Some early adopters of Apple's iPhone 15 have taken to social media to complain about overheating issues. Digital Trends' Bryan Wolfe writes: Over the past few days, various user complaints have popped up online by iPhone 15 owners saying their new devices are overheating. Some, for example, have taken to the Apple discussion groups to express their dismay, while others have left messages on Reddit and elsewhere. New smartphones commonly heat up more than usual during setup and in the first 24 hours of use, even those not manufactured by Apple. The issues being reported may have occurred during these instances. Speaking from personal experience, Android Authority's Aamir Siddiqui said he, too, has noticed his iPhone 15 Pro Max running very hot, even after the initial 24 hours of setup and settling in.

Korean YouTuber BullsLab also captured high temperatures using a thermal camera.

Bill Toulas writes via Bleeping Computer reports: Google is notifying Gmail users that the webmail's Basic HTML view will be deprecated in January 2024, and users will require modern browsers to continue using the service. After that date, all users of the popular webmail service will automatically be redirected to the more modern Standard view, which supports all the latest usability and security features.

The basic HTML view is a stripped-down version of Gmail that does not offer users chat, spell checking, keyboard shortcuts, adding or importing contacts, setting custom "from" addresses, or using rich text formatting. This feature is designed for people living in areas with internet access, using older hardware with limited memory, or using legacy web browsers that do not support current HTML features.

However, one of the biggest reasons users use HTML view is that text-to-speech tools used by users with visual impairment are more reliable, as the Standard view introduces technical complexities that are harder for these tools to manage. Nonetheless, Google has decided to retire Gmail's HTML view without providing specific reasons.

"As more companies enforce their office mandates, some workers are choosing to quit instead of complying and returning to the office," reports the Washington Post. Workers say their reasons for quitting include everything from family to commuting expenses to being required to relocate. And many workers worry that people like those with disabilities or who are primary caregivers may be left behind due to their inability to successfully work from the office... Workers are pushing back, penning letters to executives, staging walkouts and quitting despite the tight labor market. "I'm not surprised at all," Prithwiraj Choudhury, a Harvard Business School professor who studies the future of work, said about workers quitting. "By mandating these rigid policies, you're risking your top performers and diversity. It just doesn't make economic sense."

Choudhury said companies should provide overall guidance that allows each to determine how they best work after analysis and feedback from workers. That's especially important for women, whom Choudhury said are resigning in large numbers — a notion multiple surveys support... For some workers who moved or were hired remotely during the pandemic, commuting is a nearly impossible task, they say.
In a related note, Grindr tells the Post they're still requiring two-days-per-week in the office starting in October. Grindr they're looking forward to "further improving productivity and collaboration."

In 2020 Serbian scientists were gifted China's "Fire-Eye" labs, remembers the Washington Post. The sophisticated portable labs "excelled not only at cracking the genetic code for viruses, but also for humans, with machines that can decipher genetic instructions contained within the cells of every person on Earth, according to its Chinese inventors."

Although some of them were temporary, "scores" of the portable labs "were donated or sold to foreign countries during the pandemic," reports the Washington Post. But it adds that now those same labs "are attracting the attention of Western intelligence agencies amid growing unease about China's intentions." Some analysts perceive China's largesse as part of a global attempt to tap into new sources of highly valuable human DNA data in countries around the world. That collection effort, underway for more than a decade, has included the acquisition of U.S. genetics companies as well as sophisticated hacking operations, U.S. and Western intelligence officials say. But more recently, it received an unexpected boost from the coronavirus pandemic, which created opportunities for Chinese companies and institutes to distribute gene-sequencing machines and build partnerships for genetic research in places where Beijing previously had little or no access, the officials said. Amid the pandemic, Fire-Eye labs would proliferate quickly, spreading to four continents and more than 20 countries, from Canada and Latvia to Saudi Arabia, and from Ethiopia and South Africa to Australia. Several, like the one in Belgrade, now function as permanent genetic-testing centers...

BGI Group, the Shenzhen-based company that makes Fire-Eye labs, said it has no access to genetic information collected by the lab it helped create in Serbia. But U.S. officials note that BGI was picked by Beijing to build and operate the China National GeneBank, a vast and growing government-owned repository that now includes genetic data drawn from millions of people around the world. The Pentagon last year officially listed BGI as one of several "Chinese military companies" operating in the United States, and a 2021 U.S. intelligence assessment linked the company to the Beijing-directed global effort to obtain even more human DNA, including from the United States. The U.S. government also has blacklisted Chinese subsidiaries of BGI for allegedly helping analyze genetic material gathered inside China to assist government crackdowns on the country's ethnic and religious minorities...

Beijing's drive to sweep up DNA from across the planet has occasionally stirred controversy, particularly after a 2021 Reuters series about aspects of the project. Chinese academics and military scientists have also attracted attention by debating the feasibility of creating biological weapons that might someday target populations based on their genes. Genetic-based weapons are regarded by experts as a distant prospect, at best, and some of the discussion appears to have been prompted by official paranoia about whether the United States and other countries are exploring such weapons.

U.S. intelligence officials believe China's global effort is mostly about beating the West economically, not militarily. There is no public evidence that Chinese companies have used foreign DNA for reasons other than scientific research. China has announced plans to become the world's leader in biotechnology by 2035, and it regards genetic information — sometimes called "the new gold" — as a crucial ingredient in a scientific revolution that could produce thousands of new drugs and cures...

U.S. intelligence officials said in interviews that they have limited insight into how BGI handles DNA information acquired overseas, including whether genetic data from the Fire-Eye labs ultimately end up in the computers of China's military or intelligence services... Chinese law makes clear that any information collected using BGI's machines can be accessed by the Chinese government. A national intelligence law enacted in 2017 stipulates that Chinese firms and citizens are legally bound to share proprietary information acquired in foreign countries whenever requested.
Thanks to long-time Slashdot reader schwit1 for sharing the article

How many smartphone brands do you think have left the market since 2017? The likes of LG probably come to mind, then there are the many local, lesser-known brands. Maybe fifty, or one hundred? The actual figure is, astoundingly, nearly 500. TechSpot: Counterpoint Research's analysis shows that at its peak in 2017, there were more than 700 smartphone brands contributing to the 1.5 billion units sold annually. In 2023, that number is down by a third to almost 250. Nearly all of those brands that have shuttered over the last five years were local ones found in locations such as India, the Middle East, Africa, China, Japan, and South Korea. The number of global brands such as Samsung has remained consistent at over 30.

Counterpoint Research highlights several reasons behind the shrinking number of brands over the last seven years. The pandemic and component shortages that began in 2020 had a massive impact, while the global economic slowdown following Russia's invasion of Ukraine in 2022 has caused many smaller smartphone companies to shutter. The local brands have also been dealing with other factors killing off their businesses. More people are holding onto their devices for longer before upgrading, cheaper phones are improving in quality all the time, there's a maturing user base, we've seen technology transitions such as that from 4G to 5G, and a handful of big brands are holding on to more of the market.

HP is the latest company to announce a foldable-screen PC. From a report: The 17-inch Spectre Foldable PC has a keyboard that can be used wirelessly with the device propped up on its kickstand. Or you could magnetically attach the keyboard to the screen's bottom half or even slide the keyboard toward you for a 1.5-screen-like experience. The OLED device addresses concerns around battery life and portability by including two battery packs instead of one. But the bendy, Intel 12th-gen computer will have to do quite a lot to even begin rationalizing its staggering $5,000 price. The Spectre Fold works as a 17-inch, 0.33-inch (8.5 mm) thick OLED tablet. Uniquely, it has an integrated kickstand for propping the PC up at a 120-degree angle. This is key because HP cites the kickstand as one of the reasons the computer is so costly, but this also means you don't have to deal with separate origami stands/sleeves.

With the PC propped up, it should be easy to work with the included wireless keyboard or stylus, which both charge wirelessly on the device. The Bluetooth keyboard can attach to the bottom half of the PC's screen for a 12.3-inch laptop view. If you slide the keyboard down toward you, revealing more of the OLED, the PC will automatically display windows north of the keyboard. This scenario is like working on a 14-inch laptop. HP says it worked with Microsoft to customize Windows 11's Snap feature so it's easy to bring a window or two to the space above the docked keyboard. Lenovo's Yoga Book 9i, a clamshell laptop with a second OLED screen where you'd expect the keyboard and touchpad to be, also lets you place windows on top of a docked keyboard. But when I tested that laptop, I typically found looking down physically uncomfortable.

Last week IEEE Spectrum released its 10th annual rankings of the Top Programming Languages. It choose a top language for each of three categories: actively used among typical IEEE members and working software engineers, in demand by employers, or "in the zeitgeist".

The results? This year, Python doesn't just remain No. 1 in our general "Spectrum" ranking — which is weighted to reflect the interests of the typical IEEE member — but it widens its lead.

Python's increased dominance appears to be largely at the expense of smaller, more specialized, languages. It has become the jack-of-all-trades language — and the master of some, such as AI, where powerful and extensive libraries make it ubiquitous. And although Moore's Law is winding down for high-end computing, low-end microcontrollers are still benefiting from performance gains, which means there's now enough computing power available on a US $0.70 CPU to make Python a contender in embedded development, despite the overhead of an interpreter. Python also looks to be solidifying its position for the long term: Many children and teens now program their first game or blink their first LED using Python. They can then move seamlessly into more advanced domains, and even get a job, with the same language.

But Python alone does not make a career. In our "Jobs" ranking, it is SQL that shines at No. 1. Ironically though, you're very unlikely to get a job as a pure SQL programmer. Instead, employers love, love, love, seeing SQL skills in tandem with some other language such as Java or C++. With today's distributed architectures, a lot of business-critical data live in SQL databases...

But don't let Python and SQL's rankings fool you: Programming is still far from becoming a monoculture. Java and the various C-like languages outweigh Python in their combined popularity, especially for high-performance or resource-sensitive tasks where that interpreter overhead of Python's is still too costly (although there are a number of attempts to make Python more competitive on that front). And there are software ecologies that are resistant to being absorbed into Python for other reasons.
The article cites the statistical analysis/visualization language R, as well as Fortran and Cobol, as languages that are hard to port code from or that have accumulated large already-validated codebases. But Python also remains at #1 in their third "Trending" category — with Java in second there and on the general "IEEE Spectrum" list.

JavaScript appears below Python and Java on all three lists. Java is immediately below them on the Trending and "Jobs" list, but two positions further down on the general "Spectrum" list (below C++ and C).

The metrics used for the calculation include the number of hits on Google, recent questions on Stack Overflow, tags on Discord, mentions in IEEE's library of journal articles and its CareerBuilder job site, and language use in starred GitHub repositories and number of new programming books.

Star Trek: The Animated Series was a half-hour Saturday morning cartoon that premiered exactly one half century ago — yesterday. You can watch its opening credits sequence on YouTube — with its strange 1970s version of the theme song. CBS's YouTube channel also offers clips from various episodes.

Starting in 1973, it ran for two seasons — a total of just 22 episodes. But the BBC notes it kept Star Trek in people's minds after the original series had been cancelled in 1969: While The Original Series had struggled in the ratings during its initial run, the show thrived in syndication, and created the phenomenon of fan conventions (think Comic-con in the present day). Because of this, studios were interested in more Star Trek, but there was a problem: the sets had been scrapped, the costumes were gone, and it would have been cost-prohibitive to rebuild everything from scratch. NBC settled on a different approach: an animated series.

According to The Fifty-Year Mission by Mark Altman and Edward Gross (an oral history of Star Trek), Gene Roddenberry wasn't overly interested in an animated show in and of itself. However, he was willing to go along with it because he saw it as a stepping stone to another live-action show or a feature film. An animated show would energise fans, he thought, so he agreed on the condition that he would have full creative control of The Animated Series. After a fight, the network gave in. The full, regular cast returned, with the exception of Walter Koenig's Pavel Chekov, who was cut for budget reasons...

[I]t was very much conceived of as a continuation of The Original Series. Some of the episodes were direct sequels, such as More Tribbles, More Trouble, which is a continuation of the classic The Trouble with Tribbles, and featured the return of Cyrano Jones... [Another episode was a sequel to The City on the Edge of Forever.] Dorothy (DC) Fontana led a group of writers from the original show who mostly wrote for a traditional, adult Star Trek audience. That's why the show didn't catch on — while it was well-received by critics, it might have done better in prime time. The show won a Daytime Emmy for best children's series, but it was cancelled after two years because of low ratings. Roddenberry then moved on to work on another live-action series, called Phase II, which would eventually become Star Trek: The Motion Picture...

Whatever is decided regarding "the canon", The Animated Series sits firmly within Star Trek's guiding ethos: Gene Roddenberry's vision for a utopian future where humans coexist peacefully with aliens as part of a Federation, and there's no poverty or war.

Scientists have grown humanized kidneys in pigs, raising the prospect of human organs being grown inside animals. The Guardian reports: The research involved creating human-pig chimeric embryos containing a combination of human and pig cells. When transferred into surrogate pig mothers, the developing embryos were shown to have kidneys that contained mostly human cells, marking the first time that scientists have grown a solid humanized organ inside another animal. The kidneys were not entirely human as they included vasculature and nerves made mostly from pig cells, meaning they could not be used for transplantation in their current form. It is not clear whether the challenge of making a wholly human organ would be achievable with current genetic engineering techniques.

Aside from the kidneys, the embryos were dominated by pig cells, with very few human cells in the brain or central nervous system. The potential for a humanized brain is a serious ethical concern for research involving hybrid embryos and one of the reasons for tight legal restrictions on research in many countries. [...] After being cultivated in the lab, the chimeric embryos were transferred to 13 surrogate sows. After either 25 or 28 days, the gestation was terminated and embryos were extracted and assessed. The embryos had structurally normal kidneys for their stage of development, showing the tubules that would eventually connect the kidney to the bladder, and were composed of 50-60% human cells. Very human neural cells were found in the brain and spinal cord. The research has been published in the journal Cell Stem Cell.

The UK's worst air-traffic outage in a decade was caused by an anomaly in the airspace manager's software system, which confused two geographical checkpoints separated by some 4,000 nautical miles. From a report: The UK's Civil Aviation Authority said Wednesday it will conduct an independent review of the incident, which forced hundreds of flights to be canceled or delayed last week after an error in processing an airline's flight plan. The glitch triggered a shutdown of the software system run by NATS for safety reasons, according to a preliminary report from the public-private partnership formerly called National Air Traffic Services. This forced air-traffic staff to input flight plans manually, drastically reducing the amount of air traffic that could be processed.

The event sent airlines and airports in the UK into turmoil on Aug. 28, leaving planes out of position and passengers stranded. Nearly 800 flights leaving UK airports were canceled, with a similar number of arrivals scrapped, according to analytics firm Cirium. The report by NATS showed that on the day of the incident, an airline entered a plan into the system which led through UK airspace. NATS Chief Executive Officer Martin Rolfe declined to discuss details of the flight, such as its route or the airline involved, saying the specifics weren't pertinent to the outage. While the flight plan wasn't faulty, it threw off the system because the software used by NATS received duplicate identities for two different points on the map. There are an infinite number of flight-plan waypoints in the world, and duplicates remain despite work to remove them, according to Rolfe.

Timothy Geigner writes via Techdirt: Paramount has gone after fan-made works playing off of the franchise for years and years. Even Paramount's release of guidelines by which fans could create fan films served mostly as a giant middle finger to the fandom, so stringent were the rules. This apparently represents the owners of Star Trek's IP being completely deaf to the history of Star Trek and the internet and what the fans have meant to the franchise. And this all continued into the present day.

Recently, a fan-made project called Wolf 359 Project suffered a DMCA takedown from Paramount. If you're a Next Generation fan, that name will likely sound familiar: "The Battle of Wolf 359 hearkens to a classic The Next Generation two-episode event called 'The Best of Both Worlds.' Captain Picard is assimilated by the Borg, and before the Enterprise crew rescues him, the relentless Borg forces fight a battle that kills 11,000 people. Star Trek: Picard Season 3 dealt with this, specifically through the character of Captain Liam Shaw. It was the first time someone described the Starfleet experience during one of the costliest battles in Star Trek history. Star Trek fans are never one to let a good idea go to waste, and The Wolf 359 Project is a fan-written oral history of the battle. The 'book' ran over 500 pages long, and its authors were giving it away for free. However, Paramount issued a Digital Millennium Copyright Act strike against it."

So here's what this essentially is: fans who love TNG filling in the gaps of the original story they love with the unexplored rest of the universe of people who would have been impacted by that storyline. That's important for two reasons. First and foremost, this doesn't take anything away from Paramount's Star Trek production, and in fact does the opposite. The project doesn't replace the original episodes, but rather builds upon them. In other words, this project could only possibly serve to draw more interest to Paramount's product, since the book isn't going to make much sense to anyone who hasn't seen the original episodes. Second, this is a work being done for free, given away for free, all by fans that are doing what Star Trek fans have always done: create. [...] ]

This month the official Rust blog announced: For the 6th year in a row, the Rust Project conducted a survey on the Rust programming language, with participation from project maintainers, contributors, and those generally interested in the future of Rust. This edition of the annual State of Rust Survey opened for submissions on December 5 and ran until December 22, 2022... [W]e had 9,433 total survey completions and an increased survey completion rate of 82% vs. 76% in 2021...

- More people are using Rust than ever before! Over 90% of survey respondents identified as Rust users, and of those using Rust, 47% do so on a daily basis — an increase of 4% from the previous year.

- 30% of Rust user respondents can write simple programs in Rust, 27% can write production-ready code, and 42% consider themselves productive using Rust. Of the former Rust users who completed the survey, 30% cited difficulty as the primary reason for giving up while nearly 47% cited factors outside of their control.

- The growing maturation of Rust can be seen through the increased number of different organizations utilizing the language in 2022. In fact, 29.7% of respondents stated that they use Rust for the majority of their coding work at their workplace, which is a 51.8% increase compared to the previous year.

- There are numerous reasons why we are seeing increased use of Rust in professional environments. Top reasons cited for the use of Rust include the perceived ability to write "bug-free software" (86%), Rust's performance characteristics (84%), and Rust's security and safety guarantees (69%). We were also pleased to find that 76% of respondents continue to use Rust simply because they found it fun and enjoyable. (Respondents could select more than one option here, so the numbers don't add up to 100%.)

- Of those respondents that used Rust at work, 72% reported that it helped their team achieve its goals (a 4% increase from the previous year) and 75% have plans to continue using it on their teams in the future.

- But like any language being applied in the workplace, Rust's learning curve is an important consideration; 39% of respondents using Rust in a professional capacity reported the process as "challenging" and 9% of respondents said that adopting Rust at work has "slowed down their team". However, 60% of productive users felt Rust was worth the cost of adoption overall...

- Of those respondents who shared their main worries for the future of Rust, 26% have concerns that the developers and maintainers behind Rust are not properly supported — a decrease of more than 30% from the previous year's findings. One area of focus in the future may be to see how the Project in conjunction with the Rust Foundation can continue to push that number towards 0%.

- While 38% have concerns about Rust "becoming too complex", only a small number of respondents were concerned about documentation, corporate oversight, or speed of evolution. 34% of respondents are not worried about the future of Rust at all.

This year's survey reflects a 21% decrease in fears about Rust's usage in the industry since the last survey.

An anonymous reader quotes a report from Ars Technica: A federal judge yesterday granted Google's motion to dismiss a lawsuit filed by the Republican National Committee (RNC), which claims that Google intentionally used Gmail's spam filter to suppress Republicans' fundraising emails. An order (PDF) dismissing the lawsuit was issued yesterday by US District Judge Daniel Calabretta. The RNC is seeking "recovery for donations it allegedly lost as a result of its emails not being delivered to its supporters' inboxes," Calabretta noted. But Google correctly argued that the lawsuit claims are barred by Section 230 of the Communications Decency Act, the judge wrote. The RNC lawsuit was filed in October 2022 in US District Court for the Eastern District of California.

"While it is a close case, the Court concludes that... the RNC has not sufficiently pled that Google acted in bad faith in filtering the RNC's messages into Gmail users' spam folders, and that doing so was protected by Section 230. On the merits, the Court concludes that each of the RNC's claims fail as a matter of law for the reasons described below," he wrote. Calabretta, a Biden appointee, called it "concerning that Gmail's spam filter has a disparate impact on the emails of one political party, and that Google is aware of and has not yet been able to correct this bias." But he noted that "other large email providers have exhibited some sort of political bias" and that if Google did not filter spam, it would harm its users by subjecting them "to harmful malware or harassing messages. On the whole, Google's spam filter, though in this instance imperfect, is not morally blameworthy."

The RNC was given leave to amend another claim that alleged intentional interference with prospective economic relations under California law. The judge dismissed the claim as follows: "The RNC argues that Google's conduct was independently wrongful because '(1) it is political discrimination against the RNC, (2) it is dishonest to Google's users and the public, and (3) Google repeatedly lied about it.' As established above, political discrimination is not prohibited by California anti-discrimination laws and so Google's alleged discrimination would not be unlawful. The latter two reasons do not provide a 'determinable legal standard' under which the Court could find the conduct wrongful; they rest on a 'nebulous' theory of wrongfulness which other courts have rejected." The RNC "has failed to establish that Defendant's alleged interference constituted a separate, independently 'wrongful act' that would be an appropriate predicate offense" but "will be granted leave to amend this claim to establish that Defendant's conduct was unlawful by some legal measure," Calabretta wrote. Google said in a statement: "We welcome the Court's finding that there are no plausible allegations that Gmail's spam filters discriminate for political purposes. We will continue investing in spam-filtering technologies that protect people from unwanted emails while still allowing senders to reach the inboxes of users who want their messages."

Better.com, the digital mortgage lender in the news earlier this year when its CEO fired roughly 900 workers via Zoom, picked a bad time to go public. "Shares of the Softbank-backed company plunged 93% as it began trading as BETR on the Nasdaq Thursday, falling more than $16 per share to $1.19 by mid-day," reports Fast Company. It went public via a merger with special purpose acquisition company (SPAC) Aurora Acquisition Corp. Before its merger with BETR, Aurora had a 52-week high of $62.91. From the report: The disastrous public launch comes two years after the company initially filed to go public, but it (and the real estate market) has faced a number of challenges in the time since. The outlook for homebuying is bleak, to put it mildly, for the near- to mid-term future. Mortgage rates are at their highest point since 2000 -- hitting 7.31% last week -- and showing no signs of a turnaround. Because the majority of American homeowners have mortgages at or well below 5%, they're reticent to put their homes on the market, which creates a supply shortage, even for those who are willing to accept the high rates. But Better's own history could be working against it, as well.

The company came under fire in December 2021 for laying off 900 employees via Zoom. (Some didn't know they'd been affected until they learned they were locked out of company accounts.) A few months later, it cut another 3,000 workers. One month after, that it slashed another 1,000 jobs. Eventually, the company cut 91% of its workforce over an 18-month period. That wasn't the end of the problems, though. In a leaked video of a town hall meeting following the first round of layoffs, CEO Vishal Garg was shown vacillating on the reasons, blaming everything from marketplace forces to the recently-canned employees' performance.

"Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary," reports Bleeping Computer.

"The move has generated a fair amount of push back among developers who worry about its future legal and technical implications, along with a potential for supply chain attacks, should the maintainer account publishing these binaries be compromised." According to the Rust package registry, crates.io, serde has been downloaded over 196 million times over its lifetime, whereas the serde_derive macro has scored more than 171 million downloads, attesting to the project's widespread circulation... The Serde ecosystem consists of data structures that know how to serialize and deserialize themselves along with data formats that know how to serialize and deserialize other things," states the project's website. Whereas, "derive" is one of its macros...

Some Rust developers request that precompiled binaries be kept optional and separate from the original "serde_derive" crate, while others have likened the move to the controversial code change to the Moq .NET project that sparked backlash. "Please consider moving the precompiled serde_derive version to a different crate and default serde_derive to building from source so that users that want the benefit of precompiled binary can opt-in to use it," requested one user. "Or vice-versa. Or any other solution that allows building from source without having to patch serde_derive... Having a binary shipped as part of the crate, while I understand the build time speed benefits, is for security reasons not a viable solution for some library users."

Users pointed out how the change could impact entities that are "legally not allowed to redistribute pre-compiled binaries, by their own licenses," specifically mentioning government-regulated environments.
The official response from Serde's maintainer: "The precompiled implementation is the only supported way to use the macros that are published in serde_derive. If there is implementation work needed in some build tools to accommodate it, someone should feel free to do that work (as I have done for Buck and Bazel, which are tools I use and contribute significantly to) or publish your own fork of the source code under a different name.

"Separately, regarding the commentary above about security, the best path forward would be for one of the people who cares about this to invest in a Cargo or crates.io RFC around first-class precompiled macros so that there is an approach that would suit your preferences; serde_derive would adopt that when available."

While Apple's next line of smartwatches is expected to be a minor upgrade, the company is working on a revamped "Watch X" update for the device's 10th anniversary. Bloombeg's Mark Gurman reports: Apple is planning a splashy upgrade for its smartwatch, but you won't see it this year. The 2023 models, due next month, will be a minor refresh -- the kind of incremental update that has characterized the product in recent years. Inside Apple, executives have pondered the idea of switching away from this slow-but-steady annual upgrade cycle. The deliberations haven't gotten far (Apple has dutifully released a new watch every year since the category debuted in 2015), but recent updates to the device underscore why this is even a discussion. [...] Fact is, Apple isn't giving consumers many reasons to buy a new watch with each generation. The company did launch an impressive new Apple Watch Ultra last year that spurred upgrades at the high end, but 2023 will (once again) be another low-key year. [...]

Because of the Apple Watch's slow evolution over the years, the design has remained largely the same since the Series 4 launched in 2018 -- aside from the Ultra model. But that's poised to change. Apple is planning a "Watch X" model to mark the device's 10-year anniversary, and it promises to be the biggest overhaul yet. (The category was unveiled in 2014 and released the following year, so Apple is planning to launch Watch X either in 2024 or 2025.) With the X model, Apple designers are working on a thinner watch case and have explored changing the way bands are attached to the device.

Starting with the original Apple Watch, bands have slid into the sides of the chassis and attached with a locking mechanism. Keeping that design the same let the bands stay compatible with old and new models, but it has downsides. People involved in the development of new Apple Watches say the system takes up a considerable amount of space that could be better filled with a bigger battery or other components. To that end, the company has explored a new magnetic band attachment system, though it's unclear if it will be ready or used in the Watch X revamp. Even bigger changes are coming as well: a microLED display that tops the color and clarity of the current OLED screens, as well as a technology for monitoring blood pressure.

"Teams across Google are working hard to prepare the web for the migration to quantum-resistant cryptography," writes Chrome's technical program manager for security, Devon O'Brien.

"Continuing with our strategy for handling this major transition, we are updating technical standards, testing and deploying new quantum-resistant algorithms, and working with the broader ecosystem to help ensure this effort is a success." As a step down this path, Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115. This hybrid mechanism combines the output of two cryptographic algorithms to create the session key used to encrypt the bulk of the TLS connection:

X25519 — an elliptic curve algorithm widely used for key agreement in TLS today
Kyber-768 — a quantum-resistant Key Encapsulation Method, and NIST's PQC winner for general encryption

In order to identify ecosystem incompatibilities with this change, we are rolling this out to Chrome and to Google servers, over both TCP and QUIC and monitoring for possible compatibility issues. Chrome may also use this updated key agreement when connecting to third-party server operators, such as Cloudflare, as they add support. If you are a developer or administrator experiencing an issue that you believe is caused by this change, please file a bug.
The Register delves into Chrome's reasons for implementing this now: "It's believed that quantum computers that can break modern classical cryptography won't arrive for 5, 10, possibly even 50 years from now, so why is it important to start protecting traffic today?" said O'Brien. "The answer is that certain uses of cryptography are vulnerable to a type of attack called Harvest Now, Decrypt Later, in which data is collected and stored today and later decrypted once cryptanalysis improves." O'Brien says that while symmetric encryption algorithms used to defend data traveling on networks are considered safe from quantum cryptanalysis, the way the keys get negotiated is not. By adding support for a hybrid KEM, Chrome should provide a stronger defense against future quantum attacks...

Rebecca Krauthamer, co-founder and chief product officer at QuSecure, told The Register in an email that while this technology sounds futuristic, it's useful and necessary today... [T]he arrival of capable quantum computers should not be thought of as a specific, looming date, but as something that will arrive without warning. "There was no press release when the team at Bletchley Park cracked the Enigma code, either," she said.

An anonymous reader quotes a report from CNN: The founder and former CEO of Russia's largest internet company, Arkady Volozh, has slammed Vladimir Putin's "barbaric" war in Ukraine, becoming one of the most prominent Russian businessmen to express criticism of what Russia still calls euphemistically its "special military operation." "I've been asked a lot of questions over the past year, and especially a lot of them came up this week. I would like to clarify my position," he said in a statement released to the media. "I am totally against Russia's barbaric invasion of Ukraine, where I, like many, have friends and relatives. I am horrified by the fact that every day bombs fly into the homes of Ukrainians," said Volozh, describing himself "as a "Kazakhstan-born, Israeli tech entrepreneur, computer scientist, investor, and philanthropist." "Despite the fact that I have not lived in Russia since 2014, I understand that I also have a share of responsibility for the actions of the country," he added. "There were many reasons why I had to remain silent. You can argue about the timeliness of my statement, but not about its substance. I am against war."

In June 2022, Volozh quit as CEO of Yandex (YNDX), which also operates Russia's most popular search engine, after he was sanctioned by the European Union over Russia's actions in Ukraine. "Volozh is a leading businessperson involved in economic sectors providing a substantial source of revenue to the Government of the Russian Federation, which is responsible for the annexation of Crimea and the destabilization of Ukraine," the EU said. "Yandex is also responsible for promoting State media and narratives in its search results, and de-ranking and removing content critical of the Kremlin, such as content related to Russia's war of aggression against Ukraine." In his statement, Volozh said after moving to Israel in 2014, he has been working on developing Yandex's international projects. "But in February 2022, the world changed, and I realized that my story with Yandex was over."

"After the outbreak of the war, I focused on supporting talented Russian engineers who decided to leave the country and start a new life. It turned out to be a difficult task that required a lot of effort, attention and caution," he said. "Now these people are outside of Russia and can start doing something new in the most advanced areas of technology. They will be of great benefit to the countries where they remain," he added. Volozh went on to say that when Yandex was created, "We believed that we were building a new Russia -- an open, progressive, integrated into the global economy, known in the world not only for its raw materials." However, "over time, it became clear that Russia was in no hurry to become part of the global world. At the same time, the pressure on the company grew," he said. "But we did not give up, we did our best despite the external conditions. Has it always been possible to find the right balance? Now, looking back, it is clear that something could have been done differently."

An anonymous reader quotes a report from BleepingComputer: Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Distributed on the NuGet software registry, Moq sees over 100,000 downloads on any given day, and has been downloaded over 476 million times over the course of its lifetime. [...] Last week, one of Moq's owners, Daniel Cazzulino (kzu), who also maintains the SponsorLink project, added SponsorLink to Moq versions 4.20.0 and above. This move sent shock waves across the open source ecosystem largely for two reasons -- while Cazzulino has every right to change his project Moq, he did not notify the user base prior to bundling the dependency, and SponsorLink DLLs contain obfuscated code, making it is hard to reverse engineer, and not quite "open source."

"It seems that starting from version 4.20, SponsorLink is included," Germany-based software developer Georg Dangl reported referring to Moq's 4.20.0 release. "This is a closed-source project, provided as a DLL with obfuscated code, which seems to at least scan local data (git config?) and sends the hashed email of the current developer to a cloud service." The scanning capability is part of the .NET analyzer tool that runs during the build process, and is hard to disable, warns Dangl. "I can understand the reasoning behind it, but this is honestly pretty scary from a privacy standpoint."

SponsorLink describes itself as a means to integrate GitHub Sponsors into your libraries so that "users can be properly linked to their sponsorship to unlock features or simply get the recognition they deserve for supporting your project." GitHub user Mike (d0pare) decompiled the DLLs, and shared a rough reconstruction of the source code. The library, according to the analyst, "spawns external git process to get your email." It then calculates a SHA-256 hash of the email addresses and sends it to SponsorLink's CDN: hxxps://cdn.devlooped[.]com/sponsorlink. "Honestly Microsoft should blacklist this package working with the NuGet providers," writes Austin-based developer Travis Taylor. "The author can't be trusted. This was an incredibly stupid move that's just created a ton of work for lots of people." Following the backlash, Cazzulino updated the SponsorLink project's README with a lengthy "Privacy Considerations" section that clarifies that no actual email addresses, just their hashes, are being collected.

The UK's Electoral Commission revealed that a cyber attack granted access to the data of 40 million voters. It went unnoticed for a year and was not disclosed to the public for an additional 10 months. The Guardian reports: The Electoral Commission apologized for the security breach in which the names and addresses of all voters registered between 2014 and 2022 were open to "hostile actors" as far back as August 2021. The attack was discovered last October and reported within 72 hours to the Information Commissioner's Office (ICO), as well as the National Crime Agency. However, the public has only now been informed that the electoral registers containing the data of millions of voters may have been accessible throughout that time.

The Electoral Commission said it was "not able to know conclusively" what information had been accessed. It is not known whether the attackers were linked to a hostile state, such as Russia, or a criminal cyber gang. The watchdog said "much of the data" was already in the public domain and insisted it would be difficult for anyone to influence the outcome of the UK's largely paper-based electoral system, but it acknowledged that voters would still be concerned.

The attackers were able to access full copies of the electoral registers, held by the commission for research purposes and to enable permissibility checks on political donations. These registers include the name and address of anyone in the UK who was registered to vote between 2014 and 2022. The commission's email system was also accessible during the attack. The full register held by the Electoral Commission contains name and address data that can be inspected by the public but only locally through electoral registration officers, with only handwritten notes allowed. The information is not permitted to be used for commercial or marketing purposes. The data of anonymous voters whose details are private for safety reasons and the addresses of overseas voters were not accessible to the intruders in the IT system. A spokesperson for the ICO, the UK's independent regulator on data protection, said: "The Electoral Commission has contacted us regarding this incident and we are currently making inquiries."

They added: "We recognize this news may cause alarm to those who are worried they may be affected and we want to reassure the public that we are investigating as a matter of urgency. In the meantime, if anyone is concerned about how their data has been handled, they should get in touch with the ICO or check our website for advice and support."