An anonymous reader quotes a report from Ars Technica: Oregon has joined the small but growing list of states that have passed right-to-repair legislation. Oregon's bill stands out for a provision that would prevent companies from requiring that official parts be unlocked with encrypted software checks before they will fully function. Bill SB 1596 passed Oregon's House by a 42 to 13 margin. Gov. Tina Kotek has five days to sign the bill into law. Consumer groups and right-to-repair advocates praised the bill as "the best bill yet," while the bill's chief sponsor, state Sen. Janeen Sollman (D), pointed to potential waste reductions and an improved second-hand market for closing a digital divide. "Oregon improves on Right to Repair laws in California, Minnesota and New York by making sure that consumers have the choice of buying new parts, used parts, or third-party parts for the gadgets and gizmos," said Gay Gordon-Byrne, executive director of Repair.org, in a statement. Like bills passed in New York, California, and Minnesota, Oregon's bill requires companies to offer the same parts, tools, and documentation to individual and independent repair shops that are already offered to authorized repair technicians. Unlike other states' bills, however, Oregon's bill doesn't demand a set number of years after device manufacture for such repair implements to be produced. That suggests companies could effectively close their repair channels entirely rather than comply with the new requirements. California's bill mandated seven years of availability. If signed, the law's requirements for parts, tools, and documentation would apply to devices sold after 2015, except for phones, which are covered after July 2021. The prohibition against parts pairing only covers devices sold in 2025 and later. Like other repair bills, a number of device categories are exempted, including video game consoles, HVAC and medical gear, solar systems, vehicles, and, very specifically, "Electric toothbrushes."

Read more of this story at Slashdot.

Jess Weatherbed reports via The Verge: Apple's iOS 17.4 update is now available, introducing new emoji and a cryptographic security protocol for iMessage, alongside some major changes to the App Store and contactless payments for the iPhone platform in Europe. Apple is making several of these changes to comply with the EU's Digital Markets Act (DMA), a law that aims to make the digital economy fairer by removing unfair advantages that tech giants hold over businesses and end users. iOS 17.4 will allow third-party developers to offer alternative app marketplaces and app downloads to EU users from outside the iOS App Store. Developers wanting to take advantage of this will be required to go through Apple's approval process and pay Apple a "Core Technology Fee" that charges 50 euro cents per install once an app reaches 1 million downloads annually. iPhone owners in the EU will see different update notes that specifically mention new options available for app stores, web browsers, and payment options. The approval process may take some time, but we know that at least one enterprise-focused app marketplace from Mobivention will be available on March 7th. Epic is also working on releasing the Epic Game Store on iOS in 2024, and software company MacPaw is planning to officially launch its Setapp store in April. iOS 17.4 allows people in the EU to download alternative browser engines that aren't based on Apple's WebKit, such as Chrome and Firefox, with a new choice screen in iOS Safari that will prompt users to select a default browser when opened for the first time. While no browser alternatives have been officially announced, both Google and Mozilla are currently experimenting with new iOS browsers that could eventually be released to the public. Apple is also introducing new APIs that allow third-party developers to utilize the iPhone's NFC payment chip for contactless payment services besides Apple Pay and Apple Wallet in the European Economic Area. No alternative contactless providers have been confirmed yet, but users will find a list of apps that have requested the feature under Settings > Privacy & Security > Contactless & NFC. While Apple previously revealed it was planning to drop support for progressive web apps (PWAs) in the EU to avoid building "an entirely new integration architecture" around DMA compliance, the company now says it will "continue to offer the existing Home Screen web apps capability" for EU users. However, these homescreen apps will still run using WebKit technology, with no option to be powered by third-party browser engines.

Read more of this story at Slashdot.

Richard Speed reports via The Register: Copilot in Windows is set to get even more assertive after Microsoft added a function that makes the AI assistant's window pop up after a user's cursor hovers over the icon in the task bar. [...] Windows Insiders on the Beta Channel â" with the option to get the latest updates turned on â" will soon find themselves on the receiving end of what Microsoft calls "a new hover experience for Copilot in Windows" from build 22635.3276. If your mouse cursor happens to drift over to the Copilot icon on the taskbar, the Copilot pane will open to make users aware of the delights on offer. The result, we suspect, will be to educate users in the art of switching off the function. Much like Widgets, which will also make its unwanted presence felt should a user move a mouse over its icon. A swift hop into taskbar settings is all it takes to make the icons disappear, for now at least. The new feature is being piloted but considering the proximity of the Beta Channel to Release Preview, there is every chance the pop-up will, er, pop up in a release version of Windows before long.

Read more of this story at Slashdot.

According to the latest data from StatCounter, Linux's market share has reached 4.03% -- surging by an additional 1% in the last eight months. What's the reason behind this recent growth? "That's a good question," writes ZDNet's Steven Vaughan-Nichols. "While Windows is the king of the hill with 72.13% and MacOS comes in a distant second at 15.46%, it's clear that Linux is making progress." An anonymous Slashdot reader shares the five reasons why Vaughan-Nichols thinks it's growing: 1. Microsoft isn't that interested in Windows If you think Microsoft is all about the desktop and Windows, think again. Microsoft's profits these days come from its Azure cloud and Software-as-a-Service (SaaS), Microsoft 365 in particular. Microsoft doesn't want you to buy Windows; the Redmond powerhouse wants you to subscribe to Windows 365 Cloud PC. And, by the way, you can run Windows 365 Cloud PC on Macs, Chromebooks, Android tablets, iPads, and, oh yes, Linux desktops. 2. Linux gaming, thanks to Steam, is also growing Gaming has never been a strong suit for Linux, but Linux gamers are also a slowly growing group. I suspect that's because Steam, the most popular Linux gaming platform, also has the lion's share of the gaming distribution market 3. Users are finally figuring out that some Linux distros are easy to use Even now, you'll find people who insist that Linux is hard to master. True, if you want to be a Linux power user, Linux will challenge you. But, if all you want to do is work and play, many Linux distributions are suitable for beginners. For example, Linux Mint is simple to use, and it's a great end-user operating system for everyone and anyone. 4. Finding and installing Linux desktop software is easier than ever While some Linux purists dislike containerized application installation programs such as Flatpak, Snap, and AppImage, developers love them. Why? They make it simple to write applications for Linux that don't need to be tuned just right for all the numerous Linux distributions. For users, that means they get more programs to choose from, and they don't need to worry about finicky installation details. 5. The Linux desktop is growing in popularity in India India is now the world's fifth-largest economy, and it's still growing. Do you know what else is growing in India? Desktop Linux. In India, Windows is still the number one operating system with 70.37%, but number two is Linux, with 15.23%. MacOS is way back in fourth place with 3.11%. I suspect this is the case because India's economy is largely based on technology. Where you find serious programmers, you find Linux users.

Read more of this story at Slashdot.

Warner Bros. Discovery said a password crackdown for its Max streaming service is coming later this year, joining competitors Netflix and Disney. TheWrap reports: JB Perrette, WBD's CEO and president of global streaming and games, said the initiative would launch later this year with a broader rollout in 2025. "We think, relative to the scale of our business, it's a meaningful opportunity," Perrette said during Morgan Stanley's 2024 Technology, Media & Telecom Conference in San Francisco on Monday. The push to crack down on password sharing comes as Warner Bros. Discovery narrowed its streaming loss to $55 million during its fourth quarter of 2023, down from a loss of $217 million a year ago. For the full year, it swung to a profit of $103 million, compared to a loss of $1.59 billion in 2022. Looking ahead, WBD said its DTC business would have "modestly negative" EBITDA in the first half of 2024 before turning profitable in the second half. WBD is targeting $1 billion of direct-to-consumer EBITDA in 2025. In its fourth quarter, Warner Bros. Discovery added 1.8 million subscribers in its direct-to-consumer division for a total of 97.7 million. The DTC segment's results include Max, Discovery+ and traditional HBO cable subscriptions. Parrette also discussed interest in transactional ads, notes Ars Technica. Per Perrette: "On the ad format size, we've made lots of improvements from where we were, but we still have a lot of ad format enhancements that will give us more things that we can go to marketers with, [like] shoppable ads [and] other elements of the ad format side of the house that we can improve."

Read more of this story at Slashdot.

Longtime Slashdot reader SonicSpike shares a report from The Intercept: With the new version of Signal, you will no longer broadcast your phone number to everyone you send messages to by default, though you can choose to if you want. Your phone number will still be displayed to contacts who already have it stored in their phones. Going forward, however, when you start a new conversation on Signal, your number won't be shared at all: Contacts will just see the name you use when you set up your Signal profile. So even if your contact is using a custom Signal client, for example, they still won't be able to discover your phone number since the service will never tell it to them. You also now have the option to set a username, which Signal lets you change whenever you want and delete when you don't want it anymore. Rather than directly storing your username as part of your account details, Signal stores a cryptographic hash of your username instead; Signal uses the Ristretto 25519 hashing algorithm, essentially storing a random block of data instead of usernames themselves. This is like how online services can confirm a user's password is valid without storing a copy of the actual password itself. "As far as we're aware, we're the only messaging platform that now has support for usernames that doesn't know everyone's usernames by default," said Josh Lund, a senior technologist at Signal. The move is yet another piece of the Signal ethos to keep as little data on hand as it can, lest the authorities try to intrude on the company. Whittaker explained, "We don't want to be forced to enumerate a directory of usernames." [...] If Signal receives a subpoena demanding that they hand over all account data related to a user with a specific username that is currently active at the time that Signal looks it up, they would be able to link it to an account. That means Signal would turn over that user's phone number, along with the account creation date and the last connection date. Whittaker stressed that this is "a pretty narrow pipeline that is guarded viciously by ACLU lawyers," just to obtain a phone number based on a username. Signal, though, can't confirm how long a given username has been in use, how many other accounts have used it in the past, or anything else about it. If the Signal user briefly used a username and then deleted it, Signal wouldn't even be able to confirm that it was ever in use to begin with, much less which accounts had used it before. In short, if you're worried about Signal handing over your phone number to law enforcement based on your username, you should only set a username when you want someone to contact you, and then delete it afterward. And each time, always set a different username. Likewise, if you want someone to contact you securely, you can send them your Signal link, and, as soon as they make contact, you can reset the link. If Signal receives a subpoena based on a link that was already reset, it will be impossible for them to look up which account it was associated with. If the subpoena demands that Signal turn over account information based on a phone number, rather than a username, Signal could be forced to hand over the cryptographic hash of the account's username, if a username is set. It would be difficult, however, for law enforcement to learn the actual username itself based on its hash. If they already suspect a username, they could use the hash to confirm that it's real. Otherwise, they would have to guess the username using password cracking techniques like dictionary attacks or rainbow tables.

Read more of this story at Slashdot.

In a first-of-its-kind prosecution, a California man was arrested and charged Monday with allegedly smuggling potent, greenhouse gases from Mexico. From a report: Michael Hart, a 58-year-old man from San Diego, pleaded not guilty to smuggling hydrofluorocarbons, or HFCs -- commonly used in air conditioning and refrigeration -- and selling them for profit, in a federal court hearing Monday. According to the indictment, Hart allegedly purchased the HFCs in Mexico and smuggled them into the US in the back of his truck, concealed under a tarp and tools. He is then alleged to have sold them for a profit on sites including Facebook Marketplace and OfferUp. [...] Hart has pleaded not guilty to 13 charges including conspiracy, importation contrary to law and sale of merchandise imported contrary to law. The charges carry potential prison sentences ranging from five to 20 years. HFCs, which are also used in building insulation, fire extinguishing systems and aerosols, are banned from import into the US without permission from the Environmental Protection Agency. These greenhouse gases are short-lived in the atmosphere," but powerful -- some are thousands of times more potent than carbon dioxide in the near-term. "The illegal smuggling of hydrofluorocarbons, a highly potent greenhouse gas, undermines international efforts to combat climate change," said David M. Uhlmann, the assistant administrator for the EPA's Office of Enforcement and Compliance Assurance. "Anyone who seeks to profit from illegal actions that worsen climate change must be held accountable," he added. "Today is a significant milestone for our country," said US Attorney Tara McGrath in a statement. "This is the first time the Department of Justice is prosecuting someone for illegally importing greenhouse gases, and it will not be the last."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: The average toddler is missing out on hearing more than 1,000 words spoken by an adult each day due to screen time, setting back their language skills, a first-of-its kind study has found. The research, published on Tuesday in the Journal of the American Medical Association (Jama) Pediatrics, tracked 220 Australian families over two years to measure the relationship between family screen use and children's language environment. Families recorded all the audio around their child using advanced speech recognition technology over a 16-hour period on an average day at home. They repeated this process every six months between the ages of 12 and 36 months. The lead researcher, Dr Mary Brushe from the Telethon Kids Institute, said: "The technology we use is essentially like a Fitbit, but instead of counting the number of steps, this device counts the number of words spoken by, to and around the child." The device also picked up electronic noise, which the researchers analyzed to calculate screen time. The researchers found young children's exposure to screens including TVs and phones was interfering with their language opportunities, with the association most pronounced at three years of age. For every extra minute of screen time, the three-year-olds in the study were hearing seven fewer words, speaking five fewer words themselves and engaging in one less conversation. The study found the average three-year-old in the study was exposed to two hours and 52 minutes of screen time a day. Researchers estimated this led to those children being exposed to 1,139 fewer adult words, 843 fewer child words and 194 fewer conversations. Because the study couldn't capture parents' silent phone use, including reading emails, texting or quietly scrolling through websites or social media, Brushe said they might have underestimated how much screen usage is affecting children. A language-rich home environment was critical in supporting infants and toddlers' language development, Brushe said. While some educational children's shows were designed to help children's language skills, very young kids in the age group of the study could struggle to translate television shows into their own life, she said. This study did not differentiate between whether children were watching high- or low-quality screen content.

Read more of this story at Slashdot.

Andrew Jones reports via SpaceNews: The China Aerospace Science and Technology Corporation (CASC) plans to launch four-meter and five-meter-diameter reusable rockets for the first time in 2025 and 2026 respectively, Wang Wei, a deputy to the National People's Congress, told China News Service March 4. The reports do not clearly identify the two rockets. CASC is known to be developing a new, 5.0m-diameter crew launch vehicle, known as the Long March 10. A single stick version would be used to launch a new-generation crew spacecraft to low Earth orbit and could potentially fly in 2025. A three-core variant will launch the "Mengzhou" crew spacecraft into trans-lunar orbit. The rocket is key to China's plans to put astronauts on the moon before 2030. The Long March 10 lunar variant will be 92 meters long and be able to launch 27 tons into trans-lunar orbit. The 4.0-meter-diameter launcher could be a rocket earlier proposed by CASC's Shanghai Academy of Spaceflight Technology (SAST). That rocket would be able to launch up to 6,500 kg of payload to 700-kilometer sun-synchronous orbit (SSO). It would notably use engines developed by the commercial engine maker Jiuzhou Yunjian. CASC's first move to develop a reusable rocket centered on making a recoverable version of the Long March 8. That plan appears to have been abandoned. SAST also plans to debut the 3.8m-diameter Long March 12 later this year from a new commercial launch site. While the Long March 10 has specific, defined uses for lunar and human spaceflight, the second reusable rocket would appear to be in competition with China's commercial rocket companies. While this suggests duplication of effort, it also fits into a national strategy to develop reusable rockets and support commercial ecosystems. The moves would greatly boost China's options for launch and access to space. It would also provide new capacity needed to help construction planned low Earth orbit megaconstellations.

Read more of this story at Slashdot.

Michelle Lewis reports via Electrek: One of the US's largest nuclear power plants will directly power cloud service provider Amazon Web Services' new data center. Power provider Talen Energy sold its data center campus, Cumulus Data Assets, to Amazon Web Services for $650 million. Amazon will develop an up to 960-megawatt (MW) data center at the Salem Township site in Luzerne County, Pennsylvania. The 1,200-acre campus is directly powered by an adjacent 2.5 gigawatt (GW) nuclear power station also owned by Talen Energy. The 1,075-acre Susquehanna Steam Electric Station is the sixth-largest nuclear power plant in the US. It's been online since 1983 and produces 63 million kilowatt hours per day. The plant has two General Electric boiling water reactors within a Mark II containment building that are licensed through 2042 and 2044. According to Talen Energy's investor presentation, it will supply fixed-price nuclear power to Amazon's new data center as it's built. Amazon has minimum contractual power commitments that ramp up in 120 MW increments over several years. The cloud service giant has a one-time option to cap commitments at 480 MW and two 10-year extension options tied to nuclear license renewals.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Krebs on Security: There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. "ALPHV") as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change's network says the crime gang cheated them out of their share of the ransom, and that they still have the sensitive data Change reportedly paid the group to destroy. Meanwhile, the affiliate's disclosure appears to have prompted BlackCat to cease operations entirely. [...] The affiliate claimed BlackCat/ALPHV took the $22 million payment but never paid him his percentage of the ransom. BlackCat is known as a "ransomware-as-service" collective, meaning they rely on freelancers or affiliates to infect new networks with their ransomware. And those affiliates in turn earn commissions ranging from 60 to 90 percent of any ransom amount paid. "But after receiving the payment ALPHV team decide to suspend our account and keep lying and delaying when we contacted ALPHV admin," the affiliate "Notchy" wrote. "Sadly for Change Healthcare, their data [is] still with us." [...] On the bright side, Notchy's complaint seems to have been the final nail in the coffin for the BlackCat ransomware group, which was infiltrated by the FBI and foreign law enforcement partners in late December 2023. As part of that action, the government seized the BlackCat website and released a decryption tool to help victims recover their systems. BlackCat responded by re-forming, and increasing affiliate commissions to as much as 90 percent. The ransomware group also declared it was formally removing any restrictions or discouragement against targeting hospitals and healthcare providers. However, instead of responding that they would compensate and placate Notchy, a representative for BlackCat said today the group was shutting down and that it had already found a buyer for its ransomware source code. [...] BlackCat's website now features a seizure notice from the FBI, but several researchers noted that this image seems to have been merely cut and pasted from the notice the FBI left in its December raid of BlackCat's network. Fabian Wosar, head of ransomware research at the security firm Emsisoft, said it appears BlackCat leaders are trying to pull an "exit scam" on affiliates by withholding many ransomware payment commissions at once and shutting down the service. "ALPHV/BlackCat did not get seized," Wosar wrote on Twitter/X today. "They are exit scamming their affiliates. It is blatantly obvious when you check the source code of their new takedown notice." Dmitry Smilyanets, a researcher for the security firm Recorded Future, said BlackCat's exit scam was especially dangerous because the affiliate still has all the stolen data, and could still demand additional payment or leak the information on his own. "The affiliates still have this data, and they're mad they didn't receive this money, Smilyanets told Wired.com. "It's a good lesson for everyone. You cannot trust criminals; their word is worth nothing."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Register: Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information -- including bank account and routing numbers, credit card numbers and security or access codes -- after breaking into Infosys' IT systems in the fall. According to Fidelity, in documents filed with the Maine attorney general's office, miscreants "likely acquired" information about 28,268 people's life insurance policies after infiltrating Infosys. "At this point, [Infosys] are unable to determine with certainty what personal information was accessed as a result of this incident," the insurer noted in a letter [PDF] sent to customers. However, the US-headquartered firm says it "believes" the data included: names, Social Security numbers, states of residence, bank accounts and routing numbers, or credit/debit card numbers in combination with access code, password, and PIN for the account, and dates of birth. In other words: Potentially everything needed to drain a ton of people's bank accounts, pull off any number of identity theft-related scams -- or at least go on a massive online shopping spree. LockBit claimed to be behind the Infosys intrusion in November, shortly after the Indian tech services titan disclosed the "cybersecurity incident" affecting its US subsidiary, Infosys McCamish Systems aka IMS. It reported that the intrusion shuttered some of its applications and IT systems [PDF]. This was before law enforcement shut down at least some of LockBit's infrastructure in December, although that's never a guarantee that the gang will slink off into obscurity -- as we're already seen. "Since learning of this event, we have been engaged with IMS to understand IMS's actions to investigate and contain the event, implement remedial measures, and safely restore its services," Fidelity assured its customers. "In addition, we remain engaged with IMS as they continue their investigation of this incident and its impact on the data they maintain."

Read more of this story at Slashdot.

Waymo announced that it will begin shuttling employees around 43 square miles of Austin, Texas, including the Barton Hills, Riverside, East Austin and Hyde Park neighborhoods, as well as downtown Austin. As TechCrunch notes, it's "a crucial step before the company opens the program up to the public." From the report: The step forward comes just a few days after Waymo won the ability to start charging for rides in expanded territory across both Los Angeles and the San Francisco Bay Area. Waymo didn't offer a timeline for when it plans to start offering autonomous rides to the citizens of Austin. When it does, it will become the fourth city where the company's robotaxis are officially in operation, following LA, SF and Phoenix.

Read more of this story at Slashdot.

Trust in AI technology and the companies that develop it is dropping, in both the U.S. and around the world, according to new data from Edelman shared first with Axios. Axios reports: Globally, trust in AI companies has dropped to 53%, down from 61% five years ago. In the U.S., trust has dropped 15 percentage points (from 50% to 35%) over the same period. Trust in AI is low across political lines. Democrats trust in AI companies is 38%, independents are at 25% and Republicans at 24%. Tech is losing its lead as the most trusted sector. Eight years ago, technology was the leading industry in trust in 90% of the countries Edelman studies. Today, it is the most trusted in only half of countries. People in developing countries are more likely to embrace AI than those in developed ones. Respondents in France, Canada, Ireland, UK, U.S., Germany, Australia, the Netherlands and Sweden reject the growing use of AI by a three-to-one margin, Edelman said. By contrast, acceptance outpaces resistance by a wide margin in developing markets such as Saudi Arabia, India, China, Kenya, Nigeria and Thailand. "When it comes to AI regulation, the public's response is pretty clear: 'What regulation?'," said Edelman global technology chair Justin Westcott. "There's a clear and urgent call for regulators to meet the public's expectations head on."

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Google today is sharing more details about the fees that will accompany its plan to comply with Europe's new Digital Markets Act (DMA), the new regulation aimed at increasing competition across the app store ecosystem. While Google yesterday pointed to ways it already complied with the DMA -- by allowing sideloading of apps, for example -- it hadn't yet shared specifics about the fees that would apply to developers, noting that further details would come out this week. That time is now, as it turns out. Today, Google shared that there will be two fees that apply to its External offers program, also announced yesterday. This new program allows Play Store developers to lead their users in the EEA outside their app, including to promote offers. With these fees, Google is going the route of Apple, which reduced its App Store commissions in the EU to comply with the DMA but implemented a new Core Technology Fee that required developers to pay 0.50 euros for each first annual install per year over a 1 million threshold for apps distributed outside the App Store. Apple justified the fee by explaining that the services it provides developers extend beyond payment processing and include the work it does to support app creation and discovery, craft APIs, frameworks and tools to support developers' app creation work, fight fraud and more. Google is taking a similar tactic, saying today that "Google Play's service fee has never been simply a fee for payment processing -- it reflects the value provided by Android and Play and supports our continued investments across Android and Google Play, allowing for the user and developer features that people count on," a blog post states. It says there will now be two fees that accompany External Offers program transactions: - An initial acquisition fee, which is 10% for in-app purchases or 5% for subscriptions for two years. Google says this fee represents the value that Play provided in facilitating the initial user acquisition through the Play Store. - An ongoing services fee, which is 17% for in-app purchases or 7% for subscriptions. This reflects the "broader value Play provides users and developers, including ongoing services such as parental controls, security scanning, fraud prevention, and continuous app updates," writes Google. Of note, a developer can opt out of the ongoing services and corresponding fees, if the user agrees, after two years. Users who initially installed the app believe they'll have services like parental controls, security scanning, fraud prevention and continuous app updates, which is why opting out requires user consent. Although Google allows the developer to terminate this fee, those ongoing services will no longer apply either. Developers, however, will still be responsible for reporting transactions involving those users who are continuing to receive Play Store services.

Read more of this story at Slashdot.

Huawei is back from the dead after recording a sales jump of 64% in the first six weeks of 2024 compared to a year earlier. Meanwhile, Apple's iPhone sales in China fell by 24% during the same period. The BBC reports: Aside from a resurgence of Huawei sales at the more expensive end of the Chinese phone market, Apple was also "squeezed in the middle on aggressive pricing from the likes of Oppo, Vivo and Xiaomi," Counterpoint Research's Mengmeng Zhang wrote. China, which is one of Apple's biggest markets, also saw overall smartphone sales shrink by 7% in the same period, the report said. Huawei struggled for years due to US sanctions but its sales surged after releasing its Mate 60 series of 5G smartphones in August. It came as a major surprise as the Chinese firm was cut off from key chips and technology required for 5G mobile internet. Honor, which is the smartphone brand spun off from Huawei in 2020, was the only other top-five brand to see sales increase in China during the period, according to the report. Sales of Vivo, Xiaomi and Oppo also fell in the first six weeks of the year, Counterpoint said. Its report also said Apple's share of the Chinese smartphone market dropped to 15.7% from 19% last year, putting it in fourth place as it fell from the number two spot. Meanwhile, Huawei rose to second place as its market share grew to 16.5% from 9.4% a year earlier. Despite its sales falling by 15% over the last year, Vivo remained China's top-selling smartphone maker, Counterpoint said.

Read more of this story at Slashdot.

dcblogs writes: A recent study in the National Bureau of Economic Research has found that companies are quietly adapting to rising temperatures by shifting operations from hotter to cooler locations. The researchers analyzed data from 50,000 companies between 2009 and 2020. "To illustrate the economic impact, the researchers found that when a company with equal employment across two counties experiences a heat shock in one county, there is a subsequent 0.7% increase in employment growth in the unaffected county over a three-year horizon," reports TechTarget. "The finding is significant, given that the mean employment growth for the sample of businesses in the study is 2.4%." Heat shocks are characterized by their severe impact on health, energy grids, and increased fire risks, influencing companies with multiple locations to reconsider their geographical distribution of operations. Despite this trend, states like Arizona and Nevada, which have some of the highest heat-related death tolls, continue to experience rapid business expansion. Experts believe that factors such as labor pool, taxes, and regulations still outweigh environmental climate risks when it comes to business site selection. But heat associated deaths are on the rise. In the Phoenix area alone, it experienced 425 heat related deaths in 2022 and a similar number in 2023 -- record highs for this region. The study suggests that the implications of climate change on business operations are becoming more apparent. Companies are beginning to evaluate climate risks as part of their regular risk assessment process.

Read more of this story at Slashdot.

Linwei Ding, a former Google software engineer, has been indicted for stealing trade secrets related to AI to benefit two Chinese companies. He faces up to 10 years in prison and a $250,000 fine on each criminal count. Reuters reports: Ding's indictment was unveiled a little over a year after the Biden administration created an interagency Disruptive Technology Strike Force to help stop advanced technology being acquired by countries such as China and Russia, or potentially threaten national security. "The Justice Department just will not tolerate the theft of our trade secrets and intelligence," U.S. Attorney General Merrick Garland said at a conference in San Francisco. According to the indictment, Ding stole detailed information about the hardware infrastructure and software platform that lets Google's supercomputing data centers train large AI models through machine learning. The stolen information included details about chips and systems, and software that helps power a supercomputer "capable of executing at the cutting edge of machine learning and AI technology," the indictment said. Google designed some of the allegedly stolen chip blueprints to gain an edge over cloud computing rivals Amazon.com and Microsoft, which design their own, and reduce its reliance on chips from Nvidia. Hired by Google in 2019, Ding allegedly began his thefts three years later, while he was being courted to become chief technology officer for an early-stage Chinese tech company, and by May 2023 had uploaded more than 500 confidential files. The indictment said Ding founded his own technology company that month, and circulated a document to a chat group that said "We have experience with Google's ten-thousand-card computational power platform; we just need to replicate and upgrade it." Google became suspicious of Ding in December 2023 and took away his laptop on Jan. 4, 2024, the day before Ding planned to resign. A Google spokesperson said: "We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets. After an investigation, we found that this employee stole numerous documents, and we quickly referred the case to law enforcement."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: VMware is urging customers to patch critical vulnerabilities that make it possible for hackers to break out of sandbox and hypervisor protections in all versions, including out-of-support ones, of VMware ESXi, Workstation, Fusion, and Cloud Foundation products. A constellation of four vulnerabilities -- two carrying severity ratings of 9.3 out of a possible 10 -- are serious because they undermine the fundamental purpose of the VMware products, which is to run sensitive operations inside a virtual machine that's segmented from the host machine. VMware officials said that the prospect of a hypervisor escape warranted an immediate response under the company's IT Infrastructure Library, a process usually abbreviated as ITIL. "In ITIL terms, this situation qualifies as an emergency change, necessitating prompt action from your organization," the officials wrote in a post. "However, the appropriate security response varies depending on specific circumstances." Among the specific circumstances, one concerns which vulnerable product a customer is using, and another is whether and how it may be positioned behind a firewall. A VMware advisory included the following matrix showing how the vulnerabilities -- tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 -- affect each of the vulnerable products [...]. Three of the vulnerabilities affect the USB controller the products use to support peripheral devices such as keyboards and mice. Broadcom, the VMware parent company, is urging customers to patch vulnerable products. As a workaround, users can remove USB controllers from vulnerable virtual machines, but Broadcom stressed that this measure could degrade virtual console functionality and should be viewed as only a temporary solution. In an article explaining how to remove a USB controller, officials wrote: "The workaround is to remove all USB controllers from the Virtual Machine. As a result, USB passthrough functionality will be unavailable. In addition, virtual/emulated USB devices, such as VMware virtual USB stick or dongle, will not be available for use by the virtual machine. In contrast, the default keyboard/mouse as input devices are not affected as they are, by default, not connected through USB protocol but have a driver that does software device emulation in the guest OS. IMPORTANT: Certain guest operating systems, including Mac OS, do not support using a PS/2 mouse and keyboard. These guest operating systems will be left without a mouse and keyboard without a USB controller."

Read more of this story at Slashdot.