David Snow reports via Cult of Mac: A new report from Consumer Intelligence Research Partners (CIRP) shows Apple News+ growing its subscription rate about four times as fast as major news sites are. CIRP showed Apple increased its News+ subscriptions in the United States from 15% to 24% between 2020 to 2024, a 9% increase. In that same period, The New York Times and The Washington Post managed a 2% bump apiece and The Wall Street Journal managed a 3% increase. The results come from data measuring how many Apple product buyers say they subscribe to the News+ service.

CIRP also cited a report indicating that the Apple News+ partnership program is increasingly becoming a lifeline for news websites losing revenue, according to major publishers. And as far as the growth of Apple News+ subscription growth is concerned, it may keep growing as long as the user install base for devices keeps growing. "One-quarter of the U.S. base of Apple customers represents tens of millions of users, an enormous audience relative to what individual media outlets can expect on their own," CIRP noted.

"Apple's done a fantastic job of really innovating on the Mac," Microsoft CEO Satya Nadella told the Wall Street Journal in a video interview this week.

. Then he said "We are gonna outperform them" with the upcoming Copilot+ laptops from Acer, ASUS, Dell, HP, Lenovo and Samsung that have been completely reengineered for AI — and begin shipping in less than four weeks. Satya Nadella: Qualcomm's got a new [ARM Snapdragon X] processor, which we've optimized Windows for. The battery lab, I've been using it now — I mean, it's 22 hours of continuous video playback... [Apple also uses ARM chips in its MacBooks]. We finally feel we have a very competitive product between Surface Pro and the Surface laptops. We have essentially the best specs when it comes to ARM-based silicon and performance or the NPU performance.

WSJ: Microsoft says the Surfaces are 58% faster than the MacBook Air with M3, and has 20% longer battery life.
The video includes a demonstration of local live translation powered by "small language models" stored on the device. ("It can translate live video calls or in-person conversations from 44 different languages into English. And it's fast.")

And in an accompanying article, the Journal's reporter also tested out the AI-powered image generator coming to Microsoft Paint.

As a longtime MS Paint stick-figure and box-house artist, I was delighted by this new tool. I typed in a prompt: "A Windows XP wallpaper with a mountain and sky." Then, as I started drawing, an AI image appeared in a new canvas alongside mine. When I changed a color in my sketch, it changed a color in the generated image. Microsoft says it still sends the prompt to the cloud to ensure content safety.
Privacy was also touched on. Discussing the AI-powered "Recall" search functionality, the Journal's reporter notes that users can stop it from taking screenshots of certain web sites or apps, or turn it off entirely... But they point out "There could be this reaction from some people that this is pretty creepy. Microsoft is taking screenshots of everything I do."

Nadella reminds them that "it's all being done locally, right...? That's the promise... That's one of the reasons why Recall works as a magical thing: because I can trust it, that it is on my computer."

Copilot will be powered by OpenAI's new GPT-4o, the Journal notes — before showing Satya Nadella saying "It's kind of like a new browser effectively." Satya Nadella: So, it's right there. It sees the screen, it sees the world, it hears you. And so, it's kind of like that personal agent that's always there that you want to talk to. You can interrupt it. It can interrupt you.
Nadella says though the laptop is optimized for Copilot, that's just the beginning, and "I fully expect Copilot to be everywhere" — along with its innovatively individualized "personal agent" interface. "It's gonna be ambient.... It'll go on the phone, right? I'll use it on WhatsApp. I'll use it on any other messaging platform. It'll be on speakers everywhere." Nadella says combining GPT-40 with Copilot's interface is "the type of magic that we wanna bring — first to Windows and everywhere else... The future I see is a computer that understands me versus a computer that I have to understand.

The interview ends when the reporter holds up the result — their own homegrown rendition of Windows XP's default background image "Bliss."

An anonymous reader shares a report: Apple is working on all-screen foldable devices. Unlike its competitors, however, its focus seems less on foldable smartphones and tablets, and instead on an all-screen foldable laptop. Ming-Chi Kuo has previously reported that Apple was developing a 20.3-inch MacBook device for 2027, but today the analyst has shared several key new details about the futuristic MacBook model. One such detail is that Apple is now eyeing an earlier 2026 launch for the product.

Here are some of the key features Kuo expects to see in the all-screen MacBook:
1. Multiple foldable screen options are still possible, with the rumored 20.3-inch display potentially replaced by an 18.8-inch panel. The former would, when folded, resemble a current 14-15-inch MacBook, while the latter would correspond better to a modern day 13-14-inch model like the smaller MacBook Air.
2. A 2026 debut is now expected for the device, one year earlier than previously reported.
3. The MacBook is expected to receive an M5-series chip, which lines up with the expected timeline of the M4 spreading to the whole Mac lineup by the end of 2025.
4. Apple's goal is to provide a crease-free design for the foldable display.

An anonymous reader quotes a report from Krebs On Security: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally -- including non-Apple devices like Starlink systems -- and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices. Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates.

Both Apple and Google operate their own Wi-Fi-based Positioning Systems (WPS) that obtain certain hardware identifiers from all wireless access points that come within range of their mobile devices. Both record the Media Access Control (MAC) address that a Wi-FI access point uses, known as a Basic Service Set Identifier or BSSID. Periodically, Apple and Google mobile devices will forward their locations -- by querying GPS and/or by using cellular towers as landmarks -- along with any nearby BSSIDs. This combination of data allows Apple and Google devices to figure out where they are within a few feet or meters, and it's what allows your mobile phone to continue displaying your planned route even when the device can't get a fix on GPS.

With Google's WPS, a wireless device submits a list of nearby Wi-Fi access point BSSIDs and their signal strengths -- via an application programming interface (API) request to Google -- whose WPS responds with the device's computed position. Google's WPS requires at least two BSSIDs to calculate a device's approximate position. Apple's WPS also accepts a list of nearby BSSIDs, but instead of computing the device's location based off the set of observed access points and their received signal strengths and then reporting that result to the user, Apple's API will return the geolocations of up to 400 hundred more BSSIDs that are nearby the one requested. It then uses approximately eight of those BSSIDs to work out the user's location based on known landmarks.

In essence, Google's WPS computes the user's location and shares it with the device. Apple's WPS gives its devices a large enough amount of data about the location of known access points in the area that the devices can do that estimation on their own. That's according to two researchers at the University of Maryland, who theorized they could use the verbosity of Apple's API to map the movement of individual devices into and out of virtually any defined area of the world. The UMD pair said they spent a month early in their research continuously querying the API, asking it for the location of more than a billion BSSIDs generated at random. They learned that while only about three million of those randomly generated BSSIDs were known to Apple's Wi-Fi geolocation API, Apple also returned an additional 488 million BSSID locations already stored in its WPS from other lookups. "Plotting the locations returned by Apple's WPS between November 2022 and November 2023, Levin and Rye saw they had a near global view of the locations tied to more than two billion Wi-Fi access points," the report adds. "The map showed geolocated access points in nearly every corner of the globe, apart from almost the entirety of China, vast stretches of desert wilderness in central Australia and Africa, and deep in the rainforests of South America."

The researchers wrote: "We observe routers move between cities and countries, potentially representing their owner's relocation or a business transaction between an old and new owner. While there is not necessarily a 1-to-1 relationship between Wi-Fi routers and users, home routers typically only have several. If these users are vulnerable populations, such as those fleeing intimate partner violence or a stalker, their router simply being online can disclose their new location."

A copy of the UMD research is available here (PDF).

An anonymous reader quotes a report from Ars Technica: Microsoft is going all-in on Arm-powered Windows PCs today with the introduction of a Snapdragon X Elite-powered Surface Pro convertible and Surface Laptop, and there are inevitable comparisons to draw with another big company that recently shifted from Intel's processors to Arm-based designs: Apple. A huge part of the Apple Silicon transition's success was Rosetta 2, a translation layer that makes it relatively seamless to run most Intel Mac apps on an Apple Silicon Mac with no extra effort required from the user or the app's developer. Windows 11 has similar translation capabilities, and with the Windows 11 24H2 update, that app translation technology is getting a name: Prism.

Microsoft says that Prism isn't just a new name for the same old translation technology. Translated apps should run between 10 and 20 percent faster on the same Arm hardware after installing the Windows 11 24H2 update, offering some trickle-down benefits that users of the handful of Arm-based Windows 11 PCs should notice even if they don't shell out for new hardware. The company says that Prism's performance should be similar to Rosetta's, though obviously this depends on the speed of the hardware you're running it on. Microsoft also claims that Prism will further improve the translation layer's compatibility with x86 apps, though the company didn't get into detail about the exact changes it had made on this front.

This week, in celebration of Global Accessibility Awareness Day, Apple is introducing several new accessibility features. Noteworthy additions include eye-tracking support for recent iPhone and iPad models, customizable vocal shortcuts, music haptics, and vehicle motion cues. Engadget reports: The most intriguing feature of the set is the ability to use the front-facing camera on iPhones or iPads (at least those with the A12 chip or later) to navigate the software without additional hardware or accessories. With this enabled, people can look at their screen to move through elements like apps and menus, then linger on an item to select it. That pause to select is something Apple calls Dwell Control, which has already been available elsewhere in the company's ecosystem like in Mac's accessibility settings. The setup and calibration process should only take a few seconds, and on-device AI is at work to understand your gaze. It'll also work with third-party apps from launch, since it's a layer in the OS like Assistive Touch. Since Apple already supported eye-tracking in iOS and iPadOS with eye-detection devices connected, the news today is the ability to do so without extra hardware. [...]

There are plenty more features coming to the company's suite of products, including Live Captions in VisionOS, a new Reader mode in Magnifier, support for multi-line braille and a virtual trackpad for those who use Assistive Touch. It's not yet clear when all of these announced updates will roll out, though Apple has historically made these features available in upcoming versions of iOS. With its developer conference WWDC just a few weeks away, it's likely many of today's tools get officially released with the next iOS. Apple detailed all the new features in a press release.

Tech columnist and venture investor MG Siegler, commenting on the new iPad Pro: I love the iPad for the things it's good at. And I love the MacBook for the things it's good at. What I want is less a completely combined device and more a single device that can run both macOS and iPadOS. And this new iPad Pro, again equipped with a chip faster than any MacBook, can do that if Apple allowed it to.

At first, maybe it's dual boot. That is, just let the iPad Pro load up macOS if it's attached to the Magic Keyboard and use the screen as a regular (but beautiful) monitor -- no touch. Over time, maybe macOS is just a "mode" inside of iPadOS -- complete with some elements updated to be touch-friendly, but not touch-first. Steven Sinofsky, the former head of Microsoft's Windows division, chiming in: It is not unusual for customers to want the best of all worlds. It is why Detroit invented convertibles and el caminos.

But the idea of a "dual boot" device is just nuts. It is guaranteed the only reality is it is running the wrong OS all the time for whatever you want to do. It is a toaster-refrigerator. Only techies like devices that "presto-change" into something else. Regular humans never flocked to El Caminos, and even today SUVs just became station wagons and almost none actually go off road :-)

Two things that keep going unanswered if you really want macOS on an iPad device:

1. What software on Mac do you want for an iPad device experience? What software will get rewritten for touch? If you want "touch-enabled" check out what happened on the Windows desktop. Nearly everything people say they want isn't features as much as the mouse interaction model. People want overlapping windows, a desktop of folders, infinitely resizable windows, and so on. These don't work on touch very well and certainly not for people who don't want to futz.
2. Will you be happy with battery life? The physics of an iPad mean the battery is 2/3rds the size of a Mac battery. Do you really want that? I don't. The reason the iPad is the 5.x mm device is because the default doesn't have a keyboard holding the battery. This is about the realities. The metaphors that people like on a desktop, heck that they love, just don't work with the blunt instrument of touch. It might be possible to build all new metaphors that use only tough and thus would be great on an iPad but that isn't what they tried. The device grew out of a phone. It's only their incredible work on iPhone that led to Mx silicon and their tireless work on the Mac-centric frameworks that delivered a big chunk (but not all) the privacy, reliability, battery life, security, etc. of the phone on Mac. [...]

Dan Robinson reports via The Register: VMware has made another small but notable post-merger concession to users: the Workstation Pro and Fusion Pro desktop hypervisor products will now be free for personal use. The cloud and virtualization biz, now a Broadcom subsidiary, has announced that its Pro apps will be available under two license models: a "Free Personal Use" or a "Paid Commercial Use" subscription for organizations. Workstation Pro is available for PC users running Windows or Linux, while Fusion Pro is available for Mac systems with either Intel CPUs or Apple's own processors. The two products allow users to create a virtual machine on their local computer for the purpose of running a different operating system or creating a sandbox in which to run certain software. [...]

According to VMware, users will get to decide for themselves if their use case calls for a commercial subscription. There are no functional differences between the two versions, the company states, and the only visual difference is that the free version displays the text: "This product is licensed for personal use only." "This means that everyday users who want a virtual lab on their Mac, Windows, or Linux computer can do so for free simply by registering and downloading the bits from the new download portal located at support.broadcom.com," VMware says. Customers that require a paid commercial subscription must purchase through an authorized Broadcom Advantage partner.

The move also means that VMware's Workstation Player and Fusion Player products are effectively redundant as the Pro products now serve the same role, and so those will no longer be offered for purchase. Organizations with commercial licenses for Fusion Player 13 or Workstation Player 17 can continue to use these, however, and they will continue to be supported for existing end of life (EOL) and end of general support (EoGS) dates.

OpenAI has launched an official macOS app for ChatGPT, with a Windows version coming "later this year." "Both free and paid users will be able to access the new app, but it will only be available to ChatGPT Plus users starting today before a broader rollout in 'the coming weeks,'" reports The Verge. From the report: In the demo shown by OpenAI, users could open the ChatGPT desktop app in a small window, alongside another program. They asked ChatGPT questions about what's on their screen -- whether by typing or saying it. ChatGPT could then respond based on what it "sees." OpenAI says users can ask ChatGPT a question by using the Option + Space keyboard shortcut, as well as take and discuss screenshots within the app. Further reading: OpenAI Launches New Free Model GPT-4o

Apple will deliver some of its upcoming AI features this year via data centers equipped with its own in-house processors, part of a sweeping effort to infuse its devices with AI capabilities. From a report: The company is placing high-end chips -- similar to ones it designed for the Mac -- in cloud-computing servers designed to process the most advanced AI tasks coming to Apple devices, according to people familiar with the matter. Simpler AI-related features will be processed directly on iPhones, iPads and Macs, said the people, who asked not to be identified because the plan is still under wraps.

The move is part of Apple's much-anticipated push into generative artificial intelligence -- the technology behind ChatGPT and other popular tools. The company is playing catch-up with Big Tech rivals in the area but is poised to lay out an ambitious AI strategy at its Worldwide Developers Conference on June 10. Apple's plan to use its own chips and process AI tasks in the cloud was hatched about three years ago, but the company accelerated the timeline after the AI craze -- fueled by OpenAI's ChatGPT and Google's Gemini -- forced it to move more quickly. The first AI server chips will be the M2 Ultra, which was launched last year as part of the Mac Pro and Mac Studio computers, though the company is already eyeing future versions based on the M4 chip

Michael Larabel reports via Phoronix: Building off the recent release of Fedora 40, Fedora Asahi Remix 40 is now available for this downstream of Fedora Linux that's optimized to run on Apple Silicon ARM systems. Fedora Asahi Remix continues to be one of the best ways of enjoying a Linux experience atop recent Apple Macs making use of their in-house M1/M2/M3 SoCs. With the Fedora Asahi Remix 40 release there is now conformant OpenGL 4.6 support thanks to the upgraded Mesa. There is also improved device compatibility with its newer kernel.

Fedora Asahi Remix continues to cater to using the KDE Plasma desktop by default. With the upgrade to Fedora Asahi Remix 40 this also means now transitioning to the KDE Plasma 6.0 desktop environment for their flagship desktop experience. A GNOME variant using GNOME 46 is also available. You can learn more about the release via FedoraMagazine.org. Installation options are available at FedoraProject.org.

Apple reported fiscal second-quarter earnings that topped estimates, despite a 10% drop in iPhone sales. The company also announced that its board had authorized $110 billion in share repurchases, "a 22% increase over last year's $90 billion authorization," notes CNBC. "It's the largest buyback in history, ahead of Apple's previous repurchases." From the report: Apple did not provide formal guidance, but Apple CEO Tim Cook told CNBC's Steve Kovach that overall sales would grow in the "low single digits" during the June quarter. Apple posted $81.8 billion in revenue during the year-ago June quarter and LSEG analysts were looking for a forecast of $83.23 billion. On an earnings call with analysts, Apple finance chief Luca Maestri said the company expected the current quarter will deliver double-digit year-over-year percentage growth in iPad sales. What's more, he said the Services division is forecast to continue growing at about the current high rate it's achieved during the past two quarters.

Apple reported net income of $23.64 billion, or $1.53 per share, down 2% from $24.16 billion, or $1.52 per share, in the year-earlier period. Cook told CNBC that sales in the fiscal second quarter suffered from a difficult comparison to the year-earlier period, when the company realized $5 billion in delayed iPhone 14 sales from Covid-based supply issues. "If you remove that $5 billion from last year's results, we would have grown this quarter on a year-over-year basis," Cook said. "And so that's how we look at it internally from how the company is performing."

Apple said iPhone sales fell nearly 10% to $45.96 billion, suggesting weak demand for the current generation of smartphones, which were released in September. The sales were in line with analyst estimates, and Cook said that without last year's increased sales, iPhone revenue would have been flat. Mac sales were up 4% to $7.45 billion, but they are still below the segment's high-water mark set in 2022. Cook said sales were driven by the company's new MacBook Air models which were released with an upgraded M3 chip in March. Other Products, which is how Apple reports sales of its Apple Watch and AirPods headphones, was down 10% year over year to $7.9 billion.

An anonymous reader shares a report: A software engineer has been keeping nearly 7,500 Firefox tabs open on her Mac computer for over two years -- and doesn't plan on closing them anytime soon. The Firefox power user, who goes by the pseudonym "Hazel" online, posted a screenshot showing 7,470 tabs open earlier this week after finding the browser initially unable to restore all the tabs. Hazel was able to bring the tabs back to life via a Firefox profile cache, however, and tells PCMag that reloading the full session took "no more than a minute."

"I feel like a part of me is restored," Hazel wrote on X once the Firefox tabs had returned. The Firefox fan tells PCMag in a message that she keeps so many tabs open for nostalgia reasons. "I like to scroll back and see clusters of tabs from months ago -- it's like a trip down memory lane on whatever I was doing/learning about/thinking about," she says. Surprisingly, all those tabs haven't impacted the computer's performance. "Firefox is quite memory efficient and isn't actually loading the websites unless I click on the tab -- so it's not very resource intensive," Hazel says.

Apple is doubling down on 8GB of RAM for many of its entry-level Macs, claiming that it's "suitable for many tasks," including browsing, video streaming and even "light" video and image editing. As of this writing, all MacBook Air laptops, the Mac Mini, and the MacBook Pro 14 all start with a base configuration of 8GB RAM -- which can't be upgraded at a later date since the RAM is soldered onto the motherboard. "That might have been OK were it not for the fact that Apple charges a ridiculous $200 to upgrade any of those machines from 8GB to 16GB," notes PC Gamer's Jeremy Laird. Even if an 8GB Mac does some of the previously stated tasks tolerably well, Laird argues that "8GB still isn't acceptable." From the report: That's because a Mac with 8GB can easily run out of memory just browsing the web. That's particularly true with Chrome, which just so happens to be the most popular browser around. Regular Chrome users will know what a memory hog Chrome can be. Right now, I have about 15 tabs open, which is actually pretty low for me. Often, my tab count can blow well past 50 in multiple windows. Handily, Chrome shows you memory usage if you mouse-over a given tab. And three of my current tabs are chewing up over 500MB each. So, that's 1.5GB for just three Chrome tabs. Add a couple more, plus MacOS's underlying memory footprint for just being up and running and you're bang out of RAM.

Overall, I'm using 12.5GB of memory and the only application I have open is Chrome. Oh, and did I mention I'm typing this on a 16GB MacBook Air? I used to have an 8GB Apple silicon Air and to be frank it was a nightmare, constantly running out of memory just browsing the web. That's the point most observers miss. The usual narrative is that 8GB isn't good enough for serious workflows. It isn't but that completely misses the more important point. 8GB isn't even enough for browsing the web.

Apple, aiming to boost sluggish computer sales, is preparing to overhaul its entire Mac line with a new family of in-house processors designed to highlight AI. Bloomberg News: The company, which released its first Macs with M3 chips five months ago, is already nearing production of the next generation -- the M4 processor -- according to people with knowledge of the matter. The new chip will come in at least three main varieties, and Apple is looking to update every Mac model with it, said the people, who asked not to be identified because the plans haven't been announced.

The new Macs are underway at a critical time. After peaking in 2022, Mac sales fell 27% in the last fiscal year, which ended in September. In the holiday period, revenue from the computer line was flat. Apple attempted to breathe new life into the Mac business with an M3-focused launch event last October, but those chips didn't bring major performance improvements over the M2 from the prior year. Apple also is playing catch-up in AI, where it's seen as a laggard to Microsoft, Alphabet's Google and other tech peers. The new chips are part of a broader push to weave AI capabilities into all its products. Apple is aiming to release the updated computers beginning late this year and extending into early next year.

Matthew Connatser reports via The Register: A study has concluded that Apple's privacy practices aren't particularly effective, because default apps on the iPhone and Mac have limited privacy settings and confusing configuration options. The research was conducted by Amel Bourdoucen and Janne Lindqvist of Aalto University in Finland. The pair noted that while many studies had examined privacy issues with third-party apps for Apple devices, very little literature investigates the issue in first-party apps -- like Safari and Siri. The aims of the study [PDF] were to investigate how much data Apple's own apps collect and where it's sent, and to see if users could figure out how to navigate the landscape of Apple's privacy settings.

The lengths to which Apple goes to secure its ecosystem -- as described in its Platform Security Guide [PDF] -- has earned it kudos from the information security world. Cupertino uses its hard-earned reputation as a selling point and as a bludgeon against Google. Bourdoucen and Janne Lindqvist don't dispute Apple's technical prowess, but argue that it is undermined by confusing user interfaces. "Our work shows that users may disable default apps, only to discover later that the settings do not match their initial preference," the paper states. "Our results demonstrate users are not correctly able to configure the desired privacy settings of default apps. In addition, we discovered that some default app configurations can even reduce trust in family relationships."

The researchers criticize data collection by Apple apps like Safari and Siri, where that data is sent, how users can (and can't) disable that data tracking, and how Apple presents privacy options to users. The paper illustrates these issues in a discussion of Apple's Siri voice assistant. While users can ostensibly choose not to enable Siri in the initial setup on macOS-powered devices, it still collects data from other apps to provide suggestions. To fully disable Siri, Apple users must find privacy-related options across five different submenus in the Settings app. Apple's own documentation for how its privacy settings work isn't good either. It doesn't mention every privacy option, explain what is done with user data, or highlight whether settings are enabled or disabled. Also, it's written in legalese, which almost guarantees no normal user will ever read it. "We discovered that the features are not clearly documented," the paper concludes. "Specifically, we discovered that steps required to disable features of default apps are largely undocumented and the data handling practices are not completely disclosed."

An anonymous reader shares a report: Google offers a VPN via its "Google One" monthly subscription plan, and while it debuted on phones, a desktop app has been available for Windows and Mac OS for over a year now. Since a lot of people pay for Google One for the cloud storage increase for their Google accounts, you might be tempted to try the VPN on a desktop, but Windows users testing out the app haven't seemed too happy lately. An open bug report on Google's GitHub for the project says the Windows app "breaks" the Windows DNS, and this has been ongoing since at least November.

A VPN would naturally route all your traffic through a secure tunnel, but you've still got to do DNS lookups somewhere. A lot of VPN services also come with a DNS service, and Google is no different. The problem is that Google's VPN app changes the Windows DNS settings of all network adapters to always use Google's DNS, whether the VPN is on or off. Even if you change them, Google's program will change them back. Most VPN apps don't work this way, and even Google's Mac VPN program doesn't work this way. The users in the thread (and the ones emailing us) expect the app, at minimum, to use the original Windows settings when the VPN is off. Since running a VPN is often about privacy and security, users want to be able to change the DNS away from Google even when the VPN is running.

Web-based design platform Canva has acquired the Affinity creative software suite for an undisclosed sum, though Bloomberg reports that it's valued at "several hundred million [British] pounds." The Verge reports that the acquisition helps the company "[position] itself as a challenger to Adobe's grip over the digital design industry." From the report: Canva announced the deal on Tuesday, which gives the company ownership over Affinity Designer, Photo, and Publisher -- three popular creative applications for Windows, Mac, and iPad that provide similar features to Adobe's Illustrator, Photoshop, and InDesign software, respectively. [T]he acquisition makes sense as the Australian-based company tries to attract more creative professionals. As of January this year, Canva's design platform attracted around 170 million monthly global users. That's a lot of people who probably aren't using equivalent Adobe software like Express, but unlike Adobe, Canva doesn't have its own design applications that target creative professionals like illustrators, photographers, and video editors.

Affinity apps are used by over three million global users according to Canva -- that's a fraction of Adobe's user base, but Affinity shouldn't be underestimated here. The decision to make its Affinity applications a one-time-purchase with no ongoing subscription fees has earned it a loyal fanbase, especially with creatives who are actively looking for alternatives to Adobe's subscription-based design ecosystem. In an interview with the Sydney Morning Herald, Canva co-founder Cameron Adams said that Affinity applications will remain separate from Canva's platform, but that some small integrations should be expected over time. "Our product teams have already started chatting and we have some immediate plans for lightweight integration, but we think the products themselves will always be separate," said Adams.

"On December 28 2023, bugreport 12604 was filed in the curl issue tracker," writes cURL lead developer Daniel Stenberg: The title stated of the problem in this case was quite clear: flag -cacert behavior isn't consistent between macOS and Linux , and it was filed by Yuedong Wu.

The friendly reporter showed how the curl version bundled with macOS behaves differently than curl binaries built entirely from open source. Even when running the same curl version on the same macOS machine.

The curl command line option --cacert provides a way for the user to say to curl that this is the exact set of CA certificates to trust when doing the following transfer. If the TLS server cannot provide a certificate that can be verified with that set of certificates, it should fail and return error. This particular behavior and functionality in curl has been established since many years (this option was added to curl in December 2000) and of course is provided to allow users to know that it communicates with a known and trusted server. A pretty fundamental part of what TLS does really.

When this command line option is used with curl on macOS, the version shipped by Apple, it seems to fall back and checks the system CA store in case the provided set of CA certs fail the verification. A secondary check that was not asked for, is not documented and plain frankly comes completely by surprise. Therefore, when a user runs the check with a trimmed and dedicated CA cert file, it will not fail if the system CA store contains a cert that can verify the server!

This is a security problem because now suddenly certificate checks pass that should not pass.
"We don't consider this something that needs to be addressed in our platforms," Apple Product Security responded. Stenberg's blog post responds, "I disagree."

Long-time Slashdot reader lee1 shares their reaction: I started to sour on MacOS about 20 years ago when I discovered that they had, without notice, substituted their own, nonstandard version of the Readline library for the one that the rest of the Unix-like world was using. This broke gnuplot and a lot of other free software...

Apple is still breaking things, this time with serious security and privacy implications.

"There is a new side channel attack against Apple 'M' series CPUs that does not appear to be fixable without a major performance hit," writes Slashdot reader EncryptedSoldier. SecurityWeek reports: A team of researchers representing several universities in the United States has disclosed the details of a new side-channel attack method that can be used to extract secret encryption keys from systems powered by Apple CPUs. The attack method, dubbed GoFetch, has been described as a microarchitectural side-channel attack that allows the extraction of secret keys from constant-time cryptographic implementations. These types of attacks require local access to the targeted system. The attack targets a hardware optimization named data memory-dependent prefetcher (DMP), which attempts to prefetch addresses found in the contents of program memory to improve performance.

The researchers have found a way to use specially crafted cryptographic operation inputs that allow them to infer secret keys, guessing them bits at a time by monitoring the behavior of the DMP. They managed to demonstrate end-to-end key extraction attacks against several crypto implementations, including OpenSSL Diffie-Hellman Key Exchange, Go RSA, and the post-quantum CRYSTALS-Kyber and CRYSTALS-Dilithium. The researchers have conducted successful GoFetch attacks against systems powered by Apple M1 processors, and they have found evidence that the attack could also work against M2 and M3 processors. They have also tested an Intel processor that uses DMP, but found that it's 'more robust' against such attacks.

The experts said Apple is investigating the issue, but fully addressing it does not seem trivial. The researchers have proposed several countermeasures, but they involve hardware changes that are not easy to implement or mitigations that can have a significant impact on performance. Apple told SecurityWeek that it thanks the researchers for their collaboration as this work advances the company's understanding of these types of threats. The tech giant also shared a link to a developer page that outlines one of the mitigations mentioned by the researchers. The researchers have published a paper (PDF) detailing their work.

Ars Technica's Dan Goodin also reported on the vulnerability.