Connect with us

Biz & IT

Android developers can now force users to update their apps

Published

on

At its Android Dev Summit, Google today announced a number of new tools and features for developers that write apps for its mobile operating system. Some of those are no surprise, including support for the latest release of the Kotlin language, which is becoming increasingly popular in the Android developer ecosystem, as well as new features for the Android Jetpack tools and APIs, as well as the Android Studio IDE. The biggest surprise, though, is likely the launch of the In-app Updates API.

While the name doesn’t exactly make it sound like a break-through feature, it’s actually a big deal. With this new API, developers now get two new ways to push users to update their app.

“This is something that developers have asked us for a long time is — say you own an app and you want to make sure the user is running the latest version,” Google senior director for Android product management and developer relations Stephanie Saad Cuthbertson told me. “This is something developers really fret.”

Say you shipped your application with a major bug (it happens…) and want to make sure that every user upgrades immediately; you will soon be able to show them a full-screen blocking message that will be displayed when they first start the app again and while the update is applied. That’s obviously only meant for major bugs. The second option allows for more flexibility and allows the user to continue using the app while the update is downloaded. Developers can fully customize these update flows.

Right now, the new updates API is in early testing with a few partners and the plan is to open it to more developers soon.

As Cuthbertson stressed, the team’s focus in recent years has been on giving developers what they want. The poster child for that, she noted, is the Kotlin languages. “It wasn’t a Google-designed language and maybe not the obvious choice — but it really was the best choice,” she told me. “When you look at the past several years, you can really see an investment that started with the IDE. It’s actually only five years old and since then, we’ve been building it out, completely based on developer feedback.”

Today, the company announced that 46 percent of professional developers now use Kotlin and more than 118,000 new Kotlin projects were started in Android Studio in the last month alone (and that’s just from users who opt in to share metrics with Google), so that investment is definitely paying off.

One thing developers have lately been complaining about, though, is that build times in Android Studio have slowed down. “What we saw internally was that build times are getting faster, but what we heard from developers externally is that they are getting slower,” Cuthbertson said. “So we started benchmarking, both internally in controlled circumstances, but also for anybody who opted in, we started benchmarking the whole ecosystem.” What the team found was that Gradle, the core of the Android Studio build system, is getting a lot faster, but the system and platform you build on also has a major impact. Cuthbertson noted that the Spectre and Meltdown fixes had a major impact on Windows and Linux users, for example, as do custom plugins. So going forward, the team is building new profiling and analysis tools to allow developers to get more insights into their build times and Google will build more of its own plugins to accelerate performance.

Most of this isn’t in the current Android Studio 3.3 beta yet (and beta 3 of version 3.3 is launching today, too), but one thing Android Studio users will likely be happy to hear is that Chrome OS will get official support for the IDE early next year, using Chrome OS’s new ability to run Linux applications.

Other updates the company announced today are new Jetpack Architecture Component libraries for Navigation and Work Manager, making it easier for developers to add Android’s navigation principles into their apps and perform background tasks without having to write a lot of boilerplate code. Android App Bundles, which allow developers to modularize their applications and ship parts of them on demand, are also getting some updates, as are Instant Apps, which users can run without installing them. Using web URLs for Instant Apps is now optional and building them in Android Studio has become easier.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Biz & IT

Tesla shows off underwhelming human robot prototype at AI Day 2022

Published

on

Enlarge / The walking Optimus prototype demonstrated at the AI Day 2022 event.

Tesla

Today at Tesla’s “AI Day” press event, Tesla CEO Elon Musk unveiled an early prototype of its Optimus humanoid robot, which emerged from behind a curtain, walked around, waved, and “raised the roof” with its hands to the beat of techno music.

It was a risky reveal for the prototype, which seemed somewhat unsteady on its feet. “Literally the first time the robot has operated without a tether was on stage tonight,” said Musk. Shortly afterward, Tesla employees rolled a sleeker-looking Optimus model supported by a stand onto the stage that could not yet stand on its own. It waved and lifted its legs. Later, it slumped over while Musk spoke.

Video of Tesla AI Day 2022

The entire live robot demonstration lasted roughly seven minutes, and the firm also played a demonstration video of the walking Optimus prototype slowly picking up a box and putting it down, slowly watering a plant, and slowly moving metal parts in a factory-like setting—all while tethered to an overhead cable. The video also showed a 3D-rendered view of the world that represents what the Optimus robot can see.

Three stages of the Tesla Optimus robot so far, presented at AI Day 2022.
Enlarge / Three stages of the Tesla Optimus robot so far, presented at AI Day 2022.

Tesla

Tesla first announced its plans to built a humanoid robot during its AI Day event in August of last year. During that earlier event, a human dressed in a spandex suit resembling a robot and did the Charleston on stage, which prompted skepticism in the press.

At the AI Event today, Musk and his team emphasized that the walking prototype was an early demo developed in roughly six months using “semi-off the shelf actuators,” and that the sleeker model much more closely resembled the “Version 1” unit they wanted to ship. He said it would probably be able to walk in a few weeks.

Goals of the Optimus project include high-volume production (possibly “millions of units sold,” said Musk), low-cost (“probably less than $20,000”), and high-reliability. Comparing the plans for Optimus to existing humanoid robots from competitors, Musk also emphasized that the Optimus robot should have the brains-on-board to work autonomously, citing Tesla’s work with its automotive Autopilot system.

Tesla shared some specifications of its
Enlarge / Tesla shared some specifications of its “Latest Generation” prototype Optimus robot.

Tesla

Shortly afterward, Musk handed over the stage to Tesla engineers that gave jargon-heavy overviews about developing the power systems, actuators, and joint mechanisms that would make Optimus possible, replete with fancy graphs but with few concrete specifics about how they would apply to a shipping product. “We are carrying over most of our design experience from the car to the robot,” said one engineer, while another engineer said they drew much of their inspiration from human biology, especially in joint design.

Earlier in the demonstration, Musk said that they were having the event to “convince some of the most talented people in the world to come to Tesla and help bring this to fruition.” Musk also emphasized the public nature of Tesla several times, mentioning that if the public doesn’t like what Tesla is doing they could purchase stock and vote against it. “If I go crazy, you can fire me,” he said.

[This is a developing story and will be updated as new information comes in.]

Continue Reading

Biz & IT

High-severity Microsoft Exchange 0-day under attack threatens 220,000 servers

Published

on

Microsoft late Thursday confirmed the existence of two critical vulnerabilities in its Exchange application that have already compromised multiple servers and pose a serious risk to an estimated 220,000 more around the world.

The currently unpatched security flaws have been under active exploit since early August, when Vietnam-based security firm GTSC discovered customer networks had been infected with malicious webshells and that the initial entry point was some sort of Exchange vulnerability. The mystery exploit looked almost identical to an Exchange zero-day from 2021 called ProxyShell, but the customers’ servers had all been patched against the vulnerability, which is tracked as CVE-2021-34473. Eventually, the researchers discovered the unknown hackers were exploiting a new Exchange vulnerability.

Webshells, backdoors, and fake sites

“After successfully mastering the exploit, we recorded attacks to collect information and create a foothold in the victim’s system,” the researchers wrote in a post published on Wednesday. “The attack team also used various techniques to create backdoors on the affected system and perform lateral movements to other servers in the system.”

On Thursday evening, Microsoft confirmed that the vulnerabilities were new and said it was scrambling to develop and release a patch. The new vulnerabilities are: CVE-2022-41040, a server-side request forgery vulnerability, and CVE-2022-41082, which allows remote code execution when PowerShell is accessible to the attacker.

“​​At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems,” members of the Microsoft Security Response Center team wrote. “In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082.” Team members stressed that successful attacks require valid credentials for at least one email user on the server.

The vulnerability affects on-premises Exchange servers and, strictly speaking, not Microsoft’s hosted Exchange service. The huge caveat is that many organizations using Microsoft’s cloud offering choose an option that uses a mix of on-premises and cloud hardware. These hybrid environments are as vulnerable as standalone on-premises ones.

Searches on Shodan indicate there are currently more than 200,000 on-premises Exchange servers exposed to the Internet and more than 1,000 hybrid configurations.

Wednesday’s GTSC post said the attackers are exploiting the zero-day to infect servers with webshells, a text interface that allows them to issue commands. These webshells contain simplified Chinese characters, leading the researchers to speculate the hackers are fluent in Chinese. Commands issued also bear the signature of the China Chopper, a webshell commonly used by Chinese-speaking threat actors, including several advanced persistent threat groups known to be backed by the People’s Republic of China.

GTSC went on to say that the malware the threat actors eventually install emulates Microsoft’s Exchange Web Service. It also makes a connection to the IP address 137[.]184[.]67[.]33, which is hardcoded in the binary. Independent researcher Kevin Beaumont said the address hosts a fake website with only a single user with one minute of login time and has been active only since August.

Kevin Beaumont

The malware then sends and receives data that’s encrypted with an RC4 encryption key that’s generated at runtime. Beaumont went on to say that the backdoor malware appears to be novel, meaning this is the first time it has been used in the wild.

People running on-premises Exchange servers should take immediate action. Specifically, they should apply a blocking rule that prevents servers from accepting known attack patterns. The rule can be applied by going to “IIS Manager -> Default Web Site -> URL Rewrite -> Actions.” For the time being, Microsoft also recommends people block HTTP port 5985 and HTTPS port 5986, which attackers need to exploit CVE-2022-41082.

Microsoft’s advisory contains a host of other suggestions for detecting infections and preventing exploits until a patch is available.

Continue Reading

Biz & IT

Bruce Willis sells deepfake rights to his likeness for commercial use

Published

on

Enlarge / Deepfake Bruce Willis as he appeared in a 2021 commercial for Russian mobile company MegaFon.

MegaFon

Bruce Willis has sold the “digital twin” rights to his likeness for commercial video production use, according to a report by The Telegraph. This move allows the Hollywood actor to digitally appear in future commercials and possibly even films, and he has already appeared in a Russian commercial using the technology.

Willis, who has been diagnosed with a language disorder called aphasia, announced that he would be “stepping away” from acting earlier this year. Instead, he will license his digital rights through a company called Deepcake. The company is based in Tbilisi, Georgia, and is doing business in America while being registered as a corporation in Delaware.

In 2021, a deepfake Bruce Willis appeared in a Russian cell phone commercial for MegaFon.

Deepcake obtained Willis’ likeness by training a deep learning neural network model on his appearances in blockbuster action films from the 1990s. With his facial appearance known, the model can then apply Willis’ head to another actor with a similar build in a process commonly called a deepfake. Deepfakes have become popular in recent years on TikTok, with unauthorized deepfakes of Tom Cruise and Keanu Reeves gathering large followings.

In a statement on Deepcake’s website, Bruce Willis reportedly said:

I liked the precision of my character. It’s a great opportunity for me to go back in time. The neural network was trained on [the] content of Die Hard and Fifth Element, so my character is similar to the images of that time.

With the advent of the modern technology, I could communicate, work, and participate in filming, even being on another continent. It’s a brand new and interesting experience for me, and I [am] grateful to our team.

According to Deepcake’s website, the firm aims to disrupt the traditional casting process by undercutting it in price, saying that its method “allows us to succeed in tasks minus travel expenses, expensive filming days, insurance, and other costs. You pay for endorsement contract with the celeb’s agent, and a fee for Deepcake’s services. This is game-changingly low.”

While the Telegraph report claims that Willis is “the first Hollywood star to sell his rights to allow a ‘digital twin’ of himself to be created for use on screen,” Ars Technica could not verify that claim outside of the context of a first license with the firm Deepcake. Evidence suggests that a similar licensing precedent exists—in Hollywood, deepfakes have already been used in several Star Wars films and TV shows, for example.

Looking deeper, the concept of having a “digital twin” isn’t new to Willis, either. In 1998, he starred in a PlayStation video game called Apocalypse that involved digitizing his face and capturing the motion of his body as he acted out scenes. Still, it’s notable to see an aging actor sidelined by illness who is willing to volunteer a digital double to work for him. James Earl Jones did so recently with his voice for Darth Vader. It’s possible we’ll see much more of this as deepfake technology improves.

Continue Reading

Trending