Photo editing app Luminar Mobile is delivering two highly requested user features today. Full RAW image editing support and iCloud sync between devices arrives in Luminar Mobile 2.2.Luminar Mobile includes access on iPhone, iPad, and even Apple Vision Pro. Availability on Apple Vision Pro is especially interesting. Thats because AVP doesnt really offer native photo editing in the built-in Photos app. Paired with iCloud sync today, Luminar Mobile should be on your radar if image editing is important to you.Heres a rundown of everything new in Luminar Mobile 2.2:Full RAW Format SupportWith this update, Luminar Mobile now supports RAW files from major camera brands. Usersgain access to professional-grade editing tools, including adjustments for exposure, contrast,highlights, shadows, temperature, and tint. This comprehensive support allows photographers to maximize the potential of their images with exceptional precision.Save Editing HistoryThe new editing history functionality ensures that all edits are automatically saved, allowing users to revisit and continue their work at any time. This functionality provides greater control over the creative process by enabling users to track and review their editing progress with ease.iCloud Sync for Editing HistoryFor those who edit across multiple devices, Luminar Mobile now offers iCloud sync. Edits made onone device, such as an iPhone, can seamlessly transfer to another, like an iPad. This ensures asmooth workflow across Apple devices, enabling users to start a project on one device and seamlessly continue it on another.UI ImprovementsBased on user feedback, the updated Luminar Mobile introduces several interface refinements.These improvements make the app more intuitive and user-friendly, providing a smoother and moreenjoyable editing experience. For iPad users, the Tool Develop section has been reorganized, withthe Saturation and Vignette tools now separated into individual tools for easier access. A newRevert to Original button has been added, allowing users to reset all edits and return to theoriginal image quickly.Learn more about Luminar Mobile here.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Generative AI is sliding towards "the trough of disillusionment."Blowing BubblesAs large language models race to the Moon and AI-generated slop art pollutes government websites, AI spending is ballooning to epic proportions and the bubble may be close to bursting.That's according to a recent analysis by Gartner the Connecticut-based research firm famous for the Gartner hype cycle which posits that worldwide IT spending is expected to total over $5.5 trillion in 2025, an increase of 9.8 percent from 2024.IT sectors such as data centers, devices, and software "will see double-digit growth in 2025, largely due to generative AI hardware upgrades," the report reads.However, despite this unfathomable increase in spending, these segments are not ready to "differentiate themselves in terms of functionality yet, even with new hardware."That actual functionality is of course key to selling AI-as-a-product going forward, because sooner or later, stakeholders, clients, and governments are going to start demanding real, tangible benefits for their forest-melting efforts.Referencing the hype cycle, Gartner research VP John-David Lovelock, said in a statement that "GenAI is sliding toward the trough of disillusionment, which reflects [Chief Information Officers'] declining expectations for GenAI, but not their spending on this technology."In short, AI companies are shelling out more and more to develop GenAI despite growing market skepticism of the tech's use cases. If true, AI is entering a troubling chunk of its lifecycle, where returns slow and investor (not to mention user) expectations drop."Our expectations for what generative AI can and will do are starting to come down," Lovelock told The Register. "We won't make it to the trough until 2026, but 2025 is going to be a year of the slide."Burning BarrelsThis forecast brings into question the logic underlying the incredible economic, environmental, and human costs of AI development. Though we in the US are no strangers to discarding social wellbeing for profit take the commercialization of insulin, for just one of thousands of examples we have grown less experienced since the heights of the space race at moving mountains where profit is not explicitly guaranteed.When, for all their advancements, all these half-baked AI rollouts can offer are "leaked photos of heaven", it needs to be asked: who are these advances for?If AI developers are incapable of producing socially compelling use cases for their models, then burning through trillions of dollars in a never ending AI race isn't anymore practical than a one-way trip to Mars.More on practical AI:Pentagon Official Boasts That AI Is Helping The Military Kill People Faster Than Ever BeforeShare This Article

Old Is NewScientists Listening to Signals From Huge, Mysterious Objects Inside the EarthbyFrank Landymore"Nobody knew what they are, and whether they are only a temporary phenomenon."Jan 23, 9:35 AM ESTEdward Garnero; S. W. French, B. A. Romanowicz, Geophys. J. Int. 199, 1303, 2014 / Futurism"Nobody knew what they are, and whether they are only a temporary phenomenon."Acoustic VersionThe mystery of two "super-continent"-sized structures buried deep in the Earth's mantle has produced a new twist after scientists got a closer look at their composition, suggesting they might be even older than once thought.Or maybe a closer listen may be more accurate. "When there is a big earthquake, the whole Earth will expand and contract like a bell," Arwen Deuss, a seismologist at Utrecht University in the Netherlands and coauthor of a new paper published in the journal Nature, told New Scientist. "Earth becomes a musical instrument."And like an instrument, you can tell a lot about its quality by listening to the tones it produces. The powerful sound waves that resonate through the Earth's interior have long revealed the presence of two low-shear velocity provinces (LLSVPs), or superplumes, over a thousand miles underground, so named because they slow down the sound waves that travel through them.For some reason, though, they don't appear to make the sound waves any less powerful. Now, Deuss and his team believe they have an explanation for why this is though the implications could be even more mind-boggling.Wet BlanketToday, the two LLSVPs sit beneath Africa and the Pacific Ocean. For how long, however, is difficult to say."Nobody knew what they are, and whether they are only a temporary phenomenon, or if they have been sitting there for millions or perhaps even billions of years," Deuss said in a statement about the work."These two large islands are surrounded by a graveyard of tectonic plates which have been transported there by a process called 'subduction,'" she added, "where one tectonic plate dives below another plate and sinks all the way from the Earth's surface down to a depth of almost three thousand kilometers," or about 1,900 miles.Because the LLSVPs are hot, sound waves that are emitted by the Earth's moving interior slow down when they travel across them. This should also "dampen" the sound waves, or make them lose energy, but observations by Deuss and her team showed that this isn't the case.Pain and GrainSo if the temperature alone isn't responsible for the lack of damping, what is?The working theory is grain size,or the size of the crystals believed to comprise the LLSVPS. The researchers suggest that the structures are made up of larger, but less numerous grains. Because there are fewer grains, that means thereare also fewer so-called boundaries between them, Deuss explained. It's these boundaries that cause the loss of energy every time they're traveled across. By contrast, the surrounding "slab graveyard" exhibits much smaller grains so more dampening.Because grains take ages to grow to such a size, that means the LLSVPs are considerably older than the subducted slabs that encase them perhaps nearly as old as the Earth itself, Deuss toldNew Scientist.More on geology: Scientists Say They've Figured Out What Turned the Sun BlueShare This Article

Jan 23, 2025Ravie LakshmananFirmware Security / VulnerabilityAn exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features."These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News."Instead these were very well-known issues that we wouldn't expect to see even on a consumer-grade laptop. These issues could allow attackers to evade even the most basic integrity protections, such as Secure Boot, and modify device firmware if exploited."The company said it analyzed three firewall appliances from Palo Alto Networks, PA-3260, PA-1410, and PA-415, the first of which officially reached end-of-sale on August 31, 2023. The other two models are fully supported firewall platforms.The list of identified flaws, collectively named PANdora's Box, is as follows -CVE-2020-10713 aka BootHole (Affects PA-3260, PA-1410, and PA-415), refers to a buffer overflow vulnerability that allows for a Secure Boot bypass on Linux systems with the feature enabledCVE-2022-24030, CVE-2021-33627, CVE-2021-42060, CVE-2021-42554, CVE-2021-43323, and CVE-2021-45970 (Affects PA-3260), which refers to a set of System Management Mode (SMM) vulnerabilities affecting Insyde Software's InsydeH2O UEFI firmware that could lead to privilege escalation and Secure Boot bypassLogoFAIL (Affects PA-3260), which refers to a set of critical vulnerabilities discovered in the Unified Extensible Firmware Interface (UEFI) code that exploit flaws in image parsing libraries embedded in the firmware to bypass Secure Boot and execute malicious code during system startupPixieFail (Affects PA-1410 and PA-415), which refers to a set of vulnerabilities in the TCP/IP network protocol stack incorporated in the UEFI reference implementation that could lead to code execution and information disclosureInsecure flash access control vulnerability (Affects PA-415), which refers to a case of misconfigured SPI flash access controls that could permit an attacker to modify UEFI directly and bypass other security mechanismsCVE-2023-1017 (Affects PA-415), which refers to an out-of-bounds write vulnerability in the Trusted Platform Module (TPM) 2.0 reference library specificationIntel bootguard leaked keys bypass (Affects PA-1410)"These findings underscore a critical truth: even devices designed to protect can become vectors for attack if not properly secured and maintained," Eclypsium said. "As threat actors continue to target security appliances, organizations must adopt a more comprehensive approach to supply chain security.""This includes rigorous vendor assessments, regular firmware updates, and continuous device integrity monitoring. By understanding and addressing these hidden vulnerabilities, organizations can better protect their networks and data from sophisticated attacks that exploit the very tools meant to safeguard them."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 23, 2025Ravie LakshmananPhishing / MalwareCybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer."The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world," Leandro Fres, senior threat research engineer at Netskope Threat Labs, said in a report shared with The Hacker News."The campaign also spans multiple industries, including healthcare, banking, and marketing, with the telecom industry having the highest number of organizations targeted."The attack chain begins when a victim visits a compromised website, which directs them to a bogus CAPTCHA page that specifically instructs the site visitor to copy and paste a command into the Run prompt in Windows that uses the native mshta.exe binary to download and execute an HTA file from a remote server.It's worth noting that a previous iteration of this technique, widely known as ClickFix, involved the execution of a Base64-encoded PowerShell script to trigger the Lumma Stealer infection.The HTA file, in turn, executes a PowerShell command to launch a next-stage payload, a PowerShell script that unpacks a second PowerShell script responsible for decoding and loading the Lumma payload, but not before taking steps to bypass the Windows Antimalware Scan Interface (AMSI) in an effort to evade detection."By downloading and executing malware in such ways, the attacker avoids browser-based defenses since the victim will perform all of the necessary steps outside of the browser context," Fres explained."The Lumma Stealer operates using the malware-as-a-service (MaaS) model and has been extremely active in the past months. By using different delivery methods and payloads it makes detection and blocking of such threats more complex, especially when abusing user interactions within the system."As recently as this month, Lumma has also been distributed via approximately 1,000 counterfeit domains impersonating Reddit and WeTransfer that redirect users to download password-protected archives.These archive files contain an AutoIT dropper dubbed SelfAU3 Dropper that subsequently executes the stealer, according to Sekoia researcher crep1x. In early 2023, threat actors leveraged a similar technique to spin up over 1,300 domains masquerading as AnyDesk in order to push the Vidar Stealer malware.The development comes as Barracuda Networks detailed an updated version of the Phishing-as-a-Service (PhaaS) toolkit known as Tycoon 2FA that includes advanced features to "obstruct, derail, and otherwise thwart attempts by security tools to confirm its malicious intent and inspect its web pages."These include the use of legitimate possibly compromised email accounts to send phishing emails and taking a series of steps to prevent analysis by detecting automated security scripts, listening for keystrokes that suggest web inspection, and disabling the right-click context menu.Social engineering-oriented credential harvesting attacks have also been observed leveraging avatar provider Gravatar to mimic various legitimate services like AT&T, Comcast, Eastlink, Infinity, Kojeko, and Proton Mail."By exploiting Gravatar's 'Profiles as a Service,' attackers create convincing fake profiles that mimic legitimate services, tricking users into divulging their credentials," SlashNext Field CTO Stephen Kowski said."Instead of generic phishing attempts, attackers tailor their fake profiles to resemble the legitimate services they're mimicking closely through services that are not often known or protected."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Square Mile signs off guidance to encourage developers to hit key environmental benchmarksNew developments in the City of London will need to achieve embodied carbon targets or make other sustainability contributions under planning rules set to come into force in the coming weeks.The City has voted to approve new sustainability guidance for planning applications which will affect how newbuild and refurbishment schemes in the Square Mile are designed and built.Source: ShutterstockThe City has approved new guidance on the environmental impact of both newbuild and retrofit schemesDevelopers will be expected to demonstrate at the planning stage that schemes can achieve new embodied carbon benchmarks aligning with Greater London Authority benchmarks.If they do not meet this target, developments will be expected to go above and beyond in delivering wider environmental benefits for the City.This could include creating or extending local energy networks, upgrading public realm to support transport routes, supporting climate resilience infrastructure or providing skills and training in sustainable construction.Newbuild office schemes will now also be expected to hit a five-star rating on the NABERS tool for measuring environmental impact and energy efficiency, while retrofit projects will need to achieve a four-star rating.Shravan Joshi, chairman of the Citys Planning and Transport Committee, said the vote was a major step forward for the Square Miles sustainability goals.This new guidance provides transparency to the built environment sector, encouraging it to come with us on this journey, as we see continued confidence and demand for high quality, sustainable office space in the Square Mile, he said.The City of London is home to some of the most sustainable commercial buildings on the planet and as it continues to be a hugely attractive place for office occupiers, we are setting the pace globally for sustainable design, with the delivery of the next generation of new and retrofit developments, to attract the best global talent, innovators and high growth businesses.

Nuclear power plants, trainlines and wind farms would be built quicker under new rules, government saysThe government has announced plans to speed up the construction of major infrastructure projects by reducing the ability of activists to challenge them in the courts.Keir Starmer said proposals to be included in the upcoming Planning and Infrastructure Bill will take on the NIMBYs and a broken system that has slowed down our progress as a nation.The new planning rules would mean schemes such as nuclear power plants, trainlines, roads and wind farms would not be delayed by a challenge culture, the prime minister said.Sizewell C was put in limbo for two year by legal challenges described by a High Court judge as utterly hopelessInfrastructure schemes can currently be challenged in the courts three times, through a written submission to the High Court, attending an oral hearing and appealing through the Court of Appeal.The government is proposing to scrap the written stage, meaning opponents to schemes would have to convince a judge in person, while the ability to appeal would also be removed if challenge is deemed totally without merit.Legal challenges are a significant factor in slowing down the delivery and increasing the cost of large infrasstructuer schemes.More than half, 58%, of all decisions are taken to court, with each legal challenge taking around 18 months to be resolved on average, with many taking more than two years.Examples include the Sizewell C nuclear plant, which was left in limbo for two years during a legal challenge brought by activists which was later dismissed by a High Court judge as utterly hopeless.A wind farm project in East Anglia and the A47 National Highway Project were also blocked for more than two years by opponents.The governments announcement comes after a review by planning lawyer Lord Banner, who concluded delays to major infrastructure schemes were causing real detriment to the public interest.Reducing the number of permission attempts to one for truly hopeless cases should weed out the worst offenders, without risking inadvertent delays because judges choose to err on the side of caution, he said.The move has been widely welcomed by the construction industry, with Balfour Beatty chief executive Leo Quinn describing it as a vital step towards speeding up important projects while keeping safeguards in place.Reducing the uncertainty that delays progress and drives up costs should help unlock significant economic benefits and enable faster delivery of the critical infrastructure that the UK urgently needs, he said.Connor Teskey, president of Brookfield Asset Management, also welcomed the proposals, calling planning reforms a key priority for the firms business in the UK.British Property Federation chief executive Melanie Leech added: From power stations to bypasses, we take longer to deliver important national projects than other developed nations, and that has to change.If we want to grow the economy and fund vital public services, then we have to better balance environmental and community interests with the benefits of development, and do so in a clear and timely way.Reducing the scope for vexatious and unmerited legal challenges, whilst retaining a right to appeal, is a very positive step in achieving this.

Water Row, Govan, by Collective Architecture Source:&nbsp Keith HunterIn 2025 our aim is to bang the drum for the profession, spelling out how architects can be pivotal to solving the housing crisis in a sustainable way, says Emily Booth Housing (or the lack of it) is one of the defining national issues of our time. The AJ is kicking off the new year with a focus on what architects can bring to help solve the housing crisis: design quality, sustainable approaches, an understanding of the importance of place, delivery expertise and drive, to name a few.Whether the governments target to build 1.5 million new homes within the next five years is achievable is up for debate. There is also a massive climate challenge here you cant build 1.5 million brand new homes and stay within critical carbon budgets. Yet homes are desperately needed; theres a moral imperative to provide them and they should be decent, well-built and supported by proper, sustainable infrastructure.Perfection should not be the enemy of the good when facing a challenge of this magnitude. While shoddy, cheap, gas-guzzling homes are a short-term sticking-plaster, what is key is an environmentally-sensitive build quality that is also deliverable. There is a need and an opportunity for good architecture here, prioritising retrofit and reuse techniques and sustainable M&E wherever possible.AdvertisementOver the following pages youll see examples of where architects have played crucial roles in successful schemes. Its interesting to see common themes emerge often using historical precedent for practical inspiration. If something has worked well before, why not riff off the theme? Everything that has worked before, weve done again, says Maes Alex Ely, commenting on the latest phase of the ambitious regeneration with Hawkins\Brown of the Agar Grove Estate for Camden Council. And Pitman Tozers Bulrush Court for The Guinness Partnership, the latest addition to the Leaside Lock development in Tower Hamlets, uses the 1930s mid-rise mansion block as a tried-and-tested model. Were very interested in how it provides density but on a relatively human scale, says Luke Tozer. Previous examples by the practice include two schemes for Peabody which, each in its own way, reclaimed notably difficult sites for dwellings on a relatable scale.There isnt time to waste in squaring up to the housing and climate challengeWhile pattern books of architectural designs evoke mixed feelings and mindful of the many specific challenges facing individual sites there is surely something in the notion of sharing learning and maximising efficiency where possible. There isnt time to waste in squaring up to the housing and climate challenge, and streamlining best practice makes sense.Good housing, then, will be a topic we put our editorial energies into through 2025 and beyond. Our aim is to bang the drum for the profession, spelling out how architects can be pivotal to solving this national crisis in a sustainable way.AdvertisementWere keen to spotlight the challenges of designing and delivering quality housing, celebrate proven successes and promote positive case studies to decision-makers and influencers beyond the immediate architectural community. Were pleased to be working with the Architects Action for Affordable Housing campaign in this endeavour and we look forward to hearing more about your stand-out schemes.The January edition of the AJ is out now. Subscribers can read the digital edition here, or copies of the printed magazine can be purchasedhere. An AJ subscription is better value click here to view our packages.2025-01-23Emily Boothcomment and share

If you are looking for reliable internet in Iowa City, our internet experts suggest these options.

Sports streaming bundles are on the rise, and Comcast is now joining the game. Launching Thursday, the company is offering Xfinity Sports & News TV, a new package that includes more than 50 channels and an ad-supportedPeacock Premium subscription for $70. Viewers can watch live NFL, MLB, NHL, MLB and college games along with TV shows and feature films. The price is the same as DirecTV's brand-new MySports streaming offering which provides programming from ABC, Fox, NBC, ESPN, TNT and more.What comes with the Xifnity bundle? Available for new and existing Xfinity internet customers, it includes 300 hours of DVR. Subscribers get access to local broadcasts such as ABC, CBS, Fox, NBC and Telemundo along with a selection of news channels like CNBC, Fox News, CNN and MSNBC. Sports fans can stream a lineup of networks that includes ACC, ESPN, SEC Network, Big Ten and FS1. Additionally, the package has a roster of 100-plus FAST channels.The added perk of getting Peacock means fans can watch the platform's originals, theatrical releases from Universal, and content from NBC, Bravo, WWE and more. Peacock Premium alone is $8 monthly or $80 per year.Xfinity customers have other options such as the StreamSaver bundle or access to a free Peacock subscription. If you're not an Xfinity subscriber but want to check out other streaming packages, there's the newStarz and Max bundle, an upcoming sports platform from Fubo, a Max-Disney-Plus-Hulu bundle and a selection of streaming deals.