Its been a while since WhatsApp introduced the ability to make audio and video calls in the app. To make this process even easier, Meta has been experimenting with a new call dialer built into WhatsApp for iPhone that will let users call people who arent in their contacts.WhatsApp adding a call dialer to its appAs noted by WABetaInfo and also confirmed by 9to5Mac, the latest beta of WhatsApp for iOS introduces a call dialer that looks a lot like the iPhones default dialer for regular calls. The feature works as youd expect: simply enter someones phone number and, if its registered with WhatsApp, you can call the number right from the app.The idea, of course, is to make it easier and quicker to call people and businesses without having to add their number to your contacts first. The dialer can be found by tapping the + button in the Calls tab in WhatsApp.With this, Meta takes WhatsApp one step closer to becoming a full replacement for Apples Phone app. With iOS 18.2, which was released to the public this week, users can choose a third-party app as the default for calls and text messages. There dont seem to be any apps that support this feature yet, but it wont be surprising if WhatsApp adds support soon.Earlier this week, WhatsApp also announced a series of improvements to WhatsApp calls. Meta says it is working to improve the quality of calls, especially video calls which will now have a higher resolution. The company will also let users initiate a call with specific members of a group chat.When it comes to the new call dialer, the feature is gradually being rolled out to WhatsApp users and is now available to those who have the latest beta version of WhatsApp installed via TestFlight. WhatsApp is available for free on the App Store.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Its the holiday season, and Apple TV+ has a variety of fitting titles for getting in the spirit. Here are three must-see holiday specials I highly recommend: ones a movie, anothers a fun short based on a beloved property, and finally theres a TV classic.SpiritedRyan Reynolds is one of the biggest stars currently working in Hollywood. Recently he was in the wildly popular Deadpool and Wolverine, but did you know Reynolds also starred in a holiday musical comedy for Apple TV+?Spirited is, in my view, a modern-day Christmas classic. It pairs Reynolds with Will Ferrell for a fresh twist on Charles Dickens A Christmas Carol. Even if you think youve seen one too many Scrooge movies in your life, Spirited is well worth your time.Heres Apples summary:Each Christmas Eve, the Ghost of Christmas Present (Will Ferrell) selects one dark soul to be reformed by a visit from three spirits. But this season, he picked the wrong Scrooge. Clint Briggs (Ryan Reynolds) turns the tables on his ghostly host until Present finds himself reexamining his own past, present and future. For the first time, A Christmas Carol is told from the perspective of the ghosts in this hilarious musical twist on the classic Dickens tale. If youre really against musicals, maybe Spirited wont be for you. But the music here is especially great, hailing from the duo behind La La Land, The Greatest Showman, and more.Spirited is available now exclusively for Apple TV+ subscribers.Ted Lasso: The Missing Christmas MustacheTed Lasso, the quintessential Apple TV+ series, produced a fun claymation short for the holidays.Ted Lasso: The Missing Christmas Mustache is less than five minutes long, but its a fun way to celebrate the Christmas tradition of claymation classics like Rudolph the Red-Nosed Reindeer.From the team that brought kindness back, Ted Lasso: The Missing Christmas Mustache is a stop-motion short, featuring the voice talents of the beloved ensemble cast as they help Ted search for a lost item that ultimately leads him to realize the meaning of the holiday season. The holiday short stars Jason Sudeikis, Hannah Waddingham, Brendan Hunt, Jeremy Swift, Juno Temple, Brett Goldstein, Phil Dunster and Nick Mohammed.Apple has made the short available free on YouTube, so you dont even need a TV+ subscription. However, if you are an Apple TV+ subscriber, I also recommend rewatching some of Lassos holiday episodes, and also checking out the lovely Hannah Waddingham: Home for Christmas.A Charlie Brown ChristmasNearly the entire Apple TV+ library consists of originals, but Peanuts is one of the very few examples of TV+ content that is not original to Apple.Apple has produced its own brand-new Peanuts content, but its also licensed a variety of classic TV specials and made them available to Apple TV+ subscribers.A Charlie Brown Christmas probably needs no introduction from me, as its annual viewing for a lot of families. But in case you need a show summary, here you go:In this beloved Peanuts special, feeling down about the commercialism of Christmas, Lucy recruits Charlie Brown to be the director of the gangs holiday play. Can he overcome his friends preference for dancing over acting, find the perfect tree and discover the true meaning of Christmas?What are your favorite Apple TV+ holiday go-tos? Let us know in the comments.Best Apple TV 4K accessoriesAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

"A very sad thing indeed."White KnightDespite previously using artificial intelligence tools to help resuscitate old John Lennon vocals, fellow Beatle Paul McCartney is now singing a different tune about the tech.As the Guardian reports, the benighted Beatle has issued a statement ahead of the UK parliament's debate over amending its data bill to allow artists to exclude their work from AI training data. In it, McCartney warned that AI may take over the industry if nobody takes a stand."We[ve] got to be careful about it," the Beatle said, "because it could just take over and we dont want that to happen, particularly for the young composers and writers [for] who, it may be the only way they[re] gonna make a career.""If AI wipes that out," he continued, "that would be a very sad thing indeed."Then and NowMcCartney's new position on AI comes just over a month after the Grammy Awards announced that the final Beatles song, "Now and Then," had been nominated for two awards making it the first AI-assisted track ever to get the nod from the Recording Academy.Though the track wasmade using AI, it wasn't the generative type that's been getting immense buzz lately. Around the time the song was released, McCartney revealed that engineers had used AI tech known as "stem separation" to lift the assassinated Beatle's vocals from an old demo."There it was, Johns voice, crystal clear," the Wings singer said in a press release about the song and titular album last year. "Its quite emotional. And we all play on it, its a genuine Beatles recording."Former Beatles drummer Ringo Starr added in that statement that the AI tech that helped bring Lennon's vocals back to life was "far out.""It was the closest well ever come to having him back in the room," Starr expounded, "so it was very emotional for all of us."Be that as it may, both McCartney and Starr's names are absent from a popular petitionagainst the unauthorized use of artists' work by AI companies. Most recently, "Running Up That Hill" songstress Kate Bush became one of the more than 36,000 signatories to join the anti-AI campaign, which also features well-heeled endorsers across industries including Julianne Moore, Stephen Fry, and The Cure's Robert Smith.It's not quite "AI for me but not for thee," but the remaining Beatles' absence from the petition feels noteworthy as their home country prepares to debate whether to sign AI restrictions into law.More on AI and musicians: The AI That De-Ages Eminem Into Slim Shady Is Astonishingly BadShare This Article

"The future of the Polaris program is a little bit of a question mark at the moment."Stuck in the OfficeBillionaire Jared Isaacman has been to space twice. First, he commanded the first all-civilian mission to orbit in September 2021 on board SpaceX's Crew Dragon spacecraft. Almost exactly three years later, he again rode the craft to orbit to become the first private astronaut to go on a spacewalk.But the playboy space tourist may soon have to go on a hiatus from his privately-funded trips into orbit because Isaacman was picked by president-elect Donald Trump,or perhaps his buddy Elon Musk, to become the next head of NASA.The announcement catapulted the trained fighter jet pilot into the upper echelons of Washington, DC which could force him to put his personal space travel ambitions on hold.As part of the private Polaris program organized by Isaacman, the entrepreneur wanted to follow up his September spacewalk with two more trips on board SpaceX's Crew Dragon and eventually the company's much larger Starship."The future of the Polaris program is a little bit of a question mark at the moment," Isaacman told the audience of a space conference in Orlando, as quoted by Reuters. "It may wind up on hold for a little bit."Spacefaring Kinda GuyIt's the first time Isaacman has made a public appearance since being appointed NASA administrator. As Reuters points out, the billionaire appeared highly optimistic about the future of the private space industry at the event but offered few clues on how we would lead NASA starting in January.The 41-year-old is widely expected to further existing private-public partnerships, which could turn out to be a major windfall for SpaceX, which is already a major NASA contractor."At NASA, we will passionately pursue these possibilities and usher in an era where humanity becomes a true spacefaring civilization," Isaacman wrote in anannouncement on X last week.Where his new role will leave the Polaris program and SpaceX's other private astronaut partnerships with the likes of Axiom and Vast remains unclear.In short, while it may not be him personally riding a spacecraft into space, given his new role in the Trump administration, SpaceX's space exploration ambitions almost certainly just got a major boost.More on Isaacman: The New Head of NASA Had an Interesting Disagreement with the Space AgencyShare This Article

Dec 13, 2024The Hacker NewsCybercrime / CryptocurrencyThe U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations."The conspirators, who worked for DPRK-controlled companies Yanbian Silverstar and Volasys Silverstar, located in the People's Republic of China (PRC) and the Russian Federation (Russia), respectively, conspired to use false, stolen, and borrowed identities of U.S. and other persons to conceal their North Korean identities and foreign locations and obtain employment as remote information technology (IT) workers," the DoJ said.The IT worker scheme generated at least $88 million for the North Korean regime over a span of six years, it's been alleged. In addition, the remote workers engaged in information theft, such as proprietary source code, and threatened to leak the data unless a ransom was paid. The illicit proceeds obtained in this manner were then routed through U.S. and Chinese financial systems back to Pyongyang.The DoJ said it's aware of one employer that sustained hundreds of thousands of dollars in damages after it refused to yield to the extortion demand of a North Korean IT worker, who then ended up leaking the confidential information online.The identified individuals are below -Jong Song Hwa ()Ri Kyong Sik ()Kim Ryu Song ()Rim Un Chol ()Kim Mu Rim ()Cho Chung Pom ()Hyon Chol Song ()Son Un Chol ()Sok Kwang Hyok ()Choe Jong Yong ()Ko Chung Sok ()Kim Ye Won ()Jong Kyong Chol (), and Jang Chol Myong ()The 14 conspirators are said to have worked in various capacities ranging from senior company leaders to IT workers. The two sanctioned companies have employed at least 130 North Korean IT workers, referred to as IT Warriors, who participated in "socialism competitions" organized by the firms to generate money for DPRK. The top performers were awarded bonuses and other prizes.The development is the latest in a series of actions the U.S. government has taken in recent years to address the fraudulent IT worker scheme, a campaign tracked by the cybersecurity community under the moniker Wagemole.The DoJ said it has since seized 29 phony website domains (17 in October 2023 and 12 in May 2024) used by DPRK IT workers to mimic Western IT services firms to support the bona fides of their attempts to land remote work contracts for U.S. and other businesses worldwide. The agency said it has also cumulatively seized $2.26 million (including $1.5 million seized in October 2023) from bank accounts tied to the scheme. Separately, the Department of State has announced a reward offer of up to $5 million for information on the front companies, the individuals identified, and their illicit activities."DPRK IT worker schemes involve the use of pseudonymous email, social media, payment platform and online job site accounts, as well as false websites, proxy computers, virtual private networks, virtual private servers, and unwitting third-parties located in the United States and elsewhere," the DoJ said. "The conspirators used many techniques to conceal their North Korean identities from employers."One such method is the use of laptop farms in the U.S. by paying people residing in the country to receive and set up company-issued laptops and allow the IT workers to remotely connect through software installed on them. The idea is to give the impression that they are accessing work from within the U.S. when, in reality, they are located in China or Russia.All the 14 conspirators have been charged with conspiracy to violate the International Emergency Economic Powers Act, conspiracy to commit wire fraud, conspiracy to commit money laundering, and conspiracy to commit identity theft. Eight of them have been charged with aggravated identity theft. If convicted, each of them faces a maximum penalty of 27 years in prison.Radiant Capital Crypto Heist Linked to Citrine SleetThe IT worker scam is just one of the many methods that North Korea has embraced to generate illicit revenue and support its strategic objectives, the others being cryptocurrency theft and targeting of banking and blockchain companies.Earlier this month, decentralized finance (DeFi) platform Radiant Capital attributed a North Korea-linked threat actor dubbed Citrine Sleet to the $50 million cryptocurrency heist that took place following a breach of its systems in October 2024.The adversary, also called Gleaming Pisces, Labyrinth Chollima, Nickel Academy, and UNC4736, is a sub-cluster within the Lazarus Group. It's also known for orchestrating a persistent social engineering campaign dubbed Operation Dream Job that aims to entice developers with lucrative job opportunities to dupe them into downloading malware.It's worth noting that these efforts also take different forms depending on the activity cluster behind them, which can vary from coding tests (Contagious Interview) to collaborating on a GitHub project (Jade Sleet).The attack targeting Radiant Capital was no different in that a developer of the company was approached by the threat actor in September on Telegram by posing as a trusted former contractor, ostensibly soliciting feedback about their work as part of a new career opportunity related to smart contract auditing.The message included a link to a ZIP archive containing a PDF file that, in turn, delivered a macOS backdoor codenamed INLETDRIFT that, besides displaying a decoy document to the victim, also established stealthy communications with a remote server ("atokyonews[.]com")."The attackers were able to compromise multiple developer devices," Radiant Capital said. "The front-end interfaces displayed benign transaction data while malicious transactions were signed in the background. Traditional checks and simulations showed no obvious discrepancies, making the threat virtually invisible during normal review stages."Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 13, 2024The Hacker NewsIoT Security / Operational TechnologyIran-affiliated threat actors have been linked to a new custom malware that's geared toward IoT and operational technology (OT) environments in Israel and the United States.The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable logic controllers (PLCs), human-machine interfaces (HMIs), firewalls, and other Linux-based IoT/OT platforms."While the malware is believed to be custom-built by the threat actor, it seems that the malware is generic enough that it is able to run on a variety of platforms from different vendors due to its modular configuration," the company said.The development makes IOCONTROL the tenth malware family to specifically single out Industrial Control Systems (ICS) after Stuxnet, Havex, Industroyer (aka CrashOverride), Triton (aka Trisis), BlackEnergy2, Industroyer2, PIPEDREAM (aka INCONTROLLER), COSMICENERGY, and FrostyGoop (aka BUSTLEBERM) to date.Claroty said it analyzed a malware sample extracted from a Gasboy fuel management system that was previously compromised by the hacking group called Cyber Av3ngers, which has been linked to cyber attacks exploiting Unitronics PLCs to breach water systems. The malware was embedded within Gasboy's Payment Terminal, otherwise called OrPT.This also means that the threat actors, given their ability to control the payment terminal, also had the means to shut down fuel services and potentially steal credit card information from customers."The malware is essentially a cyberweapon used by a nation-state to attack civilian critical infrastructure; at least one of the victims were the Orpak and Gasboy fuel management systems," Claroty said.The end goal of the infection chain is to deploy a backdoor that's automatically executed every time the device restarts. A notable aspect of IOCONTROL is its use of MQTT, a messaging protocol widely used in IoT devices, for communications, thereby allowing the threat actors to disguise malicious traffic.What's more, command-and-control (C2) domains are resolved using Cloudflare's DNS-over-HTTPS (DoH) service. This approach, already adopted by Chinese and Russian nation-state groups, is significant, as it allows the malware to evade detection when sending DNS requests in cleartext.Once a successful C2 connection is established, the malware transmits information about the device, namely hostname, current user, device name and model, timezone, firmware version, and location, to the server, after it awaits further commands for execution.This includes checks to ensure the malware is installed in the designated directory, execute arbitrary operating system commands, terminate the malware, and scan an IP range in a specific port."The malware communicates with a C2 over a secure MQTT channel and supports basic commands including arbitrary code execution, self-delete, port scan, and more," Claroty said. "This functionality is enough to control remote IoT devices and perform lateral movement if needed."Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Termite is quickly making itself a name in the ransomware space. The threat actor group claimed responsibility for a November cyberattack on Blue Yonder, a supply chain management solutions company, according to CyberScoop. Shortly afterward, the group was linked with zero day attacks on several Cleo file transfer products.How much damage is this group doing, and what do we know about Termites tactics and motives?New Gang, Old RansomwareTermite is rapidly burrowing into the ransomware scene. While its name is new, the group is using a modified version of an older ransomware strain: Babuk. This strain of ransomware has been on law enforcements radar for quite some time. In 2023, the US Department of Justice indicted a Russian national for using various ransomware variants, including Babuk, to target victims in multiple sectors.Babuk first arrived on the scene in December 2020, and it was used in more than 65 attacks. Actors using this strain demanded more than $49 million in ransoms, netting up to $13 million in payments, according to the US Justice Department.While Babuk has reemerged, different actors could very well be behind its use in Termites recent exploits.Babuk ransomware was leaked back in 2021. The builder is basically just the source code so that anyone can compile the encrypting tool and then run their own ransomware campaign, says Aaron Walton, threat intelligence analyst atExpel, a managed detection and response provider.Related:How is Termite putting the ransomware to work?Researchers have found that the groups ransomware uses a double extortion method, which is very common these days, Mark Manglicmot, senior vice president of security services at cybersecurity company Arctic Wolf, tells InformationWeek. They extort the victim for a decryptor to prevent the release of stolen data publicly.A new ransomware group is not automatically noteworthy, but Termites aggression and large-scale attacks early on in its formation make it a group to watch.Usually, these groups start with smaller instances and then they kind of build up to something bigger, but this new group didnt waste any time, says Manglicmot.Termites VictimsTermite appears to be a financially motivated threat actor. Theyre attacking victims in different countries across different verticals, says Jon Miller, CEO and cofounder ofanti-ransomware platform Halcyon. The fact that theyre executing without a theme makes me feel like theyre opportunist-style hackers.Related:Termite has hit 10 victims thus far, in sectors including automotive manufacturing, oil and gas, and government, according to Infosecurity Magazine.The group does have victims listed on its leak site, but it is possible there are more. Maybe we could guess that there might be another handful that have paid ransom or have negotiated to stay off of [the] data leak site, says Walton.Given the groups aggression and opportunistic approach, it could conceivably execute disruptive attacks on other large companies.Termite seems to be bold enough to impact a large number of organizations, says Walton. That is normally a risky tactic that really brings the heat on you much faster than just hitting one organization and avoiding anything that could severely damage supply lines.The attack on Blue Yonder caused significant disruption to many organizations. Termite claims it has 16,000 e-mail lists and more than 200,000 insurance documents among a total of 680GB of stolen data, according to Infosecurity Magazine.The ransomware attack caused outages for Blue Yonder customers, including Starbucks and UK supermarket companies Morrisons and Sainsburys, according to Bleeping Computer.Termites exploitation of a vulnerability in several Cleo products is impacting victims in multiple sectors, including consumer products, food, shipping, and trucking, according to Huntress Labs.Related:Ongoing Ransomware RisksWhether Termite is here to stay or not, ransomware continues to be a risk to enterprises. With certain areas of the globe being destabilized, we could see even more of these types of behaviors pop up, says Manglicmot.As enterprise leaders assess the risk their organizations face, Miller advocates for learning about the common tactics that ransomware groups use to target victims.Its really important for people to go out and educate themselves on what ransomware groups are targeting their vertical or like-sized companies, he says. The majority of these groups use the exact same tactics over and over again in all their different victims.

Where would the world be without APIs? There would likely be a lot less connected and software releases flowing like molasses. Developers use APIs to add capabilities to their apps quickly, though the grab-and-go approach is unwise when it comes to AI.While many developers are proficient in embedding AI into applications, the challenge lies in fully understanding the nuances of AI development, which is vastly different from traditional software development, says Chris Brown, president of professional services company Intelygenz. AI is not just another technical component. Its a transformative tool for solving complex business challenges.Jason Wingate, CEO of Emerald Ocean, a technology and business solutions company focused on product innovation, brand development and strategic distribution also believes that while APIs make embedding AI seem as simple as calling a function, many developers do not understand how models work and their risks.Several major companies in 2023 and early 2024 had their chatbots compromised through prompt injection. Users sent prompts like Ignore previous instructions or Forget you are a customer service bot, causing the AI to reveal sensitive information, says Wingate. This happened because developers didnt implement proper guardrails against prompt injection attacks. While much of this has been addressed, it showcases how unprepared developers were in using AI via APIs.Related:Timothy E. Bates, professor of practice, University of Michigan and former Lenovo CTO, also warns that most developers dont fully grasp the complexities of AI when they embed it using APIs.They treat it as a plug-and-play tool without understanding the intricacies of the underlying models, such as data bias, ethical implications and dynamic updates by AI providers. I've seen this firsthand, especially when advising organizations where developers inadvertently introduced vulnerabilities or misaligned features by misusing AI, says Bates.An organization can miss opportunities due to a lack of knowledge, which results in poor ROI.AI should be tested in sandbox environments before production. [You also need] governance. Establish oversight mechanisms to monitor AI behavior and outcomes, says Bates. AI usage should be [transparent] to end users, maintaining trust and avoiding backlash. Combining developers, data scientists and business leaders into cross-functional teams ensures AI aligns with strategic goals.Ben Clayton, CEO of forensic audio and video analysis company Media Medic has also seen evidence of developer struggles firsthand.Related:Developers need a solid grasp of the basics of AI -- things like data, algorithms, machine learning models, and how they all tie together. If you dont understand the underlying principles, you could end up using AI tools in ways that might not be optimal for the problem youre solving, says Clayton. For example, if youre relying on a model without understanding how it was trained, you might be surprised when it doesnt perform as expected in real-world scenarios.Technology Is Only Part of the PictureA common challenge is viewing AI as a technological solution rather than a strategic enabler.Organizations often falter by embedding AI into their operations without clearly defining the business problem it is solving. This can result in misaligned goals, poor adoption rates and systems that fail to deliver ROI, says Intelygenzs Brown. AI implementation must start with a clear business case or IT improvement objective whether its streamlining operations, optimizing network performance, or enhancing customer experience. Without this foundation, AI becomes a costly experiment instead of a transformative solution."Chris Brown, IntelygenzGabriel Zessin, software architect at API solution provider Sensedia, agrees.Related:In my opinion, although most developers are proficient in API integrations, not all of them understand AI well enough to use it effectively, especially when it comes to embedding AI to their existing applications. Its important for developers to set the expectations of what can be achieved with AI for each company's use case alongside the business teams, like product owners and other stakeholders, says Zessin.DataAI feeds on data. If the data quality is bad, AI becomes unreliable.[S]ourcing the correct data is often challenging, says Josep Prat, engineering director of streaming services at AI and data platform company Aiven. External influences such as data sovereignty and privacy controls affect data harvesting, and many databases are not optimized properly. Understanding how to harvest and optimize data is key to creating effective AI. Additionally, developers need to understand how AI models produce their outputs to use them effectively.Probabilistic Versus DeterministicTraditionally, software developers have been taught that a given input should result in a certain output. However, AI tends to be probabilistic, which is based on the likelihood something will happen. Deterministic, on the other hand, assures an outcome based on previous results.Instead of a guaranteed answer, [probabilistic] offers confidence levels at about 95%. And keep in mind, what works in one scenario may not work in another. These fundamentals are key to setting realistic expectations and developing AI effectively, says Sri (Srikanth) Hosakote, chief development officer and co-founder at campus network-as-a-service (NaaS) Nile. I find that many organizations successfully adopt AI by working directly with customers to identify pain points and then developing solutions that address those issues.Have a Feedback Loop and TestAPIs simplify AI integration, but without understanding the role of feedback loops, developers risk deploying models without mechanisms to catch errors or learn from them. A feedback loop ensures that when the AI output is wrong or inconsistent, its flagged, documented, and shared across teams.[A feedback loop] prevents repeated use of flawed models, aligns AI performance with user needs and creates a virtuous cycle of improvement, says Robin Patra, head of data at design-build construction company ARCO Design/Build.Without such systems, errors may persist unchecked, undermining trust and user experience.Its also wise to involve stakeholders who can provide feedback about the AI outputs, such as whether the prediction is accurate, the recommendation relevant or a fair decision.Feedback isnt just about a single mistake. Its about identifying patterns of failure and sharing those insights with all relevant teams. This minimizes repeat errors and informs retraining efforts, says Patra. Developers should understand techniques like active learning where the model is retrained using flagged errors or edge cases, improving its accuracy and resilience over time.Its also important to test early and often.Good testing is critical to successfully embedding AI. AI should be thoroughly tested and validated before being deployed and once it is live regular monitoring and checks should continue. It should never just be a case of setting an AI model up and then leaving it to run, says John Jackson, founder at click fraud protection platform Hitprobe.Developers should understand and use performance metrics.Developers often deploy AI without fully understanding how to evaluate it. Metrics like accuracy, precision, recall and F1 score are crucial for interpreting how well an AI model performs specific tasks, says Anbang Xu, founder at AI ad generator JoggAI. [W]eve seen companies struggle to optimize video ad placements because they dont understand how models weigh audience demographics versus engagement data.Another challenge is misunderstanding the capabilities of what the API is calling.Misaligned expectations around AI often stem from a lack of understanding of what models can realistically achieve, says Xu. This misalignment leads to wasted time and suboptimal results.Security should always be top of mindI think a lot of developers and business leaders making decisions to implement AI in their applications simply dont realize that AI isnt always that secure. Lots of AI tools dont make it very clear how data is used, says Edward Tian, CEO of AI-generated content detector GPTZero. They arent always upfront about where they source their data or how they deal with the data that is inputted. So, if an organization inputs customer data into an embedded AI tool in their application, whether they are the ones doing that or their customers are, they could potentially run into legal troubles if that data is not handled appropriately.Developers should spend time exploring the security defenses of the AI they choose."They need to understand what threats were contemplated, what security mechanisms are in place, what model was used to train the AI, and what capabilities the AI has through integrations and other connections, says Jeff Williams, co-founder and CTO at Contrast Security. Developers might start with the OWASP Top Ten for LLM Applications, which is specifically designed to educate developers about the risks of incorporating AI into their applications.For example, prompt injection enables an attacker to rewrite rules. Its difficult to prevent, so developers should be careful about using any user input from an untrusted source in a prompt. Sensitive information disclosure and over-trusting AI are also common challenges.AIs aren't very good at partitioning data or keeping track of which data belongs to which user. So, attackers can try to trick the AI into revealing sensitive data like private information, internal implementation details, or other intellectual property, says Williams. [D]evelopers may give the results from the AI more trust than is warranted. This is very easy to do because AIs are very good at sounding authoritative, even when they are just making things up. There are many more serious issues for developers to take into account when using an AI in their apps.How to Develop AI SmartsThere are endless resources available to developers who want to learn more about AI. They include online courses and tutorials, which include practical exercises for hands-on experience.Carve out time weekly to explore areas like natural language processing, computer vision and recommendation systems. Online tutorials and communities are great resources for staying up to date, says Niles Hosakote. At the same time, experiment[ing] with AI tools for productivity code analysis or test automation can level up your work.Developers can also improve their working knowledge of AI by participating in hackathons or internal-focused AI projects, pair programming with data scientists, and staying up to date through online courses, conferences, and industry meetups.AI isnt a magic wand, so define specific problems it should solve before integration. [Also], respect data ethics: Be cautious about where training data originates to avoid unintended consequences, says University of Michigans Bates. The success of AI depends on the teams behind it. Training developers on AI fundamentals will pay dividends.Some of the fundamentals include bias and fairness, explainability, lifecycle management, and security in AI integration.Jason Wingate, Emerald OceanDevelopers need to understand how biases in training data affect outputs, as seen in systems that inadvertently reinforce societal inequities. AI must not remain a black box. Developers should know how to articulate AI decision-making processes to stakeholders, says Bates. Continuous monitoring and retraining are essential as business contexts evolve.Developers can learn about AI tools through small experiments, like building simple chatbots to understand how changes in prompts affect responses, before taking on bigger projects.[Developers] need to grasp model behavior, limitations, data privacy, bias issues and proper prompt engineering, says Emerald Oceans Wingate. Start small and build up gradually. For example, when introducing AI for customer service, companies often begin by having AI suggest responses that human agents review, rather than letting AI respond directly to customers. Only after proving this works [should] they expand AIs role.

The government has rowed back on proposals to require all residential projects on grey belt sites to deliver 50% affordable housing as it published the final version of its long-awaited revisions to national planning policy.In a significant victory for the development sector, the government said that it would instead require speculative applications approved on the newly defined grey belt sites on former green belt land to deliver 15% more affordable homes than in the local housing policy up to a cap of 50%.Housing secretary Angela Rayner has promised to deliver the biggest boost in social and affordable housebuilding in a generationThe change in tack came as the government set out its finalised plans to speed up the planning system in an effort to reach its target of building 1.5 million homes during the course of this parliament.The publication of the formal response to its National Planning Policy Framework consultation at noon today also revealed the extent of the opposition to most of its pro-housing measures with ministers pushing ahead despite the majority of respondents opposing much of the reform package.The change to the previously proposed golden rules will apply to applications seeking to build on so-called grey belt land sites in the green belt which do little to contribute to the green belts core purposes, which relate to keeping the countryside open.The government had said that all sites would have to deliver at least 50% affordable homes or be subject to a viability test on the basis of a stringent benchmark land value which housebuilders had argued would make many, if not most, green belt sites unviable.The Home Builders Federation (HBF) and the Land, Planning and Development Federation (LPDF) had both lobbied to replace the 50% flat rate for affordable housing on grey belt sites promised by Labour as a condition for releasing green belt land prior to the election to be replaced with a 10% affordable housing premium on local policies.The governments change instead requires developers to deliver a 15% premium above local policies. It also states that, at the point at which local authorities have new plans in place, the government will let those authorities set the affordability requirement on grey blt sites themselves.The changes to the National Planning Policy Framework (NPPF), published in draft form in July, confirmed increases in housing targets, which will once again be mandatory, with local councils now expected to demonstrate how they will meet a combined annual target of 370,000 homes. The previous housing targets, which were advisory, had a combined total of just 305,000.Under the finalised NPPF, areas with the highest unaffordability and greatest potential for growth will see targets increase, according to the government, while stronger action is planned to ensure councils adopt new plans.The target has increased by 7,300 in London, compared to the summer, and has also risen slightly in the South-east and East of England regions.The target has fallen in all other areas compared to the consulted version, with the biggest drop in Yorkshire and the Humber.The NPPF will also require councils to review greenbelt boundaries to meet their targets, by identifying lower quality land, on which development will be subject to a set of requirements related to infrastructure and affordable housing provision.> Also read:Planning more clearly is the way to delegate decision-makingIn a statement this morning, housing secretary Angela Rayner said: Todays landmark overhaul will sweep away last years damaging changes and shake up a broken planning system which caves into the blockers and obstructs the builders.I will not hesitate to do what it takes to build 1.5 million new homes over five years and deliver the biggest boost in social and affordable housebuilding in a generation.The final version of the NPPF came after a consultation which saw more than 10,000 responses.The draft NPPF was widely supported across the industry, though there were nevertheless calls for greater support for small and medium-sized businesses, as well as clearer and more precise language to ensure the NPPF is easily interpreted in planning decisions.However, a number of local authorities have come out against Labours attempt to increase targets for their areas, suggesting they are being set up to fail.Addressing the House of Commons in a ministerial statement today, housing minister Matthew Pennycook, said: The views shared with us have been invaluable in helping refine our initial proposals so that we are able to introduce an effective package of reforms today.Changes to the NPPFPennycook told parliamentthere were four areas of significant change to their initial proposals:Housing targetsPennycook told MPs: We fully intend to maintain the level of ambition outlined in July, but we heard through the consultation a clear view that we should do more to target housing growth on those places where affordability pressures are most acute.We have therefore made the method more responsive to demand, redistributing housing targets towards those places where housing is least affordable, while maintaining the overall target envelope.Grey belt definitionThis approach received broad support through the consultation, but a strong desire was expressed to limit the room for subjectivity. We have therefore set out a clearer description of how to assess where the land meets the definition of grey belt and we will be providing further guidance to local authorities in the new year.Housingminister Matthew Pennycook said the final plans showed the government had listened to the consultationThe proposals had come in for criticism from witnesses at the House of Lords built environment committees short inquiry into the matter.It had been suggested that the definition of grey belt lacked clarity and would lead to confusion among planners and a surge in legal challenges.Golden rulesGolden rules proposed a flat 50% affordable housing target with limited use of viability assessments to adjust this.Pennycook said: Through the consultation, we have recognised that this approach risked uncertainty.Rather than a single 50% target, we are introducing a 15 percentage point premium on top of targets set in local plans up to a maximum of 50%. And because that means the target itself will be responsive to local circumstances, we will be restricting the ability for site-specific viability assessments until such time as we have amended viability guidance in the spring of next year.Presumption in favour and transitionPennycook also announced changes to ensure that, where the presumption in favour of sustainable development applies, it will be consistent with the clear requirements in national policy relating to sustainability, density design and the provision of affordable homes.He said the government was also softening transitional arrangements for local authorities at an advanced stage of planmaking.Local authorities will be given two more months to progress their plans. The transitional arrangement will apply where the draft housing requirement in the plan meets at least 80% of local housing need, rather than numerical 200 homes threshold originally proposed.

Carote 14-piece knife set: $50 Save $150 $50 at Walmart Apple iPad (10th gen): $279 Save $70 $279 at Walmart Travelhouse hardshell carry-on: $50 Save $100 $50 at Walmart Apple Watch Series 10: $349 Save $50 $349 at Walmart The holidays are here, and if you still haven't tackled your holiday shopping list, you still have time to score lovely gifts. If you haven't considered shopping there, Walmart has some of the best deals around. They're known for doing rollbacks on items across multiple categories, including tech, essentials and home goods. This holiday season they've amped up their discounts, which means it's easier to cross everyone off your list without breaking the bank. We've rounded some of the best deals we could find so you can click and saveSee at WalmartThe sheer volume of deals can be overwhelming, and it's not always easy to determine which deals are worth your time (and money). But the CNET Deals team knows how to sniff out a good deal, and we're constantly assessing the best offers from across the web -- including at Walmart. To make things easier, we're regularly rounding up the best Walmart deals below so you'll always see the most noteworthy price drops and promotions. Read on for our pick of the best available right now. Hey, did you know?CNET Deals texts are free, easy and save you money. Additionally, if you're looking for gift ideas, be sure to also check out CNET's gift guides for solid bargains and gifts for every occasion. Best Walmart deals to shop today Carote/CNET No kitchen is complete without a good set of knives. This 14-piece Carote knife set is a beautiful option. The knives are made from stainless steel, ensuring long-lasting performance. It includes an 8-inch chef knife, 8-inch bread knife, a 7-inch santoku knife along with 6 steak knives and more. There's also a wooden knife block that keeps everything securely stored and easily accessible. $50 at Walmart Apple / CNET Apple's iPad (10th generation) is one of the best tablets you can buy, and Walmart is offering $70 off right now. This is Apple's entry-level tablet, so it's affordable, but it also has many of the latest features. Our editors believe the "larger display, USB-C port, better-positioned front-facing camera and faster processor make it a great choice for most." $279 at Walmart Travelhouse/CNET If you're traveling this holiday season, save yourself the hassle and skip the checked bags. Instead, grab a good carry-on, like this Travelhouse hardshell suitcase, and keep it rolling. This carry-on is lightweight and comes in several colors, including black, orange, green and light purple. It's perfect for short trips and is currently on sale at $100 off the original retail price. $50 at Walmart The Apple Watch Series 10 is one of our overallfavorite smartwatchesright now. It hit shelves just a few months ago, and we're already seeing some significant savings. Right now, you've got the opportunity to snag one at Walmart and save $50. $349 at Walmart More Walmart deals worth checking out:Apple iPad (9th gen): $249 (save $80)PlayStation 5 Disc Edition - Fortnite Cobalt Star bundle: $424 (save $76)Samsung Galaxy Buds 2: $125 (save $24)Apple MacBook Air 13-inch: $649 (save $50)JBL Clip 4 Bluetooth speaker: $48 (save $17)Samsung 43-inch 4K smart TV: $268 (save $60)Apple AirPods with charging case (2nd gen): $89 (save $50)Arlo Pro 3 floodlight camera: $187 (save $63)Onn 32-inch HD Roku TV: $88 (save $10)Famistar folding treadmill: $660 (save $1,740)Ingalik queen mattress topper: $45 (save $55)Ecomoment dash cam: $33 (save $47)JBL Tune 670NC headphones: $60 (save $40)iDoo air mattress: $66 (save $104)Samsung Galaxy Tab A9 Plus 11-inch tablet: $149 (save $30)JLab JBuds Lux ANC headphones: $50 (save $30)Baseus wireless portable charger: $19 (save $31)Cinemark $50 e-gift card: $40 (save $10)MiniARK LED cornhole set: $20 (save $20)Xbox Series S 512SSD console and extra controller: $324 (save $36)Dyson V7 advanced cordless vacuum cleaner: $200 (save $200)JBL TuneBeam wireless earbuds: $39 (save $61)Renpho Shiatsu foot massager: $59 (save $71) These Impulse Buys Under $25 Actually Make Great Gifts See all photos