jeudi 29 février 2024

UnitedHealth says Blackcat is the reason healthcare providers are going unpaid

UnitedHealth says Blackcat is the reason healthcare providers are going unpaid
Illustration of a computer screen with a blue exclamation point on it and an error box.
Photo by Amelia Holowaty Krales / The Verge

Health insurance provider UnitedHealth has identified Blackcat as the group behind a debilitating cyber attack that has disrupted healthcare providers nationwide, Reuters is reporting. The attack has led to more than a week-long outage of the the United-owned Change Healthcare system, disrupting payments at hospitals, clinics, and pharmacies across the nation.

Since Change Healthcare acts as a middleman between healthcare providers and insurance companies, the breach has hindered everyday transactions like electronic pharmacy refills and new insurance claims. The company first identified suspicious activity on its IT systems on February 21st, according to an SEC filing.

The breach could last for weeks, UnitedHealth Group Chief Operating Officer Dirk McMahon told STAT. The insurance company is setting up a loan program for healthcare providers in the meantime.

Blackcat, also known as ALPHV, has claimed credit for numerous hacks over the past year, including the MGM casino breach in Las Vegas, a hack on Reddit’s systems, and many others.

In a joint cybersecurity advisory, federal agencies including CISA and the FBI warned that Blackcat is now intentionally targeting the healthcare system. “Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized,” the agencies wrote.

The US government has even offered a combined $15 million reward for any actionable intelligence on the group’s whereabouts. An attempt by the FBI to seize Blackcat’s servers and sites last year seemingly failed —the group quickly regained control.

In a darknet message that was later deleted on Wednesday, Blackcat also claimed it stole millions of patient records, including sensitive medical and insurance data in the UnitedHealth breach, Reuters reported. The group also admitted, in the same message, to stealing data from Medicare, the military medical agency Tricare, and even CVS Health. No further details were provided about the timing of these breaches, and the message was reportedly deleted without explanation. Reuters was unable to reach the hackers or verify any of their claims.

Even the theft of sensitive records from UnitedHealth alone could impact millions of people. Change Healthcare handles nearly 1 in 3 patient records in the US, the American Hospital Association told HHS Secretary Xavier Becerra in a letter sent on Monday. “Any prolonged disruption of Change Healthcare’s systems will negatively impact many hospitals’ ability to offer the full set of health care services to their communities,” wrote AHA president Richard J. Pollack.

UnitedHealth is currently working with Google-owned Mandiant and cybersecurity software vendor Palo Alto Networks, CNBC reports. The company hasn’t indicated whether it plans to pay the ransom.

S.E.C. Is Investigating OpenAI Over Its Board’s Actions

S.E.C. Is Investigating OpenAI Over Its Board’s Actions The U.S. regulator opened its inquiry after the board unexpectedly fired the company’s chief executive, Sam Altman, in November.

Here’s your first look at Tron: Ares, premiering in 2025

Here’s your first look at Tron: Ares, premiering in 2025
A first look image at a character in the film Tron: Ares.
Image: Disney

The third Tron movie is nearing release. Disney announced that production on Tron: Aresa follow-up to Tron: Legacy, which itself was a sequel to the 1982 original — began in January and that the plan is for the film to premiere in 2025. As part of the announcement, the first image for the film was also released. It definitely has Tron vibes but also wouldn’t be out of place as a skin in a shooter like Destiny or Fortnite.

Here’s the full thing:

A first look image at a character in the film Tron: Ares. Image: Disney

According to Disney, the new film is about “a highly sophisticated Program, Ares, who is sent from the digital world into the real world on a dangerous mission, marking humankind’s first encounter with AI beings.” It’s being directed by Joachim Rønning, who previously worked on the Pirates of the Caribbean franchise and the sequel to Maleficent. And while we don’t know much about the characters, the cast includes Jared Leto, Greta Lee, Evan Peters, Hasan Minhaj, Jodie Turner-Smith, Arturo Castro, Cameron Monaghan, and Gillian Anderson.

Of course, the real unanswered question is who will be doing the soundtrack.

This ‘Amazon’s Choice’ video doorbell could let just about anyone spy on you

This ‘Amazon’s Choice’ video doorbell could let just about anyone spy on you
An “Aiwit” doorbell camera. There are many like it. | Image via Amazon

Does your video doorbell look anything like the one in the picture? Perhaps you bought it for cheap at Amazon, Temu, Shein, Sears, or Walmart? Does it use the Aiwit app?

Consumer Reports is reporting the security on these cameras is so incredibly lax, anybody could walk up to your house, take over your doorbell, and permanently get access to the still images it captures — even if you take control back.

The cameras are sold by a Chinese company called Eken under at least ten different brands, including Aiwit, Andoe, Eken, Fishbot, Gemee, Luckwolf, Rakeblue and Tuck. Consumer Reports says online marketplaces like Amazon sell thousands of them each month. Some of them have even carried the Amazon’s Choice badge, its dubious seal of approval.

Yet Amazon didn’t even respond to Consumer Reports findings last we’d heard, much less pull the cameras off its virtual shelves. Here’s one of them on sale right now. Shopping app Temu, at least, told CR it would halt sales after hearing just how incredibly easy they are to hack.

Not only do these cameras reportedly expose your public-facing IP address and Wi-Fi network in plaintext to anyone who can intercept your network traffic (hope you aren’t checking them on public Wi-Fi!), they reportedly broadcast snapshots of your front porch on web servers that don’t ask for any username or password.

One Consumer Reports security staffer was able to freely access images of a colleague’s face from an Eken camera on the other side of the country, just by figuring out the right URL.

Worse, all a bad actor would need to figure out those web addresses is the serial number of your camera.

Even worse, a bad actor could get that serial number simply by holding down your doorbell button for eight seconds, then re-pairing your camera with their account in the Aiwit smartphone app. And until you take control of your own camera again, they’ll get video and audio as well.

Worse still, that bad actor could then share those serial numbers with anyone else on the internet. Consumer Reports tells us that once the serial number is out in the wild, a bad actor can write a script that would just keep downloading any new images generated by the camera.

 Image: Eken
“Your privacy is something that we value as much as you do,” reads Eken’s video doorbell website.

I guess you could say “Well, these cameras only face outdoors and I don’t care about that,” but Eken advertises indoor-facing cameras as well. (Consumer Reports tells us it hasn’t tested other Eken models yet.) I also really don’t want bad actors to know exactly when I leave my home.

You might say “Ah, this isn’t a big threat because a bad actor needs local access to the camera” — but that assumes they can’t figure out a way to randomly hit upon working serial numbers, or recruit porch pirates to canvas neighborhoods. At least the serial numbers seem to be randomized, not incremental, Consumer Reports tells us.

You also might say “Won’t Eken just stop hosting these images at freely accessible URLs?” That’d be good, but it apparently couldn’t be bothered to respond to Consumer Reports’ requests for comment.

Do the Aiwit servers do anything at all to prevent hackers from just randomly trying URLs until they find images from people’s cameras? If so, Consumer Reports hasn’t seen it yet.

“I have made tens of thousands of requests without any defense mechanisms triggering,” Consumer Reports’ privacy and security engineer Steve Blair tells The Verge via a spokesperson. “In fact, I was purposely noisy (hundreds of requests at once, from a single IP/source, repeated every couple of minutes) to try to determine if any defenses were present. I did not see any limitations.”

At least Consumer Reports isn’t yet suggesting this has been exploited in the wild.

We didn’t independently confirm these flaws, but we did read through the vulnerability reports that CR shared with Eken and another brand named Tuck. And it wouldn’t be the first time a “security” camera company has neglected basic security practices and misled customers.

 Image: Eken
Eken sells a wide variety of video doorbells under an even wider variety of brands. Consumer Reports points out that the buttons and sensor spacing are similar, though.

Anker admitted its always-encrypted Eufy cameras weren’t always encrypted after my colleagues and I were able to access an unencrypted live stream from across the country, using an address that, like Eken, consisted largely of the camera’s serial number.

Meanwhile, Wyze recently let at least 13,000 customers briefly see into a stranger’s property — the second time it’s done that — by sending camera feeds to the wrong users. And that was after the company swept a different security vulnerability under the rug for three whole years.

But the Eken vulnerability might even be worse, because it sounds far easier to exploit, and because they’re white-labeled under so many different brands that it’s harder to protest or police.

Consumer Reports says that even after Temu pulled some of the worrying doorbells, it kept selling others — and that as of late February, despite its warnings to retailers, most of the products it found were still on sale.

Now it’s the Galaxy Z Flip 6’s turn to leak in unofficial renders

Now it’s the Galaxy Z Flip 6’s turn to leak in unofficial renders
Two renders of the Z Flip 6, one folded and one half-folded.
Unofficial renders of what the Z Flip 6 could look like. | Image: OnLeaks / SmartPrix

Yesterday was the Samsung Galaxy Z Fold 6, now it’s the Z Flip 6’s turn to have its alleged design leak in a series of unofficial renders from OnLeaks and SmartPrix ahead of its rumored July unveiling.

While the overall form-factor of the device is similar to last year’s Z Flip 5, including a 6.7-inch inner folding display and 3.4-inch cover screen, SmartPrix reports that its thickness could increase from 6.9mm to 7.4mm, prompting speculation about what the extra internal space could be used for. The front-running theory comes from a GalaxyClub report from last year, which said the Z Flip 6’s battery capacity could increase from 3,700mAh to 4,000mAh. It’s a move that could (hopefully) address the so-so battery life we experienced on the Z Flip 5.

Other specs include a Snapdragon 8 Gen 3 processor and a return of the dual camera setup from last year. SmartPrix reports that they’ll once again both have 12-megapixel resolutions. GalaxyClub earlier reported that Samsung was testing the inclusion of a 50-megapixel main camera in the Z Flip 6, but it’s unclear if it’ll make it to the final device. Available colors include light purple and mint green.

Although it’s impossible to tell from the renders, you have to imagine that Samsung’s suite of Galaxy AI features is going to make an appearance on its upcoming foldables. What’s less clear is whether there’ll be any new AI tools, or whether the features will be similar to what we saw on the Galaxy S24.

mercredi 28 février 2024

X adds live video to Spaces instead of bringing back Periscope

X adds live video to Spaces instead of bringing back Periscope
The X logo on a colorful blue and light purple background.
Illustration: The Verge

Spaces, the live audio feature for X, is now letting hosts turn on their video during chat sessions. The platform formerly known as Twitter announced the news on Wednesday as owner / CTO Elon Musk reposted a walkthrough from a user named "Dogedesigner."

Spaces users will notice a new option to “enable video” when they first create a new Spaces session. Hosts can opt for either their phone’s front or back-facing cameras as well as either a landscape or vertical view of their video feed.

The Video Spaces are available on the iOS version of the X app, but we haven’t seen them available on Android or the web yet. Multiple users reported significant lag while trying out the feature so far.

X bringing video to the formerly audio-only Spaces may sound like it’s bringing back Periscope, that’s technically not the case. X already has a live broadcast feature, which lets users stream video that appears both on their profiles and the timelines of their followers. Periscope (before its untimely demise) did have a feature where hosts could invite other guests to participate in live broadcasts.

Right now, only hosts have the ability to turn on video. The end result is a prominent display of the host’s video feed, which is then surrounded by icons of co-hosts, speakers, and any listeners. At first glance, it’s an environment that resembles Twitch — expect for the fact that any selected audience members can chime in at any minute. A host’s video feed also only lives inside a Spaces session, so users will have to join the session in order to tune in.

When Elon Musk announced that Spaces would get video late last year, his description of it sounded closer to a videoconferencing app or video call app like FaceTime, where the video feed switches to whoever is currently speaking.

But for now, a typical Spaces with video session prominently features the host’s video feed, which is surrounded by the smaller icons of any other speakers, co-hosts, or listeners in the room. It’s not exactly like Twitch since anyone you give permission to can speak back to you, but it does turn the host into the main event in a similar fashion.

The new video integration of X Spaces is separate from the platform’s existing live broadcast feature, which lets users directly livestream video. Spaces functions as a live chatroom, where multiple users can tune in and speak. In contrast, the audience in a typical live broadcast can only comment or send hearts.

Behind Apple’s Doomed Car Project: False Starts and Wrong Turns

Behind Apple’s Doomed Car Project: False Starts and Wrong Turns Internal disagreements over the direction of the Apple car led the effort to sputter for years before it was canceled this week.

mardi 27 février 2024

Google CEO says Gemini AI diversity errors are ‘completely unacceptable’

Google CEO says Gemini AI diversity errors are ‘completely unacceptable’
Photo illustration of Sundar Pichai in front of the Google logo
Google CEO Sundar Pichai. | Illustration by Cath Virginia / The Verge

The historically inaccurate images and text generated by Google’s Gemini AI have “offended our users and shown bias,” CEO Sundar Pichai told employees in an internal memo obtained by The Verge.

Last week, Google paused Gemini’s ability to generate images after it was widely discovered that the model generated racially diverse, Nazi-era German soldiers, US Founding Fathers who were non-white, and even inaccurately portrayed the races of Google’s own co-founders. While Google has since apologized for “missing the mark” and said it’s working to re-enable image generation in the coming weeks, Tuesday’s memo is the first time the CEO has widely addressed the controversy.

In the memo, which was first reported by Semafor, Pichai says the company has “been working around the clock” to address “problematic text and image responses in the Gemini app.” He doesn’t says that Google has fixed the problem. “No Al is perfect, especially at this emerging stage of the industry’s development, but we know the bar is high for us and we will keep at it for however long it takes,” he writes.

You can read Sundar Pichai’s full memo to Google employees below:

Hi everyone

I want to address the recent issues with problematic text and image responses in the Gemini app (formerly Bard). I know that some of its responses have offended our users and shown bias — to be clear, that’s completely unacceptable and we got it wrong.

Our teams have been working around the clock to address these issues. We’re already seeing a substantial improvement on a wide range of prompts. No Al is perfect, especially at this emerging stage of the industry’s development, but we know the bar is high for us and we will keep at it for however long it takes. And we’ll review what happened and make sure we fix it at scale.

Our mission to organize the world’s information and make it universally accessible and useful is sacrosanct. We’ve always sought to give users helpful, accurate, and unbiased information in our products. That’s why people trust them. This has to be our approach for all our products, including our emerging Al products.

We’ll be driving a clear set of actions, including structural changes, updated product guidelines, improved launch processes, robust evals and red-teaming, and technical recommendations. We are looking across all of this and will make the necessary changes.

Even as we learn from what went wrong here, we should also build on the product and technical announcements we’ve made in Al over the last several weeks. That includes some foundational advances in our underlying models e.g. our 1 million long-context window breakthrough and our open models, both of which have been well received.

We know what it takes to create great products that are used and beloved by billions of people and businesses, and with our infrastructure and research expertise we have an incredible springboard for the Al wave. Let’s focus on what matters most: building helpful products that are deserving of our users’ trust.

Amazon’s Road House reboot is accused of copyright infringement — and AI voice cloning

Amazon’s Road House reboot is accused of copyright infringement — and AI voice cloning
Amazon MGM Studios

The screenwriter of the 1989 action film Road House is suing MGM Studios and its owner Amazon Studios, accusing them of copyright infringement over the upcoming Road House remake, report the Los Angeles Times and The Hollywood Reporter. The lawsuit, filed on Tuesday in the U.S. Central District Court in Los Angeles, also alleges that Amazon Studios resorted to generative AI to clone actor’s voices in order to finish the Road House remake during last year’s Hollywood strikes, which largely shut down film production.

In the complaint, screenwriter R. Lance Hill reportedly states that he filed a petition with the US Copyright Office in November 2021 to reclaim the rights for the screenplay (which both the original Road House and Amazon Studios reboot is based on). At that point, Amazon would have owned the rights to Road House due to the tech giant’s acquisition of MGM’s film library, but the tech giant’s claim on the work was set to expire in November 2023.

But according to THR, Hill’s original deal with United Artists (which secured the rights to the 1986 screenplay before being later acquired by MGM Studios) is defined as a “work-made-for-hire”. The term, according to the US Copyright Office, means that party that hired an individual to create work is both the owner and copyright holder of that work.

Hill alleges that the work-for-hire clause was merely boilerplate, and that Amazon ignored his copyright claims and rushed production of the remake, even taking “extreme measures” such as using generative AI. The lawsuit is seeking a court order to block the release of the film, which is scheduled to premiere on the opening night of SXSW on March 8th and stream on Prime Video on March 21st.

Amazon MGM Studios categorically denied using AI to replace or recreate actors’ voices in statements to The Verge, with spokesperson Jenna Klein telling us that “the studio expressly instructed the filmmakers to NOT use AI in this movie.”

“If at any time AI was utilized, it would have been by the filmmakers (while editing early cuts of the film) and not the studio as they controlled the editorial,” Klein wrote, adding that filmmakers were instructed to remove any “AI or non-SAG AFTRA actors” when finishing the film.

Amazon also said that “numerous allegations” in the lawsuit are “categorically false,” and that the company doesn’t believe its copyright has effectively expired on Road House.

Eufy’s new 360-degree 4K camera doesn’t need Wi-Fi or power outlets

Eufy’s new 360-degree 4K camera doesn’t need Wi-Fi or power outlets
Eufy 4K LTE Cam S330 on a pole
Eufy

Anker’s Eufy brand has started shipping a new 4K security camera that should offer 360-degree views, panning 344 degrees and tilting up to 70 degrees. It could also run indefinitely without wired internet or power.

That’s because in addition to Wi-Fi, the $249.99 Eufy 4G LTE Cam S330 can connect to nearby LTE towers instead, and comes with a detachable solar panel that supposedly needs just two hours under the sun to keep the 36.2Wh battery charged. Since the battery also lasts up to a month on a full charge, according to Anker, it could keep going even through the rainy season.

On paper, the S330 seems to address many of the pain points we encountered with earlier LTE-capable cameras from both Eufy and Arlo for around the same starting cost. While you could totally mount it inside or outside your primary residence for wire-free security, the design and functionality could make it even more ideal for remote areas on your property — perhaps at the far corner of a garden, a nearby storage shed, or other areas Wi-Fi won’t reach. Aiding that venture, Eufy suggests it can withstand harsh temperatures and elements hot or cold (-4 to 122 degree Fahrenheit).

It builds on the Eufy Starlight by including an EIOTClub SIM card that should automatically hop between Verizon, AT&T, and T-Mobile, depending on whichever is serving up the strongest LTE signal. That functionality carries an ongoing fee of $19.90 per 2GB or $139.99 per 24GB after you’ve used up 100MB of trial data, but you can also use your own SIM. Eufy estimates it’ll eat about 700MB of data per month, assuming you don’t have an extraordinary barrage of traffic constantly triggering recordings.

Eufy S330 4K camera mounted on a structure Image: Eufy

The 4K camera offers 8x zoom and uses activity zones with AI-powered vehicle and human detection to cut back on false alarms from critters and other incidental activity. There’s also an integrated 100-lumen spotlight surrounding the sensor that can illuminate areas up to 26 feet away. Rounding out its security features are two-way audio and the ability to sound an alarm, all controllable through the mobile app and with Google Assistant and Amazon Alexa voice control.

You can save up to eight months of recordings locally to the included 32GB microSD card (the camera supports up to 128GB cards), but the S330 sadly doesn’t cooperate with third-party NAS devices. It’s usable with Eufy’s $149.99 HomeBase 3 S380, however, which supports up to 16TB of storage and enables facial recognition. The only catch for such privilege is that it requires you to stay in Wi-Fi mode. It’s also worth noting that you can only switch between LTE and Wi-Fi manually using the app, so you can’t rely on it as an automatic failsafe.

Nintendo sues Switch emulator Yuzu for ‘facilitating piracy at a colossal scale’

Nintendo sues Switch emulator Yuzu for ‘facilitating piracy at a colossal scale’
The Nintendo logo sits inside a black, red, and cream-colored design.
Illustration by Alex Castro / The Verge

If you’ve ever seen a Steam Deck playing a Legend of Zelda game, chances are you were seeing the Yuzu emulator at work. Now, Nintendo has sued the developers of Yuzu in US federal court, with the intent of squashing Yuzu for good.

In the lawsuit, spotted by Stephen Totilo, Nintendo alleges that Yuzu violates the anti-circumvention and anti-trafficking provisions of the Digital Millennium Copyright Act (DMCA) as well as accusing the creators of copyright infringement. It alleges Yuzu is “primarily designed” to circumvent several layers of Nintendo Switch encryption so its users can play copyrighted Nintendo games.

The company’s not only asking for the courts to stop Yuzu in its tracks with a permanent injunction. It also wants to take away its domain names, URLs, chatrooms, and social media presence; hand yuzu-emu.org over to Nintendo; and even seize and destroy its hard drives to help wipe out the emulator. Oh, and Nintendo wants lots of money in damages as well.

Aren’t emulators legal? Well... yes and no. While there’s legal precedent that suggests it’s okay to reverse engineer a console and develop an emulator that uses none of the company’s source code, those cases are roughly a quarter of a century old or more — it gets trickier when we’re talking about multiple layers of modern encryption and the copyrighted BIOSes that Yuzu and other modern emulators require to run.

The Dolphin Emulator for Nintendo Wii and GameCube got in enough hot water to abandon its plan to launch on Steam, when it was revealed that Dolphin ships with Nintendo’s Wii common key to help circumvent the copyright protection on Wii games. (Dolphin maintains that including that key is legal.)

Nintendo doesn’t allege that Yuzu includes any such keys, though. Yuzu takes a bring-your-own-BIOS approach, expecting users to either lift their own BIOSes and keys off a hacked Nintendo Switch (using a loophole that Nintendo eliminated in newer models), or more likely download a pirated one.

So instead, Nintendo’s arguing that Yuzu is knowingly “facilitating piracy at a colossal scale.”

As you’ll see in the full complaint below, Nintendo suggests that Yuzu is facilitating that piracy in myriad ways, including providing “detailed instructions” on how to “get it running with unlawful copies of Nintendo Switch games,” testing thousands of official Nintendo Switch games to verify their compatibility, and linking to websites that help users “obtain and further distribute the prod.keys.” Nintendo also says the developers have clearly extracted Nintendo Switch games themselves, bypassing encryption, in order to test their own emulator.

 Image: Nintendo lawsuit
Nintendo points out in its complaint that Yuzu advertises compatibility with specific copyrighted Nintendo games like Xenoblade.

If Nintendo can prove that Yuzu is “primarily designed” to give people access to official Nintendo Switch games and has no other real use, Yuzu would indeed be in trouble. DMCA Section 1201(a)(2) bans products “primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access” to a copyrighted work. It’s the same provision that game archivists have struggled with for years.

“The important thing is that Nintendo is bringing the case as a DMCA circumvention claim,” says Richard Hoeg, a business attorney who hosts the Virtual Legality podcast. He tells me that that while emulators are broadly legal if engineered “correctly,” the DMCA also lets Nintendo focus on whether the emulator was only designed to break Nintendo’s control over its games.

“There is a real chance for them to win as the court ‘tests’ things like the effectiveness of the measure and just how the emulator was created,” Hoeg says.

Nintendo suggests in its complaint that it may have actually been damaged by Yuzu, too, alleging that The Legend of Zelda: Tears of the Kingdom was illegally downloaded over a million times in early May 2023, while Yuzu’s Patreon membership doubled during that same period.

Legal emulation or no, Yuzu may not want to risk finding out in a court of law. Many small bands of developers have axed their projects after being approached by Nintendo, and it wouldn’t be surprising if Yuzu settled. “I’d say the claim here is enough to get a reasonable emulator company to cease, desist, and settle claims,” says Hoeg. “But remember that this is only one side of the story at present.”

Yuzu didn’t immediately respond to requests for its side of the story on Discord and via email. The team released Yuzu for Android last May.

Stardew Valley is getting a massive March game content update

Stardew Valley is getting a massive March game content update
A pixel art banner for Stardew Valley’s 1.6 update.
The 1.6 update will be available for macOS, Windows, and Linux on March 19th. | Image: ConcernedApe

Stardew Valley developer Eric Barone — better known as ConcernedApe — has revealed when players can expect the next major update to drop, adding fresh content and expanded multiplayer options to the game. Announced on Monday in line with Stardew Valley’s eighth anniversary, update 1.6 will be available for PC (Windows/macOS/Linux) players on March 19th, with console and mobile to follow “as soon as possible.”

We have some idea of what content is coming thanks to a “sneak peak” that ConcernedApe shared back in September. This includes three unnamed festivals — one “major” and two “mini” — alongside new items, crafting recipes, rewards for billboard quests, and late-game content that expands each of the five skills: farming, fishing, mining, foraging, and combat. Over 100 new lines of dialogue are being added for the local villagers, as are some trendy winter outfits (which will presumably be donned during the game’s chillier season).

A list of upcoming features that will be added to Stardew Valley in version 1.6. Image: ConcernedApe
The developmental sneak peek for the 1.6 update teases additions like frogs, new Warp Totems, and...a shady lil’ guy.

Players can also expect some Joja-themed alternatives for some of the end-game quests and a new farm type which hasn’t been disclosed yet. Other vagueries such as “new secrets” and “small additions” have also been teased, but we’ll need to wait for the full patch notes for more details on that. Finally, multiplayer support for PC is being expanded from four to eight players, allowing you to drag more farmhands (or friends) to help build your virtual homestead.

It’s no small feat to keep providing a game’s fanbase with new content for almost a decade, especially for one that started out as a solo project. The incoming 1.6 update for Stardew Valley will hopefully be enough to sate our appetites until ConcernedApe announces a release date for his highly anticipated second game, Haunted Chocolatier.

lundi 26 février 2024

Nvidia’s free-tier GeForce Now will soon show ads while you’re waiting to play

Nvidia’s free-tier GeForce Now will soon show ads while you’re waiting to play
Nvidia’s GeForce Now is a cloud gaming platform that spans many devices. | Image: Nvidia

Nvidia’s completely free, no-strings attached trial of its cloud gaming service GeForce Now is about to be very slightly less of a deal — on Wednesday February 28th, Nvidia tells The Verge, users will start seeing ads.

They’re only for the free tier — not Priority or Ultimate — and even then, it sounds like they won’t interrupt your gameplay. “Free users will start to see up to two minutes of ads while waiting in queue to start a gaming session,” writes Nvidia spokesperson Stephanie Ngo.

Currently, the free tier does often involve waiting in line for a remote computer to free up before every hour of free gameplay — now, I guess there’ll be a few ads too. Nvidia says the ads should help pay for the free tier of service, and that it expects the change “will reduce average wait times for free users over time.”

My problem with GeForce Now’s free tier has never been its queues, but rather that it’s by far the least impressive version of the company’s service and doesn’t show what cloud gaming is truly capable of. For that, you really need to try GeForce Now Ultimate, which gives you the power of an RTX 4080 in the cloud, greatly reduced latency, and now G-Sync monitor support. But it currently still costs $20 a month, with no free trial.

I don’t see Nvidia’s promised $7.99 day pass yet, which would make for a better trial, and I’m asking Nvidia about that.

The company plans to send out emails tomorrow to all free-tier users tomorrow, February 27th, to let them know about the ads.

In October, Nvidia raised the price of GeForce Now in countries other than the US. Nvidia said the hikes “account for increased operational costs” in the countries where they rolled out. Many streaming services have had price hikes and introduced ad-supported tiers in recent months.

Instagram and Facebook Subscriptions Are a New Focus of Child Safety Suit

Instagram and Facebook Subscriptions Are a New Focus of Child Safety Suit New Mexico’s attorney general has accused Meta of not protecting children from sexual predators on its platforms. He now wants to know how it polices subscribers to accounts featuring children.

Netflix confirms it’s cutting off Apple billing for grandfathered subscribers

Netflix confirms it’s cutting off Apple billing for grandfathered subscribers
Netflix’s logo on a black and yellow background
Illustration by Alex Castro / The Verge

Netflix confirms to The Verge that it has begun booting longtime subscribers off their Apple iTunes billing plans, and will require them to pay Netflix directly using a credit card or debit card instead. Earlier today, The Streamable reported that Netflix had begun telling customers in “some territories,” but Netflix representative Momo Zhao confirms to us that all “members on the basic plan who were using an iTunes method of payment” will need to sign up directly.

It’s been a good run for anyone who signed up before Netflix stopped accepting subscriptions through Apple’s payments system. One person indicated today on X that they’d kept the streaming service’s old $9.99 price for years.

Alas, if you’re like that person, you’ll now have to join the rest of us and either accept a more-than-$5 price hike for essentially the same plan you’ve had for years or pay $3 less than you have been and let the ads wash over you. Or you could take the time to reflect on your relationship with streaming services, which seem to get pricier all the time.

The change is the end of a long saga — despite Apple adding in-app subscription options to iPhones in 2010, Netflix didn’t add them to its iOS app until 2015 because it was opposed to Apple’s 30 percent cut. In late 2018, Netflix decided it didn’t want to pay Apple at all, dropping in-app subscriptions entirely, and it never looked back.

dimanche 25 février 2024

Supreme Court to Decide How the First Amendment Applies to Social Media

Supreme Court to Decide How the First Amendment Applies to Social Media Challenges to laws in Florida and Texas meant to protect conservative viewpoints are likely to yield a major constitutional ruling on tech platforms’ free speech rights.

Lenovo worked with iFixit to make some ThinkPads easier to repair

Lenovo worked with iFixit to make some ThinkPads easier to repair
The ThinkPad T14s Gen 5 | Photo: Lenovo

While the ThinkBook Transparent Display laptop Lenovo showed off at MWC 2024 is just a proof of concept, the company also announced refreshed versions of several ThinkPads and ThinkBooks, as well as a few accessories.

That includes three refreshed ThinkPad T-series laptops: the ThinkPad T14 Gen 5, ThinkPad T14s Gen 5, and ThinkPad T16 Gen 3, all with Intel Core Ultra processors (or an AMD Ryzen 8040 option for the T14 Gen 5). All three get Lenovo’s Communication Bar, which extends a portion of the top bezel to house the camera and microphones, giving those laptops slimmer top bezels and taller display ratios. Lenovo previously added this feature to other ThinkPad laptops, like the X1 Carbon and X1 Nano.

Top-down shot of a ThinkPad laptop keyboard, black with white legends, with the red ThinkPad touchpoint in the middle. Image: Lenovo
The keyboard on the ThinkPad T14 Gen 5 includes more homing bars, swapped Ctrl and Fn keys, and the new Copilot key between right Alt and Ctrl.

The T-series keyboards also now have the same tactile markings, (homing bars) on the Fn, Insert, Enter, and volume keys as the ThinkPad X1 Carbon Gen 12 and ThinkPad X1 2-in-1 Gen 9 laptops to make typing more accessible to those who are visually impaired. Lenovo also broke with its long-standing tradition of putting the Fn key on the outer-most edge and swapped it with Ctrl, where the majority of laptop and keyboard manufactures put them. There’s a physical Microsoft Copilot key between right Alt and Ctrl, too, but Lenovo left the Windows Key alone. (Phew!)

Lenovo also collaborated with iFixit to make it easier to replace certain hardware components on the ThinkPad T14 Gen 5 and T16 Gen 3. This includes a move back to fully-socketed DIMM slots instead of soldered RAM, user-replaceable cable-free batteries (with fewer screws to remove them), and accessible SSD and wireless adapter slots.

For users who are super new to laptop repairs, the SSD and RAM slots are clearly marked, and Lenovo now includes QR codes inside the laptop body near each repairable component with instructional videos about the process. There are also indicators that point to the specific screws to remove if you’re looking to just replace the keyboard and trackpad.

 Lenovo
The ThinkPad X12 Detachable Gen 2

There is one more ThinkPad laptop up Lenovo’s sleeve: the ThinkPad X12 Detachable Gen 2. We liked the first-gen a lot when it was released in April 2021; this upcoming version will have an Intel Core Ultra U processor, 32GB LPDDR5x soldered RAM, a 5MP front-facing webcam that supports Windows Hello, an 8MP outward-facing cam, and support for a 4G LTE wireless adapter.

Lenovo has made some adjustments to its ThinkBook 14 2-in-1 laptop, too, by shortening the key travel to 1.5mm and enlarging the touchpad. It also has new peripherals and accessories, including the ThinkVision M14t Gen 2 Mobile touch monitor and a USB-C Slim travel dock.

All Intel-configured ThinkPads hit stores starting April 2024, with pricing expected to start at $1,199. (The ThinkPad T14 Gen 5 AMD configuration will be available in May 2024, starting at $949.) The ThinkBook and USB-C dock arrive in March 2024, starting at $1,169 and $89.99, respectively. The portable monitor ($399) arrives in July 2024.

AT&T Offers $5 Credit After Widespread Service Outage

AT&T Offers $5 Credit After Widespread Service Outage Thousands of customers lost service on Thursday when the telecommunications company ran into problems while trying to expand its network, the company’s chief executive said.

HMD is making a Barbie flip phone alongside a smartphone for tinkerers

HMD is making a Barbie flip phone alongside a smartphone for tinkerers
Two barbie dolls, one holding a toy phone.
C’mon Barbie let’s go make some phone calls. | Image: HMD

HMD is crossing its fingers for a second summer of Barbie. The company, which has exclusively sold phones under the Nokia brand name for the past seven years, has announced plans to release a Barbie-branded flip phone this July in partnership with Mattel. It’s one of several devices HMD has on the way for this summer, which also include a new Nokia-branded retro feature phone, and an HMD-branded smartphone. Finally, the company has also announced early plans for a new development platform it’s calling “HMD Fusion.”

No pricing, specs, or features were announced for the as-yet-unnamed Barbie phone, but expect it to be a traditional feature flip phone rather than a smartphone. In an interview, HMD’s global head of insight, proposition, and product marketing Adam Ferguson confirms it’ll be an all-new device. “Barbie’s is not the kind of brand that you go, here’s an off-the-shelf solution,” he says.

A barbie doll and a toy dog. Image: HMD
Expect a flip feature phone bearing the Barbie name.

The collaboration is an extension of the plans first announced in September, in which the Finnish company (now styling itself as “Human Mobile Devices” rather than simply “HMD”) said it planned to move away from exclusively producing Nokia-branded products to selling devices under its own name, as well as collaborating with “exciting new partners.” Mattel is the first such partner, but Ferguson says it won’t be the last.

“Are there other partnerships other than just working with Mattel? Absolutely. Are they as massive, and triple-A as Mattel? Absolutely. Can I tell you what those are at this point? Absolutely not.”

As for the own-branded phone, the company isn’t ready to talk specifics, but we know that it’ll also be coming this summer. The announcement comes a little over a month after 91Mobiles leaked images of a smartphone that looks very similar to the company’s existing Nokia phones, albeit with an HMD logo where the Nokia one used to be.

None of this means HMD is ditching the Nokia branding entirely, and Ferguson denied that HMD is exploring other brand names because of any decline in the popularity of the Nokia name. “It’s absolutely not that we think that there’s a lessening of the power there,” Ferguson says, “It’s just that there is, from the business HMD standpoint, we have the opportunity to do more… with this multi-brand strategy.”

The company says it plans to “bring back an iconic phone this summer,” similar to its other retro revivals of devices like the Nokia 3310 and Nokia 8110.

Away from branding announcements, HMD had a couple of more product-focused initiatives to announce. The most interesting of these is HMD Fusion, a new smartphone-style device that HMD is pitching as a DIY platform for tinkerers. Like Moto Mods, but you have to make and program your own accessories.

Essentially, HMD’s aim with the Fusion is to offer the kinds of tinkering possibilities of a Raspberry Pi, but in the form factor of a smartphone complete with a built-in screen and battery. It achieves this with an array of six pogo pins on the back of the device, which are designed to allow the attachment of hardware accessories. For software it’s running Android with an unlocked bootloader, and HMD is calling the kinds of hardware you might build around the device “outfits.” Between them, HMD’s ambition is to provide a device that end users or even businesses can customize to suit their needs.

“Let’s say, for example, you’re working in the medical field and you need to be able to help test people’s blood,” Ferguson says. “You have a software service, you have an app that you need, but it needs hardware attached. It can be expensive and people won’t necessarily know how to use it. You build an outfit based on this, for the Fusion device, and it can then do the blood test, compute it, work out whether you need to book an appointment and all of that kind of stuff.” Other ideas Ferguson mentions are building a case with built-in flashing notification lights, or a streaming accessory with a built in high quality microphone and stream controls.

For now, HMD is just announcing the Fusion platform and is releasing initial designs and specs for the device to allow would-be tinkerers to start thinking about how they might like to make use of it, but Ferguson warns that these specs could change as people start feeding back about the company’s plans.

Rounding out its MWC announcements, HMD also reaffirmed that it’s plowing ahead with the repairability initiative it kicked off with the Nokia G22 at last year’s MWC, and that this initiative will also apply to its HMD-branded devices. The company’s target is for half of the phones it sells this year to be easily repairable, and it’s also specifically improving how repairable the screens of its devices are. “The fact that it we’ve done it without glue and all of that was was a great step for the time, but it needed to be better,” Ferguson says. But although he says it’s “much better” this time around, we’ll have to wait for the actual announcement of the device to find out how.

What to Know About the Supreme Court Case on Free Speech on Social Media

What to Know About the Supreme Court Case on Free Speech on Social Media Both Florida and Texas passed laws regulating how social media companies moderate speech online. The laws, if upheld, could fundamentally alter how the platforms police their sites.

Can a Tech Giant Be Woke?

Can a Tech Giant Be Woke? Microsoft, once again a juggernaut thanks to artificial intelligence, wants to be seen as an ethical employer. Is there a catch?

samedi 24 février 2024

The latest ‘Woj bomb’ was just a scam NFT tweet from a hacked account

The latest ‘Woj bomb’ was just a scam NFT tweet from a hacked account
A greyscale image of the fake tweet, with the word “hacked” across it in red text.
The fake NBA Top Shot tweet. | Image: X / @wojespn

People who still use NBA Top Shot were the primary targets of a scam tweet posted to ESPN reporter Adrian Wojnarowski’s account on X Saturday evening at about 6:30PM ET. The tweet referred to NBA Top Shot as a “popular” NFT platform, despite the fact that current activity levels are a tiny fraction of what we saw during its peak, and falsely claimed a “free NFT pack is available to all customers.”

The tweet linked visitors to a scam version of the NBA Top Shot website (the link went to a .org address instead of the official site’s .com URL) that could attempt to drain assets from people who give it access to their crypto wallets. About a half hour later, the official Top Shot account posted, saying, “There is NO Free Airdrop happening on NBA Top Shot at this time, Please be careful and always double check links.”

The post was eventually pulled from Wojnarowski’s account after being live for nearly an hour. Because of his reputation for breaking news tweets, many NBA fans have alerts turned on for his posts and could have had account information stolen if they clicked the fraudulent link.

A number of high-profile Twitter / X accounts continue to get compromised. Wojnarowski’s recent NBA news posts have also been syndicated on Threads, however that account was not used for the scam.

However, the latest NBA Top Shot stats from tracking site Cryptoslam.io only show about 8,100 unique sellers and 5,550 unique buyers for the month of January, down from the peak of more than 399,000 buyers in March 2021, so it’s doubtful there are very many people left using it to get scammed by this kind of post.

vendredi 23 février 2024

When does a journalist become a hacker?

When does a journalist become a hacker?
Photo illustration of the Supreme Court building with gavels behind.
Cath Virginia / The Verge | Photos via Getty Images

Some laws operate like hidden trap doors — everyone walks across the trap at one point or another, but only a handful of us actually fall through. For the rich, it’s the law against insider trading; for the rest of us plebs, it’s the Computer Fraud and Abuse Act.

On Thursday, federal law enforcement arrested journalist Tim Burke and arraigned him in court in handcuffs. Twelve of the 14 charges levied against him in the since-unsealed indictment are under the Computer Fraud and Abuse Act (CFAA), the federal anti-hacking statute.

The story begins with Tucker Carlson’s extremely cursed interview of Kanye West in 2022. Most interviews are edited for clarity; in this case, the interview was cut to exclude a rambling, antisemitic rant. That unaired clip and others made their way to Vice and Media Matters through Burke, who downloaded them from LiveU, a streaming service that media companies use to share video files. The FBI raided Burke’s home last year, seizing phones, laptops, hard drives, and notes.

The indictment is an incredible example of how the CFAA tortures the English language. It accuses Burke of “repeatedly utiliz[ing] the compromised credentials to gain unauthorized access to the Victim Entities’ protected computers.” Burke and his lawyers have maintained that he found the video clips after using demo login credentials that had been posted publicly on the internet, and that the files could be shared via unsecured, public URLs.

If so, that probably wasn’t the ideal IT setup for the media outlets that were using LiveU. They may have, in fact, objected very strongly to strangers being able to access their outtakes. But is that enough to establish “unauthorized access”? Should it be?

The universe of wack CFAA prosecutions is rich and diverse because the CFAA is so easy to weaponize. The statute hinges on access “without authorization” or access that “exceeds authorization.” It doesn’t really specify what a “protected computer” is. (A better question might be: what’s an unprotected computer?) For a good long time, it was ambiguous whether violating a website’s terms of service could be a felony with serious jail time. The 2021 Supreme Court decision in Van Buren v. United States narrowed the CFAA down enough that that’s no longer a concern. (The timing was inadvertently clutch, as shortly thereafter Netflix began to crack down on password sharing and everyone started getting whipped up over AI companies scraping websites against operators’ wishes.)

Because Burke is a journalist, what may come to mind first is the case against journalist Matthew Keys, convicted in 2015 after he posted the content management system credentials for his erstwhile employer into a public chatroom while urging others to deface the website. Keys, whose actions there resemble neither hacking nor journalism, was prosecuted under a provision of the CFAA prohibiting “damage without authorization.” It’s a different section of the law, though the same sticky problem with the meaning of “authorization” pops up yet again.

But Burke’s case is much more analogous to those of much-lamented and admired Aaron Swartz (sometimes called “the internet’s own boy”) or the unlamented and less-admired Andrew “weev” Auernheimer (often called “a notorious troll” and “a terrible person”), both of whom were famously prosecuted under the CFAA for scraping readily available information.

Auernheimer’s conviction stemmed from a script that automatically accessed a series of public URLs that unfortunately contained AT&T customer information. Swartz was prosecuted for scraping JSTOR, a paywalled academic database that could be freely accessed on MIT’s campus network. Theoretically, his access began to “exceed authorization” when he signed into the network as Gary Host (G. Host, or Ghost), and then when, after campus IT attempted to block his computer for excessive server requests, he spoofed his DNS.

Swartz and Auernheimer aren’t known as journalists, though both are associated with media publications — Swartz was a contributing editor to the left-wing magazine The Baffler, and Auernheimer sometimes writes for the Daily Stormer, a white supremacist website he has helped manage on the technical side. Their respective prosecutions speak to that side of their personalities. Swartz scraped JSTOR in hopes of liberating scholarship for the whole world; Auernheimer, who did not write any of the code he was jailed for, acted as the official hype man for the AT&T breach because he loves attention.

Auernheimer’s conviction was overturned in 2014 by an appeals court on a technicality; Swartz’s case never went to trial because he died in 2013. Aaron’s Law — a bill to reform the CFAA — was proposed in the wake of his suicide but stalled in Congress.

If these two men had been written into a novel, their characters would be derided as ham-fisted symbols of the noble and ignoble instincts that drive journalism. As it is, it’s maybe shocking that journalists aren’t being prosecuted all the time. When you define “authorization” that loosely, of course a journalist will end up on the hook — journalism in the modern day is the act of using your computer in a way someone somewhere would really rather you did not.

The case against Tim Burke is almost a bizarre historical throwback. On all sides — the legislature, the courts, and even the DOJ — people seem to know that there is something wrong with the CFAA. It’s a law that can be made to fit a dizzying array of scenarios, to take down progressive idealists and literal neo-Nazis with equal efficacy. And here we are again, squinting at websites and asking, “Is this a protected computer?”

A former Gizmodo writer changed his name to ‘Slackbot’ and stayed undetected for months

A former Gizmodo writer changed his name to ‘Slackbot’ and stayed undetected for months
There’s something a bit different about this Slackbot icon... | Image: Tom McKay

Hiding on Slack isn’t all that hard, apparently; you just have to pretend you’re a bot. That’s what IT Brew’s Tom McKay did when he left Gizmodo in 2022, and he went undetected by the site’s management for months.

In a post on X, McKay shared some screenshots of the new “Slackbot” persona he took on after he officially left Gizmodo. He also confirmed to The Verge that this silly prank really happened.

If you’re not glued to Slack for most of the day like I am, then you might not know that Slackbot is the friendly robot that lives in the messaging service. It helps you do things like set reminders, find out your office’s Wi-Fi password, or let you know when you’ve been mentioned in a channel that you’re not a part of.

When it was his time to leave, McKay swapped out his existing profile picture for one that resembled an angrier version of Slackbot’s actual icon. He also changed his name to “Slackbot.” You can’t just change your name on Slack to “Slackbot,” by the way, as the service will tell you that name’s already been taken. It does work if you use a special character that resembles one of the letters inside Slackbot, though, such as replacing “o” with the Unicode character “о.”

The move camouflaged McKay’s active Slack account for months, letting his account evade deletion. It also allowed him to send bot-like messages to his colleagues such as, “Slackbot fact of the day: Hi, I’m Slackbot! That’s a fact. Have a Slack-ly day!” My colleague Victoria Song, who previously worked at Gizmodo, isn’t all that surprised that this situation unfolded, and says, “As Tom’s former coworker and a G/O Media survivor, this tracks.”

Of course, not every company will fall for this trick, as some have security measures in place to prevent this kind of thing. But perhaps Gizmodo’s management thought that McKay’s account had already been deleted. Or maybe they just weren’t eagle-eyed enough to spot a duplicate Slackbot with a suspicious pair of brows.

The best tech gifts for under $25

The best tech gifts for under $25
Nanoleaf Essentials A19 bulb and Essentials Lightstrip in a bedroom scene.
There are plenty of great tech gifts that can light up someone’s life for less than $25, from smart bulbs to everyday essentials. | Image: Nanoleaf

Wanting to treat a friend or a loved one to some tech or a cool gadget while on a very lean budget can feel like an impossible task. Most of the everyday devices we use cost multiple hundreds of dollars, so what do you get when you just want a nice birthday or “just because” kind of gift but can’t break the bank? Sure, you could default to something basic like a pair of socks or a scarf, but that gets boring fast.

Here, we’ve assembled a bunch of cool tech ideas on a budget of just $25 that are worth your money, including a headphone stand ($19.99), a quality USB-C cable ($9.99), a unique Bluetooth speaker, and other essentials. Some of these items might not sound very fun or exciting at first, but they’re all helpful gifts that any tech-head can appreciate.

Anker MagGo Qi2 Wireless Charger

A charger that’s cheaper and longer than Apple’s charging puck

If you need a gift for someone in the tech bubble and want to cement your spot as the coolest person in their life, try getting them the Anker MagGo Wireless Charger, which is only $21.99 at Amazon. Qi2 chargers standardize the faster 15W wireless charging speeds that were once limited to MagSafe-certified products. Anker’s version has a five-foot cable for those who felt Apple’s official MagSafe charger was too short. As of writing, only the iPhone 13 and newer support Qi2, so you should confirm which phone they have before purchasing one. It’s also worth noting that it doesn’t ship with the 20W adapter required to unlock its full charging potential, so try to figure out whether your recipient already has one.

 Image: Uni
A great, lengthy USB-C cable is just too handy to be without. And once you have one you soon find a need for having more than one, like playing while charging your Nintendo Switch or PlayStation DualSense controller.

Uni USB-C to USB-C cable (10 feet)

A much longer braided cable for laptop charging

Even when someone is working from home, it’s annoying to have a charging cable that’s too short. Most laptops and other devices come with cables that are barely long enough for many everyday situations. This lengthy USB-C cable from Uni gives much more flexibility for even larger laptops that require a lot of wattage. It supports 100W charging — which is enough to satisfy even the newest MacBook Pro models — and it only costs $19.99 at Amazon, with frequent discounts dropping it to as low as $7. A cable may not sound like an exciting gift, but I’m sure your loved one will appreciate not being tethered so close to a wall.

Rocketbook Core

The perfect gift for the techie scribe in your life

Notebooks — the old-school kind, not laptops — have largely taken a back seat to typing, voice dictation, and virtual assistants, but some people still prefer putting pen to actual paper. The Rocketbook Core offers the best of both worlds, though. It’s a reusable notebook that lets you write naturally on any of its 36 pages with the included pen, and you can easily scan the resulting text or drawings into your preferred notes app before wiping the pages clean with a cloth. Rocketbook’s retail price for the 6 x 8.8-inch notebook is $29.99, but you can almost always find it on sale at Amazon for as low as $19.97.

Besign LS10 Aluminum Laptop Stand

Give the gift of neck relief and better posture

If a friend or loved one cranes their neck when working from home on a laptop, they deserve some relief. Elevating a laptop to eye level is not only healthier for your posture, but it makes you look better on video calls, too. The Besign LS10 laptop stand normally runs $24.99 on Amazon, but you can typically count on discounts bringing it down to around $20. It has an adjustable hinge design, so it sets up to the height you need and easily folds away when not in use. Plus, with a claimed weight capacity of 13 pounds, it’s strong enough to hold even some hefty full-size laptops.

Oontz Solo

A small, affordable speaker that anyone can appreciate

Almost everyone loves music, so a portable Bluetooth speaker can be a foolproof gift for someone in your life who is harder to shop for. The triangular Oontz Solo ($19.99 at Amazon) is the miniaturized sibling of the Angle, which has gained popularity as an inexpensive speaker that delivers solid tunes. The triangular design gives serious Sabre Pyramid vibes, but unlike that chunky monstrosity, the Solo is just 3.9 inches long and weighs just under eight ounces. It retains IPX5 water resistance despite its small stature, making it suitable for some poolside fun, and the battery is rated to last up to 10 hours. It’s also available in several bold shades, including black, red, and blue.

Apple EarPods

Classic wired earbuds that they won’t feel bad about losing

Believe it or not, some people aren’t caught up in the hullabaloo over wireless earbuds. Thankfully, Apple’s EarPods are a great wired alternative that do away with any concerns regarding battery life and connection quality. You can buy three different styles of EarPods corresponding to each major connector, including the traditional 3.5mm aux ($18.79), USB-C ($17.98), and Lightning ($15.99). Auxiliary is still the most common of these three across all manner of audio devices, but smartphone makers (Apple and Samsung, most notably) have been ditching 3.5mm ports, so it may be worth compensating by adding a cheap $7.99 dongle to the gift bag.

iFixit Moray Driver Kit

For the DIYers in your life

The iFixit Moray Driver Kit is a great gift for any handy person who likes to tinker. The little kit has a magnetized bit driver with a cleverly hidden SIM eject tool, and it connects to one of the included 32 screwdriver bits, which encompass everything from flathead and Phillips to torx, pentalobe, hex, and tri-point. There’s even an iPhone standoff bit for cleanly accessing internal logic boards. For $20 at Amazon or direct from iFixit, you can equip your giftee with just about everything they need to make small repairs or carry out weekend projects (like replacing an aging battery in their phone).

Black Diamond Astro 300 Headlamp

Make sure your giftee doesn’t go bump in the night

The great age of engineering we’re enjoying lets us indulge our geeky side without sacrificing style, so the Black Diamond Astro 300 ($19.95 at Amazon, REI, and Black Diamond) might give your recipient pause at first blush. The water-resistant headlamp is a safer pick if you know they’re into activities like hiking, but there are several other scenarios in which it might come in handy, like during blackouts or unforeseen night maintenance. At maximum brightness, the 300-lumen lamp is strong enough to provide light for up to 55 meters, and it draws that power from just three AAA batteries. (You can also buy an optional $29.95 rechargeable battery for added convenience).

Bluetooth Aux Receiver

Help someone with an older car feel a bit more modern

It’s well-established these days that cars are turning into tech appliances on wheels. To many folks, horsepower and drivetrain play second fiddle to Apple CarPlay and Android Auto. But for people still sticking to their older cars that lack all of these modern conveniences, a simple tool like a Bluetooth adapter can make all the difference in improving a commute or enjoying a lengthy road trip. This Bluetooth Aux Receiver that’s often on sale for just $16.99 at Amazon may look about as basic as they come, but it plugs into a 3.5mm aux jack and connects via Bluetooth 5.0 to up to two devices. It’s a simple, no-frills way to enjoy all your music and podcasts on the road as well as take hands-free phone calls for added safety.

The Asicen retractable 3-in-1 charging cable plugged into a phone and laptop. Image: Asicen
Asicen’s 3-in-1 charging cable is one of the handiest cables around, uniting iPhone and Android users with one multi-prong connector.

Asicen 3-in-1 Retractable Charging Cable

You’ve never had a more convenient cable

This gift idea is off the charts when it comes to the “I didn’t know I needed this, but now I can’t live without it” factor. These retractable 3-in-1 charging cables have Lightning, USB-C, and Micro USB connectors, allowing you to connect to just about any device in any location. They’re perfect for the car, especially if two or more people have to share a lone USB port for both Android Auto and Apple CarPlay duties. They also help keep your desk tidy if you only once in a while need to charge a wireless mouse or keyboard and want a cable at the ready. All that functionality starts at just $12.35 at Amazon for a pair with a five percent coupon. This gift idea is perfect for uniting any household divided between Apple fans and Android users.

Onn Google TV 4K Streaming Box

A great upgrade for someone who doesn’t have a smart TV

If there’s someone in your life who needs rescuing from the scarcity of channels available over the air — or they simply have an older TV with outdated apps — try gifting them the Onn Google TV 4K Streaming Box ($19.88). It provides the full Google TV experience, and it comes with 8GB of storage so you can install any of the free and premium streaming apps available (of which there are thousands). The included remote has a dedicated button for calling up Google Assistant, too, which makes it easy to find shows and movies using your voice. It also has Chromecast built in, so if you somehow can’t find what you want natively, you can always cast it from your phone. They’ll miss out on Dolby Vision and Dolby Atmos, but there’s still basic HDR support.

Beam Electronics phone car mount

A phone is still better than most car head units out there

Look, even with Apple CarPlay and Android Auto, most car head units still kinda suck. Having a phone mounted to the dashboard via an air vent is helpful for just about anyone. This basic car mount by Beam Electronics is easy to set up and simple to operate, and it costs just $19.99 at Amazon. Even if someone has a jumbo-sized phone, they can throw it on the cradle, clamp it in, and go. It won’t slide out of the holder even during some spirited driving, but it easily releases with the push of a button on the back.

KZ ES4 wired earbuds

Give the gift of Luddism

Yes, we live in the age of true wireless earbuds. But even an ultra-budget pair of OnePlus Nord Buds are still outside our range of $25. What is in our range is the KZ ES4, which are currently on sale for just $20.99 in blue, black, and green on Amazon. The 3.5mm wired earbuds have detachable cables and a see-through design that looks unique compared to just about any other earbuds out there. These are some excellent and interesting earbuds for the money and perfect for anyone who values spending quality time with their music without the bulk of big, expensive headphones. They make an appropriate gift for anyone who appreciates something with some quirky vibes, though be sure they have a phone that still has a headphone jack or that they’re still an iPod holdout.

JLab Go Air Pop

Okay, maybe you can get some wireless earbuds for under $25 that don’t suck

The platform-agnostic JLab Go Air Pop may offer the bare minimum when it comes to wireless earbuds, but you’d also be surprised how decent a $20 pair of wireless earbuds can sound. They’re a lot better than the AirPods knockoffs at your local dollar store, and you can often get them on Amazon in various colors starting at just $19.99. Now, it may not be a great idea to gift these to someone who has their eyes set on a pair of AirPods or something with active noise cancellation, but their IPX4 water resistance and eight hours of battery life — or 32 hours with the included charging case — help make a compelling case. Even if they already own better earbuds, your recipient can tuck them away as an emergency backup pair.

Apple AirTags or Tile Mate location trackers

For the forgetful ones

If someone you know is the type that might misplace their most valued everyday items, like their wallet or keys, a location tracker might just be a lifesaver for them. Now, there are some options to consider for this gift. Generally speaking, if they use an iPhone, then Apple’s AirTags are a great option, while the Tile Mate is a safe bet for both Android and iOS users. However, while the AirTags regularly dip under our budget price at $24, when on sale, they normally go for $29. The Tile Mate is the safer buy if you don’t know what phone your gift recipient uses, and it’s not uncommon to see them on sale for as low as $17.99 (normally $24.99) at Amazon, Best Buy, and Target.

A $25 digital gift card for Xbox, PlayStation, Steam, or My Nintendo Shop

Give the gift of some quality PC or console games

We know gift cards often seem like the ultimate cop-out, but gifting digital games or smaller indie titles is not always easy. Yes, most digital game stores allow you to gift specific games to those on your friends list, but that’s only useful if you have an account and know which games they want. Enter the gift card, which lets them purchase what they want themselves. They’ll surely remember who helped finance their hundreds of hours of enjoyment to come. Bonus points if you do know what game they want and you decorate a card or email message for them accordingly. Now that’s some expert-level gifting.

8BitDo Bluetooth Retro Receiver

For retro gamers who prefer the style and comfort of newer controllers

The 8BitDo Bluetooth Retro Receiver might be the perfect gift if you know someone still sticking it out with the PlayStation 1 or PlayStation 2. On sale for $23.75 at Amazon with a 5% coupon, the accessory connects to the controller port on either console and natively reads input from many compatible Bluetooth controllers, including most 8BitDo controllers, Sony’s DualShock and DualSense models, and newer Xbox wireless controllers. You can use it as a Bluetooth receiver for Windows PCs, too, thanks to a USB-C port. 8BitDo also offers similar products for the Super Nintendo and Sega Genesis, but beware that those no longer support Xbox controllers.

Samsung microSD card

Perfect for expanding the storage of a Nintendo Switch or Steam Deck

If someone you know plays a lot of games on a Nintendo Switch or Steam Deck, a microSD card is a tiny gift that can make a huge difference. Many Samsung microSD cards go on sale frequently, and you can easily catch them on sale for under $25. Right now, for instance, you can nab a 128GB card at Amazon for $12.99 or a 256GB card for $22.99, both of which can level up the amount of built-in storage found on Nintendo’s fancier Switch OLED and the base Steam Deck, allowing many more games to be installed at once — especially if you play lots of small indie titles. And don’t fret on the performance front; as our own Sean Hollister pointed out in his re-review of the Steam Deck, there’s barely a noticeable difference in performance between playing games off your console’s internal storage and playing them off an optional microSD card (save for some slightly slower install times).

Joby GripTight One GorillaPod Stand

A simple tripod for phone photography and videos

Sometimes planting your phone somewhere with a tripod is far superior for capturing a group selfie or a quality landscape photo. Fortunately, the Joby GripTight One is often on sale for around $20 and comes with an adjustable clamp mount. It can even be used as a short selfie stick or simple stabilizer when taking video. It’s a great gift for anyone curious about doing more with their phone when it comes to taking pictures or just making things easier for recording TikTok videos while they talk to the camera.

Elago Apple Watch stand

A charming little mount for your Apple Watch charger

While there are many Apple Watch charging solutions out there, they’re usually a bit pricey and not at all cute. This Elago stand is absolutely adorable, as once you thread your Apple Watch charging puck into it, your watch turns into a mini Macintosh computer, iMac, GameBoy, or iPod Classic (okay, not really, but it looks a bit like one while in nightstand mode). These little stands range from $12.99 to $15.99 on Elago’s site and Amazon, and they make a charming novelty of a gift for anyone who loves some vintage tech nostalgia.

Anker 511 Charger (30W)

Save someone from their old 5W wall warts

Know someone who is still using a 5W USB-A charger that’s nearly old enough to get a learner’s permit? Here’s how you can help and be a considerate friend or family member who saves them from it. Anker’s 511 Chargers are incredibly tiny but output up to 30 watts for enough headroom to fast charge most phones — including the latest iPhone models. They cost just $22.99 at Amazon (or less, given the frequent discounts they receive) and even come in some fun colors like green and lavender, in addition to white and black. Just be sure that any old chargers they replace get recycled properly.

Nanoleaf Essentials Matter smart bulbs

Smart light bulbs: how most of us get into smart homes and automation

Nanoleaf’s fun lighting panels are great for transforming a home office or chill space, but for more basic needs, the company’s Matter-over-Thread bulbs will do the job just fine. They’re $19.99 each at Amazon and Nanoleaf, and you can often find the A19 bulbs on sale for $14.99. They get nice and bright at 1,100 lumens, they allow for tons of scenes and settings, and you can easily choose from millions of vibrant colors. The Nanoleaf app required to manage them isn’t great, and the bulbs still suffer the same growing pains as other Matter-ready devices, but Nanoleaf offers an affordable, manageable smart lighting platform that works great if your needs are simpler.

Meross Smart Wi-Fi Plug Mini (MSS110)

Help someone dip their toes into smart home automation

The Meross Smart Wi-Fi Plug Mini (MSS110) — which is only $19 at Amazon thanks to an on-page coupon — is our top budget recommendation when it comes to smart plugs. Just plug one in and set it up, and you’ll be able to remotely control whichever devices you plug into it. It’s compatible with Apple Home, Google Home, Amazon Alexa, and Samsung SmartThings, allowing you to schedule timers or control it with your voice using the smart platform you prefer. There’s no Matter support to help it communicate better with other smart home devices, but that’s a fair trade given its low price point.

Ugreen USB-C 6-in-1 Hub

All the ports

Got a friend who is having a tough time in dongle town? This inexpensive USB-C hub from Ugreen has most things covered, and it’s only $19.99 on sale at Amazon. No matter if they need a USB 3.0 port or HDMI-out, it’s all here. There are even SD and microSD card slots, which you don’t always get with USB hubs at this price. It’s a great option for someone who owns a MacBook Air or another laptop that’s light on connectivity options, though advanced users may prefer a hub that has a passthrough USB-C charging port as well, which will cost more.

A desktop headphone stand or under-desk headphone mount

What’s the over-under on a headphone fan loving this gift?

We all love a great pair of noise-canceling headphones or a gaming headset, but even if they’re wireless, they certainly take up a lot of space. A headphone stand or mount is a great gift for anyone who spends a lot of time at their desk and wants to keep things tidy (or if you encourage them to keep things tidy and they really should be listening to you). Here are two appealing options for them to either show off their headphones when not using them or keep them tucked away and out of sight. The Neetto Dual Headphones Stand prominently displays two full-size headphones on a desk with a central tray for more organization, and it costs just $19.99 at Amazon. Another option is the Anchor Pro hanger ($15.95 at Amazon), which can hold two pairs of headphones and uses 3M adhesive to easily attach it to the underside of your desk. Take your pick and help someone keep their cool audio gear neat.

Update February 23rd, 5:30PM ET: We’ve updated this gift guide with several new picks and updated pricing for some of our favorites that are still available.

Pegasus spyware maker NSO Group is liable for attacks on 1,400 WhatsApp users

Pegasus spyware maker NSO Group is liable for attacks on 1,400 WhatsApp users Photo by Amelia Holowaty Krales / The Verge NSO Group, the ...