that approves these requests. You may have better luck emailing customer service directly at support@spotify.com.

Spotify is about to render its Car Thing dashboard accessory inoperable on December 9th. Not only is the company refusing to open-source the device, it won't offer owners any subscription credit or automatic refund. "Rather, it's just canning the project and telling people to (responsibly) dispose of Car Thing," reports The Verge. From the report: "We're discontinuing Car Thing as part of our ongoing efforts to streamline our product offerings," Spotify wrote in an FAQ on its website. "We understand it may be disappointing, but this decision allows us to focus on developing new features and enhancements that will ultimately provide a better experience to all Spotify users."

The company is recommending that customers do a factory reset on the product and find some way of responsibly recycling the hardware. Spotify is also being direct and confirming that there's little reason to ever expect a sequel. "As of now, there are no plans to release a replacement or new version of Car Thing," the FAQ reads. Car Thing went on sale to the public in early 2022 for $90. Spotify halted production several months later "based on several factors, including product demand and supply chain issues."

At the time, the company said: "Existing devices will perform as intended."

UPDATE 5/30/24: Spotify Says It Will Refund Car Thing Purchases

An anonymous reader quotes a report from Ars Technica: In a major shake-up of its chip roadmap, Apple has announced a new M4 processor for today's iPad Pro refresh, barely six months after releasing the first MacBook Pros with the M3 and not even two months after updating the MacBook Air with the M3. Apple says the M4 includes "up to" four high-performance CPU cores, six high-efficiency cores, and a 10-core GPU. Apple's high-level performance estimates say that the M4 has 50 percent faster CPU performance and four times as much graphics performance. Like the GPU in the M3, the M4 also supports hardware-accelerated ray-tracing to enable more advanced lighting effects in games and other apps. Due partly to its "second-generation" 3 nm manufacturing process, Apple says the M4 can match the performance of the M2 while using just half the power.

As with so much else in the tech industry right now, the M4 also has an AI focus; Apple says it's beefing up the 16-core Neural Engine (Apple's equivalent of the Neural Processing Unit that companies like Qualcomm, Intel, AMD, and Microsoft have been pushing lately). Apple says the M4 runs up to 38 trillion operations per second (TOPS), considerably ahead of Intel's Meteor Lake platform, though a bit short of the 45 TOPS that Qualcomm is promising with the Snapdragon X Elite and Plus series. The M3's Neural Engine is only capable of 18 TOPS, so that's a major step up for Apple's hardware. Apple's chips since 2017 have included some version of the Neural Engine, though to date, those have mostly been used to enhance and categorize photos, perform optical character recognition, enable offline dictation, and do other oddities. But it may be that Apple needs something faster for the kinds of on-device large language model-backed generative AI that it's expected to introduce in iOS and iPadOS 18 at WWDC next month. A separate report from the Wall Street Journal says Apple is developing a custom chip to run AI software in datacenters. "Apple's server chip will likely be focused on running AI models, also known as inference, rather than in training AI models, where Nvidia is dominant," reports Reuters.

Further reading: Apple Quietly Kills the Old-school iPad and Its Headphone Jack

According to Bloomberg's Mark Gurman, Apple's initial set of AI-related features in iOS 18 "will work entirely on device," and won't connect to cloud services. AppleInsider reports: In practice, these AI features would be able to function without an internet connection or any form of cloud-based processing. AppleInsider has received information from individuals familiar with the matter that suggest the report's claims are accurate. Apple is working on an in-house large language model, or LLM, known internally as "Ajax." While more advanced features will ultimately require an internet connection, basic text analysis and response generation features should be available offline. [...] Apple will reveal its AI plans during WWDC, which starts on June 10.

An anonymous reader quotes a report from Ars Technica: Former Apple design lead Jony Ive and current OpenAI CEO Sam Altman are seeking funding for a new company that will produce an "artificial intelligence-powered personal device," according to The Information's sources, who are said to be familiar with the plans. The exact nature of the device is unknown, but it will not look anything like a smartphone, according to the sources. We first heard tell of this venture in the fall of 2023, but The Information's story reveals that talks are moving forward to get the company off the ground.

Ive and Altman hope to raise at least $1 billion for the new company. The complete list of potential funding sources they've spoken with is unknown, but The Information's sources say they are in talks with frequent OpenAI investor Thrive Capital as well as Emerson Collective, a venture capital firm founded by Laurene Powell Jobs. SoftBank CEO and super-investor Masayoshi Son is also said to have spoken with Altman and Ive about the venture. Financial Times previously reported that Son wanted Arm (another company he has backed) to be involved in the project. [...] Altman already has his hands in several other AI ventures besides OpenAI. The Information reports that there is no indication yet that OpenAI would be directly involved in the new hardware company.

An anonymous reader quotes a report from Android Police, written by Dhruv Bhutani: As someone who is an early adopter of all things smart and has invested a significant amount of money in building a fancy smart home, it saddens me to say that I feel cheated by the thousands of dollars I've spent on smart devices. And it's not a one-off. Amazon's recent move to block off local ADB connections on Fire TV devices is the latest example in a long line of grievances. A brand busy wrestling away control from the consumer after they've bought the product, the software update gimps a feature that has been present on the hardware ever since it launched back in 2014. ADB-based commands let users take deep control of the hardware, and in the case of the Fire TV hardware, it can drastically improve the user experience. [...] A few years ago, I decided to invest in the NVIDIA Shield. The premium streamer was marketed as a utopia for streaming online and offline sources with the ability to plug in hard drives, connect to NAS drives, and more. At launch, it did precisely that while presenting a beautiful, clean interface that was a joy to interact with. However, subsequent updates have converted what was otherwise a clean and elegant solution to an ad-infested overlay that I zoom past to jump into my streaming app of choice. This problem isn't restricted to just the Shield. Even my Google TV running Chromecast has a home screen that's more of an advertising space for Google than an easy way to get to my content.

But why stop at streaming boxes? Google's Nest Hubs are equal victims of feature deterioration. I've spent hundreds of dollars on Nest Hubs and outfitted them in most of my rooms and washrooms. However, Google's consistent degradation of the user experience means I use these speakers for little more than casting music from the Spotify app. The voice recognition barely works on the best of days, and when it does, the answers tend to be wildly inconsistent. It wasn't always the case. In fact, at launch, Google's Nest speakers were some of the best smart home interfaces you could buy. You'd imagine that the experience would only improve from there. That's decidedly not the case. I had high hopes that the Fuchsia update would fix the broken command detection, but that's also not the case. And good luck to you if you decided to invest in Google Assistant-compatible displays. Google's announcement that it would no longer issue software or security updates to third-party displays like the excellent Lenovo Smart Display, right after killing the built-in web browser, is pretty wild. It boggles my mind that a company can get away with such behavior.

Now imagine the plight of Nest Secure owners. A home security system isn't something one expects to switch out for many many years. And yet, Google decided to kill the Nest Secure home monitoring solution merely three years after launching the product range. While I made an initial investment in the Nest ecosystem, I've since switched over to a completely local solution that is entirely under my control, stores data locally, and won't be going out of action because of bad decision-making by another company. "It's clear to me that smart home devices, as they stand, are proving to be very poor investments for consumers," Bhutani writes in closing. "Suffice it to say that I've paused any future investments in smart devices, and I'll be taking a long and hard look at a company's treatment of its current portfolio before splurging out more cash. I'd recommend you do the same."

Jessica Lyons reports via The Register: Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University. In a paper presented at the 2024 Network and Distributed System Security Symposium, associate professor Jeremy Daily and systems engineering graduate students Jake Jepson and Rik Chatterjee demonstrated how ELDs can be accessed over Bluetooth or Wi-Fi connections to take control of a truck, manipulate data, and spread malware between vehicles. "These findings highlight an urgent need to improve the security posture in ELD systems," the trio wrote [PDF].

The authors did not specify brands or models of ELDs that are vulnerable to the security flaws they highlight in the paper. But they do note there's not too much diversity of products on the market. While there are some 880 devices registered, "only a few tens of distinct ELD models" have hit the road in commercial trucks. A federal mandate requires most heavy-duty trucks to be equipped with ELDs, which track driving hours. These systems also log data on engine operation, vehicle movement and distances driven -- but they aren't required to have tested safety controls built in. And according to the researchers, they can be wirelessly manipulated by another car on the road to, for example, force a truck to pull over.

The academics pointed out three vulnerabilities in ELDs. They used bench level testing systems for the demo, as well as additional testing on a moving 2014 Kenworth T270 Class 6 research truck equipped with a vulnerable ELD. [...] For one of the attacks, the boffins showed how anyone within wireless range could use the device's Wi-Fi and Bluetooth radios to send an arbitrary CAN message that could disrupt of some of the vehicle's systems. A second attack scenario, which also required the attacker to be within wireless range, involved connecting to the device and uploading malicious firmware to manipulate data and vehicle operations. Finally, in what the authors described as the "most concerning" scenario, they uploaded a truck-to-truck worm. The worm uses the compromised device's Wi-Fi capabilities to search for other vulnerable ELDs nearby. After finding the right ELDs, the worm uses default credentials to establish a connection, drops its malicious code on the next ELD, overwrites existing firmware, and then starts the process over again, scanning for additional devices. "Such an attack could lead to widespread disruptions in commercial fleets, with severe safety and operational implications," the researchers warned.

Google said it will allow businesses to install ChromeOS Flex on their Windows devices, "potentially preventing millions of PCs from hitting landfills after Microsoft ends support for Windows 10 next year," reports Reuters. The Chrome operating system will ultimately allow users to keep using their Windows 10 systems, while also providing regular security updates and features like data encryption. From the report: ChromeOS is significantly less popular than other operating systems. In January 2024, it held a 1.8% share of the worldwide desktop OS market, far behind Windows' share of about 73%, according to data from research firm Statcounter. ChromeOS has struggled with wider adaptability due to its incompatibility with legacy Windows applications and productivity suites used by businesses. Google said that ChromeOS would allow users to stream legacy Windows and productivity applications, which will help deliver them to devices by running the apps on a data center.

An anonymous reader quotes a report from ProPublica: Reeling from one of the most catastrophic recalls in decades, Philips Respironics said it will stop selling sleep apnea machines and other respiratory devices in the United States under a settlement with the federal government that will all but end the company's reign as one of the top makers of breathing machines in the country. The agreement, announced by Philips early Monday, comes more than two years after the company pulled millions of its popular breathing devices off the shelves after admitting that an industrial foam fitted in the machines to reduce noise could break apart and release potentially toxic particles and fumes into the masks worn by patients.

It could be years before Philips can resume sales of the devices, made in two factories outside Pittsburgh. The company said all the conditions of the multiyear consent decree -- negotiated in the wake of the recall with the Department of Justice on behalf of the Food and Drug Administration -- must be met first. The move by a company that aggressively promoted its machines in ad campaigns and health conferences -- in one case with the help of an Elvis impersonator -- follows relentless criticism about the safety of the machines. A ProPublica and Pittsburgh Post-Gazette investigation found the company held back thousands of complaints about the crumbling foam for more than a decade before warning customers about the dangers. Those using the machines included some of the most fragile people in the country, including infants, the elderly, veterans and patients with chronic conditions.

"It's about time," said Richard Callender, a former mayor in Pennsylvania who spent years using one of the recalled machines. "How many people have to suffer and get sick and die?" Philips said the agreement includes other requirements the company must meet before it can start selling the machines again, including the marquee DreamStation 2, a continuous positive airway pressure, or CPAP, device heralded by Philips when it was unveiled in 2021 for the treatment of sleep apnea. The settlement, which is still being finalized, has to be approved by a court and has not yet been released by the government. It remains unclear how the halt in sales will impact patients and doctors. The company's U.S. market share for sleep apnea devices in 2020 was about 37% -- behind only one competitor, medical device maker ResMed, according to an analysis by iData Research. Philips has dominated the market in ventilator sales, the data shows.

An anonymous reader quotes a report from Motherboard: [A] new tech startup, Prophetic, aims to bring lucid dreams to a much wider audience by developing a wearable device designed to spark the experience when desired. Prophetic is the brainchild of Eric Wollberg, its chief executive officer, and Wesley Louis Berry III, its chief technology officer. The pair co-founded the company earlier this year with the goal of combining technologies, such as ultrasound and machine learning models, "to detect when dreamers are in REM to induce and stabilize lucid dreams" with a device called the Halo according to the company's website. [...]

Prophetic does not make any medical claims about its forthcoming products -- Halo is tentatively slated for a 2025 release -- though Wollberg and Berry both expressed optimism about broader scientific research that suggests lucid dreams can reduce PTSD-related nightmares, promote mindfulness, and open new windows into the mysterious nature of consciousness. To explore those links further, Prophetic has partnered with the Donders Institute, a research center at Radboud University in the Netherlands that is focused on neuroscience and cognition, to generate the largest dataset of electroencephalogram (EEG) and functional magnetic resonance imaging (fMRI) observations of lucid dreamers, according to the company. The collaboration will also explore one of central technologies behind Prophetic's vision, known as transcranial focused ultrasound (TUS). This non-invasive technique uses low-intensity ultrasound pulses to probe the brain, and interact with neural activity, with a depth and precision that cannot be achieved with previous methods, such as transcranial electrical stimulation or transcranial magnetic stimulation.

At this point, both the possibilities and limits of Prophetic's concept remain unclear. While ultrasound devices have been widely used in medicine for decades, the process of stimulating parts of the brain with TUS is a relatively new development. Within the past few years, scientists have shown that TUS "has the potential to be used both as a scientific instrument to investigate brain function and as a therapeutic modality to modulate brain activity," according to a 2019 study, and "could be a useful tool in the treatment of clinical disorders characterized by negative mood states, like depression and anxiety disorders," according to a 2020 study. What is not known, yet, is whether TUS can induce or stabilize lucid dreams, though the Prophetic team is banking on a positive answer to this open question. Its wearable headband prototype, the Halo, was developed with the company Card79 and can currently read EEG data of users. Over the next year, Prophetic aims to use the dataset from their partnership with the Donders Institute to train machine learning models that will stimulate targeted neural activity in users with ultrasound transducers as a means of inducing lucid dreams.

Citing an "unacceptable level of risk to privacy and security," Canada banned Chinese messaging application WeChat and Russian antivirus program Kaspersky on government-issued mobile devices. Reuters reports: The ban was announced after an assessment by Canada's chief information officer that Tencent-owned WeChat and applications made by Moscow-based Kaspersky "present an unacceptable level of risk to privacy and security," the Treasury Board of Canada, which oversees public administration, said in a statement. Kaspersky said it was surprised and disappointed, and that the decision was made without warning or an opportunity for the firm to address the government's concerns. "As there has been no evidence or due process to otherwise justify these actions, they are highly unsupported and a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky's products and services," the company said in a statement.

The Treasury Board said it has no evidence that government information has been compromised, but the collection methods of the applications provide considerable access to a device's contents, and risks of using them were "clear." "The decision to remove and block the WeChat and the Kaspersky applications was made to ensure that government of Canada networks and data remain secure and protected and are in line with the approach of our international partners," the statement said. The applications will be removed from government-issued mobile devices on Monday, and users will be blocked from downloading them in the future.

Paul Kunert writes via The Register: Talking on stage at the Canalys EMEA Forum 2023, Luca Rossi, senior vice resident at Lenovo and president of its Intelligent Devices Group, said the company has committed to a net zero emission policy by 2050, and analyzing the components used in its hardware is part of the equation. "On repairability, we have a plan that by 2025 more than 80 percent of the repair parts will be repaired again so that they they enter into the circular economy to reduce the impact to the environment." He added: "More than 80 percent of our devices will be able to be repaired at the customer, by the customer or by the channel and we are enabling this with a design for serviceability kind of approach." This means that "batteries, SSD, many things, will not any longer be sealed into the product but will be available for the customer to be to repaired on site and then save a lot of waste."

Liam Proven writes via The Register: Steam OS is the Arch-based distro for a handheld Linux games console, and Valve is aggressively pushing Linux's usability and Windows interoperability for the device. Two unusual companies, Valve Software and Igalia, are working together to improve the Linux-based OS of the Steam Deck handheld games console. The device runs a Linux distro called Steam OS 3.0, but this is a totally different distro from the original Steam OS it announced a decade ago. Steam OS 1 and 2 were based on Debian, but Steam OS 3 is based on Arch Linux, as Igalia developer Alberto Garcia described in a talk entitled How SteamOS is contributing to the Linux ecosystem.

He explained that although Steam OS is built from some fairly standard components -- the normal filesystem hierarchy, GNU user space, systemd and dbus -- Steam OS has quite a few unique features. It has two distinct user interfaces: by default, it starts with the Steam games launcher, but users can also choose an option called Switch to Desktop, which results in a regular KDE Plasma desktop, with the ability to install anything: a web browser, normal Linux tools, and non-Steam games.

Obviously, though, Steam OS's raison d'etre is to run Steam games, and most of those are Windows games which will never get native Linux versions. Valve's solution is Proton, an open-source tool to run Windows games on Linux. It's formed from a collection of different FOSS packages, notably: [Wine, DXVK, VKD3D-Proton, and GStreamer]. The result is a remarkable degree of compatibility for some of the most demanding Windows apps around [...]. You can view Garcia's 49-page presentation here (PDF).

The Philips Hue ecosystem of home automation devices is "collapsing into stupidity," writes Rachel Kroll, veteran sysadmin and former production engineer at Facebook. "Unfortunately, the idiot C-suite phenomenon has happened here too, and they have been slowly walking down the road to full-on enshittification." From her blog post: I figured something was up a few years ago when their iOS app would block entry until you pushed an upgrade to the hub box. That kind of behavior would never fly with any product team that gives a damn about their users -- want to control something, so you start up the app? Forget it, we are making you placate us first! How is that user-focused, you ask? It isn't.

Their latest round of stupidity pops up a new EULA and forces you to take it or, again, you can't access your stuff. But that's just more unenforceable garbage, so who cares, right? Well, it's getting worse.

It seems they are planning on dropping an update which will force you to log in. Yep, no longer will your stuff Just Work across the local network. Now it will have yet another garbage "cloud" "integration" involved, and they certainly will find a way to make things suck even worse for you. If you have just the lights and smart outlets, Kroll recommends deleting the units from the Hue Hub and adding them to an IKEA Dirigera hub. "It'll run them just fine, and will also export them to HomeKit so that much will keep working as well." That said, it's not a perfect solution. You will lose motion sensor data, the light level, the temperature of that room, and the ability to set custom behaviors with those buttons.

"Also, there's no guarantee that IKEA won't hop on the train to sketchville and start screwing over their users as well," adds Kroll.

What has your experience been with the Philips Hue ecosystem? Do you have any alternatives you recommend?

An anonymous reader quotes a report from Ars Technica: When Google announced that trackers would be able to tie in to its 3 billion-device Bluetooth tracking network at its Google I/O 2023 conference, it also said that it would make it easier for people to avoid being tracked by trackers they don't know about, like Apple AirTags. Now Android users will soon get these "Unknown Tracker Alerts." Based on the joint specification developed by Google and Apple, and incorporating feedback from tracker-makers like Tile and Chipolo, the alerts currently work only with AirTags, but Google says it will work with tag manufacturers to expand its coverage.

For now, if an AirTag you don't own "is separated from its owner and determined to be traveling with you," a notification will tell you this and that "the owner of the tracker can see its location." Tapping the notification brings up a map tracing back to where it was first seen traveling with you. Google notes that this location data "is always encrypted and never shared with Google." Further into the prompts, you can make the tracker play a sound, "without the owner of the tracker knowing," Google says. If you bring the tracker to the back of your phone (presumably within NFC range), some trackers may provide their serial number and information about their owner, "like the last four digits of their phone number." Google indicates it will also link to information about how to physically disable a tracker. Finally, Google is offering a manual scan feature, if you're suspicious that your Android phone isn't catching a tracker or want to see what's nearby. The alerts are rolling out through a Google Play services update to devices on Android 6.0 and above over the coming weeks. Google is working to finish the joint tracking specification "by the end of this year."

The company added: "At this time, we've made the decision to hold the rollout of the Find My Device network until Apple has implemented protections for iOS."

What Iran's military called "the first product of the quantum processing algorithm" of the Naval university appears to be a stock development board, available widely online for around $600. Motherboard reports: According to multiple state-linked news agencies in Iran, the computer will help Iran detect disturbances on the surface of water using algorithms. Iranian Rear Admiral Habibollah Sayyari showed off the board during the ceremony and spoke of Iran's recent breakthroughs in the world of quantum technology. The touted quantum device appears to be a development board manufactured by a company called Diligent. The brand "ZedBoard" appears clearly in pictures. According to the company's website, the ZedBoard has everything the beginning developer needs to get started working in Android, Linux, and Windows. It does not appear to come with any of the advanced qubits that make up a quantum computer, and suggested uses include "video processing, reconfigurable computing, motor control, software acceleration," among others.

"I'm sure this board can work perfectly for people with more advanced [Field Programmable Gate Arrays] experience, however, I am a beginner and I can say that this is also a good beginner-friendly board," said one review on Diligent's website. Those interested in the board can buy one on Amazon for $589. It's impossible to know if Iran has figured out how to use off-the-shelf dev boards to make quantum algorithms, but it's not likely.

An anonymous reader quotes a report from Smithsonian: With a new technique, scientists have essentially figured out how to create power from thin air. Their tiny device generates electricity from the air's humidity, and it can be made from nearly any substance, scientists reported this month in the journal Advanced Materials. The invention involves two electrodes and a thin layer of material, which must be covered with tiny holes less than 100 nanometers in diameter -- thinner than one-thousandth the width of a human hair, according to a statement from the University of Massachusetts, Amherst, where the researchers work.

As water molecules pass through the device, from an upper chamber to a lower chamber, they knock against the tiny holes' edges, creating an electric charge imbalance between the layered chambers. In effect, it makes the device run like a battery. The whole process resembles the way clouds make electricity, which we see in the form of lightning bolts, according to Inverse's Molly Glick. [...] Currently, the fingernail-sized device can only create continuous electricity equivalent to a fraction of a volt, writes Vice's Becky Ferreira. But the researchers hope it can someday become a practical, sustainable source of power.

Scientists have previously tried harnessing humidity to generate electricity, but their attempts have often only worked for a short amount of time or relied on expensive materials, per Vice. In 2020, Yao and other researchers found a way to continuously collect electricity from humidity using a material grown from bacteria. But now, the new paper shows that such a specific material isn't necessary -- just about any material works, such as wood or silicon, as long as it can be punctured with the ultra-small holes. This finding makes the device much more practical; it "turns an initially narrow window to a wide-open door for broad potential," Yao tells Vice.

According to The Verge, Amazon is shuttering its health-focused Halo division. All three Halo products will be discontinued and portions of the Halo team will be laid off. From the report: "We have made the difficult decision to wind down the Halo program, which will result in role reductions," Melissa Cha, Amazon's VP of smart home and health, told staffers in an email obtained by The Verge. "More recently, Halo has faced significant headwinds, including an increasingly crowded segment and an uncertain economic environment. Although our customers love many aspects of Halo, we must prioritize resources and maximize benefits to customers and the long-term health of the business."

"We continually evaluate the progress and potential of our products to deliver customer value, and we regularly make adjustments based on those assessments," Amazon spokesperson Kristy Schmidt told The Verge in an email. "We recently made the difficult decision to stop supporting Amazon Halo effective July 31, 2023. We are incredibly proud of the invention and hard work that went into building Halo on behalf of our customers, and our priorities are taking care of our customers and supporting our employees." The company says it will refund customers who bought a Halo devices or accessory band in the last 12 months. "All unused prepaid Halo subscription fees will be refunded, and users will no longer be charged," adds The Verge. Early adopters, like myself, are out of luck.

In related news, Amazon kicked off another round of layoffs today, impacting its cloud computing and human resources divisions.

An anonymous reader quotes a report from Ars Technica: Like in other parts of the world, Canada is working out what the right to repair means for its people. The federal government said in its 2023 budget released Tuesday that it will bring the right to repair to Canada. At the same time, it's considering a universal charging port mandate like the European Union (EU) is implementing with USB-C. The Canadian federal government's 2023 budget introduces the right to repair under the chapter "Making Life More Affordable and Supporting the Middle Class." It says that the "government will work to implement a right to repair, with the aim of introducing a targeted framework for home appliances and electronics in 2024." The government plans to hold consultations on the matter and claimed it will "work closely with provinces and territories" to implement the right to repair in Canada:

"When it comes to broken appliances or devices, high repair fees and a lack of access to specific parts often mean Canadians are pushed to buy new products rather than repairing the ones they have. This is expensive for people and creates harmful waste. Devices and appliances should be easy to repair, spare parts should be readily accessible, and companies should not be able to prevent repairs with complex programming or hard-to-obtain bespoke parts. By cutting down on the number of devices and appliances that are thrown out, we will be able to make life more affordable for Canadians and protect our environment."

The budget also insinuates that right-to-repair legislation can make third-party repairs cheaper than getting a phone, for example, repaired by the manufacturer, where it could cost "far more than it should." Canada's 2023 budget also revealed the government's interest in introducing a standard charging port for electronics. The budget says the government "will work with international partners and other stakeholders to explore implementing a standard charging port in Canada." It says a universal charging port could help residents save money and e-waste. "Every time Canadians purchase new devices, they need to buy new chargers to go along with them, which drives up costs and increases electronic waste," the budget says.

In its quarterly earnings report today, Apple said the company passed the 2 billion device milestone while Services have hit a new revenue record. 9to5Mac reports: Apple saw a dip for its Q1 2023 fiscal quarter with just over $117 billion in revenue. That's down 5% YoY -- with the compare being its all-time record for fiscal Q1 in 2022 which saw $123.95 billion in revenue. However, the company pointed out two bright spots with 2 billion of its devices now in use and a fresh revenue record for its Services.

Last year at this time Apple shared it hit 1.8 billion active devices. That means it added more than 200 million Apple devices in the last 12 months to surpass the 2 billion mark. That's impressive since its installed base was growing by around 100-150 million new devices per year since 2019. And active devices doubled from 1 to 2 billion in just seven years. As for the Services, it saw a record $20.8 billion in revenue for the quarter, slightly beating the $19.5 billion estimate.

According to the latest official Android distribution numbers from Google, Android 13 is running on 5.2% of all devices less than six months after launch. 9to5Google reports: According to Android Studio, devices running Android 13 now account for 5.2% of all devices. Meanwhile Android 12 and 12L now account for 18.9% of the total, a significant increase from August's 13.5% figure. Notably, while Google's chart does include details about Android 13, it doesn't make a distinction between Android 12 and 12L. Looking at the older versions, we see that usage of Android Oreo has finally dropped below 10%, with similar drops in percentage down the line. Android Jelly Bean, which previously weighed in at 0.3%, is no longer listed, while KitKat has dropped from 0.9% to 0.7%. Android 13's 5.2% distribution number "is better than it sounds," writes Ryan Whitwam via ExtremeTech: These numbers show an accelerating pickup for Google's new platform versions. If you look back at stats from the era of Android KitKat and Lollipop, the latest version would only have a fraction of this usage share after half a year. That's because the only phones running the new software would be Google's Nexus phones, plus maybe one or two new devices from OEMs that worked with Google to deploy the latest software as a marketing gimmick.

The improvements are thanks largely to structural changes in how Android is developed and deployed. For example, Project Treble was launched in 2017 to re-architect the platform, separating the OS framework from the low-level vendor code. This made it easier to update devices without waiting on vendors to provide updated drivers. We saw evidence of improvement that very year, and it's gotten better ever since.

According to new research, Google is working on a new Bluetooth tracker device to compete with Apple's AirTags. 9to5Google reports: Since 2021, Google has included ultra-wideband (UWB) connectivity in its high-end "Pro" phones like the Pixel 6 Pro and Pixel 7 Pro. For now, the hardware has only been used for niche cases like unlocking a luxury car or sending files to a friend, but it's been clear that Google intends for UWB to be used more often. [...] To build up its own "Finder Network," compete with Apple AirTags, and potentially make UWB more useful on Pixel phones, Google is reportedly developing its own tracking accessory. The information comes courtesy of Android researcher and frequent Pixel leaker Kuba Wojciechowski.

The tracker is said to be in development under the codename "Grogu" -- a reference to the popular Star Wars series "The Mandalorian" -- alongside the alternate names "GR10" and "Groguaudio." The only other tidbits that have been uncovered so far suggest that the Nest team is seemingly taking lead on the development and that the tracker may be available in multiple colors. The "Groguaudio" codename suggests that Google's tracker would potentially come equipped with a speaker. On Apple's AirTags, a built-in speaker serves as both a privacy measure and a location aid, as if you move someone else's AirTag after it's been separated from them, it will beep. This is just one of many potential privacy issues that Google will need to work through before launching a tracker accessory like this one.

The Biden administration said it will launch a cybersecurity labeling program for consumer Internet of Things devices starting in 2023 in an effort to protect Americans from "significant national security risks." TechCrunch reports: Inspired by Energy Star, a labeling program operated by Environmental Protection Agency and the Department of Energy to promote energy efficiency, the White House is planning to roll out a similar IoT labeling program to the "highest-risk" devices starting next year, a senior Biden administration official said on Wednesday following a National Security Council meeting with consumer product associations and device manufacturers. Attendees at the meeting included White House cyber official Anne Neuberger, FCC chairwoman Jessica Rosenworcel, National Cyber Director Chris Inglis and Sen. Angus King, alongside leaders from Google, Amazon, Samsung, Sony and others.

The initiative, described by White House officials as "Energy Star for cyber," will help Americans to recognize whether devices meet a set of basic cybersecurity standards devised by the National Institute of Standards and Technology (NIST) and the Federal Trade Commission (FTC). Though specifics of the program have not yet been confirmed, the administration said it will "keep things simple." The labels, which will be "globally recognized" and debut on devices such as routers and home cameras, will take the form of a "barcode" that users can scan using their smartphone rather than a static paper label, the administration official said. The scanned barcode will link to information based on standards, such as software updating policies, data encryption and vulnerability remediation.

It's been a long time since Microsoft updated its Surface Studio line of all-in-one PCs. While rumors had suggested a Surface Studio 3 was on the way, Microsoft is debuting its Surface Studio 2 Plus today instead -- an upgrade on the Surface Studio 2 that launched four years ago. It includes some important upgrades on the inside, but the exterior is practically the same, and it all starts at an eye-watering $4,299. From a report: The Surface Studio 2 Plus will ship with Intel's 11th Gen Core i7-11370H processor, a chip that's rapidly approaching two years on the market. We're about to enter Intel's 13th Gen era, so it's hugely disappointing to see Microsoft not move to 12th Gen H series chips or wait for Intel's latest and greatest. "Our goal was ship to market sooner, especially for a lot of our commercial customers... so we focused on stability and supply with known good parts because the difference from 11th to 12th Gen on the H series wasn't something we needed to push for," explains Pete Kyriacou, vice president of program management at Microsoft, in an interview with The Verge. Despite the disappointing CPU choice, Microsoft has opted for a graphics card upgrade here. The Surface Studio 2 Plus comes with Nvidia's RTX 3060 laptop GPU with 6GB of VRAM. Microsoft has redesigned its Surface Studio 2 Plus motherboard, and the RTX 3060 itself will be running at around 60-70 watts in a laptop configuration. Microsoft hides all of the components in the Studio 2 Plus inside a little laptop-like enclosure underneath the 28-inch display.

Amazon's Glow is no more. The tech giant has discontinued the children's device, which included an 8-inch display and a projector that could display games on a mat, Bloomberg reported Tuesday. ArsTechnica: You can't buy the Glow on Amazon's website anymore. According to Bloomberg, the device was on sale for $150 (down from $300) on Tuesday before it became listed as unavailable later that day. The publication cited slow sales as a reason for the product's demise. It also noted the device's focus on remote connectivity as pandemic-related restrictions eased. Amazon announced Glow on September 28, 2021, before launching invite-only availability, followed by general availability in March. "We... continually evaluate the progress and potential of our products to deliver customer value, and we regularly make adjustments based on those assessments," Kristy Schmidt, an Amazon spokesperson, told Bloomberg. "We will be sharing updates and guidance with Glow customers soon." The Glow allowed children to video chat, draw, and play games with family members remotely via the 8-inch display. It also projected onto a 19-inch mat that children could interact with. One obvious downside was the requirement of an Amazon Kids+ subscription for playing games and accessing other content, like books and art. The service is $5 per month. Glow came from Amazon's Grand Challenge lab, which makes experimental products.

SmartDry, a small sensor that could be mounted inside a dryer to tell you when your clothes were dry, is losing access to the servers necessary for it to continue working. "In other words, SmartDry will become a tiny brick inside your dryer unless you're willing to procure a little ESP32 development board, load some code onto it, plug it in near your dryer, and set up your own alerts in your Home Assistant server," reports Ars Technica. From the report: The problem is that SmartDry alerted you to dry clothing by connecting to your home's Wi-Fi; the device sent a message to parent company Connected Life's servers and then relayed that message to your smartphone. But Connected Life Labs is closing, discontinuing SmartDry, and shutting down its servers on September 30. After that, "cloud services will cease operations and the product apps will no longer be supported."

Smart home devices bricked by cloud closures aren't new, but SmartDry was a particularly useful, low-key device made by a firm that didn't seem to be expanding too fast. Connected Life was originally a three-person team prototyping units in New Jersey, and the device remained made in the US. A co-founder told Reviewed in late 2021 that a version for the washing machine was being tested and was expected to see release in summer 2022.

Apple's upcoming entry-level iPad is rumored to cut the 3.5mm headphone jack, joining the iPad Pro, iPad Air, iPad Mini, and the entire iPhone lineup. The Verge reports: MySmartPrice says the CAD renders are sourced from a case maker working on accessories for what will be the 10th-generation iPad. It's a substantial redesign from the classic iPad design that has been left largely untouched for years; Apple increased the display size slightly in 2017 and has made other internal hardware upgrades, but the overall look has remained consistent. It appears that's about to change, with the new iPad sharing the same flat-sides aesthetic as recent iPhones, iPads, the 14-inch / 16-inch MacBook Pro, and 2022 MacBook Air. Both 9to5Mac and MacRumors reported on the renders. But as always, treat these easily faked images with a healthy amount of skepticism.

The home button remains present, which means so do the sizable bezels above and below the display. MySmartPrice reports that the screen should be larger than the current 10.2-inch model, and there's a redesigned camera on the iPad's back reminiscent of the module from the iPhone X. The revamped iPad has a USB-C port, which would complete the transition for Apple's tablet line. These renders also include quad speakers, and that's where I get somewhat doubtful of what we're seeing: only the iPad Pro is currently outfitted with four speakers, so if this pans out, the base-level iPad would be leapfrogging both the iPad Air and Mini in the audio department. That strikes me as unlikely, but it could also serve as Apple's justification for nixing the headphone jack from a product used in many classrooms and other scenarios where support for affordable wired headphones has been meaningful.

The winner of this year's MIT $100K Entrepreneurship Competition is commercializing a new water desalination technology. MIT News reports: Nona Desalination says it has developed a device capable of producing enough drinking water for 10 people at half the cost and with 1/10th the power of other water desalination devices. The device is roughly the size and weight of a case of bottled water and is powered by a small solar panel. The traditional approach for water desalination relies on a power-intensive process called reverse osmosis. In contrast, Nona uses a technology developed in MIT's Research Laboratory of Electronics that removes salt and bacteria from seawater using an electrical current.

"Because we can do all this at super low pressure, we don't need the high-pressure pump [used in reverse osmosis], so we don't need a lot of electricity," says Crawford, who co-founded the company with MIT Research Scientist Junghyo Yoon. "Our device runs on less power than a cell phone charger." The company has already developed a small prototype that produces clean drinking water. With its winnings, Nona will build more prototypes to give to early customers. The company plans to sell its first units to sailors before moving into the emergency preparedness space in the U.S., which it estimates to be a $5 billion industry. From there, it hopes to scale globally to help with disaster relief. The technology could also possibly be used for hydrogen production, oil and gas separation, and more.

Matter is a new open-source, interoperability smart home standard that's been created by over 200 companies to allow all of your devices to communicate with each other locally, without the need for a cloud. The Verge sat down with Michele Turner, the senior director of Google Smart Home Ecosystem, to hear how the company plans to implement Matter when it finally arrives later this year. Here's an excerpt from the interview: Matter has evolved substantially from that first meeting, and there have been delays and setbacks. Do you still feel confident in that original vision, that it's being carried through and is on track to achieve what you set out to do at that Woodside dinner three years ago?

Michele Turner: I do. And, in fact, I think it's exceeding our original vision in some ways. It's been incredibly heartening to see the enthusiasm and the adoption and the number of companies that have joined the CSA and the Matter workgroup. We're at 200 companies -- it's amazing.

How is Matter going to change the smart home experience for the Google Home user?

Michele Turner: "For the Google Home user, I think the bigger areas of Matter where they'll see change first is in getting your devices set up. I just set up some lights at my mother-in-law's house, and it still took me 45 minutes to set up four lights. It shouldn't have been so hard. The first thing is going to be that significantly simpler setup. The second piece is the speed and the reliability of the local network. This has been a big pain point for users. My team spent a lot of time working with partners on improving reliability and reducing latency. Because in our mind, if it's not as fast as a light switch, what's the point? We believe Matter's going to drive down those latency numbers significantly and improve the overall reliability of devices in the home. Then, I think interoperability for users is going to be a big piece. As much as we love having everybody using the Google Assistant, the reality is people have iPhones and Android phones in their homes. Some of them want to use HomeKit. We just don't have that kind of compatibility today for users. And I think that's hard. Being able to have multi-admin really work well between these ecosystems is going to be a big benefit for users.

Then, our long-term goal is to build out what we call the proactive home. Instead of having a whole bunch of connected devices, how do we build that truly proactive home that works for the benefit of users? ... Matter is going to be absolutely foundational to that. It's the architecture behind the proactive home. If we don't have a home that's reliable, if we don't have things running locally, if it doesn't work consistently, we cannot deliver on that promise. The proactive home is really that intelligence layer, whether it's being able to predict that I'm going upstairs, it's 10 at night, and I always go into my bedroom at that time, so turn on the lights for me; or, I'm watching TV, it's 9:30PM, the kids are in bed, and I get a notification on my phone that the lights just went on in the kid's bedroom. Is somebody sick? Are they watching YouTube? Being able to do anomaly detection. Now, Matter doesn't do that. But it's foundational to be able to enable the rest of that. Because if that core foundation of the home -- of the smart home -- isn't solid, the rest of it just doesn't work."

As you've said, Matter is complicated. And there's a lot of expectation that's been placed on its shoulders. What would you say is the biggest misconception right now with Matter?

Michele Turner: "I think the biggest misconception is that Matter is going to solve every problem in IoT. It doesn't have a native intelligence layer that's going to automatically give you the proactive home. In my mind, it's solving three very foundational things. It's solving making setup easier for the majority of the devices that people put in their homes. Not the majority of device types, necessarily, but the majority of devices people put in their homes. It's making the IoT more reliable and faster. And then it's going to solve this multi-admin problem. It's going to provide that device interconnectivity that we don't have today that is really great for users. While it's going to be a lot more than that, it's not today. But it's solving what we believe are really the core problems that have challenged adoption by mainstream users in the past." The report notes that all of Google's existing Nest branded smart speakers and displays will be upgraded to support Matter, "allowing you to use Google's voice assistant to control any Matter-enabled device in your home, no matter who made it."

theodp shares a report from Chicago Sun-Times, written by Frank Main: When the school system [Chicago Public Schools] shifted to having students learn remotely in the spring of 2020 near the beginning of the pandemic, it lent students iPads, MacBooks and Windows computer devices so they could do school work and attend virtual classes from home. CPS then spent about $165 million to buy Chromebook desktop computers so that every student from kindergarten through senior year in high school who needed a computer could have one. Students borrowed 161,100 Chromebooks in September 2020. By June 2021, more than 210,000 of those devices had been given out. Of them, nearly 40,000 Chromebooks have been reported lost -- nearly a fifth of those that were lent.

"Schools have made repeated efforts to recover the lost devices from families without success," according to a written statement from CPS officials in response to questions about the missing school property. Also missing are more than 9,600 iPads, 114 televisions, 1,680 printers and 1,127 audiovisual projectors, among many other items. Officials say CPS has bought new computer devices to replace the missing ones. Longtime Slashdot reader theodp notes that "there were 340,658 students enrolled in the Chicago Public Schools (CPS) at the start of the 2020-2021 school year."

ryanw shares a report from BleepingComputer: A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software. The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a .deadbolt file extension. Instead of creating ransom notes in each folder on the device, the QNAP device's login page is hijacked to display a screen stating, "WARNING: Your files have been locked by DeadBolt." This screen informs the victim that they should pay 0.03 bitcoins (approximately $1,100) to an enclosed Bitcoin address unique to each victim.

After payment is made, the threat actors claim they will make a follow-up transaction to the same address that includes the decryption key. This decryption key can then be entered into the screen to decrypt the device's files. At this time, there is no confirmation that paying a ransom will result in receiving a decryption key or that users will be able to decrypt files. The DeadBolt ransomware gang is offering the full details of the alleged zero-day vulnerability if QNAP pays them 5 Bitcoins worth $184,000. They are also willing to sell QNAP the master decryption key that can decrypt the files for all affected victims and the zero-day info for 50 bitcoins, or approximately $1.85 million.

MIT, Brigham, and Women's Hospital researchers are working to eliminate many of the headaches associated with treating diabetes. According to Engadget, "They're developing all-in-one devices that measure glucose, calculate the necessary insulin dose and inject you accordingly." From the report: The first device includes the blood-drawing lancet, glucose test strips and an insulin needle. Users would first take a photo of their meal using a smartphone app to estimate the food volume and carbohydrate levels. After that, they'd start the automated process of collecting blood, calculating glucose (again through the app) and delivering the appropriate amount of insulin. The second gadget would only need one needle jab -- it would build the glucose sensor into the insulin needle and inject the appropriate amount of insulin. You'd have to wait five to ten seconds, but you wouldn't have to stick yourself twice.

The technology is still some ways off. While the first device would use parts that were already FDA-approved, it hasn't been tested in humans. The second, meanwhile, uses a new sensor type that will likely require more work to be testable with humans. Scientists have filed patents for both devices and are hoping to work with companies on further development. There's a strong motivation to bring these devices to market, at least. People with diabetes would only need to use one device at meals, and with the hybrid sensor/needle might suffer less pain. That, in turn, could encourage consistent treatment that improves your overall wellbeing.

Google is tweaking the Nearby Share feature to allow users to share files to their own devices. The new feature called 'Self Share' is now under development. Dinsan Francis writes via Chrome Story: Google recently launched a new feature called Nearby Share. Similar to Apple's AirDrop, Nearby Share allows users to send files to devices nearby. Building on this feature, Google is adding 'Self Share', a new addition to Nearby Share. Self Share helps you send files between your own devices using the Nearby Share method. [...] When this new feature is ready, you will see the "Send to Your Devices" option in the Nearby Share menu.

Security researcher Trevor Spiniolas has discovered a vulnerability "capable of locking iOS devices into a spiral of freezing, crashing, and rebooting if a user connects to a sabotaged Apple Home device," reports The Verge. From the report: The vulnerability [...] can be exploited through Apple's HomeKit API, the software interface that allows an iOS app to control compatible smart home devices. If an attacker creates a HomeKit device with an extremely long name -- around 500,000 characters -- then an iOS device that connects to it will become unresponsive once it reads the device name and enter a cycle of freezing and rebooting that can only be ended by wiping and restoring the iOS device. What's more, since HomeKit device names are backed up to iCloud, signing in to the same iCloud account with a restored device will trigger the crash again, with the cycle continuing until the device owner switches off the option to sync Home devices from iCloud.

Though it's possible that an attacker could compromise a user's existing HomeKit-enabled device, the most likely way the exploit would be triggered is if the attacker created a spoof Home network and tricked a user into joining via a phishing email. To guard against the attack, the main precaution for iOS users is to instantly reject any invitations to join an unfamiliar Home network. Additionally, iOS users who currently use smart home devices can protect themselves by entering the Control Center and disabling the setting "Show Home Controls." (This won't prevent Home devices from being used but limits which information is accessible through the Control Center.)

If you're still using an older BlackBerry phone running BlackBerry OS, it's time you upgrade devices. According to BlackBerry, it's ending support for legacy services for BlackBerry OS and BlackBerry PlayBook OS on January 4, 2022. Liliputing reports: Among other things, that means that if you have a phone running BlackBerry 10 or BlackBerry 7.1 OS or earlier, then as of January 4, 2022 it will no longer reliably support: Phone calls; SMS; and 9-1-1 emergency calls. BlackBerry says WiFi and mobile data might also become unreliable, and applications including BlackBerry Link, BlackBerry Desktop Manager, BlackBerry World, BlackBerry Protect, BlackBerry Messenger, and BlackBerry Blend "will also have limited functionality."

The BlackBerry PlayBook tablet is also reaching end-of-life status, which means that anyone hanging onto the 10-year-old tablet will also find it severely limited starting January 4th. But the fact that BlackBerry discontinued the tablet a year after launch suggests that there probably never were all that many PlayBook owners in the first place and that number has surely dwindled over the past decade. Folks who are still using a device with BlackBerry OS will want to check out the company's FAQ for tips on migrating their data to other platforms while they still can.

According to job listings on LinkedIn, Google appears to be working on an augmented reality device and operating system to pair with it. Ars Technica reports: On LinkedIn, operating system engineering director Mark Lucovsky announced that he has joined Google. He previously headed up mixed reality operating system work for Meta, and before that he was one of the key architects of Windows NT at Microsoft. "My role is to lead the Operating System team for Augmented Reality at Google," he wrote. He also posted a link to some job listings at Google that give the impression Google is getting just as serious about AR as Apple or Meta.

As 9to5Google discovered, one of the listings ("Senior Software Developer, Embedded, Augmented Reality OS") described Google's objective in clear terms: "Our team is building the software components that control and manage the hardware on our Augmented Reality (AR) products. These are the software components that run on the AR devices and are the closest to the hardware. As Google adds products to the AR portfolio, the OS Foundations team is the very first software team to work with new hardware." Other job listings say new hires will be working on an "innovative AR device." And one specifies that Google is "focused on making immersive computing accessible to billions of people through mobile devices." The roles are largely in the United States, but some are located in Waterloo, Ontario -- the HQ of Canadian smart glasses maker North, which Google acquired in 2020.

An anonymous reader quotes a report from the Record: A recently discovered FBI training document shows that US law enforcement can gain limited access to the content of encrypted messages from secure messaging services like iMessage, Line, and WhatsApp, but not to messages sent via Signal, Telegram, Threema, Viber, WeChat, or Wickr. The document, obtained earlier this month following a FOIA request filed by Property of the People, a US nonprofit dedicated to government transparency, appears to contain training advice for what kind of data agents can obtain from the operators of encrypted messaging services and the legal processes they have to go through.

Dated to January 7, 2021, the document doesn't include any new information but does a good job at providing an up-to-date summary of what type of information the FBI can currently obtain from each of the listed services. [...] While the document confirms that the FBI can't gain access to encrypted messages sent through some services, the other type of information they can glean from providers might still help authorities in other aspects of their investigations. The content of the document, which may be hard to read due to some font rendering issues, is also available in the table [embedded in the article]. Of note, the table above does not include details about Keybase, a recent end-to-end encrypted (E2EE) service that has been gaining in popularity. The service was acquired by video conferencing software maker Zoom in May 2020.