Tech News

Juli Clover, MacRumors:

Apple today seeded the first betas of upcoming iOS 18.2, iPadOS 18.2, and macOS Sequoia 15.2 updates to developers for testing purposes. The betas have been released while Apple is still working on iOS 18.1, iPadOS 18.1, and macOS Sequoia 15.1, updates that are set to be released next week.

Apple is rolling out Apple Intelligence features in waves, and while the first wave coming next week is relatively small, the next one is pretty big. These first developer betas of iOS 18.2 and MacOS 15.2 include: categorization and priority inbox sorting in Mail, Genmoji, Image Playgrounds (including Image Wand, where a rough sketch in Notes can be transformed into a detailed image), and ChatGPT’s integration for more complex “world knowledge” requests. And, for iPhone 16 users, Visual Intelligence.

These developer betas also contain new APIs for third-party apps: the Writing Tools API (which will allow any text app to support the features only Apple’s first-party apps have access to in iOS 18.1 and MacOS 15.1), Genmoji API (so third-party messaging apps can support them like Messages will), and Image Playground API.

With the initial wave in next week’s public releases of iOS 18.1 and MacOS 15.1, most Apple Intelligence features announced at WWDC are still missing. With these new developer betas, only a few features remain absent: priority notifications, and Siri’s more advanced features like in-app actions and personal knowledge context (the “When’s my mom’s flight arriving?” feature).

 ★ 

Andy McCullough, reporting for The Athletic:

Fernando Valenzuela, the Mexican southpaw who became an icon in Los Angeles during his rookie season with the Los Angeles Dodgers and remained a vibrant part of the franchise’s fabric for the next four decades, died Tuesday, the Dodgers confirmed. He was 63. [...]

In 2023, the Dodgers recognized Valenzuela’s indelible place within franchise lore by altering a club policy in his honor: Valenzuela became the first Dodger to see his number retired without reaching the Hall of Fame. Before the ceremony in August 2023, as his No. 34 took its place at Dodger Stadium in between Sandy Koufax’s No. 32 and Roy Campanella’s No. 39, Valenzuela pronounced himself shocked.

“It never crossed my mind that this would ever happen,” Valenzuela said. “Like being in the World Series my rookie year, I never thought that would happen.”

I’m only barely old enough to remember Fernandomania, but it was a genuine nationwide sensation. Everyone knew who “Fernando” was, even people who cared little to nothing about baseball. Every kid I knew, boys and girls alike, wanted a Fernando baseball card (or sticker — baseball stickers were the thing at the time).

In 1978, Valenzuela — the 12th of 12 children in a poor Mexican farming family — was a 17-year-old, pitching in an obscure Mexican pro league. A Dodgers scout who’d gone to evaluate a shortstop on the opposing team instead found himself captivated by Valenzuela’s pitching. Two years later he was an end-of-season call-up in the Dodgers’ big-league bullpen.

Then came 1981. Thanks to a fluke injury to the Dodgers’ intended starter, Valenzuela was their starting pitcher on opening day. He threw a complete game shutout. He started the season 8-0 with an ERA of 0.50. He pitched all 9 innings in each of those 8 games. His best pitch was a screwball (a breaking ball that curves the “wrong” way) — a bygone pitch no one even throws any more. His physique was more beer league than major league. His windup was comically exaggerated — more like Bugs Bunny than a typical major league pitcher. Down 2 games to 0, he led the Dodgers to victory in game 3 of the 1981 World Series against the Dodgers’ most-despised foe, the Yankees, and the Dodgers won the next 3 games to take the championship. He won both the Rookie of the Year and Cy Young awards. He spoke very little English at the time, but had a charisma that broke any language barrier. He was 20 years old.

I was 8 at the time, and already a very sore loser. Valenzuela was the first athlete I can remember from an opposing team whom I had mixed feelings about. You just couldn’t help but like him.

See More: “Remembering Fernandomania” — a splendid 11-minute short film MLB produced a few years ago. The film does a great job emphasizing how much Valenzuela meant to the Mexican-American community in Los Angeles. His playing heyday was 40 years ago, but his influence on the Dodgers’ relationship to their then-still-kinda-new home city remains palpable today.

And One More: Watch this clip from 2017 and not get goosebumps. I dare you.

 ★ 

The beta versions of iOS 18.2, iPadOS 18.2, and macOS 15.2 are now available. Get your apps ready by confirming they work as expected on these releases. And make sure to build and test with Xcode 16.2 beta to take advantage of the advancements in the latest SDKs.

As previewed earlier this year, changes to the browser choice screen, default apps, and app deletion for EU users, as well as support in Safari for exporting user data and for web browsers to import that data, are now available in the beta versions of iOS 18.2 and iPadOS 18.2.

These releases also include improvements to the Apps area in Settings first introduced in iOS 18 and iPadOS 18. All users worldwide will be able to manage their default apps via a Default Apps section at the top of the Apps area. New calling and messaging defaults are also now available for all users worldwide.

Following feedback from the European Commission and from developers, in these releases developers can develop and test EU-specific features, such as alternative browser engines, contactless apps, marketplace installations from web browsers, and marketplace apps, from anywhere in the world. Developers of apps that use alternative browser engines can now use WebKit in those same apps.

View details about the browser choice screen, how to make an app available for users to choose as a default, how to create a calling or messaging app that can be a default, and how to import user data from Safari.

The Apple Developer Program License Agreement and its Schedules 1, 2, and 3 have been updated to support updated policies and upcoming features, and to provide clarification. Please review the changes below and accept the updated terms in your account.

Apple Developer Program License Agreement

• Definitions, Section 3.3.3(J): Specified requirements for use of App Intents.
• Definitions, Section 3.3.5(C): Clarified requirements for use of Sign in With Apple.
• Definitions, Section 3.3.8(G): Specified requirements for use of the Critical Messaging API.
• Definitions, Sections 3.3.9(C): Clarified requirements for use of the Apple Pay APIs; updated definition of “Apple” for use of the Apple Pay APIs.
• Attachment 2: Clarified requirements for use of the In-App Purchase API.

Schedules 1, 2, and 3

Apple Services Pte. Ltd. is now the Apple legal entity responsible for the marketing and End-User download of the Licensed and Custom Applications by End-Users located in the following regions:

• Bhutan
• Brunei
• Cambodia
• Fiji
• Korea
• Laos
• Macau
• Maldives
• Micronesia, Fed States of
• Mongolia
• Myanmar
• Nauru
• Nepal
• Papua New Guinea
• Palau
• Solomon Islands
• Sri Lanka
• Tonga
• Vanuatu

Paid Applications Agreement (Schedules 2 and 3)

Exhibit B: Indicated that Apple shall not collect and remit taxes for local developers in Nepal and Kazakhstan, and such developers shall be solely responsible for the collection and remittance of such taxes as may be required by local law.

Exhibit C:

1. Section 6: Clarified that Apple will apply Korean VAT on the commissions payable by Korean developers to Apple to be deducted from remittance with respect to sales to Korean customers pursuant to local tax laws.
2. Section 10: For Singaporean developers who have registered for Singapore GST and have provided their Singapore GST registration number to Apple, clarified that Apple will apply Singaporean GST on the commissions payable by Singaporean developers to Apple to be deducted from remittance with respect to sales to Singaporean customers pursuant to local tax laws.

View the full terms and conditions

Translations of the Apple Developer Program License Agreement will be available on the Apple Developer website within one month.

Nilay Patel, after interviewing Intuit CEO Sasan Goodarzi for his Decoder podcast at The Verge:

It’s also not just lobbying: in 2022, a coalition of attorneys general from all 50 states got Intuit to agree to a $141 million settlement that required Intuit to refund low-income Americans who were eligible for free filing but were redirected to paid products. In 2023, the FTC found that TurboTax’s “free” marketing was willfully deceptive, and after the agency won an appeal early this year, Intuit was ordered to stop doing it.

I asked about that, and Sasan disagreed with me, and we went back and forth for a few minutes on it. It’s Decoder; we have exchanges like this all the time, and I didn’t think anything of it.

But then I got a note from Rick Heineman, the chief communications officer at Intuit, who called the line of questioning and my tone “inappropriate,” “egregious,” and “disappointing” and demanded that we delete that entire section of the recording. I mean, literally — he wrote a long email that ended with “at the very least the end portion of your interview should be deleted.”

We don’t do that here at The Verge.

What’s bananas about this is that the contentious segment of the interview ... wasn’t really all that contentious? If not for this controversy generated entirely by Intuit’s own comms chief, I’d have listened to the episode and might not have even thought twice about the whole segment on Intuit’s lobbying against the IRS and tax code being updated to eliminate the need for complicated tax filing. Of course Patel was going to bring this up. It’d have been shocking if he hadn’t. And I think Sasan presented Intuit’s case about as well it can be presented.

But now the episode has been the number one story at The Verge all day, and surely getting way more listens than the average Decoder episode — with listeners primed to pay attention to the segment on Intuit’s anti-tax-reform lobbying and the penalty they were fined for bilking low-income users into paid service they didn’t need.

And the Streisand effect isn’t counterintuitive. It’s obvious human nature. We want to look at and listen to things we’re told not to look at or listen to.

 ★ 

Joanna Stern, writing for The Wall Street Journal (News+):

If you’re expecting AI fireworks, prepare for AI … sparklers. Back in June, at the company’s annual developers conference, executives showed off do-it-yourself emojis, ChatGPT integration and a Siri that can recall the name of a person you met months ago. Apple has even been running ads for some features. None are in this release.

“This is a big lift,” Craig Federighi, Apple’s senior vice president of software engineering, told me at the company’s headquarters. “You could put something out there and have it be sort of a mess. Apple’s point of view is more like, ‘Let’s try to get each piece right and release it when it’s ready.’”

Yes, while other companies rush out generative-AI tools, sometimes with controversy, Apple is moving cautiously. Federighi denies the company is behind, saying it’s prioritizing privacy and responsibility.

It’s a very good interview, and also available on YouTube.

And yes, the higher-profile, more whiz-bang-y Apple Intelligence features aren’t shipping next week in iOS 18.1 and MacOS 15.1. But as Stern herself points out in the article, the features that are shipping are genuinely useful. Notification summaries are good — the occasional mistakes can be funny, but overall it’s solid, and especially helpful for batches of notifications from the same app or group text. The Clean Up unwanted-object-remover in Photos is great. I still haven’t spent much time trying the writing tools, but Stern has, and finds them useful. These are tools that will be used in everyday situations, in the apps they already use, by normal, non-technical iOS and Mac users. There’s a reason Apple is doing a full-court media press on this.

 ★ 

Jeffrey Goldberg, in a must-read, must-share piece for The Atlantic (this is a gift link, which should get you through The Atlantic’s subscriber paywall, and which link I encourage you to share with every potential voter you know):

In their book, The Divider: Trump in the White House, Peter Baker and Susan Glasser reported that Trump asked John Kelly, his chief of staff at the time, “Why can’t you be like the German generals?” Trump, at various points, had grown frustrated with military officials he deemed disloyal and disobedient. (Throughout the course of his presidency, Trump referred to flag officers as “my generals.”) According to Baker and Glasser, Kelly explained to Trump that German generals “tried to kill Hitler three times and almost pulled it off.” This correction did not move Trump to reconsider his view: “No, no, no, they were totally loyal to him,” the president responded.

This week, I asked Kelly about their exchange. He told me that when Trump raised the subject of “German generals,” Kelly responded by asking, “‘Do you mean Bismarck’s generals?’” He went on: “I mean, I knew he didn’t know who Bismarck was, or about the Franco-Prussian War. I said, ‘Do you mean the kaiser’s generals? Surely you can’t mean Hitler’s generals? And he said, ‘Yeah, yeah, Hitler’s generals.’ I explained to him that Rommel had to commit suicide after taking part in a plot against Hitler.” Kelly told me Trump was not acquainted with Rommel. [...]

As president, Trump evinced extreme sensitivity to criticism from retired flag officers; at one point, he proposed calling back to active duty Admiral William McRaven and General Stanley McChrystal, two highly regarded Special Operations leaders who had become critical of Trump, so that they could be court-martialed. Esper, who was the defense secretary at the time, wrote in his memoir that he and Milley talked Trump out of the plan. [...] Trump has responded incredulously when told that American military personnel swear an oath to the Constitution, not to the president.

There’s no hope for the deep-MAGA derps who actually cheer this on. Trump’s hope for another electoral victory, however, depends upon large swaths of conservative, or even just conservative-ish, voters who don’t take him seriously, who haven’t paid attention to all the red flags and evidence from his first term, and think he doesn’t mean what he says. He says a lot of crazy shit, yes, but when he talks about what he wants to do, he means it. There’s very little he said he wanted to do in his first term that he either didn’t do, or didn’t try to do.

Goldberg:

On separate occasions in 2020, Trump held private conversations in the White House with national-security officials about the George Floyd protests. “The Chinese generals would know what to do,” he said, according to former officials who described the conversations to me, referring to the leaders of the People’s Liberation Army, which carried out the Tiananmen Square massacre in 1989. (Pfeiffer denied that Trump said this.) Trump’s desire to deploy U.S. troops against American citizens is well documented. During the nerve-racking period of social unrest following Floyd’s death, Trump asked Milley and Esper, a West Point graduate and former infantry officer, if the Army could shoot protesters. “Trump seemed unable to think straight and calmly,” Esper wrote in his memoir. “The protests and violence had him so enraged that he was willing to send in active-duty forces to put down the protesters. Worse yet, he suggested we shoot them. I wondered about his sense of history, of propriety, and of his oath to the Constitution.” Esper told National Public Radio in 2022, “We reached that point in the conversation where he looked frankly at General Milley, and said, ‘Can’t you just shoot them, just shoot them in the legs or something?’” When defense officials argued against Trump’s desire, the president screamed, according to witnesses, “You are all fucking losers!”

There’s some hope our military leadership would resist such orders again. But there won’t be any civilian leaders like John Kelly or Mark Esper in a second Trump administration. It’d be sycophants all the way down.

 ★ 

Michael S. Schmidt for The New York Times:

He said that, in his opinion, Mr. Trump met the definition of a fascist, would govern like a dictator if allowed, and had no understanding of the Constitution or the concept of rule of law. [...]

When Mr. Kelly left the White House in 2019, he decided he would speak out on the record only if Mr. Trump said something that he found deeply troubling or involved him and was wildly inaccurate. Mr. Trump’s recent comments about using the military against what he called the “enemy within” were so dangerous, he said, that he felt he had to speak out.

“And I think this issue of using the military on — to go after — American citizens is one of those things I think is a very, very bad thing — even to say it for political purposes to get elected — I think it’s a very, very bad thing, let alone actually doing it,” Mr. Kelly said.

Mr. Kelly said that Mr. Trump was repeatedly told dating back to his first year in office why he should not use the U.S. military against Americans and the limits on his authority to do so. Mr. Trump nevertheless continued while in office to push the issue and claim that he did have the authority to take such actions, Mr. Kelly said.

Regarding Trump’s praise for Adolf Hitler:

“He commented more than once that, ‘You know, Hitler did some good things, too,’” Mr. Kelly said Mr. Trump told him. [...]

“First of all, you should never say that,” Mr. Kelly said that he told Mr. Trump. “But if you knew what Hitler was all about from the beginning to the end, everything he did was in support of his racist, fascist life, you know, the, you know, philosophy, so that nothing he did, you could argue, was good — it was certainly not done for the right reason.”

Mr. Kelly said that would usually end the conversation. But Mr. Trump would occasionally bring it up again.

In his first term Trump had guardrails. He hadn’t expected to actually win in 2016 and while his administration was staffed with hard-right Republicans, they were men who respected the Constitution and rule of law. There is much to criticize about Trump’s attorneys general, Jeff Sessions and Bill Barr. But both were exactly the sort of people you’d expect as attorney general under any Republican president. In fact, Barr had previously served as attorney general, under George H.W. Bush from 1991–1993 — not exactly a time of tumult or growing fascism in the United States. For attorney general in a possible second administration, ABC News is reporting that Trump is considering Aileen Cannon, the apparatchik Florida judge — utterly unqualified for the federal bench but nominated by Trump in 2020 — who threw out Trump’s stolen classified documents case this summer. To call her decision unfounded in law and seemingly based on fealty to Trump personally is putting it mildly.

 ★ 

Katelyn Polantz, reporting for CNN:

A federal judge on Tuesday ordered former Donald Trump attorney and New York mayor Rudy Giuliani to turn over all his valuable possessions and his Manhattan penthouse apartment to the control of Ruby Freeman and Shaye Moss, the Georgia election workers he defamed and to whom he now owes $150 million.

Judge Lewis Liman of the federal court in Manhattan said Giuliani must turn over his interest in the property to the women in seven days, to a receivership they will control. The judge’s turnover order of the luxury items is swift and simple, but the penthouse apartment will have its control transferred so Freeman and Moss can sell it, potentially for millions of dollars.

The women, who counted Georgia ballots after the 2020 election, will also be entitled to about $2 million in legal fees Giuliani has said the Trump campaign still owes him, the judge ruled.

In addition to the Trump campaign fees and the New York apartment, Giuliani must also turn over a collection of several watches, including ones given to him by European presidents after the September 11, 2001, attacks; a signed Joe DiMaggio jersey and other sports memorabilia; and a 1980 Mercedes once owned by the Hollywood star Lauren Bacall. Additionally, the judge ordered that Giuliani turn over his television, items of furniture and jewelry.

Liman hasn’t yet decided if Giuliani will be able to keep a Palm Beach, Florida, condominium he also owns, or the four New York Yankees World Series rings he has, which Giuliani’s son contends his father gave him.

Donald Trump has numerous super powers. One of them is the way that — to date — he’s suffered few consequences for crimes committed in his name. Trump Organization CFO Allen Weisselberg didn’t just do time, he served hard time in Rikers Island. Former White House official Peter Navarro? Prison. Steve Bannon? Prison. Trump’s personal lawyer Michael Cohen? Prison. The list goes on.

Now, as a result of his efforts on behalf of Trump to attempt to overthrow the results of the 2020 election, Rudy Giuliani is seemingly destitute. Rightly so. The whole “America’s Mayor” schtick was unearned, but he had it. He had respect and wealth. Now he doesn’t even own a fucking television. His whole life thrown away in disgrace to do the bidding of Donald Trump, who at this point surely wouldn’t even answer a phone call from Giuliani, let alone actually help him.

Trump, meanwhile, is a nerve-rackingly close election away from escaping unscathed.

 ★ 

Gian Volpicelli and Samuel Stolton, reporting for Bloomberg*:

Under the EU’s Digital Services Act, the bloc can slap online platforms with fines of as much as 6% of their yearly global revenue for failing to tackle illegal content and disinformation or follow transparency rules. Regulators are considering whether sales from SpaceX, Neuralink, xAI and the Boring Company, in addition to revenue generated from the social network, should be included to determine potential fines against X, people familiar with the matter said, asking not to be identified because the information isn’t public. [...]

X is a private company under Musk’s sole control. In considering revenue from his other companies, the commission is essentially weighing whether Musk himself should be regarded as the entity to fine as opposed to X itself, the people said. Tesla Inc.’s sales would be exempt from this calculation because it’s publicly traded and not under Musk’s full control, one of the people said. The commission hasn’t yet decided whether to penalize X, and the size of any potential fine is still under discussion, the people said.

It’d be one thing if X had been split off into a subsidiary of a larger original company, specifically to decrease the size of any potential revenue-based penalty. Like, say, if Apple suddenly decided to break off “iOS” into an independent company that licensed software to Apple to include on iPhones. But we all know that’s not what X is. X was Twitter, which was a publicly-traded company that Musk had no stake in, and which he then bought and made private.

If the EU actually decides to include revenue from SpaceX and Musk’s other companies in calculating a penalty against X, it would effectively be playing a one-sided form of Calvinball, where the rules just get made up out of whole cloth as they go along. (Except in “real” Calvinball, both sides get to change the rules as they see fit.) They’re the ones who chose percentage-of-global revenue as the basis for potential penalties. It’s not Musk’s fault that X Corp generates embarrassingly little (and decreasing) revenue. Wait, actually, that is his fault. He bought a bad business and made it a lot worse. It’s just not his fault that running X Corp into the ground financially means that he can pay any potential revenue-based penalty out of his pocket change.

* You know.

 ★ 

With WorkOS you can start selling to enterprises with just a few lines of code. It provides a complete User Management solution along with SSO, SCIM, and FGA. The APIs are modular and easy-to-use, allowing integrations to be completed in minutes instead of months.

Today, some of the fastest growing startups are already powered by WorkOS, including Perplexity, Vercel, and Webflow.

For SaaS apps that care deeply about design and user experience, WorkOS is the perfect fit. From high-quality documentation to self-serve onboarding for your customers, it removes all the unnecessary complexity for your engineering team.

 ★ 

Brian McCullough:

Did Nintendo try to kill GoldenEye 007 before it was completed? Why did Shigeru Miyamoto keep telling the development team to tone down the violence? And why did the famous multiplayer aspect of the game almost not happen? It’s slappers-only on Rad History, because we’re diving into the history of THE game of the late 1990s, GoldenEye 007 for the Nintendo 64.

Had a blast talking about one of my very favorite video games ever. My main link here is to the YouTube version of the episode, but it’s also available as an audio episode for all podcast players, including Overcast and Apple Podcasts.

 ★ 

The New York Yankees are back in the World Series for the first time since 2009, and for the 41st time in franchise history. Their opponent: the Los Angeles Dodgers, who will appear for the 22nd time. This will be the 12th time the two teams have met in the World Series, but the first since 1981. (The Yankees won 8 of the previous 11.) A star-studded matchup with incredible history, to say the least. May the best team win.

See also: Jomboy’s pitch-by-pitch breakdown of Yankee hero Juan Soto’s series-clinching 3-run homer with 2 outs in the 10th inning against the Cleveland Guardians Saturday night. One of the best at-bats I’ve ever seen, and probably one of the top 5 home runs in the entire history of the Yankees.

 ★ 

"Several of Europe's biggest carmakers unveiled low-cost electric vehicles at the Paris Motor Show this week," reports CNBC. The automakers are "seeking to jump-start a demand slump and recapture some of the market share now held by Chinese brands." "It feels like Europe is fighting back," Julia Poliscanova, senior director for vehicles and e-mobility supply chains at the Transport & Environment campaign group, told CNBC at the Paris Motor Show. "There are so many new models on show, and what is really great is that there are a lot of launches that are more affordable. So, Citroen, Peugeot [and] Renault, they are all showing some smaller affordable models," Poliscanova said. "This is exactly what we need for the mass market, for people to buy those vehicles more, and this is also where the competition from the Chinese is also the hardest," she added... "The storytelling is that people have cooled off on EVs and there is no consumer demand, [but] this is really not true," Transport & Environment's Poliscanova said. "This year in Europe, we did not have affordable models, so people are not buying those overpriced premium vehicles. However, as soon as vehicles come in the right price range next year ... people will flock to buy them." Poliscanova said the launch of several low-cost EVs means electric car sales could account for up to a 24% market share next year, up from 14% this year. Chinese-made EVs typically cost less than half the prices seen in Europe and the U.S. last year, according to figures published by data firm JATO, underscoring the challenge for Western automakers to keep pace with Beijing... Pere Brugal, president and managing director of GM Europe, said that the challenges facing Europe's auto industry should be seen as a transitional phase — and not evidence of a crisis. "The adoption of new technologies and new behaviors is never a linear growth story, but the end is full-electric [vehicles]," Brugal told CNBC at the Paris Motor Show. Meanwhile, GM's CEO "says it will start making money on battery-powered models by the end of the year — becoming the only U.S. automaker aside from Tesla to achieve that feat," reports the New York Times (adding that sales are increasing "and the company just introduced a model that sells for less than $30,000 after a federal tax credit.") And GM "is still committed to doing away with combustion engine cars in the United States by 2035."

Read more of this story at Slashdot.

"Millions of Cubans remained without power for a third day in a row Sunday," reports CNN, "after fresh attempts to restore electricity failed overnight and the power grid collapsed for the fourth time — all before the arrival of Hurricane Oscar." A report from Reuters notes it was the fourth power grid failure in 48 hours. "On the forecast track, the center of Oscar is expected to continue moving across eastern Cuba tonight and Monday, then emerge off the northern coast of Cuba late Monday and cross the central Bahamas on Tuesday," the U.S. National Hurricane Center said. The Communist-run government canceled school through Wednesday — a near unprecedented move in Cuba — citing the hurricane and the ongoing energy crisis... Cuba had restored power to 160,000 clients in Havana just prior to the grid's Sunday collapse, giving some residents a glimmer of hope... Energy and mines minister Vicente de la O Levy told reporters earlier on Sunday he expected the grid to be fully functional by Monday or Tuesday but warned residents not to expect dramatic improvements. It was not immediately clear how much the latest setback would delay the government's efforts.

Read more of this story at Slashdot.

An anonymous reader shared this report from ComicBook.com: On Saturday, 20th Century Studios announced that the latest entry in the Alien sci-fi horror franchise will get a limited-edition VHS release on December 3 — just in time for the holidays. The VHS release of Alien: Romulus is the first such release from a major studio since 2006... a major win for fans of physical media. In recent months, there has been a great bit of conversation surrounding the so-called death of physical media with the rise of digital and streaming with some retailers even having previously announced that they have or will be stopping sales of physical media. But with streaming platforms removing content for various reasons, there's been a rise in appreciation for physical media which has, in turn, resulted in increased sales, particularly when it comes to limited edition items such as Steelbooks [collectible steel-case disc releases]... Given that the Alien: Romulus VHS release is part of an overall celebration of the franchise for its 45th anniversary year, leaning into that nostalgia for feels pretty spot on. The release will present the movie "in a 4:3 aspect ratio," writes the Verge, "hopefully with well-done pan-and-scan..." (Their post includes a promotional picture showing the "slick, vintage-style" box-cover art.) "The tape has only the film," notes Gizmodo, "and no special featurette attached at the end, like some used to back in the day." Gizmodo also reminds readers of Hulu's 2025 series Alien: Earth and an upcoming videogame sequel to 2014's Alien: Isolation.

Read more of this story at Slashdot.

"After two years of being beaten with the memory-safety stick, the C++ community has published a proposal to help developers write less vulnerable code," reports the Register. "The Safe C++ Extensions proposal aims to address the vulnerable programming language's Achilles' heel, the challenge of ensuring that code is free of memory safety bugs..." Acknowledging the now deafening chorus of calls to adopt memory safe programming languages, developers Sean Baxter, creator of the Circle compiler, and Christian Mazakas, from the C++ Alliance, argue that while Rust is the only popular systems level programming language without garbage collection that provides rigorous memory safety, migrating C++ code to Rust poses problems. "Rust lacks function overloading, templates, inheritance and exceptions," they explain in the proposal. "C++ lacks traits, relocation and borrow checking. These discrepancies are responsible for an impedance mismatch when interfacing the two languages. Most code generators for inter-language bindings aren't able to represent features of one language in terms of the features of another." Though DARPA is trying to develop better automated C++ to Rust conversion tools, Baxter and Mazakas argue telling veteran C++ developers to learn Rust isn't an answer... The Safe C++ project adds new technology for ensuring memory safety, Baxter explained, and isn't just a reiteration of best practices. "Safe C++ prevents users from writing unsound code," he said. "This includes compile-time intelligence like borrow checking to prevent use-after-free bugs and initialization analysis for type safety." Baxter said that rewriting a project in a different programming language is costly, so the aim here is to make memory safety more accessible by providing the same soundness guarantees as Rust at a lower cost. "With Safe C++, existing code continues to work as always," he explained. "Stakeholders have more control for incrementally opting in to safety." The next step, Baxter said, involves greater participation from industry to help realize the Safe C++ project. "The foundations are in: We have fantastic borrow checking and initialization analysis which underpin the soundness guarantees," he said. "The next step is to comprehensively visit all of C++'s features and specify memory-safe versions of them. It's a big effort, but given the importance of reducing C++ security vulnerabilities, it's an effort worth making."

Read more of this story at Slashdot.

A principal security software engineer at Microsoft described how they use their Azure cloud platform "to hunt phishers at scale," in a talk at the information security conference BSides Exeter. Calling himself Microsoft's "Head of Deception." Ross Bevington described how they'd created a "hybrid high interaction honeypot" on the now retired code.microsoft.com "to collect threat intelligence on actors ranging from both less skilled cybercriminals to nation state groups targeting Microsoft infrastructure," according to a report by BleepingComputer: With the collected data, Microsoft can map malicious infrastructure, gain a deeper understanding of sophisticated phishing operations, disrupt campaigns at scale, identify cybercriminals, and significantly slow down their activity... Bevington and his team fight phishing by leveraging deception techniques using entire Microsoft tenant environments as honeypots with custom domain names, thousands of user accounts, and activity like internal communications and file-sharing... In his BSides Exeter presentation, the researcher says that the active approach consists in visiting active phishing sites identified by Defender and typing in the credentials from the honeypot tenants. Since the credentials are not protected by two-factor authentication and the tenants are populated with realistic-looking information, attackers have an easy way in and start wasting time looking for signs of a trap. Microsoft says it monitors roughly 25,000 phishing sites every day, feeding about 20% of them with the honeypot credentials; the rest are blocked by CAPTCHA or other anti-bot mechanisms. Once the attackers log into the fake tenants, which happens in 5% of the cases, it turns on detailed logging to track every action they take, thus learning the threat actors' tactics, techniques, and procedures. Intelligence collected includes IP addresses, browsers, location, behavioral patterns, whether they use VPNs or VPSs, and what phishing kits they rely on... The deception technology currently wastes an attacker 30 days before they realize they breached a fake environment. All along, Microsoft collects actionable data that can be used by other security teams to create more complex profiles and better defenses.

Read more of this story at Slashdot.

"Who asked for any of this in the first place?" wonders a New York Times consumer-tech writer. (Alternate URL here.) "Judging from the feedback I get from readers, lots of people outside the tech industry remain uninterested in AI — and are increasingly frustrated with how difficult it has become to ignore." The companies rely on user activity to train and improve their AI systems, so they are testing this tech inside products we use every day. Typing a question such as "Is Jay-Z left-handed?" in Google will produce an AI-generated summary of the answer on top of the search results. And whenever you use the search tool inside Instagram, you may now be interacting with Meta's chatbot, Meta AI. In addition, when Apple's suite of AI tools, Apple Intelligence, arrives on iPhones and other Apple products through software updates this month, the tech will appear inside the buttons we use to edit text and photos. The proliferation of AI in consumer technology has significant implications for our data privacy, because companies are interested in stitching together and analyzing our digital activities, including details inside our photos, messages and web searches, to improve AI systems. For users, the tools can simply be an annoyance when they don't work well. "There's a genuine distrust in this stuff, but other than that, it's a design problem," said Thorin Klosowski, a privacy and security analyst at the Electronic Frontier Foundation, a digital rights nonprofit, and a former editor at Wirecutter, the reviews site owned by The New York Times. "It's just ugly and in the way." It helps to know how to opt out. After I contacted Microsoft, Meta, Apple and Google, they offered steps to turn off their AI tools or data collection, where possible. I'll walk you through the steps. The article suggests logged-in Google users can toggle settings at myactivity.google.com. (Some browsers also have extensions that force Google's search results to stop inserting an AI summary at the top.) And you can also tell Edge to remove Copilot from its sidebar at edge://settings. But "There is no way for users to turn off Meta AI, Meta said. Only in regions with stronger data protection laws, including the EU and Britain, can people deny Meta access to their personal information to build and train Meta's AI." On Instagram, for instance, people living in those places can click on "settings," then "about" and "privacy policy," which will lead to opt-out instructions. Everyone else, including users in the United States, can visit the Help Center on Facebook to ask Meta only to delete data used by third parties to develop its AI. By comparison, when Apple releases new AI services this month, users will have to opt in, according to the article. "If you change your mind and no longer want to use Apple Intelligence, you can go back into the settings and toggle the Apple Intelligence switch off, which makes the tools go away."

Read more of this story at Slashdot.

Cybersecurity startup Watchtowr "was founded by hacker-turned-entrepreneur Benjamin Harris," according to a recent press release touting their Fortune 500 customers and $29 million investments from venture capital firms. ("If there's a way to compromise your organization, watchTowr will find it," Harris says in the announcement.) This week they shared their own research on a Fortinet FortiGate SSLVPN appliance vulnerability (discovered in February by Gwendal Guégniaud of the Fortinet Product Security team — presumably in a static analysis for format string vulnerabilities). "It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wild... It's a Format String vulnerability [that] quickly leads to Remote Code Execution via one of many well-studied mechanisms, which we won't reproduce here..." "Tl;dr SSLVPN appliances are still sUpEr sEcurE," their post begains — but the details are interesting. When trying to test an exploit, Watchtowr discovered instead that FortiGate always closed the connection early, thanks to an exploit mitigation in glibc "intended to hinder clean exploitation of exactly this vulnerability class." Watchtowr hoped to "use this to very easily check if a device is patched — we can simply send a %n, and if the connection aborts, the device is vulnerable. If the connection does not abort, then we know the device has been patched... " But then they discovered "Fortinet added some kind of certificate validation logic in the 7.4 series, meaning that we can't even connect to it (let alone send our payload) without being explicitly permitted by a device administrator." We also checked the 7.0 branch, and here we found things even more interesting, as an unpatched instance would allow us to connect with a self-signed certificate, while a patched machine requires a certificate signed by a configured CA. We did some reversing and determined that the certificate must be explicitly configured by the administrator of the device, which limits exploitation of these machines to the managing FortiManager instance (which already has superuser permissions on the device) or the other component of a high-availability pair. It is not sufficient to present a certificate signed by a public CA, for example... Fortinet's advice here is simply to update, which is always sound advice, but doesn't really communicate the nuance of this vulnerability... Assuming an organisation is unable to apply the supplied workaround, the urgency of upgrade is largely dictated by the willingness of the target to accept a self-signed certificate. Targets that will do so are open to attack by any host that can access them, while those devices that require a certificate signed by a trusted root are rendered unexploitable in all but the narrowest of cases (because the TLS/SSL ecosystem is just so solid, as we recently demonstrated)... While it's always a good idea to update to the latest version, the life of a sysadmin is filled with cost-to-benefit analysis, juggling the needs of users with their best interests.... [I]t is somewhat troubling when third parties need to reverse patches to uncover such details. Thanks to Slashdot reader Mirnotoriety for sharing the article.

Read more of this story at Slashdot.