"Thousands of people who use Norton password manager began receiving emailed notices this month alerting them that an unauthorized party may have gained access to their personal information," reports CNET, "along with the passwords they have stored in their vaults.

"Gen Digital, Norton's parent company, said the security incident was the result of a credential-stuffing attack rather than an actual breach of the company's internal systems." Gen's portfolio of cybersecurity services has a combined user base of 500 million users — of which about 925,000 active and inactive users, including approximately 8,000 password manager users, may have been targeted in the attack, a Gen spokesperson told CNET via email....

Norton's intrusion detection systems detected an unusual number of failed login attempts on Dec. 12, the company said in its notice. On further investigation, around Dec. 22, Norton was able to determine that the attack began around Dec. 1. "Norton promptly notified both regulators and customers as soon as the team was able to confirm that data was accessed in the attack," Gen's spokesperson said.

Personal data that may have been compromised includes Norton users' full names, phone numbers and mailing addresses. Norton also said it "cannot rule out" that password manager vault data including users' usernames and passwords were compromised in the attack....

Norton is also offering access to credit monitoring services for affected users, according to its letter to customers.

Consumer lending firm Capital One has cut 1,100 positions in its technology segment, Reuters is reporting citing a source familiar with the matter, a move that comes as its digital transformation matures. From the report: The company plans to eliminate its "Agile" job family and integrate it into existing engineering and product manager roles, it said in a statement. The affected employees have been invited to apply for other roles in the bank. "The Agile role in our Tech organization was critical to our earlier transformation phases but as our organization matured, the natural next step is to integrate agile delivery processes directly into our core engineering practices," the statement said.

"Can editing code feel more tactile, like painting with Photoshop brushes?"

Researchers at GitHub Next asked that question this week — and then supplied the answer. "We added a toolbox of brushes to our Copilot Labs Visual Studio Code extension that can modify your code.... Just select a few lines, choose your brush, and see your code update."

The tool's web page includes interactive before-and-after examples demonstrating:

• Add Types brush
• Fix Bugs brush
• Add Debugging Statements brush
• Make More Readable brush

And last month Microsoft's principle program manager for browser tools shared an animated GIF showing all the brushes in action.

"In the future, we're interested in adding more useful brushes, as well as letting developers store their own custom brushes," adds this week's announcement. "As we explore enhancing developers' workflows with Machine Learning, we're focused on how to empower developers, instead of automating them. This was one of many explorations we have in the works along those lines."

It's ultimately grafting an incredibly easy interface onto "ML-powered code modification", writes Visual Studio Magazine, noting that "The bug-fixing brush, for example can fix a simple typo, changing a variable name from the incorrect 'low' to the correct 'lo'....

"All of the above brushes and a few others have been added to the Copilot Labs brushes toolbox, which is available for anyone with a GitHub Copilot license, costing $10 per month or $100 per year.... At the time of this writing, the extension has been installed 131,369 times, earning a perfect 5.0 rating from six reviewers."

"If you've been itching to try an Arch Linux distribution and want something outside of the usual GNOME/KDE/Xfce desktop environments, Mabox Linux is an outstanding option...." writes ZDNet's Jack Wallen.

"It reminded me of my early days using Linux, only with a bit of a modern, user-centric twist...." Linux was hard in its infancy. So, when I see a Linux distribution that reminds me of those days but manages to make it easy on users without years of experience under their belts, it reminds me how far the open-source operating system has come. Such is the case with Mabox Linux.... It's not that Mabox doesn't make Arch Linux easy...it does. But when you first log into the desktop, you are greeted with something most hard-core Linux users love to see but can be a real put-off to new users. I'm talking about information...and lots of it.Â

You see, Mabox Linux places four information-centric widgets front and center on the desktop, so you can get an at-a-glance look at how the OS is using your system resources and even two widgets that give you keyboard shortcuts for things like opening various apps, menus, and even window management controls. Also on the OpenBox Window Manager desktop, you'll find a single top panel that gives you quick access to all your installed apps, the Mabox Colorizer... and a system tray with plenty of controls....

Once you have the distribution installed, the big surprise comes by way of performance. Mabox Linux is amazingly fast...like faster than most distributions I've used. A big part of that is due to the OpenBox Window Manager, which is very lightweight. Compared to my regular GNOME-based Linux desktop, Mabox is like driving a Lamborgini instead of a Prius. The difference is that obvious.ÂÂ
The installation process lets you choose between open-source or proprietary video drivers, the article points out. And "you can easily customize the color of your Mabox desktop, including the theme, side panels, Conky (which creates the desktop widgets), wallpaper, Tint2 Panel, and even the terminal theme."

An anonymous reader quotes a report from BleepingComputer: Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks. According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account compromise on other platforms. "Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account," NortonLifeLock said. "This username and password combination may potentially also be known to others."

More specifically, the notice explains that around December 1, 2022, an attacker used username and password pairs they bought from the dark web to attempt to log in to Norton customer accounts. The firm detected "an unusually large volume" of failed login attempts on December 12, 2022, indicating credential stuffing attacks where threat actors try out credentials in bulk. By December 22, 2022, the company had completed its internal investigation, which revealed that the credential stuffing attacks had successfully compromised an undisclosed number of customer accounts: "In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address." For customers utilizing the Norton Password Manager feature, the notice warns that the attackers might have obtained details stored in the private vaults. Depending on what users store in their accounts, this could lead to the compromise of other online accounts, loss of digital assets, exposure of secrets, and more. Norton has reset passwords on impacted accounts and implemented additional measures to counter the malicious attempts. They're recommending customers enable two-factor authentication and take up the offer for a credit monitoring service.

Google is launching its final Stadia game today and is promising to release a tool next week to enable Bluetooth connections on its Stadia Controller. The Verge reports: The last Stadia game to launch on the service is Worm Game, a test game that was technically available on Stadia before Stadia launched publicly in November 2019. Developers at Google have decided to release the game just before the streaming service disappears next week. [...] Alongside the new game, Google is also committing to enabling Bluetooth on Stadia controllers. Google Stadia owners will be pleased to hear there's a self-serve tool coming next week that will enable Bluetooth on the Stadia Controller. "We'll share details next week on how to enable this feature," says a Google Stadia community manager in a forum post.

Google originally launched the Stadia Controller as a device that connects directly to Stadia services and had the Bluetooth chip disabled. After news broke of the Stadia shutdown, fans have been finding ways to save the controller from an e-waste fate by using workarounds to connect it wirelessly to other devices. Workarounds like connecting to an Android device will no longer be required thanks to this new tool. It means that most Stadia players that purchased a Founders or Premiere edition will have been effectively gifted a free Bluetooth controller thanks to Google's refunds.

An anonymous reader quotes a report from Reuters: Russia said on Wednesday it would launch another Soyuz spacecraft next month to bring home two cosmonauts and a U.S. astronaut from the International Space Station after their original capsule was struck by a micrometeoroid and started leaking last month. The leak came from a tiny puncture -- less than 1 millimeter wide -- on the external cooling system of the Soyuz MS-22 capsule, one of two return capsules docked to the ISS that can bring crew members home.

Russia said a new capsule, Soyuz MS-23, would be sent up on Feb. 20 to replace the damaged Soyuz MS-22, which will be brought back to Earth empty. "Having analyzed the condition of the spacecraft, thermal calculations and technical documentation, it has been concluded that the MS-22 must be landed without a crew on board," said Yuri Borisov, the head of Russian space agency Roscosmos. Russian cosmonauts Sergey Prokopyev and Dmitry Petelin and U.S. astronaut Francisco Rubio had been due to end their mission in March but will now extend it by a few more months and return aboard the MS-23.

"They are ready to go with whatever decision we give them," Joel Montalbano, NASA's ISS program manager, told a news conference. "I may have to fly some more ice cream to reward them," he added. The MS-23, which had been due to take up three new crew in March, will instead depart from the Baikonur cosmodrome in Kazakhstan as an unmanned rescue mission next month. If there is an emergency in the meantime, Roscosmos said it will look at whether the MS-22 spacecraft can be used to rescue the crew. In this scenario, temperatures in the capsule could reach unhealthy levels of 30-40 degrees Celsius (86-104 degrees Fahrenheit). "In case of an emergency, when the crew will have a real threat to life on the station, then probably the danger of staying on the station can be higher than going down in an unhealthy Soyuz," Sergei Krikalev, Russia's chief of crewed space programs, said.

DirecTV is laying off hundreds of employees -- roughly 10% of its upper ranks -- as the company looks to reduce costs amid the heightened pain of cord cutting for pay-TV providers, according to people familiar with the matter. CNBC reports: Most of the job cuts will be at the manager level, the people said, citing an email to employees sent on Friday. Managers make up about half of DirecTV's fewer than 10,000 employees, one of the people said. The affected employees' last day will be Jan. 20. "The entire pay-TV industry is impacted by the secular decline and the increasing rates to secure and distribute programming," a DirecTV spokesperson said in a statement. "We're adjusting our operations costs to align with these changes and will continue to invest in new entertainment products and service enhancements."

DirecTV and its peers have long been under pressure as customers cut the cord and opt for streaming services. The rate of cord cutting accelerated in the third quarter, according to MoffettNathanson. [...] DirecTV reportedly lost around 500,000 customers in its most recent quarter, according to ratings agency Fitch. Although DirecTV's losses slowed during the height of the pandemic, they recently accelerated to nearly 17%, according to MoffettNathanson.

More and more cash-strapped people are opting to buy second hand and refurbished handsets in these tougher economic times with sales of used and refurbished devices estimated to have passed 282 million in 2022. From a report: The unit growth for those 12 months is some 11.5 percent higher than the prior year, and IDC number-crunchers have calculated compound annual growth of 10.3 percent until 2026 when shipments are forecast to reach 413.3 million. Anthony Scarsella, research manager with IDC's Worldwide Quarterly Phone Tracker, said the used market grew off the back of a 6.1 percent rebound in sales of new phones in 2021.

"Used devices demonstrate more resilience to market inhibitors than new smartphone sales as consumer appetite remains elevated in many regions," he said. "Attractive price points are critical for growth as cost savings remain the primary benefit," Scarsella added. "However, a high-end inventory struggle due to elongated refresh cycles in the new market has used prices growing 11 percent in 2022." North America was calculated to have shipped 73.5 million smartphones last year with the other 209.1 million devices sold into channels across the rest of the globe.

The brother of a former Coinbase product manager was sentenced on Tuesday to 10 months in prison after pleading guilty in what U.S. prosecutors have called the first insider trading case involving cryptocurrency. Reuters reports: Nikhil Wahi admitted to making trades based on confidential information from Coinbase, one of the world's largest cryptocurrency exchanges, when he pleaded guilty in September to a wire fraud conspiracy charge. Prosecutors said Ishan Wahi, the former product manager, shared the information with his brother and their friend Sameer Ramani about new digital assets that Coinbase was planning to let users trade. Ishan Wahi has pleaded not guilty, and Ramani is at large.

Prosecutors said Wahi made nearly $900,000 of profit by illegally trading ahead of 40 different Coinbase announcements. They recommended a 10- to 16-month sentence. At a sentencing hearing in Manhattan federal court, U.S. District Judge Loretta Preska said his crime was "not an isolated error in judgment." "Today's sentence makes clear that the cryptocurrency markets are not lawless," Damian Williams, the top federal prosecutor in Manhattan, said in a statement. Further reading: Coinbase To Cut 20% Jobs, Abandon 'Several' Projects To Weather Downturns in Crypto Market

OS News cheers the first official release of Vanilla OS, calling it "an immutable desktop Linux distribution that brings some interesting new technologies to the table, such as the Apx package manager."

From the official release announcement: "By default, Apx provides a container based on your Linux distribution (Ubuntu 22.10 for Vanilla OS 22.10) and wraps all commands from the distribution's package manager (apt for Ubuntu). Nevertheless, you can install packages from other package distributions.... Using the --dnf flag with apx will create a new container based on Fedora Linux. Here, apx will manage packages from Fedora's DNF repository, tightly integrating them with the host system.
ZDNet calls Vanilla OS "a new take on Linux that is equal parts heightened security and user-friendly." Among other things, "the developers opted to switch to ABRoot, which allows for fully atomic transactions between 2 root partitions." The official release announcement explains: ABRoot will check which partition is the present root partition (i.e A), then it will mount an overlay on top of it and perform the transaction. If the transaction succeeds, the overlay will be merged with the future root partition (i.e B). On your next boot, the system will automatically switch to the new root partition (B). In case of failure, the overlay will be discarded and the system will boot normally, without any changes to either partition.
But ZDNet explains why this comes in handy: Another really fascinating feature is called Smart Updates, which is enabled in the Vanilla OS Control Center, and ensures the system will not update if it's either under a heavy load or the battery is low. To enable this, open the Vanilla OS Control Center, click on the Updates tab, and then click the ON/OFF slider for SmartUpdate. Once enabled, updates will go through ABRoot transitions and aren't applied until the next reboot. Not only does this allow the updates to happen fully in the background, but it also makes them atomic, so they only proceed when it's guaranteed they will succeed.

The only caveat to this system is that you are limited to either weekly or monthly updates, as there is no daily option for scheduling. However, if you're doing weekly updates, you should be good to go.... Setting aside that which makes Vanilla OS special, the distribution is as stock a GNOME experience as you'll find and does a great job serving as your desktop operating system. It's easy to use, reliable, and performs really well...especially considering this is the first official release.
"Every wallpaper has a light and a dark version," adds the release announcement, "so you can choose the one that best suits your needs."

An anonymous reader quotes a report from CNBC: A new law that went into effect this week requires most California employers to disclose salaries on job listings. The law affects every company with more than 15 employees looking to fill a job that could be performed from the state of California. It covers hourly and temporary work, all the way up to openings for highly paid technology executives. That means it's now possible to know the salaries top tech companies pay their workers. For example: A program manager in Apple's augmented reality group will receive base pay between $121,000 and $230,000 per year, according to an Apple posting Wednesday. A midcareer software engineer at Google Health can expect to make between $126,000 and $190,000 per year. A director of software engineering at Meta leading teams building network infrastructure will make at least $253,000 and as much as $327,000 in salary per year. Notably, these salary listings do not include any bonuses or equity grants, which many tech companies use to attract and retain employees.

California's pay transparency law is intended to reduce gender and race pay gaps and help minorities and women better compete in the labor market. For example, people can compare their current pay with job listings with the same job title and see if they're being underpaid. [...] But the new disclosures under the law might not tell the whole story of what a job pays. Companies can choose to display wide pay ranges, violating the spirit of the law, and the law doesn't require companies to reveal bonuses or equity compensation. The law could also penalize ambitious workers who are gunning for more money because of their experience or skills, the California Chamber of Commerce said last year when opposing the bill. Some employers might be wary of posting pay to prevent bidding wars for top talent.

There are two primary components to California Senate Bill No. 1162, which was passed in September and went into effect Jan. 1. First is the pay transparency component on job listings, which applies to any company with more than 15 employees if the job could be done in California. The second part requires companies with more than 100 employees to submit a pay data report to the state of California with detailed salary information broken down by race, sex and job category. Companies have to provide a similar report on the federal level, but California now requires more details. Employers are required to maintain detailed records of each job title and its wage history, and California's labor commissioner can inspect those records. California can enforce the law through fines and can investigate violations. The reports won't be published publicly under the new law.

An anonymous reader shares a report: The porn industry has been around for a while and in today's digital age business is booming. When Laurie Schlegel isn't seeing her patients who struggle with sex addiction, she's at the Louisiana State Capitol. The Republican state representative from Metairie passed HB 142 earlier this year requiring age verification for any website that contains 33.3% or more pornographic material. "Pornography is destroying our children and they're getting unlimited access to it on the internet and so if the pornography companies aren't going to be responsible, I thought we need to go ahead and hold them accountable," said Schlegel. According to Schlegel, websites would verify someone's age in collaboration with LA Wallet. So, if you plan on using these sites in the future, you may want to download the app. "I would say so," said Sara Kelley, project manager with Envoc. "I mean, I think it's a must-have for anyone who has a Louisiana state ID or driver's license."

Kelley added there are other ways websites could ask you to verify your age if you cannot access LA Wallet. She added that although some personal information will be required, companies must not retain personal data after complete verification. "It doesn't identify your date of birth, it doesn't identify who you are, where you live, what part of the state you're in, or any information from your device or from your actual ID. It just returns that age to say that yes, this person is old enough to be allowed to go in," explained Kelley. It will be the website's responsibility to ensure age verification is required when accessing their site in Louisiana. Schlegel said there will be consequences for those who fail to follow the law.

Long-time Slashdot reader destinyland shares an article listing "the five best Linux distros of 2022" — as chosen by the editor of the blog omg! ubuntu!

"Spoiler: they're not all Ubuntu-based!" the article begins, also noting that it's not a ranking of superiority of importance, but rather "giving a shoutout to some of the year's best Linux releases."

Its top-listed non-Ubuntu distro? Fedora Workstation 37
Fedora Workstation is a flagship desktop Linux distro for good reason: it's robust, it's reliable, it's impeccably produced — it distills what a lot of folks seek most: a "pure" GNOME experience, delivered as devs intend, atop a strong and stable base.

Autumn's offer of Fedora 37 Workstation features GNOME 43 — an update that majorly improves the GNOME Shell user experience with Quick Settings. There's also a more-featured Files rebuilt in GTK4/libadwaita; a revamped Calendar app; a Device Security panel; Raspberry Pi 4 support; GRUB instead of syslinux on BIOS; and more.

Folk often overlook Fedora Workstation because, as Linux distros go, it's rather understated, unassuming, and drama-free. Yet, it is a finessed and functional distro that forgoes fancy flourishes to focus entirely on its performance, its integration, and its cohesion.

If you've never tried Fedora you're missing out, so sort it!
There were two other non-Ubuntu distros on the list:

• Manjaro 22.0 'Sikaris'. "As Arch-based Linux distros go Manjaro is one of the best.... Everything from the shell to the package manager to bespoke touches and apps are cohesive, considered, and choreographed. Manjaro 22.0 isn't just a distro, it's an experience."

• Linux Mint 21. "As well as being easy to use, Linux Mint ships with an interesting selection of pre-installed software that aims to cover most users' needs, including some homegrown apps that are rather special."

Last week, LastPass announced that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. "While the company insists that your login information is still secure, some cybersecurity experts are heavily criticizing its post, saying that it could make people feel more secure than they actually are and pointing out that this is just the latest in a series of incidents that make it hard to trust the password manager," reports The Verge. Here's an excerpt from the report: LastPass' December 22nd statement was "full of omissions, half-truths and outright lies," reads a blog post from Wladimir Palant, a security researcher known for helping originally develop AdBlock Pro, among other things. Some of his criticisms deal with how the company has framed the incident and how transparent it's being; he accuses the company of trying to portray the August incident where LastPass says "some source code and technical information were stolen" as a separate breach when he says that in reality the company "failed to contain" the breach. He also highlights LastPass' admission that the leaked data included "the IP addresses from which customers were accessing the LastPass service," saying that could let the threat actor "create a complete movement profile" of customers if LastPass was logging every IP address you used with its service.

Another security researcher, Jeremi Gosney, wrote a long post on Mastodon explaining his recommendation to move to another password manager. "LastPass's claim of 'zero knowledge' is a bald-faced lie," he says, alleging that the company has "about as much knowledge as a password manager can possibly get away with." LastPass claims its "zero knowledge" architecture keeps users safe because the company never has access to your master password, which is the thing that hackers would need to unlock the stolen vaults. While Gosney doesn't dispute that particular point, he does say that the phrase is misleading. "I think most people envision their vault as a sort of encrypted database where the entire file is protected, but no -- with LastPass, your vault is a plaintext file and only a few select fields are encrypted."

Palant also notes that the encryption only does you any good if the hackers can't crack your master password, which is LastPass' main defense in its post: if you use its defaults for password length and strengthening and haven't reused it on another site, "it would take millions of years to guess your master password using generally-available password-cracking technology" wrote Karim Toubba, the company's CEO. "This prepares the ground for blaming the customers," writes Palant, saying that "LastPass should be aware that passwords will be decrypted for at least some of their customers. And they have a convenient explanation already: these customers clearly didn't follow their best practices." However, he also points out that LastPass hasn't necessarily enforced those standards. Despite the fact that it made 12-character passwords the default in 2018, Palant says, "I can log in with my eight-character password without any warnings or prompts to change it."

SpaceX launched the first batch of a new generation of Starlink satellites into orbit early Wednesday (Dec. 28) and nailed a rocket landing at sea to mark a record 60th flight of the year. From a report: A Falcon 9 rocket topped with 54 upgraded Starlink internet satellites -- the first generation 2 (Gen2) versions of the SpaceX fleet -- lit up the predawn sky with a smooth launch at 4:34 a.m. EST (0934 GMT) from the Cape Canaveral Space Force Station in Florida. "Under our new license, we are now able to deploy satellites to new orbits that will add even more capacity to the network," Jesse Anderson, a SpaceX production and engineering manager, said during live launch commentary. "Ultimately, this enables us to add more customers and provide faster service, particularly in areas that are currently oversubscribed."

About eight minutes after liftoff, the Falcon 9 first stage returned to Earth with a landing on the SpaceX drone ship A Shortfall of Gravitas in the Atlantic Ocean, where rough recovery weather threatened to delay the launch. The touchdown marked a successful end to SpaceX's 60th launch of SpaceX in 2022, nearly doubling the 31 launches set as a SpaceX record in 2021. The Falcon 9 first stage on this mission made its 11th flight with Wednesday's launch. The booster previously flew five Starlink missions, launched two U.S. GPS satellites, the Nilesat 301 commercial satellite and carried two different private astronaut crews on the Inspiration4 and Ax-1 missions, SpaceX has said. The company will also attempt to recover the two payload fairing halves that made up the Falcon 9's nose cone, which had both flown before, for later reuse, Anderson said.

The shoebox-shaped device, designed to capture fingerprints and perform iris scans, was listed on eBay for $149.95. A German security researcher, Matthias Marx, successfully offered $68, and when it arrived at his home in Hamburg in August, the rugged, hand-held machine contained more than what was promised in the listing. The device's memory card held the names, nationalities, photographs, fingerprints and iris scans of 2,632 people. From a report: Most people in the database, which was reviewed by The New York Times, were from Afghanistan and Iraq. Many were known terrorists and wanted individuals, but others appeared to be people who had worked with the U.S. government or simply been stopped at checkpoints. Metadata on the device, called a Secure Electronic Enrollment Kit, or SEEK II, revealed that it had last been used in the summer of 2012 near Kandahar, Afghanistan. The device -- a relic of the vast biometric collection system the Pentagon built in the years after the Sept. 11, 2001, attacks -- is a physical reminder that although the United States has moved on from the wars in Afghanistan and Iraq, the tools built to fight them and the information they held live on in ways unintended by their creators.

Exactly how the device ended up going from the battlefields in Asia to an online auction site is unclear. But the data, which offers detailed descriptions of individuals in addition to their photograph and biometric data, could be enough to target people who were previously unknown to have worked with U.S. military forces should the information fall into the wrong hands. For those reasons, Mr. Marx would not place the information online or share it in an electronic format, but he did allow a Times reporter in Germany to see the data in person alongside him. "Because we have not reviewed the information contained on the devices, the department is not able to confirm the authenticity of the alleged data or otherwise comment on it," Brig. Gen. Patrick S. Ryder, the Defense Department's press secretary, said in a statement. "The department requests that any devices thought to contain personally identifiable information be returned for further analysis." He provided an address for the military's biometrics program manager at Fort Belvoir in Virginia where the devices could be sent. The biometric data on the SEEK II was collected at detainment facilities, on patrols, during screenings of local hires and after the explosion of an improvised bomb. Around the time when the device was last used in Afghanistan, the American war effort there was winding down.

"A Microsoft employee appears to have accidentally announced that Windows 11's Notepad app is getting a tabs feature," reports the Verge: The employee, a senior product manager at Microsoft, posted a photo of a version of Notepad with tabs, enthusiastically announcing "Notepad in Windows 11 now has tabs!" with a loudspeaker emoji.

The tweet was deleted minutes later, but not before Windows Central and several Windows enthusiast Twitter accounts had spotted the mistake. The Notepad screenshot includes a Microsoft internal warning: "Confidential Don't discuss features or take screenshots...."

The addition of tabs in Notepad could signal a shift towards tabs appearing in more built-in Windows apps.

A Microsoft .NET Community standup has left Windows desktop developers wondering what kind of future, if any, the company has planned for its older desktop application frameworks, Windows Forms and Windows Presentation Foundation (WPF). From a report: A "what's new" slide for WPF presented by senior program manager Olia Gavrysh last week shows "Community Run Project" as the first bullet point, causing consternation among attendees. "Who's happy that WPF is now a community run project? This is soooo scary," remarked Morten Nielsen, a senior principal engineer at ESRI working on the ArcGIS runtime, for location-based analytics.

The slide was perhaps misinterpreted. It was intended as an update on what is happening with pull requests from the community, rather than meaing that WPF has been handed over to the community. Nevertheless, concerns about the future of the framework are well founded. "It's not dead. we have a team working on WPF and supporting it," said Gavrysh, but added, "we now switch to the model where we accept a lot of PRs [pull requests] from the community because we think of WPF as [a] very mature project so not that much rapid development is happening."

"Peak TV has peaked," reports the new York Times: The never-ending supply of new programming that helped define the streaming era — spawning shows at a breakneck pace but also overwhelming viewers with too many choices — appears to finally be slowing. The number of adult scripted series ordered by TV networks and streaming companies aimed for U.S. audiences fell by 24 percent in the second half of this year, compared with the same period last year, according to Ampere Analysis, a research firm. Compared with 2019, it is a 40 percent drop. "The second half of the year has really gone off a bit of a cliff," said Fred Black, a research manager at Ampere.

It may take some time for that to become apparent to viewers — if it becomes apparent at all, given the glut. It is usually months and sometimes more than a year for a TV show to premiere after a network orders it.

The drop is a result of broader reckoning inside the entertainment industry. For years, television executives tossed off billions of dollars on TV series to help build out their streaming services and chase subscribers. The spending has been a boon to high-profile writers and producers, who captured eight- and nine-figure deals, as well as for the actors, directors and behind-the-scenes workers who kept the engine going. But Wall Street soured on the buy-at-any-cost strategy starting in the spring, when Netflix, the streaming powerhouse, announced that it had lost subscribers for the first time in a decade. Netflix's stock nose-dived, and other entertainment companies soon watched their share prices fall, too. Hollywood companies quickly shifted, putting a new emphasis on higher profits instead of raw subscriber counts.

Then, in recent months, entertainment companies became increasingly anxious about a slowing economy, the cord-cutting movement and a troublesome advertising market. Since the summer, scores of executives have abruptly been dismissed, strict cost-cutting measures have been adopted and layoffs have taken hold throughout the industry.... Netflix also cut hundreds of jobs and introduced a cheaper advertising tier, overturning the company's longtime pledge to never allow commercials on the service. Warner Bros. Discovery, a company that was formed in April, faces a debt of roughly $50 billion, and has been in severe cost-cutting mode. There have been rounds of layoffs companywide, including at HBO and HBO Max, as well as sudden cancellations. The once-popular series "Westworld" was canceled last month — a move that surprised Hollywood — and the lesser-known, raunchy dating series "FBoy Island" was cut a few weeks ago....

There are a few outliers to this year's trend: Apple TV+ and Amazon have increased the number of adult scripted series they have purchased this year. So has Disney, according to Ampere's research. (For the second half of the year, however, Disney's buying has declined compared with the same period last year.)