The beta version of Ubuntu 24.04 won’t be released on time, the developers have confirmed, following concerns about a major security threat.
Instead of launching on April 4, the latest Ubuntu version, which also holds the codename Noble Numbat, will now be released on April 11 after developers Canonical decided to push the release for a week because of the discovery of CVE-2024-3094, a critical vulnerability recently discovered in xz-utils.
XZ-utils is a set of data compression tools and libraries used by major Linux distros. The vulnerability was introduced to XZ version 5.6.0 by a pseudonymous attacker, and persisted throughout 5.6.1 as well.
Securing future versions
The majority of Linux distros seem to be affected by the flaw. Ubuntu 24.04 (but not older versions), Red Hat, Fedora Rawhide, and Fedora 40, as well as some Kali Linux versions, and some Arch Linux installation media, are affected.
Red Hat Enterprise Linux (RHEL) versions, stable Debian releases, as well as Linux Mint, Gentoo Linux, Alpine Linux and Amazon Linux are not affected, it was said.
In the Discourse post, Canonical said it will “remove and rebuild all binary packages that had been built for Noble Numbat after the CVE-2024-3094 code was committed to xz-utils (February 26th), on newly provisioned build environments." This should make the latest Ubuntu release safe from the vulnerability which was given a severity score of 10.0.
Tom’s Hardware speculates that the launch of the final 24.04 version - planned for April 25 - could also be delayed. A survey on Mastodon, set up by a former Canonical employee, showed that out of roughly 100 respondents, only a slim majority (56% versus 44%) expects the version to be released on time.
Earlier this week, Binarly released a free scanner to make hunting for the flaw faster, more seamless, and with fewer false positives.
The way that users get information from the web has evolved over the years. People used to rely on news sites and Google to keep abreast of what was going on in the world, but then Twitter arrived and cemented itself as an alternative (and often inaccurate) source of news. Although it’s facing the threat of being banned in the US, TikTok has become a major source of information for younger users, and AI chatbots have really come into their own as a valuable tool for delivering tailored, instant information.
The rise of voice-activated AI assistants like Amazon's Alexa and Google Assistant has also revolutionized the way we access information, allowing users to simply ask for what they want to know, rather than having to search for it manually. However, with this evolution comes the responsibility of discerning reliable sources from misinformation, a skill that is becoming increasingly important in the AI age.
Recent surveys by Applause and Forrester indicate a significant shift in consumer behavior, with users increasingly favoring AI chatbots over traditional search engines for both research and basic queries.
Similar findings
Applause's 2024 Generative AI Survey reveals that 91% of respondents use chatbots for research, and 81% prefer them over search engines for basic queries. However, as is perhaps to be expected, concerns about data privacy, bias, and performance persist.
Applause found ChatGPT is the most popular chatbot, used by 91% of users, ahead of Google Gemini (63%) and Microsoft Copilot (55%). Despite worries about providing private information to chatbots, with 89% of respondents expressing concern, the practical applications of Gen AI are now widely acknowledged. However, only 19% of users believe that chatbots understand their prompts every time, indicating room for improvement.
Forrester's State of Consumer Usage of Generative AI 2024 echoes these findings, noting that GenAI has made AI more visible in consumers' daily lives. While companies race to incorporate AI, consumer adoption is still in its infancy due to concerns about its ethical implications. The report also highlights the demographic differences in GenAI adoption, with younger, male, and more highly educated consumers more likely to have used the technology. The report states that almost half of Millennial and Gen Z adults in the US, UK and France have used GenAI, compared with only 12% of Baby Boomers.
Forrester also found 34% of US consumers used GenAI, compared to 27% in the UK and 25% in France.
Work still needed
Despite widespread concerns, the benefit of GenAI is widely recognized. Among online adults who had heard of GenAI, 50% agreed that it would make it easier to find information online. However, 45% agreed that GenAI posed a serious threat to society, indicating a split in consumer attitudes towards the technology.
The surveys reveal that the golden era of search engines might be coming to an end, as consumers increasingly turn towards AI chatbots for their information needs. However, as Chris Sheehan, SVP Strategic Accounts and AI at Applause sums up, “Chatbots are getting better at dealing with toxicity, bias and inaccuracy – however, concerns still remain. Not surprisingly, switching between chatbots to accomplish different tasks is common, while multimodal capabilities are now table stakes. To gain further adoption, chatbots need to continue to train models on quality data in specific domains and thoroughly test across a diverse user base to drive down toxicity and inaccuracy.”
Apple could unveil a new and improved Apple Pencil, equipped with a brand-new “squeeze” gesture, providing additional control without taking your hand off the pencil.
According to 9to5Mac, there are references to a new gesture called “squeeze” in the code for iPadOS 17.5 beta, which was recently released to developers. This gesture appears to be used to add shapes, signatures, stickers, or a text field, thereby saving time for those writing notes or quickly annotating a sketch or document.
These squeeze gestures are unlikely to refer to the Apple Pencil 2, as it has pressure sensors only on its tip and not on the stylus' surface. This suggests that the gesture is for an as-yet-unannounced Apple Pencil 3 that could launch alongside some new iPads rumored to launch in May.
Other indicators of a potential new model include mentioning the Apple Pencil being supported by the Find My app, as current Apple Pencils cannot be tracked via this app. This feature will allow you to find the Pencil, just like you can track AirPods and AirTags, which is handy for something so easily lost as a pen.
Another possible clue that a new Apple Pencil is on the way is that iPadOS 17.4 has added an updated version of the PencilKit API, which developers use to make apps compatible with the Apple Pencil. However, the exact new features are unknown.
The Apple Pencil 3 will likely feature the return of pressure sensitivity, which was missing from the more scaled-down Pencil released in October 2023. This feature allows you to change the thickness of your strokes depending on how hard you press down on the screen and is invaluable for digital artists.
Tipster Majin Bu posted on X that the Apple Pencil 3 will come with interchangeable magnetic tips to aid drawing, technical drawing, and professionals such as digital artists and photo editors. While the most extreme rumor from MacRumors claims the Apple Pencil 3 will support the Apple Vision Pro and allow you to use your surroundings as a canvas instead of touching a tablet screen and will even still use pressure sensitivity.
Based on what my source reportedthe new Apple Pencil 3 will come with interchangeable magnetic tips(for drawing, technical drawing and painting) pic.twitter.com/AXUdpbZFVhSeptember 30, 2023
See more
Potential pricing is currently unknown but is expected to be similar to the Pencil 2 at around £139 / $129 / AU$199. Hopefully, Apple will opt for some color variations this time around rather than only having a white option, as we’d like to see black, silver, or gold options or any other color.
The original Apple Pencil was released on November 11, 2015, while the second generation Pencil was released on November 7, 2018. On October 17, 2023, Apple launched an entry-level Pencil model for USB-C-equipped iPads.
Go ahead and make fun of the Apple iPad on your favorite social network, I dare you. You will be swarmed by iPad fans, defending their favorite tablet to the death, which always seems to be just over the horizon for the tablet market. We got no new iPads in 2023, making it one of the hardest ever for iPad fanatics, but I say fear not! The iPad is healthy, and I see a brighter future than ever for Apple’s tablet.
Is the iPad really healthy? Well, according to Canalys, iPad sales declined year-on-year by quite a bit, as much as 24%. That still left Apple in a distant first place among tablet makers. Samsung’s sales declined only 11%, but it still shipped less than half of the tablets that Apple delivered, according to Canalys estimates.
The Samsung Galaxy Tab S9 Ultra is incredibly capable(Image credit: Future / Philip Berne)
That’s gotta be tough news for Samsung. The latest Galaxy Tab S9 series, including the more affordable Galaxy Tab S9 FE, are some of Samsung's best tablets ever. The entire lineup is IP68 water resistant, which is a first for tablets that aren’t sold as rugged business tablets. They come with an S Pen, which is a better stylus than the Apple Pencil, a $79 / £79 / AU$139 implement that doesn’t even work with every iPad.
The iPad didn't need an update to stay up-to-date
The iPad, on the other hand, has languished on shelves for a long time. There were no iPad updates in 2023. After endowing the iPad Pro with the M2 chip, and the iPad Air with the M1 chip, in late 2022, Apple left the tablet alone.
The base model iPad was updated in 2022, and it still uses a mobile A14 Bionic chipset, while the even older iPad mini, last updated in 2021, inexplicably uses a faster A15 Bionic. Apple also still sells the iPad 10.2-inch model from 2021 as a new device.
You can still buy this 2021 iPad 10.2 from Apple brand new(Image credit: TechRadar)
Here’s the thing – the iPad was already more than a year ahead of other tablets on the market. Samsung’s Galaxy Tab S is a powerful, capable Android tablet with a fantastic display. Its Snapdragon processor can’t come close to the iPad Air’s M1 chip. The M1 chipset can power a professional laptop. The Snapdragon is strictly mobile.
Even the A14 Bionic chipset in the base model iPad gives the latest Snapdragon 8 Gen 2, found in the Galaxy Tab S9, a run for its money.
The iPad is so overpowered it sticks around longer
How could Apple improve the iPad? Maybe a better question would ask, what improvements do we need? The iPad is already powerful, well-designed, and long-lasting. I mean it lasts a long time in battery tests, and it also lasts a long time as a product you’ll own. When it comes to longevity, the iPad puts the iPhone to shame, though maybe that should change.
I owned the very first iPhone, and I used it for at least six years before I broke it accidentally by dropping it. By then, it wasn’t worth fixing, but I felt I’d gotten plenty of value out of that purchase. On the last day it was alive, I was able to do everything I wanted, including playing games, watching movies, and browsing all of my favorite websites. A six-year-old iPone was completely capable, and I couldn’t have asked for more.
The original iPad lasted a very long time, years and years
A big reason why the iPad market has stalled is because the market is saturated. People keep iPads and tablets much longer than they keep phones. On inspection, we should probably all just hold onto our phones longer. A five-year-old iPhone is probably much more capable than we all imagine.
The difference is that Apple and our mobile carriers offer us financial incentives to trade in our old phones for new ones. That’s how we buy phones, on contracts and payment plans. That’s not how most people pay for tablets.
Do you really need a fourth screen? Of course you do
The iPad is the best of all of those worlds, and iPad fans know it
That’s the real problem with the iPad: it’s another expenditure on a device that replaces… well, nothing. If you have an iPhone, you can do everything the iPad can do, and more. If you have a laptop, too, then you really don’t need a third screen. What about that smart TV on your wall? Now, an iPad makes four screens, and there’s nothing it offers that your other screens can’t manage.
The iPad isn’t an impulse buy, either. It isn’t a hundred bucks or so. You can’t buy it with the gift card you won in a work raffle like you might buy an Amazon Fire tablet for $100. The iPad costs hundreds, and that’s before you add accessories like the Apple Pencil, a keyboard, or even just a nice folio cover.
Still, there is something undeniable about its appeal. The iPad is more powerful and capable than a smartphone. It’s more portable than a laptop. It’s more personal than the TV hanging on the wall. The iPad is the best of all of those worlds, and iPad fans know it.
The iPad's bottom line is much lower this year
Of course a new iPad Air with an OLED screen would be sweet(Image credit: Apple)
Here’s what truly made this past year a boon for iPad fans. Every iPad model can be found for the lowest price ever. The iPad 10.9 is $429 / £307.62 right now on Amazon, down from $449 / £499 at launch. The iPad Air is $449 / £438.02, down from $599 / £569. Sorry, Australian friends, Amazon isn’t giving you the same iPad discount these days.
The iPad Pro hasn’t dropped as much as the rest, but the 64GB M1 iPad Air now costs $150 / £120 less on Amazon than it did when it launched. That’s a 25% discount in the US. Maybe Apple was doing the right thing by delaying any iPad update as long as possible. The iPad didn’t need an update. It needed a price cut.
Apple iPad 10.2 (2021):was $329.99 now $249 at Amazon The iPad 10.2 is still available at Amazon for its lowest price ever this week. Apple's last-generation tablet may be slightly older tech, but the 10.2-inch Retina display and A13 Bionic chip ensure excellent picture quality and superior performance to this day. The entry-level slate can do it all without issue: whether that's browsing the net, streaming media, light work, or playing games. Ultimately, when it comes to powerful and affordable tablets that offer excellent value for money, it doesn't get better than the Apple iPad 10.2.View Deal
Apple iPad 10.9 (2022):was $449 now $349 at Amazon This offer on Apple's newest entry-level iPad brings it down to the lowest price ever – one we've seen a couple of times this year. It's terrific value for money at this price if you need an all-around tablet. We said Apple's latest base-level tablet is a big upgrade over the previous generation model in our iPad 10.9 review, with a larger Liquid Retina display, a new A14 Bionic chip, improved cameras, USB-C support, and a sleek design.View Deal
iPad Air (2022):was $599 now $449.99 at Amazon Amazon has the iPad Air available for a record-low price right now. As we said in our four-star iPad Air (2022) review, this model neatly sits in the middle ground between power and affordability while still offering many of the same features and capabilities as the more expensive iPad Pro. With an attractive 10.9-inch Liquid Retina display and M1 chip inside you get excellent picture quality plus fast performance, making it a great tablet for creative tasks, gaming, and general everyday use.View Deal
On Friday March 29, Microsoft employee Andres Freund shared that he had found odd symptoms in the xz package on Debian installations. Freund noticed that ssh login was requiring a lot of CPU and decided to investigate leading to the discovery.
The vulnerability has received the maximum security ratings with a CVS score of 10 and a Red Hat Product Security critical impact rating.
Red Hat assigned the issue CVE-2024-3094 but based on the severity and a previous major bug being named Heartbleed, the community has cheekily named the vulnerability a more vulgar name and inverted the Heartbleed logo.
Luckily the vulnerability has been caught early
Red Hat wrote: "Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library."
The malicious injection can be found only in the tarball download package of xz versions 5.6.0 and 5.6.1 libraries. The Git distribution does not include the M4 Macro that triggers the code. The second-stage artifacts are present in the Git repository for the injection during the build time, if the malicious M4 macro is present. Without the merge into the build, the 2nd-stage file is innocuous.
You are recommended to check for xz version 5.6.0 or 5.6.1 in the following distributions and downgrade to 5.4.6. If you cannot you should disable public facing SSH servers.
Whether you're a new subscriber or already have an account, this deal from StackSocial will net you a one-month of Xbox Game Pass ultimate for just $8.
Gmail, the email service that almost started out as a joke but rose to become a dominant player in the space, is exactly 20 years old on April 1.
It is for most of us, as hard to imagine a world without Gmail as it is for us to search without Google. But Gmail was a latecomer to the email game, arriving decades after we started using computers to deliver electronic messages to third-party providers who would, like the old-school post office, sort and send them along to their proper digital destination. It was well after MSMail and ccMail but early enough that we still demanded a hyphen between “e” and “mail.”
Ever the cheeky upstart (despite by then being the most-used search engine), Google launched Gmail on April Fool’s Day to mostly widespread confusion. At PCMag, where I worked at the time, we admitted that “Google's release included language which sounded like a ruse” and no one was quite sure if the search giant was serious about entering the crowded email space. Part of that had to do with the quite limited availability of the platform.
Google was among the first Internet companies to offer invite-only access to a new service. It was a brilliant bit of marketing but also had a more practical purpose. Google had struggled to launch Gmail and was still learning when it moved into public beta. Open access would’ve overwhelmed the system, forcing untold crashes, possibly un-delivered mail, and probably made it almost impossible to learn about what people wanted, needed, and used most often in the IMAP mail platform (there was no POP3 support at launch).
Welcome to the party, pal
On April 22, 2004, almost four weeks after the launch, I got access. I still have the welcome message, that told me I was “one of the very first people to use Gmail,” and thanked me for “agreeing to test Gmail.” The email described some of the key differences, like “searching instead of filing.” Gmail didn’t use folders, a time-honored way of organizing email, and instead focused on labels and conversations. To this day, the concept of folders in Gmail is foreign and I’m not sure I have ever loved the more amorphous “labels”.
It had some advanced features like filters and address autocomplete. And, of course, it came with 1GB of storage, an amount unheard of at the time for a free email service, which now seems woefully inadequate. Google's pitch at the time was that we could stop wasting time deleting emails and save everything. I think I over-committed to this concept.
While Gmail didn’t have pop-up or banner ads (thank God), there were text-based ads in a column to the right (Gmail ads now mostly live under the “Promotions” tab). This turned out to be Gmail’s most controversial “innovation”. To provide contextual ads, Google would have to “read” the contents of your email. That sounded like an insane privacy violation, and I wrote about the concern right before I gained access. I reminded readers that computers, at least back then, didn’t really “read” anything. They had neither the eyes nor the consciousness to understand the context. Google was, of course, already anonymizing the data and delivering contextual ads without delivering your private bits to third parties. I also noted that, without those ads, we might not get all that, at the time, free storage. It’s worth noting that those early concerns did nothing to hinder Gmail’s growth.
Along with access to Gmail came some invites that I could dole out. They arrived in small bunches, and I would give them to co-workers, colleagues, and friends. Some people who knew I had a Gmail account sent me emails and AOL messages pleading for access. Whenever I gave someone access, Gmail would notify me of when they signed up and created their new Gmail address “so we could stay in touch with Gmail!” While not a social network, Google was aware of the inherently social nature of email. Keeping newbies connected was how it built that network and generated just enough FOMO to keep the service growing.
All the information
Google took a risk when it launched Gmail, and it knew it. In the original FAQ, Google had to explain why a Search company would launch an email service:
“Why is Google offering email? I thought you were a search company.
Google's mission is to organize the world's information and make it universally useful and accessible. For many people, email contains valuable information that can be difficult to retrieve. We believe we can help with that.”
It was further evidence that Google’s strategic aim was never just about search results, it was about information, yours, mine, and everyone else’s. Google wanted to organize the world’s information no matter the form, from search results, to mail, to video and images, and location. That quest never stops and not everyone is happy about it.
Even so, it’s worth celebrating Gmail, an online service that entered an entrenched market and ultimately remade it in its image. It never was and will likely never be a joke.
March isn't traditionally known for its gaming laptop deals, but there are some absolutely outstanding options on the market right now. Dell and Best Buy, in particular, are offering massive price cuts of up to $600 on some of our favorite gaming laptops.
Our top choice for those on a budget is this RTX 4060-equipped MSI Cyborg for $849 (was $1,099) at Best Buy - one of the cheapest machines we've ever seen to feature the powerful graphics card. Pound for pound, this machine is a great budget buy if you need something relatively powerful without breaking the bank.
For something with a little more oompth, consider this outstandingly cheap MSI Crosshair for $1,199 (was $1,399), which features an RTX 4070 graphics card, 16GB of RAM, and 1TB SSD. This machine isn't the cheapest out there right now but it's really great value considering the level of specs you're getting here.
And, for a premium gaming laptop where looks are as important as performance, consider the excellent Asus Zephyrus G14 for $999 (was $1,599) at Best Buy or the Alienware M16 for $1,499 (was $2,199) at Dell. Both these choices feature superb components for the price - but also an eye-catching design that sets them apart from the usual cheaper models.
You can read more about our choices just down below, or head on over to ourgaming laptop dealspage for even more recommendations.
I've seen this MSI Cyborg on sale for $799 before over Black Friday, but this deal at Best Buy is almost as good. For the money, this mid-range machine is offering almost unbeatable bang for the buck with its RTX 4060 and Core i7 chipset. Put together, you're getting great performance here, well under $900 - more than enough to max out the graphical settings at 1080p resolutions.View Deal
Asus Zephyrus G14 gaming laptop:was $1,599now $999 at Best Buy Processor: AMD Ryzen 9-7940HS Graphics card: RTX 4060 RAM: 16GB SSD: 512GB
Speaking of amazing gaming laptop deals on mid-range machines, here's a record-low price on one of our favorite laptops ever. This Asus Zephyrus G14 is a slightly older model, but it's still a great buy if you'd like a smaller 14-inch laptop. This particular configuration is packed in an RTX 4060 and Ryzen 9, meaning it's capable of outputting some serious performance despite its diminutive size. View Deal
Need a more powerful machine? This MSI Crosshair is easily one of the cheapest gaming laptop deals on the market right now, and it features a speedy RTX 4070 graphics card. This GPU, combined with a 13th-generation Intel Core i7, means this MSI is an exceptionally capable gaming laptop. While pricey compared to some of the RTX 4060 options on our list, this one is just as good value.View Deal
Last year's Alienware M16 is a great buy if you don't mind getting a slightly older model - especially with this huge price cut courtesy of the Dell TechFest sale. Right now, you can get this premium RTX 4070 gaming laptop for just under $1,500, which isn't bad considering you're getting a premium design, a whopping 32GB of RAM, and one of the most powerful Intel chipsets on the market. While pricey, we'd still highly recommend this deal if you want a powerful and stylish laptop.View Deal
from TechRadar - All the latest technology news https://ift.tt/asZkeFp
Many versions of Linux may be vulnerable to a flaw that allowed hackers to steal passwords, or change the contents of their clipboard.
The vulnerability, however, comes with a major caveat that makes exploitations somewhat unlikely (or at least heavily limited).
Cybersecurity researcher Skyler Ferrante recently discovered an “improper neutralization of escape sequences in wall” vulnerability, a flaw impacting the “wall” command. This command is usually used to broadcast messages to the terminals of all users logged to the same system.
WallEscape
With escape sequences not being properly filtered when processing input through command line arguments, a threat actor could, theoretically, launch a prompt to all connected users and have them type in their administrator password. Escape sequences could also be used to change the clipboard of a target user, although this method may not work with all terminal emulators.
The vulnerability is tracked as CVE-2024-28085, and dubbed WallEscape. It was fixed in Linux version 2.40, released in March 2024, but that means it has been present in Linux versions for the past 11 years.
While a proof-of-concept (PoC) for the vulnerability exists, and a practical application could occur, multiple factors need to align, first. For example, the attacker needs to have physical access to a Linux server, to which multiple other potential victims are already connected through the terminal. If you’re still worried about your Linux server being targeted, there is a solution. Linux released an upgrade to linux-utils v.2.40, which patches the vulnerability.
Usually, these updates are available through the LInux distribution’s standard update channel, so keep an eye out. Furthermore, system administrators can fix the issue by removing the setgid permission from the “wall” command, or by disabling the message broadcast functionality using the “mesg” command to set its flag to “n”.
