While shock at yesterdays DeepSeek news saw the stock prices of many tech giants fall, AAPL climbed 3.25% across the course of the day.Experts yesterday expressed amazement at the Chinese companys AI model being on a par with US chatbots like ChatGPT, Gemini, and Llama despite being developed for a fraction of the cost and running on far lower-spec hardware DeepSeeks achievement cannot be over-statedDeepSeek is an AI chatbot developed in China, and which posted benchmarks indicating that its performance was comparable to the worlds best existing models. Experts quickly verified the claims, expressing shock that China was able to achieve this at a fraction of the development cost of US models, and running locally on very modestly-specced PCs.Many said that the scale of this achievement cannot be over-stated.The app quickly climbed to the #1 slot in Apples App Store.Sent US tech stocks tumblingThe biggest shock was how China was able to develop such a powerful AI model while US export controls limited the number of Nvidia GPUs it was able to purchase. We noted yesterday that chatbots from OpenAI, Google, and Anthropic usemore than half a millionof these, while DeepSeek was only able to obtain around 50,000 GPUs meaning its delivering comparable results with only 10% of the processing power.It was previously thought that there was a direct correlation between the number of Nvidia processors and AI performance, so evidence to the contrary saw Nvidia shares slump.The results sent a shockwave through markets on Monday, with Nvidia on course to lose more than $300bn of market value, the biggest recorded drop for any company, as investors reassessed the likely future investment in AI hardware.The share value of other US AI players like Microsoft and Meta similarly fell.ScreenshotBut AAPL climbed 3.25%There was, however, an exception to the trend: AAPL stock climbed 3.25% in the course of the day.Daring Fireballs John Gruber suggested that a key reason might be that it validates Apples approach of aiming to run as much AI stuff as it can on-device. Its own AI servers are the next recourse, with ChatGPT as fallback.There has been skepticism about just how many Apple Intelligence features can be powered by the companys own device chips, rather than having powerful servers do the lifting, but DeepSeek runs on rather ordinary PCs suggesting that Apples approach could be far more successful than anyone has so far imagined.A vast increase in the inference capabilities of RAM-constrained hardware strongly suggests that Apples consumer devices will soon be able to perform far more AI functionality locally.Whether or not hes correct about the impact on the share price, theres no arguing that Apples case for on-device processing just got way more credible.For more on DeepSeek, check out our latest 9to5Neural piece.Photo byJohn CamerononUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Skip to main contentApple @ Work PodcastApple @ Work Podcast: Should Apples certifications be free? Bradley C|Jan 28 2025 - 3:00 am PTApple @ Work is exclusively brought to you by Mosyle,the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost.Request your EXTENDED TRIALtoday and understand why Mosyle is everything you need to work with Apple.In this episode of Apple @ Work, I talk with long-time Apple admin Alan West about a host of topics, including the cost of Apples IT certifications, his history as a Mac admin, whats next for Apple and IT, and much more.Connect with BradleyListen and subscribeListen to Past EpisodesAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel Featuredfrom 9to5Mac9to5Mac Logo Manage push notificationsAllPost

Jan 28, 2025Ravie LakshmananRansomware / Threat IntelligenceCybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar."ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia researchers Zhongyuan Hau (Aaron) and Ren Jie Yow said in a report published last week."Threat actors use these platforms by adopting 'living-off-the-land' techniques and using native tools like SSH to establish a SOCKS tunnel between their C2 servers and the compromised environment."In doing so, the idea is to blend into legitimate traffic and establish long-term persistence on the compromised network with little-to-no detection by security controls.The cybersecurity company said in many of its incident response engagements, ESXi systems were compromised either by using admin credentials or leveraging a known security vulnerability to get around authentication protections. Subsequently, the threat actors have been found to set up a tunnel using SSH or other tools with equivalent functionality."Since ESXi appliances are resilient and rarely shutdown unexpectedly, this tunneling serves as a semi-persistent backdoor within the network," the researchers noted.Sygnia has also highlighted the challenges in monitoring ESXi logs, emphasizing the need for configuring log forwarding to capture all relevant events in one place for forensic investigations.To detect attacks that involve the use of SSH tunneling on ESXi appliances, organizations have been recommended to review the below four log files -/var/log/shell.log (ESXi shell activity log) /var/log/hostd.log (Host agent log) /var/log/auth.log (authentication log) /var/log/vobd.log (VMware observer daemon log) Andariel Employs RID HijackingThe development comes as the AhnLab Security Intelligence Center (ASEC) detailed an attack mounted by the North Korea-linked Andariel group that involves the use of a technique known as Relative Identifier (RID) hijacking to covertly modify the Windows Registry to assign a guest or low privileged account administrative permissions during the next login.The persistence method is sneaky in that it takes advantage of the fact that regular accounts are not subjected to the same level of surveillance as the administrator account, thereby allowing threat actors to perform malicious actions while remaining undetected.However, in order to perform RID hijacking, the adversary must have already compromised a machine and gained administrative or SYSTEM privileges, as it requires changing the RID value of the standard account to that of the Administrator account (500).In the attack chain documented by ASEC, the threat actor is said to have created a new account and assigned it administrator privileges using this approach, after obtaining SYSTEM privileges themselves using privilege escalation tools such as PsExec and JuicyPotato."The threat actor then added the created account to the Remote Desktop Users group and Administrators group using the 'net localgroup' command," the company said. "When an account is added to the Remote Desktop Users group, the account can be accessed by using RDP.""Once the RID value has been changed, the Windows OS recognizes the account created by the threat actor as having the same privileges as the target account, enabling privilege escalation."New Technique for EDR EvasionIn related news, it has also been discovered that an approach based on hardware breakpoints could be leveraged to bypass Event Tracing for Windows (ETW) detections, which provides a mechanism to log events raised by user-mode applications and kernel-mode drivers.This entails using a native Windows function called NtContinue, instead of SetThreadContext, to set debug registers and avoid triggering ETW logging and events that are parsed by EDRs to flag suspicious activity, thereby getting around telemetry that relies on SetThreadContext."By leveraging hardware breakpoints at the CPU level, attackers can hook functions and manipulate telemetry in userland without direct kernel patching challenging traditional defenses," Praetorian researcher Rad Kawar said."This matters because it highlights a technique adversaries can use to evade and maintain stealth while implementing "patchless" hooks that prevent AMSI scanning and avoid ETW logging."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 28, 2025The Hacker NewsCybersecurity / EncryptionWhile passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them from being completely exposed in the event of a data breach and never stored in plaintext.This article examines how today's cyber attackers attempt to crack hashed passwords, explores common hashing algorithms and their limitations, and discusses measures you can take to protect your hashed passwords, regardless of which algorithm you are using.Modern password cracking techniquesMalicious actors have an array of tools and methods at their disposal for cracking hashed passwords. Some of the more widely used methods include brute force attacks, password dictionary attacks, hybrid attacks, and mask attacks.Brute force attacksA brute force attack involves excessive, forceful trial and error attempts to gain account access. Malicious actors employ specialized tools to systematically test password variations until a working combination is discovered. Although unsophisticated, brute force attacks are highly effective using password cracking software and high-powered computing hardware like graphics processing units (GPUs). Password dictionary attackAs its name implies, a password dictionary attack systematically draws words from a dictionary to brute force password variations until finding a working combination. The dictionary contents may contain every common word, specific word lists, and word combinations, as well as word derivatives and permutations with alphanumeric and non-alphanumeric characters (e.g., substituting an "a" with a "@"). Password dictionary attacks may also contain previously leaked passwords or key phrases exposed in data breaches.Hybrid attacksA hybrid password attack combines brute force with dictionary-based methods to achieve better attack agility and efficacy. For example, a malicious actor may use a dictionary word list of commonly used credentials with techniques that integrate numerical and non-alphanumeric character combinations.Mask attacksIn some cases, malicious actors may know of specific password patterns or parameters/requirements. This knowledge allows them to use mask attacks to reduce the number of iterations and attempts in their cracking efforts. Mask attacks use brute force to check password attempts that match a specific pattern (e.g., eight characters, start with a capital letter, and end with a number or special character).How hashing algorithms protect against cracking methodsHashing algorithms are a mainstay across a myriad of security applications, from file integrity monitoring to digital signatures and password storage. And while it's not a foolproof security method, hashing is vastly better than storing passwords in plaintext. With hashed passwords, you can ensure that even if cyber attackers gain access to password databases, they cannot easily read or exploit them.By design, hashing significantly hampers an attacker's ability to crack passwords, acting as a critical deterrent by making password cracking so time and resource intensive that attackers are likely to shift their focus to easier targets.Can hackers crack hashing algorithms? Because hashing algorithms are one-way functions, the only method to compromise hashed passwords is through brute force techniques. Cyber attackers employ special hardware like GPUs and cracking software (e.g., Hashcat, L0phtcrack, John The Ripper) to execute brute force attacks at scaletypically millions or billions or combinations at a time.Even with these sophisticated purpose-built cracking tools, password cracking times can vary dramatically depending on the specific hashing algorithm used and password length/character combination. For example, long, complex passwords can take thousands of years to crack while short, simple passwords can be cracked immediately.The following cracking benchmarks were all found by Specops on researchers on a Nvidia RTX 4090 GPU and used Hashcat software.MD5Once considered an industrial strength hashing algorithm, MD5 is now considered cryptographically deficient due to its various security vulnerabilities; that said, it remains one of the most widely used hashing algorithms. For example, the popular CMS Wordpress still uses MD5 by default; this accounts for approximately 43.7% of CMS-powered websites.With readily available GPUs and cracking software, attackers can instantly crack numeric passwords of 13 characters or fewer secured by MD5's 128-bit hash; on the other hand, an 11-character password consisting of numbers, uppercase/lowercase characters, and symbols would take 26.5 thousand years. SHA256The SHA256 hashing algorithm belongs to the Secure Hash Algorithm 2 (SHA-2) group of hashing functions designed by the National Security Agency (NSA) and released by the National Institute of Standards and Technology (NIST). As an update to the flawed SHA-1 algorithm, SHA256 is considered a robust and highly secure algorithm suitable for today's security applications. When used with long, complex passwords, SHA256 is nearly impenetrable using brute force methods an 11 character SHA256 hashed password using numbers, upper/lowercase characters, and symbols takes 2052 years to crack using GPUs and cracking software. However, attackers can instantly crack nine character SHA256-hashed passwords consisting of only numeric or lowercase characters.BcryptSecurity experts consider both SHA256 and bcrypt as sufficiently strong hashing algorithms for modern security applications. However, unlike SHA256, bcrypt bolsters its hashing mechanism by employing saltingby adding a random piece of data to each password hash to ensure uniqueness, bcrypt makes passwords highly resilient against dictionary or brute force attempts. Additionally, bcrypt employs a cost factor that determines the number of iterations to run the algorithm. This combination of salt and cost factoring makes bcrypt extremely resistant to dictionary and brute force attacks. A cyber attacker using GPUs and cracking software would take 27,154 years to crack an eight-character password consisting of numbers, uppercase/lowercase letters, and symbols hashed by bcrypt. However, numeric or lowercase-only bcrypt passwords under eight characters are trivial to crack, taking between a matter of hours to a few seconds to compromise.How do hackers get around hashing algorithms? Regardless of the hashing algorithm, the common vulnerability is short and simple passwords. Long, complex passwords that incorporate numbers, uppercase and lowercase letters, and symbols are the ideal formula for password strength and resilience. However, password reuse remains a significant issue; just one shared password, no matter how strong, stored in plaintext on a poorly secured website or service, can give cyber attackers access to sensitive accounts. Consequently, cyber attackers are more likely to obtain breached credentials and exposed password lists from the dark web rather than attempting to crack long, complex passwords secured with modern hashing algorithms. Cracking a long password hashed with bcrypt is virtually impossible, even with purpose-built hardware and software. But using a known compromised password is instant and effective. To protect your organization against breached passwords, Specops Password Policy continuously scans your Active Directory against a growing database of over 4 billion unique compromised passwords. Get in touch for a free trial. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Shaun Dippnall , Chief Delivery Officer and Head of Enterprise AI, Sand TechnologiesJanuary 28, 20253 Min ReadDimitar Omi via Alamy StockArtificial Intelligence has become a defining force of the 21st century, sparking debates about its role in shaping the future. While sometimes portrayed as a harbinger of dystopian automation, AI, when leveraged appropriately, can be a catalyst for profound, positive change.AIs ability to deliver a positive impact is not just a concept shared at tech shows or espoused by non-governmental organizations. The technology is already actively reshaping industries and addressing some of the worlds most pressing challenges.As the global water crisis threatens nearly two billion people with absolute scarcity by 2025, AI is proving to be a key player in smart water management. By deploying advanced data-driven solutions, AI is optimizing how we manage water resources, identifying innovative approaches to desalination, reducing environmental impacts by minimizing overflows, and ensuring that water utilities achieve maximum returns on infrastructure investments by optimizing maintenance and operations for improved longevity.In the telecommunications industry, AI is boosting network efficiency and informing how operators can expand access to underserved populations. For instance, one developing country leveraged AI to bring mobile network coverage to 95% of its population while saving $200 million in CapEx compared to a non-AI network planning approach.Related:This latter example shows how AI can be a vital contributor to bridging the digital divide. The scenario above, achieved on a national scale, expanded broadband to rural areas much like the United States is looking to improve broadband penetration through the BEAD program. This altruistic yet practical example demonstrates the power of AI to fuel economic development and enhance access to vital services like education and healthcare. And its not just theoretical; the results are already being felt.This is the impact of AI at its best -- transforming technological innovation into tangible societal progress.Amid the rapid pace of AI innovation, many companies, governments, and researchers have focused on technical possibilities rather than the positive realities of deploying AI at scale.AI holds immense potential to drive social equity and inclusion. Consider the water management scenario above. In regions facing severe water scarcity, AI has optimized resource management and reduced pollution, potentially saving millions of lives and improving the quality of life for vulnerable communities.In the broadband example, AI has helped bring education, telehealth, and employment services to underserved populations, acting as a great equalizer for many communities.Related:Yet AIs ability to benefit society is dependent upon the humans using it. AI, on its own, is neither unethical nor capitalistic. The key to tapping AIs power to generate positive impact lies in practitioners focusing on societys biggest challenges, identifying how AI can play a role in solving them, and implementing a robust governance framework to carefully monitor the project and ensure it stays on an ethical and greater good track.Having worked in AI and data science for a decade, we often encounter projects that we choose not to pursue. The power inherent in AI solutions compels us to look beyond the question of Can we do this? to a discussion about whether we should. AI can be deployed in many areas, and with great effect, so we prioritize projects that have a clear opportunity to benefit society.The path forward demands a concerted effort from companies, particularly those with the resources and influence, to lead by example. It also requires AI partners who share the vision of using AI for initiatives that deliver real, positive impact.In the end, the true measure of AI for social good wont be in what AI can do, but in how it helps build a future where technology enhances and equalizes the human experience. The choices we make today -- whether in deploying AI for water conservation or expanding digital access -- will define AIs trajectory in shaping and achieving that future.Related:About the AuthorShaun Dippnall Chief Delivery Officer and Head of Enterprise AI, Sand TechnologiesShaun Dippnall is chief delivery officer and head of enterprise AI at Sand Technologies, a global AI solutions company with expertise in enterprise and industrial AI, and data science. Shaun has worked with enterprise AI for more than a decade because of his passion to change the world.See more from Shaun Dippnall Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Plans for 357 homes at former gasworks site signed off after second staircase redesignFoster & Partners' revised plans for the former gasworks site in Fulham1/9show captionBerkeley has been given the green light for two residential towers in Fulham designed by Foster & Partners.The fourth phase of the Kings Road Park masterplan will consist of 357 homes in towers of 28 and 38 storeys sharing a seven-storey podium building.It is part of one of the largest regeneration projects in central London, which will see a total of 1,800 homes built across six phases on a former gasworks site containing one of the worlds oldest surviving gasholders.Hammersmith and Fulham councils backing for the application, which originally contained three towers, comes eight months after Berkeley was forced to redesign the scheme to add second staircases.Original plans for the wider masterplan were given outline approval in February 2019 but were hit by a number of delays and redesigns addressing its housing mix and section 106 agreement.The fourth phase, the only part of the scheme to include towers of substantial height were then hit by further delays earlier this year due to new fire safety requirements in residential buildings above 18m which are due to come into force next year.Foster & Partners redesign, submitted in June last year, cut one tower from the proposals, shortened one tower by one storey and increased its shoulder component from 27 to 32 storeys.Original plans for the fourth phase of the masterplan, featuring three towersRevised plans submitted last year cut one tower and expanded the remaining two1/2show captionThe smaller towers shoulder component was also increased by one storey, while the footprints of both buildings were increased to absorb floorspace lost from the scrapped third tower.Berkeley subsidiary St William has said there had been no overall loss of residential floorspace across the scheme due to the amalgamation of the three towers into two.The plans also include 1.9 acres of new parkland, which has been expanded by around 7% compared to the original application.The project team includes planning consultant Lichfields, landscape architect Gillespies, environmental consultant Buro Happold, MEP consultant WSP, facade engineer Wintech, daylight and sunlight consultant GIA and wind consultant Urban Microclimate.

City tower designed for Brookfield up before councillors on FridayThe office will be one of the tallest in the Citys main tower clusterRSHPs proposals for one of the City of Londons tallest office towers at 99 Bishopsgate are expected to be approved this Friday.The 54-storey scheme, part of the growing cluster of towers in the east of the Square Mile, has been recommended for approval by planning officers ahead of a planning committee meeting on 31 January.The tower is intended to act as a gateway into the rest of the Citys main tower clusterDesigned by Brookfield, and expected to be built by its subsidiary Multiplex, it will see the sites existing 28-storey 1970s building demolished to ground level and replaced by 99,000 sq m of commercial floorspace along with a separate six-storey cultural centre.It would also result in a significant transformation of the public realm around the crossroads between Bishopsgate and Wormwood Street, opening up a ground level pedestrian route underneath the building, similar to the open space beneath RSHPs other large City tower, the Cheesegrater.This space would host a new retail, food and drink hub at street level known as the City Market with seating areas, which is intended boost footfall in the area and act as a gateway into the rest of the tower cluster.City planners said the proposals exude architectural excellence and would provide an exceptional new addition to the edge of the cluster.The recommendation for approval comes despite objections by Historic England and St Pauls Cathedral, which have raised concerns about the height of the tower and its impact on protected views.Officers admitted the building would slightly and momentarily diminish the ability to appreciate St Pauls when viewed from the river but this harm was decisively outweighed by the schemes public benefits, including the cultural centre and market space.How the tower would look at street level, showing the proposed market spaceHistoric England said in its objection last November that the tower would create a cliff edge on the border of the cluster which would harm protected views of the grade I-listed cathedral, which is considered the most important heritage asset in the City.A total of 37 letters of objection to the scheme were received by the City against two letters of support.St Pauls Cathedral said in its objection that the tower would cause significant harm to the building and criticised the heritage assessment drawn up as part of the application as erroneous.The assessment submitted by the applicant is so deficient, we suggest, that the regulator should either undertake their own new assessment, or commission a more properly objective and professional evaluation, the cathedral said.The assessment claims that the buildings design, which includes a chamfered corner at roof level, creates a subtle step down at the edge of the cluster which reduced the towers impact on views of the cathedral.The project team for 99 Bishopsgate includes T&T Alinea on costs, AKT II on structural engineering, Ramboll on MEP services, Atelier 10 on sustainability, Momentum on transport, GIA on sunlight and wind, Trium Environmental Consulting on environment and Andy Sturgeon as landscape architect.Planning consultant DP9, communications consultant Kanda Consulting and heritage and townscape consultant The Townscape Consultancy are also on the team.

JCT Construct is a subscription-based contract drafting system with advanced editing features, enabling you to create and amend your JCT contracts in a secure, flexible, and easy-to-use online environment. Depending on the type of subscription chosen, JCT Construct also provides instant access to each JCT 2024 Edition contract, as soon as it is published.With JCT Constructs powerful tools, you can edit the JCT contract text itself, adding your own amendments, clauses, or other customised text. The system also features an intuitive Q&A-driven process to assist you in filling in your contract comprehensively.The JCT Construct system generates your contract in plain copy as well as a comparison document, making it possible to easily read the contracts and see all the changes from the published JCT text.Guest sharing supports collaborative working amongst those involved in the contract drafting to share drafts, to edit, and to see all the changes. Version-to-version comparison allows you to see any changes between draft versions and against the published JCT text, ensuring full transparency between the parties to the contract at all times.Key benefitsEasy to use, flexible, and secure online contract drafting.Access to each JCT 2024 Edition contract, as soon as it is publishedAdd your own amendments, clauses, and other customised text. Clause numbers, cross-references in the JCT text, and table of contents all update automatically.Guest sharing supports collaboration and enables all those involved in the drafting to share drafts, edit, and see all the changes.Create boilerplates so you can re-use your standard set of changes.Print draft contracts for review.Print final contracts for signing.Print comparison documents showing all changes against the published JCT text for full transparency.Learn more and choose your subscription at jctltd.co.uk/jct-construct 2025-01-28AJ Contributorcomment and share

The 56-year-old Dhaka-born architects proposal for the temporary structure in Kensington Gardens, London, will be the 24th in the gallerys ongoing series of annual architectural commissions, which began 25 years ago with Zaha Hadid (see full list of previous designers below) in 2000.Tabassumset up MTA in 2005 after a decade working for Dhaka-based studio URBANA, during which time the firm won international design competitions for the Independence Monument of Bangladesh and the countrys Museum of Independence.In 2016, she received the Aga Khan Award for Architecture for the Bait ur Rouf Mosque in Dhaka, and in 2021 Tabassum was awarded the Soane Medal in recognition of her pioneering work designing low-cost temporary homes for refugees and victims of climate change.AdvertisementMore on this topicMarina Tabassum completes demountable house for Vitra CampusTabassum teaches at several universities, including the Delft University of Technology in The Netherlands. In 2023, Tabassum held the Norman Foster Chair at Yale University.The concept for the 2025 Serpentine Pavilion, which has been titled A Capsule in Time, draws on the history and form of Shamiyana tents and awnings used for ceremonial occasions in South Asia, while honouring arched garden canopies found in the surrounding park.Set up on a north-to-south axis, the oblong-shaped pavilion features four wooden capsules, or arches, which will diffuse daylight and simultaneously provide shelter. The design also includes a kinetic element whereby one of the capsule elements can move and connect with another. In the middle, a courtyard space with a tree will align with the Serpentine Gallerys belltower. Source:Marina Tabassum Architects2025 Serpentine PavilionExplaining the teams approach to designing the pavilion, Tabassum said: When conceiving our design, we reflected on the transient nature of the commission, which appears to us as a capsule of memory and time. The archaic volume of a half-capsule, generated by geometry and wrapped in light semi-transparent material, will create a play of filtered light that will pierce through the structure as if under a Shamiyana at a Bengali wedding.Serpentine chief executive Bettina Korek and artistic director Hans Ulrich Obrist said: A Capsule in Time will honour connections with the Earth and celebrate the spirit of community. Built around a mature tree at the centre of the structure, Tabassums design will bring the park inside the Pavilion. Its kinetic dimension will also harken back to the levitating element of Rem Koolhaas & Cecil Balmond with Arups Serpentine Pavilion 2006.AdvertisementLast summers pavilion, designed by Seoul-born Mass Studies founder Minsuk Cho, featured five islands arranged around an open space, similar to the small courtyards found in traditional Korean houses. Source:Asif SalmanMarina TabassumSerpentine Pavilion history2025 Marina Tabassum2024 Mass Studies2023 Lina Ghotmeh2022Theaster Gates2021Counterspace2019Junya Ishigami2018Frida Escobedo2017Dibdo Francis Kr2016 BIG Bjarke Ingels2015SelgasCano2014Smiljan Radic2013Sou Fujimoto2012Herzog & de Meuron and Ai Weiwei2011Peter Zumthor2010Jean Nouvel2009Kazuyo Sejima and Ryue Nishizawa, SANAA2008Frank Gehry2007Olafur Eliasson and Kjetil Thorsen2006Rem Koolhaas and Cecil Balmond with Arup2005lvaro Siza and Eduardo Souto de Moura with Cecil Balmond, Arup2004 MVRDV with Arup (unrealised)2003Oscar Niemeyer2002Toyo Ito and Cecil Balmond with Arup2001Daniel Libeskind with Arup2000Zaha Hadid

Apple'sfoldable iPhonehas been floating around the rumor mill for years at this point. We'd tentatively hoped to see it launch during September's iPhone 16 event, but we were left disappointed. The rumors persist though and it's likely Apple will want to get in on the folding phone game at some point. Having tested, reviewed and photographed almost every foldable phone available since Samsung launched its first Z Fold back in 2019, I have some thoughts -- and words of caution -- for Apple as it gets closer to potentially unveiling an iPhone Flip.I've written before about why foldable phones have disappointed me and how Apple could be the company to give the category a boost. Because foldables really do need a boost. We've seen new foldables from Samsung, Google, Motorola, OnePlusand Xiaomi, but none of them have managed to get me especially excited. All those companies' new launches were just iterations of what they already had.Foldables are decent on the surface, but beyond the novelty of the bending display, they don't offer anything truly unique. The more Android companies that join the folding fray, the more concerned I've become that Apple could run into the same problem, with the iPhone Flip being a generic, redundant novelty. Watch this: When Is the iPhone Flip Going to Come Out? 08:04 A foldable iPhone needs to be more than just a regular iPhone with a screen that can bend.Here's what Apple needs to do.Focus on softwareUnfortunately, the foldable Android devices we've seen so far -- including the new Samsung Galaxy Z Fold 6 and Z Flip 6 -- are essentially just regular Android phones with flexible displays. The hardware is impressive, sure, but once you get over the novelty of a phone that bends in half it just becomes like any other phone. Except one you've paid a huge amount of money for.The problem is that while the folding hardware works well, the software is basically the same that you'd find on the non-folding versions of the phones. There are few adjustments for the larger displays in the core Android software and most third-party apps don't really take advantage of the format. As a result, I'm still waiting for that "oh wow" moment that makes me see the true value of a folding phone. The hardware on Samsung's Z Fold 6 has certainly evolved since the first Z Fold, but the software remains pretty underwhelming. Andrew Lanxon/CNETI had hoped that Google, as the maker of Android, would develop more software features that would make full use of the folding format with its Pixel Fold range. I do like the most recent Pixel 9 Pro Fold and think it's probably one of the best foldables out there. But there's no question that it still feels more like an exercise in keeping pace with the competition rather than a genuine attempt to innovate.Apple's deep developer relationships will hopefully play right into its hands here, with productivity, entertainment and gaming app producers likely poised and ready to create killer apps that show why foldable phones truly are the next step in our phone's evolution.Stand out from the crowdEven on the hardware side of things we're already seeing duplication in designs and form factors. Motorola's new Razr Plus is essentially the same as Samsung's Z Flip 6 and there's little to choose between the OnePlus Open, Google Pixel Fold and Galaxy Z Fold 6 beyond a few minor touches. Most of the foldables we've seen so far tend to look alike. John Kim/CNETApple needs to avoid a folding iPhone that just looks like a clone of existing Android foldables. It needs to stand out and reinforce why Apple is the champion when it comes to product engineering. Let's not forget that Apple didn't invent the mobile phone, but its top-class designers and engineers created a product with the first iPhone that completely revolutionized what a phone could be.Apple has time on its side here; by being late to the party and not rushing in with a "me too!" product, it's been able to see the progression of foldables from Samsung's first Z Fold, through to the more advanced models we have today. It's given the company an opportunity to bide its time and learn from others' mistakes and hopefully put that same spark that made the original iPhone so transformative into its first foldable.Don't skimp on the specs -- and then doA folding iPhone, if we ever get one, should be the showcase for what Apple can achieve with a phone. It needs to not just be cutting edge in terms of its design but also be packed with the latest, greatest tech the company has to offer elsewhere. That means it needs to be able to keep pace with the Pro models, not be a cut-down version that just happens to fold. The Galaxy Z Flip 6 is a nice bit of kit, but its hardware doesn't compete with Samsung's regular phones. Andrew Lanxon/CNETWe've seen this with many other foldables, including Samsung, which typically packs its folding phones -- especially the Z Flip line -- with lesser specs than you'd get from its top-end non-folding models. The result is that you're forced to pay top dollar for the bendable phone but still end up with lower performance than your friend who has a much cheaper phone than you.It's especially true with the cameras, with even Samsung's most expensive Z Fold 6 packing a camera setup that doesn't compete with the S24 Ultra. So you're left having to decide between the best camera performance or the best folding tech. Either way, you're having to make a compromise and that's not okay when you're spending well into four figures for the privilege.An Apple foldable needs to pack the same triple camera setup from the Pro line, along with ProRaw imaging and ProRes video capture. It needs to have the latest processor capable of handling anything you'll throw at it and it needs to be able to run Apple's new AI skills (Apple Intelligence) at least as well as any other phone the company makes. Until we get a real folding iPhone, we'll have to make do with my awful Photoshopped version. Andrew Lanxon/CNETSuch a device will cost a fortune, so Apple also needs a more affordable option that's aimed more towards those who simply want the fun of the hinge without all the bells and whistles. Why? Because it needs mass market appeal to get developers on board. A hyper-expensive elite iPhone Fold will have too few adopters early on, and so why would developers waste time dreaming up and producing apps for so few potential customers? On the other hand, just going for the cheap and fun model will make it seem like a toy. A gimmick that gets some headlines but isn't really for serious users.To truly dominate the market with developers on board, Apple will need to tackle both sides of the value equation.