macOS and iOS software developers will soon be able to code on an iPad or even iPhone, if an unconfirmed report is correct. iPadOS 14 and the iPhone equivalent will reportedly include support for Xcode, Apple's software development environment. Cult of Mac reports: This report comes from Jon Prosser, founder of YouTube channel Front Page Tech, who recently correctly predicted the launch date of the 2020 iPhone SE. On Monday, Prosser said via Twitter "XCode is present on iOS / iPad OS 14. The implications there are HUGE." Whenever anyone suggests that iPads have become as powerful as MacBooks, someone always asks, "Does it do Xcode?" The implication is that iPads are just toys -- only Macs are real computers. But if Prosser is correct, then devs will be able to use iPad or Mac, whichever they prefer. This is part of Apple steadily upgrading the capabilities of its tablets over years, especially the iPad Pro line. These now have USB-C ports, support for accessing external media, mouse support, etc. And top-tier iPad processors as powerful as Apple laptops.

Movie ticketing company Fandango has agreed to buy Walmart's on-demand video streaming service, Vudu, for an undisclosed sum. From a report: The video service today reaches over 100 million living room devices across the U.S. including smart TVs, Blu-ray players, game consoles, and other over-the-top streaming devices, as well as Windows 10 and Mac computers, and iOS and Android mobile devices. To date, the Vudu app on mobile has been installed over 14.5 million times. As a part of the agreement, Vudu will continue to power Walmart's digital movie and TV store on Walmart.com. In addition, Walmart says Vudu customers will have uninterrupted access to their Vudu library. They'll also continue to be able to use their Walmart login as well as their Walmart wallet to make purchases on Vudu, the retailer notes.

Dropbox privately paid top hackers to find bugs in software by the videoconferencing company Zoom, then pressed it to fix them. From a report: One year ago, two Australian hackers found themselves on an eight-hour flight to Singapore to attend a live hacking competition sponsored by Dropbox. At 30,000 feet, with nothing but a slow internet connection, they decided to get a head start by hacking Zoom, a videoconferencing service that they knew was used by many Dropbox employees. The hackers soon uncovered a major security vulnerability in Zoom's software that could have allowed attackers to covertly control certain users' Mac computers. It was precisely the type of bug that security engineers at Dropbox had come to dread from Zoom, according to three former Dropbox engineers.

Now Zoom's videoconferencing service has become the preferred communications platform for hundreds of millions of people sheltering at home, and reports of its privacy and security troubles have proliferated. Zoom's defenders, including big-name Silicon Valley venture capitalists, say the onslaught of criticism is unfair. They argue that Zoom, originally designed for businesses, could not have anticipated a pandemic that would send legions of consumers flocking to its service in the span of a few weeks and using it for purposes -- like elementary school classes and family celebrations -- for which it was never intended.

[...] The former Dropbox engineers, however, say Zoom's current woes can be traced back two years or more, and they argue that the company's failure to overhaul its security practices back then put its business clients at risk. Dropbox grew so concerned that vulnerabilities in the videoconferencing system might compromise its own corporate security that the file-hosting giant took on the unusual step of policing Zoom's security practices itself, according to the former engineers, who spoke on the condition of anonymity because they were not authorized to publicly discuss their work. As part of a novel security assessment program for its vendors and partners, Dropbox in 2018 began privately offering rewards to top hackers to find holes in Zoom's software code and that of a few other companies. The former Dropbox engineers said they were stunned by the volume and severity of the security flaws that hackers discovered in Zoom's code -- and troubled by Zoom's slowness in fixing them.

The web-based Apple Music experience that launched in beta last September is now available at music.apple.com. MacRumors reports: The previous beta.music.apple.com address automatically forwards to the newly launched version. Once you're signed into the web version of Apple Music with your Apple ID that has an associated Apple Music subscription, you'll have access to all of your library and playlist content, as well as the same personal mixes and recommendations you'll see in the Music apps for iOS, Mac, and Android. Apple Music content plays right in the web browser, providing access for an array of devices and platforms that don't have native Music app support, include Windows 10, Linux, and Chrome OS.

The way MacBook batteries charge is about to change. Apple has released a new developer preview of macOS Catalina 10.15.5, and as these releases often do, it contains a new feature: Battery Health Management. From a report: The new feature, which will only be available on Mac notebooks with Thunderbolt 3 ports, enables a new default approach to charging and discharging MacBook batteries. According to Apple, the feature is meant to reduce the rate of chemical aging of the MacBook's battery, thereby extending its long-term lifespan -- but without compromising on day-to-day battery life. The feature works by analyzing the temperature of the battery over time, as well as the charging pattern the laptop has experienced -- in other words, does the laptop frequently get drained most of the way and then recharged fully, or is it mostly kept full and plugged in? In the latter case, Battery Health Management is more likely to stop a bit short of full capacity in order to extend the battery's long-term lifespan. (All charging data is kept private on the MacBook unless the Mac has been opted in to share anonymous analytics data with Apple.) Charging a modern laptop battery to 100% and leaving it there for extended periods of time -- especially at warm temperatures -- can dramatically reduce the battery's usable life. This is hardly limited to laptops: I own an electric car, and the manufacturer makes it very clear that it should be routinely charged to only 80 percent to extend its battery lifespan.

The Ethernet Technology Consortium, the non-IEEE, tech industry-backed consortium formerly known as the 25 Gigabit Ethernet Consortium, has announced a new 800 Gigabit Ethernet technology. AnandTech reports: As for their new 800 Gigabit Ethernet standard, at a high level 800GbE can be thought of as essentially a wider version of 400GbE. The standard is primarily based around using existing 106.25G lanes, which were pioneered for 400GbE, but doubling the number of total lanes from 4 to 8. And while this is a conceptually simple change, there is a significant amount of work involved in bonding together additional lanes in this fashion, which is what the new 800GbE standard has to sort out.

Diving in, the new 800GBASE-R specification defines a new Media Access Control (MAC) and a Physical Coding Sublayer (PCS), which in turn is built on top of two 400 GbE 2xClause PCS's to create a single MAC which operates at a combined 800 Gb/s. Each 400 GbE PCS uses 4 x 106.25 GbE lanes, which when doubled brings the total to eight lanes, which has been used to create the new 800 GbE standard. And while the focus is on 106.25G lanes, it's not a hard requirement; the ETC states that this architecture could also allow for larger groupings of slower lanes, such as 16x53.125G, if manufacturers decided to pursue the matter. Focusing on the MAC itself, the ETC claims that 800 Gb Ethernet will inherit all of the previous attributes of the 400 GbE standard, with full-duplex support between two terminals, and with a minimum interpacket gap of 8-bit times. The above diagram depicts each 400 GbE with 16 x 10 b lanes, with each 400 GbE data stream transcoding and scrambling packet data separately, with a bonding control which synchronizes and muxes both PCS's together.

An anonymous reader shares a story: Ahead of last November's launch of the Apple TV+ video streaming service, Apple seemed to be doing nearly everything it could to widen the base of early viewers -- it gave away a free year of service with any newly purchased iPhone, iPad, Mac, iPod, or Apple TV, then added free access to student Apple Music subscriptions, collectively guaranteeing itself millions of (unpaid) users. But that apparently wasn't enough: Starting today, the company will offer free access to seven complete TV+ series to almost any person with an Apple ID.

Apple's video strategy has continued to stand in stark contrast to Disney's, though both companies launched paid streaming services last year. Disney+ offers a mere seven-day free trial before charging $6.99 per month or $69.99 per year for access to a large catalog of new original and historic Disney, Pixar, Marvel, Star Wars, and National Geographic content, plus The Simpsons. This week, Disney+ surpassed 50 million subscribers across only a dozen countries, and it has recently rewarded quarantined fans by providing early access to its latest animated films, including Frozen II and Onward.

An anonymous reader writes: Google today launched Chrome 81 for Windows, Mac, Linux, Android, and iOS. Chrome 81 includes an Origin Trial of Web NFC for mobile, early Augmented Reality support, mixed images autoupgraded to HTTPS, TLS 1.0 and TLS 1.1 deprecated, and more developer features. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers have to stay on top of everything available -- as well as what has been deprecated or removed. Among other things, Chrome 81 removes the "discard" element and FTP support.

An anonymous reader writes: Mozilla today launched Firefox 75 for Windows, Mac, and Linux. Firefox 75 includes a revamped address bar with significant search improvements, a few performance tweaks, and a handful of developer features. You can download Firefox 75 for desktop now from Firefox.com, and all existing users should be able to upgrade to it automatically. According to Mozilla, Firefox has about 250 million active users, making it a major platform for web developers to consider.

When the coronavirus crisis took hold, millions found themselves spending more time in their browsers as they learn and work from home. But the crisis is also impacting software developers. Google was forced to pause its Chrome releases, which typically arrive every six weeks. Ultimately, Chrome 81 was delayed, Chrome 82 is being skipped altogether, and Chrome 83 has been moved up a few weeks. Microsoft has followed suit with Edge's release schedule, consistent with Google's open source Chromium project, which both Chrome and Edge are based on. Mozilla wants to make clear it is not in the same boat. The company took an indirect jab at Google and Microsoft today, saying: "We've built empathy into our systems for handling difficult or unexpected circumstances. These strengths are what allow us to continue to make progress where some of our competitors have had to slow down or stop work."

Ernesto, writing for TorrentFreak: With help from iknowwhatyoudownload we looked at over 25 million logged BitTorrent connections on a single day last week. This reveals that more than two-thirds (68.6%) of these were using uTorrent's desktop version. The vast majority of these users were updated to the most recent 3.5.5 release, but dozens of older versions are in use as well. Although no longer officially supported, there are also hundreds of thousands of people who still use uTorrent for Mac.

The most popular Mac client, however, appears to be Transmission. This is a notable change compared to a decade ago when its market share was much lower. Although Transmission also has a beta Windows release, that userbase is believed to be relatively small. Below is an overview of all software with at least 0.1% market share -- which translates to roughly 25,000 logged connections.

A sizeable number of Mac users are experiencing occasional system crashes after updating to macOS Catalina version 10.15.4, released a few weeks ago. From a report: The crashing issue appears to be most prominent when users attempt to make large file transfers. In a forum post, SoftRAID described the issue as a bug and said that it is working with Apple engineers on a fix for macOS 10.15.5, or a workaround. "SoftRAID said the issue extends to Apple-formatted disks: There is a serious issue with 10.15.4. It shows up in different scenarios, even on Apple disks but is more likely when there are lots of IO threads. We think it is a threading issue. So while SoftRAID volumes are hit the hardest (it's now hard to copy more than 30GB of data at a time), all systems are impacted by this. In our bug report to Apple, we used a method to reproduce the problem with ONLY Apple formatted disks. Takes longer to reproduce, but that is more likely to get a faster fix to the user base."

Part of America's Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency (CISA) "has advised users to update Google Chrome as new high-rated security vulnerabilities have been found," reports Forbes: In an April 1 posting, CISA confirmed that Google Chrome version 80.0.3987.162 "addresses vulnerabilities that an attacker could exploit to take control of an affected system," be that Windows, Mac or Linux. It went on to state that it "encourages" users and administrators to apply the update. It's not just CISA that is warning about the need to update Google Chrome. The Center for Internet Security (CIS) is a non-profit entity that works to safeguard both private and public organizations against cyber threats. In a multi-state information sharing and analysis center (MS-ISAC) advisory, it has also warned of multiple vulnerabilities in Google Chrome.

The most severe of these could allow an attacker to achieve arbitrary code execution within the context of the browser... All it would take for an attacker to exploit the vulnerabilities is to get the user to visit, by way of a phishing attack or even redirection from a compromised site, a maliciously crafted web page.
Beside three high-rated vulnerabilities, Forbes reports that "a further five security vulnerabilities were discovered by the Google internal security team using a combination of internal audits and fuzzing."

Zoom's troubled year just got worse. From a report: Now that a large portion of the world is working from home to ride out the coronavirus pandemic, Zoom's popularity has rocketed, but also has led to an increased focus on the company's security practices and privacy promises. Hot on the heels of two security researchers finding a Zoom bug that can be abused to steal Windows passwords, another security researcher found two new bugs that can be used to take over a Zoom user's Mac, including tapping into the webcam and microphone. Patrick Wardle, a former NSA hacker and now principal security researcher at Jamf, dropped the two previously undisclosed flaws on his blog Wednesday, which he shared with TechCrunch. The two bugs, Wardle said, can be launched by a local attacker -- that's where someone has physical control of a vulnerable computer. Once exploited, the attacker can gain and maintain persistent access to the innards of a victim's computer, allowing them to install malware or spyware.

iFixit tore apart the updated MacBook Air and found that Apple made a few changes making for a more repairable notebook than the last generation. All in all, the new 2020 MacBook Air got a 4/10 repairability score from iFixit, which is one point higher than the previous-gen model which scored 3/10. 9to5Mac reports: iFixit highlights in its full teardown that the update to the reliable Magic Keyboard only added 0.5mm to the thick end of the new MacBook Air... a more than worth it trade-off: "More than anything, that 0.5 mm illustrates the sheer unnecessary-ness of the five painful years that Mac fans spent smashing on unresponsive butterfly keyboards. Knowing that Apple's thinnest-and-lightest notebook accommodates a scissor-switch keyboard so gracefully makes us wonder what it was all for. We understand as well as anyone the urge to fix things, but Apple's insistence on reworking and re-reworking the troubled butterfly design came at such a high cost -- financially, environmentally, and to the Mac's reputation -- and for what? We'll probably never know all the factors that led to the creation and persistence of the butterfly keyboard, but this Magic keyboard is a reminder that sometimes the difference between usable and unusable, or repairable and unrepairable, can be as small as half a millimeter."

Past the keyboard update, iFixit found a nice improvement to how Apple has implemented the trackpad cable: "Where last year the trackpad cables were trapped under the logic board, they are now free to be disconnected anytime -- meaning trackpad removal can happen as soon as the back cover comes off. And since the battery rests under these same cables, this new configuration also greatly speeds up battery removal by leaving the logic board in place. That's two very tasty birds, one stone, for those of you counting. This is one of those happy (but all too rare) occasions where we can identify a hardware change from Apple that's squarely aimed at improving serviceability in the existing design. Sometimes they do listen!"

Apple today officially released versions 13.4 of iOS, iPadOS, and tvOS to the public, alongside macOS 10.15.4 and watchOS 6.2. While many of their improvements are minor, there are a few standout features across the updates. From a report: One of the most noteworthy additions is a dramatic expansion of iPadOS 13's prior trackpad and mouse support, which was limited solely to an Accessibility option before evolving to full system-wide support across all iPad models capable of running iPadOS 13.4. Now, keyboard-trackpad hybrids (such as the upcoming Magic Keyboard for iPad), standalone trackpads, and standalone mice can create a cursor that highlights and selects on-screen text and objects, paving the way for more Mac-like apps on Apple's tablets. Another major improvement is cross-platform support for a new universal app purchase option, enabling a single app developed using Apple's shared Catalyst framework to be purchased and run across Macs, iPhones, iPads, and Apple TVs. This feature went live for developers yesterday, and it uses the iOS App Store as the base for universal apps. Standalone Mac App Store app listings will likely need to be abandoned for the transition to universal apps.

Remember how Apple closed all of its stores outside China? It's preventing some customers from picking up their repaired devices, according to 9to5Mac: As we noted last week, Apple Stores remained partially open for two days following the shutdown announcement. During this time, Apple contacted customers with pending device repairs and asked them to come pick up their products. Inevitably, some customers missed this opportunity. An Apple spokesperson told Business Insider that there's no way for customers who missed the two-day pickup period to get their devices:

Some customers did not pick up their devices within the two-day pickup period, and those devices are still in Apple Stores, the spokesperson said. Unfortunately for those who missed the pickup window, there's no way for them to get their devices until Apple Stores re-open, the spokesperson said....

It's also important to note that devices sent offsite for repair, whether it be iPhone, iPad, Mac, or Apple Watch, are still being returned to customers via shipment. In a normal scenario, Apple would ship the repaired devices back to retail stores, then customers would come pick them up. During the Apple Store shutdown, however, devices are being shipped directly from repair centers to customers instead.

An anonymous reader quotes a report from The Wall Street Journal: New York City is working with the hospitality industry to possibly convert entire hotels into hospitals for patients without the novel coronavirus, in an effort to increase capacity at medical facilities as the outbreak grows. The city's emergency management commissioner, Deanne Criswell, said in an interview Wednesday that hotels could be vital as New York City needs more beds to treat those with Covid-19. The hotels would be for "those non-Covid patients who are really minor but need care," she said. It couldn't be determined how many beds would be immediately available for these patients or how much the city would pay hotels.

The city currently uses hotels for some quarantine, and could use them to house health-care workers who need places to stay, Ms. Criswell said. With the city's tourism industry hit by the virus, many hotels are now empty, she added. New York City has 1,339 confirmed cases of the virus as of Wednesday afternoon, with 10 deaths. City officials also hope to turn the Jacob K. Javits Convention Center in Manhattan into a large hospital, using federal medical stations, according to Ms. Criswell. Mayor Bill de Blasio said earlier this week the city had an additional 1,300 beds by reopening closed hospitals and other facilities, including Roosevelt Island's Coler hospital, a city hospital that was no longer in use. A recently built nursing home in Brooklyn will also be used to hold 600 beds, and two Bronx hospitals with more than 100 beds will also be available, according to Mr. de Blasio. To make more space, the city is also discharging patients that can leave hospitals, canceling elective surgeries, and building more capacity within hospitals. Earlier today, the U.S. and Canada announced it will suspend non-essential travel between the two countries to prevent the spread of the virus. This comes two days after Canada closed its borders to non-citizens with exceptions for U.S. citizens, air crews and diplomats.

The U.S. is also ordering Fannie Mae and Freddie Mac to suspend foreclosures and evictions for at least 60 days.

Mozilla today launched Firefox 74 for Windows, Mac, and Linux. Firefox 74 includes stricter rules for add-ons, TLS 1.0 and TLS 1.1 disabled by default, and a handful of developer features.

According to code seen by 9to5Mac, Apple is set to roll out rich system-wide support for mouse cursors with iOS 14. From a report: Apple added rudimentary compatibility with external mice in iOS 13 Accessibility settings, but iOS 14 (iPadOS 14) will make it mainstream. The iOS 14 build also referenced two new Smart Keyboard models in development. The changes coming to the software will bring most of the cursor features you recognize from a Mac desktop experience to iOS. One difference may be that the pointer disappears automatically after a few seconds of not touching the connected mouse or trackpad, a concession to the touch-first experience of the iPad. It would reappear when the user attempts to move the cursor again.

This includes support for multiple pointers depending on what is being hovered over, like switching from a standard arrow pointer to a pointing hand when hovering over links. It is possible these APIs could then automatically translate over to Mac apps using Catalyst, which currently lacks an API for changing mouse cursor type. Apple is also developing support for Mac-like gesture, like tap with two fingers to right-click.

"New academic research published last month looked at the phone-home [telemetry] features of six of today's most popular browsers and found that the Brave browser sent the smallest amount of data about its users back to the browser maker's servers," reports ZDNet: The research, conducted by Douglas J. Leith, a professor at Trinity College at the University of Dublin, looked at Google Chrome, Mozilla Firefox, Apple Safari, Brave, Microsoft Edge (the new Chromium-based version), and the Yandex Browser.

"In the first (most private) group lies Brave, in the second Chrome, Firefox, and Safari, and in the third (least private) group lie Edge and Yandex...." [T]he professor found evidence that Chrome, Firefox, and Safari all tagged telemetry data with identifiers that were linked to each browser instance. These identifiers allowed Google, Mozilla, and Apple to track users across browser restarts, but also across browser reinstalls...

[T]he most intrusive phoning-home features were found in the new version of Microsoft Edge and the official Yandex Browser. According to Prof. Leith, both used unique identifiers that were linked to the device's hardware, rather than the browser installation. Tracking users by hardware allows Microsoft and Yandex to follow users across installations and potentially link browser installs with other apps and online identities. The professor said that Edge collected the hardware UUID of the user's computer, an identifier that cannot be easily changed or deleted without altering a computer's hardware. Similarly, Prof. Leith also found that Yandex transmitted a hash of the hardware serial number and MAC address to its backend servers.

"As far as we can tell this behaviour [in Edge and Yandex] cannot be disabled by users," the professor said.
The article also points out that Brave was the only browser that didn't use search autocomplete functionality to collect and send back information on a user's visited web pages. (Even though this can be disabled in Firefox, Chrome, and Safari, it's on by default.)

But Edge and Yandex "also sent back information about visited web pages that did not appear to be related to the search autocomplete feature, suggesting the browsers had other ways to track users' browsing habits."