The EU's proposed Cyber Resilience Act (CRA), which aims to "bolster cybersecurity rules to ensure more secure hardware and software products," could have severe unintended consequences for open source software, according to leaders in the open source community. From a report: The proposed Act can be described as CE marking for software products and has four specific objectives. One is to require manufacturers to improve the security of products with digital elements "throughout the whole life cycle." Second is to offer a "coherent cybersecurity framework" by which to measure compliance. Third is to improve the transparency of digital security in products, and fourth is to enable customers to "use products with digital elements securely."

The draft legislation includes an impact assessment that says "for software developers and hardware manufacturers, it will increase the direct compliance costs for new cybersecurity requirements, conformity assessment, documentation and reporting obligations." This extra cost is part of a total cost of compliance, including the burden on businesses and public authorities, estimated at EUR 29 billion ($31.54 billion), and consequent higher prices for consumers. However, the legislators foresee a cost reduction from security incidents estimated at EUR 180 to 290 billion annually. The question is though: how can free software developers afford the cost of compliance, when lack of funding is already a critical issue for many projects? Mike Milinkovich, director of the Eclipse Foundation, said it is "deeply concerned that the CRA could fundamentally alter the social contract which underpins the entire open source ecosystem: open source software provided for free, for any purpose, which can be modified and further distributed for free, but without warranty or liability to the authors, contributors, or open source distributors. Legally altering this arrangement through legislation can reasonably be expected to cause unintended consequences to the innovation economy in Europe."

European Commission: Have you ever struggled to understand whether you were buying directly from Google or from a different brand, or had difficulty finding information about final costs? In order to further align its practices with EU law -- mainly on lack of transparency and clear information to consumers -- Google has committed to introduce changes in several of its products and services. Following a dialogue started in 2021 with the Consumer Protection Cooperation Network (CPC), coordinated by the European Commission and led by the Dutch Authority for Consumers and Markets and the Belgian Directorate-General for Economic Inspection, Google has agreed to address issues raised by the authorities and to introduce changes in Google Store, Google Play Store, Google Hotels and Google Flights to ensure compliance with EU consumer rules.

Following the dialogue, Google has committed to limit its capacity to make unilateral changes related to orders when it comes to price or cancellations, and to create an email address whose use is reserved to consumer protection authorities, so that they can report and request the quick removal of illegal content. Moreover, Google agreed to introduce a series of changes to its practices, such as:

Google Flights and Google Hotels:
1. Make clear to consumers whether they contract directly with Google or whether it is simply acting as an intermediary;
2. Clarify the price used as a reference when discounts are advertised on the platform, as well as the fact that reviews are not verified on Google Hotels;
3. Accept the same transparency commitments as other big accommodation platforms as regards the way it presents information to consumers, for example, on prices or availability.

Google Play Store and Google Store:
1. Provide clear pre-contractual information on delivery costs, right of withdrawal and availability of repair or replacement options. Furthermore, Google will facilitate also information on the company (e.g. legal name and address) and direct and effective contact points (e.g. a live telephone agent);
2. Clarify how to browse different country versions of the Google Play Store and inform developers about their obligations under the Geo-blocking Regulation to make their apps accessible EU-wide, as well as enable consumers to use means of payment from any EU country.

An anonymous reader shares a report: More than 700 miles from Wall Street, the New York Stock Exchange's backup data center on Cermak Road in Chicago is supposed to safeguard US markets, standing by at all hours in case disaster ever strikes the world's largest venue for trading shares. When markets are closed, it participates in a well-worn routine, with NYSE staffers turning on and off systems to ensure everything works. But heading into Tuesday, an NYSE employee failed to properly shut down Cermak's disaster-recovery system -- leading to a disaster.

That human error, described by people with direct knowledge of NYSE's internal operations, is what triggered wild market swings when trading opened Tuesday morning in Manhattan. The chaos affected more than 250 companies including Wells Fargo, McDonald's, Walmart and Morgan Stanley, in some cases sending stock prices swinging by 25 percentage points in a matter of minutes. The episode has prompted the exchange to cancel thousands of trades at a cost that's still being determined. Meanwhile, market professionals and day traders are rattled and waiting for the exchange to elaborate on what it publicly called a "manual error" involving its "disaster recovery configuration."

British cybersecurity officials are warning that hacking groups linked to Russia and Iran are duping people into clicking malicious links by impersonating journalists and experts. From a report: The hackers, who have similar goals but are said to be working separately, have sought to steal emails from people working in academia, defense, the media and government, as well as from activists and non-governmental organizations, according to an advisory released on Thursday by the UK's National Cyber Security Centre. "These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems," said Paul Chichester, the center's director of operations. "We strongly encourage organizations and individuals to remain vigilant to potential approaches and follow the mitigation advice in the advisory to protect themselves online."

Federal agencies are questioning Snapchat's role in the spread and sale of fentanyl-laced pills in the United States as part of a broader probe into the deadly counterfeit drugs crisis. The Los Angeles Times reports: FBI agents and Justice Department attorneys are zeroing in on fentanyl poisoning cases where the sales were arranged to young buyers via Snapchat [...]. The agents have interviewed parents of children who died and are working to access their social media accounts to trace the suppliers of the lethal drugs, according to the people. In many cases, subpoenaed records from Snapchat have shown that the teenagers thought they were buying prescription painkillers, but the pill they swallowed was pure fentanyl -- a synthetic opioid 100 times more potent than morphine.

On Wednesday, the involvement of technology companies in the ongoing fentanyl crisis will be discussed on Capitol Hill at a House Energy and Commerce Committee roundtable. One of the listed speakers, Laura Marquez-Garrett, an attorney with the Social Media Victims Law Center, said Snapchat will be the focus. "The death of American children by fentanyl poisoning is not a social media issue -- it's a Snapchat issue," she said. [...] While dealers use many social media platforms to advertise their drugs, experts, lawyers and families say Snapchat is the platform of choice for arranging sales. Dealers prefer to use Snapchat because of its encrypted technology and disappearing messages -- features that have given the platform an edge over its rivals for fully legitimate reasons and helped it become one of the world's most popular social media apps for teens.

Former White House drug czar Jim Carroll said drug traffickers are always going to flock to where the young people are. "From everything I have read, I do believe that Snapchat has been more widely used for facilitating drug sales," than other platforms, said Carroll, who serves on Snap's safety advisory council and now works for Michael Best Consulting. "I think that's because of its popularity among the young." In December, Snap reported 363 million daily active users in its quarterly earnings report. That same month, the National Crime Prevention Council wrote a letter to Atty. Gen. Merrick Garland, urging the Justice Department to investigate Snap and its business practices. "Snapchat has become a digital open-air drug market allowing drug dealers to market and to sell fake pills to unsuspecting tweens and teens," the letter said. Garland didn't respond, but federal investigators have started to ask questions, multiple people said. Santa Monica-based Snap, which makes Snapchat, said it has worked with law enforcement for years to clamp down on illegal activity on its platform and has boosted moderation efforts to detect illegal drug sales. Last year, Snap said it removed more than 400,000 user accounts that posted drug-related content.

"We are committed to doing our part to fight the national fentanyl poisoning crisis, which includes using cutting-edge technology to help us proactively find and shut down drug dealers' accounts," Rachel Racusen, a Snap spokeswoman, said in an emailed statement.

New bills in the state House and Senate would not only pursue collective bargaining rights across companies, as with past measures, but would guarantee a minimum wage, paid sick leave and other benefits. Companies like Uber and Lyft would also have to cover some driver expenses and pour money into the government's unemployment insurance system. Engadget reports: The new legislation wouldn't decide whether drivers are employees or independent contractors. However, Senate bill co-sponsor Jason Lewis told the State House News Service his bill would establish requirements that apply regardless of a driver's status. Previous bills would have tasked workers with negotiating for benefits that are now included, Lewis says.

In a statement, the Service Employees International Union (a bill proponent) says the bill "rewrites the rules" and gives condition drivers have sought for over a decade. The Massachusetts Coalition for Independent Work, an industry-run organization that opposes the legislation, previously claimed that measures granting employee status don't reflect a "vast majority" of drivers that want to remain contractors. The coalition prefers bills that would bring the anti-employee ballot proposal to the legislature as well as create portable benefit accounts.

An anonymous reader quotes a report from 9to5Google: At the Flutter Forward event, Google released Flutter 3.7 with more Material You widgets and menus support, while also teasing the future of the app development framework. Having grown from humble beginnings on Android and iOS, Google's Flutter SDK can now help you create apps for mobile, desktop, web, and more, all from a single Dart codebase. Since launch, over 700,000 Flutter apps have been published across various platforms.

Today in Nairobi, Kenya, the Flutter team hosted Flutter Forward, an event to connect with the growing global community of developers and showcase the future of app development. For starters, Flutter version 3.7 has now been released, bringing with it a whole host of Material 3 (Material You) widgets. To get a feel for what all is possible with the new generation of Material Design in Flutter, Google has prepared a fun web showcase that even allows you to toggle between Material Theming and Material You. You'll also find that Flutter 3.7 includes new support for creating menus for your app -- including native support for macOS menus, new cascading menu widgets, and the ability to add items to right-click/long-press context menus. The built-in text magnifier on Android and iOS also now works as expected with Flutter's text fields. You can learn more about the improvements of Flutter 3.7 in the full release blog.

Looking ahead, the Flutter team has been working for quite some time on replacing the Skia renderer with a more robust solution of its own. Currently dubbed "Impeller," Flutter's new rendering engine has made significant enough progress to now be ready for developers to test it with their iOS apps. [...] Google is also working on new ways to help Flutter apps integrate with the underlying OS or platform. [...] Meanwhile, for Flutter web apps, a new "js" library makes it easy to call your app's Dart code from the outer page's JavaScript code. Relatedly, you can now embed a Flutter view onto a page through a standard HTML div. Both of these can be seen in a fun demonstration page.

Elsewhere in Flutter web news, Google has made strides toward compiling Dart apps using WebAssembly. [...] In time, this should result in significant performance improvements for Flutter on the web. In addition to compiling to WebAssembly, the Dart team has also begun offering full support for the RISC-V architecture, with the ultimate goal of Flutter apps running on RISC-V. Another major announcement today is that Google is moving forward with its plans to release version 3.0 of the Dart programming language upon which Flutter apps are built. Dart 3.0 is available today for early alpha testing with a focus on requiring sound null safety.

The billionaire hedge fund manager that runs a major Google investor isn't satisfied with the record 12,000 redundancies the US tech giant is making, and wants to see thousands more forced out of the organization. From a report: Estimated to be worth around $8 billion, Sir Christopher Hohn reportedly paid himself $1.8 million a day last year and is the boss of The Children's Investment Fund. He had already agitated for change in November when he implored Google execs to cut costs by reducing headcount, paying staff less, and killing off profitless business.

Whether Google listened to TCI Fund or not is a moot point, but Sundar Pichai last week confirmed that 12,000 of its employees were to be booted because it hired heavily during the pandemic for a "different economic reality to the one we face today." Yesterday, he told a town hall meeting of Googlers that not hiring risked losing business. Google's workforce went from 120,000 in 2020 to nearly 187,000 at the end of September, and it is now under pressure due to slowing sales and shrinking profits. Hohn at TCI now wants to see even more dramatic action taken by senior management. "Over the last five years, [Google parent] Alphabet has more than doubled its headcount, adding over 100,000 employees, of which over 30,000 were added in the first nine months of 2022 alone," he said in the latest letter to Pichai. Hohn adds, "The decision to cut 12,000 jobs is a step in the right direction, but it does not even reverse the very strong headcount growth of 2022. Ultimately management will need to go further. [...] Importantly, management should also take the opporunity to address excessive employee compensation. The media salary at Alphabet in 2021 amounted to nearly $300,000, and the average salary is much higher. "

Google is revising its business agreements with phonemakers and other partners in India and making a series of other changes in the South Asian market to comply with the local antitrust watchdog's directions in a major shift that could invite regulators in other regions to make similar suggestions. From a report: The Android-maker, which was slapped with a $161 million fine by the Competition Commission of India last year and was ordered to make a series of changes in its business practices, said Wednesday that it will allow smartphone vendors in India to license individual apps for pre-installation on their Android-powered devices. Google will also give consumers the ability to change search engine and use third-party billing options for apps and games purchases on Play Store starting next month, it said.

The UK government will provide direct taxpayer funding to support British semiconductor companies as part of a strategy for a sector that has become a lightning rod in global geopolitics, Bloomberg reported Wednesday, citing people familiar with the plans. From the report: This will include seed money for startups, help for existing firms to scale up, as well as providing new incentives for private venture capital, the officials said. Ministers will set up a semiconductor task force to coordinate public and private support to ramp up UK manufacturing of compound semiconductors in the next three years, they added. An overall figure has not been agreed with the Treasury but it is expected to be single figure billions of pounds, one person familiar with the plans said.

Chips are vital components in everything from mobile phones to cars, and shortages have the potential to cause significant disruption to supply chains. Companies already affected by the Covid-19 pandemic are reconsidering their investments in the UK due to frustrations over delays in formulating a strategy. Compound semiconductors are based on different materials to conventional "silicon" chips and are used in newer technologies like 5G wireless and electric vehicles. A UK push to develop local semiconductor manufacturing would echo US efforts to restrict exports of the technology to China and hobble its push into the chips industry. The Netherlands and Japan, key chip-making countries, are close to joining with the US to curb links with Beijing.

Apple is taking steps to separate its mobile operating system from features offered by Google parent Alphabet, making advances around maps, search and advertising that has created a collision course between the Big Tech companies. From a report: The two Silicon Valley giants have been rivals in the smartphone market since Google acquired and popularized the Android operating system in the 2000s. Apple co-founder Steve Jobs called Android "a stolen product" that mimicked Apple's iOS mobile software, then declared "thermonuclear war" on Google, ousting the search company's then-CEO Eric Schmidt from the Apple board of directors in 2009. While the rivalry has been less noisy since, two former Apple engineers said the iPhone maker has held a "grudge" against Google ever since. One of these people said Apple is still engaged in a "silent war" against its arch-rival. It is doing so by developing features that could allow the iPhone-maker to further separate its products from services offered by Google.

[...] The second front in the battle is search. While Apple rarely discusses products while in development, the company has long worked on a feature known internally as "Apple Search," a tool that facilitates "billions of searches" per day, according to employees on the project. Apple's search team dates back to at least 2013, when it acquired Topsy Labs, a start-up that had indexed Twitter to enable searches and analytics. The technology is used every time an iPhone user asks Apple's voice assistant Siri for information, types queries from the home screen, or uses the Mac's "Spotlight" search feature. Apple's search offering was augmented with the 2019 purchase of Laserlike, an artificial intelligence start-up founded by former Google engineers that had described its mission as delivering "high quality information and diverse perspectives on any topic from the entire web."

Alphabet's Google says it believes the complaint from the U.S. Department of Justice accusing the company of abusing its dominance in digital advertising is "without merit." From a report: The company also added it will "defend itself vigorously". The government on Tuesday said Google should be forced to sell its ad manager suite, tackling a business that generated about 12% of Google's revenue in 2021 while also playing a vital role in the search engine and cloud company's overall sales. Google, which depends on its advertising business for about 80% of its revenue, said the government was "doubling down on a flawed argument that would slow innovation, raise advertising fees and make it harder for thousands of small businesses and publishers to grow." The federal government has said its Big Tech investigations and lawsuits are aimed at leveling the playing field for smaller rivals who are up against a group of powerful companies that include Amazon, Facebook-owner Meta and Apple.

An anonymous reader quotes a report from Reuters: U.S. Senator Josh Hawley, a Republican and China hawk, said on Tuesday that he would introduce a bill to ban the short video app TikTok in the United States. TikTok, whose parent is the Chinese company ByteDance, already faces a ban that would stop federal employees from using or downloading TikTok on government-owned devices. "TikTok is China's backdoor into Americans' lives. It threatens our children's privacy as well as their mental health," he said on Twitter. "Now I will introduce legislation to ban it nationwide." Hawley did not say when the bill would be introduced. "Senator Hawley's call for a total ban of TikTok takes a piecemeal approach to national security and a piecemeal approach to broad industry issues like data security, privacy and online harms," said TikTok spokeswoman Brooke Oberwetter. "We hope that he will focus his energies on efforts to address those issues holistically, rather than pretending that banning a single service would solve any of the problems he's concerned about or make Americans any safer."

Google plans to discontinue a pilot program that allows political campaigns to evade its email spam filters, the latest round in the technology giant's tussle with the GOP over online fundraising. The Washington Post reports: The company will let the program sunset at the end of January instead of prolonging it, Google's lawyers said in a filing on Monday. The filing, in U.S. District Court for the Eastern District of California, asked the court to dismiss a complaint lodged by the Republican National Committee accusing Google of "throttling its email messages because of the RNC's political affiliation and views." "The RNC is wrong," Google argued in its motion. "Gmail's spam filtering policies apply equally to emails from all senders, whether they are politically affiliated or not." [...]

While rejecting the GOP's attacks, Google nonetheless bowed to them. The company asked the Federal Election Commission to greenlight the pilot program, available to all campaigns and political committees registered with the federal regulator. The company anticipated at the time that a trial run would last through January 2023. Thousands of public comments implored the FEC to advise against the program, which consumer advocates and other individuals said would overwhelm Gmail users with spam. Anne P. Mitchell, a lawyer and founder of an email certification service called Get to the Inbox, wrote that Google was "opening up the floodgates to their users' inboxes ... to assuage partisan disgruntlement."

The FEC gave its approval in August, with one Democrat joining the commission's three Republicans to clear the way for the initiative. Ultimately, more than 100 committees of both parties signed up for the program, said Google spokesman Jose Castaneda. The RNC was not one of them, as Google emphasized in its motion to dismiss in the federal case in California. "Ironically, the RNC could have participated in a pilot program leading up to the 2022 midterm elections that would have allowed its emails to avoid otherwise-applicable forms of spam detection," the filing stated. "Many other politically-affiliated entities chose to participate in that program, which was approved by the FEC. The RNC chose not to do so. Instead, it now seeks to blame Google based on a theory of political bias that is both illogical and contrary to the facts alleged in its own Complaint." [...] "Indeed, effective spam filtering is a key feature of Gmail, and one of the main reasons why Gmail is so popular," the filing stated.

To help reduce the potential for malware, Android 14 will begin fully blocking the installation of apps that target outdated versions of Android. 9to5Google reports: For years now, the guidelines for the Google Play Store have ensured that Android developers keep their apps updated to use the latest features and safety measures of the Android platform. Just this month, the guidelines were updated, requiring newly listed Play Store apps to target Android 12 at a minimum. Up to this point, these minimum API level requirements have only applied to apps that are intended for the Google Play Store. Should a developer wish to create an app for an older version, they can do so and simply ask their users to sideload the APK file manually. Similarly, if an Android app hasn't been updated since the guidelines changed, the Play Store will continue serving the app to those who have installed it once before.

According to a newly posted code change, Android 14 is set to make API requirements stricter, entirely blocking the installation of outdated apps. This change would block users from sideloading specific APK files and also block app stores from installing those same apps. Initially, Android 14 devices will only block apps that target especially old Android versions. Over time though, the plan is to increase the threshold to Android 6.0 (Marshmallow), with Google having a mechanism to "progressively ramp [it] up." That said, it will likely still be up to each device maker to decide the threshold for outdated apps or whether to enable it at all. The report notes that it'll still be possible to install an outdated version of an app "through a command shell, by using a new flag."

Microsoft has started testing a new split-screen feature for Edge that lets you compare two tabs side by side. The Verge reports: The feature was first discovered by Leopeva64-2 on Reddit, and it's available in an experimental flag in the beta, dev, and canary versions of Microsoft Edge. Once enabled, a new button appears alongside the address bar that lets you split an Edge window into two separate tabs side by side.

Once you've split existing tabs into a single window, it creates a single tab with the combined webpages. That means you can create multiple split tabs in Edge and navigate through them. You can also pin these side-by-side tabs, duplicate them, or add them to groups just like you would any regular tabs. That makes this feature super useful if you regularly compare documents or webpages.

Playing the military simulation War Thunder is now reportedly considered an official risk on background checks. PCMag reports: As GamesRadar reports, a user going by the name Add Fiat 6616 Pls posted on the War Thunder subreddit earlier this week explaining how a friend of his had applied for a job at aerospace and defense conglomerate Raytheon Technologies. As part of the security clearance process, a private investigator is used to contact the candidates "witnesses," which is shorthand for their friends. Add Fiat 6616 Pls was one of those friends and therefore received a call to answer a range of questions in an attempt to discover if the candidate's lifestyle raised any red flags. One of those question was: "Does he play War Thunder?"

The question makes sense as part of a security check and national security assessment after you realize how much classified information has leaked via the game over the past few years. War Thunder is a free-to-play vehicular combat online multiplayer game developed by Russian game developer Gaijin Entertainment (which relocated to Budapest in 2015). Since 2021, there have been six incidents of restricted or classified documents being leaked during discussions about the accuracy of the vehicles used in the game.

Apple has provided iOS 12.5.7, macOS 11.7.3, and other updates for older devices that can't be updated to the latest releases. AppleInsider reports: The new updates are for users still using older devices and operating systems and address similar bugs and security patches available in the recent iOS 16.3 and macOS Ventura releases. The security patch notes list at least 14 different systems affected by security issues that have been patched. The new update versions are: iOS 12.5.7, iOS 15.7.3, iPadOS 15.7.3, macOS Big Sur 11.7.3, and macOS Monterey 12.6.3.

Users may note the skipped iOS versions between iOS 12 and iOS 15. Those are due to where devices were cut off from updating. Every device that could run iOS 13 could run iOS 15, so Apple doesn't update every version. The oldest device supported by iOS 12.5.7, for example, is the iPhone 5s, which was released in September 2013. The oldest Macs supported by macOS Big Sur are the 2013 MacBook Air, Mac Pro, and MacBook Pro. Anyone capable of updating these new updates to the older operating systems should do so as soon as possible. The update addresses known security issues that could put the user at risk.

Crypto companies seeking to go public over the past year have faced increased scrutiny from the Securities and Exchange Commission, as financial distress and failures spread across the volatile industry. WSJ: Crypto-focused companies including Bullish Global, Circle and eToro have failed to secure the SEC approvals that are required of companies going public. The firms were seeking stock-exchange listings through mergers with special-purpose acquisition companies, an alternative path to going public that thrived in 2020 and 2021 before heightened regulatory checks and market turbulence ended the SPAC boom. Another crypto broker, Galaxy Digital has faced repeated rounds of questions from SEC staff about its business since filing paperwork to go public on the Nasdaq Stock Market, according to people familiar with the questioning.

Galaxy, which isn't using a SPAC structure, announced in March 2021 that it wanted to become a U.S.-listed public company and hoped to clear SEC review by the end of that year. The SEC didn't set out to stop the companies from going public, according to a person familiar with the matter, but crypto firms believe the pace of the agency's review hurt their efforts, particularly after the crash of a well-known cryptocurrency and the failure of a large crypto hedge fund that hit many exchanges and lenders. The bankruptcy of crypto exchange FTX and a bear market in digital asset prices may keep the door closed.

Appliance makers like Whirlpool and LG just can't understand. They added Wi-Fi antennae to their latest dishwashers, ovens, and refrigerators and built apps for them -- and yet only 50 percent or fewer of their owners have connected them. What gives? From a report: The issue, according to manufacturers quoted in a Wall Street Journal report (subscription usually required), is that customers just don't know all the things a manufacturer can do if users connect the device that spins their clothes or keeps their food cold -- things like "providing manufacturers with data and insights about how customers are using their products" and allowing companies to "send over-the-air updates" and "sell relevant replacement parts or subscription services."

"The challenge is that a consumer doesn't see the true value that manufacturers see in terms of how that data can help them in the long run. So they don't really care for spending time to just connect it," Henry Kim, US director of LG's smart device division ThinQ, told the Journal. LG told the Journal that fewer than half of its smart appliances -- which represent 80-90 percent of its sold appliances -- stay connected to the Internet. Whirlpool reported that "more than half" are connected. Wi-Fi-connected smart appliances may be connected when they're first set up, but a new Internet provider, router hardware, or Wi-Fi password could take the device offline. And a smart oven is likely to be far down the list of devices to set up again once that happens. That means companies like Whirlpool are missing out on services revenue, which is increasingly crucial to manufacturers facing rising input costs, declining replacement purchases, and hungry shareholders.