In a first for "digital health technology," the Apple Watch's atrial fibrillation (AFib) history feature has been approved by the FDA to join the FDA's Medical Device Development Tools (MDDT) program. This means the wearable is now usable in clinical studies. The Verge reports: The FDA announcement describes using it as a noninvasive way to collect the data both before and after treatment: "Designed to be used as a biomarker test to help evaluate estimates of AFib burden as a secondary effectiveness endpoint within clinical studies intended to evaluate the safety and effectiveness of cardiac ablation devices to treat."

Dan Goodin reports via Ars Technica: A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under active exploitation, federal government officials warned as data showed that thousands of users had yet to install a patch released in January. A change GitLab implemented in May 2023 made it possible for users to initiate password changes through links sent to secondary email addresses. The move was designed to permit resets when users didn't have access to the email address used to establish the account. In January, GitLab disclosed that the feature allowed attackers to send reset emails to accounts they controlled and from there click on the embedded link and take over the account.

While exploits required no user interaction, hijackings worked only against accounts that weren't configured to use multi-factor authentication. Even with MFA, accounts remained vulnerable to password resets. The vulnerability, tracked as CVE-2023-7028, carries a severity rating of 10 out of a possible 10. The vulnerability, classified as an improper access control flaw, could pose a grave threat. GitLab software typically has access to multiple development environments belonging to users. With the ability to access them and surreptitiously introduce changes, attackers could sabotage projects or plant backdoors that could infect anyone using software built in the compromised environment. An example of a similar supply chain attack is the one that hit SolarWinds in 2021, infecting more than 18,000 of its customers. Other recent examples of supply chain attacks are here, here, and here. These sorts of attacks are powerful. By hacking a single, carefully selected target, attackers gain the means to infect thousands of downstream users, often without requiring them to take any action at all. According to Internet scans performed by security organization Shadowserver, more than 2,100 IP addresses showed they were hosting one or more vulnerable GitLab instances. In order to protect your system, you should enable MFA and install the latest patch. "GitLab users should also remember that patching does nothing to secure systems that have already been breached through exploits," notes Goodin.

The Biden administration on Tuesday released rules designed to speed up permits for clean energy while requiring federal agencies to more heavily weigh damaging effects on the climate and on low-income communities before approving projects like highways and oil wells. From a report: As part of a deal to raise the country's debt limit last year, Congress required changes to the National Environmental Policy Act, a 54-year-old bedrock law that requires the government to consider environmental effects and to seek public input before approving any project that necessitates federal permits. That bipartisan debt ceiling legislation included reforms to the environmental law designed to streamline the approval process for major construction projects, such as oil pipelines, highways and power lines for wind- and solar-generated electricity. The rules released Tuesday, by the White House Council on Environmental Quality, are intended to guide federal agencies in putting the reforms in place.

But they also lay out additional requirements created to prioritize projects with strong environmental benefits, while adding layers of review for projects that could harm the climate or their surrounding communities. "These reforms will deliver smarter decisions, quicker permitting, and projects that are built better and faster," said Brenda Mallory, chair of the council. "As we accelerate our clean energy future, we are also protecting communities from pollution and environmental harms that can result from poor planning and decision making while making sure we build projects in the right places."

An anonymous reader shares a report: Earlier this month, we wrote that some of Intel's recent high-end Core i9 and Core i7 processors had been crashing and exhibiting other weird issues in some games and that Intel was investigating the cause. An Intel statement obtained by Igor's Lab suggests that Intel's investigation is wrapping up, and the company is pointing squarely in the direction of enthusiast motherboard makers that are turning up power limits and disabling safeguards to try to wring a little more performance out of the processors.

"While the root cause has not yet been identified, Intel has observed the majority of reports of this issue are from users with unlocked/overclock capable motherboards," the statement reads. "Intel has observed 600/700 Series chipset boards often set BIOS defaults to disable thermal and power delivery safeguards designed to limit processor exposure to sustained periods of high voltage and frequency."

These are the specific settings that Intel believes are causing problems:
Disabling Current Excursion Protection (CEP)
Enabling the IccMax Unlimited bit
Disabling Thermal Velocity Boost (TVB) and/or Enhanced Thermal Velocity Boost (eTVB)

Additional settings which may increase the risk of system instability:
Disabling C-states
Using Windows Ultimate Performance mode
Increasing PL1 and PL2 beyond Intel recommended limits.

An anonymous reader shared this report from the Associated Press: Tech giant Cisco Systems on Wednesday joined Microsoft and IBM in signing onto a Vatican-sponsored pledge to ensure artificial intelligence is developed and used ethically and to benefit the common good... The pledge outlines key pillars of ethical and responsible use of AI. It emphasizes that AI systems must be designed, used and regulated to serve and protect the dignity of all human beings, without discrimination, and their environments. It highlights principles of transparency, inclusion, responsibility, impartiality and security as necessary to guide all AI developments.

The document was unveiled and signed at a Vatican conference on Feb. 28, 2020... Pope Francis has called for an international treaty to ensure AI is developed and used ethically, devoting his annual peace message this year to the topic.

This week Russia vetoed a UN resolution that proposed banning nuclear weapons in space, CNN reports.

But it all happened "amid U.S. intelligence-backed concerns that Moscow is trying to develop a nuclear device capable of destroying satellites." In February, President Joe Biden confirmed the US has intelligence that Russia is developing a nuclear anti-satellite capability. Three sources familiar with the intelligence subsequently told CNN the weapon could destroy satellites by creating a massive energy wave when detonated...

US Ambassador Linda Thomas-Greenfield said Wednesday's vote "marks a real missed opportunity to rebuild much-needed trust in existing arms control obligations." A US and Japan-drafted resolution had received cross-regional support from more than 60 member states. It intended to strengthen and uphold the global non-proliferation regime, including in outer space, and reaffirm the shared goal of maintaining outer space for peaceful purposes. It also called on UN member states not to develop nuclear weapons or other weapons of mass destruction designed to be placed in Earth's orbit....

Experts say this kind of weapon could have the potential to wipe out mega constellations of small satellites, like SpaceX's Starlink, which has been successfully used by Ukraine to counter Russian troops. This would almost certainly be "a last-ditch weapon" for Russia, the US official and other sources said — because it would do the same damage to whatever Russian satellites were also in the area.
The article notes that in March Russian President Vladimir Putin "told officials that space projects, including the setup of a nuclear power unit in space, should be a priority and receive proper financing."

Thanks to long-time Slashdot reader schwit1 for sharing the news.

1,000 petabytes.
A million terabytes.
One quintillion bytes (or 1,000,000,000,000,000,000).

That's the amount of storage reported by users of the Ceph storage solution (across more than 3,000 Ceph clusters).

The Ceph Foundation is a "directed fund" of the Linux Foundation, providing a neutral home for Ceph, "the most popular open source storage solution for modern data storage challenges" (offering an architecture that's "highly scalable, resilient, and flexible"). It's a software-defined storage platform, providing object storage, block storage, and file storage built on a common distributed cluster foundation.

And Friday they announced the release of Ceph Squid, "which comes with several performance and space efficiency features along with enhanced protocol support." Ceph has solidified its position as the cornerstone of open source data storage. The release of Ceph Squid represents a significant milestone toward providing scalable, reliable, and flexible storage solutions that meet the ever-evolving demands of digital data storage.

Features of Ceph Squid include improvements to BlueStore [a storage back end specifically designed for managing data on disk for Ceph Object Storage Daemon workloads] to reduce latency and CPU requirements for snapshot intensive workloads. BlueStore now uses RocksDB compression by default for increased average performance and reduced space usage. [And the next-generation Crimson OSD also has improvements in stability and read performance, and "now supports scrub, partial recovery and osdmap trimming."]

Ceph continues to drive the future of storage, and welcomes developers, partners, and technology enthusiasts to get involved.
Ceph Squid also brings enhancements for the CRUSH algorithm [which computes storage locations] to support more flexible and cost effective erasure coding configurations.

An anonymous reader quotes a report from TechCrunch: Darktrace is set to go private in a deal that values the U.K.-based cybersecurity giant at around $5 billion. A newly formed entity called Luke Bidco Ltd., formed by private equity giant Thoma Bravo, has tabled an all-cash bid of $7.75 per share, which represents a 44% premium on its average price for the three-month period ending April 25. However, this premium drops to just 20% when juxtaposed against Darktrace's closing price Thursday, as the company's shares had risen 20% to 5.18 pounds in the past month.

Founded out of Cambridge, U.K., in 2013, Darktrace is best known for AI-enabled threat detection smarts, using machine learning to identify abnormal network activity and attempts at ransomware attacks, insider attacks, data breaches and more. The company claims big-name customers including Allianz, Airbus and the city of Las Vegas. After raising some $230 million in VC funding and hitting a private valuation of $1.65 billion, Darktrace went public on the London Stock Exchange in April 2021, with an opening-day valuation of $2.4 billion. Its shares hit an all-time high later that year of 9.45 pounds and plummeted to an all-time low of 2.29 pounds last February. But they had been steadily rising since the turn of the year and hadn't fallen below 4 pounds since the beginning of March.

The full valuation based on Thoma Bravo's offer amounts to $5.3 billion on what is known as a full-diluted basis, which takes into account all convertible securities and is designed to give a more comprehensive view of a company's valuation. However, the enterprise value in this instance is approximately $4.9 billion, which includes additional considerations such as debt and cash positions. [...] The deal is of course still subject to shareholder approval, but the companies said that they expect to complete the transaction by the end of 2024. "The proposed offer represents an attractive premium and an opportunity for shareholders to receive the certainty of a cash consideration at a fair value for their shares," Darktrace chair Gordon Hurst said. "The proposed acquisition will provide Darktrace access to a strong financial partner in Thoma Bravo, with deep software sector expertise, who can enhance the company's position as a best-in-class cyber AI business headquartered in the U.K."

U.S. authorities consider DJI a security threat. Congress is weighing legislation to ban it [non-paywalled link], prompting a lobbying campaign from the company, which dominates the commercial and consumer drone markets. The New York Times: DJI is on a Defense Department list of Chinese military companies whose products the U.S. armed forces will be prohibited from purchasing in the future. As part of the defense budget that Congress passed for this year, other federal agencies and programs are likely to be prohibited from purchasing DJI drones as well. The drones -- though not designed or authorized for combat use -- have also become ubiquitous in Russia's war against Ukraine.

The Treasury and Commerce Departments have penalized DJI over the use of its drones for spying on Uyghur Muslims who are held in camps by Chinese officials in the Xinjiang region. Researchers have found that Beijing could potentially exploit vulnerabilities in an app that controls the drone to gain access to large amounts of personal information, although a U.S. official said there are currently no known vulnerabilities that have not been patched. Now Congress is weighing legislation that could kill much of DJI's commercial business in the United States by putting it on a Federal Communications Commission roster blocking it from running on the country's communications infrastructure.

The bill, which has bipartisan support, has been met with a muscular lobbying campaign by DJI. The company is hoping that Americans like Mr. Nordfors who use its products will help persuade lawmakers that the United States has nothing to fear -- and much to gain -- by keeping DJI drones flying. "DJI presents an unacceptable national security risk, and it is past time that drones made by Communist China are removed from America," Representative Elise Stefanik, Republican of New York and one of the bill's primary sponsors, said in an emailed statement this month.

Some Android-powered TVs can expose the contents of users' email inboxes if an attacker has physical access to the TV. Google initially told the office of Senator Ron Wyden that the issue, which is a quirk of how software is installed on these TVs, was expected behavior, but after being contacted by 404 Media, Google now says it is addressing the issue. From the report: The attack is an edge case but one that still highlights how the use of Google accounts, even on products that aren't necessarily designed for browsing user data, can expose information in unusual ways, including TVs in businesses or ones that have been resold or given away.

"My office is mid-way through a review of the privacy practices of streaming TV technology providers. As part of that inquiry, my staff discovered an alarming video in which a YouTuber demonstrated how with 15 minutes of unsupervised access to an Android TV set top box, a criminal could get access to private emails of the Gmail user who set up the TV," Senator Ron Wyden told 404 Media in a statement.

Lenovo's latest ThinkPad P1 Gen 7 laptop is set to be the first to use the new LPCAMM2 memory form factor, the successor to SODIMM sticks. From a report: While Lenovo has largely focused on the AI performance of its new laptop, which is equipped with an Intel Core Ultra CPU and Nvidia RTX 3000 Ada GPU, the company also noted that its device was the first in the world to use the LPCAMM2 memory standard. LPCAMM2 uses 64 percent less space than SODIMM and 61 percent less active power, according to Lenovo. This is thanks to it being based on LPDDR5X memory instead of regular DDR5.

Designed specifically for laptops, the LPCAMM2 standard actually has its origins in tech developed by Dell. Simply termed CAMM (Compression Attached Memory Module), it first debuted as a proprietary type of memory in Dell's Precision 7670 in 2022. However, in 2023 the PC giant donated its intellectual property to JEDEC, the organization that standardizes memory technologies. CAMM became LPCAMM2 (Low-Power Compression Attached Memory Module) in September 2023 when JEDEC finally confirmed its specifications. Samsung promptly announced plans to produce LPCAMM2 sticks, and claimed they would have 50 percent more performance and 70 percent more efficiency than their SODIMM-based predecessors. Plus, LPCAMM2 can offer dual-channel memory without requiring a second module.

Just as Google, Samsung and Microsoft continue to push their efforts with generative AI on PCs and mobile devices, Apple is moving to join the party with OpenELM, a new family of open source large language models (LLMs) that can run entirely on a single device rather than having to connect to cloud servers. From a report: Released a few hours ago on AI code community Hugging Face, OpenELM consists of small models designed to perform efficiently at text generation tasks. There are eight OpenELM models in total -- four pre-trained and four instruction-tuned -- covering different parameter sizes between 270 million and 3 billion parameters (referring to the connections between artificial neurons in an LLM, and more parameters typically denote greater performance and more capabilities, though not always).

[...] Apple is offering the weights of its OpenELM models under what it deems a "sample code license," along with different checkpoints from training, stats on how the models perform as well as instructions for pre-training, evaluation, instruction tuning and parameter-efficient fine tuning. The sample code license does not prohibit commercial usage or modification, only mandating that "if you redistribute the Apple Software in its entirety and without modifications, you must retain this notice and the following text and disclaimers in all such redistributions of the Apple Software." The company further notes that the models "are made available without any safety guarantees. Consequently, there exists the possibility of these models producing outputs that are inaccurate, harmful, biased, or objectionable in response to user prompts."

Okian Warrior writes: For $10,000, you can now get a flamethrower mounted on a robotic dog. Just load the webpage and scroll down. I saw this on the news today. *Definitely* we need to have a conversation about where AI is going. The robot, called the Thermonator, is constructed by Ohio flame throwing manufacturer Throwflame and features one of the company's ARC flamethrowers mounted on its back. The 26-pound robotic quadruped "can shoot fire in a 30-foot stream and comes with a built-in fuel tank powered by gasoline," notes Gizmodo. "The company says the robot also has an hour-long battery, a laser sight, and lidar mapping, and it can be remotely controlled via the company's app."

The company says its product is designed for "wildfire control and prevention," "agriculture management," "ecological conservation," "entertainment and SFX," and "snow and ice removal." It can be yours for the low price of $9,420 with free shipping.

An anonymous reader quotes a report from the New York Times: Generative A.I. technologies can write poetry and computer programs or create images of teddy bears and videos of cartoon characters that look like something from a Hollywood movie. Now, new A.I. technology is generating blueprints for microscopic biological mechanisms that can edit your DNA, pointing to a future when scientists can battle illness and diseases with even greater precision and speed than they can today. Described in a research paper published on Monday by a Berkeley, Calif., startup called Profluent, the technology is based on the same methods that drive ChatGPT, the online chatbot that launched the A.I. boom after its release in 2022. The company is expected to present the paper next month at the annual meeting of the American Society of Gene and Cell Therapy. "Its OpenCRISPR-1 protein is built on a similar structure as the fabled CRISPR-Cas9 DNA snipper, but with hundreds of mutations that help reduce its off-target effects by 95%," reports Fierce Biotech, citing the company's preprint manuscript published on BioRxiv. "Profluent said it can be employed as a 'drop-in replacement' in any experiment calling for a Cas9-like molecule."

While Profluent will keep its LLM generators private, the startup says it will open-source the products of this initiative. "Attempting to edit human DNA with an AI-designed biological system was a scientific moonshot," Profluent co-founder and CEO Ali Madani, Ph.D., said in a statement. "Our success points to a future where AI precisely designs what is needed to create a range of bespoke cures for disease. To spur innovation and democratization in gene editing, with the goal of pulling this future forward, we are open-sourcing the products of this initiative."

An anonymous reader shares a report: For years, people who have found Google search frustrating have been adding "Reddit" to the end of their search queries. This practice is so common that Google even acknowledged the phenomenon in a post announcing that it will be scraping Reddit posts to train its AI. And so, naturally, there are now services that will poison Reddit threads with AI-generated posts designed to promote products.

A service called ReplyGuy advertises itself as "the AI that plugs your product on Reddit" and which automatically "mentions your product in conversations naturally." Examples on the site show two different Redditors being controlled by AI posting plugs for a text-to-voice product called "AnySpeech" and a bot writing a long comment about a debt consolidation program called Debt Freedom Now. A video demo shows a dashboard where a user adds the name of their company and URL they want to direct users to. It then auto-suggests keywords that "help the bot know what types of subreddits and tweets to look for and when to respond."

Moments later, the dashboard shows how Reply Guy is "already in the responses" of the comments section of different Reddit posts. "Many of our responses will get lots of upvotes and will be well-liked." The creator of the company, Alexander Belogubov, has also posted screenshots of other bot-controlled accounts responding all over Reddit. Begolubov has another startup called "Stealth Marketing" that also seeks to manipulate the platform by promising to "turn Reddit into a steady stream of customers for your startup."

The Washington Post reports on a new situation in Virginia: There, massive data centers with computers processing nearly 70 percent of global digital traffic are gobbling up electricity at a rate officials overseeing the power grid say is unsustainable unless two things happen: Several hundred miles of new transmission lines must be built, slicing through neighborhoods and farms in Virginia and three neighboring states. And antiquated coal-powered electricity plants that had been scheduled to go offline will need to keep running to fuel the increasing need for more power, undermining clean energy goals...

The $5.2 billion effort has fueled a backlash against data centers through the region, prompting officials in Virginia to begin studying the deeper impacts of an industry they've long cultivated for the hundreds of millions of dollars in tax revenue it brings to their communities. Critics say it will force residents near the [West Virginia] coal plants to continue living with toxic pollution, ironically to help a state — Virginia — that has fully embraced clean energy. And utility ratepayers in the affected areas will be forced to pay for the plan in the form of higher bills, those critics say. But PJM Interconnection, the regional grid operator, says the plan is necessary to maintain grid reliability amid a wave of fossil fuel plant closures in recent years, prompted by the nation's transition to cleaner power. Power lines will be built across four states in a $5.2 billion effort that, relying on coal plants that were meant to be shuttered, is designed to keep the electric grid from failing amid spiking energy demands. Cutting through farms and neighborhoods, the plan converges on Northern Virginia, where a growing data center industry will need enough extra energy to power 6 million homes by 2030...

There are nearly 300 data centers now in Virginia. With Amazon Web Services pursuing a $35 billion data center expansion in Virginia, rural portions of the state are the industry's newest target for development. The growth means big revenue for the localities that host the football-field-size buildings. Loudoun [County] collects $600 million in annual taxes on the computer equipment inside the buildings, making it easier to fund schools and other services. Prince William [County], the second-largest market, collects $100 million per year.
The article adds that one data center "can require 50 times the electricity of a typical office building, according to the U.S. Department of Energy. "Multiple-building data center complexes, which have become the norm, require as much as 14 to 20 times that amount."

One small power company even told the grid operator that data centers were already consuming 59% of the power they produce...

An anonymous reader quotes a report from The Atlantic: In October 2003, Mark Zuckerberg created his first viral site: not Facebook, but FaceMash. Then a college freshman, he hacked into Harvard's online dorm directories, gathered a massive collection of students' headshots, and used them to create a website on which Harvard students could rate classmates by their attractiveness, literally and figuratively head-to-head. The site, a mean-spirited prank recounted in the opening scene of The Social Network, got so much traction so quickly that Harvard shut down his internet access within hours. The math that powered FaceMash -- and, by extension, set Zuckerberg on the path to building the world's dominant social-media empire -- was reportedly, of all things, a formula for ranking chess players: the Elo system.

Fundamentally, what an Elo rating does is predict the outcome of chess matches by assigning every player a number that fluctuates based purely on performance. If you beat a slightly higher-ranked player, your rating goes up a little, but if you beat a much higher-ranked player, your rating goes up a lot (and theirs, conversely, goes down a lot). The higher the rating, the more matches you should win. That is what Elo was designed for, at least. FaceMash and Zuckerberg aside, people have deployed Elo ratings for many sports -- soccer, football, basketball -- and for domains as varied as dating, finance, and primatology. If something can be turned into a competition, it has probably been Elo-ed. Somehow, a simple chess algorithm has become an all-purpose tool for rating everything. In other words, when it comes to the preferred way to rate things, Elo ratings have the highest Elo rating. [...]

Elo ratings don't inherently have anything to do with chess. They're based on a simple mathematical formula that works just as well for any one-on-one, zero-sum competition -- which is to say, pretty much all sports. In 1997, a statistician named Bob Runyan adapted the formula to rank national soccer teams -- a project so successful that FIFA eventually adopted an Elo system for its official rankings. Not long after, the statistician Jeff Sagarin applied Elo to rank NFL teams outside their official league standings. Things really took off when the new ESPN-owned version of Nate Silver's 538 launched in 2014 and began making Elo ratings for many different sports. Some sports proved trickier than others. NBA basketball in particular exposed some of the system's shortcomings, Neil Paine, a stats-focused sportswriter who used to work at 538, told me. It consistently underrated heavyweight teams, for example, in large part because it struggled to account for the meaninglessness of much of the regular season and the fact that either team might not be trying all that hard to win a given game. The system assumed uniform motivation across every team and every game. Pretty much anything, it turns out, can be framed as a one-on-one, zero-sum game. Arpad Emmerich Elo, creator of the Elo rating system, understood the limitations of his invention. "It is a measuring tool, not a device of reward or punishment," he once remarked. "It is a means to compare performances, assess relative strength, not a carrot waved before a rabbit, or a piece of candy given to a child for good behavior."

TikTok has started testing its Instagram competitor, TikTok Notes, in Canada and Australia. TechCrunch reports: The company said on X that it is in the "early stage" of the app's rollout and that the app is "a dedicated space for photo and text content." "We hope that the TikTok community will use TikTok Notes to continue sharing their moments through photo posts. Whether documenting adventures, expressing creativity, or simply sharing snapshots of one's day, the TikTok Notes experience is designed for those who would like to share and engage through photo content," it said.

The company didn't say much about the app's features and functionality apart from the fact that users can log in with their existing TikTok account. Even the app's description in the app stores is pretty light on details. The screenshots on the App Store listing suggest that the posts will appear in two-column grids on the home page. The screenshots also indicate that you can post multiple photos through a carousel post.

Jess Weatherbed reports via The Verge: It's alive! A day after announcing it was retiring Atlas, its hydraulic robot, Boston Dynamics has introduced a new, all-electric version of its humanoid machine. The next-generation Atlas robot is designed to offer a far greater range of movement than its predecessor. Boston Dynamics wanted the new version to show that Atlas can keep a humanoid form without limiting "how a bipedal robot can move." The new version has been redesigned with swiveling joints that the company claims make it "uniquely capable of tackling dull, dirty, and dangerous tasks."

The teaser showcasing the new robot's capabilities is as unnerving as it is theatrical. The video starts with Atlas lying in a cadaver-like fashion on the floor before it swiftly folds its legs backward over its body and rises to a standing position in a manner befitting some kind of Cronenberg body-horror flick. Its curved, illuminated head does add some Pixar lamp-like charm, but the way Atlas then spins at the waist and marches toward the camera really feels rather jarring. The design itself is also a little more humanoid. Similar to bipedal robots like Tesla's Optimus, the new Atlas now has longer limbs, a straighter back, and a distinct "head" that can swivel around as needed. There are no cables in sight, and its "face" includes a built-in ring light. It is a marked improvement on its predecessor and now features a bunch of Boston Dynamics' new AI and machine learning tools. [...] Boston Dynamics said the new Atlas will be tested with a small group of customers "over the next few years," starting with Hyundai.

AltStore PAL has become one of the first alternative app marketplaces to launch in the European Union. Developed by Riley Testut, AltStore PAL is marketed as an open-source project designed to distribute apps from independent developers. MacRumors reports: At launch, it features two apps, including Testut's Delta game emulator and clipboard manager app Clip. Delta is also being simultaneously released in the App Store outside of the European Union, but it looks like EU customers will need to download it from AltStore. Testut says that once AltStore PAL is "running smoothly," third-party app developers will be able to submit their apps for distribution outside of the App Store. The app marketplace is designed to be decentralized with no directory, so developers will need to self-promote their apps and direct users to their websites to install an app through AltStore.

Distributing apps through AltStore is free of charge, but it is worth noting that apps that see more than one million first annual installs will need to pay Apple an 0.50 euro Core Technology Fee. App marketplaces have to pay the fee for every install with no free allowance, so AltStore is charged 0.50 euros each time it is installed. To afford the fee, Testut is charging 1.50 euros per year for AltStore PAL access. Testut has been working on AltStore PAL since Apple announced plans to support alternative app marketplaces in iOS 17.4. It is open to all apps, but Testut says that it makes the most sense for "smaller, indie apps that otherwise couldn't exist due to App Store rules." AltStore PAL is equipped with Patreon integration to allow developers to monetize their apps. Developers can offer their apps to just their patrons, and this method of distribution also allows for a sub-1 million cap on those who can subscribe to use an app.