Google Chrome is adding a read-aloud option to its reading mode, allowing users to have articles read to them like an audiobook. Android Police reports: Google is actively working to bring additional features to its reading mode, and a handy read-aloud option is already on the way for the Chrome browser. As the name suggests, read aloud basically reads out the entire article, as if you're listening to an audiobook, with text-to-speech (TTS) capabilities. Again, a few mainstream browsers and apps like Pocket already have the feature, but Google Chrome is only now rolling it out through the Canary channel.

When you open an article in Chrome Canary's reading mode on the desktop, you will see a new option, as spotted by browser expert Leopeva64. You can use this tiny play button to get the browser to read the article aloud for you. In the video sample shared by the user, you can hear what the narration sounds like -- and it isn't very pleasing. The voice output sounds pretty robotic as it used to be in the early days of TTS conversions, which is especially ironic coming from Google, which has some of the most natural-sounding voice models at its disposal. This clearly indicates that the read-aloud feature is in its early stages of development and will take some time before it becomes ready for prime time.

An anonymous reader quotes a report from Ars Technica: A federal judge yesterday granted Google's motion to dismiss a lawsuit filed by the Republican National Committee (RNC), which claims that Google intentionally used Gmail's spam filter to suppress Republicans' fundraising emails. An order (PDF) dismissing the lawsuit was issued yesterday by US District Judge Daniel Calabretta. The RNC is seeking "recovery for donations it allegedly lost as a result of its emails not being delivered to its supporters' inboxes," Calabretta noted. But Google correctly argued that the lawsuit claims are barred by Section 230 of the Communications Decency Act, the judge wrote. The RNC lawsuit was filed in October 2022 in US District Court for the Eastern District of California.

"While it is a close case, the Court concludes that... the RNC has not sufficiently pled that Google acted in bad faith in filtering the RNC's messages into Gmail users' spam folders, and that doing so was protected by Section 230. On the merits, the Court concludes that each of the RNC's claims fail as a matter of law for the reasons described below," he wrote. Calabretta, a Biden appointee, called it "concerning that Gmail's spam filter has a disparate impact on the emails of one political party, and that Google is aware of and has not yet been able to correct this bias." But he noted that "other large email providers have exhibited some sort of political bias" and that if Google did not filter spam, it would harm its users by subjecting them "to harmful malware or harassing messages. On the whole, Google's spam filter, though in this instance imperfect, is not morally blameworthy."

The RNC was given leave to amend another claim that alleged intentional interference with prospective economic relations under California law. The judge dismissed the claim as follows: "The RNC argues that Google's conduct was independently wrongful because '(1) it is political discrimination against the RNC, (2) it is dishonest to Google's users and the public, and (3) Google repeatedly lied about it.' As established above, political discrimination is not prohibited by California anti-discrimination laws and so Google's alleged discrimination would not be unlawful. The latter two reasons do not provide a 'determinable legal standard' under which the Court could find the conduct wrongful; they rest on a 'nebulous' theory of wrongfulness which other courts have rejected." The RNC "has failed to establish that Defendant's alleged interference constituted a separate, independently 'wrongful act' that would be an appropriate predicate offense" but "will be granted leave to amend this claim to establish that Defendant's conduct was unlawful by some legal measure," Calabretta wrote. Google said in a statement: "We welcome the Court's finding that there are no plausible allegations that Gmail's spam filters discriminate for political purposes. We will continue investing in spam-filtering technologies that protect people from unwanted emails while still allowing senders to reach the inboxes of users who want their messages."

Afghanistan's Taliban-led government is working with Huawei to install a wide-ranging surveillance system across the country in an effort to identify and target insurgents or terrorism activities, Bloomberg News reported Friday, citing a person familiar with the discussions. From the report: Representatives of the Shenzhen-headquartered tech company met with Interior Ministry officials on Aug. 14, the person said, and a verbal agreement was reached regarding the contract. The Interior Ministry initially posted images and details of the meeting on X, the social media platform formerly known as Twitter. In one post, spokesman Mufti Abdul Mateen Qani said the advanced camera system was being considered "in every province of Afghanistan."

The posts, which were later deleted, included comments from Abdullah Mukhtar, the deputy minister of the ministry. "We are willing to accept projects that are better in terms of quality and price," he said. "Reports on this meeting are factually incorrect. No plans or agreements were discussed," Huawei said in an emailed statement.

Citizen is temporarily suspending sales of its second-gen CZ Smart watch due to a "technical issue." From a report: The Wear OS watch, which launched in May, had a feature based on tech from IBM's Watson and NASA to track a person's alertness. It appears the decision stems from negative experiences from reviewers. Michael Fisher -- better known as MrMobile on YouTube -- noted that Citizen said it would suspend sales after he had reached out to the company about the watch's many issues. That was corroborated by a Wired story, in which reviewer Julian Chokkattu also detailed several bugs, like laggy screens, bad battery life, inaccurate tracking, and watchfaces that can't even tell the correct time.

Gmail only asks for your user credentials during the initial login, and that login session can last for weeks at a time. That's not as secure as it could be, so soon Gmail will start posting 2FA challenges if you try to access any "sensitive" settings, even when you're already logged in. From a report: The newly protected settings are for filters, account forwarding, and IMAP. Soon, poking around in any of these options will boot you into a "Verify it's you" 2FA prompt, and you'll have to pass the challenge on your phone (these settings are only available on the web). If this 2FA challenge is failed or not answered, you'll get a bright red "Critical security alert" pop-up alerting you to the attempt on all your trusted devices.

Dropbox, a provider of online data storage, is ending its unlimited option, saying a small handful of customers were using massive amounts of resources that had the potential to degrade the cloud service for the rest of its clients. From a report: The company's highest-tier "all the space you need" storage plan will be capped at about 5 terabytes per user for new customers, the company said in a blog post.

While the plan was designed for businesses, some clients were instead using it for cryptocurrency mining, pooling storage with strangers, or re-selling the cloud service, Dropbox said. These uses "frequently consume thousands of times more storage than our genuine business customers, which risks creating an unreliable experience for all of our customers," the company said. [...] The change follows Alphabet's Google removing "as much storage as you need" product branding for its highest-tier Workspace plan in May, according to copies of its website hosted on the Wayback Machine.

Fiber-optic cables that were damaged by a rockfall in an undersea canyon, resulting in slow internet connections in some parts of Africa, should be repaired next month by a specialized vessel, according to telecommunication companies. From a report: The West Africa Cable System that runs about 16,000 kilometers (9,950 miles) along the sea floor from Europe to southern Africa was damaged with other lines earlier this month. The 40-year-old cable-layer vessel Leon Thevenin, named after a French telegraph engineer, was moored in Cape Town this week, according to tracking data compiled by Bloomberg. It's capable of working in extreme conditions and in shallow or deep water, according to owner Orange Marine, a submarine telecommunications company. All South African networks are currently experiencing disruptions due to the damaged lines, said Anne-Caroline Tanguy, a spokeswoman at Cloudflare, a company that provides load balancing and analysis. The repairs are expected to be finished in September.

An anonymous reader quotes a report from Ars Technica: A newly discovered zeroday in the widely used WinRAR file-compression program has been under exploit for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives. The vulnerability, residing in the way WinRAR processes the ZIP file format, has been under active exploit since April in securities trading forums, researchers from security firm Group IB reported Wednesday. The attackers have been using the vulnerability to remotely execute code that installs malware from families including DarkMe, GuLoader, and Remcos RAT. From there, the criminals withdraw money from broker accounts. The total amount of financial losses and total number of victims infected is unknown, although Group-IB said it has tracked at least 130 individuals known to have been compromised. WinRAR developers fixed the vulnerability, tracked as CVE-2023-38831, earlier this month. "By exploiting a vulnerability within this program, threat actors were able to craft ZIP archives that serve as carriers for various malware families," Group-IB Malware Analyst Andrey Polovinkin wrote. "Weaponized ZIP archives were distributed on trading forums. Once extracted and executed, the malware allows threat actors to withdraw money from broker accounts. This vulnerability has been exploited since April 2023."

It's recommended that you update to version 6.23 before using WinRAR again.

Namecheap, in a blog post: At Namecheap, we've consistently stood up for our users by challenging arbitrary domain price increases. As we approach another price increase for .COM and .XYZ domains this September, we wanted to ensure our customers are informed so you can continue to get the best value for your investments. All .COM domain renewals will see an approximate 9% increase. This price increase will happen across registrars, not just Namecheap. The new prices will take effect on September 1st. .XYZ domains will also experience a price increase.

We recommend our existing domain customers renew .COM domains before September to lock in the current rates for the coming year. Prospective registrants should likewise consider registering before the price increase to lock in existing prices. Alternatively, you might consider alternatives to .COM. Depending on the top-level domain, these options could be more budget-friendly

In a Thursday memo, Meta's "Head of People" told employees "that their managers would receive their badge data and that repeated violations of the new three-day-a-week requirement could cause workers to lose their jobs," writes SFGate (citing a report from Insider): In June, the Menlo Park-based firm announced its plan to require that most employees work from an office at least three days each week — it goes into effect Sept. 5... Meta confirmed the update to SFGATE... Goler's note on the return-to-office requirements, Insider reports, reads, "As with other company policies, repeated violations may result in disciplinary action, up to and including a Performance rating drop and, ultimately, termination if not addressed."

As for employees who are grandfathered into a remote work arrangement (the firm bars managers from opening more of these positions), the note lays down a strict policy: If remote employees consistently come into the office more than four times every two months outside major events, they'll be shifted to the three-day-a-week plan.

"We believe that distributed work will continue to be important in the future, particularly as our technology improves," a Meta spokesperson said in a statement sent to SFGATE. "In the near-term, our in-person focus is designed to support a strong, valuable experience for our people who have chosen to work from the office, and we're being thoughtful and intentional about where we invest in remote work."
The article notes that Mark Zuckerberg told The Verge in 2020 that Meta would become "the most forward-leaning company on remote work at our scale," speculating that half the company could be permanently remote within a decade.

"However, in 2023, which Zuckerberg dubbed Meta's 'year of efficiency,' employees have seen a remote-first culture melt away. In March, as the executive announced 10,000 layoffs on top of a huge cut in November, he wrote that early-career engineers do better when they're working in person at least three days a week."

Amazon held an all-hands meeting where Adam Selipsky, head of Amazon's cloud computing business, "wouldn't give employees any data to back up the decision to require workers to come back to the office," reports the Seattle Times.

"But he did have some stories to share, according to an Amazon Web Services employee who attended the all-hands meeting," with one anecdote highlighting "the serendipity" that can happen with a return to the office. For some Amazon employees, "serendipity" isn't enough. Workers who have asked the company to share data have been provided anecdotes and a consistent trope that innovation is more likely to happen in person. That has left some workers feeling demoralized, distracted and undervalued as they struggle to stay focused and motivated, according to interviews and internal communications shared with The Times. An Amazon manager, who is based on the East Coast and asked to speak anonymously to protect their job, said it is "dehumanizing," and feels as if leadership doesn't trust its employees to understand their reasoning. In Slack messages, employees anonymously posted that Amazon's decisions were "dystopian" and creating "just a horrible situation...."

The company declined requests from The Times to share any data points that factored into its decision to change the remote work policy. Amazon workers have been asking the company for more information since it announced the change in February. The mandate went into effect in May... Mike Hopkins, senior vice president at Prime Video and Amazon Studios, told employees at another all-hands meeting that the return to office is working, according to a copy of his remarks Amazon shared with The Times. "I don't have data to back it up, but I know it's better...." The East Coast-based manager said they've been less productive since returning to the office. Without any cubicles or assigned workspaces, there is no privacy, they said. Anyone can overhear your phone call or peek at your monitor...

Amazon contends the return has gone well, both for workers and the communities where it operates. In Seattle, Amazon's return to its South Lake Union campus has led to an 82% increase in foot traffic between May and July and an 86% increase in credit card transactions at restaurants in the neighborhood, according to data shared from Amazon.
"Some employees welcomed the return to office mandate, and told The Times they were looking forward to seeing co-workers in person, solidifying a distinction between work and home, and drumming up business for the shops and restaurants around Amazon's campus."

IBM's business research organization (the IBM Institute for Business Value), released results from a new global study. Its conclusion? "The world of work has changed compared to even six months ago." Executives surveyed estimate that 40% of their workforce will need to reskill as a result of implementing AI and automation over the next three years. That could translate to 1.4 billion of the 3.4 billion people in the global workforce, according to World Bank statistics. Respondents also report that building new skills for existing employees is a top talent issue.

Workers at all levels could feel the effects of generative AI, but entry-level employees are expected to see the biggest shift. Seventy-seven percent of executive respondents say entry-level positions are already seeing the effects of generative AI and that will intensify in the next few years. Only 22% of respondents report the same for executive or senior management roles.

AI can open up more possibilities for employees by enhancing their capabilities. In fact, 87% of executives surveyed believe employees are more likely to be augmented than replaced by generative AI. That varies across functions — 97% of executives think employees in procurement are more likely to be augmented than replaced, compared to 93% for employees in risk and compliance, 93% for finance, 77% for customer service and 73% for marketing...

With AI primed to take on more manual and repetitive tasks, employees surveyed report engaging in impactful work is the top factor they care about beyond compensation and job security — more important than flexible work arrangements, growth opportunities and equity. On top of that, nearly half of employees surveyed believe the work they do is far more important than who they work for or who they work with regularly...
ZDNet explains the report's methodology: To find answers to these questions, IBM pulled data from two prior studies, one survey of 3,000 C-level executives across 28 countries and another of 21,000 workers in 22 nations...

According to IBM IBV research, tech adopters who successfully reskill to adapt "technology-driven job changes report a revenue growth rate premium of 15% on average" and those who focus on AI "see a 36% higher revenue growth rate than their peers." "AI won't replace people — but people who use AI will replace people who don't," said IBM in the report.

The new skill paradigm shifts technical skills that were typically prioritized, such as proficiency in STEM, which was the most critical skill in 2016, to the least priority in 2023. The reason is that now tools like ChatGPT allow workers to do more with less knowledge, as noted by the report. Now there is a bigger emphasis on people skills such as team management, the ability to work effectively in team environments, the ability to communicate effectively, and the willingness to be adaptable to change, which all shifted to top the most critical skills required of the workforce in 2023.
The report ultimately suggests HR leaders redesign work and operating models "to shepherd their organizations into the future."

"Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary," reports Bleeping Computer.

"The move has generated a fair amount of push back among developers who worry about its future legal and technical implications, along with a potential for supply chain attacks, should the maintainer account publishing these binaries be compromised." According to the Rust package registry, crates.io, serde has been downloaded over 196 million times over its lifetime, whereas the serde_derive macro has scored more than 171 million downloads, attesting to the project's widespread circulation... The Serde ecosystem consists of data structures that know how to serialize and deserialize themselves along with data formats that know how to serialize and deserialize other things," states the project's website. Whereas, "derive" is one of its macros...

Some Rust developers request that precompiled binaries be kept optional and separate from the original "serde_derive" crate, while others have likened the move to the controversial code change to the Moq .NET project that sparked backlash. "Please consider moving the precompiled serde_derive version to a different crate and default serde_derive to building from source so that users that want the benefit of precompiled binary can opt-in to use it," requested one user. "Or vice-versa. Or any other solution that allows building from source without having to patch serde_derive... Having a binary shipped as part of the crate, while I understand the build time speed benefits, is for security reasons not a viable solution for some library users."

Users pointed out how the change could impact entities that are "legally not allowed to redistribute pre-compiled binaries, by their own licenses," specifically mentioning government-regulated environments.
The official response from Serde's maintainer: "The precompiled implementation is the only supported way to use the macros that are published in serde_derive. If there is implementation work needed in some build tools to accommodate it, someone should feel free to do that work (as I have done for Buck and Bazel, which are tools I use and contribute significantly to) or publish your own fork of the source code under a different name.

"Separately, regarding the commentary above about security, the best path forward would be for one of the people who cares about this to invest in a Cargo or crates.io RFC around first-class precompiled macros so that there is an approach that would suit your preferences; serde_derive would adopt that when available."

A critical vulnerability (CVE-2023-40477) has been patched in WinRAR, enabling remote attackers to execute arbitrary code by luring victims into opening a specially crafted RAR file. The severity rating is only 7.8 though due to user deception being necessary. BleepingComputer reports: The vulnerability was discovered by researcher "goodbyeselene" of Zero Day Initiative, who reported the flaw to the vendor, RARLAB, on June 8th, 2023. "The specific flaw exists within the processing of recovery volumes," reads the security advisory released on ZDI's site. "The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer."

RARLAB released WinRAR version 6.23 on August 2nd, 2023, effectively addressing CVE-2023-40477. Therefore, WinRAR users are strongly advised to apply the available security update immediately. Apart from the RAR4 recovery volumes processing code fix, version 6.23 addresses an issue with specially crafted archives leading to wrong file initiation, which is also considered a high-severity problem.

An anonymous reader quotes a report from BleepingComputer: Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich. FIDO2 is the second major version of the Fast IDentity Online authentication standard, and FIDO2 keys are used for passwordless authentication and as a multi-factor authentication (MFA) element. Google explains that a quantum-resistant FIDO2 security key implementation is a crucial step towards ensuring safety and security as the advent of quantum computing approaches and developments in the field follow an accelerating trajectory.

To protect against quantum computers, a new hybrid algorithm was created by combining the established ECDSA algorithm with the Dilithium algorithm. Dilithium is a quantum-resistant cryptographic signature scheme that NIST included in its post-quantum cryptography standardization proposals, praising its strong security and excellent performance, making it suitable for use in a wide array of applications. This hybrid signature approach that blends classic and quantum-resistant features wasn't simple to manifest, Google says. Designing a Dilithium implementation that's compact enough for security keys was incredibly challenging. Its engineers, however, managed to develop a Rust-based implementation that only needs 20KB of memory, making the endeavor practically possible, while they also noted its high-performance potential.

The hybrid signature schema was first presented in a 2022 paper (PDF) and recently gained recognition at the ACNS (Applied Cryptography and Network Security) 2023, where it won the "best workshop paper" award. This new hybrid implementation is now part of the OpenSK, Google's open-source security keys implementation that supports the FIDO U2F and FIDO2 standards. The tech giant hopes that its proposal will be adopted by FIDO2 as a new standard and supported by major web browsers with large user bases. The firm calls the application of next-gen cryptography at the internet scale "a massive undertaking" and urges all stakeholders to move quickly to maintain good progress on that front.

An anonymous reader shares a report: Google and some of its Chromebook partners decided to try making "gaming Chromebooks" a thing late last year. These machines included some gaming laptop features like configurable RGB keyboards and high refresh rate screens, but because they still used integrated GPUs, they were meant mostly for use with streaming services like Nvidia's GeForce Now and Microsoft's Xbox Cloud Gaming. But there were also apparently plans for some gaming Chromebooks with the power to play more games locally. Earlier this year, 9to5Google spotted developer comments earlier this year pointing to a Chromebook board (codenamed Hades) that would have included a dedicated GeForce RTX 4050 GPU like the one found in some Windows gaming notebooks. This board would have served as a foundation that multiple PC makers could have used to build Chromebooks. But these models apparently won't be seeing the light of day anytime soon. Developer comments spotted by About Chromebooks this week indicate that the Hades board (plus a couple of other Nvidia-equipped boards, Agah and Herobrine) has been canceled, which means that any laptops based on that board won't be happening.

Codeweavers took to its official forums today to announce the release of CrossOver 23.0.0, the new version of its software that aims to make emulating Windows software and games easier on macOS, Linux, and ChromeOS systems. From a report: CrossOver 23 has updated to Wine 8.0.1, and it's loaded with improvements across all its platforms. The most notable, though, is the addition of DirectX 12 support under macOS via VKD3D and MoltenVK. This marks the first time most Mac users have had access to software that relies on DirectX 12; previously, only DirectX 11 was supported, and that went for other software solutions like Parallels, too. This new release adds "initial support" for geometry shaders and transforms feedback on macOS Ventura. Codeweavers claims that will address a lot of problems with "missing graphics or black screens in-game" in titles like MechWarrior 5: Mercenaries, Street Fighter V, Tekken 7, and Octopath Traveler.

The White House ordered federal agencies to shore up their cybersecurity after agencies have lagged in implementing a key executive order President Joe Biden issued in 2021. From a report: Multiple federal departments and agencies have, as of the end of June, "failed to fully comply" with critical security practices prescribed by the executive order, "leaving the U.S. Government exposed to malicious cyber intrusions and undermining the example the Government must set for adequate cybersecurity practices," national security adviser Jake Sullivan said in a memo to Cabinet secretaries this week.

Sullivan asked senior officials from across the departments to ensure they achieve "full compliance" with the executive order's security requirements by the end of the year. His memo is addressed to agencies outside of the Pentagon. "This morning the National Security Advisor shared a memo with federal departments and agencies to ensure their cyber infrastructure is compliant with the President's Executive Order to improve the nation's cybersecurity," a National Security Council spokesperson told CNN. "As we've said, the Biden-Harris Administration has had a relentless focus on strengthening the cybersecurity of nation's most critical sectors since day one, and will continue to work to secure our cyber defenses."

A phishing campaign has targeted a notable energy company in the U.S., bypassing email security filters to slip malicious QR codes into inboxes. BleepingComputer reports: Roughly one-third (29%) of the 1,000 emails attributed to this campaign targeted a large US energy company, while the remaining attempts were made against firms in manufacturing (15%), insurance (9%), technology (7%), and financial services (6%). According to Cofense, who spotted this campaign, this is the first time that QR codes have been used at this scale, indicating that more phishing actors may be testing their effectiveness as an attack vector. Cofense did not name the energy company targeted in this campaign but categorized them as a "major" US-based company.

Cofense says the attack begins with a phishing email that claims the recipient must take action to update their Microsoft 365 account settings. The emails carry PNG or PDF attachments featuring a QR code the recipient is prompted to scan to verify their account. The emails also state that the target must complete this step in 2-3 days to add a sense of urgency. The threat actors use QR codes embedded in images to bypass email security tools that scan a message for known malicious links, allowing the phishing messages to reach the target's inbox.

To evade security, the QR codes in this campaign also use redirects in Bing, Salesforce, and Cloudflare's Web3 services to redirect the targets to a Microsoft 365 phishing page. Hiding the redirection URL in the QR code, abusing legitimate services, and using base64 encoding for the phishing link all help evade detection and get through email protection filters.

An anonymous reader quotes a report from Ars Technica: Home buyers, sellers, real estate agents, and listing websites throughout the US have been stymied for five days by a cyberattack on a California company that provides a crucial online service used to track home listings. The attack, which commenced last Wednesday, hit Rapottoni, a software and services provider that supplies Multiple Listing Services to regional real estate groups nationwide. Better known as MLS, it provides instant access to data on which homes are coming to the market, purchase offers, and sales of listed homes. MLS has become essential for connecting buyers to sellers and to the agents and listing websites serving them.

"If you're an avid online refresher on any real estate website, you may have noticed a real nosedive in activity the last couple of days," Peg King, a realty agent in California's Sonoma County, wrote in an email newsletter she sent clients on Friday. "Real estate MLS systems across the country have been unusable since Wednesday after a massive cyberattack against major MLS provider, Rapattoni Corporation. This means that real estate markets (like ours!) can't list new homes, change prices, mark homes as pending/contingent/sold, or list open houses."

While Rapattoni has referred to the incident as a cyberattack, it has been widely reported that the event is a ransomware attack, in which criminals gain unauthorized access to a victim's network, encrypt or download crucial data and demand payment in exchange for decrypting the data or promising not to publish it. Rapattoni has so far not said publicly what sort of attack shut it down or other details. Rapattoni has yet to say whether personal information has been compromised. [...] Not all regional listing services are affected because some use data vendors other than Rapattoni. The damage the outage is causing to agents, buyers, renters, and sellers could get worse unless services are restored in the next few days. On Sunday, Rapattoni wrote: "We are continuing to investigate the nature and scope of the cyberattack that has caused a system outage and we are working diligently to get systems restored as soon as possible. All technical resources at our disposal are continuing to work around the clock through the weekend until this matter is resolved. We still do not have an ETA at this time, but we will continue to update you and keep you informed of our efforts."