Android Developers Blog: Passkeys are a significantly safer replacement for passwords and other phishable authentication factors. They cannot be reused, don't leak in server breaches, and protect users from phishing attacks. Passkeys are built on industry standards and work across different operating systems and browser ecosystems, and can be used for both websites and apps. Passkeys follow already familiar UX patterns, and build on the existing experience of password autofill. For end-users, using one is similar to using a saved password today, where they simply confirm with their existing device screen lock such as their fingerprint. Passkeys on users' phones and computers are backed up and synced through the cloud to prevent lockouts in the case of device loss. Additionally, users can use passkeys stored on their phone to sign in to apps and websites on other nearby devices.

Today's announcement is a major milestone in our work with passkeys, and enables two key capabilities: Users can create and use passkeys on Android devices, which are securely synced through the Google Password Manager. Developers can build passkey support on their sites for end-users using Chrome via the WebAuthn API, on Android and other supported platforms. To try this today, developers can enroll in the Google Play Services beta and use Chrome Canary. Both features will be generally available on stable channels later this year. Our next milestone in 2022 will be an API for native Android apps. Passkeys created through the web API will work seamlessly with apps affiliated with the same domain, and vice versa. The native API will give apps a unified way to let the user pick either a passkey or a saved password. Seamless, familiar UX for both passwords and passkeys helps users and developers gradually transition to passkeys.

For the end-user, creating a passkey requires just two steps: (1) confirm the passkey account information, and (2) present their fingerprint, face, or screen lock when prompted. Signing in is just as simple: (1) The user selects the account they want to sign in to, and (2) presents their fingerprint, face, or screen lock when prompted. A passkey on a phone can also be used to sign in on a nearby device. For example, an Android user can now sign in to a passkey-enabled website using Safari on a Mac. Similarly, passkey support in Chrome means that a Chrome user, for example on Windows, can do the same using a passkey stored on their iOS device. Since passkeys are built on industry standards, this works across different platforms and browsers - including Windows, macOS and iOS, and ChromeOS, with a uniform user experience.

"Apple won a massive reduction in a 1.1 billion euro ($1.1 billion) antitrust fine from French competition regulators," reports CNBC, "in a blow to the ambitions of European authorities to crack down on the dominance of Big Tech companies." The Paris appeals court on Thursday lowered the fine to 371.6 million euros, roughly a third of the value of the original penalty and a reduction of 728.4 million euros, an Apple spokesperson confirmed.According to Reuters, the amount was slashed because the court decided to drop one of the charges related to price fixing, and lower the rate originally used to calculate the fine....

In 2020, the French competition watchdog fined Apple 1.1 billion euros for allegedly pressuring premium resellers into fixing prices of non-iPhone products, such as its Mac and iPad computers, and abusing the economic dependence of its outside resellers. Tech Data and Ingram Micro, two global electronics wholesalers, were also fined 76.1 million euros and 62.9 million euros, respectively. The regulator accused Apple, Tech Data and Ingram Micro of agreeing not to compete and preventing independent resellers from competing with each other, "thereby sterilizing the wholesale market for Apple products."
Apple response, according to Reuters: "While the court correctly reversed part of the French Competition Authority's decision, we believe it should be overturned in full and plan to appeal.

"The decision relates to practices from more than a decade ago that even the (French authority) recognised are no longer in use."

Apple's vice president of procurement, Tony Blevins, has left the company after a TikTok video showed him making a vulgar comment about women at a car show. CNBC reports: An Apple representative confirmed the departure to CNBC, saying, "Tony is leaving Apple." The departure was spurred by a TikTok video posted Sept. 5, according to Bloomberg, which first reported the news. In the video, reviewed by CNBC, Blevins is getting out of an expensive Mercedes-Benz sports car and is asked what he does for a living by Daniel Mac, who has a channel centered around asking people in expensive cars questions. In the video, Blevins responds, "I race cars, play golf and fondle big-breasted women. But I take weekends and major holidays off." The remark appears to be a reference to a similar quote in the movie "Arthur." It was viewed 1.3 million times, according to the TikTok page. "Blevins was a VP at Apple," notes CNBC. "His main role was to negotiate with suppliers to keep the price Apple pays for computer parts down, according to a Wall Street Journal profile of Blevins from 2020."

Apple is bringing Stage Manager, a new multitasking system exclusive to iPads with the M1 chip, to a number of older devices. Engadget reports: Probably the biggest change Apple announced with iPadOS 16 earlier this year is Stage Manager, a totally new multitasking system that adds overlapping, resizable windows to the iPad. That feature also works on an external display, the first time that iPads could do anything besides mirror their screen on a monitor. Unfortunately, the feature was limited to iPads with the M1 chip -- that includes the 11- and 12.9-inch iPad Pro released in May of 2021 as well as the M1-powered iPad Air which Apple released earlier this year. All other older iPads were left out.

That changes with the latest iPadOS 16 developer beta, which was just released. Now, Apple is making Stage Manager work with a number of older devices: it'll work on the 11-inch iPad Pro (first generation and later) and the 12.9-inch iPad Pro (third generation and later). Specifically, it'll be available on the 2018 and 2020 models that use the A12X and A12Z chips rather than just the M1. However, there is one notable missing feature for the older iPad Pro models -- Stage Manager will only work on the iPad's build-in display. You won't be able to extend your display to an external monitor. Apple also says that developer beta 5 of iPadOS 16. is removing external display support for Stage Manager on M1 iPads, something that has been present since the first iPadOS 16 beta was released a few months ago. It'll be re-introduced in a software update coming later this year.

Apple could decide to release its remaining products for 2022, which includes an updated iPad Pro, Mac mini, and 14-inch and 16-inch MacBook Pros, through a press release on its website rather than a digital event, according to Bloomberg's Mark Gurman. MacRumors reports: In his latest Power On newsletter, Gurman said that Apple is currently "likely to release its remaining 2022 products via press releases, updates to its website and briefings with select members of the press" rather than a digital event. Rumors had suggested that Apple was planning a second fall event in October that would focus on the Mac and iPad, but that may no longer be the case. Apple has three things on the roster for the remainder of 2022: an 11-inch and 12.9-inch iPad Pro with the M2 chip, an updated Mac mini with the M2 and yet announced "M2 Pro" chip, and updated 14-inch and 16-inch MacBook Pros.

Apple announced the M2 chip in June for the redesigned MacBook Air and 13-inch MacBook Pro earlier this June at WWDC. Other than the new chip, the updates to the Mac and iPad will be relatively incremental upgrades with no major design changes rumored for the products. Apple has released products via press release in the past, such as the AirPods Max and the original AirPods Pro.

The Document Foundation, the organization that tends the open source productivity suite LibreOffice, has decided to start charging for one version of the software. The Register reports: LibreOffice is a fork of OpenOffice and is offered under the free/open source Mozilla Public License Version 2.0. A Monday missive from the Document Foundation reveals the org will begin charging 8.99 euros for the software -- but only when sold via Apple's Mac App Store. That sum has been styled a "convenience fee ... which will be invested to support development of the LibreOffice project."

The foundation suggests paying up in the Mac App Store is ideal for "end users who want to get all of their desktop software from Apple's proprietary sales channel." Free downloads of LibreOffice for macOS from the foundation's site will remain available and arguably be superior to the App Store offering, because that version will include Java. The foundation argued that Apple does not permit dependencies in its store, so it cannot include Java in the 8.99 euro offering. The version now sold in the App Store supersedes a previous offering provided by open source support outfit Collabora, which charged $10 for a "Vanilla" version of the suite and threw in three years of support. The foundation's marketing officer Italo Vignoli said the change was part of a "new marketing strategy."

"The Document Foundation is focused on the release of the Community version, while ecosystem companies are focused on a value-added long-term supported versions targeted at enterprises," Vignoli explained. "The distinction has the objective of educating organizations to support the FOSS project by choosing the LibreOffice version which has been optimized for deployments in production and is backed by professional services, and not the Community version generously supported by volunteers."

"The objective is to fulfil the needs of individual and enterprise users in a better way," Vignoli added, before admitting "we know that the positive effects of the change will not be visible for some time. Educating enterprises about FOSS is not a trivial task and we have just started our journey in this direction."

Logitech makes some of the most popular webcams in the world, but using them on some of the most popular computers, like the M2 MacBook Air or M1 Pro MacBook Pro, is a less than stellar experience. From a report: Plugging one into any M1 or M2 Mac for a video call isn't an issue, but if you want to tweak in-depth settings or use some of these webcams' highlight features, doing that right now ranges from clumsy to impossible. That's because its most capable webcam software, Logitech Capture, isn't available on computers with Apple silicon. Logitech switched up its software plan for people who use newer Mac laptops and desktops without making much effort to tell anyone. Instead of offering Logitech Capture, its de facto software focused squarely on webcam settings and content creation features, it has two distinct and lesser Mac applications to choose from: Logi Tune and Logitech G Hub.

Tune is a confusing app that lets you toggle settings for Logitech gadgets, with calendar integration added in, for some reason. G Hub was built for gamers who want to tweak RGB lighting and sensitivity settings for gaming-focused products and, now, webcams. Each app's interface looks different and lets you switch different settings, so you've got a choice with which app you use -- too much choice, if you ask me, given how limited the functionality is within each one. But neither offers as many options as Logitech Capture. You can access basic settings, like the ability to zoom in for a tighter crop or make a host of adjustments to the picture settings (or set them to auto settings), but you can't adjust the frame rate or the resolution. What that means is people who own an M1 or M2 Mac cannot utilize its face-tracking feature or switch between horizontal or vertical orientations on a nice, relatively high-end webcam like the $160 Logi StreamCam.

Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year. From a report: "Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild," the company said in a security advisory published on Friday. This new version is rolling out in the Stable Desktop channel, with Google saying that it will reach the entire user base within a matter of days or weeks. It was available immediately when BleepingComputer checked for new updates by going into the Chrome menu > Help > About Google Chrome. The web browser will also auto-check for new updates and automatically install them after the next launch.

What's the deal with that supposed 30TB external SSD being sold for just $31.40 on China-based online shopping site AliExpress? It's also listed on Walmart's website for just $39 — but first, listen to cybersecurity researcher calling himself "Ray [REDACTED]". Scammer gets two 512MB Flash drives. Or 1 gigabyte, or whatever. They then add hacked firmware that makes it misreport its size... when you go to WRITE a big file, hacked firmware simply writes all new data on top of old data, while keeping directory (with false info) intact.
Ars Technica goes over the details: On the inside, this "SSD" looks like two small-capacity microSD cards hot glued to a USB 2.0-capable board. This board's firmware has been modified so that each of these cards reports its capacity as "15.0TB" to the operating system, for a total of 30TB, even though the actual capacity of the cards is much lower.... It preserves the directory structure of whatever you're copying, but when it's "copying" your data, it just keeps writing and rewriting over the tiny microSD cards.

Everything will look fine until you go to access a file, only to find that the data isn't there.

Replies to Ray Redacted's thread are full of alternate versions of this scam, including multiple iterations of the hot-glued microSD version and at least one that hid a USB thumb drive inside a larger enclosure. Fake USB storage devices are neither new nor rare, though this one makes spectacularly egregious claims about its price-per-gigabyte. When it comes to buying storage online, common-sense advice is best: stick to name brands, buy from trustworthy sellers.... and know that if a deal seems too good to be true, it almost certainly is.

Polygon reports that during a streaming event, the publisher of the Magic: the Gathering card game promised a new themed set of cards commemorating Doctor Who's 60th anniversary. But that's not their only new set: The Lord of the Rings: Tales from Middle-earth is also releasing in Q3 of 2023, but it will be a fully draftable booster set and legal in modern format of competitive play....

Individual cards portray familiar heroes and villains including Frodo, Gandalf and the Balrog. In order to capture the scale of J.R.R. Tolkien's fantasy battles, the set will also feature new borderless scene cards. Each has a piece of art that can stand alone, but 18 of them will come together to produce a particularly epic scene from the trilogy — such as the Battle of the Pelennor Fields from The Return of the King. The art from Tyler Jacobson, who's provided illustrations for more than 100 Magic cards and for Dungeons & Dragons books including The Wild Beyond the Witchlight, is full of small details including the Dark Tower Barad-dûr in the background.
The article points out that the game publisher has previously published crossover decks for The Walking Dead and Fortnite.

This story is for long-time Slashdot reader tezbobobo, who argued earlier this week that Slashdot's been remiss in its coverage of Magic: the Gathering news: For years I've seen Dungeons & Dragons, Sony Playstation and Nethack show up occassionally on the front page of Slashdot. So where are the rest of the nerd games?

Magic: the Gathering has one of the most loyal and active fanbases, and the creators have been churning out new and interesting cards for decades. Even as it tops the trading card pile, it's made inroads into the digital sphere, with online version in Arena and Magic Online. It's available on PC, Mac, Ipad.

An anonymous reader quotes a report from Ars Technica: Skirting the official macOS system requirements to run new versions of the software on old, unsupported Macs has a rich history. Tools like XPostFacto and LeopardAssist could help old PowerPC Macs run newer versions of Mac OS X, a tradition kept alive in the modern era by dosdude1's patchers for Sierra, High Sierra, Mojave, and Catalina. For Big Sur and Monterey, the OpenCore Legacy Patcher (OCLP for short) is the best way to get new macOS versions running on old Macs. It's an offshoot of the OpenCore Hackintosh bootloader, and it's updated fairly frequently with new features and fixes and compatibility for newer macOS versions. The OCLP developers have admitted that macOS Ventura support will be tough, but they've made progress in some crucial areas that should keep some older Macs kicking for a little bit longer.

[...] First, while macOS doesn't technically include system files for pre-AVX2 Intel CPUs, Apple's Rosetta 2 software does still include those files, since Rosetta 2 emulates the capabilities of a pre-AVX2 x86 CPU. By extracting and installing those files in Ventura, you can re-enable support on Ivy Bridge and older CPUs without AVX2 instructions. And this week, Grymalyuk showed off another breakthrough: working graphics support on old Metal-capable Macs, including machines as old as the 2014 5K iMac, the 2012 Mac mini, and even the 2008 cheese grater-style Mac Pro tower. The OCLP team still has other challenges to surmount, not least of which will involve automating all of these hacks so that users without a deep technical understanding of macOS's underpinnings can continue to set up and use the bootloader. Grymalyuk still won't speculate about a timeframe for official Ventura support in OCLP. But given the progress that has been made so far, it seems likely that people with 2012-and-newer Macs should still be able to run Ventura on their Macs without giving up graphics acceleration or other important features.

The USB Rubber Ducky "has a new incarnation, released to coincide with the Def Con hacking conference this year," reports The Verge. From the report: To the human eye, the USB Rubber Ducky looks like an unremarkable USB flash drive. Plug it into a computer, though, and the machine sees it as a USB keyboard -- which means it accepts keystroke commands from the device just as if a person was typing them in. The original Rubber Ducky was released over 10 years ago and became a fan favorite among hackers (it was even featured in a Mr. Robot scene). There have been a number of incremental updates since then, but the newest Rubber Ducky makes a leap forward with a set of new features that make it far more flexible and powerful than before.

With the right approach, the possibilities are almost endless. Already, previous versions of the Rubber Ducky could carry out attacks like creating a fake Windows pop-up box to harvest a user's login credentials or causing Chrome to send all saved passwords to an attacker's webserver. But these attacks had to be carefully crafted for specific operating systems and software versions and lacked the flexibility to work across platforms. The newest Rubber Ducky aims to overcome these limitations.

It ships with a major upgrade to the DuckyScript programming language, which is used to create the commands that the Rubber Ducky will enter into a target machine. While previous versions were mostly limited to writing keystroke sequences, DuckyScript 3.0 is a feature-rich language, letting users write functions, store variables, and use logic flow controls (i.e., if this... then that). That means, for example, the new Ducky can run a test to see if it's plugged into a Windows or Mac machine and conditionally execute code appropriate to each one or disable itself if it has been connected to the wrong target. It also can generate pseudorandom numbers and use them to add variable delay between keystrokes for a more human effect. Perhaps most impressively, it can steal data from a target machine by encoding it in binary format and transmitting it through the signals meant to tell a keyboard when the CapsLock or NumLock LEDs should light up. With this method, an attacker could plug it in for a few seconds, tell someone, "Sorry, I guess that USB drive is broken," and take it back with all their passwords saved.

Nvidia is upgrading its GeForce Now game streaming service to support 1440p resolution at 120fps in a Chrome or Edge browser. GeForce Now members on the RTX 3080 tier of the service will be able to access the new browser gameplay options today by selecting 1440p on the GeForce Now web version. From a report: Nvidia originally launched its RTX 3080 GeForce Now membership tier last year, offering streams of up to 1440p resolution with 120fps on PCs and Macs or 4K HDR at 60fps on Nvidia's Shield TV. Previously, you had to download the dedicated Mac or Windows apps to access 1440p resolution and 120fps support, as the web version was limited to 1080p at 60fps.

If you're using Zoom on a Mac, it's time for a manual update. The video conferencing software's latest update fixes an auto-update vulnerability that could have allowed malicious programs to use its elevated installing powers, granting escalated privileges and control of the system. From a report: The vulnerability was first discovered by Patrick Wardle, founder of the Objective-See Foundation, a nonprofit Mac OS security group. Wardle detailed in a talk at Def Con last week how Zoom's installer asks for a user password when installing or uninstalling, but its auto-update function, enabled by default, doesn't need one. Wardle found that Zoom's updater is owned by and runs as the root user. It seemed secure, as only Zoom clients could connect to the privileged daemon, and only packages signed by Zoom could be extracted. The problem is that by simply passing the verification checker the name of the package it was looking for ("Zoom Video ... Certification Authority Apple Root CA.pkg"), this check could be bypassed. That meant malicious actors could force Zoom to downgrade to a buggier, less-secure version or even pass it an entirely different package that could give them root access to the system.

This year's major Android update, Android 13, is officially releasing today for Google's Pixel phones, the search giant has announced. From a report: The annual update is getting an official release a little earlier than usual, following Android 12's release last October and Android 11's release in September 2020. The list of updates arriving with this year's version of Android is likely to be familiar if you've been keeping up with Android 13's beta releases. There's the ability to customize non-Google app icons to match your homescreen wallpaper that we saw in Android 13's first developer preview, a new permission to cut down on notification spam, and a new option to limit which of your photos and videos an app can access.

Back in January, we wrote that Google planned to spend this year catching up with Apple's ecosystem integrations, and there's more evidence of this in Android 13's official release. The update includes support for spatial audio with head tracking, which is designed to make sounds appear as though they're coming from a fixed point in space when you move your head while wearing compatible headphones, similar to a feature Apple offers for its AirPods. Today's post doesn't say exactly which headphones this will work with, but Google previously announced it would be updating its Pixel Buds Pro to offer support for spatial audio. Secondly, there's the ability to stream messages from apps including Google Messages directly to a Chromebook, similar to iMessage on the Mac.

Matt Edmondson, a hacker and digital forensics expert, built a Raspberry Pi-powered anti-tracking tool that "scans for nearby devices and alerts you if the same phone is detected multiple times within the past 20 minutes," reports Wired. The device, which can be carried around or placed in a car, consists of parts that cost around $200 in total. From the report: The homemade system works by scanning for wireless devices around it and then checking its logs to see whether they also were present within the past 20 minutes. It was designed to be used while people are on the move rather than sitting in, say, a coffee shop, where it would pick up too many false readings. The anti-tracking tool, which can sit inside a shoebox-sized case, is made up of a few components. A Raspberry Pi 3 runs its software, a Wi-Fi card looks for nearby devices, a small waterproof case protects it, and a portable charger powers the system. A touchscreen shows the alerts the device produces. Each alert may be a sign that you are being tailed. The device runs Kismet, which is a wireless network detector, and is able to detect smartphones and tablets around it that are looking for Wi-Fi or Bluetooth connections. The phones we use are constantly looking for wireless networks around them, including networks they've connected to before as well as new networks.

Edmondson says Kismet makes a record of the first time it sees a device and then the most recent time it was detected. But to make the anti-tracking system work, he had to write code in Python to create lists of what Kismet detects over time. There are lists for devices spotted in the past five to 10 minutes, 10 to 15 minutes, and 15 to 20 minutes. If a device appears twice, an alert flashes up on the screen. The system can show a phone's MAC address, although this is not much use if it's been randomized. It can also record the names of Wi-Fi networks that devices around it are looking for -- a phone that's trying to connect to a Wi-Fi network called Langley may give some clues about its owner. "If you have a device on you, I should see it," he says. In an example, he showed WIRED that a device was looking for a network called SAMSUNGSMART.

To stop the system from detecting your own phone or those of other people traveling with you, it has an "ignore" list. By tapping one of the device's onscreen buttons, it's possible to "ignore everything that it has already seen." Edmondson says that in the future, the device could be modified to send a text alert instead of showing them on the screen. He is also interested in adding the capability to detect tire-pressure monitoring systems that could show recurring nearby vehicles. A GPS unit could also be added so you can see where you were when you were being tracked, he says. [...] Edmondson has no plans to make the device into a commercial product, but he says the design could easily be copied and reused by anyone with some technical knowledge. Many of the parts involved are easy to obtain or may be lying around the homes of people in tech communities. For those interested, Edmondson open-sourced its underlying code and plans to present the research project at the Black Hat security conference in Las Vegas this week.

On Wednesday, Meta announced that the Portal Plus Gen 2 and Portal Go now support Duet Display, an app that can turn a display into a secondary monitor for Macs and PCs. Ars Technica reports: The Portal Plus is the same size as some of the best portable monitors, so it makes sense to repurpose it for that function. Because it's built for video image quality, it has a decent resolution for a portable display -- 2160x1440. Duet Display doesn't require a display to be connected to a computer via a cable, so specific Portals are now portable wireless monitors, too.

At a time when webcams are integrated into many laptops, and USB webcams are easier to find again, many consumers don't need a display dedicated primarily to web calls. But an extra monitor? That's more widely appealing. With the addition of Duet Display, Portal owners have further reason to think about their Portal when they're not on a video call. Meta also gave all Portals with a touchscreen -- namely, the Portal Go, Portal Plus, Portal, and Portal Mini -- a Meta Portal Companion app for macOS. The app enables screen sharing during video calls and provides quick access to video call features, like mute and link sharing in Zoom, Workplace, and BlueJeans.

Patrick Wardle, founder of the Objective-See Foundation, a nonprofit that creates open-source security tools for macOS, has had his code make its way into a number of commercial products over the years -- "all without the users crediting him or licensing and paying for the work," reports The Verge. Wardle, a Mac malware specialist and former employee of the NSA and NASA, will lay out his case in a presentation today at the Black Hat cybersecurity conference with Tom McGuire, a cybersecurity researcher at Johns Hopkins University. From the report: The problem, Wardle says, is that it's difficult to prove that the code was stolen rather than implemented in a similar way by coincidence. Fortunately, because of Wardle's skill in reverse-engineering software, he was able to make more progress than most. "I was only able to figure [the code theft] out because I both write tools and reverse engineer software, which is not super common," Wardle told The Verge in a call before the talk. "Because I straddle both of these disciplines I could find it happening to my tools, but other indie developers might not be able to, which is the concern."

One of the central examples in Wardle's case is a software tool called OverSight, which Wardle released in 2016. Oversight was developed as a way to monitor whether any macOS applications were surreptitiously accessing the microphone or webcam, with much success: it was effective not only as a way to find Mac malware that was surveilling users but also to uncover the fact that a legitimate application like Shazam was always listening in the background. [...] But years after Oversight was released, he was surprised to find a number of commercial applications incorporating similar application logic in their own products -- even down to replicating the same bugs that Wardle's code had.

Three different companies were found to be incorporating techniques lifted from Wardle's work in their own commercially sold software. None of the offending companies are named in the Black Hat talk, as Wardle says that he believes the code theft was likely the work of an individual employee, rather than a top-down strategy. The companies also reacted positively when confronted about it, Wardle says: all three vendors he approached reportedly acknowledged that his code had been used in their products without authorization, and all eventually paid him directly or donated money to the Objective-See Foundation. The Verge notes that Wardle's cousin Josh Wardle created the popular Wordle game, which was purchased earlier this year by The New York Times.

Long-time Slashdot reader chicksdaddy writes: Printer maker Epson has programmed some models of its inkjet printers to "stop operating" at a pre-determined time, citing the risk of property damage linked to "ink spills," the Fight to Repair newsletter reports.

Epson printer owners have complained that their functioning printers have suddenly stopped working, displaying an error message declaring that a component of the printer has "reached the end of its service life" and that the device needs to be serviced. According to Epson's website, the message is linked to ink pads, which Epson describes as "porous pads in the printer that collect, distribute, and very importantly contain the ink that is not used on printed pages." Over time, these pads become saturated with ink though generally not "before the printer is replaced for other reasons" (??!)

"Like so many other products, all Epson consumer ink jet products have a finite life span due to component wear during normal use... The printers are designed to stop operating at the point where further use without replacing the ink pads could create risks of property damage from ink spills or safety issues related to excess ink contacting an electrical component," the company said on its website.

Rather than measure the saturation of the ink pads to determine when that point is reached, however, Epson appears to have programmed a counter on its printers that disables the device when a threshold has been reached. For printer owners who use Windows, Epson makes a reset utility that can reset the counter though it can "only be used once and will allow printing for a short period of time." For Mac users, or Windows users who have already run the reset utility once, Epson urges them to have the printer serviced by an Epson authorized service shop or — preferably — to replace the printer with a new printer. "Repair may not be a cost-effective option for lower-cost printers because other components may also be near the end of their usable life," the company said. Despite the company's claims about the unfixability of the ink pad issue, YouTube videos suggest that the ink pads are, in fact, simple to replace, as this video illustrates.

Some legal experts say that Epson's hard coding an end of life for its printers may be illegal — an example of "Deceptive trade practices," unless it is clearly disclosing the existence of the programmed end of life to consumers prior to purchase.
Here's how the Fight to Repair newsletter sees the situation. Epson "pushes its customers to throw away the entire, working printer unit simply because some sponges are saturated with ink.

"In doing so, the company amplifies our epidemic of e-waste and forces customers into an expensive and (as it turns out) unneeded upgrade."

Credit giant Equifax sent lenders incorrect credit scores for millions of consumers this spring, in a technology snafu with major real-world impact. From a report: In certain cases the errors were significant enough -- the differential was at least 25 points for around 300,000 consumers -- that some would-be borrowers may have been wrongfully denied credit, the company said in a statement. The problem occurred because of a "coding issue" when making a change to one of Equifax's servers, according to the company, which said the issue "was in place over a period of a few weeks [and] resulted in the potential miscalculation" of credit scores. While Equifax did not specify dates or figures, a June 1 alert from housing agency Freddie Mac to its clients said Equifax told the agency that about 12% of all credit scores released from March 17 to April 6 may be have been incorrect. Equifax wrote that "there was no shift in the vast majority of scores" and that "credit reports were not affected." But the company declined to comment to CNN Business about how people can learn whether they were among those whose credit scores were incorrectly reported -- and what recourse they may have if they were issued loans at a higher rate or denied a loan outright because of the snafu.