Blog

  • Apple’s iMessage gains industry-leading quantum security

    Apple’s iMessage gains industry-leading quantum security

    [ad_1]

    Apple is preparing for future threats to iMessage by introducing upgraded encryption for its messaging service by using quantum computers.

    Think of it as state-of-the-art quantum security for messaging at scale, the company says, resulting in Apple’s messaging system being more secure against both current and future foes.

    What is the protection?

    Announced on Apple’s Security Research blog, the new iMessage protection is called PQ3 and promises the “strongest security properties of any at-scale messaging protocol in the world.”

    The rationale behind this protection is “What if?

    In this case, Apple’s security teams asked themselves what might happen if hackers, criminals, or state-backed rogue surveillance firms gathered vast quantities of encrypted iMessage data today in order to break that encryption using quantum computers tomorrow.

    Apple calls this a Harvest Now, Decrypt Later attack. The new security protocol is designed to help protect against this.

    How likely are such attacks?

    These attacks are less likely today than they might become. It is widely accepted that quantum computers will be capable of cracking the classical public key cryptography  such as RSA, Elliptic Curve signatures, and Diffie-Hellman key exchange in use today.

    Apple explains:

    “All these algorithms are based on difficult mathematical problems that have long been considered too computationally intensive for computers to solve, even when accounting for Moore’s law. However, the rise of quantum computing threatens to change the equation. A sufficiently powerful quantum computer could solve these classical mathematical problems in fundamentally different ways, and therefore — in theory — do so fast enough to threaten the security of end-to-end encrypted communications.”

    In truth, quantum computers are expensive, which means their use is largely limited to only the world’s most powerful entities. But as more are made and costs decline, they will proliferate — and if Apple is considering the potential threat, then threat actors of various stripes will also be exploring the possibility.

    The security industry is getting ready

    Apple isn’t alone. The cryptographic community is also exploring Post-Quantum Cryptography (PQC), aiming to develop new public key algorithms that run on the devices we use today while protecting against the forms of attack we believe quantum computers will be able to deliver tomorrow.

    Signal, for example, introduced its own take on PQC security a few months ago.

    iMessage takes this protection further.

    PQC is not only used to secure the “initial key establishment” (when a shared algorithm is defined), but with the capability to restore security rapidly and automatically if that initial key becomes compromised.

    Apple has submitted PQ3 to two leading security researchers who have verified the technology — Professor David Basin of the Information Security Group at ETH in Zurich, Switzerland, and Douglas Stebila, a University of Waterloo Professor.

    Basin wrote: “We have used Tamarin to formally verify the device-to-device messaging protocol PQ3. From our analysis, we conclude that this protocol achieves strong security guarantees against an active network adversary who can selectively compromise parties and has quantum computing capabilities.”

    Tamarin is a leading security verification tool.

    Stabila said: “The analysis shows that PQ3 provides confidentiality with forward secrecy and post-compromise security against both classical and quantum adversaries, in both the initial key exchange as well as the continuous rekeying phase of the protocol.”

    Research papers describing the academic research conducted by both professors are available via Apple’s security website, where you will also find a far more in-depth analysis of how PQ3 works and the protections it provides.

    What can we read into this?

    The signal Apple is sending with the introduction of this protection in iMessage should not be ignored. It should be seen as both a promise and a warning.

    • The promise is that Apple’s security teams are working to get ahead of both current and future threats.
    • The warning is that if Apple believes it necessary to protect millions of iMessage users against such threats today, tomorrow is looming fast.

    Enterprise tech leaders and IT should, therefore, also work toward protecting their own data against potential quantum computing-led attacks.

    At the very least, this will involve staying abreast of new research in the field from the likes of the US Department of Commerce’s National Institute of Standards and Technology (NIST), which announced some preliminary encryption tools for the post-quantum era in 2022. A response might also involve insisting on such protection in new purchasing relationships.

    When is iMessage quantum security launching?

    • Apple says support for PQ3 will start to roll out with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4.
    • That means the support should already be available in the betas.

    It explains that iMessage conversations between devices that support PQ3 are automatically ramping up to the post-quantum encryption protocol. “As we gain operational experience with PQ3 at the massive global scale of iMessage, it will fully replace the existing protocol within all supported conversations this year.”

    For Apple, the protection reflects the extent to which privacy and security enhancements have been integral to its iMessage service since it was first introduced. It builds, for example, on robust protections such as Lockdown Mode and Contact Key Verification that already exist.

    Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

    Copyright © 2024 IDG Communications, Inc.

    [ad_2]

  • The hidden high cost of return-to-office mandates

    The hidden high cost of return-to-office mandates

    [ad_1]

    We all know by now that many business leaders want their employees to work in the office instead of at home. But most don’t understand why.

    And we know that many employees want to work from home instead of the office. And most don’t understand why, either.

    As a result, we have a standoff at many companies where corporate leadership is imposing return-to-office (RTO) mandates, and employees are resisting.

    It’s time for everyone to really understand what’s driving the standoff.

    Why employees hate RTO mandates

    The conventional wisdom says that the COVID-19 pandemic, which forced companies to embrace full-time, work-from-home (WFH), gave employees a taste of remote work. They liked it. And that stiffened resistance to RTO mandates.

    The well-known reason many employees prefer WFH policies is increased schedule flexibility, better work-life balance, and less time spent fighting traffic on the way to and from the office.

    But there’s another factor at play: money.

    Prices vary by region. But in general, since the beginning of the pandemic in 2020, the cost of living has risen dramatically for employees: annual mortgage payments have grown by more than $3,500; the price of a car has risen by about $10,000; and the cost for groceries has increased by around 10%.

    The direct additional cost of working in an office for employees is higher, too: Gasoline costs more than it did in 2019; annual child-care costs have increased by more than $1,000. And inflexible RTO policies requiring normal business hours impose even more child-care costs, as arrangements often have to be made for kids to be picked up and dropped off at school.

    To put that into perspective, one report notes that it costs employees the equivalent of a month’s grocery bill to return to the office.

    RTO mandates don’t represent a return to normal. They represent the imposition of new high costs for employees already feeling the pain of inflation. (Even though it has subsided somewhat, prices remain stubbornly high.)

    Not only are employees required to sacrifice flexibility, work-life balance, and valuable time. They’re now expected to pay for the privilege.

    Here’s another point to consider. While flexibility and work-life balance are somewhat squishy and vague, the literal financial costs to employees are directly measurable in dollars.

    Why many business leaders want RTO mandates

    Researchers at the University of Pittsburgh’s Katz Graduate School of Business studied the reasons for, and impacts of, RTO requirements. They looked at S&P 500 companies with RTO mandates and tested the three major justifications for those mandates: 1) higher productivity; 2) better company performance; and 3) company values.

    The researchers also collected job satisfaction and other data from Glassdoor to see how RTO mandates affect both employees and managers.

    The results were eye-opening.

    The researchers found that companies with RTO policies were more likely to have had poor prior stock performance, and more likely to be led by “male and powerful CEOs” seeking to “grab power back from employees through RTO.”

    RTO polices were also found to be used to scapegoat employees working from home for bad company performance.

    Counterintuitively, they found that tech companies are more likely to demand RTO. Very intuitively, they found fewer RTO mandates at companies with high competition and places with longer commute times.

    The results weren’t one-sided. Many employees, they found, agree with RTO mandates and feel that living and working in separate places improved work-life balance.

    Interestingly and unusually, the researchers looked at the impact of RTO mandates on companies’ financial performance. They pointed out that improving employee productivity is a major justification for RTO policies, while measurably lower employee satisfaction is known to reduce productivity. In a nutshell, they found that RTO mandates don’t significantly affect productivity or company financial performance in either direction.

    Why RTO mandates are risky business

    The best data to date shows that the reasons and justifications for RTO mandates are largely misguided. Such mandates do not generally lead to higher productivity, better performance or improved corporate values in the short term.

    It also shows that the reasons and justifications for WFH are largely real and serious. Remote work does improve schedule flexibility and work-life balance, and it saves employees a lot of time and money.

    In other words: Forcing employees to work in an office doesn’t benefit companies, but does harm the lives of employees — at least in the short term.

    More to the point: Most companies cannot show actual monetary benefits from RTO mandates. But most employees can show actual and significant monetary costs from RTO mandates.

    In essence, these kinds of mandates represent a transfer of wealth from employees that their employers don’t even benefit from.

    Here’s what’s missing from the calculation: The long-term impact of RTO mandates could be catastrophic for businesses.

    The thing you need to know is that employees unhappy with RTO mandates aren’t likely to tell you. In a recent survey, more than a third (38%) of employees believe it’s a “red flag” to complain about RTO policies. And they’re right: More than half of managers (56%) agree.

    You’ll find out they were unhappy when they quit and go to work for your more flexible competitor. The result: a slow bleeding of high-performing employees, millennials and women.

    In other words, to impose RTO is to implement a policy of gradually reduced overall employee performance, increased difficulty in meeting gender inclusion goals and undermined efforts to groom the next generation of corporate leaders.  

    So proceed with caution. The benefits of RTO mandates are probably nonexistent. The costs are likely to grow over time.

    Copyright © 2024 IDG Communications, Inc.

    [ad_2]

  • Microsoft fixes two zero-days with Patch Tuesday release

    Microsoft fixes two zero-days with Patch Tuesday release

    [ad_1]

    Microsoft on Tuesday released 73 updates in its monthly Patch Tuesday release, addressing issues in Microsoft Exchange Server and Adobe and two zero-day flaws being actively exploited in Microsoft Outlook (CVE-2024-21410) and Microsoft Exchange (CVE-2024-21413).

    Including the recent reports that the Windows SmartScreen vulnerability (CVE-2024-21351) is under active exploitation, we have added “Patch Now” schedules to Microsoft Office, Windows and Exchange Server. The team at Readiness has provided this detailed infographic outlining the risks associated with each of the updates for this cycle.

    Known issues

    Microsoft publishes a list of known issues related to the operating system and platforms included each month.

    • Windows devices using more than one monitor might (still) experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Windows Copilot. Microsoft is still working on this issue.
    • After you install KB5034129, chromium-based internet browsers such as Microsoft Edge might not open correctly. Affected browsers might display a white screen and become unresponsive when opened. (This is probably an issue mainly affecting developers using several browsers on the same system.)  Microsoft is working on a fix. We expect an update in the next Edge update.

    There is a significant issue with the current release of Microsoft Exchange Server, which is detailed below in the Exchange Server section.

    Major revisions

    We have seen three waves of CVE vulnerability revisions from Microsoft (so far) this month — which in itself is unusual — made all the more so by the volume of updates in such a short time. That said, all the revisions were due to mistakes in the publication process; no additional action is required for the following:

    • CVE-2021-43890: Windows AppX Installer Spoofing Vulnerability. Microsoft has updated the FAQs and added clarifying information to the mitigation. This is an informational change only.
    • CVE-2023-36019: Microsoft Power Platform Connector Spoofing Vulnerability. Updated the mitigation to inform customers with existing OAuth 2.0 connectors that the connectors must be updated to use a per-connector redirect URL by March 29. This is an informational change only.
    • CVE-2024-0056, CVE-2024-0057, CVE-2024-0057, CVE-2024-20677 and CVE-2024-21312: These were updated to resolve broken link issues. No further action required.

    Contrary to current documentation from Microsoft, there are two revisions that do require attention: CVE-2024-21410 and CVE-2024-21413. Both reported vulnerabilities are “Preview Pane” critical updates from Microsoft that affect Microsoft Outlook and Exchange Server. Though the Microsoft Security Response Center (MSRC) says these vulnerabilities are not under active exploitation, there are severalpublished reports of active exploitation.

    Note: this is a serious combination of Microsoft Exchange and Outlook security issues.

    Mitigations and workarounds

    Microsoft published the following vulnerability-related mitigations for this month’s release cycle:

    We have placed the GPO setting AllowAllTrustedAppToInstall in quotes, as we don’t believe it exists (or the documentation has been removed/deleted). This may be (another) documentation issue.

    Each month, the team at Readiness provides detailed, actionable testing guidance based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact on the Windows platforms and application installations. For this February release, we have grouped the critical updates and required testing efforts into functional areas, including:

    Security

    • AppLocker: Test basic functionality of AppLocker, including deploying AppLocker policies.
    • Secure Launch has been updated. Administrators can ensure that Secure Launch is working through the Microsoft utilityEXE.

    Networking

    • DNS has been updated for all Windows platforms, including changes to RRSIG and DNSKEY (used to decrypt/validate hash records). Microsoft has offered guidance on securing/validating DNS responses for Windows Server here and provided syntax and examples to test out DNS query resolutions.
    • RPC clients for internal applications will require a full end-to-end test cycle.
    • Internet Shortcuts have been updated and will require testing on both online trusted and untrusted sources.
    • Internet Connection Sharing (ICS) will also require tests run on both host and client machines.

    Developers and development tools

    • Microsoft updated the core component Microsoft Message Queue (MSMQ) which will affect Message Queue Services, its related Routing service and DCOM proxy. Testing must include online browsing and video/audio streaming for any affected app.
    • SQL OLEDB has been updated, requiring database administrators to check their database connections and basic SQL commands.

    Microsoft Office

    • Due to the changes to Adobe Reader and the PDF file format this month, Microsoft Word users should include a test to open, save, and print PDF files.
    • Outlook users should test opening mail and calendar items with an additional test of opening a backup Outlook data file.

    Also, this month, Microsoft added a new feature to the Microsoft .NET CORE offering with SignalR. Microsoft explains: 

    “ASP.NET SignalR is a library for ASP.NET developers that simplifies the process of adding real-time web functionality to applications. Real-time web functionality is the ability to have server code push content to connected clients instantly as it becomes available, rather than having the server wait for a client to request new data.”

    You can find documentation on getting started with SignalR here.

    Automated testing will help with these scenarios (especially a testing platform that offers a “delta” or comparison between builds). However, for line-of-business apps, getting the application owner (doing UAT) to test and approve the results is still essential.

    Windows lifecycle update

    This section contains important changes to servicing (and most security updates) to Windows desktop and server platforms.

    Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings:

    • Browsers (Microsoft IE and Edge);
    • Microsoft Windows (both desktop and server);
    • Microsoft Office;
    • Microsoft Exchange Server;
    • Microsoft development platforms (NET Core, .NET Core and Chakra Core);
    • Adobe (or, if you get this far).

    Browsers

    Microsoft released three minor updates to the Chromium-based Edge (CVE-2024-1283, CVE-2024-1284, and CVE-2024-1059) and updated the following reported vulnerabilities:

    • CVE-2024-1060: Chromium: CVE-2024-1060 Use after free in Canvas
    • CVE-2024-1077: Chromium: CVE-2024-1077 Use after free in Network
    • CVE-2024-21399: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

    All these updates should have minor to negligible impact on applications that integrate and operate on Chromium. Add them to your standard patch release schedule.

    Windows

    Microsoft released two critical updates (CVE-2024-21357 and CVE-2024-20684) and 41 patches rated as important for Windows that cover the following components:

    • Windows ActiveX and WDAC OLE DB Provider;
    • Windows Defender;
    • Windows Internet Connection Sharing;
    • Windows Hyper-V;
    • Windows Kernel.

    The real worry this month is the Windows SmartScreen (CVE-2024-21351) update, which has been reportedly exploited in the wild. Due to this rapidly emerging threat, add this update to your Windows “Patch Now” release schedule.

    Microsoft Office

    Microsoft released a single critical update (CVE-2024-21413) and seven patches rated as important for the Microsoft Office productivity suite. The real concern is older versions of Microsoft Office (2016, in particular). If you are running these older versions, you will need to add these updates to your Patch Now schedule.

    All modern versions of Microsoft Office can add these February updates to their standard release schedule.

    Microsoft Exchange Server

    Microsoft released a single update for Microsoft Exchange server, with CVE-2024-21410 rated critical. This update will require a reboot to the target server(s). In addition, Microsoft offered this advice when patching your servers:

    “When Setup.exe is used to run /PrepareAD, /PrepareSchema or /PrepareDomain, the installer reports that Extended Protection was configured by the installer, and it displays the following error message: ‘Exchange Setup has enabled Extended Protection on all the virtual directories on this machine.’”

    Microsoft offers “Extended Protection” as a series of documents and scripts to help secure your Exchange server. In addition, Microsoft published Mitigating Pass the Hash (PtH) Attacks and Other Credential Theft, Version 1 and 2 to help with managing the attack service of this serious vulnerability. Add this to your “Patch Now” schedule.

    Microsoft development platforms

    Microsoft released three updates (CVE-2024-20667, CVE-2024-21386 and CVE-2024-21404) affecting the .NET platform as well as Visual Studio 2022. These updates are expected to have minimal impact on app deployments. Add them to your standard developer release schedule.

    Adobe Reader (if you get this far)

    Adobe Reader updates are back this month (year) with the release of APSB 24-07, a priority three update for both Adobe Reader and Reader DC. Adobe notes that this vulnerability could lead to remote code execution, denial of service, and memory leaks. There are also some documented uninstall issues with Adobe Reader, which might cause deployment headaches. All this is enough to add this Adobe to our “Patch Now” schedule.

    Copyright © 2024 IDG Communications, Inc.

    [ad_2]

  • EU’s AI Act wins fresh backing ahead of April vote

    EU’s AI Act wins fresh backing ahead of April vote

    [ad_1]

    European Union (EU) legislation that would set guardrails for the use and development of AI technology appears to be on a clear path toward ratification as two key groups of legislators in the EU Parliament on Tuesday approved a provisional agreement on the proposed rules.

    The EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) and Committee on the Internal Market and Consumer Protection (IMCO) approved the AI Act with an “overwhelmingly favorable vote,” putting the rules “on track to become law,” Dragoș Tudorache, an EU Parliament member and chair of the EU’s Special Committee on AI, tweeted on X, formerly Twitter.

    The rules, on which the EU Parliament will formally vote in April, require organizations and developers to assess AI capabilities and place them into one of four risk categories — minimal, limited, high, and unacceptable risk. The act is the first comprehensive government legislation to oversee how AI will be developed and used, and has been met with both approval and caution from technologists.

    Parliament’s priority is to make sure that AI systems used in the EU are safe, transparent, traceable, non-discriminatory and environmentally friendly,” the EU said in describing the legislation online. “AI systems should be overseen by people, rather than by automation, to prevent harmful outcomes.”

    Set up for simplicity

    At its core, the regulation is simple, said Gartner’s Nader Henein, a fellow of information privacy, research vice president-data protection and privacy. “It requires that organizations (and developers) assess their AI capabilities and place it in one of the four tiers defined by the act,” he said. “Depending on the tier, there are different responsibilities that fall on either the developer or the deployer.”

    Some advocacy groups and even an analysis by the US government have pushed back against the AI Act, however. Digital Europe, an advocacy group that represents digital industries across the continent, released a joint statement in November ahead of the Act’s final weeks of negotiations warning that over-regulation could stymie innovation and cause startups to leave the region. The group urged lawmakers not to “regulate” new AI players in the EU “out of existence” before they even get a chance.

    Henein argued that the law’s mandates “are in no way a hinderance to innovation. Innovation by its nature finds a way to work within regulatory bounds and turn it into an advantage,” he said.

    Adoption of the rules “should be straightforward” as long as developers and resellers provide clients with the information they need to conduct an assessment or be compliant, Henein said.

    Still, one tech expert said some criticisms about the prescriptive nature of the AI Act and vague language are valid — and its relevance might not last because it’s often difficult for regulations to move at the pace of technology.

    “There are some parts of the regulation that make a lot of sense, such as banning ‘predictive policing’ where police are directed to go after someone just because an AI system told them to,” said Jason Soroko, senior vice president of product at Sectigo, a certificate lifecycle management firm. “But, there are also parts of the regulation that might be difficult to interpret, and might not have longevity, such as special regulations for more advanced AI systems.”

    More restrictions in the offing?

    Further, enterprises could face compliance challenges in the discovery process as they build a catalog of existing AI use cases, and the subsequent categorization of those use cases into the Act’s tiering structure, Henein said.

    “Many organizations think they are new to AI when in fact, there is nearly no product of note they have today that does not have AI capabilities,” Henein said. “Malware detection tools and spam filters have relied of machine learning for over a decade now, they fall in the low-risk category of AI-systems and require no due diligence.” 

    If the EU votes to approve the act in April, as seems likely, other countries might follow. Several nations — the US, UK, and Australia among them — already have put in place government-led groups to oversee AI development; more formal regulations could follow.

    Still, any new rules will likely only apply to the most extreme cases in which AI presents significant harm to humanity or otherwise. Cases in which it’s being used responsibly and even presents benefits, such as worker productivity — which is true in the case of currently used generative AI chatbots based on large language models (LLMs) such as OpenAI’s ChatGPT — likely will see little oversight.

    “What we are seeing on both sides of the Atlantic is the need to restrict certain use cases outright; these fall under the prohibited category under the AI Act and present serious harm,” Henein said.

    Copyright © 2024 IDG Communications, Inc.



    [ad_2]

  • Sam Altman wants to raise trillions of dollars for AI chip initiative

    Sam Altman wants to raise trillions of dollars for AI chip initiative

    [ad_1]

    After disrupting the AI industry by launching ChatGPT, OpenAI’s Chief Executive Officer, Sam Altman, is now looking to reimagine the global semiconductor industry.

    Alrman hopes to do that by raising $5 trillion to $7 trillion to “boost the world’s chip-building capacity, expand its ability to power AI, among other things,” according to a Wall Street Journal report. Altman is in talks with the UAE government, SoftBank, and Taiwan Semiconductor Manufacturing Company (TSMC), among other investors, to raise the massive amount, the report said.

    As per reports, Altman was earlier in talks with Abu Dhabi-based AI firm G42 and SoftBank Group for a new chip venture envisioned to supply AI chips globally. OpenAI had earlier tied up with G42 to provide AI services in the regional markets.

    Altman’s desire to take control of the chip supply chain will not only help OpenAI ensure improved prices but also control the development of the AI ecosystem. “If you look at most successful firms in their categories, they look or design their own chips at a later stage for better price and performance ratio for their specific requirements. For example, Apple and Tesla are designing some of their own chips along with AWS, Google, Microsoft, and Meta. In a similar context, it may make sense for OpenAI to design its own chip for better price and performance,” said Pareekh Jain, CEO at Pareekh Consulting.

    The initiative, if successful, will help Altman create a massive business based on the market needs. “This is something similar to Amazon launching an AWS [Amazon Web Services] business to manage the world’s IT infrastructure and software on the cloud. Similarly, this looks like the next step for Altman,” Jain said.

    Massive shortage of AI chips

    The growing adoption of AI has led to a massive shortage of AI chips or GPUs, which is crippling the growth of the industry. Altman wants to take control of the entire value chain to ensure that the chip shortage doesn’t hamper the growth of the AI ecosystem. Nvidia, which had designed the chip used in ChatGPT, is largely believed to be the market leader in AI chips.

    “In the adoption of Generative AI, the biggest bottleneck is the cost and availability of GPU [Graphics Processing Units] chips. If OpenAI can solve this,  it will help not only OpenAI but the whole ecosystem in the faster adoption of Generative AI,” Jain said.

    “AI infrastructure plays a key role in the training/inferencing of foundation models sitting at the core of the next-gen AI ecosystem, while the advancement and proliferation of AI technologies rely heavily on specialized hardware, particularly AI chips that are optimized for AI tasks,” said Charlie Dai, VP, Principal Analyst, Forrester.

    Geopolitical face-offs for AI chip capabilities

    It is tough to think of a precedent of an organization generating the kind of funds Altman has in mind for the AI chip initiative. It is safe to conclude that this kind of initiative will likely involve investors from several nations or governments, which can potentially lead to geopolitical conflict zones.  

    The shortage of AI semiconductors has led to a chip war between the US and China, with both countries trying to prevent the other from gaining the upper hand. For instance, the US came up with a chip ban in October 2022, banning the export of AI chips to China.

    “The shortage of AI chips has already cast a shadow over AI innovation, especially in China, due to geopolitical frictions,” said Dai.

    In addition, this kind of initiative will typically take a long time to raise funds as well as to set up manufacturing units. If chip shortage is worrying Altman, this initiative is unlikely to address it in the near term.

    “With the demand outpacing supply for AI hardware especially in compute – entities that have access to hardware first will enjoy the advantage of maturity of the AI models as it gives them time to fine-tune and iterate the model to serve the intended workloads/function/application,” said Akshara Bassi, Senior Analyst, Counterpoint.

    “The initiative itself is more of an ambition in the long run instead of a realistic target in the short term,” said Dai of Forrester. While it remains to be seen whether Altman will succeed in this ambition or not, it is safe to say that he has successfully ushered the world into an AI era. The idea of raising trillions to control the global AI supply chain sounds extraordinary and will demand all of Altman’s business acumen and grit to make it a success. But then Altman is known to disrupt the market and make astonishing and dramatic comebacks.

    Copyright © 2024 IDG Communications, Inc.

    [ad_2]

  • Apple improves iCloud for Windows, kills iTunes

    Apple improves iCloud for Windows, kills iTunes

    [ad_1]

    If you use Windows for work and an iPhone for everything else, you should know that Apple has changed iCloud for Windows and no longer offers iTunes for the platform —  though none of your media purchases have disappeared.

    How has Apple improved iCloud for Windows?

    Apple has redesigned the iCloud for Windows application, giving it a more modern look that’s easier to navigate with Photos, iCloud Drive, Passwords, Bookmarks and Calendars/Contacts all easy to access in a click. It’s also easy to check how much storage you have in use.

    Beyond the facelift, the software is now a little easier to set up and install and provides better insights into how files and other data are syncing. The latter means you can check whether items are in the process of syncing, and when a sync operation last took place.

    You can also check service status — all from within the iCloud app front page. That means Windows users can monitor the sync status of photos, contacts, and of course any work-related documents that might be stored in iCloud Drive.

    Users might also notice that photos syncing has gotten faster and and experience better syncing with Microsoft Outlook. Apple notes that contact and calendar syncing problems with Outlook have been resolved, though Windows 11 22H2 is required.

    What’s new in iCloud for Windows?

    There are some brand new enhancements, including support for physical security keys and dark mode. Users can also track all the devices (Apple and non-Apple) they have signed into iCloud through the Accounts Details page.

    To summarize the improvements:

    • A new user interface.
    • Dark mode.
    • Support for physical security keys.
    • Improved insight into sync.
    • Improved onboarding system.
    • Better photo sync speeds.
    • Better Outlook support on Windows 11 or later.

    It might seem ironic to note that iCloud for Windows is potentially one of Apple’s most widely used applications. That is because some market share estimates suggest just a quarter of those 1 billion+ iPhones in use today are also running Macs, leaving millions of people on Windows PCs. That’s a large number of potential users of Apple’s updated applications, which also means the replacement of iTunes with standalone Apple Music and Apple TV apps is likely to impact those people, too.

    Windows now supports FIDO for Apple ID protection

    If you use physical security keys to protect your Apple ID, you can now also use those keys with Windows, as explained by Apple here. The company introduced support for FIDO-certified hardware keys in 2023. These provide additional security, particularly for those needing additional protection from targeted attacks.

    Learn how and why to use these keys to protect your Apple ID here.

    Farewell iTunes

    Apple replaced iTunes on Macs with standalone Music and TV apps with macOS Catalina in 2019. In a process it announced in 2022, the company has now brought Windows users into line with that decision, introducing standalone Music and TV apps for that platform. All existing purchased content will be available from within those apps, and if you subscribe to the company’s media services, you can access those, too.

    Apple has also introduced a new version of the Apple Devices app, which lets you manage your iPhone or iPad from the Windows PC without use of iTunes.

    Who is it for?

    The new applications are only available for Windows 10 and Windows 11. If you’re still working with an older iteration of Microsoft’s operating system, you will need to keep using Apple’s legacy apps.  

    Where to get the new applications

    The updated apps are available for free through the Microsoft Store at these links:

    For more detailed information, check out our complete guide to iCloud for Windows. While this focuses on an earlier edition of the application, it still provides useful guidance.

    Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

    Copyright © 2024 IDG Communications, Inc.

    [ad_2]

  • Enrollments for federal low-income Internet subsidy program to end

    Enrollments for federal low-income Internet subsidy program to end

    [ad_1]

    A US government program that subsidizes fees for Internet service for low-income households will stop taking enrollments Thursday and could shut down by April, leaving people who depend on the service for remote employment without a way to pay for broadband access.

    The Affordable Connectivity Program (ACP) is currently used by nearly 23 million Americans, allowing them to save more than $500 million per month on internet bills. It is set to run out of a money in a few months; consumers have until 11:59 p.m. ET on Feb. 7 to be approved and enrolled with a service provider to take part.

    The program, which is limited to one monthly service and one device per household, provides up to $30 per month toward internet service for eligible households and up to $75 per month for households on qualifying Tribal lands. Eligible subscribers can also receive a one-time discount to purchase a laptop, desktop computer, or tablet from participating providers.

    Federal Communications Commission Chair Jessica Rosenworcel told Congress last week that without further funding, Thursday’s enrollment freeze is necessary to slow the depletion of financial resources and reduce volatility in the program.

    Remote workforce in limbo?

    A spokesman for the program declined to comment on how many subscribers use ACP for remote work, which surged during the COVID-19 pandemic and has held fairly steady even after stay-at-home restrictions ended.

    A Gartner global labor market survey found that even though workers were given the all-clear to return to the office in recent years, the number of hybrid workers — where  people work at least one but fewer than five days in the office — stayed relatively flat, according to Tori Paulman, senior director analyst, Digital Workplace for Gartner Group.

    The end of ACP could leave some remote workers in limbo, leading them or their employers to seek alternatives. Remote workers need reliable broadband service, and even in an ubiquitously connected world, that’s not always an option for people, depending on their income or service areas.

    In fact, the biggest challenge for remote and hybrid workers since the pandemic has been to keep all employees connected to organizational culture and ensuring equity across their work experience, Paulman said, adding that stipends by companies to employees to this end “vary widely from company to company and have been a contentious topic since the initial pivot home some years ago.”

    The fate of the program is currently in the hands of Congress; lawmakers in both the Senate and House of Representatives are now considering separate bipartisan bills that would provide billions more to keep ACP running.

    In the meantime, organizations continue to hash out what managing a remote and/or hybrid workforce looks like to them, recognizing that “there is no one-size-fits all model for every worker and every team,” Paulman said.

    Widespread support

    The good news for the program and those using it is it has high-profile supporters that want to see it continue. Chief among them is US President Joseph R. Biden Jr., who has urged Congress to provide additional funding for the ACP. The program is key to the president’s commitment to providing more universal access to broadband-speed internet.

    “For President Biden, internet is like water,” Biden advisor and assistant Tom Perez said during a briefing on Monday. “It’s an essential public necessity that should be affordable and accessible to everyone.”

    Verizon, Comcast and AT&T — among the 1,700 internet service providers that have been notifying customers about the potential end of the program — also called on Congress to extend the program.

    Copyright © 2024 IDG Communications, Inc.

    [ad_2]

  • Google Workspace tips and tutorials

    Google Workspace tips and tutorials

    [ad_1]

    From its humble origins as a collection of cloud apps known as Gmail for Your Domain, Google’s office suite has greatly expanded and matured over the years. Rebranded multiple times as Google Apps, G Suite, and finally Google Workspace, it’s now a full-scope productivity and collaboration suite with subscription plans for organizations ranging from the smallest businesses through the largest enterprises.

    If you’re new to Google Workspace or want to get more out of its apps, our collection of step-by-step tutorials can help.

    Google Workspace: Get started

    Google Docs cheat sheet

    How to use Google Docs to create, edit, and collaborate on documents online.

    Google Sheets cheat sheet

    How to use Google Sheets to create, work with, and collaborate on spreadsheets.

    Google Slides cheat sheet

    How to use Google Slides to create, collaborate on, and lead business presentations.

    The business user’s guide to Gmail

    Whether you’re new to Gmail or just want to make the most of its many layers, this in-depth guide will turn you into a Google email pro in no time.

    How to use Google Drive for collaboration

    Sharing Google Docs, Sheets, and Slides files makes it easy to collaborate with colleagues on documents, presentations, and spreadsheets. Here’s how.

    Google Meet cheat sheet

    Need to get up and running with Google’s online meeting app quickly? We’ve got you covered.

    Google Forms cheat sheet

    You can use Google Forms to create online surveys, quizzes, and feedback pages. Here’s how.

    Google Keep cheat sheet

    Get up and running with Google’s powerful note-taking app.

    Google Tasks cheat sheet

    Use Google Workspace’s built-in task manager to build to-do lists and get reminders about upcoming tasks.

    The business user’s guide to Google Voice

    Google Voice can add a whole new layer of power into your professional phone setup — once you figure out how to use it. Here’s help.

    Google Workspace: Level up

    How to use the new AI writing tool in Google Docs and Gmail

    Help Me Write is a new generative AI writing tool built into Gmail and Google Docs. Here’s how to get the most out of it while avoiding its pitfalls.

    New! How to use the new genAI template tool in Google Sheets

    Help Me Organize, a generative AI tool in Google Sheets, can whip up templates for project schedules, budgets, charts, and more. Learn how to use it and write effective prompts for best results.

    How to use smart chips in Google Docs and Sheets

    Smart chips are interactive elements you embed in Google documents and spreadsheets. Learn about the different types of smart chips and how to use them for enhanced collaboration.

    New! 4 advanced ‘smart chip’ tips for Google Docs and Sheets

    Use these advanced tips to take smart chips to the next level.

    New! How to use Google Sheets for project management

    Google Sheets is great for calculations and data analysis, but it also offers several built-in tools for basic tracking of team projects.

    New! Make your own business templates in Google Docs

    Give your team a head start on business documents by creating a set of custom templates they can use over and over again.

    Gmail for business: The best tips, time-savers, and advanced advice

    Ready to become a certified Gmail master? This collection of expert Google knowledge has everything you need. Learn how to tame your inbox with labels, save time with templates, maximize collaboration in Gmail’s interface, and much more.

    Google Docs: How to add charts, citations, and more

    In Google Docs, you can easily enhance your documents with professional elements like a table of contents, a watermark, charts, and citations. We show you how.

    Google Sheets: How to use dropdown lists

    Embedding dropdown lists in a spreadsheet saves time and ensures accuracy. Here’s how to make the most of them in Google Sheets.

    Google Sheets: How to use filters and slicers

    Filters and slicers help you highlight key data in a spreadsheet by hiding less relevant data. Here’s how to make them work for you in Google Sheets.

    Google Sheets: How to use pivot tables

    Pivot tables let you parse raw spreadsheet data to display specific information in a concise, easy-to-digest format. Here’s how to use them in Google Sheets.

    How Gmail filters can help organize your inbox

    Automate your inbox and enhance your organization by taking full advantage of what Gmail filters have to offer.

    Google Sheets: How to create an automatically updating spreadsheet

    Tired of finding, copying, and pasting data into spreadsheets? With just a few lines of code, you can set up a self-updating spreadsheet in Google Sheets that fetches and stores data for you.

    3 clever new tricks to turn Google Docs into a collaboration superhub

    These out-of-sight options connect Docs to Gmail and Google Calendar and make all of those services infinitely more useful.

    5 smart secrets for a better Google Tasks experience

    If you aren’t yet using these Google Tasks power tools, good golly: You’re missing out.

    9 handy hidden features in Google Docs on Android

    Boost your mobile productivity with these power-packed, time-saving features in the Docs Android app.

    14 handy hidden tricks for Google Calendar on Android

    Upgrade your agenda with these tucked-away time-savers in the Android Calendar app.

    25 top tips for Google Keep on Android

    Turn Google’s note-taking app into a powerful mobile productivity tool with these easy-to-follow tips.

    Google Workspace: More useful info

    6 fast fixes for common Google Docs problems

    Knock down distressing Docs issues in no time with these easy-to-implement, expert-approved solutions.

    6 fast fixes for common Google Drive problems

    Eliminate annoyances and say sayonara to storage struggles with these easy-to-implement, expert-approved solutions.

    9 Chrome extensions that supercharge Google Drive

    Add these extensions for Chrome to work faster and smarter with Google Drive and Google’s productivity apps, Docs, Sheets, and Slides.

    Copyright © 2024 IDG Communications, Inc.

    [ad_2]

  • Vision Pro’s killer feature? It’s a wearable Mac

    Vision Pro’s killer feature? It’s a wearable Mac

    [ad_1]

    It’s really important to remember that the new Vision Pro, unlike other mixed-reality headsets, isn’t limited to entertainment and gaming. Compared to rivals, the device’s killer app is actually productivity.

    That is, after all, perhaps why Apple CEO Tim Cook told Vanity Fair he uses Vision Pro for productive tasks. With the first Vision Pro devices arriving on Friday, productivity apps are on the way, too. Apple says 600 apps designed specifically for the platform are already available, with millions more compatible.

    Why productivity matters

    That’s good news for Apple, of course, as you can’t claim a successful tech product on the absence of great apps to back that argument up.

    Think back to the iPhone — or even the Macintosh — and it was the emergence of productivity apps on both platforms that helped them make the leap from consumer bauble to enterprise essential. After all, VisiCalc wasn’t just the first spreadsheet program for personal computers released exclusively for the Apple II, it was also the app that ultimately led to the computing experiences we take for granted today.

    We’re seeing this again in Vision Pro, with Microsoft confirming plans to introduce Office apps for visionOS, and Ukraine’s Readdle delivering a powerful new suite of PDF applications for use in Apple’s reality distortion field. This perhaps shows the extent to which people in the business recognize the opportunity to build creative productivity solutions for Apple’s new world of spatial computing.

    “Apple Vision Pro is unlocking the imaginations of our worldwide developer community, and we’re inspired by the range of spatial experiences they’ve created for this exciting new platform,” said Susan Prescott, Apple’s vice president of worldwide developer relations.

    Microsoft gets inside your head

    Microsoft seems to be embracing Apple’s vision for visionOS. The company has confirmed that several of its apps, including Word, Excel, PowerPoint, and Teams will come to the platform on launch. And versions of OneNote and Outlook are on the way.

    The applications seem like the existing iPad versions of the same software, but have a few tweaks custom made for the platform, including a ribbon toolbar to access different tools and settings. One exception is Teams, which will support the virtual persona feature Apple introduced in Vision Pro. You’ll also be able to use a little generative AI in visionOS space, as Microsoft Copilot is available to these apps, coming to the App Store now.

    Ukraine’s Readdle brings PDF and mail

    Readdle is bringing two of its award-winning productivity apps, PDF Expert and Spark Mail — these are spatial versions of the company’s existing iPad apps. If you make a lot of use of PDFs and haven’t yet come across PDF Expert, you really should give it a try — it’s an outstanding PDF editor for Apple devices and now includes the company’s beta AI Chat application.

    The Apple App Store Editor’s award-winning Spark Mail is also worth a look, as it does a good job of making email kind of usable again, with a nice user interface and  numerous email management tools. Spark Mail also includes AI Chat.

    A dream come true for project managers

    Personally, I’m interested to see how powerful project management apps OmniFocus and OmniPlan do on Apple’s new platform; I can’t help but think the infinite canvas in visionOS will be a brilliant space to make sense out of the vast quantity of nested data inside Gantt charts.

    Being able to see the entirety of a project in one view will, in itself, be a vast improvement for managers. 

    “With tools like OmniPlan, you can plan out scenarios and see how your changes ripple through the rest of the project in real time,” Omni Group CEO Ken Case said in a statement. “Large Gantt charts have been in my life for as long as I can remember. It is no exaggeration that modern tools have revolutionized the process of planning huge projects. Until now, those tools have been constrained by your screen. The infinite canvas provided by Apple Vision Pro is a dream come true for project planners, project managers, and industrial engineers.”

    This should have implications in any operational environment; it’s easy to imagine day traders using Vision Pro devices to replace or supplement the triple-display setups so many use to monitor all the data their investment decisions rely on.

    Apps without frontiers

    Apple today noted numerous other productive apps, including enterprise-grade cloud storage stalwart Box and brainstorming application MindNode. Apple also cited Webex, Zoom, Fantastical, Numerics, JigSpace, Navi, Slack, Todoist, and Notion as apps that are, at the very least, compatible with its new platform.

    “This breakthrough technology introduces immersive experiences that fundamentally redefine the way we work by delivering visually stunning interactions without physical limitations,” Aaron Levie, Box’s cofounder and CEO, said in a statement. “From developing the next breakthrough product to reimagining customer experiences, the possibilities are endless.”

    Perhaps he’s right, but ultimately the big advantage Apple’s M-powered wearable computer actually has is that it’s a Mac.

    Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

    Copyright © 2024 IDG Communications, Inc.

    [ad_2]

  • Apple accuses UK gov’t of ‘unprecedented overreach’ on privacy

    Apple accuses UK gov’t of ‘unprecedented overreach’ on privacy

    [ad_1]

    In the name of security, the UK government may well have put a cybersecurity target on the nation’s back, with Apple once again warning that proposed changes to the Investigatory Powers Act 2016 are a “serious and direct threat to data security and information privacy.

    “We are deeply concerned about the amendments to the Investigatory Powers Bill currently before Parliament, which will put the privacy and security of users at risk,” Apple said in a statement. “This is an unprecedented overreach by the government and, if implemented, the UK new user protections could be secretly vetoed globally, preventing us from ever delivering them to customers.”

    The Act is being debated today in the UK House of Lords. Of course, civil liberties groups worldwide condemn these proposals.

    So, what’s the problem?

    The law, allegedly intended to make people safer, will undoubtedly make UK digital infrastructure a tempting target as the regulations will be weaken security there. The biggest problem for Apple, other than the steady erosion of encryption, is that essential security and privacy updates might be delayed or never appear — and without any transparency or scrutiny at all.

    There isn’t even a right of appeal to these Orwellian admonitions.

    Snooper’s charter is hacker’s heaven

    If passed, the law would mean that every tech security update must be reviewed by UK authorities before release, which will immediately delay distribution of vital security patches.

    Hackers will immediately see this means any patched vulnerabilities will be secured in the UK last, making the nation an incredibly attractive target to attack. Hackers are organized enough to spot and exploit weakness. It’s what they do.

    But that’s not the only impact of this foolish law.

    Putting users at risk

    Apple first warned against these dumb proposals in July 2023, when it said they would stifle innovation, commerce, and make the Home Office the “de facto global arbiter of what levels of data security and encryption are allowed.

    “The new powers the Home Office seeks — expanded authority to regulate foreign companies and the ability to pre-screen and block innovative security technologies — could dramatically disrupt the global market for security technologies, putting users in the UK and around the world at greater risk,” Apple said.

    The mechanics of what’s proposed include, but are not confined to:

    • Giving the UK Home Office the power to disable certain encryption services by issuing a Technical Capability Notice.
    • Empowering the Home Office to block security and privacy updates without notifying the public.
    • Requiring tech firms to submit security changes for Home Office approval before launch.
    • Creating new powers for blanket surveillance of internet activity, including far less protection around the use and inspection of bulk data sets.

    And if the UK rejects an update, that update cannot be released in any other nation and the public would not be informed of the decision.

    Apple has already said it might abandon the UK market if it is forced to provide such advance notice of product updates, which would have a chilling impact on everyone in the UK. Apple now employs more than 8,000 people across the country, while the iOS economy supports an estimated 550,000 jobs there.

    A move to exit the UK would certainly dent an already ailing UK economy that is still enduring only a lukewarm post-pandemic recovery.

    Apple made its threat before, when it stood with other messaging apps vendors to insist the UK government abandon attempts to prevent end-to-end encryption of messages.

    The UK government said in a statement, “Ultimately, this is about public safety and ensuring that those tasked with keeping the public safe have the necessary tools to do so.”

    A draconian overreach that should be opposed

    That these proposals do nothing but weaken public security seems to have escaped the architects. After all, without timely software updates, how will tech firms protect us against disgusting attacks against digital civil liberties such as those committed by the NSO Group?

    These tools are a draconian overreach that threaten security — not just of subjects of the Crown in the UK, but also citizens across the world.

    This ill-judged legislation, if passed, will damage the digital economy and will be seen as carte blanche for other repressive governments to deploy similarly retrogressive laws in nations across the world. One can only hope tech firms manage to push this back.

    Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

    Copyright © 2024 IDG Communications, Inc.

    [ad_2]