California has 11.3% of America's population — but bought 30% of America's new zero-emission vehicles. That's according to figures from the California Air Resources Board, which also reports 1 in 4 Californians have chosen a zero-emission car over a gas-powered one... for the last two years in a row.

But what about chargers? It turns out that California now has 48% more public and "shared" private EV chargers than the number of gasoline nozzles. (California has 178,000 public and "shared" private EV chargers, versus about 120,000 gas nozzles.) And beyond that public network, there's more than 700,000 Level 2 chargers installed in single-family California homes, according to the California Energy Commission.

Of the 178,000 public/"shared" private chargers, "Over 162,000 are Level 2 chargers," according to an announcement from the governor's office, while nearly 17,000 are fast chargers. (A chart shows a 41% jump in 2024 — though the EV news site Electrek notes that of the 73,537 chargers added in 2024, nearly 38,000 are newly installed, while the other 35,554 were already plugged in before 2024 but just recently identified.) California approved a $1.4 billion investment plan in December to expand zero-emission transportation infrastructure. The plan funds projects like the Fast Charge California Project, which has earmarked $55 million of funding to install DC fast chargers at businesses and publicly accessible locations.

The Certification Authority/Browser Forum "is a cross-industry group that works together to develop minimum requirements for TLS certificates," writes Google's Security blog. And earlier this month two proposals from Google's forward-looking roadmap "became required practices in the CA/Browser Forum Baseline Requirements," improving the security and agility of TLS connections... Multi-Perspective Issuance Corroboration
Before issuing a certificate to a website, a Certification Authority (CA) must verify the requestor legitimately controls the domain whose name will be represented in the certificate. This process is referred to as "domain control validation" and there are several well-defined methods that can be used. For example, a CA can specify a random value to be placed on a website, and then perform a check to verify the value's presence has been published by the certificate requestor.

Despite the existing domain control validation requirements defined by the CA/Browser Forum, peer-reviewed research authored by the Center for Information Technology Policy of Princeton University and others highlighted the risk of Border Gateway Protocol (BGP) attacks and prefix-hijacking resulting in fraudulently issued certificates. This risk was not merely theoretical, as it was demonstrated that attackers successfully exploited this vulnerability on numerous occasions, with just one of these attacks resulting in approximately $2 million dollars of direct losses.

The Chrome Root Program led a work team of ecosystem participants, which culminated in a CA/Browser Forum Ballot to require adoption of MPIC via Ballot SC-067. The ballot received unanimous support from organizations who participated in voting. Beginning March 15, 2025, CAs issuing publicly-trusted certificates must now rely on MPIC as part of their certificate issuance process. Some of these CAs are relying on the Open MPIC Project to ensure their implementations are robust and consistent with ecosystem expectations...

Linting
Linting refers to the automated process of analyzing X.509 certificates to detect and prevent errors, inconsistencies, and non-compliance with requirements and industry standards. Linting ensures certificates are well-formatted and include the necessary data for their intended use, such as website authentication. Linting can expose the use of weak or obsolete cryptographic algorithms and other known insecure practices, improving overall security... The ballot received unanimous support from organizations who participated in voting. Beginning March 15, 2025, CAs issuing publicly-trusted certificates must now rely on linting as part of their certificate issuance process.
Linting also improves interoperability, according to the blog post, and helps reduce the risk of non-compliance with standards that can result in certificates being "mis-issued".

And coming up, weak domain control validation methods (currently permitted by the CA/Browser Forum TLS Baseline Requirements) will be prohibited beginning July 15, 2025.

"Looking forward, we're excited to explore a reimagined Web PKI and Chrome Root Program with even stronger security assurances for the web as we navigate the transition to post-quantum cryptography."

"The big set of open-source graphics driver updates for Linux 6.15 have been merged," writes Phoronix, "but Linux creator Linus Torvalds isn't particularly happy with the pull request." The new "hdrtest" code is for the Intel Xe kernel driver and is around trying to help ensure the Direct Rendering Manager header files are self-contained and pass kernel-doc tests — basic maintenance checks on the included DRM header files to ensure they are all in good shape.
But Torvalds accused the code of not only slowing down the full-kernel builds, but also leaving behind "random" files for dependencies "that then make the source tree nasty," reports Tom's Hardware: While Torvalds was disturbed by the code that was impacting the latest Linux kernel, beginning his post with a "Grr," he remained precise in his objections to it. "I did the pull, resolved the (trivial) conflicts, but I notice that this ended up containing the disgusting 'hdrtest' crap that (a) slows down the build because it's done for a regular allmodconfig build rather than be some simple thing that you guys can run as needed (b) also leaves random 'hdrtest' turds around in the include directories," he wrote.

Torvalds went on to state that he had previously complained about this issue, and inquired why the hdr testing is being done as a regular part of the build. Moreover, he highlighted that the resulting 'turds' were breaking filename completion. Torvalds underlined this point — and his disgust — by stating, "this thing needs to *die*." In a shot of advice to fellow Linux developers, Torvalds said, "If you want to do that hdrtest thing, do it as part of your *own* checks. Don't make everybody else see that disgusting thing...."

He then noted that he had decided to mark hdrtest as broken for now, to prevent its inclusion in regular builds.
As of Saturday, all of the DRM-Next code had made it into Linux 6.15 Git, notes Phoronix. "But Linus Torvalds is expecting all this 'hdrtest' mess to be cleaned up."

"Microsoft built things. It broke things."

That's how the Seattle Times kicks off a series of articles celebrating Microsoft's 50th anniversary — adding that Microsoft also gave some people "a lucrative retirement early in their lives, and their own stories to tell."

What did they remember from Microsoft's earliest days? Scott Oki joined Microsoft as employee no. 121. The company was small; Gates was hands-on, and hard to please. "One of his favorite phrases was 'that's the stupidest thing I've ever heard,'" Oki says. "He didn't use that on me, so I feel pretty good about that."

Another, kinder phrase that pops to Oki's mind when discussing the international division he founded at Microsoft is "bringing home the bacon." An obsession with rapid revenue growth permeated Microsoft in those early days. Oki was about three weeks into the job as marketing manager when he presented a global expansion plan to Gates. "Had I done business internationally before? No," Oki said. "Do I speak a language other than English? No." But Gates gave Oki a $1 million budget to found the international division and sell Microsoft products overseas.

He established subsidiaries in the most important markets at the time: Japan, United Kingdom, Germany and France. And, because he had a few bucks left over, Australia. "Of the initial subsidiaries we started, every single one of them was profitable in its first year," he says...

Oki left Microsoft on March 1, 1992, 10 years to the day after he was hired.
Other memories shared by early Microsoft employees:

• One recent graudate remembered her parents in Spokane saying "I think that's Mary and Bill Gates' son's company. If that kid is anything like those two, that is going to be a great company,'" She got her first job at Microsoft in 1992 — and 33 years later, she's a senior director at Microsoft Philanthropies.

• The Times also interviewed one of Microsoft's first lawyers, who remembers that "The day the U.S. government sued Microsoft ... that was a tough day for me. It kind of turned my world upside down for about the next eight years."

• Microsoft senior VP Brad Chase remembers negotiating with the Rolling Stones for the rights to their song "Start Me Up" for the Windows 95 ad campaign. ("Chase is quick to dispel any rumor that Mick Jagger called up Bill Gates and got $12 million. But he won't say how much the company paid.")
  
  But Chase does tell the Times that Bill Gates "used to say all of the time, 'We're going to bet the company on Windows.' That was a huge bet because Windows, frankly, was a lousy product in its early days."

What happens when you ask Copilot to "write a program that can be run on an iPhone 16 to select 15 random photos from the phone, tint them to random colors, and display the photos on the phone"?

That's what TouchDevelop did for the long-discontinued Windows Phone in a 2013 Microsoft Research 'SmartSynth' natural language code generation demo. ("Write scripts by tapping on the screen.")

Long-time Slashdot reader theodp reports on what happens when, 14 years later, you pose the same question to Copilot: "You'll get lots of code and caveats from Copilot, but nothing that you can execute as is. (Compare that to the functioning 10 lines of code TouchDevelop program). It's a good reminder that just because GenAI can generate code, it doesn't necessarily mean it will generate the least amount of code, the most understandable or appropriate code for the requestor, or code that runs unchanged and produces the desired results.
theodp also reminds us that TouchDevelop "was (like BASIC) abandoned by Microsoft..." Interestingly, a Microsoft Research video from CS Education Week 2011 shows enthusiastic Washington high school students participating in an hour-long TouchDevelop coding lesson and demonstrating the apps they created that tapped into music, photos, the Internet, and yes, even their phone's functionality. This shows how lacking iPhone and Android still are today as far as easy programmability-for-the-masses goes. (When asked, Copilot replied that Apple's Shortcuts app wasn't up to the task).

The U.S. and China "are racing to build a truly useful humanoid worker," the Wall Street Journal wrote Saturday, adding that "Whoever wins could gain a huge edge in countless industries."

"The time has come for robots," Nvidia's chief executive said at a conference in March, adding "This could very well be the largest industry of all." China's government has said it wants the country to be a world leader in humanoid robots by 2027. "Embodied" AI is listed as a priority of a new $138 billion state venture investment fund, encouraging private-sector investors and companies to pile into the business. It looks like the beginning of a familiar tale. Chinese companies make most of the world's EVs, ships and solar panels — in each case, propelled by government subsidies and friendly regulations. "They have more companies developing humanoids and more government support than anyone else. So, right now, they may have an edge," said Jeff Burnstein [president of the Association for Advancing Automation, a trade group in Ann Arbor, Michigan]....

Humanoid robots need three-dimensional data to understand physics, and much of it has to be created from scratch. That is where China has a distinct edge: The country is home to an immense number of factories where humanoid robots can absorb data about the world while performing tasks. "The reason why China is making rapid progress today is because we are combining it with actual applications and iterating and improving rapidly in real scenarios," said Cheng Yuhang, a sales director with Deep Robotics, one of China's robot startups. "This is something the U.S. can't match." UBTech, the startup that is training humanoid robots to sort and carry auto parts, has partnerships with top Chinese automakers including Geely... "A problem can be solved in a month in the lab, but it may only take days in a real environment," said a manager at UBTech...

With China's manufacturing prowess, a locally built robot could eventually cost less than half as much as one built elsewhere, said Ming Hsun Lee, a Bank of America analyst. He said he based his estimates on China's electric-vehicle industry, which has grown rapidly to account for roughly 70% of global EV production. "I think humanoid robots will be another EV industry for China," he said. The UBTech robot system, called Walker S, currently costs hundreds of thousands of dollars including software, according to people close to the company. UBTech plans to deliver 500 to 1,000 of its Walker S robots to clients this year, including the Apple supplier Foxconn. It hopes to increase deliveries to more than 10,000 in 2027.

Few companies outside China have started selling AI-powered humanoid robots. Industry insiders expect the competition to play out over decades, as the robots tackle more-complicated environments, such as private homes.
The article notes "several" U.S. humanoid robot producers, including the startup Figure. And robots from Amazon's Agility Robotics have been tested in Amazon warehouses since 2023. "The U.S. still has advantages in semiconductors, software and some precision components," the article points out.

But "Some lawmakers have urged the White House to ban Chinese humanoids from the U.S. and further restrict Chinese robot makers' access to American technology, citing national-security concerns..."

Slashdot reader jrnvk writes: The Verge is reporting that Microsoft will soon make it harder to run the well-publicized bypassnro command in Windows 11 setup. This command allows skipping the Microsoft account and online connection requirements on install. While the command will be removed, it can still be enabled by a regedit change — for now.
"However, there's no guarantee Microsoft will allow this additional workaround for long," writes the Verge. (Though they add "There are other workarounds as well" involving the unattended.xml automation.) In its latest Windows 11 Insider Preview, the company says it will take out a well-known bypass script... Microsoft cites security as one reason it's making this change. ["This change ensures that all users exit setup with internet connectivity and a Microsoft Account."] Since the bypassnro command is disabled in the latest beta build, it will likely be pushed to production versions within weeks.

The giant financial news site Bloomberg "has been experimenting with using AI to help produce its journalism," reports the New York Times. But "It hasn't always gone smoothly."

While Bloomberg announced on January 15 that it would add three AI-generated bullet points at the top of articles as a summary, "The news outlet has had to correct at least three dozen A.I.-generated summaries of articles published this year." (This Wednesday they published a "hallucinated" date for the start of U.S. auto tariffs, and earlier in March claimed president Trump had imposed tariffs on Canada in 2024, while other errors have included incorrect figures and incorrect attribution.) Bloomberg is not alone in trying A.I. — many news outlets are figuring out how best to embrace the new technology and use it in their reporting and editing. The newspaper chain Gannett uses similar A.I.-generated summaries on its articles, and The Washington Post has a tool called "Ask the Post" that generates answers to questions from published Post articles. And problems have popped up elsewhere. Earlier this month, The Los Angeles Times removed its A.I. tool from an opinion article after the technology described the Ku Klux Klan as something other than a racist organization.

Bloomberg News said in a statement that it publishes thousands of articles each day, and "currently 99 percent of A.I. summaries meet our editorial standards...." The A.I. summaries are "meant to complement our journalism, not replace it," the statement added....

John Micklethwait, Bloomberg's editor in chief, laid out the thinking about the A.I. summaries in a January 10 essay, which was an excerpt from a lecture he had given at City St. George's, University of London. "Customers like it — they can quickly see what any story is about. Journalists are more suspicious," he wrote. "Reporters worry that people will just read the summary rather than their story." But, he acknowledged, "an A.I. summary is only as good as the story it is based on. And getting the stories is where the humans still matter."
A Bloomberg spokeswoman told the Times that the feedback they'd received to the summaries had generally been positive — "and we continue to refine the experience."

As Rust approaches its 10th anniversary, "there is an important piece of documentation missing that many other languages provide," notes the Rust Foundation.

While there's documentation and tutorials — there's no official language specification: In December 2022, an RFC was submitted to encourage the Rust Project to begin working on a specification. After much discussion, the RFC was approved in July 2023, and work began.

Initially, the Rust Project specification team (t-spec) were interested in creating the document from scratch using the Rust Reference as a guiding marker. However, the team knew there was already an external Rust specification that was being used successfully for compiler qualification purposes — the FLS.
Thank Berlin-based Ferrous Systems, a Rust-based consultancy who assembled that description "some years ago," according to a post on the Rust blog: They've since been faithfully maintaining and updating this document for new versions of Rust, and they've successfully used it to qualify toolchains based on Rust for use in safety-critical industries. [The Rust Foundation notes it part of the consultancy's "Ferrocene" Rust compiler/toolchain.] Seeing this success, others have also begun to rely on the FLS for their own qualification efforts when building with Rust.
The Rust Foundation explains: The FLS provides a structured and detailed reference for Rust's syntax, semantics, and behavior, serving as a foundation for verification, compliance, and standardization efforts. Since Rust did not have an official language specification back then, nor a plan to write one, the FLS represented a major step toward describing Rust in a way that aligns with industry requirements, particularly in high-assurance domains.
And the Rust Project is "passionate about shipping high quality tools that enable people to build reliable software at scale," adds the Rust blog. So... It's in that light that we're pleased to announce that we'll be adopting the FLS into the Rust Project as part of our ongoing specification efforts. This adoption is being made possible by the gracious donation of the FLS by Ferrous Systems. We're grateful to them for the work they've done in assembling the FLS, in making it fit for qualification purposes, in promoting its use and the use of Rust generally in safety-critical industries, and now, for working with us to take the next step and to bring the FLS into the Project.

With this adoption, we look forward to better integrating the FLS with the processes of the Project and to providing ongoing and increased assurances to all those who use Rust in safety-critical industries and, in particular, to those who use the FLS as part of their qualification efforts.
More from the Rust Foundation: The t-spec team wanted to avoid potential confusion from having two highly visible Rust specifications in the industry and so decided it would be worthwhile to try to integrate the FLS with the Rust Reference to create the official Rust Project specification. They approached Ferrous Systems, which agreed to contribute its FLS to the Rust Project and allow the Rust Project to take over its development and management... This generous donation will provide a clearer path to delivering an official Rust specification. It will also empower the Rust Project to oversee its ongoing evolution, providing confidence to companies and individuals already relying on the FLS, and marking a major milestone for the Rust ecosystem.

"I really appreciate Ferrous taking this step to provide their specification to the Rust Project," said Joel Marcey, Director of Technology at the Rust Foundation and member of the t-spec team. "They have already done a massive amount of legwork...." This effort will provide others who require a Rust specification with an official, authoritative reference for their work with the Rust programming language... This is an exciting outcome. A heartfelt thank you to the Ferrous Systems team for their invaluable contribution!
Marcey said the move allows the team "to supercharge our progress in the delivery of an official Rust specification."

And the co-founder of Ferrous Systems, Felix Gilcher, also sounded excited. "We originally created the Ferrocene Language Specification to provide a structured and reliable description of Rust for the certification of the Ferrocene compiler. As an open source-first company, contributing the FLS to the Rust Project is a logical step toward fostering the development of a unified, community-driven specification that benefits all Rust users."

A former Facebook director of global policy recently published "the book Meta doesn't want you to read," a scathing takedown of top Meta executives titled Careless People: A Cautionary Tale of Power, Greed, and Lost Idealism.

But Wednesday RestofWorld.org published additional thoughts from Meta's former head of public policy for Bangladesh (who is now an executive director at the nonprofit policy lab Tech Global Institute). Though their time at Facebook didn't overlap, they first applaud how the book "puts a face to the horrific events and dangerous decisions."

But having said that, "What struck me is that what isn't included in Careless People is more telling than what is." By 2012 — one year after joining Facebook — Wynn-Williams had ample evidence of the platform's role in enabling violence and harm upon its users, and state-sanctioned digital repression, yet her memoir neither mentions these events nor the repeated warnings to her team from civil society groups in Asia before the situation escalated... In recounting events, the author glosses over her own indifference to repeated warnings from policymakers, civil society, and internal teams outside the U.S. that ultimately led to serious harm to communities.

She briefly mentions how Facebook's local staff was held at gunpoint to give access to data or remove content in various countries — something that had been happening since as early as 2012. Yet, she failed to grasp the gravity of these risks until the possibility of her facing jail time arises in South Korea — or even more starkly in March 2016, when Facebook's vice president for Latin America, Diego Dzodan, was arrested in Brazil. Her delayed reckoning underscores how Facebook's leadership remains largely detached from real-world consequences of their decisions until they become impossible to ignore.

Perhaps because everyone wants to be a hero of their own story, Wynn-Williams frames her opposition to leadership decisions as isolated; in reality, powerful resistance had long existed within what Wynn-Williams describes as Facebook's "lower-level employees."
Yet "Despite telling an incomplete story, Careless People is a book that took enormous courage to write," the article concludes, calling it an important story to tell.

"It goes to show that we need many stories — especially from those who still can't be heard — if we are to meaningfully piece together the complex puzzle of one of the world's most powerful technology companies."

The New York Times notes that white-collar workers have faced higher unemployment than other groups in the U.S. over the past few years — along with slower wager growth.

Some economists wonder if this trend might be irreversible... and partly attributable to AI: After sitting below 4% for more than two years, the overall unemployment rate has topped that threshold since May... "We're seeing a meaningful transition in the way work is done in the white-collar world," said Carl Tannenbaum, the chief economist of Northern Trust. "I tell people a wave is coming...." Thousands of video game workers lost jobs last year and the year before... Unemployment in finance and related industries, while still low, increased by about a quarter from 2022 to 2024, as rising interest rates slowed demand for mortgages and companies sought to become leaner....

Overall, the latest data from the Federal Reserve Bank of New York show that the unemployment rate for college grads has risen 30% since bottoming out in September 2022 (to 2.6% from 2%), versus about 18% for all workers (to 4% from 3.4%). An analysis by Julia Pollak, chief economist of ZipRecruiter, shows that unemployment has been most elevated among those with bachelor's degrees or some college but no degree, while unemployment has been steady or falling at the very top and bottom of the education ladder — for those with advanced degrees or without a high school diploma. Hiring rates have slowed more for jobs requiring a college degree than for other jobs, according to ADP Research, which studies the labor market....

And artificial intelligence could reduce that need further by increasing the automation of white-collar jobs. A recent academic paper found that software developers who used an AI coding assistant improved a key measure of productivity by more than 25% and that the productivity gains appeared to be largest among the least experienced developers. The result suggested that adopting AI could reduce the wage premium enjoyed by more experienced coders, since it would erode their productivity advantages over novices... [A]t least in the near term, many tech executives and their investors appear to see AI as a way to trim their staffing. A software engineer at a large tech company who declined to be named for fear of harming his job prospects said that his team was about half the size it was last year and that he and his co-workers were expected to do roughly the same amount of work by relying on an AI assistant. Overall, the unemployment rate in tech and related industries jumped by more than half from 2022 to 2024, to 4.4% from 2.9%.
"Some economists say these trends may be short term in nature and little cause for concern on their own," the article points out (with one economist noting the unemployment rate is still low compared to historical averages).

Harvard labor economist Lawrence Katz even suggested the slower wage growth could reflect the discount that these workers accepted in return for being able to work from home.

Thanks to Slashdot reader databasecowgirl for sharing the article.

"After a long run, Google is sunsetting two of its signature Nest products," reports PC World: Google has just announced that it's discontinuing the 10-year-old Nest Protect and the 7-year-old Nest x Yale lock. Both of those products will continue to work, and — for now — they remain on sale at the Google Store, complete with discounts until supplies run out. But while Google itself is exiting the smoke alarm and smart lock business, it isn't leaving Google Home users in the lurch. Instead, it's teeing up third-party replacements for the Nest Protect and Nest X Yale lock, with both new products coming from familiar brands... Capable of being unlocked via app, entry code, or a traditional key, the Yale Smart Lock with Matter is set to arrive this summer, according to Yale.

While both the existing Nest Protect and Nest x Yale lock will continue to operate and receive security patches, those who purchased the second-generation Nest Protect near its 2015 launch date should probably replace the product anyway. That's because the CO sensors in carbon monoxide detectors like the Nest Protect have a roughly 10-year life expectancy.

Nest Protect and the Nest X Yale lock were two of the oldest products in Google's smart home lineup, and both were showing their age.

Cloud providers like the security of running things in virtual machines "at scale" — even though VMs "are not known for having fast cold starts or a small footprint..." noted Microsoft's Open Source blog last November. So Microsoft's Azure Core Upstream team built an open source Rust library called Hyperlight "to execute functions as fast as possible while isolating those functions within a VM."

But that was just the beginning... Then, we showed how to run Rust functions really, really fast, followed by using C to [securely] run Javascript. In February 2025, the Cloud Native Computing Foundation (CNCF) voted to onboard Hyperlight into their Sandbox program [for early-stage projects].

[This week] we're announcing the release of Hyperlight Wasm: a Hyperlight virtual machine "micro-guest" that can run wasm component workloads written in many programming languages...

Traditional virtual machines do a lot of work to be able to run programs. Not only do they have to load an entire operating system, they also boot up the virtual devices that the operating system depends on. Hyperlight is fast because it doesn't do that work; all it exposes to its VM guests is a linear slice of memory and a CPU. No virtual devices. No operating system. But this speed comes at the cost of compatibility. Chances are that your current production application expects a Linux operating system running on the x86-64 architecture (hardware), not a bare linear slice of memory...

[B]uilding Hyperlight with a WebAssembly runtime — wasmtime — enables any programming language to execute in a protected Hyperlight micro-VM without any prior knowledge of Hyperlight at all. As far as program authors are concerned, they're just compiling for the wasm32-wasip2 target... Executing workloads in the Hyperlight Wasm guest isn't just possible for compiled languages like C, Go, and Rust, but also for interpreted languages like Python, JavaScript, and C#. The trick here, much like with containers, is to also include a language runtime as part of the image... Programming languages, runtimes, application platforms, and cloud providers are all starting to offer rich experiences for WebAssembly out of the box. If we do things right, you will never need to think about whether your application is running inside of a Hyperlight Micro-VM in Azure. You may never know your workload is executing in a Hyperlight Micro VM. And that's a good thing.
While a traditional virtual-device-based VM takes about 125 milliseconds to load, "When the Hyperlight VMM creates a new VM, all it needs do to is create a new slice of memory and load the VM guest, which in turn loads the wasm workload. This takes about 1-2 milliseconds today, and work is happening to bring that number to be less than 1 millisecond in the future."

And there's also double security due to Wasmtime's software-defined runtime sandbox within Hyperlight's larger VM...

"Researchers have discovered nearly 1.5 million pictures from specialist dating apps — many of which are explicit — being stored online without password protection," reports the BBC, "leaving them vulnerable to hackers and extortionists."

And the images weren't limited to those from profiles, the BBC learned from the ethical hacker who discovered the issue. "They included pictures which had been sent privately in messages, and even some which had been removed by moderators..." Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile [including two kink/BDSM sites and two LGBT apps]... These services are used by an estimated 800,000 to 900,000 people.

M.A.D Mobile was first warned about the security flaw on 20th January but didn't take action until the BBC emailed on Friday. They have since fixed it but not said how it happened or why they failed to protect the sensitive images. Ethical hacker Aras Nazarovas from Cybernews first alerted the firm about the security hole after finding the location of the online storage used by the apps by analysing the code that powers the services...

None of the text content of private messages was found to be stored in this way and the images are not labelled with user names or real names, which would make crafting targeted attacks at users more complex.

In an email M.A.D Mobile said it was grateful to the researcher for uncovering the vulnerability in the apps to prevent a data breach from occurring. But there's no guarantee that Mr Nazarovas was the only hacker to have found the image stash.
"Mr Nazarovas and his team decided to raise the alarm on Thursday while the issue was still live as they were concerned the company was not doing anything to fix it..."

Samsung teased its "AI Vision Inside" refrigerators at January's CES tradeshow. (Its internal sensors can now detect 37 different fresh ingredients and 50 processed foods, generating lists for your cellphone or a screen on your refrigerator's door.)

But the refrigerators are part of a larger "AI Home" lineup of screen-enabled appliances with advanced AI features, and Engadget got to see them all together this weekend at Samsung's Bespoke AI conference in Seoul, Korea: The centerpiece of the Bespoke line remains Samsung's 4-door French-Door refrigerator, which is now available with two different-sized screens. There's a model with a smaller 9-inch screen that starts at $3,999 or one with a massive 32-inch panel called the Family Hub+ for $4,699. The former is ostensibly designed for people who want something a bit more discreet but still want access to Samsung's smart features, which includes widgets for your calendar, music, weather, various cooking apps and more. Meanwhile, the larger model is for families who aren't afraid of having a small TV in their face every time they open their fridge. You can even play videos from TikTok on it, if that's what you're into....

For cooking, Samsung's matte glass induction cooktops are mostly the same, but its Bespoke 30-inch single ($3,759) and double ($4,649) wall ovens have...you guessed it, more AI. In addition to a 7-inch display, there are also cameras and sensors inside the oven that can recognize up to 80 different recipes to provide optimal cooking times. But if you prefer to go off-script and create something original, Samsung says the oven will give you the option to save the recipe and temperature settings after cooking the same dish five times. And for a more fun application of its tech, the oven's cameras can record videos and create time-lapses of your baked goods for sharing on social media.

When it's time to clean up, Samsung's $1,399 Bespoke Auto Open Door Dishwasher has a few tricks of its own. In this case, the washer uses AI (yet again) and sensors to more accurately detect food residue and optimize cleaning cycles...
There's also an "AI Jet Ultra Cordless Stick" vacuum cleaner, which "uses AI to better detect what surface its on to more effectively hoover up dirt and debris."

Interestingly, in January Samsung's refrigerators also got a mention in iFixit's "Worst of CES" video.