An anonymous reader quotes a report from MIT Technology Review: Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state surveillance groups, according to researchers at the Citizen Lab, a technology and security research lab affiliated with the University of Toronto.

These apps help users type Chinese characters more efficiently and are ubiquitous on devices used by Chinese people. The four most popular apps -- built by major internet companies like Baidu, Tencent, and iFlytek -- basically account for all the typing methods that Chinese people use. Researchers also looked into the keyboard apps that come preinstalled on Android phones sold in China. What they discovered was shocking. Almost every third-party app and every Android phone with preinstalled keyboards failed to protect users by properly encrypting the content they typed. A smartphone made by Huawei was the only device where no such security vulnerability was found.

In August 2023, the same researchers found that Sogou, one of the most popular keyboard apps, did not use Transport Layer Security (TLS) when transmitting keystroke data to its cloud server for better typing predictions. Without TLS, a widely adopted international cryptographic protocol that protects users from a known encryption loophole, keystrokes can be collected and then decrypted by third parties. Even though Sogou fixed the issue after it was made public last year, some Sogou keyboards preinstalled on phones are not updated to the latest version, so they are still subject to eavesdropping. [...] After the researchers got in contact with companies that developed these keyboard apps, the majority of the loopholes were fixed. But a few companies have been unresponsive, and the vulnerability still exists in some apps and phones, including QQ Pinyin and Baidu, as well as in any keyboard app that hasn't been updated to the latest version.

Samantha Cole reports via 404 Media: A Japan-based online art platform is banning kink content for users based in the US and UK, as laws in these countries continue to tighten around sites that allow erotic content. Pixiv is an image gallery site where artists primarily share illustrations, manga, and novels. The site announced on April 22 that starting April 25, users whose account region is set to the US or UK will be subject to Pixiv's new terms of use, "Restrictions for Healthy Expression in Specific Countries and Regions."

The restrictions include several kinds of content that are illegal in the US, including sexualized depictions of minors and bestiality, as well as non-consensual depictions and deepfakes. But it also includes "content that appeals to the prurient interest, is patently offensive in light of community standards where you are located or where such content may be accessed or distributed, lacks serious literary, artistic, political, or scientific value, or otherwise violates any applicable obscenity laws, rules or regulations." This is an invocation of the Miller test, which determines non-constitutionally protected obscenity. "I'd never say this a few years ago, but it's my personal fear that the next step is most major internet hosting services implementing these policies on an infrastructure level," said an artist who goes by kradeelav. "My colleagues are certainly planning for it by specifically looking for kink-friendly hosts, to actually making homebrew servers themselves in worst-case scenarios."

Hartley Charlton reports via MacRumors: Apple is said to be developing its own AI server processor using TSMC's 3nm process, targeting mass production by the second half of 2025. According to a post by the Weibo user known as "Phone Chip Expert," Apple has ambitious plans to design its own artificial intelligence server processor. The user, who claims to have 25 years of experience in the integrated circuit industry, including work on Intel's Pentium processors, suggests this processor will be manufactured using TSMC's 3nm node.

Apple's purported move toward developing a specialist AI server processor is reflective of the company's ongoing strategy to vertically integrate its supply chain. By designing its own server chips, Apple can tailor hardware specifically to its software needs, potentially leading to more powerful and efficient technologies. Apple could use its own AI processors to enhance the performance of its data centers and future AI tools that rely on the cloud. While Apple is rumored to be prioritizing on-device processing for many of its upcoming AI tools, it is inevitable that some operations will have to occur in the cloud. By the time the custom processor could be integrated into operational servers in late 2025, Apple's new AI strategy should be well underway.

Google is delaying the end of third-party cookies in Chrome -- again. This marks the third time Google pushed back its original deadline set in January 2020, when the company said it would phase out third-party cookies "within two years" to improve internet security. Digiday reports: The announcement was made on Tuesday ahead of quarterly reports from Google and the ever-watchful U.K. Competition and Markets Authority (CMA), keeping tabs on how this whole situation unfolds.

"We recognize that there are ongoing challenges related to reconciling divergent feedback from the industry, regulators and developers, and will continue to engage closely with the entire ecosystem," according to a statement Google posted on its website for the Privacy Sandbox. "It's also critical that the CMA has sufficient time to review all evidence including results from industry tests, which the CMA has asked market participants to provide by the end of June. Given both of these significant considerations, we will not complete third-party cookie deprecation during the second half of Q4."

Google did not outline a more specific timetable beyond hoping for 2025. [...] "We remain committed to engaging closely with the CMA and ICO and we hope to conclude that process this year," Google's statement read. "Assuming we can reach an agreement, we envision proceeding with third-party cookie deprecation starting early next year." "We welcome Google's announcement clarifying the timing of third-party cookie deprecation. This will allow time to assess the results of industry tests and resolve remaining issues," said a spokesperson from the CMA. "Under the commitments, Google has agreed to resolve our remaining competition concerns before going ahead with third-party cookie deprecation. Working closely with the ICO we expect to conclude this process by the end of 2024."

At the start of the year, Google started purging third-party cookies for one percent of browser traffic.

An anonymous reader quotes a report from Wired: Network security appliances like firewalls are meant to keep hackers out. Instead, digital intruders are increasingly targeting them as the weak link that lets them pillage the very systems those devices are meant to protect. In the case of one hacking campaign over recent months, Cisco is now revealing that its firewalls served as beachheads for sophisticated hackers penetrating multiple government networks around the world. On Wednesday, Cisco warned that its so-called Adaptive Security Appliances -- devices that integrate a firewall and VPN with other security features -- had been targeted by state-sponsored spies who exploited two zero-day vulnerabilities in the networking giant's gear to compromise government targets globally in a hacking campaign it's calling ArcaneDoor.

The hackers behind the intrusions, which Cisco's security division Talos is calling UAT4356 and which Microsoft researchers who contributed to the investigation have named STORM-1849, couldn't be clearly tied to any previous intrusion incidents the companies had tracked. Based on the group's espionage focus and sophistication, however, Cisco says the hacking appeared to be state-sponsored. "This actor utilized bespoke tooling that demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor," a blog post from Cisco's Talos researchers reads. Cisco declined to say which country it believed to be responsible for the intrusions, but sources familiar with the investigation tell WIRED the campaign appears to be aligned with China's state interests.

Cisco says the hacking campaign began as early as November 2023, with the majority of intrusions taking place between December and early January of this year, when it learned of the first victim. "The investigation that followed identified additional victims, all of which involved government networks globally," the company's report reads. In those intrusions, the hackers exploited two newly discovered vulnerabilities in Cisco's ASA products. One, which it's calling Line Dancer, let the hackers run their own malicious code in the memory of the network appliances, allowing them to issue commands to the devices, including the ability to spy on network traffic and steal data. A second vulnerability, which Cisco is calling Line Runner, would allow the hackers' malware to maintain its access to the target devices even when they were rebooted or updated. It's not yet clear if the vulnerabilities served as the initial access points to the victim networks, or how the hackers might have otherwise gained access before exploiting the Cisco appliances. Cisco advises that customers apply its new software updates to patch both vulnerabilities.

A separate advisory (PDF) from the UK's National Cybersecurity Center notes that physically unplugging an ASA device does disrupt the hackers' access. "A hard reboot by pulling the power plug from the Cisco ASA has been confirmed to prevent Line Runner from re-installing itself," the advisory reads.

Axon on Tuesday announced a new tool called Draft One that uses artificial intelligence built on OpenAI's GPT-4 Turbo model to transcribe audio from body cameras and automatically turn it into a police report. Axon CEO Rick Smith told Forbes that police officers will then be able to review the document to ensure accuracy. From the report: Axon claims one early tester of the tool, Fort Collins Colorado Police Department, has seen an 82% decrease in time spent writing reports. "If an officer spends half their day reporting, and we can cut that in half, we have an opportunity to potentially free up 25% of an officer's time to be back out policing," Smith said. These reports, though, are often used as evidence in criminal trials, and critics are concerned that relying on AI could put people at risk by depending on language models that are known to "hallucinate," or make things up, as well as display racial bias, either blatantly or unconsciously.

"It's kind of a nightmare," said Dave Maass, surveillance technologies investigations director at the Electronic Frontier Foundation. "Police, who aren't specialists in AI, and aren't going to be specialists in recognizing the problems with AI, are going to use these systems to generate language that could affect millions of people in their involvement with the criminal justice system. What could go wrong?" Smith acknowledged there are dangers. "When people talk about bias in AI, it really is: Is this going to exacerbate racism by taking training data that's going to treat people differently?" he told Forbes. "That was the main risk."

Smith said Axon is recommending police don't use the AI to write reports for incidents as serious as a police shooting, where vital information could be missed. "An officer-involved shooting is likely a scenario where it would not be used, and I'd probably advise people against it, just because there's so much complexity, the stakes are so high." He said some early customers are only using Draft One for misdemeanors, though others are writing up "more significant incidents," including use-of-force cases. Axon, however, won't have control over how individual police departments use the tools.

Similar to the way Google makes its mobile OS Android open source, Meta announced it is opening up its Quest headset's operating system to rival device makers. Reuters reports: The move will allow partner companies to build their headsets using Meta Horizon OS, a rebranded operating system that brings capabilities like gesture recognition, passthrough, scene understanding and spatial anchors to the devices that run on it, the company said in a blog post. The social media company said partners Asus and Lenovo would use the operating system to build devices tailored for particular activities. Meta is also using it to make a limited edition version of the Quest headset "inspired by" Microsoft's Xbox gaming console, according to the company's statement. [...]

In a video posted on Zuckerberg's Instagram account, he previewed examples of specialized headsets partners might make: a lightweight device with sweat-wicking materials for exercise, an immersive high-resolution one for entertainment and another equipped with sensation-inducing haptics for gaming. Meta said in its blog post that ASUS' Republic of Gamers is developing a gaming headset and Lenovo is working on an MR device for productivity, learning, and entertainment using the Horizon OS. Zuckerberg said it may take a few years for these devices to launch. [...] Meta said the Meta Horizon OS includes Horizon Store, renamed from Quest Store, to download apps and experiences. The platform will work with a mobile companion app now called Meta Horizon app. While Google is reportedly working on an Android platform for VR and MR devices, Meta has called on Google to bring the Play Store to Quest, saying: "Because we don't restrict users to titles from our own app store, there are multiple ways to access great content on Meta Horizon OS, including popular gaming services like Xbox Game Pass Ultimate, or through Steam Link or our Air Link system for wirelessly streaming PC software to headsets. And we encourage the Google Play 2D app store to come to Meta Horizon OS, where it can operate with the same economic model it does on other platforms."

"Should Google bring the Play Store to Horizon OS, Meta says Google would be able to operate it on the 'same economic model' as it does on Android," notes 9to5Google. "In theory, that could actually represent a better payout for developers compared to what's been reported for Meta's store, but Meta does specifically say '2D app store,' implying VR/XR apps wouldn't be in the Play Store on Horizon OS."

An anonymous reader quotes a report from Ars Technica: Two researchers at the University of California, Davis -- Yanning Li and Alan Jenn -- have determined that nearly two-thirds of [California's] feeder lines don't have the capacity that will likely be needed for car charging. Updating to handle the rising demand might set its utilities back as much as 40 percent of the existing grid's capital cost. Li and Jenn aren't the first to look at how well existing grids can handle growing electric vehicle sales; other research has found various ways that different grids fall short. However, they have access to uniquely detailed data relevant to California's ability to distribute electricity (they do not concern themselves with generation). They have information on every substation, feeder line, and transformer that delivers electrons to customers of the state's three largest utilities, which collectively cover nearly 90 percent of the state's population. In total, they know the capacity that can be delivered through over 1,600 substations and 5,000 feeders.[...]

By 2025, only about 7 percent of the feeders will experience periods of overload. By 2030, that figure will grow to 27 percent, and by 2035 -- only about a decade away -- about half of the feeders will be overloaded. Problems grow a bit more slowly after that, with two-thirds of the feeders overloaded by 2045, a decade after all cars sold in California will be EVs. At that point, total electrical demand will be close to twice the existing capacity. The problems aren't evenly distributed, though. They appear first in high-population areas like the Bay Area. And throughout this period, most of the problems are in feeders that serve residential and mixed-use neighborhoods. The feeders that serve neighborhoods that are primarily business-focused don't see the same coordinated surge in demand that occurs as people get home from work and plug in; they're better able to serve the more erratic use of charging stations at office complexes and shopping centers. In terms of the grid, residential services will need to see their capacity expand by about 16 gigawatts by 2045. Public chargers will need nine gigawatts worth of added capacity by the same point. The one wild card is direct current fast charging. Eliminating fast chargers entirely would reduce the number of feeders that need upgrades by 12 percent. Converting all public stations to DC fast charging, in contrast, would boost that number by 15 percent. So the details of the upgrades that will be needed will be very sensitive to the impatience of EV drivers.

Paying for the necessary upgrades will be pricey, but there's a lot of uncertainty here. Li and Jenn came up with a range of anywhere between $6 billion and $20 billion. They put this in context in two ways. The total capital invested in the existing grid is estimated to be $51 billion, so the cost of updating it could be well over a third of its total value. At the same time, the costs will be spread out over decades and only total up to (at most) three times the grid's annual operation and maintenance costs. So in any one year, the costs shouldn't be crippling. All that might be expected to drive the cost of electricity up. But Li and Jenn suggest that the greater volume of electricity consumption will exert a downward pressure on prices (people will pay more overall but pay somewhat less per unit of electricity). Based on a few economic assumptions, the researchers conclude that this would roughly offset the costs of the necessary grid expansion, so the price per unit of electricity would be largely static. The findings have been published in the journal Proceedings of the National Academy of Sciences (PNAS).

Lenovo's latest ThinkPad P1 Gen 7 laptop is set to be the first to use the new LPCAMM2 memory form factor, the successor to SODIMM sticks. From a report: While Lenovo has largely focused on the AI performance of its new laptop, which is equipped with an Intel Core Ultra CPU and Nvidia RTX 3000 Ada GPU, the company also noted that its device was the first in the world to use the LPCAMM2 memory standard. LPCAMM2 uses 64 percent less space than SODIMM and 61 percent less active power, according to Lenovo. This is thanks to it being based on LPDDR5X memory instead of regular DDR5.

Designed specifically for laptops, the LPCAMM2 standard actually has its origins in tech developed by Dell. Simply termed CAMM (Compression Attached Memory Module), it first debuted as a proprietary type of memory in Dell's Precision 7670 in 2022. However, in 2023 the PC giant donated its intellectual property to JEDEC, the organization that standardizes memory technologies. CAMM became LPCAMM2 (Low-Power Compression Attached Memory Module) in September 2023 when JEDEC finally confirmed its specifications. Samsung promptly announced plans to produce LPCAMM2 sticks, and claimed they would have 50 percent more performance and 70 percent more efficiency than their SODIMM-based predecessors. Plus, LPCAMM2 can offer dual-channel memory without requiring a second module.

Adobe researchers have developed a new generative AI model called VideoGigaGAN that can upscale blurry videos at up to eight times their original resolution. From a report: Introduced in a paper published on April 18th, Adobe claims VideoGigaGAN is superior to other Video Super Resolution (VSR) methods as it can provide more fine-grained details without introducing any "AI weirdness" to the footage. In a nutshell, Generative Adversarial Networks (GANs) are effective for upscaling still images to a higher resolution, but struggle to do the same for video without introducing flickering and other unwanted artifacts. Other upscaling methods can avoid this, but the results aren't as sharp or detailed. VideoGigaGAN aims to provide the best of both worlds -- the higher image/video quality of GAN models, with fewer flickering or distortion issues across output frames. The company has provided several examples here that show its work in full resolution.

Glance, which operates a popular lockscreen platform targeting Android smartphones, is setting its sights on the U.S. market. From a report: The Indian startup recently commenced a pilot program in partnership with Motorola and Verizon in the U.S., with plans for a full launch in the country later this year, sources familiar with the matter told TechCrunch. The Bengaluru-headquartered startup, backed by investors, including Google and Jio Platforms, has already made significant inroads in India, Southeast Asia, and Japan, where it expanded last year. According to a person familiar with the matter, Glance's lockscreen platform today reaches more than 450 million smartphones and is active on about 300 million of them, delivering those customers a customized feed of news, local events, sports updates, media content, and interactive games directly to their lockscreens without requiring them to install additional apps. The recently launched Moto G Power smartphone in the U.S. shipped with Glance's platform, the report says.

Further reading: Motorola Spoiled a Good Budget Phone With Bloatware.

An anonymous reader shares a report: "Early Access" was once a novel, quirky thing, giving a select set of Steam PC games a way to involve enthusiastic fans in pre-alpha-level play-testing and feedback. Now loads of games launch in various forms of Early Access, in a wide variety of readiness. It's been a boon for games like Baldur's Gate 3, which came a long way across years of Early Access. Early Access, and the "Advanced Access" provided for complete games by major publishers for "Deluxe Editions" and the like, has also been a boon to freeloaders.

Craven types could play a game for hours and hours, then demand a refund within the standard two hours of play, 14 days after the purchase window of the game's "official" release. Steam-maker Valve has noticed and, as of Tuesday night, updated its refund policy. "Playtime acquired during the Advanced Access period will now count towards the Steam refund period," reads the update. In other words: Playtime is playtime now, so if you've played more than two hours of a game in any state, you don't get a refund. That closes at least one way that people could, with time-crunched effort, play and enjoy games for free in either Early or Advanced access.

Just as Google, Samsung and Microsoft continue to push their efforts with generative AI on PCs and mobile devices, Apple is moving to join the party with OpenELM, a new family of open source large language models (LLMs) that can run entirely on a single device rather than having to connect to cloud servers. From a report: Released a few hours ago on AI code community Hugging Face, OpenELM consists of small models designed to perform efficiently at text generation tasks. There are eight OpenELM models in total -- four pre-trained and four instruction-tuned -- covering different parameter sizes between 270 million and 3 billion parameters (referring to the connections between artificial neurons in an LLM, and more parameters typically denote greater performance and more capabilities, though not always).

[...] Apple is offering the weights of its OpenELM models under what it deems a "sample code license," along with different checkpoints from training, stats on how the models perform as well as instructions for pre-training, evaluation, instruction tuning and parameter-efficient fine tuning. The sample code license does not prohibit commercial usage or modification, only mandating that "if you redistribute the Apple Software in its entirety and without modifications, you must retain this notice and the following text and disclaimers in all such redistributions of the Apple Software." The company further notes that the models "are made available without any safety guarantees. Consequently, there exists the possibility of these models producing outputs that are inaccurate, harmful, biased, or objectionable in response to user prompts."

Today, Framework is the modular repairable laptop company. Tomorrow, it wants to be a consumer electronics company, period. From a report: That's one of the biggest reasons it just raised another $18 million in funding -- it wants to expand beyond the laptop into "additional product categories." Framework CEO Nirav Patel tells me that has always been the plan. The company originally had other viable ideas beyond laptops, too. "We chose to take on the notebook space first," he says, partly because Framework knew it could bootstrap its ambitions by catering to the PC builders and tinkerers and Linux enthusiasts left behind by big OEMs -- and partly because it wanted to go big or go home.

If Framework could succeed in laptops, he thought, it would be able to build almost anything. After five years building laptops, what might Framework add to the portfolio? Patel won't say -- I only get the barest hints, no matter how many different ways I ask. He won't even say if they'll make less or more of a splash than laptops. Framework might choose an "equally difficult" category or might instead try something "a bit smaller and simpler to execute, streamlined now that we have all this infrastructure."