Author: Security – Computerworld

Apple admins: Update your hardware now

November 20, 2024 /

Among the first things Apple IT admins woke up to this morning was news of a pair of actively exploited zero-day attacks in the wild targeting Intel Macs, iPhones, iPads, and even Vision Pro users. Apple has already released software patches for the flaws, which is why the second thing admins realized is that they must rush through any necessary software verification process required before expediting installation of the update.

In these days of remotely managed devices and increasingly effective MDM systems, that’s far less a problem than it was in the past. You can usually make a policy change and push out updates to all your managed devices quickly.

Companies that don’t use these systems, or those that have employees using their own personal devices to access potentially sensitive internal data, must work harder to convince users to install security updates. So, what can they tell people about the latest threat that might help motivate them to install the patch today?

Why you should update immediately

First, Apple says it believes the attack is being actively used, which means any Intel system — including systems used by other people you interact with — is a potential target. “Apple is aware of a report that this issue may have been exploited,” the company said. 

Second, it slips in using flaws in software you use daily, including JavaScript and WebKit, the rendering engine that powers the Safari browser on Apple devices. In other words, everyone using Apple’s devices is a potential target. 

Finally — and perhaps best of all — Apple has already shipped a fix for the problem, maintaining its reputation for being ahead of threats, rather than echoing the approach taken by some other platforms and racing to keep up with attacks. It’s almost as if Apple’s systems remain more secure for a reason. The company addressed 20 zero-day attacks in 2023 and has guarded against just six so far this year.

Apple also shipped security patches for iOS 17 and iPad OS 17 systems and patches for Safari on macOS Ventura and Sonoma.

What the experts say

Michael Covington, vice president for portfolio strategy at Jamf, thinks all users should update at once.

“While Apple has warned that the vulnerabilities, also present in macOS, may be actively exploited on Intel-based systems, we recommend updating any device that is at risk,” he said. “With attackers potentially exploiting both vulnerabilities, it is critical that users and mobile-first organizations apply the latest patches as soon as they are able.” 

What are these attacks?

The attack vector makes use of two vulnerabilities found in macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309). The first lets attackers achieve remote code execution (RCE) through maliciously crafted web content; the second lets attackers engage in cross-site scripting attacks.

As admins will recognize, RCE exploits can enable attackers to install malware surreptitiously on infected machines, perform denial-of-service attacks, or access sensitive information, while a cross-scripting attack can help hackers grab personal data for identity theft and other nefarious ends.  No one wants to be a victim of either form of attack.

Who is using these attacks?

No information pertaining to who has been using these flaws in their attacks has been shared. With that in mind, it’s important to note that the flaws were identified by researchers at Google’s Threat Analysis Group (TAG), which works to counter government-backed attacks. That suggests that whoever has been weaponizing these vulnerabilities is connected to a national entity of some kind.

If that is the case, recent reports from TAG suggest an upsurge in such attacks, so users in some industries and professions might want to consider locking down their devices with Apple’s Lockdown Mode to minimize their attack surface. IT, meanwhile, should review security compliance, particularly among those using older iPhones, iPads, or Intel Macs.

You can follow me on social media! Join me on BlueSky,  LinkedInMastodon, and MeWe

Microsoft upgrades Copilot Studio agent builder tools

November 20, 2024 /

Microsoft at this week’s Ignite conference unveiled new Copilot Studio features aimed at both expanding the functionality of AI agents created with the application and improving the accuracy of outputs.

Copilot Studio was unveiled at last year’s event as a way to customize Microsoft’s generative AI (genAI) “copilot” assistants for different business use cases. Since then, the company has stepped up its messaging around AI agents that can perform a wider variety of tasks on behalf of workers.

Among the latest updates to Copilot Studio is the ability to connect agents to third-party applications such as Salesforce, ServiceNow, and Zendesk. The goal is to provide access to “real-time knowledge” that helps answer complex questions, Microsoft said. That feature is now in preview. 

In addition, Copilot Studio now integrates with the new Azure AI Foundry to enable access to a wider range of data within an organization, Omar Aftab, vice president of conversational AI at Microsoft, said in a blog post. “By connecting all their data sources, organizations can see that agents are more grounded in their business data and provide specific, high-quality responses,” he said. 

There are also new “multimodal” AI enhancements to Copilot Studio agents. Users can embed an agent built in Copilot Studio into an interactive voice system (used in automated voice calls for customer service, for example) to create “speech enabled agents,” said Aftab. These can also be embedded in various “applications, standalone kiosks, concierge systems, and more,” he said. And Copilot Studio agents can now analyze images, allowing users to upload files and ask questions about them.

Microsoft has also opened access — in a public preview — to autonomous agent builder tools in Copilot Studio, as announced last month. “Makers can now build agents that work on their behalf, without having to prompt the agent, saving human hours and increasing efficiency,” said Aftab. “They can create these agents from scratch or configure agents that are prebuilt in Copilot Studio.” 

There’s an agent library to help users get started, too, (also in public preview), with pre-built agents tailored to common work processes such as leave management, sales orders and deal acceleration, Microsoft said. 

Among the other announcements Tuesday is the ability to build customized agents with a “streamlined Copilot Studio experience” that’s now embedded in the BizChat interface of Microsoft 365 Copilot. These agents are created using natural language directions, and can be given access to enterprise data held in apps such as Dynamics 365 and SharePoint. There are also pre-built agents, including an Employee Self-Service agent. 

Copilot Studio can address some of the shortcomings of a “horizontal” tool such as Microsoft 365 Copilot, which often requires a lot of guidance to access the right data, and may produce hallucinations, said J.P. Gownder, vice president and principal analyst at Forrester.

“The Copilot Studio tools help to fill this gap by allowing organizations to create more finely tuned solutions that nevertheless are a lot easier and cheaper than training a model from scratch,” he said. 

Improved tuning and sourcing in Copilot Studio allows more retrieval augmented generation (RAG)-based approaches, said Gownder, which specifies data more precisely, reducing the likelihood of “both vague outputs and hallucinations.” The ability to use custom Azure AI Search indexes as a knowledge source for custom RAG scenarios — another of the Copilot Studio updates at Ignite — allows for more “specific, contextual, and accurate outcomes,” he said. 

“Being able to then take these Copilot Studio agents and plug them into Microsoft 365 Copilot could democratize some of these innovations, allowing employees to tap into them right in their flow of work,” said Gownder. “This heightened context, accuracy, and specificity could solve some of the problems that enterprise leaders have cited as downsides to M365 Copilot.

“Microsoft has rolled out a lot of Copilot solutions with sunny story lines that enterprises aren’t always able to replicate in their own environments,” said Gownder. “So, while the Copilot Studio announcements sound promising, we must wait and see if they truly work as advertised to create value.”

US commission proposes ‘Manhattan Project-like’ initiative for AI

November 20, 2024 /

A US congressional commission has called for a “Manhattan Project-like” initiative to accelerate artificial intelligence (AI) development, urging Congress to grant the executive branch sweeping, multiyear contracting authority to fund advancements in AI, cloud computing, and data centers.

The bipartisan US-China Economic and Security Review Commission (USCC) issued the recommendations in a 793-page report on Tuesday, highlighting the growing urgency to outpace China’s rapid strides in emerging technologies, including AI, quantum computing, and biotechnology.

“Congress should establish and fund a Manhattan Project-like program dedicated to racing and acquiring an Artificial General Intelligence (AGI) capability,” the report stated, drawing parallels to the WWII-era government project that developed the first atomic bombs.

“Provide broad multiyear contracting authority to the executive branch and associated funding for leading artificial intelligence, cloud, and data center companies and others to advance the stated policy at a pace and scale consistent with the goal of US AGI leadership,” the report further added as a suggestion to Congress.

The report also advised the Secretary of Defense to designate AI projects as having the highest national priority, underscoring the strategic importance of staying technologically ahead of China to protect US economic and military interests.

“Direct the US secretary of defense to provide a Defense Priorities and Allocations System “DX Rating” to items in the artificial intelligence ecosystem to ensure this project receives national priority,” it stated.

A “DX Rating” is assigned to programs of highest national priority.

The USCC, established in 2000 to monitor and report on US-China trade and economic relations, issued its latest report amid mounting geopolitical tensions and a race to dominate the technologies of the future.

Tech rivalry with global implications

The commission warned that China’s technological progress, if left unchecked could threaten US deterrence in the Pacific region and destabilize the global balance of power. “China’s advancements could erode the United States’ economic and military position and tip the global balance of power,” the report said.

The US has already taken steps to limit China’s access to critical technologies. On Monday, the Treasury Department finalized a rule restricting US investments in Chinese AI, quantum computing, and semiconductor sectors — a move building on President Joe Biden’s executive order last year aimed at curbing the export of technologies that could bolster China’s military and intelligence capabilities.

Tuesday’s report also detailed tensions between the two nations over issues such as sanctions on Chinese officials, restrictions on semiconductor imports, and national security concerns surrounding the Chinese-owned social media platform TikTok.

“Despite a bilateral agreement reached in late 2023 to pursue limited cooperation on military communication, climate change, countering fentanyl and other drugs, artificial intelligence (AI), and people-to-people ties, China has continued its efforts to counter or weaken US policies without changing its own behavior,” the report observed.

Generative AI is central to the recommendations of the report, which pointed out that while the US currently leads development in the domain by over a year, “Chinese companies are making a concerted effort to develop generative AI models similar in sophistication to those of US companies.”

The USCC report also emphasized the US’ need to maintain leadership in developing Artificial General Intelligence (AGI) — AI systems capable of performing any intellectual task that a human can do.

The proposed initiative echoes the strategic and national security urgency of the original Manhattan Project, highlighting the role of advanced technology in shaping global power dynamics.

ChatGPT’s Windows app beats Microsoft Copilot for productivity

November 20, 2024 /

Microsoft’s Copilot AI assistant appears to be transforming into a chatty AI sidekick, and I’ve seen quite a few Copilot users who aren’t happy about it. Thankfully, there’s now another option for anyone interested in using AI purely for productivity — a full-featured ChatGPT app for Windows PCs.

Even at launch, ChatGPT’s Windows app is already a better productivity tool than Copilot. It’s quite a setback for Microsoft’s AI assistant — which, when it first launched as Bing Chat, had a more powerful AI model than ChatGPT and offered features that went beyond what ChatGPT offered, such as the ability to search the web.

Things have certainly changed.

Want to stay on top of the latest Windows PC features — AI and beyond? My free Windows Intelligence newsletter delivers all the best Windows tips straight to your inbox. Plus, you’ll get free Windows Field Guides as a special welcome bonus!

Meet ChatGPT’s new Windows app

OpenAI technically launched its ChatGPT app for Windows in October. But at the time, the ChatGPT Windows app was only for paying ChatGPT subscribers. Now, it’s free for anyone to use — including free ChatGPT users.

That means you can now get ChatGPT’s Windows app from the Microsoft Store, whether you’re paying for the premium version of the service or not. The app runs on both Windows 11 and Windows 10 PCs. Once you launch it, you’ll have to sign in with an account. (The web-based version of ChatGPT doesn’t require an account, but the desktop app does.)

ChatGPT main window
The official ChatGPT app offers more options than Copilot.

Chris Hoffman, IDG

(While I’m focusing on Windows here, it’s worth noting that official ChatGPT apps are also available for Mac, Android, iPhone, and iPad.)

ChatGPT’s app is just like Copilot — but better

Under the hood, both Copilot and ChatGPT use much of the same technology. While Google’s Gemini assistant uses Google’s own AI models, Microsoft’s Copilot uses OpenAI’s ChatGPT models — along with something Microsoft calls the “Microsoft Prometheus model.”

Comparing the two, you’ll first notice how similar the interface is. But ChatGPT feels more like a more focused productivity tool, whereas Copilot feels like it’s trying to be more friendly and approachable. Copilot has pastel colors, lots of graphics, and greets you by name with requests about how your day is going.

Microsoft Copilot
Microsoft Copilot is starting to feel more like an “AI friend” than an AI assistant.

Chris Hoffman, IDG

For example: Both ChatGPT and Copilot offer voice chat. When I click the voice chat button in ChatGPT, I hear silence — the AI model won’t respond until I speak to it. When I click the voice chat button in Copilot, I hear a friendly “Hey Chris! How’s your day going?”

It really makes me wonder: Were few people using Copilot in Windows? Did Microsoft have to redesign it to make it more approachable?

ChatGPT choose a voice
ChatGPT provides a selection of voice options, just like Copilot does.

Chris Hoffman, IDG

ChatGPT’s app also beats Copilot when it comes to working with files:

  • Copilot lets you drag and drop image files to upload them — but that’s it.
  • ChatGPT lets you drag and drop PDF files, Word documents, Excel spreadsheets, PowerPoint presentations, and more to the ChatGPT app to upload them and ask questions about them.

It’s just a much more powerful interface. ChatGPT offers more flexibility with its built-in hotkeys, too:

  • To launch Copilot, you’ll need a new-ish laptop that comes with a Copilot key on its keyboard. (Microsoft used to let the Windows+C hotkey launch Copilot, but that’s been removed.)
  • To launch ChatGPT, you can press Alt+Space — or you can change this shortcut to anything you’d prefer in the ChatGPT app’s settings. (If you have Microsoft PowerToys installed, the Alt+Space shortcut may launch the PowerToys Run launcher instead. You’ll need to change the hotkey for either tool.)

If you do have a laptop with a Copilot key, you’ll be able to go into the Settings app in Windows and tell Windows to launch the ChatGPT app instead of the Copilot app when you press it.

ChatGPT small window
ChatGPT launches a convenient small window when you press the shortcut.

Chris Hoffman, IDG

ChatGPT also offers more flexibility when it comes to working with saved conversations:

  • Copilot will let you start a new conversation, if you like — but that’s it.
  • ChatGPT lets you start new chats, and it also lets you switch to recent chats you’ve used right from its sidebar.

Some features are similar. Both Copilot and ChatGPT can search the web for you to find up-to-date information. Neither can search the web while you’ve having a voice conversation, however — hopefully that’ll arrive in the future.

Both ChatGPT and Copilot offer different answers, too. You should experiment with both to see which best fits your needs. However, in my testing, I found that ChatGPT was more verbose in its responses — in a good way. Since the update where Copilot started trying to be your best friend, Copilot has been giving shorter responses with a focus on follow-up questions for you, to keep the conversation going.

Copilot Pro still beats ChatGPT for Office integration

For all of ChatGPT’s advantages, Copilot does still have one trick up its sleeve: If you pay for a $20 per month Copilot Pro subscription, you get access to Copilot AI integration in Microsoft Office apps like Word, Excel, PowerPoint, and Outlook.

If this is a feature you like, Copilot is unbeaten. ChatGPT can’t get its hooks into Office apps directly. And it’s a good argument for paying Microsoft’s $20-per-month Copilot Pro subscription rather than OpenAI’s $20-per-month ChatGPT Plus subscription if you’re going to be spending money on a premium AI chatbot subscription.

But for people who aren’t spending any money, ChatGPT is a better productivity tool.

I haven’t found it worthwhile to spend $20 a month to use Copilot in Office apps, although I use Microsoft Word and Excel all the time. But everyone has different workflows, and some professionals are finding it to be useful.

ChatGPT is more of a productivity tool than Copilot

I haven’t covered every option in the ChatGPT app here. In general, ChatGPT has more options and feels like more of a productivity tool, while Copilot feels more like it’s trying to be the new ELIZA. (ELIZA was a chatbot from the 1960s. It was a mock therapist that asks questions like “How does that make you feel?”)

ChatGPT also offers more for free, for anyone whose company isn’t already footing a premium subscription. For example: ChatGPT lets you upload Office documents to analyze them; on Microsoft’s side, that feature requires the $20 per month Copilot Pro subscription to do the same thing in Word or other Microsoft 365 apps.

And, again, Copilot refuses to let you launch it with a hotkey — unless you buy a new PC that comes with a Copilot key; ChatGPT lets you choose your own key.

ChatGPT pulls ahead — for now

Is the race over? Of course not. Remember, when Microsoft launched Bing Chat, it surpassed ChatGPT. Bing Chat originally had more advanced AI models that only came to ChatGPT later. Microsoft could improve the ChatGPT app and integrate it better with Windows — currently, it’s really just a web app. And Microsoft could create its own AI models and use them with Copilot.

But, for now, ChatGPT is in the lead here. Windows users who rely on ChatGPT — or Windows users who just want a more powerful AI chatbot app than what Microsoft is delivering with Copilot — should install the app and give it a look.

Want to learn about the latest Windows features and apps that can boost your productivity? My free Windows Intelligence newsletter delivers all the best Windows tips straight to your inbox.

An Android-ChromeOS merger might actually make sense now

November 20, 2024 /

Stop me if you’ve heard this one: Google’s got two primary user-facing platforms, Android and ChromeOS — and, if the latest rumors are to be believed, the company may be on the brink of bringing ’em together and combining ’em into a single, streamlined entity.

If you’re feeling a funny sense of déjà vu, you aren’t alone. We’ve been going through some version of this same exact scenario more or less nonstop since the advent of ChromeOS nearly a decade and a half ago.

The buzz reached a boiling point around 2015, when a string of reports told us with no uncertainty that Google was, like, totally gonna merge Android and ChromeOS and that the long-predicted one-or-the-other duel was nearing its inevitable conclusion.

The reality, of course, has thus far turned out to be far more nuanced and less dramatic. Instead of merging the two platforms into one, Google’s spent the past several years working to align them and bring more Android-inspired elements into the ChromeOS environment. The result has been an experience that feels noticeably more consistent, complementary, and connected — and that’s turned Chromebooks into a much more versatile, capable, and broadly appealing computing product that’s genuinely compelling for professional purposes.

And yet, the notion of Android and ChromeOS coming together continues to come up. A fresh set of rumors about a pending platform merger is gaining steam this second, in fact. And while I’m usually the first person to throw water on such possibilities and raise the curtain of skepticism around those claims, for the first time, I’m actually thinking: You know, right now, this might make an awful lot of sense.

Let me explain.

[Get level-headed knowledge in your inbox with my free Android Intelligence newsletter. Three new things to know and try every Friday!]

Google’s never-ending Android-ChromeOS saga

These latest rumors, from known Android oracle Mishaal Rahman, stem from an unnamed “source within Google.” And they state, unequivocally, that Google is “working on a multi-year project to fully turn ChromeOS into Android,” with an intended end result of creating a single platform “that finally bests the iPad.”

To better compete with the iPad as well as manage engineering resources more effectively, Google wants to unify its operating system efforts. Instead of merging Android and ChromeOS into a new operating system like rumors suggested in the past, however, a source told me that Google is instead working on fully migrating ChromeOS over to Android. While we don’t know what this means for the ChromeOS or Chromebook brands, we did hear that Google wants future “Chromebooks” to ship with Android. 

While this specific suggestion may sound somewhat new, the idea behind it actually dates back to the first set of serious rumors around an Android-ChromeOS combo. Back then, in 2015, the theory was that Google would somehow “fold” ChromeOS into Android to create a single combined mega-platform.

And that same basic scenario is almost exactly what’s being proposed again today.

It’s a significant twist from the most recent set of Android-ChromeOS merger rumors, from 2018, which suggested that Google was cookin’ up an entirely new piece of software called Fuchsia that’d ultimately act as an all-purpose replacement for Android and ChromeOS alike. That rumor had echoes of a previous narrative (!) around a similarly all-new operating system called Andromeda from 2016, even down to the alleged Pixel-branded laptop being prepped to showcase the newly combined software.

Spoiler alert: Neither possibility ended up playing out as predicted.

At those times, I was adamant that a full-fledged merger of any sort with Android and ChromeOS seemed unlikely and that, just like early on in the platforms’ coexistence, more nuanced ongoing alignments seemed like the more logical progression. Those analyses have proven somewhat prophetic over time.

But now, I’m not nearly as convinced that that sort of sanity-seeking, perspective-drawing counternarrative needs to exist.

Reconsidering an Android-ChromeOS combo

To be clear, I’m not basing my conclusions here off any sort of inside info. I’ve reached out to Google to ask for clarity around the latest Android-ChromeOS combo reports, and as of this writing, I’ve yet to hear back with any official answers.

My views are based entirely on my own observations, as someone who’s both personally used and closely covered Android and ChromeOS since their earliest eras.

And unlike with every past rumor along these lines, this one feels almost shockingly sensible — from the perspective of Google, as a business, and also from the perspective of those of us who use and rely on devices across the Android-ChromeOS spectrum as part of our professional and/or personal lives.

As I’ve continued to contemplate this over the past few days, I’ve realized I have a couple core reasons why this strikes me as being such a sensible shift from all perspectives at this point:

1. The Google benefit

First and foremost, we have to remember that Google is a business — and so any move it makes has to be something that’d benefit it from a business perspective as well as, ideally, benefitting us as its users.

And on that front, an Android-ChromeOS combo has never made more sense.

For months now, we’ve been watching Google “realign” its business to cut costs and streamline, simplify, and eliminate areas that aren’t actively moving the organization forward in any measurable way. Part of that has even involved an ongoing shift in the teams responsible for Android and ChromeOS — divisions that recently lost their longtime leaders and became part of a broader Google “Platforms and Devices” team under the same single executive previously responsible only for homemade hardware.

At the same time, Google’s been increasing its under-the-hood alignment of Android and ChromeOS in some eyebrow-raising ways. Most notably, this past summer, the company announced it would begin working on revamping the under-the-hood ChromeOS engine to use the same foundation as Android — a nerdy-sounding pivot that, one could contend, sets the stage for something exactly like what we’re hearing about now to follow.

On top of that, we’ve seen signs suggesting work is afoot on a new Android-based version of Chrome that’d support extensions and an effort to allow Linux access within Android — just like we already have within ChromeOS. Let’s not forget, too, about the new under-development desktop windowing system for Android tablets and even the decreased emphasis of the signature Chromebook Launcher/Search/Everything key. Considered under the umbrella of this latest rumor, it sure seems reasonable to see these once-disparate-seeming shifts as pieces that’d build toward that same broader puzzle.

Factor in fresh questions around whether Google could one day be forced to sell off Chrome entirely as part of its ongoing U.S. monopoly investigation, and it’s easy to see why a move to Android as the underpinnings of a Chromebook could now add up in a way that didn’t entirely come together in the past.

But there’s another side to the story, too, and it’s every bit as important.

2. The user benefit

As someone who uses both Android and ChromeOS every single day, two truths about the platforms are undeniable:

  • The Android touch experience is exceptional. When you’re using Android on a phone or a tablet — in an optimal Android environment, at least — you’re typically left wanting for nothing.
  • At the same time, the Chromebook desktop experience is in a league of its own. Using a ChromeOS device as a computer is incredible and something that, despite all the ongoing progress over the years, Android in the same scenario simply can’t match.

Now, don’t get me wrong: Android and ChromeOS both provide perfectly passable experiences in their alternate forms. A Chromebook in its tablet mode is fine, as is an Android device in its desktop environment. But neither holds a candle to what the other platform can offer in its more native-feeling “default” version of that same environment — Android on the touch side and ChromeOS with a keyboard.

So if Google managed to create a situation where you could essentially enjoy Android when a device is in a touch-centric form and then seamlessly switch to something that felt like a Chromebook when a keyboard is attached, it could create a brilliant best-of-both-worlds mashup — a scenario where you don’t have to settle for passable and could instead have the best possible option for any given way you’re using a device at any moment, whether it’s an “Android tablet” or a “Chromebook” in name.

It’s not far removed from my long-standing dream of owning a gadget that’d seamlessly switch to either Android or ChromeOS to match which arrangement would be most advantageous depending on how, exactly, you’re using the thing. Perhaps not coincidentally, in fact, “experiments” around a system just like that showed up in some of Google’s source code earlier this year.

And speaking of such subjects…

The Android-ChromeOS combo path no one’s considering

My revelation about the two-pronged benefit of an Android-ChromeOS merger today took me back to something a ChromeOS executive said to me in an interview a couple years ago:

“What’s underneath doesn’t really matter to the user. You could have 10 different operating systems, one for each form factor, if you wanted that. The important piece is what you present to the user.”

That, [Google Senior Director of Product Management Alexander] Kuscher says, is why Android and ChromeOS have continued to grow more consistent and connected over the years. In Google’s view, the operating system is less important than the experience — and increasingly, it’s working to present experiences that are so similar that they feel more like different branches of the same tree than completely separate forests.

And that, in turn, reminded me of some musings I shared back in 2016 — when the previous “Android and ChromeOS coming together” rumors were taking shape and everyone was convinced, again, that Google was on the brink of beginning an effort to “fold” ChromeOS into Android and create a single streamlined operating system.

At that time, I raised this newly intriguing notion:

What if [this] were essentially just a way to give Android devices a “desktop mode” — a ChromeOS-like environment that appears when, say, a physical keyboard is present, with a more traditional Android interface remaining in place for touch-centric use? A ChromeOS-like environment wouldn’t be ideal as a core part of the regular touch-centric Android experience, after all, but it sure could be valuable as an option for scenarios involving more productivity-oriented and laptop-like use.

And what if this best-of-both-worlds, dual-purpose mentality applies not only to convertible systems but also to phones? …

Such a setup could effectively turn any compatible Android device into a versatile all-purpose computer that packs the strengths of Google’s two platforms into a single superpowered package.

Hmmmmmmmmmmmmmm.

To be clear, the current state of these current rumors makes it sound like Google’s moving toward a more full-fledged adoption of Android on the Chromebook front — a full merger, as opposed to any sort of harmonious coexistence.

But still: Perhaps there could be more nuance involved. Perhaps the Chromebook/”Android desktop mode” side of the equation could still look and feel largely like what we consider to be ChromeOS today, only with Android running as the foundation beneath it. Perhaps Android could be the base of the future Chromebook experience and not the entire experience itself, in any front-facing, user-visible way. And perhaps those Google-exec comments about what’s underneath not mattering and the operating system being less important than the experience could come into play once more.

If Google can manage to pull that off effectively without sacrificing too much of what makes ChromeOS special, this could be a very good thing for both the company and for those of us who rely on its platforms — Android and ChromeOS alike.

But that involves an awful lot of “if”-type questions. And right now, most of them remain vexingly unanswered.

Android-ChromeOS combo caveats — and a philosophical pondering

So, yes: I see a lot of logic in the notion of an Android-ChromeOS combo now — for Google and for us, as users of its software and devices. But I also have a lot of concerns about how this could play out, particularly as someone who’s long been immersed in the Chromebook universe and appreciative of the unique advantages that platform offers for businesses, schools, and also regular ol’ individual computer owners.

Specifically:

  • ChromeOS has some significant security advantages in the way its software is structured. These are an important part of the Chromebook proposition, particularly for businesses and other organizations. If the ChromeOS base is replaced with Android, would these architectural advantages be lost?
  • Chromebooks also offer some incredibly important advantages around updates, with fresh software showing up every few weeks — quickly and reliably, regardless of who made a device or how old it may be. And most Chromebooks are now promised a minimum of 10 years of ongoing software support. This, suffice it to say, is quite a contrast from the update situation on Android, where the manufacturer- and carrier-dependent nature of that operating system creates a bit of a Wild West scenario (outside of Google’s own closely controlled Pixel devices).
  • On the same note, a big part of why Chromebooks can offer such a stable update experience is because of the consistency ChromeOS creates from one device to the next. Unlike Android, where device-makers and carriers alike are able to modify the software in all sorts of ways, every Chromebook is essentially identical in terms of its interface and software experience. And so Google can send out updates universally, without third-party companies needing to be involved (the variable that always leads to extended delays and irksome uncertainty on Android).
  • Finally, on a less tangible but every bit as consequential consideration, using a Chromebook feels noticeably and meaningfully different from using Android in a desktop state. ChromeOS has always offered a true desktop-caliber experience in a way that Android has never managed to match. If Google isn’t able to maintain that — and if the Chromebook/”Android desktop mode” interface feels more like a traditional Android tablet experience instead of a true desktop-caliber, Chromebook-style setup — that’d be a massive stumble in the wrong direction and a major devolution for the productivity-first focus the company has managed to create with ChromeOS.

Google’s got its work cut out for it, in other words. But unlike in the past, this possibility seems promising. And the more you think about it, the more sense it really makes — again, if Google manages to get it right.

A decade ago, I posed a philosophical question about the ever-overlapping future of Android and ChromeOS. At the time, the question represented my thinking about these platforms from a slightly different perspective, with the notion of ChromeOS potentially taking over for Android at some theoretical point down the road.

The tables may have turned in the other direction, but the question itself feels freshly relevant today:

If all Android apps can eventually run on ChromeOS — and if ChromeOS evolves to look more like Android while web apps and Android apps grow increasingly similar in design — would you notice the difference between a phone running Android and a phone running Chrome?

Flip that question around, and you’ve got a fascinating slice of food for thought for this current situation. If all these factors come together and Google manages to make the surface-level Chromebook interface similar enough while maintaining each environment’s under-the-hood advantages — a tall order, to be sure — would you even realize if your Chromebook technically ran Android?

We may not know the answer for some time yet. This project is said to be a multi-year effort, and that’s providing all the still-unofficial details are accurate and the plans continue to push forward. (All tech companies test out ideas internally that never end up seeing the light of day, and Google in particular is notorious for developing concepts and then abandoning ’em before they ever turn into anything.)

But this sure is an interesting notion to chew over. And for the first time, it feels like there could be something to it beyond just misguided excitement.

Want even more Googley knowledge? Check out my free Android Intelligence newsletter to get next-level tips and insight delivered directly to your inbox — starting with my Android Notification Power-Pack as a special welcome bonus!

CMA gives Google’s $2B Anthropic investment the green light

November 19, 2024 /

It took the UK’s Competition and Markets Authority (CMA) less than a month to decide that there is no need to proceed further with a merger investigation after Google’s purchase of a $2 billion stake in Anthropic.

In a statement released on Oct. 24, the CMA indicated that it had obtained “sufficient information” to launch a preliminary investigation into the investment by Google, which was first announced last year and involved an initial sum of $500 million, with the remainder to be invested at a later date.

The regulator was then scheduled to announce on Dec. 19 whether or not a more detailed phase 2 probe would take place, a move that ended up being fast forwarded.

Scott Bickley, advisory fellow at Info-Tech Research Group, said when the initial investigation was announced that the probe sounded like a “precautionary investigation across the board to me, primarily due to the fact that the CMA just recently approved Amazon’s Anthropic investment and partnership.”

Last March, Amazon announced it was investing $2.75 billion in Anthropic, bringing its total investment in the AI startup to $4 billion.

As part of this partnership, Anthropic said it would use Amazon Web Services (AWS) as its main cloud provider for key operations, including AI safety research and the development of foundation models. Anthropic will also use AWS Trainium and Inferentia chips for building, training, and deploying future models.

The CMA ruling on that investment was released on Sept. 27, and stated that the regulator does not believe that a “relevant merger situation has been created.”

Phil Brunkard, executive counselor at Info-Tech Research Group, UK, said last month that “both Google and Amazon are trying to compete with OpenAI, but it’s interesting that the CMA is focusing on Google when Amazon was just cleared, which raises some questions about consistency.”

While investigations do create some uncertainty, he said, “Amazon’s clearance hints that Google could have a similar outcome. It seems the CMA is just being thorough, but these investments will likely continue.”

Brunkard said Tuesday he was not surprised by the ruling issued by the CMA, a non-ministerial department in the UK government that oversees business activities and flags potentially unfair competition.

“As I had mentioned previously, the CMA appeared to have been conducting a thorough review, and the latest report confirms they were satisfied after assessing their criteria,” he said, adding, “it’s essential that the CMA continues this consistent approach to ensure a fair and competitive marketplace.”

This kind of oversight, said Brunkard, is “especially important in the exponentially evolving AI sector, where investments from tech giants like Google and Amazon have the potential to shape the market significantly.”

The CMA first launched an initial review into the market for AI systems in May 2023, and in a statement announced it would focus in on three key areas: how the competitive markets for foundation models and their use could evolve; the opportunities and risks these scenarios could bring for competition and consumer protection; and what guiding principles should be introduced to support competition and protect consumers as AI models develop.

The organization said that the review is in line with the UK government’s aim to support “open, competitive markets.”

Business Internet Security: Everything You Need to Consider

November 19, 2024 /

Cyber-attacks can cost companies millions of dollars in lost revenue, legal fees, and recovery efforts. A security breach can severely tarnish a company’s reputation and customer trust, making comprehensive internet security crucial for your small business.

Investing in effective cybersecurity measures, especially regarding business internet and email security, acts as a shield against potential threats. These internet security solutions will protect your sensitive data and maintain the trust and safety of your clients and partners.

Business Internet Security Checklist

Building a robust internet security strategy for your business may seem complex. To help you prioritize your cybersecurity threats and build a strong security solution, we’ve created an extensive checklist.

1. Secure Your Network Infrastructure

The foundation of good internet security relies on a strong, secure network infrastructure. Your network is like your office; strong walls, locked doors, and vigilant guards keep it secure.

Firewall Protection: Your First Line of Defense

Firewalls act as a barrier between your network and the outside world, blocking unauthorized access and malicious traffic. Think of it as your business’s security guard, carefully checking everyone who tries to enter. Firewalls can filter incoming and outgoing network traffic, enforcing your security rules through threat detection.

Network Segmentation for Damage Control

Imagine dividing your office into sections with different security clearances—that’s what network segmentation does. By separating your network into smaller, isolated segments, you limit the reach of any potential breach.

Even if one part of your network is compromised, the others remain safe, containing the damage and preventing a complete shutdown. Network segmentation is one of the most important security features a business can implement, even if you run a small business.

2. Strengthen Your Devices and Access Points

Each device on your business’s network, from computers to mobile phones, represents a potential point of entry for hackers. Treat connected devices as a door to your Wi-Fi networks, ensuring each one is secure enough to protect the entire structure.

Robust Passwords and Multi-Factor Authentication (MFA)

Using weak or easily guessable passwords is like leaving your office unlocked, allowing online threats to gain access. It’s an open invitation for trouble. Implement a strong password policy requiring employees to use complex passwords.

You should encourage use of a password manager and implement multi-factor authentication (MFA) on all accounts to add another layer of protection. Strong passwords are one of the easiest ways to strengthen your business cybersecurity.

Regular Software Updates

Software updates often include vital security patches that address identified vulnerabilities. Delaying updates on your security software is like ignoring a leaky roof; if left unattended, it will only get worse. Patch management and regularly updating all software on all your devices, including antivirus software and operating systems, will minimize the risk of exploitation.

Schedule updates and educate your employees about the importance of keeping their systems current. Regularly updating your software is one of the best free security solutions for your business.

Endpoint Detection and Response (EDR) Solutions

EDR solutions are your network’s security team that continuously monitors for suspicious activity. They then respond to this activity in real-time. Consider implementing an EDR solution that proactively detects, isolates, and responds to threats on individual devices within your network.

3. Safeguarding Your Data

Your business’s data—customer information, financial records, and intellectual property—is invaluable. Protecting your business data should be a top priority.

Data Encryption

Imagine losing access to all your essential documents; that’s the chaos data loss can cause. Having secure backups of your crucial data ensures business continuity, even if a cyber incident occurs.

Implement a secure data backup and recovery plan that includes regular backups, offsite storage, and disaster recovery testing. It is also vital to make sure your internet connection is secure before backing up data to the cloud.

Implement a Data Loss Prevention (DLP) Strategy

A robust DLP strategy helps detect, monitor, and prevent the unauthorized use or transmission of sensitive data. This strategy acts as a safeguard against both accidental data leaks and intentional theft.

4. Educating Your Workforce

Your employees play a critical role in maintaining strong business internet security. Equip them with the knowledge and tools they need to act as an added layer of defense through security awareness training workshops. Human error causes many data leaks and security risks.

Cybersecurity Training

Conduct regular and comprehensive cybersecurity training for all employees. Training should focus on common cyber threats like malicious sites, phishing scams, and social engineering attacks. It is also important to educate employees about security awareness and best practices for online security, especially on public networks.

Password Management

Encouraging the use of strong and unique passwords for all business accounts, such as Microsoft Exchange, is key to fortifying your first line of defense. Implement a business-wide password manager for secure storage and effortless access for your employees.

Establish Clear Communication Channels

Establishing clear communication protocols for reporting security incidents and concerns helps you address issues more rapidly and effectively. This will help mitigate potential damage. Encourage employees to use these communication channels if they have accessed any inappropriate or malicious websites on company devices.

Your Business’s Cybersecurity Journey Starts Now

With cyber threats continuing to evolve and become more sophisticated, businesses can never be complacent about internet security and protecting their private network and data.

Taking proactive steps toward securing your digital infrastructure and safeguarding sensitive data is a critical business decision. Prioritizing robust internet security measures safeguards your small business and ensures you’re well-equipped to face whatever kind of threat may come your way.

While implementing these security measures may seem daunting, partnering with the right internet service provider like Optimum can give you a head start on your cybersecurity journey.
Want Internet service with cybersecurity built in? Try Optimum Business Internet.

Frequently Asked Questions About Business Internet Security

How can we protect IoT devices from becoming the entry point for security vulnerabilities into a network?

IoT devices can be particularly vulnerable to security breaches, but several measures can help protect your network:

  • Change default passwords immediately and use strong, unique passwords for each device
  • Regularly update IoT device firmware to patch security vulnerabilities
  • Implement network segmentation to isolate IoT devices on a separate network from critical business systems
  • Disable unnecessary features and ports that could be exploited
  • Monitor IoT device activity for unusual patterns that might indicate a breach
  • Use a dedicated firewall for IoT devices to control their internet access

Which security measure limits the access of outsiders to the internal network of a business?

Firewalls are the primary security measure that controls external access to your internal network. They act as a barrier between your trusted internal network and untrusted external networks, like the internet. Firewalls monitor and control incoming and outgoing network traffic based on predetermined security rules, effectively limiting unauthorized access while allowing legitimate business communications to continue.

Who in a business should be responsible for cybersecurity?

While a designated IT security team or professional may lead cybersecurity efforts, security is everyone’s responsibility. Here’s how responsibility can be distributed:

  • Leadership: Set security policies and allocate resources
  • IT Department: Implement and maintain security measures
  • Department Managers: Ensure compliance within their teams
  • Employees: Follow security protocols and report suspicious activity
  • External Partners: Comply with security requirements when accessing company resources

However, if you don’t have the benefit of a dedicated IT department, you can turn to Optimum for help and support.

What can we do to stay on top of cybersecurity threats?

Keeping strong cybersecurity is all about staying alert and taking proactive steps. Organizations should consider signing up for threat intelligence feeds to stay updated on new vulnerabilities and regularly assess their security to spot potential issues.

Having an ongoing routine of software updates and security patches, along with ongoing employee training on security awareness, can help build a strong cybersecurity foundation. Many organizations also find it helpful to team up with cybersecurity experts who can offer advice on new threats and suggest the best security practices.

Learn more about what Optimum can do for your business.

Study: Chat GPT is better than doctors at diagnosing illness

November 19, 2024 /

A new research study indicates that Open AI’s chatbot Chat GPT-4 is better at diagnosing diseases than human doctors, according to The New York Times.

Fifty doctors, a mix of attending physicians and residents, participated in the study; diagnoses were based on evaluations of medical patient cases. All in all, Chat GPT-4 got a 90% score for the diagnoses it delivered; the doctors on their own got average scores of 74%.

The doctors also reportedly performed worse than the chatbot when they were allowed to use Chat GPT-4 in their work. Physicians who used the tool performed only marginally better — getting scores of 76% — than physicians who did not use a chatbot at all.

The reason for that, the study said, was that the doctors rarely allowed themselves to be convinced by the chatbot if it noticed something that did not agree with the doctor’s own diagnosis. Many doctors also didn’t know how to use the chatbot’s skills to their full potential.

Foxconn takes another big step toward AI iPhone manufacturing

November 19, 2024 /

Apple’s main manufacturing partner, Foxconn, has announced it is working with Nvidia to build digital twins that it says will reshape the future of manufacturing and supply chain management.

Nvidia and Foxconn last year announced plans to use Nvidia’s Omniverse platform to create 3D digital twin tech with which to plan and simulate automated production lines. The scheme was first put into effect at Foxconn’s Hsinchu factory in Taiwan and will be scaled out to Foxconn factories worldwide. 

What happens in Hsinchu…

Apple’s connection with the Hsinchu facility isn’t particularly overt, but it certainly exists. There’s an Apple Store currently hiring in the city, and Apple also has an R&D facility there. In 2020, Apple confirmed plans to build a new plant in Hsinchu Science Park to supplement the operations it already had in place.

As far as we know, Apple’s Hsinchu-based R&D teams are working on next-generation monitor technologies such as low-temperature polysilicon displays and metal-oxide-semiconductor screens, along with quantum film image sensors, according to earlier reports. (Who knows, it’s not impossible that new tech used in the latest MacBook Pro displays might have been developed there.) 

While a bit of a long shot, some of Apple’s server development team might also be based there, given the company is developing its own servers to support its Private Cloud Compute systems for Apple Intelligence. It was recently reported that Apple has asked Foxconn to make AI servers based on Apple Silicon in Taiwan, and given the proximity of the Hsinchu digital twins project, it is hard to ignore the overt opportunity for additional cooperation between the firms.

When it comes to manufacturing, Apple has a pressing challenge to scale up the capacity to build iPhones at factories outside China. Some of this work is already taking place in India where the company is rapidly ramping up production, but it is possible Apple wants some manufacturing taking place elsewhere, such as in Mexico. 

Foxconn’s move to build heavily automated production facilities could help Apple with those efforts.

Industry 4.0 and the Apple supply chain

I see the latest news with Nvidia as part of a continuum. Foxconn has already built a growing network of eight Industry 4.0  lights-out factories in Taiwan, China, and Mexico. In China, the steady move toward additional automation means Foxconn has been able to reduce its workforce by more than a third while maintaining production levels. 

Foxconn’s entire Shenzhen, China, Guanlan factory operates without lighting as it is automated and controlled by a cloud-based AI. The vision of that latter project is that it will become possible to simply tell the cloud AI what products need to be made and how they are to be manufactured, and the system will adjust itself to automatically churn those products out. 

There’s a ways to go before that becomes possible, but it sounds like Foxconn will use Nvidia’s tools to track existing manufacturing processes so they can be more easily replicated at factories situated elsewhere. 

“Through this technology, Foxconn can replicate and establish production lines across diverse geographical locations with unprecedented speed and precision,” the company said. “This capability enables Foxconn to swiftly deploy high-quality production facilities with unified standards in strategic markets worldwide, significantly enhancing the company’s competitiveness and adaptability in the global landscape.”

Digital twin tech is also very good at identifying bottlenecks and inefficiencies in existing production processes, while the ability to more easily take manufacturing lines to new nations also help build resilience into manufacturing systems. “When facing supply chain disruptions or sudden market demands, Foxconn can quickly simulate manufacturing process changes and adjust production strategies to flexibly allocate resources across different regions for itself and its clients, ensuring production continuity and stability,” Foxconn says.

Resilience and flexibility

To some extent, the writing has always been on the wall. Supply chains globally buckled during the height of the CoVID-19 pandemic, and Apple’s decision to widen its manufacturing base to new nations was a direct response to this. Apple — and quite clearly, Foxconn — now understand the need to build resilience into the supply chain, and one way to do that is to turn to using heavily automated manufacturing systems that can be easily set up and made productive in new locations. This seems to be the game in play here, particularly in the wake of Apple’s purchase of Darwin AI earlier this year.

The other part of that game reflects the challenge of staffing manufacturing operations at the scale Apple demands. Hundreds of thousands of people globally are now involved in building Apple hardware, and the job is skilled enough that recruiting all those workers can pose problems for the company. This is likely why in June it was revealed that Apple intends to replace 50% of iPhone related assembly line workers in the next few years. That ambition logically requires the kind of productivity enhancements Foxconn and Nvidia are working on now, so logically it makes sense that Apple’s production processes are part of the plan.  

Designed by Apple, built by robots

Achieving this is not going to be easy. But where Apple goes, others inevitably follow, which itself means that future employment is going to become even further deindustrialized at about the same time as AI itself leads to mass scale changes in working practices elsewhere. It’s hard to see where this is going, but the other side of that story is that iPhone manufacturing will itself become a movable feast.

“Designed by Apple, built by robots,” some might say.

You can follow me on social media! Join me on BlueSky,  LinkedInMastodon, and MeWe