Enlarge/ The Chrome nightly download page with an important section highlighted.
Ron Amadeo
Chrome is landing on a new platform: Windows on Arm. We don’t have an official announcement yet, but X user Pedro Justo was the first to spot that the Chrome Canary page now quietly hosts binaries for “Windows 11 Arm.”
Chrome has run on Windows for a long time, but that’s the x86 version. It also supports various Arm OSes, like Android, Chrome OS, and Mac OS. There’s also Chromium, the open source codebase on Chrome, which has run on Windows Arm for a while now, thanks mostly to Microsoft’s Edge browser being a Chromium derivative. The official “Google Chrome” has never been supported on Windows on Arm until now, though.
Windows may be a huge platform, but “Windows on Arm” is not. Apple’s switch to the Arm architecture has been a battery life revelation for laptops, and in the wake of that, interest in Windows on Arm has picked up. A big inflection point will be the release of laptops with the Qualcomm Snapdragon X Elite SoC in mid-2024. Assuming Qualcomm’s pre-launch hype pans out, this will be the first Arm on Windows chip to be in the same class as Apple Silicon. Previously, Windows on Arm could only run Chrome as an x86 app via a slow translation layer, so getting the world’s most popular browser to a native quality level in time for launch will be a big deal for Qualcomm.
The “Canary” channel is Chrome’s nightly builds channel, so fresh Arm builds should be arriving at a rapid pace. Usually, Canary features take about two months to hit the stable channels, which would be plenty of time for the new Snapdragon chip. It’s hard to know if Google will stick to that timeline, as this is a whole new architecture/OS combo. But again, most of the work has been ongoing for years now. The next steps would be rolling out Windows Arm dev and beta channels soon.
To comply with European Union regulations, Apple has introduced sweeping changes that make iOS and Apple’s other operating systems more open. The changes are far-reaching and touch many parts of the user experience on the iPhone. They’ll be coming as part of iOS 17.4 in March.
Apple will introduce “new APIs and tools that enable developers to offer their iOS apps for download from alternative app marketplaces,” as well as a new framework and set of APIs that allow third parties to set up and manage those stores—essentially new forms of apps that can download other apps without going through the App Store. That includes the ability to manage updates for other developers’ apps that are distributed through the marketplaces.
The company will also offer APIs and a new framework for third-party web browsers to use browser engines other than Safari’s WebKit. Until now, browsers like Chrome and Firefox were still built on top of Apple’s tech. They essentially were mobile Safari, but with bookmarks and other features tied to alternative desktop browsers.
The changes also extend to NFC technology and contactless payments. Previously, only Apple Pay could fully access those features on the iPhone. Now, Apple will introduce new APIs that will let developers of banking and wallet apps gain more comparable access.
Developers will have new options for using alternative payment service providers within apps and for directing users to complete payments on external websites via link-outs. They’ll be able to use their apps to tell users about promotions and deals that are offered outside of those apps. (Apple warns that it will not be able to provide refunds or support for customers who purchased something outside its own payment system.)
Apple says it will give users in the European Union the ability to pick default App Stores or default contactless payment apps, just like they already can for email clients or web browsers. EU users will be prompted to pick a default browser when they first open Safari in iOS 17.4 or later, too.
Developers can “submit additional requests for interoperability with iPhone and iOS hardware and software features” via a new form.
All of the above changes impact only the EU; Apple won’t bring them to the United States or other regions at this time. There is one notable change that extends beyond Europe, though: Apple says that “developers can now submit a single app with the capability to stream all of the games offered in their catalog.” That opens the door for services like Microsoft’s Xbox Game Pass or Nvidia’s GeForce Now.
Apple notes that “each experience made available in an app on the App Store will be required to adhere to all App Store Review Guidelines,” which could still pose some barriers for game streamers.
Step 1: get the phone as close to your face as possible.
Google
Step two: Over a period of four seconds, move the phone from the center of your forehead to your temple.
Google
Do all that correctly and you’ll get a body temperature reading.
Google
Most Pixel 8 Pro owners have probably forgotten that there’s an infrared temperature sensor on the back of the phone next to the LED camera flash. But it’s still there, and almost four months after launch, it’s getting a new feature: body temperature measurement. The four-month hold-up is because body temperature sensors are regulated as medical devices, so Google needed FDA approval to enable the feature. The company has a blog post detailing the feature, which says: “In clinical trials, our software algorithm was able to calculate body temperature in the range of 96.9°F–104°F (36.1°C–40°C) to within ±0.3°C when compared with an FDA-cleared temporal artery thermometer. In layman’s terms, this means the Pixel body temperature feature is about as accurate as other temporal artery thermometers.” The feature only works in the US.
Like everything about the Pixel 8 Pro’s temperature sensor, the basic feature idea sounds fine (if not several years late), but the execution leaves much to be desired. Google has a support page detailing how to use the body temperature sensor, and you’ll need to slowly swipe the phone across your entire face over four seconds to get a reading. The sensor needs to be extremely close to your face to work; Google says it wants the phone “as close as possible to the skin without touching.” If you wear glasses, you’ll need to take them off, because the phone needs to be so close to your face it will hit them. If you manage all that, you’ll get a body temperature reading that you can save to your Fitbit profile.
We found the temperature sensor to be the biggest negative mark in our Pixel 8 Pro review. I’m not entirely sure a well-executed temperature sensor would be a useful feature on a phone, but the Pixel 8’s temperature sensor is just such a hassle to use. Besides forehead measuring, it can also check the temperature of objects, but it only has a range of two inches. There’s also no camera feed or any targeting system to be sure of what you’re measuring—you get a blank screen with a “measure” button, you press it, and a number appears. Temperature sensing also stops the instant it reads any single temperature—it’s not continuous. All the user experience problems made the temperature sensor instantly forgettable. The body temperature addition isn’t helping and feels like a feature that would be better suited for a smartwatch.
The feature is rolling out as part of the January 2024 Pixel update (this isn’t the Google Play update that’s bricking phone storage. That’s a different update!). It also includes the “Circle to Search” feature that was announced during the Galaxy S24 launch, and AI-powered “Magic compose” for the Google Messages app. Google says the features will roll out “over the next few weeks.”
It’s almost hard to believe this is happening again, but Pixel users are reporting that an OS update has locked them out of their phones’ internal storage, causing app crashes, non-functional phones, and a real possibility of data loss. Over in the Google Pixel subreddit, user “Liv-Lyf” compiled a dozen posts that complain of an “internal storage access issue” and blame the January 2024 Google Play system update.
In October, Pixel phones faced a nightmare storage bug that caused bootlooping, inaccessible devices, and data loss. The recent post says, “The symptoms are all the same” as that October bug, with “internal storage not getting mounted, camera crashes, Files app shows no files, screenshots not getting saved, internal storage shows up empty in ADB Shell, etc.” When asked for a comment, Google told Ars, “We’re aware of this issue and are looking into it,” and a Google rep posted effectively the same statement in the comments.
In the October bug, users were locked out of their system storage due to a strange permissions issue. Having a phone try to run without any user access to your own storage is a mess. It breaks the camera and screenshots because you can’t write media. File Managers read “0 bytes” for every file and folder. Nothing works over USB, and some phones, understandably, just fail to boot. The issue in October arrived as part of the initial Android 14 release and only affected devices that had multiple users set up.
Picking through the posts, it’s unclear if there’s a certain type of user that should be more wary of the January 2024 Google Play update. Some users say they haven’t enabled the multiple-user functionality, but severalmention having a work profile enabled. Work Profiles aren’t quite “multiple users,” but the system leverages a lot of multi-user features to let users have duplicate “personal” and “work” copies of the same apps. Many users don’t say if they have a work profile or not.
The “January 2024 Google Play system update” isn’t the usual OTA system update but is a Project Mainline or APEX module. These take core system components and wrap them up into easily distributable packaging where they can be delivered via the Play Store, much like an app, but with way more permissions (only Google can make Play system updates). Google posts release notes for Play system updates, and there’s nothing in the January 2024 update that jumps out as the potential cause of a storage access problem. You can check your current version on a Pixel phone by going to Settings, Security & Privacy, then “System & updates.” At the bottom, you’ll see a month and year for your “Google Play system update” level. DO NOT tap on this section because that will bring up the update screen.
Google’s “we’re looking into it” statement doesn’t give users much guidance on how they should deal with this in the meantime. A good first step, at any time, is to ensure you have backups of all your important phone data. Obviously, avoiding the January 2024 Google Play system update is recommended for now, but I don’t think there’s a way for users to do that. Google Play system updates don’t offer users any controls, so you’re mostly hoping an automatic update doesn’t brick your phone. The good news is that the Google Play system often fails to check for updates. They get installed on reboot, so try not to power cycle your phone. Disabling a work profile and any other multi-user features sounds like a good idea if you can manage that. There are instructions here.
Enlarge/ Jason Bateman and Laura Linney in the Netflix original series Ozark.
Netflix subscribers can expect more price hikes as the company looks to grow revenue in 2024. In its Q4 2023 letter to shareholders, Netflix also revealed plans to eliminate the cheapest ad-free plan available to users.
As we invest in and improve Netflix, we’ll occasionally ask our members to pay a little extra to reflect those improvements, which in turn helps drive the positive flywheel of additional investment to further improve and grow our service.
The statement will be unsavory for frugal streamers who have recently endured price hikes from Netflix and other streaming services. In January 2022, Netflix increased the price of its Basic no-ads tier from $8.99 per month to $9.99/month. In October 2023, that same plan went up to $11.99/month. Meanwhile, Netflix’s Premium ad-free plan increased from $17.99/month to $19.99/month in January 2022 and then to $22.99/month in October.
Netflix has attributed its price hikes to added features, like 4K streaming and gaming. But subscription fees remain the biggest source of revenue for Netflix, giving it obvious reason to leave a door open for even more price hikes in the near future.
Netflix has also used price hikes to encourage users to subscribe to its ad tier, where it has made more average revenue per user. Netflix with ads has cost $6.99/month since launching in November 2022 and has seen feature improvements, like moving from 720p resolution streams to 1080p.
Killing off the cheapest ad-free plan
In another attempt to push subscribers into watching ads on Netflix, the streaming company stopped offering new subscribers the aforementioned $11.99/month, ad-free Basic plan. It included 720p resolution, downloadable content, and support for one device. The change spiked the cheapest price for ad-free Netflix 55.06 percent to $15.49/month.
Netflix customers who were already subscribed to the ad-less Basic plan have been allowed to keep using it. But it seems like that grace period will soon end.
Netflix’s letter reads:
The ads plan now accounts for 40 percent of all Netflix sign-ups in our ads markets and we’re looking to retire our Basic plan in some of our ads countries, starting with Canada and the UK in Q2 and taking it from there.
Netflix originally cut the Basic plan in Canada before following suit in the US and UK. Combined with the fact that most of Netflix’s North American users are from the US, it’s expected that Netflix will cut the Basic plan in the US, too.
Netflix’s letter said ad membership grew when it stopped offering the Basic ad-free plan to new subscribers. Ad tier membership grew almost 70 percent quarter over quarter in Q4 2023. The tier has over 23 million subscribers, per Bloomberg.
During an earnings call on Tuesday, Netflix co-CEO Greg Peters noted Netflix’s 2024 priorities as including “pricing optimization” to help improve operating margins and grow revenue and its ad business.
Netflix’s ad business: years of work ahead
Netflix said this week that it has 260.28 million subscribers globally (for comparison, Disney+ has 66.1 million subscribers, Hulu 48.5 million, and Amazon Prime Video is estimated to have about 180.1 million). That’s after adding 13.1 million subscribers in Q4 2023, Netflix’s biggest Q4 yet.
But despite currently besting competitors in subscriber count and cash flow, Netflix faces similar challenges when it comes to wooing advertisers that may be unaccustomed to working with streaming services (which previously had limited advertising opportunities). While Netflix has seen revenue grow from other efforts, like password crackdowns and price hikes, it plans to focus heavily on scaling its ad business over the coming years.
“I’d say we got years of work ahead of us to take the ads business to the point where it’s a material impactor to our general business,” Peters said.
Netflix is already trying to strong-arm customers onto its ad plan. The streaming bundle plan that T-Mobile offers will no longer include ad-free Netflix. Anyone who had ad-less Netflix through a T-Mobile bundle is getting downgraded. Peters said this week that under the previous bundle, “it was hard to make the economics work for everyone.”
Ultimately, the amount of ad dollars up for grabs, including from the declining linear TV networks, is too tasty for streaming services to pass up.
On Tuesday, Netflix announced a $5 billion, 10-year deal to stream World Wrestling Entertainment’s (WWE’s) Raw live on Netflix. The company was able to win a deal out from long-time Raw network USA, which is owned by NBCUniversal. NBCUniversal’s Peacock streaming service also has the rights to some WWE events. But Netflix’s seizure of Raw illustrates its interest in ad dollars from live sports and its pull and budget compared to aging broadcast and cable networks. Looking ahead, we expect to see Netflix consider additional live events that can appeal to advertisers.
Netflix said this week that it’s not anticipating the same amount of subscriber growth that it enjoyed in 2023 in 2024. But it does expect double-digit revenue growth. That newfound money has to come from somewhere. If Netflix can’t pull it all from new subscribers, it will force it out of existing customers through higher prices and ads.
The design looks just like last year, but there’s this new marble green color.
OnePlus
This weird circle + wraparound camera bump is still here.
OnePlus
The top and bottom. There’s an IR blaster on the top.
OnePlus
The black version.
OnePlus
The sides. That camera bump makes the phone unstable on a table.
OnePlus
OnePlus previously announced the OnePlus 12 flagship smartphone in December, but now it’s getting a US release and pricing. The phone ships on February 6 in the US and Canada with a $800 price tag. OnePlus is also bringing the rather interesting OnePlus 12R to the US, a 6.8-inch device running last year’s flagship Qualcomm chip, the Snapdragon 8 Gen 2, for $500.
$800 is a pretty good price for a flagship phone. Samsung’s 6.8-inch flagship is the $1,300 Galaxy S24. The Pixel 8 Pro is a $1,000, so OnePlus is undercutting the competition quite a bit. As we said, this device was already announced in December, but the highlights are an impressive 5400 mAh battery and super fast charging. The phone has 80 W proprietary wired charging in the US and 100 W internationally, while wireless charging is 50 W. OnePlus says 80 W is still fast enough to go from 1 percent to 100 percent in 30 minutes. OnePlus only promises an IP65 dust and water resistance rating, so it’s not submergible, which is worse than most flagships. Other than that, it’s a lot of normal flagship things: a 6.82-inch, 3168×1440 120 Hz OLED that—unlike Samsung and Google—is still curved, a Snapdragon 8 Gen 3, and too many cameras.
The 24GB of RAM/1TB of storage spec apparently isn’t coming to the US—the $800 model is 12GB of RAM and 256GB of storage, and there’s a single higher tier of 16GB of RAM and 512GB of storage for $900. The white color is also not arriving here. You get black for $800, with the $900 model arriving in black or green.
I had to double-check this, but this is OnePlus 12R. It’s nearly identical to the other phone.
OnePlus
There’s still a mute switch on the side there.
OnePlus
The sides.
OnePlus
The top and bottom.
OnePlus
As for the OnePlus 12R, these “R” models usually don’t come to the US, but this one is headed here on February 13. On the surface, you’re not missing a lot with the lower price. There’s still a 6.78-inch 120Hz OLED display, and while the resolution is 2780×1264 that’s still totally fine 450 ppi. There’s a plenty-fast Snapdragon 8 Gen 2, what must be an industry-leading 5500 mAh battery, an in-screen fingerprint reader, NFC, and 80 W charging. Compare this to a $500 Pixel 7a, which still has a “flagship” class SoC, the Google Tensor G2, but it only has a 6.1-inch, 90 Hz display and a barely there 4385 mAh battery. OnePlus is jumping back into the value phone game.
Now we’re starting to find downgrades: The phone has 8GB of RAM and 128GB of UFS 4.0 storage. The cameras are downgraded, too. The main sensor is a 50 MP Sony IMX890, which is usually a secondary camera on other phones. Then the other two rear cameras sound like junk: an 8 MP wide-angle camera with no autofocus and a 2 MP “macro lens. The front camera is 16 MP and also doesn’t have autofocus. The phone has an IP64 dust and water resistance rating, which means it’s only “splash proof”—I don’t even think you can run it under a sink faucet. (Sometimes, I wash my IP68 phone in the sink like it’s a dirty dish!) There’s also no wireless charging.
Enlarge/ Failing an image of the proposed reference hardware by the OpenWrt group, let us gaze upon where this all started: inside a device that tried to quietly use open source software without crediting or releasing it.
Jim Salter
OpenWrt, the open source firmware that sprang from Linksys’ use of open source code in its iconic WRT54G router and subsequent release of its work, is 20 years old this year. To keep the project going, lead developers have proposed creating a “fully upstream supported hardware design,” one that would prevent the need for handling “binary blobs” in modern router hardware and let DIY router enthusiasts forge their own path.
OpenWRT project members, 13 of which signed off on this hardware, are keeping the “OpenWrt One” simple, while including “some nice features we believe all OpenWrt supported platforms should have,” including “almost unbrickable” low-level firmware, an on-board real-time clock with a battery backup, and USB-PD power. The price should be under $100 and the schematics and code publicly available.
But OpenWrt will not be producing or selling these boards, “for a ton of reasons.” The group is looking to the Banana Pi makers to distribute a fitting device, with every device producing a donation to the Software Freedom Conservancy earmarked for OpenWrt. That money could then be used for hosting expenses, or “maybe an OpenWrt summit.”
OpenWrt tries to answer some questions about its designs. There are two flash chips on the board to allow for both a main loader and a write-protected recovery. There’s no USB 3.0 because all the USB and PCIe buses are shared on the board. And there’s such an emphasis on a battery-backed RTC because “we believe there are many things a Wi-Fi … device should have on-board by default.”
But members of the site have more questions, some of them beyond the scope of what OpenWrt is promising. Some want to see a device that resembles the blue boxes of old, with four or five Ethernet ports built in. Others are asking about a lack of PoE support, or USB 3.0 for network-attached drives. Some are actually wondering why the proposed device includes NVMe storage. And quite a few are asking why the device has 1Gbps and 2.5Gbps ports, given that this means anyone with Internet faster than 1Gbps will be throttled, since the 2.5 port will likely be used for wireless output.
There is no expected release date, though it’s noted that it’s the “first” community-driven reference hardware.
OpenWrt, which has existed in parallel with the DD-WRT project that sprang from the same firmware moment, powers a number of custom-made routers. It and other open source router firmware faced an uncertain future in the mid-2010s, when Federal Communications Commission rules, or at least manufacturers’ interpretation of them, made them seem potentially illegal. Because open firmware often allowed for pushing wireless radios beyond their licensed radio frequency parameters, firms like TP-Link blocked them, while Linksys (at that point owned by Belkin) continued to allow them. In 2020, OpenWrt patched a code-execution exploit due to unencrypted update channels.
Apple yesterday released iOS and iPadOS 17.3 as well as watchOS 10.3, tvOS 17.3, and macOS Sonoma 14.3 for all supported devices.
iOS 17.3 primarily adds collaborative playlists in Apple Music, and what Apple calls “Stolen Device Protection.” Collaborative playlists have been on a bit of a journey; they were promised as part of iOS 17, then added in the beta of iOS 17.2, but removed before that update went live. Now they’re finally reaching all users.
When enabled, Stolen Device Protection requires Face ID or Touch ID authentication “with no passcode fallback” for some sensitive actions on the phone.
And a related feature called Security Delay requires one use of Face ID or Touch ID, then a full hour’s wait, then another biometric authentication before certain particularly important actions can be performed, like changing the device’s passcode.
Other iOS 17.3 additions include support for AirPlay in participating hotels, an improved view for seeing the warranty status of all your devices, a new Unity wallpaper honoring Black History Month, and “crash detection optimizations.”
As is so often the case for these simultaneous operating system updates from Apple, iOS is the most robust. macOS 14.3 also adds the collaborative playlist feature and the AppleCare & Warranty Settings panel, but that’s about it as far as user-facing additions.
watchOS 10.3 adds a new 2024 Black Unity face that is meant to pair with a new watchband by the same name. And tvOS 17.3 simply reintroduces the previously removed iTunes Movie and TV Show Wishlist feature.
iOS 17.3 release notes
Stolen Device Protection
Stolen Device Protection increases security of iPhone and Apple ID by requiring Face ID or Touch ID with no passcode fallback to perform certain actions
Security Delay requires Face ID or Touch ID, an hour wait, and then an additional successful biometric authentication before sensitive operations like changing device passcode or Apple ID password can be performed
Lock Screen
New Unity wallpaper honors Black history and culture in celebration of Black History Month
Music
Collaborate on playlists allows you to invite friends to join your playlist and everyone can add, reorder, and remove songs
Emoji reactions can be added to any track in a collaborative playlist
This update also includes the following improvements:
AirPlay hotel support lets you stream content directly to the TV in your room in select hotels
AppleCare & Warranty in Settings shows your coverage for all devices signed in with your Apple ID
Crash detection optimizations (all iPhone 14 and iPhone 15 models)
macOS 14.3 Sonoma release notes
Collaborate on playlists in Apple Music allows you to invite friends to join your playlist and everyone can add, reorder, and remove songs
Emoji reactions can be added to any track in a collaborative playlist in Apple Music
AppleCare & Warranty in Settings shows your coverage for all devices signed in with your Apple ID
Enlarge/ Exterior view of a Googleplex building, the corporate headquarters of Google and parent company Alphabet, May 2018.
Google/Alphabet CEO Sundar Pichai wasn’t kidding when, earlier this month, he said more layoffs are coming. The latest group to be hit is Alphabet’s X Lab, which is losing “dozens of employees,” according to a new report from Bloomberg. This is something like the 11th Google layoff announcement we’ve covered in the past 12 months and the fourth one this month.
The X Lab is Alphabet’s “moonshot” experimental group, which is responsible for wild concepts like a wearable head-up display, a self-driving car, smart contact lenses, flying Internet balloons, and delivery drones. This is the age of Google cost-cutting, and you’ll notice none of those projects is a rip-roaring commercial success. On Google’s financials, the X Lab is part of Alphabet’s “Other Bets” group, which burns through around a billion dollars every quarter. It’s a research arm, so the hope is that spending all this money will someday lead to new revenue streams. For the short-term Wall Street types, though, it’s a money loser, quarter to quarter, and that makes it a prime candidate for cuts.
Bloomberg has a copy of the memo announcing the cuts to the X Labs staff, and there’s more in there than just layoffs. X Lab CEO Astro Teller writes: “We’re expanding our approach to focus on spinning out more projects as independent companies funded through market-based capital. We’ll do this by opening our scope to collaborate with a broader base of industry and financial partners, and by continuing to emphasize lean teams and capital efficiency.” Basically, Google wants these money losers to find their own funding somewhere else, at least partially.
The “outside funding” model isn’t new for some of Alphabet’s biggest and most promising “Other Bets” projects. The self-driving car company, Waymo, took rounds of outside funding in 2020 and 2021, racking up over $5 billion of cash that didn’t come from the Google Ads money geyser. Verily, Alphabet’s health care data analytics company, has also raised billions in outside funding. Both groups started as X projects and later “graduated” to full-fledged Alphabet companies. Others, like Project Loon (Internet balloons) and Sidewalk Infrastructure Partners (infrastructure planning), were X or Alphabet companies and were spun out as fully independent entities, separate from the Alphabet earnings sheet. Apparently, Alphabet wants to push X projects down one of those two paths.
On one hand, outside funding will result in a tougher, more critical eye for some of these projects. On the other hand, the Bloomberg report notes that “Alphabet could only accommodate so many Other Bets, creating a bottleneck for X ventures that were ready to take the next step, according to one of the people with knowledge of the matter. Startups within X often faced a choice between waiting for a spot to open up or striking out on their own.”
Last Thursday, HP CEO Enrique Lores addressed the company’s controversial practice of bricking printers when users load them with third-party ink. Speaking to CNBC Television, he said, “We have seen that you can embed viruses in the cartridges. Through the cartridge, [the virus can] go to the printer, [and then] from the printer, go to the network.”
That frightening scenario could help explain why HP, which was hit this month with another lawsuit over its Dynamic Security system, insists on deploying it to printers.
Dynamic Security stops HP printers from functioning if an ink cartridge without an HP chip or HP electronic circuitry is installed. HP has issued firmware updates that block printers with such ink cartridges from printing, leading to the above lawsuit (PDF), which is seeking class-action certification. The suit alleges that HP printer customers were not made aware that printer firmware updates issued in late 2022 and early 2023 could result in printer features not working. The lawsuit seeks monetary damages and an injunction preventing HP from issuing printer updates that block ink cartridges without an HP chip.
But are hacked ink cartridges something we should actually be concerned about?
To investigate, I turned to Ars Technica Senior Security Editor Dan Goodin. He told me that he didn’t know of any attacks actively used in the wild that are capable of using a cartridge to infect a printer.
Goodin also put the question to Mastodon, and cybersecurity professionals, many with expertise in embedded-device hacking, were decidedly skeptical.
Another commenter, going by Graham Sutherland / Polynomial on Mastodon, referred to serial presence detect (SPD) electrically erasable programmable read-only memory (EEPROM), a form of flash memory used extensively in ink cartridges, saying:
I’ve seen and done some truly wacky hardware stuff in my life, including hiding data in SPD EEPROMs on memory DIMMs (and replacing them with microcontrollers for similar shenanigans), so believe me when I say that his claim is wildly implausible even in a lab setting, let alone in the wild, and let alone at any scale that impacts businesses or individuals rather than selected political actors.
HP’s evidence
Unsurprisingly, Lores’ claim comes from HP-backed research. The company’s bug bounty program tasked researchers from Bugcrowd with determining if it’s possible to use an ink cartridge as a cyberthreat. HP argued that ink cartridge microcontroller chips, which are used to communicate with the printer, could be an entryway for attacks.
As detailed in a 2022 article from research firm Actionable Intelligence, a researcher in the program found a way to hack a printer via a third-party ink cartridge. The researcher was reportedly unable to perform the same hack with an HP cartridge.
Shivaun Albright, HP’s chief technologist of print security, said at the time:
A researcher found a vulnerability over the serial interface between the cartridge and the printer. Essentially, they found a buffer overflow. That’s where you have got an interface that you may not have tested or validated well enough, and the hacker was able to overflow into memory beyond the bounds of that particular buffer. And that gives them the ability to inject code into the device.
Albright added that the malware “remained on the printer in memory” after the cartridge was removed.
HP acknowledges that there’s no evidence of such a hack occurring in the wild. Still, because chips used in third-party ink cartridges are reprogrammable (their “code can be modified via a resetting tool right in the field,” according to Actionable Intelligence), they’re less secure, the company says. The chips are said to be programmable so that they can still work in printers after firmware updates.
HP also questions the security of third-party ink companies’ supply chains, especially compared to its own supply chain security, which is ISO/IEC-certified.
So HP did find a theoretical way for cartridges to be hacked, and it’s reasonable for the company to issue a bug bounty to identify such a risk. But its solution for this threat was announced before it showed there could be a threat. HP added ink cartridge security training to its bug bounty program in 2020, and the above research was released in 2022. HP started using Dynamic Security in 2016, ostensibly to solve the problem that it sought to prove exists years later.
Further, there’s a sense from cybersecurity professionals that Ars spoke with that even if such a threat exists, it would take a high level of resources and skills, which are usually reserved for targeting high-profile victims. Realistically, the vast majority of individual consumers and businesses shouldn’t have serious concerns about ink cartridges being used to hack their machines.
Windows 11’s big feature update in September included a long list of minor changes, plus the Copilot AI assistant; that update was followed by Windows 11 23H2 in late October, which reset the operating system’s timeline for technical support and security updates but didn’t add much else in and of itself. But Windows development never stops these days, and this month’s Insider Preview builds have already shown us a few things that could end up in the stable version of the operating system in the next couple of months.
One major addition, which rolled out to Dev Channel builds on January 11 and Beta Channel builds today, is support for 80Gbps USB 4 ports. These speeds are part of the USB4 Version 2.0 spec—named with the USB-IF’s typical flair for clarity and consistency—that was published in 2022. Full 80Gbps speeds are still rare and will be for the foreseeable future, but Microsoft says that they’ll be included the Razer Blade 18 and a handful of other PCs with Intel’s 14th-generation HX-series laptop processors. We’d expect the new speeds to proliferate slowly and mostly in high-end systems over the next few months and years.
Another addition to that January 11 Dev Channel build is a change in how the Copilot generative AI assistant works. Normally, Copilot is launched by the user manually, either by clicking the icon on the taskbar, hitting the Win+C key combo, or (in some new PCs) by using the dedicated Copilot button on the keyboard. In recent Dev Channel builds, the Copilot window will open automatically on certain PCs as soon as you log into Windows, becoming part of your default desktop unless you turn it off in Settings.
The Copilot panel will only open by default on screens that meet minimum size and resolution requirements, things that Windows already detects and takes into account when setting your PC’s default zoom and showing available Snap Layouts, among other things. Microsoft says it’s testing the feature on screens that are 27 inches or larger with 1,920 or more horizontal pixels (for most screens, this means a minimum resolution of 1080p). For PCs without Copilot, including those that haven’t been signed into a Microsoft account, the feature will continue to be absent.
Enlarge/ The “richer weather experience on the Lock screen,” seen in the bottom-center of this screenshot.
Microsoft
Other additions to the Dev Channel builds this month include easy Snipping Tool editing for Android screenshots from phones that have been paired to your PC, custom user-created voice commands, the ability to share URLs directly to services like WhatsApp and Gmail from the Windows share window, a new Weather widget for the Windows lock screen, and app install notifications from the Microsoft store.
Microsoft hasn’t publicized any of the changes it has made to its Canary channel builds since January 4—this is typical since it changes the fastest, and the tested features are the most likely to be removed or significantly tweaked before being released to the public. Most of the significant additions from that announcement have since made it out to the other channels, but there are a couple of things worth noting. First, there’s a new Energy Saver taskbar icon for desktop PCs without batteries, making it easier to tell when the feature is on without creating confusion. And the venerable WordPad app, originally marked for deletion in September, has also been removed from these builds and can’t be reinstalled.
Microsoft doesn’t publish Windows feature updates on an exact cadence beyond its commitment to deliver one with a new version number once per year in the fall. Last year’s first major batch of Windows 11 additions rolled out at the end of February, so a late winter or early spring launch window for the next batch of features could make sense.
Apple’s Vision Pro went up for preorder this morning at 8 am ET. As expected, shipment dates for preorders quickly backed up to March as initial supply was accounted for. Regardless of whether you’re in for the start or taking a wait-and-see approach with Apple’s ultra-pricey new device, though, we have access to a little more information about the device than we did before thanks to updates to the Apple Store website.
The product page for Vision Pro reveals configurations and pricing, and a new specs page clarifies answers to some questions we’ve had for a while now.
You’ll find all the relevant new information below. We’ve also updated our “What to expect from Apple Vision Pro” roundup with new information from the specs page.
Hardware specifications
As previously rumored, the Vision Pro has a variant of the M2 chip with an 8-core CPU (4 performance cores and 4 efficiency), a 10-core GPU, and a 16-core NPU. It has 16GB of unified memory.
There’s also the new R1 chip, which Apple claims achieves “12‑millisecond photon‑to‑photon latency” and 256GB/s memory bandwidth.
As for the display, we didn’t learn too much new here. As Apple has stated before, the two displays push 23 million pixels combined. They support refresh rates of 90 Hz, 96 Hz, and 100 Hz, and support playback of 24 fps and 30 fps video. Apple claims 92 percent DCI-P3.
The specs page also reveals that Vision Pro supports AirPlay at up to 1080p on iPhones, Macs, Apple TVs, and AirPlay-capable smart TVs.
Storage comes in three configurations. The base 256GB model costs $3,499. Bumping up to 512GB adds $200, and going to 1TB adds another $200.
The device’s camera supports both spatial photo and video capture, and Apple lists the specs as an 18 mm, ƒ/2.00 aperture at 6.5 stereo megapixels.
Additionally, there are six world-facing tracking cameras, four eye-tracking cameras, a TrueDepth sensor, a lidar scanner, four inertial measurement units, a flicker sensor, and an ambient light sensor. The headset authenticates the user by looking at their iris.
On the audio front, we’re looking at a six-mic array for audio capture. Apple isn’t super specific on the specs page about the speakers, noting only that the device offers “spatial audio with dynamic head tracking” like AirPods Pro and “personalized Spatial Audio and audio ray tracing.” Vision Pro also supports low-latency, lossless audio with the second generation of AirPods Pro.
Connectivity options include Wi-Fi 6 and Bluetooth 5.3.
Apple promises two hours of battery life for “general use” and says video watching can be up to 2.5 hours. The specs page also clarifies that Vision Pro can be used while charging the battery, which is something Apple had previously stated but then confusingly removed from its online documentation. This page seems to settle that.
The headset weighs between 21.2 and 22.9 ounces (600–650 g) depending on the light seal and headband used. That doesn’t include the battery pack, which weighs 353 g. That means Apple made the headset substantially lighter by pushing the battery to a separate unit.
Accessories and additional purchase options
As with its other hardware products, Apple offers AppleCare+ for Vision Pro. It’s $499 for two years, or $24.99 per month for perpetual coverage.
That price might seem awfully steep, but Apple lists the repair fees for the device on its service page and repairs without AppleCare+ will be even pricier—up to $2,399, depending on what’s broken. Any damage to the front glass panel will cost $799 to fix.
Apple Vision Pro Travel Case.
Apple
Apple Vision Pro battery.
Apple
Apple Vision Pro Solo Knit Band.
Apple
Apple Vision Pro Dual Loop Band.
Apple
Apple Vision Pro Light Seal.
Apple
Apple Vision Pro Light Cushion.
Apple
ZEISS Optical Inserts.
Apple
Belkin Battery Holder for Apple Vision Pro.
Apple
There are also a few optional accessories or replacement components you can buy, including:
Apple Vision Pro Travel Case ($199) – A pill-shaped case that contains and protects the headset along with its attachments and battery.
Apple Vision Pro Battery ($199) – A replacement for the battery that comes with the headset. You could also buy one of these to double your capacity while traveling, like for a long flight.
Apple Vision Pro Light Seal ($199) – The soft part of the headset that conforms to your face when you put the device on your head. This includes two light seal cushions, each in a different size.
Apple Vision Pro Light Seal Cushion ($29) – This attaches to the end of the light seal, and is intended to be removed for cleaning. It’s available in four sizes: N, N+, W, and W+.
Apple Vision Pro Solo Knit Band ($99) – One of two variations of the band that keeps Vision Pro on your head. This is the version that simply wraps around the back of your head. It’s available in three sizes: small, medium, and large.
Apple Vision Pro Dual Loop Band ($99) – The version that wraps around both the back of your head and the top. This also comes in small, medium, and large.
ZEISS Optical Inserts ($99+) – Lens inserts for those who wear glasses, as glasses won’t fit inside the device. Available in prescription and reader variations. You don’t need these if you wear soft contact lenses.
Belkin Battery Holder for Apple Vision Pro ($49.95) – A third-party accessory for either attaching Vision Pro’s battery to your belt or pants, or securing it with a cross-body strap.
