It's long been known that Google pays Apple a hefty sum every year to ensure that it remains the default search engine on iPhone, iPad, and Mac. Now, a new report from analysts at Bernstein suggests that the payment from Google to Apple may reach $15 billion in 2021, up from $10 billion in 2020. 9to5Mac reports: In the investor note, seen by Ped30, Bernstein analysts are estimating that Google's payment to Apple will increase to $15 billion in 2021, and to between $18 billion and $20 billion in 2022. The data is based on "disclosures in Apple's public filings as well as a bottom-up analysis of Google's TAC (traffic acquisition costs) payments." Bernstein analyst Toni Sacconaghi says that Google is likely "paying to ensure Microsoft doesn't outbid it." The analysts outline two potential risks for the Google payment to Apple, including regulatory risk and Google simply deciding the deal is no longer worth it:

In an interview earlier this year, Apple's senior director of global privacy Jane Horvath offered reasoning for the deal, despite privacy concerns: "Right now, Google is the most popular search engine. We do support Google but we also have built-in support for DuckDuckGo, and we recently also rolled out support for Ecosia."

Apple's Mac has long been an afterthought for the video game industry, and few think of Google as a games company -- despite running Android, one of the biggest game platforms in the world. But Google had a plan to change those things in October 2020, according to an explicitly confidential 70-page vision document dubbed "Games Futures." From a report: The "need-to-know" document, which was caught up in the discovery process when Epic Games hauled Apple into court, reveals a tentative five-year plan to create what Google dubbed "the world's largest games platform." Google imagined presenting game developers with a single place they can target gamers across multiple screens including Windows and Mac, as well as smart displays -- all tied together by Google services and a "low-cost universal portable game controller" that gamers can pair with any device, even a TV.

Apple has released a new version of iCloud for Windows, numbered 12.5. The update adds the ability to access and manage passwords saved in iCloud from a Windows machine, a feature that users have long requested. From a report: Apple has been gradually adding more support for iCloud passwords on non-Apple platforms with mixed results. The company released a Chrome extension that synced iCloud passwords with Chrome. But like this new iCloud Passwords app, it did the bare minimum and not much else. Still, this addition is welcome for users who primarily live in the Apple ecosystem (and thus use Apple's iCloud password locker) but who sometimes have to use Windows. For example, some folks use an iPhone or a Mac most of the time but have a Windows PC that is only used to play games that can't be played on the Mac.

On Tuesday, Apple rolled out three new graphics card modules for the Intel-based Mac Pro, all based on AMD's Radeon Pro W6000 series GPU. From a report: (Apple posted a Mac Pro performance white paper [PDF] to celebrate.) The new modules (in Apple's MPX format) come in three variants, with a Radeon Pro W6800X, two W6800X GPUs, and the W6900X. Each module also adds four Thunderbolt 3 ports and an HDMI 2 port to the Mac Pro. The Mac Pro supports two MPX modules, so you could pop in two of the dual-GPU modules to max out performance. They can connect using AMD's Infinity Fabric Link, which can connect up to four GPUs to communicate with one another via a super-fast connection with much more bandwidth than is available via the PCIe bus.

"Since its own brush with antitrust regulation decades ago, Microsoft has slipped past significant scrutiny," argues a new article from The Atlantic.

But it also asks if there's now a case for another antitrust action — or if we're convinced instead that "The company is reluctantly guilty of the sin of bigness, yes, but it is benevolent, don't you see? Reformed, even! No need to cast your pen over here!" Right now, it's not illegal to be big. It's not illegal to be really big. In fact, it's not even illegal to be a monopoly. Current antitrust law allows for the possibility that you might be the sole player in your industry because you're just that well managed and your product is just that good, or it's just cost-prohibitive for any other company to compete with you. Think power utilities, such as Duke Energy, or the TV and internet giant Comcast. Antitrust law comes into play only if you use your monopoly to suppress competition or to charge unfairly high prices. (If this feels like a legal tautology, it sort of is: Who's to know what's a fair price if there isn't any competition? Nevertheless, here we are...) Yet if bigness alone is enough to draw scrutiny, Microsoft must draw it. Courts have disagreed on what size market share a product or company must own to be considered a monopoly, but the historical benchmark is about 75 percent. Estimates vary as to what percentage of computers run Microsoft's Windows operating system, but Gartner research puts it as high as 83 percent...

Biden, Khan, Senator Amy Klobuchar, and others are asking whether consumers suffer any nonfinancial harm from this lack of competition. Is switching from Windows to Apple's Mac OS unnecessarily hard? Is Windows as good a product as it would be if it faced more robust competition? When Windows has major security flaws, for example, billions of customers and companies are impacted, because of its market share. If we're wondering whether crappy airline experiences are a competition problem, should the same question apply to crappy computer security? In fact, in areas where Microsoft faces strong competition, it's reverting to some of the behaviors that got it sued in the '90s — namely, bundling. Microsoft and Amazon are essentially a duopoly when it comes to cloud services... Microsoft offers its big business customers an "integrated ecosystem" of Windows, Office, and its back-end cloud services; some analysts even point to this as a reason to keep buying Microsoft stock. That's just smart business, right? Yes, unless you're at a disadvantage by not taking the bundle. Some customers have complained that Microsoft charges extra for some Windows licenses if you're not using its cloud-computing business, Azure...

Microsoft does much more that we're happy to call "evil" when other companies are involved. It defied its own workers in favor of contracts with the Department of Defense; it's been quietly doing lots of business with China for decades, including letting Beijing censor results on its Bing search engine and developing AI that critics say can be used for surveillance and repression; it reportedly tried to sell facial-recognition technology to the DEA.

So why does none of it stick? Well, partly because it's possible that Microsoft isn't actually doing anything wrong, from a legal perspective. Yet it's so big and so dominant and owns so much expensive physical infrastructure that hardly any company can compete with it. Is that illegal? Should it be?
It's now the world's second largest tech company by market valuation — over $2 trillion and even ahead of Google, Amazon, Facebook, and Tesla (and behind only Apple). For the three months ended in June, Microsoft's net income rose 47% over the same period a year ago, according to TechCrunch, with a revenue for just those three months of $46.2 billion.

The Atlantic argues Microsoft has successfully rebranded itself as nice and a little boring, while playing up the fact that it lost a decade in consumer markets like smartphones because it was distracted by its last antitrust lawsuit. Yet meanwhile it's acquired major tech brands like LinkedIn, Minecraft, Skype, and even attempted to buy TikTok, Pinterest, and Discord (as well as "almost two dozen game-development studios to beef up its Xbox offerings"). And of course, GitHub.

An anonymous reader quotes a report from Cult of Mac: Apple is closing down internal Slack channels to stop employees discussing remote working options, reports Zoe Schiffer from The Verge. Many Cupertino employees are currently engaged in a Cold War of sorts with their employer over the remote working arrangement coming out of the coronavirus pandemic. As the arguments flare up among staff, Apple has taken the step of shuttering the Slack channels where these are taking place. "Apple recently began cracking down on Slack channels that aren't directly related to work," Schiffer wrote on Twitter. "The company bans channels 'for activities and hobbies' that aren't directly related to projects or part of official employee groups -- but this wasn't always enforced, employees say."

Two public letters from Apple employees have requested more flexible working conditions. A recent petition this month was shared on Apple's internal Slack channel, with more than 6,000 members discussing remote work. It noted that: "We continue to be concerned that this one-size-fits-all solution is causing many of our colleagues to question their future at Apple. With COVID-19 numbers rising again around the world, vaccines proving less effective against the delta variant, and the long-term effects of infection not well understood, it is too early to force those with concerns to come back to the office." According to Schiffer, "internally, [many] people feel like [Apple] isn't listening to their demands." She continues that: "Since Friday, three Apple employees have resigned specifically because of the remote work policies. One had been at the company for nearly 13 years. I've seen a bunch of these resignation notes and they're pretty heart wrenching."

Fossbytes has an article detailing how you can check to see if your mobile device is infected with the "Pegasus" spyware. What's Pegasus you ask? It's phone-penetrating spy software developed by NSO Group and sold to governments to target journalists and activists around the world. The CEO of NSO Group says law-abiding citizens have "nothing to be afraid of," but that doesn't help us sleep any better. Here's how to check if your device has been compromised (heads up: it's a bit of a technical and lengthy process): First off, you'll need to create an encrypted backup and transfer it to either a Mac or PC. You can also do this on Linux instead, but you'll have to install libimobiledevice beforehand for that. Once the phone backup is transferred, you need to download Python 3.6 (or newer) on your system -- if you don't have it already. Here's how you can install the same for Windows, macOS, and Linux. After that, go through Amnesty's manual to install MVT correctly on your system. Installing MVT will give you new utilities (mvt-ios and mvt-android) that you can use in the Python command line. Now, let's go through the steps for detecting Pegasus on an iPhone backup using MVT.

First of all, you have to decrypt your data backup. To do that, you'll need to enter the following instruction format while replacing the placeholder text (marked with a forward slash) with your custom path: "mvt-ios decrypt-backup -p password -d /decrypted /backup". Note: Replace "/decrypted" with the directory where you want to store the decrypted backup and "/backup" with the directory where your encrypted backup is located.

Now, we will run a scan on the decrypted backup, referencing it with the latest IOCs (possible signs of Pegasus spyware), and store the result in an output folder. To do this, first, download the newest IOCs from here (use the folder with the latest timestamp). Then, enter the instruction format as given below with your custom directory path: "mvt-ios check-backup -o /output -i /pegasus.stix2 /backup". Note: Replace "/output" with the directory where you want to store the scan result, "/backup" with the path where your decrypted backup is stored, and "/pegasus.stix2" with the path where you downloaded the latest IOCs.

After the scan completion, MVT will generate JSON files in the specified output folder. If there is a JSON file with the suffix "_detected," then that means your iPhone data is most likely Pegasus-infected. However, the IOCs are regularly updated by Amnesty's team as they develop a better understanding of how Pegasus operates. So, you might want to keep running scans as the IOCs are updated to make sure there are no false positives.

Starting today in the U.S. (and other countries in the not too distant future), you'll be able to encrypt the video footage captured via your Ring devices. ZDNet reports: This is done with Amazon's Video End-to-End Encryption (E2EE). If you decide to install this optional privacy feature, you'll need to install a new version of the Ring application on your smartphone. Once installed, it uses a Public Key Infrastructure (PKI) security system based on an RSA 2048-bit asymmetric account signing key pair. In English, the foundation is pretty darn secure.

Earlier, Ring already encrypted videos when they are uploaded to the cloud (in transit) and stored on Ring's servers (at rest). Law enforcement doesn't have automatic access to customer devices or videos. You choose whether or not to share footage with law enforcement. With E2EE, customer videos are further secured with an additional lock, which can only be unlocked by a key that is stored on the customer's enrolled mobile device, designed so that only the customer can decrypt and view recordings on their enrolled device. In addition, you'll need to opt into using E2EE. It doesn't turn on automatically with the software update. You'll also need to set a passphrase, which you must remember. AWS doesn't keep a copy. If you lose it, you're out of luck. [Just know that if you use E2EE, various features will be missing, such as sharing your videos, being able to view encrypted videos on Ring.com, the Windows desktop app, the Mac desktop app, or the Rapid Ring app, and the Event Timeline. E2EE also won't work with many Ring devices.] ZDNet notes that while police can still ask for or demand your video and audio content, they won't be able to decrypt your E2EE end-to-end encrypted video "because the private keys required to decrypt the videos are only stored on customer's enrolled mobile devices."

An anonymous reader quotes a report from Ars Technica: Like most Internet-of-things (IoT) devices these days, Amazon's Echo Dot gives users a way to perform a factory reset so, as the corporate behemoth says, users can "remove any... personal content from the applicable device(s)" before selling or discarding them. But researchers have recently found that the digital bits that remain on these reset devices can be reassembled to retrieve a wealth of sensitive data, including passwords, locations, authentication tokens, and other sensitive data. Most IoT devices, the Echo Dot included, use NAND-based flash memory to store data. Like traditional hard drives, NAND -- which is short for the boolean operator "NOT AND" -- stores bits of data so they can be recalled later, but whereas hard drives write data to magnetic platters, NAND uses silicon chips. NAND is also less stable than hard drives because reading and writing to it produces bit errors that must be corrected using error-correcting code.

Researchers from Northeastern University bought 86 used devices on eBay and at flea markets over a span of 16 months. They first examined the purchased devices to see which ones had been factory reset and which hadn't. Their first surprise: 61 percent of them had not been reset. Without a reset, recovering the previous owners' Wi-Fi passwords, router MAC addresses, Amazon account credentials, and information about connected devices was a relatively easy process. The next surprise came when the researchers disassembled the devices and forensically examined the contents stored in their memory. "An adversary with physical access to such devices (e.g., purchasing a used one) can retrieve sensitive information such as Wi-Fi credentials, the physical location of (previous) owners, and cyber-physical devices (e.g., cameras, door locks)," the researchers wrote in a research paper. "We show that such information, including all previous passwords and tokens, remains on the flash memory, even after a factory reset."

After extracting the flash contents from their six new devices, the researchers used the Autospy forensic tool to search embedded multimedia card images. The researchers analyzed NAND dumps manually. They found the name of the Amazon account owner multiple times, along with the complete contents of the wpa_supplicant.conf file, which stores a list of networks the devices have previously connected to, along with the encryption key they used. Recovered log files also provided lots of personal information. After dumping and analyzing the recovered data, the researchers reassembled the devices. The researchers wrote: "Our assumption was, that the device would not require an additional setup when connected at a different location and Wi-Fi access point with a different MAC address. We confirmed that the device connected successfully, and we were able to issue voice commands to the device. When asked 'Alexa, Who am I?', the device would return the previous owner's name. The re-connection to the spoofed access point did not produce a notice in the Alexa app nor a notification by email. The requests are logged under 'Activity' in the Alexa app, but they can be deleted via voice commands. We were able to control smart home devices, query package delivery dates, create orders, get music lists and use the 'drop-in' feature. If a calendar or contact list was linked to the Amazon account, it was also possible to access it. The exact amount of functionality depends on the features and skills the previous owner had used." Furthermore, the researchers were able to find the rough location of the previous owner's address by asking questions about nearby restaurants, grocery stores, and public libraries. "In a few of the experiments, locations were accurate up to 150 meters," reports Ars.

An Amazon spokeswoman said: "The security of our devices is a top priority. We recommend customers deregister and factory reset their devices before reselling, recycling, or disposing of them. It is not possible to access Amazon account passwords or payment card information because that data is not stored on the device." The threats most likely apply to Fire TV, Fire Tablets, and other Amazon devices, as well as many other NAND-based devices that don't encrypt user data, including the Google Home Mini.

Mac OS X Lion and OS X Mountain Lion can now be downloaded for free from Apple's website. "Apple has kept OS X 10.7 Lion and OS X 10.8 Mountain Lion available for customers who have machines limited to the older software, but until recently, Apple was charging $19.99 to get download codes for the updates," notes MacRumors. "The $19.99 fee dates back to when Apple used to charge for Mac updates. Apple began making Mac updates free with the launch of OS X 10.9 Mavericks, which also marked the shift from big cat names to California landmark names." From the report: Mac OS X Lion is compatible with Macs that have an Intel Core 2 Duo, Core i3, Core i5, Core i7, or Xeon processor, a minimum of 2GB RAM, and 7GB storage space. Mac OS X Mountain Lion is compatible with the following Macs: iMac (Mid 2007-2020), MacBook (Late 2008 Aluminum, or Early 2009 or newer), MacBook Pro (Mid/Late 2007 or newer), MacBook Air (Late 2008 or newer), Mac mini (Early 2009 or newer), Mac Pro (Early 2008 or newer), and Xserve (Early 2009). Macs that shipped with Mac OS X Mavericks or later are not compatible with the installer, however.

Westland Real Estate Group patrols its 1,000-unit apartment complex in Las Vegas with "a conical, bulky, artificial intelligence-powered robot" standing just over 5 feet tall, according to NBC News. Manufactured by Knightscope, the robot is equipped with four internal cameras capturing a constant 360-degree view, and can also scan and record license plates (as well as the MAC addresses of cellphones). But is it doing any good? As more government agencies and private sector companies resort to robots to help fight crime, the verdict is out about how effective they are in actually reducing it. Knightscope, which experts say is the dominant player in this market, has cited little public evidence that its robots have reduced crime as the company deploys them everywhere from a Georgia shopping mall to an Arizona development to a Nevada casino. Knightscope's clients also don't know how much these security robots help. "Are we seeing dramatic changes since we deployed the robot in January?" Dena Lerner, the Westland spokesperson said. "No. But I do believe it is a great tool to keep a community as large as this, to keep it safer, to keep it controlled."

For its part, Knightscope maintains on its website that the robots "predict and prevent crime," without much evidence that they do so. Experts say this is a bold claim. "It would be difficult to introduce a single thing and it causes crime to go down," said Ryan Calo, a law professor at the University of Washington, comparing the Knightscope robots to a "roving scarecrow." Additionally, the company does not provide specific, detailed examples of crimes that have been thwarted due to the robots.
The robots are expensive — they're rented out at about $70,000-$80,000 a year — but growth has stalled for the two years since 2018, and over four years Knightscope's total clients actually dropped from 30 to just 23. (Expenses have now risen — partly because the company is now doubling its marketing budget.)

There's also a thermal scanning feature, but Andrew Ferguson, a law professor at American University, still called these robots an "expensive version of security theater." And NBC News adds that KnightScope's been involved "in both tragic and comical episodes." In 2016, a K5 roaming around Stanford Shopping Center in Palo Alto, California, hit a 16-month-old toddler, bruising his leg and running over his foot. The company apologized, calling it a "freakish accident," and invited the family to visit the company's nearby headquarters in Mountain View, which the family declined. The following year, another K5 robot slipped on steps adjacent to a fountain at the Washington Harbour development in Washington, D.C., falling into the water. In October 2019, a Huntington Park woman, Cogo Guebara, told NBC News that she tried reporting a fistfight by pressing an emergency alert button on the HP RoboCop itself, but to no avail. She learned later the emergency button was not yet connected to the police department itself... [The northern California city] Hayward dispatched its robot in a city parking garage in 2018. The following year, a man attacked and knocked over the robot. Despite having clear video and photographic evidence of the alleged crime, no one was arrested, according to Adam Kostrzak, the city's chief information officer.
The city didn't renew its contract "due to the financial impact of Covid-19 in early 2020," the city's CIO tells NBC News. But the city had already spent over $137,000 on the robot over two years.

An anonymous reader shares a report: Blender is one of the most important open source projects, as the 3D graphics application suite is used by countless people at home, for business, and in education. The software can be used on many platforms, such as Windows, Mac, and of course, Linux. Today, Ubuntu-maker Canonical announces it will offer paid enterprise support for Blender LTS. Surprisingly, this support will not only be for Ubuntu users. Heck, it isn't even limited to Linux installations. Actually, Canonical will offer this support to Blender LTS users on Windows, Mac, and Linux.

Amazon's new Luna game streaming service is offering no-invite access on Prime Day, June 21 and 22. From a report: During that time, Prime subscribers in most of the US will be able to start a 7-day Luna trial, and can now get discounts on a Luna controller and Fire TV bundle. To access Luna currently, you must request an invitation or own a supported Fire TV device. It's available on Windows and Mac PCs, Fire TV, iPhone and iPad (via the web) and on supported Android phones. It costs $5.99 a month to access games including Resident Evil 7, Control, Tacoma, Rez Infinite and Metro Exodus. Amazon is discounting the dedicated Luna controller by 30 percent from today until June 22, reducing it to $49 from the list price $70 for Prime members. On top of that, it's offering the Fire TV stick 4K and Luna Controller in the Fire TV Gaming Bundle for $74, a discount of around $45.

Apple is finally adding support for Windows Precision Touchpad drivers in its latest Boot Camp update. The new 6.1.15 update includes support for Windows Precision Touchpad, including single tap to click, lower-right corner to right-click, down motion to scroll up, and three or four finger gestures. From a report: Various Reddit users noticed the surprise update went live yesterday, and it apparently works better than third-party solutions like Trackpad++ and mac-precision-touchpad that people have had to use for years. "Works way better than both of them with better palm and thumb detection too," says one Reddit user. Microsoft first started introducing Windows Precision Touchpad with Intel in 2013, in an effort to fix what were notorious PC trackpad issues at the time. It has taken Apple a long time to enable Windows Precision Touchpad in Boot Camp, but not every MacBook is supported. An Apple support document notes that only Mac computers with a T2 chip will be able to access Windows Precision Touchpad, which is most MacBook Air and MacBook Pro models from 2018 onward.

Several of macOS Monterey's features won't be available to users with an Intel-powered Macs. On the macOS Monterey features page, fine print indicates that the following features require a Mac with the M1 chip, including any MacBook Air, 13-inch MacBook Pro, Mac mini, and iMac model released since November 2020: 1. Portrait Mode blurred backgrounds in FaceTime videos
2. Live Text for copying and pasting, looking up, or translating text within photos
3. An interactive 3D globe of Earth in the Maps app
4. More detailed maps in cities like San Francisco, Los Angeles, New York, and London in the Maps app
5. Text-to-speech in more languages, including Swedish, Danish, Norwegian, and Finnish
6. On-device keyboard dictation that performs all processing completely offline
7. Unlimited keyboard dictation (previously limited to 60 seconds per instance)

For the first time, you can code, iterate and build apps on the iPad itself. 9to5Mac reports: Using Swift Playgrounds on iPadOS 15, customers will be able to create iPhone and iPad apps from scratch and then deploy them to the App Store. It remains to be seen how limited or not the development experience will be. It is probably notable that Apple chose not to rebrand this as "Xcode," signifying that you aren't going to be able to do everything you can do with Xcode on the Mac. TechCrunch highlights some of the other new features available in iPadOS 15: iPadOS 15 retains the overall look and feel of the current iPad operating system. The updates in the new OS are mostly centered around multitasking. The iPad's widget support gets a big update with iPadOS 15. The widgets are larger, more immersive and dynamic. And, iOS's App Library is finally available on the iPad, where it tweaks the overall user experience. The feature, added to the iPhone in 2020, presents the user with an organized view of the apps on the iPad.

Also added to iPadOS 15 is a new multitasking system. Called Split View, a drop-down menu at the top of the screen unlocks several multitasking, multiwindow options. The system seems much smoother than the current multiscreen option on iPad OS, which is clunky and hidden. With Split View a feature called Shelf makes it easy to switch between different screens and screen grouping.

One of the biggest new features of macOS Monterey, the next version of macOS announced at WWDC, is the ability to share a keyboard and mouse across an iMac, MacBook, and iPad. It's called "Universal Control" and it's coming this Fall. Ars Technica reports: Apple SVP of Software Engineering Craig Federighi demonstrated the ability to simply set an iPad near a Mac, move the cursor of the latter toward the former, and have the iPad automatically recognize it. This means users can directly drag and drop files between devices, for instance. Apple demonstrated this feature across an iMac, MacBook, and iPad in concert. Beyond that, macOS Monterey will make it possible to AirPlay video, audio, documents, and other items from an iPad or iPhone directly to a Mac.

The update also brings the Shortcuts feature first seen on iPhones and iPads, allowing users to access automated tasks and workflows on the Mac. Apple says the existing Automator app will continue to be supported with Monterey and that users will be able to import existing Automator workflows into Shortcuts. Safari will also receive something of a makeover with Monterey, bringing a thinner and visually cleaner toolbar alongside more compact tabs. Active tab bars will now house the traditional URL and search bar, and tabs can now be grouped together and accessed through Safari's sidebar. These tab groups can then be accessed and updated across Macs, iPhones, and iPads.

The update will include a number of features from the newly announced iOS 15 and iPadOS 15 updates as well. This includes a SharePlay feature that lets users share content or their current device screen over a FaceTime call and a Focus feature that filters and minimizes notifications when users indicate they are in the middle of a particular activity ("coding," "gaming," etc.).

Android and Windows users will finally be able to join FaceTime calls. From a report: During its WWDC keynote, Apple announced that FaceTime is going to be available on the web so users can call in from Android devices and Windows PCs. The video calling service was previously only available on iOS and Mac devices. Apple is turning FaceTime into a bit more of a Zoom-like video calling service with this update. FaceTime is also going to allow you to grab a link to a scheduled call, so that you can share it with people in advance and join in at the right time.

"The web browser is a crucial part of modern life, and yet it hasn't really been revised since the '90s," writes Protocol. "That may be about to change." The browser tab is an underrated thing. Most people think of them only when there are too many, when their computer once again buckles under Chrome's weight. Even the developers who build the tabs — the engineers and designers working on Chrome, Firefox, Brave and the rest — haven't done much to them. The internet has evolved in massive, earth-shaking ways over the last two decades, but tabs haven't really changed since they became a browser feature in the mid '90s.

Josh Miller, however, has big plans for browser tabs. Miller is the CEO of a new startup called The Browser Company, and he wants to change the way people think about browsers altogether. He sees browsers as operating systems, and likes to wonder aloud what "iOS for the web" might look like. What if your browser could build you a personalized news feed because it knows the sites you go to? What if every web app felt like a native app, and the browser itself was just the app launcher? What if you could drag a file from one tab to another, and it just worked? What if the web browser was a shareable, synced, multiplayer experience? It would be nothing like the simple, passive windows to the web that browsers are now. Which is exactly the goal.

The Browser Company (which everyone on the team just calls Browser) is one of a number of startups that are rethinking every part of the browser stack. Mighty has built a version of Chrome that runs on powerful server hardware and streams the browser itself over the web. Brave is building support for decentralized protocols like IPFS, and experimenting with using cryptocurrencies as a new business model for publishers. Synth is building a new bookmarks system that acts more like a web-wide inbox. Sidekick offers a vertical app launcher and makes tabs easier to organize. "A change is coming," said Mozilla CEO Mitchell Baker. "The question is just the time frame, and what's actually required to make it happen."

They have lots of different ideas, but they share a belief that the browser can, and should, be more than it is. "We don't need a new web browser," Miller said. "We need a new successor to the web browser."

While he was at the White House, Chief Digital Officer (and Miller's boss) Jason Goldman said something Miller couldn't forget. "Platforms have all the leverage," is how Miller remembers it. "And if you care about the future of the internet, or the way we use our computers, or want to improve any of the things that are broken about technology ... you can't really just build an application. Platforms, whether it's iOS or Windows or Android or Mac OS, that's where all the control is."

AmiMoJo shares a report from Tom's Hardware: Asahi Linux developer Hector Martin has revealed a covert channel vulnerability in the Apple M1 chip that he dubbed M1RACLES, and in the process, he's gently criticized the way security flaws have started to be shared with the public. Martin's executive summary for M1RACLES sounds dire: "A flaw in the design of the Apple Silicon 'M1' chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange. [...] The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision."

He also noted that this was the result of an intentional decision on Apple's part. "Basically, Apple decided to break the ARM spec by removing a mandatory feature, because they figured they'd never need to use that feature for macOS," he explained. "And then it turned out that removing that feature made it much harder for existing OSes to mitigate this vulnerability." The company would have to make a change on the silicon level with its followup to the M1 to mitigate this flaw. But he also made it clear in the FAQ that Mac owners shouldn't be particularly worried about M1RACLES because that covert channel affects two bits. It can be expanded, and Martin said that transfer rates over 1 MB/s are possible "without much optimization," but any malicious apps that might take advantage of such methods would be far more likely to share information via other channels. Calling this a two-bit vulnerability would be both technically and linguistically correct. It's a real security flaw, sure, but it's unlikely to pose a real threat to Apple's customers.