Skip to main contentApple @ Work PodcastApple @ Work Podcast: Should Apples certifications be free? Bradley C|Jan 28 2025 - 3:00 am PTApple @ Work is exclusively brought to you by Mosyle,the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost.Request your EXTENDED TRIALtoday and understand why Mosyle is everything you need to work with Apple.In this episode of Apple @ Work, I talk with long-time Apple admin Alan West about a host of topics, including the cost of Apples IT certifications, his history as a Mac admin, whats next for Apple and IT, and much more.Connect with BradleyListen and subscribeListen to Past EpisodesAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel Featuredfrom 9to5Mac9to5Mac Logo Manage push notificationsAllPost

Jan 28, 2025Ravie LakshmananRansomware / Threat IntelligenceCybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar."ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia researchers Zhongyuan Hau (Aaron) and Ren Jie Yow said in a report published last week."Threat actors use these platforms by adopting 'living-off-the-land' techniques and using native tools like SSH to establish a SOCKS tunnel between their C2 servers and the compromised environment."In doing so, the idea is to blend into legitimate traffic and establish long-term persistence on the compromised network with little-to-no detection by security controls.The cybersecurity company said in many of its incident response engagements, ESXi systems were compromised either by using admin credentials or leveraging a known security vulnerability to get around authentication protections. Subsequently, the threat actors have been found to set up a tunnel using SSH or other tools with equivalent functionality."Since ESXi appliances are resilient and rarely shutdown unexpectedly, this tunneling serves as a semi-persistent backdoor within the network," the researchers noted.Sygnia has also highlighted the challenges in monitoring ESXi logs, emphasizing the need for configuring log forwarding to capture all relevant events in one place for forensic investigations.To detect attacks that involve the use of SSH tunneling on ESXi appliances, organizations have been recommended to review the below four log files -/var/log/shell.log (ESXi shell activity log) /var/log/hostd.log (Host agent log) /var/log/auth.log (authentication log) /var/log/vobd.log (VMware observer daemon log) Andariel Employs RID HijackingThe development comes as the AhnLab Security Intelligence Center (ASEC) detailed an attack mounted by the North Korea-linked Andariel group that involves the use of a technique known as Relative Identifier (RID) hijacking to covertly modify the Windows Registry to assign a guest or low privileged account administrative permissions during the next login.The persistence method is sneaky in that it takes advantage of the fact that regular accounts are not subjected to the same level of surveillance as the administrator account, thereby allowing threat actors to perform malicious actions while remaining undetected.However, in order to perform RID hijacking, the adversary must have already compromised a machine and gained administrative or SYSTEM privileges, as it requires changing the RID value of the standard account to that of the Administrator account (500).In the attack chain documented by ASEC, the threat actor is said to have created a new account and assigned it administrator privileges using this approach, after obtaining SYSTEM privileges themselves using privilege escalation tools such as PsExec and JuicyPotato."The threat actor then added the created account to the Remote Desktop Users group and Administrators group using the 'net localgroup' command," the company said. "When an account is added to the Remote Desktop Users group, the account can be accessed by using RDP.""Once the RID value has been changed, the Windows OS recognizes the account created by the threat actor as having the same privileges as the target account, enabling privilege escalation."New Technique for EDR EvasionIn related news, it has also been discovered that an approach based on hardware breakpoints could be leveraged to bypass Event Tracing for Windows (ETW) detections, which provides a mechanism to log events raised by user-mode applications and kernel-mode drivers.This entails using a native Windows function called NtContinue, instead of SetThreadContext, to set debug registers and avoid triggering ETW logging and events that are parsed by EDRs to flag suspicious activity, thereby getting around telemetry that relies on SetThreadContext."By leveraging hardware breakpoints at the CPU level, attackers can hook functions and manipulate telemetry in userland without direct kernel patching challenging traditional defenses," Praetorian researcher Rad Kawar said."This matters because it highlights a technique adversaries can use to evade and maintain stealth while implementing "patchless" hooks that prevent AMSI scanning and avoid ETW logging."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 28, 2025The Hacker NewsCybersecurity / EncryptionWhile passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them from being completely exposed in the event of a data breach and never stored in plaintext.This article examines how today's cyber attackers attempt to crack hashed passwords, explores common hashing algorithms and their limitations, and discusses measures you can take to protect your hashed passwords, regardless of which algorithm you are using.Modern password cracking techniquesMalicious actors have an array of tools and methods at their disposal for cracking hashed passwords. Some of the more widely used methods include brute force attacks, password dictionary attacks, hybrid attacks, and mask attacks.Brute force attacksA brute force attack involves excessive, forceful trial and error attempts to gain account access. Malicious actors employ specialized tools to systematically test password variations until a working combination is discovered. Although unsophisticated, brute force attacks are highly effective using password cracking software and high-powered computing hardware like graphics processing units (GPUs). Password dictionary attackAs its name implies, a password dictionary attack systematically draws words from a dictionary to brute force password variations until finding a working combination. The dictionary contents may contain every common word, specific word lists, and word combinations, as well as word derivatives and permutations with alphanumeric and non-alphanumeric characters (e.g., substituting an "a" with a "@"). Password dictionary attacks may also contain previously leaked passwords or key phrases exposed in data breaches.Hybrid attacksA hybrid password attack combines brute force with dictionary-based methods to achieve better attack agility and efficacy. For example, a malicious actor may use a dictionary word list of commonly used credentials with techniques that integrate numerical and non-alphanumeric character combinations.Mask attacksIn some cases, malicious actors may know of specific password patterns or parameters/requirements. This knowledge allows them to use mask attacks to reduce the number of iterations and attempts in their cracking efforts. Mask attacks use brute force to check password attempts that match a specific pattern (e.g., eight characters, start with a capital letter, and end with a number or special character).How hashing algorithms protect against cracking methodsHashing algorithms are a mainstay across a myriad of security applications, from file integrity monitoring to digital signatures and password storage. And while it's not a foolproof security method, hashing is vastly better than storing passwords in plaintext. With hashed passwords, you can ensure that even if cyber attackers gain access to password databases, they cannot easily read or exploit them.By design, hashing significantly hampers an attacker's ability to crack passwords, acting as a critical deterrent by making password cracking so time and resource intensive that attackers are likely to shift their focus to easier targets.Can hackers crack hashing algorithms? Because hashing algorithms are one-way functions, the only method to compromise hashed passwords is through brute force techniques. Cyber attackers employ special hardware like GPUs and cracking software (e.g., Hashcat, L0phtcrack, John The Ripper) to execute brute force attacks at scaletypically millions or billions or combinations at a time.Even with these sophisticated purpose-built cracking tools, password cracking times can vary dramatically depending on the specific hashing algorithm used and password length/character combination. For example, long, complex passwords can take thousands of years to crack while short, simple passwords can be cracked immediately.The following cracking benchmarks were all found by Specops on researchers on a Nvidia RTX 4090 GPU and used Hashcat software.MD5Once considered an industrial strength hashing algorithm, MD5 is now considered cryptographically deficient due to its various security vulnerabilities; that said, it remains one of the most widely used hashing algorithms. For example, the popular CMS Wordpress still uses MD5 by default; this accounts for approximately 43.7% of CMS-powered websites.With readily available GPUs and cracking software, attackers can instantly crack numeric passwords of 13 characters or fewer secured by MD5's 128-bit hash; on the other hand, an 11-character password consisting of numbers, uppercase/lowercase characters, and symbols would take 26.5 thousand years. SHA256The SHA256 hashing algorithm belongs to the Secure Hash Algorithm 2 (SHA-2) group of hashing functions designed by the National Security Agency (NSA) and released by the National Institute of Standards and Technology (NIST). As an update to the flawed SHA-1 algorithm, SHA256 is considered a robust and highly secure algorithm suitable for today's security applications. When used with long, complex passwords, SHA256 is nearly impenetrable using brute force methods an 11 character SHA256 hashed password using numbers, upper/lowercase characters, and symbols takes 2052 years to crack using GPUs and cracking software. However, attackers can instantly crack nine character SHA256-hashed passwords consisting of only numeric or lowercase characters.BcryptSecurity experts consider both SHA256 and bcrypt as sufficiently strong hashing algorithms for modern security applications. However, unlike SHA256, bcrypt bolsters its hashing mechanism by employing saltingby adding a random piece of data to each password hash to ensure uniqueness, bcrypt makes passwords highly resilient against dictionary or brute force attempts. Additionally, bcrypt employs a cost factor that determines the number of iterations to run the algorithm. This combination of salt and cost factoring makes bcrypt extremely resistant to dictionary and brute force attacks. A cyber attacker using GPUs and cracking software would take 27,154 years to crack an eight-character password consisting of numbers, uppercase/lowercase letters, and symbols hashed by bcrypt. However, numeric or lowercase-only bcrypt passwords under eight characters are trivial to crack, taking between a matter of hours to a few seconds to compromise.How do hackers get around hashing algorithms? Regardless of the hashing algorithm, the common vulnerability is short and simple passwords. Long, complex passwords that incorporate numbers, uppercase and lowercase letters, and symbols are the ideal formula for password strength and resilience. However, password reuse remains a significant issue; just one shared password, no matter how strong, stored in plaintext on a poorly secured website or service, can give cyber attackers access to sensitive accounts. Consequently, cyber attackers are more likely to obtain breached credentials and exposed password lists from the dark web rather than attempting to crack long, complex passwords secured with modern hashing algorithms. Cracking a long password hashed with bcrypt is virtually impossible, even with purpose-built hardware and software. But using a known compromised password is instant and effective. To protect your organization against breached passwords, Specops Password Policy continuously scans your Active Directory against a growing database of over 4 billion unique compromised passwords. Get in touch for a free trial. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Shaun Dippnall , Chief Delivery Officer and Head of Enterprise AI, Sand TechnologiesJanuary 28, 20253 Min ReadDimitar Omi via Alamy StockArtificial Intelligence has become a defining force of the 21st century, sparking debates about its role in shaping the future. While sometimes portrayed as a harbinger of dystopian automation, AI, when leveraged appropriately, can be a catalyst for profound, positive change.AIs ability to deliver a positive impact is not just a concept shared at tech shows or espoused by non-governmental organizations. The technology is already actively reshaping industries and addressing some of the worlds most pressing challenges.As the global water crisis threatens nearly two billion people with absolute scarcity by 2025, AI is proving to be a key player in smart water management. By deploying advanced data-driven solutions, AI is optimizing how we manage water resources, identifying innovative approaches to desalination, reducing environmental impacts by minimizing overflows, and ensuring that water utilities achieve maximum returns on infrastructure investments by optimizing maintenance and operations for improved longevity.In the telecommunications industry, AI is boosting network efficiency and informing how operators can expand access to underserved populations. For instance, one developing country leveraged AI to bring mobile network coverage to 95% of its population while saving $200 million in CapEx compared to a non-AI network planning approach.Related:This latter example shows how AI can be a vital contributor to bridging the digital divide. The scenario above, achieved on a national scale, expanded broadband to rural areas much like the United States is looking to improve broadband penetration through the BEAD program. This altruistic yet practical example demonstrates the power of AI to fuel economic development and enhance access to vital services like education and healthcare. And its not just theoretical; the results are already being felt.This is the impact of AI at its best -- transforming technological innovation into tangible societal progress.Amid the rapid pace of AI innovation, many companies, governments, and researchers have focused on technical possibilities rather than the positive realities of deploying AI at scale.AI holds immense potential to drive social equity and inclusion. Consider the water management scenario above. In regions facing severe water scarcity, AI has optimized resource management and reduced pollution, potentially saving millions of lives and improving the quality of life for vulnerable communities.In the broadband example, AI has helped bring education, telehealth, and employment services to underserved populations, acting as a great equalizer for many communities.Related:Yet AIs ability to benefit society is dependent upon the humans using it. AI, on its own, is neither unethical nor capitalistic. The key to tapping AIs power to generate positive impact lies in practitioners focusing on societys biggest challenges, identifying how AI can play a role in solving them, and implementing a robust governance framework to carefully monitor the project and ensure it stays on an ethical and greater good track.Having worked in AI and data science for a decade, we often encounter projects that we choose not to pursue. The power inherent in AI solutions compels us to look beyond the question of Can we do this? to a discussion about whether we should. AI can be deployed in many areas, and with great effect, so we prioritize projects that have a clear opportunity to benefit society.The path forward demands a concerted effort from companies, particularly those with the resources and influence, to lead by example. It also requires AI partners who share the vision of using AI for initiatives that deliver real, positive impact.In the end, the true measure of AI for social good wont be in what AI can do, but in how it helps build a future where technology enhances and equalizes the human experience. The choices we make today -- whether in deploying AI for water conservation or expanding digital access -- will define AIs trajectory in shaping and achieving that future.Related:About the AuthorShaun Dippnall Chief Delivery Officer and Head of Enterprise AI, Sand TechnologiesShaun Dippnall is chief delivery officer and head of enterprise AI at Sand Technologies, a global AI solutions company with expertise in enterprise and industrial AI, and data science. Shaun has worked with enterprise AI for more than a decade because of his passion to change the world.See more from Shaun Dippnall Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

This story originally appeared in The Algorithm, our weekly newsletter on AI. To get stories like this in your inbox first,sign up here. Just a week in, the AI sector has already seen its first battle of wits under the new Trump administration. The clash stems from two key pieces of news: the announcement of the Stargate project, which would spend $500 billionmore than the Apollo space programon new AI data centers, and the release of a powerful new model from China. Together, they raise important questions the industry needs to answer about the extent to which the race for more data centerswith their heavy environmental tollis really necessary. A reminder about the first piece: OpenAI, Oracle, SoftBank, and an Abu Dhabibased investment fund called MGX plan to spend up to $500 billion opening massive data centers around the US to build better AI. Much of the groundwork for this project was laid in 2024, when OpenAI increased its lobbying spending sevenfold (which we were first to report last week) and AI companies started pushing for policies that were less about controlling problems like deepfakes and misinformation, and more about securing more energy. Still, Trump received credit for it from tech leaders when he announced the effort on his second day in office. I think this will be the most important project of this era, OpenAIs Sam Altman said at the launch event, adding, We wouldnt be able to do this without you, Mr. President. Its an incredible sum, just slightly less than the inflation-adjusted cost of building the US highway system over the course of more than 30 years. However, not everyone sees Stargate as having the same public benefit. Environmental groups say it could strain local grids and further drive up the cost of energy for the rest of us, who arent guzzling it to train and deploy AI models. Previous research has also shown that data centers tend to be built in areas that use much more carbon-intensive sources of energy, like coal, than the national average. Its not clear how much, if at all, Stargate will rely on renewable energy. Even louder critics of Stargate, though, include Elon Musk. None of Musks companies are involved in the project, and he has attempted to publicly sow doubt that OpenAI and SoftBank have enough of the money needed for the plan anyway, claims that Altman disputed on X. Musks decision to publicly criticize the presidents initiative has irked people in Trumps orbit, Politico reports, but its not clear if those people have expressed that to Musk directly. On to the second piece. On the day Trump was inaugurated, a Chinese startup released an AI model that started making a whole bunch of important people in Silicon Valley very worried about their competition. (This close timing is almost certainly not an accident.) The model, called DeepSeek R1, is a reasoning model. These types of models are designed to excel at math, logic, pattern-finding, and decision-making. DeepSeek proved it could reason through complicated problems as well as one of OpenAIs reasoning models, o1and more efficiently. Whats more, DeepSeek isnt a super-secret project kept behind lock and key like OpenAIs. It was released for all to see. DeepSeek was released as the US has made outcompeting China in the AI race a top priority. This goal was a driving force behind the 2022 CHIPS Act to make more chips domestically. Its influenced the position of tech companies like OpenAI, which has embraced lending its models to national security work and has partnered with the defense-tech company Anduril to help the military take down drones. Its led to export controls that limit what types of chips Nvidia can sell to China. The success of DeepSeek signals that these efforts arent working as well as AI leaders in the US would like (though its worth noting that the impact of export controls for chips isnt felt for a few years, so the policy wouldnt be expected to have prevented a model like DeepSeek). Still, the model poses a threat to the bottom line of certain players in Big Tech. Why pay for an expensive model from OpenAI when you can get access to DeepSeek for free? Even other makers of open-source models, especially Meta, are panicking about the competition, according to The Information. The company has set up a number of war rooms to figure out how DeepSeek was made so efficient. (A couple of days after the Stargate announcement, Meta said it would increase its own capital investments by 70% to build more AI infrastructure.) What does this all mean for the Stargate project? Lets think about why OpenAI and its partners are willing to spend $500 billion on data centers to begin with. They believe that AI in its various formsnot just chatbots or generative video or even new AI agents, but also developments yet to be unveiledwill be the most lucrative tool humanity has ever built. They also believe that access to powerful chips inside massive data centers is the key to getting there. DeepSeek poked some holes in that approach. It didnt train on yet-unreleased chips that are light-years ahead. It didnt, to our knowledge, require the eye-watering amounts of computing power and energy behind the models from US companies that have made headlines. Its designers made clever decisions in the name of efficiency. In theory, it could make a project like Stargate seem less urgent and less necessary. Thus far, DeepSeek doesnt seem to have sparked such a change in approach. OpenAI researcher Noam Brown wrote on X, I have no doubt that with even more compute it would be an even more powerful model. If his logic wins out, the players with the most computing power will win, and getting it is apparently worth at least $500 billion to AIs biggest companies. But lets rememberannouncing it is the easiest part. Now read the rest of The Algorithm Deeper Learning Whats next for robots Many of the big questions about AI-how it learns, how well it works, and where it should be deployedare now applicable to robotics. In the year ahead, we will see humanoid robots being put to the test in warehouses and factories, robots learning in simulated worlds, and a rapid increase in the militarys adoption of autonomous drones, submarines, and more. Why it matters: Jensen Huang, the highly influential CEO of the chipmaker Nvidia, stated last month that the next advancement in AI will mean giving the technology a body of sorts in the physical world. This will come in the form of advanced robotics. Even with the caveat that robotics is full of futuristic promises that usually arent fulfilled by their deadlines, the marrying of AI methods with new advancements in robots means the field is changing quickly. Read more here. Bits and Bytes Leaked documents expose deep ties between Israeli army and Microsoft Since the attacks of October 7, the Israeli military has relied heavily on cloud and AI services from Microsoft and its partner OpenAI, and the tech giants staff has embedded with different units to support rollout, a joint investigation reveals. (+972 Magazine) The tech arsenal that could power Trumps immigration crackdown The effort by federal agencies to acquire powerful technology to identify and track migrants has been unfolding for years across multiple administrations. These technologies may be called upon more directly under President Trump. (The New York Times) OpenAI launches Operatoran agent that can use a computer for you Operator is a web app that can carry out simple online tasks in a browser, such as booking concert tickets or making an online grocery order. (MIT Technology Review) The second wave of AI coding is here A string of startups are racing to build models that can produce better and better software. But its not only AIs increasingly powerful ability to write code thats impressive. They claim its the shortest path to superintelligent AI. (MIT Technology Review)

Plans for 357 homes at former gasworks site signed off after second staircase redesignFoster & Partners' revised plans for the former gasworks site in Fulham1/9show captionBerkeley has been given the green light for two residential towers in Fulham designed by Foster & Partners.The fourth phase of the Kings Road Park masterplan will consist of 357 homes in towers of 28 and 38 storeys sharing a seven-storey podium building.It is part of one of the largest regeneration projects in central London, which will see a total of 1,800 homes built across six phases on a former gasworks site containing one of the worlds oldest surviving gasholders.Hammersmith and Fulham councils backing for the application, which originally contained three towers, comes eight months after Berkeley was forced to redesign the scheme to add second staircases.Original plans for the wider masterplan were given outline approval in February 2019 but were hit by a number of delays and redesigns addressing its housing mix and section 106 agreement.The fourth phase, the only part of the scheme to include towers of substantial height were then hit by further delays earlier this year due to new fire safety requirements in residential buildings above 18m which are due to come into force next year.Foster & Partners redesign, submitted in June last year, cut one tower from the proposals, shortened one tower by one storey and increased its shoulder component from 27 to 32 storeys.Original plans for the fourth phase of the masterplan, featuring three towersRevised plans submitted last year cut one tower and expanded the remaining two1/2show captionThe smaller towers shoulder component was also increased by one storey, while the footprints of both buildings were increased to absorb floorspace lost from the scrapped third tower.Berkeley subsidiary St William has said there had been no overall loss of residential floorspace across the scheme due to the amalgamation of the three towers into two.The plans also include 1.9 acres of new parkland, which has been expanded by around 7% compared to the original application.The project team includes planning consultant Lichfields, landscape architect Gillespies, environmental consultant Buro Happold, MEP consultant WSP, facade engineer Wintech, daylight and sunlight consultant GIA and wind consultant Urban Microclimate.

City tower designed for Brookfield up before councillors on FridayThe office will be one of the tallest in the Citys main tower clusterRSHPs proposals for one of the City of Londons tallest office towers at 99 Bishopsgate are expected to be approved this Friday.The 54-storey scheme, part of the growing cluster of towers in the east of the Square Mile, has been recommended for approval by planning officers ahead of a planning committee meeting on 31 January.The tower is intended to act as a gateway into the rest of the Citys main tower clusterDesigned by Brookfield, and expected to be built by its subsidiary Multiplex, it will see the sites existing 28-storey 1970s building demolished to ground level and replaced by 99,000 sq m of commercial floorspace along with a separate six-storey cultural centre.It would also result in a significant transformation of the public realm around the crossroads between Bishopsgate and Wormwood Street, opening up a ground level pedestrian route underneath the building, similar to the open space beneath RSHPs other large City tower, the Cheesegrater.This space would host a new retail, food and drink hub at street level known as the City Market with seating areas, which is intended boost footfall in the area and act as a gateway into the rest of the tower cluster.City planners said the proposals exude architectural excellence and would provide an exceptional new addition to the edge of the cluster.The recommendation for approval comes despite objections by Historic England and St Pauls Cathedral, which have raised concerns about the height of the tower and its impact on protected views.Officers admitted the building would slightly and momentarily diminish the ability to appreciate St Pauls when viewed from the river but this harm was decisively outweighed by the schemes public benefits, including the cultural centre and market space.How the tower would look at street level, showing the proposed market spaceHistoric England said in its objection last November that the tower would create a cliff edge on the border of the cluster which would harm protected views of the grade I-listed cathedral, which is considered the most important heritage asset in the City.A total of 37 letters of objection to the scheme were received by the City against two letters of support.St Pauls Cathedral said in its objection that the tower would cause significant harm to the building and criticised the heritage assessment drawn up as part of the application as erroneous.The assessment submitted by the applicant is so deficient, we suggest, that the regulator should either undertake their own new assessment, or commission a more properly objective and professional evaluation, the cathedral said.The assessment claims that the buildings design, which includes a chamfered corner at roof level, creates a subtle step down at the edge of the cluster which reduced the towers impact on views of the cathedral.The project team for 99 Bishopsgate includes T&T Alinea on costs, AKT II on structural engineering, Ramboll on MEP services, Atelier 10 on sustainability, Momentum on transport, GIA on sunlight and wind, Trium Environmental Consulting on environment and Andy Sturgeon as landscape architect.Planning consultant DP9, communications consultant Kanda Consulting and heritage and townscape consultant The Townscape Consultancy are also on the team.

JCT Construct is a subscription-based contract drafting system with advanced editing features, enabling you to create and amend your JCT contracts in a secure, flexible, and easy-to-use online environment. Depending on the type of subscription chosen, JCT Construct also provides instant access to each JCT 2024 Edition contract, as soon as it is published.With JCT Constructs powerful tools, you can edit the JCT contract text itself, adding your own amendments, clauses, or other customised text. The system also features an intuitive Q&A-driven process to assist you in filling in your contract comprehensively.The JCT Construct system generates your contract in plain copy as well as a comparison document, making it possible to easily read the contracts and see all the changes from the published JCT text.Guest sharing supports collaborative working amongst those involved in the contract drafting to share drafts, to edit, and to see all the changes. Version-to-version comparison allows you to see any changes between draft versions and against the published JCT text, ensuring full transparency between the parties to the contract at all times.Key benefitsEasy to use, flexible, and secure online contract drafting.Access to each JCT 2024 Edition contract, as soon as it is publishedAdd your own amendments, clauses, and other customised text. Clause numbers, cross-references in the JCT text, and table of contents all update automatically.Guest sharing supports collaboration and enables all those involved in the drafting to share drafts, edit, and see all the changes.Create boilerplates so you can re-use your standard set of changes.Print draft contracts for review.Print final contracts for signing.Print comparison documents showing all changes against the published JCT text for full transparency.Learn more and choose your subscription at jctltd.co.uk/jct-construct 2025-01-28AJ Contributorcomment and share

The 56-year-old Dhaka-born architects proposal for the temporary structure in Kensington Gardens, London, will be the 24th in the gallerys ongoing series of annual architectural commissions, which began 25 years ago with Zaha Hadid (see full list of previous designers below) in 2000.Tabassumset up MTA in 2005 after a decade working for Dhaka-based studio URBANA, during which time the firm won international design competitions for the Independence Monument of Bangladesh and the countrys Museum of Independence.In 2016, she received the Aga Khan Award for Architecture for the Bait ur Rouf Mosque in Dhaka, and in 2021 Tabassum was awarded the Soane Medal in recognition of her pioneering work designing low-cost temporary homes for refugees and victims of climate change.AdvertisementMore on this topicMarina Tabassum completes demountable house for Vitra CampusTabassum teaches at several universities, including the Delft University of Technology in The Netherlands. In 2023, Tabassum held the Norman Foster Chair at Yale University.The concept for the 2025 Serpentine Pavilion, which has been titled A Capsule in Time, draws on the history and form of Shamiyana tents and awnings used for ceremonial occasions in South Asia, while honouring arched garden canopies found in the surrounding park.Set up on a north-to-south axis, the oblong-shaped pavilion features four wooden capsules, or arches, which will diffuse daylight and simultaneously provide shelter. The design also includes a kinetic element whereby one of the capsule elements can move and connect with another. In the middle, a courtyard space with a tree will align with the Serpentine Gallerys belltower. Source:Marina Tabassum Architects2025 Serpentine PavilionExplaining the teams approach to designing the pavilion, Tabassum said: When conceiving our design, we reflected on the transient nature of the commission, which appears to us as a capsule of memory and time. The archaic volume of a half-capsule, generated by geometry and wrapped in light semi-transparent material, will create a play of filtered light that will pierce through the structure as if under a Shamiyana at a Bengali wedding.Serpentine chief executive Bettina Korek and artistic director Hans Ulrich Obrist said: A Capsule in Time will honour connections with the Earth and celebrate the spirit of community. Built around a mature tree at the centre of the structure, Tabassums design will bring the park inside the Pavilion. Its kinetic dimension will also harken back to the levitating element of Rem Koolhaas & Cecil Balmond with Arups Serpentine Pavilion 2006.AdvertisementLast summers pavilion, designed by Seoul-born Mass Studies founder Minsuk Cho, featured five islands arranged around an open space, similar to the small courtyards found in traditional Korean houses. Source:Asif SalmanMarina TabassumSerpentine Pavilion history2025 Marina Tabassum2024 Mass Studies2023 Lina Ghotmeh2022Theaster Gates2021Counterspace2019Junya Ishigami2018Frida Escobedo2017Dibdo Francis Kr2016 BIG Bjarke Ingels2015SelgasCano2014Smiljan Radic2013Sou Fujimoto2012Herzog & de Meuron and Ai Weiwei2011Peter Zumthor2010Jean Nouvel2009Kazuyo Sejima and Ryue Nishizawa, SANAA2008Frank Gehry2007Olafur Eliasson and Kjetil Thorsen2006Rem Koolhaas and Cecil Balmond with Arup2005lvaro Siza and Eduardo Souto de Moura with Cecil Balmond, Arup2004 MVRDV with Arup (unrealised)2003Oscar Niemeyer2002Toyo Ito and Cecil Balmond with Arup2001Daniel Libeskind with Arup2000Zaha Hadid

Apple'sfoldable iPhonehas been floating around the rumor mill for years at this point. We'd tentatively hoped to see it launch during September's iPhone 16 event, but we were left disappointed. The rumors persist though and it's likely Apple will want to get in on the folding phone game at some point. Having tested, reviewed and photographed almost every foldable phone available since Samsung launched its first Z Fold back in 2019, I have some thoughts -- and words of caution -- for Apple as it gets closer to potentially unveiling an iPhone Flip.I've written before about why foldable phones have disappointed me and how Apple could be the company to give the category a boost. Because foldables really do need a boost. We've seen new foldables from Samsung, Google, Motorola, OnePlusand Xiaomi, but none of them have managed to get me especially excited. All those companies' new launches were just iterations of what they already had.Foldables are decent on the surface, but beyond the novelty of the bending display, they don't offer anything truly unique. The more Android companies that join the folding fray, the more concerned I've become that Apple could run into the same problem, with the iPhone Flip being a generic, redundant novelty. Watch this: When Is the iPhone Flip Going to Come Out? 08:04 A foldable iPhone needs to be more than just a regular iPhone with a screen that can bend.Here's what Apple needs to do.Focus on softwareUnfortunately, the foldable Android devices we've seen so far -- including the new Samsung Galaxy Z Fold 6 and Z Flip 6 -- are essentially just regular Android phones with flexible displays. The hardware is impressive, sure, but once you get over the novelty of a phone that bends in half it just becomes like any other phone. Except one you've paid a huge amount of money for.The problem is that while the folding hardware works well, the software is basically the same that you'd find on the non-folding versions of the phones. There are few adjustments for the larger displays in the core Android software and most third-party apps don't really take advantage of the format. As a result, I'm still waiting for that "oh wow" moment that makes me see the true value of a folding phone. The hardware on Samsung's Z Fold 6 has certainly evolved since the first Z Fold, but the software remains pretty underwhelming. Andrew Lanxon/CNETI had hoped that Google, as the maker of Android, would develop more software features that would make full use of the folding format with its Pixel Fold range. I do like the most recent Pixel 9 Pro Fold and think it's probably one of the best foldables out there. But there's no question that it still feels more like an exercise in keeping pace with the competition rather than a genuine attempt to innovate.Apple's deep developer relationships will hopefully play right into its hands here, with productivity, entertainment and gaming app producers likely poised and ready to create killer apps that show why foldable phones truly are the next step in our phone's evolution.Stand out from the crowdEven on the hardware side of things we're already seeing duplication in designs and form factors. Motorola's new Razr Plus is essentially the same as Samsung's Z Flip 6 and there's little to choose between the OnePlus Open, Google Pixel Fold and Galaxy Z Fold 6 beyond a few minor touches. Most of the foldables we've seen so far tend to look alike. John Kim/CNETApple needs to avoid a folding iPhone that just looks like a clone of existing Android foldables. It needs to stand out and reinforce why Apple is the champion when it comes to product engineering. Let's not forget that Apple didn't invent the mobile phone, but its top-class designers and engineers created a product with the first iPhone that completely revolutionized what a phone could be.Apple has time on its side here; by being late to the party and not rushing in with a "me too!" product, it's been able to see the progression of foldables from Samsung's first Z Fold, through to the more advanced models we have today. It's given the company an opportunity to bide its time and learn from others' mistakes and hopefully put that same spark that made the original iPhone so transformative into its first foldable.Don't skimp on the specs -- and then doA folding iPhone, if we ever get one, should be the showcase for what Apple can achieve with a phone. It needs to not just be cutting edge in terms of its design but also be packed with the latest, greatest tech the company has to offer elsewhere. That means it needs to be able to keep pace with the Pro models, not be a cut-down version that just happens to fold. The Galaxy Z Flip 6 is a nice bit of kit, but its hardware doesn't compete with Samsung's regular phones. Andrew Lanxon/CNETWe've seen this with many other foldables, including Samsung, which typically packs its folding phones -- especially the Z Flip line -- with lesser specs than you'd get from its top-end non-folding models. The result is that you're forced to pay top dollar for the bendable phone but still end up with lower performance than your friend who has a much cheaper phone than you.It's especially true with the cameras, with even Samsung's most expensive Z Fold 6 packing a camera setup that doesn't compete with the S24 Ultra. So you're left having to decide between the best camera performance or the best folding tech. Either way, you're having to make a compromise and that's not okay when you're spending well into four figures for the privilege.An Apple foldable needs to pack the same triple camera setup from the Pro line, along with ProRaw imaging and ProRes video capture. It needs to have the latest processor capable of handling anything you'll throw at it and it needs to be able to run Apple's new AI skills (Apple Intelligence) at least as well as any other phone the company makes. Until we get a real folding iPhone, we'll have to make do with my awful Photoshopped version. Andrew Lanxon/CNETSuch a device will cost a fortune, so Apple also needs a more affordable option that's aimed more towards those who simply want the fun of the hinge without all the bells and whistles. Why? Because it needs mass market appeal to get developers on board. A hyper-expensive elite iPhone Fold will have too few adopters early on, and so why would developers waste time dreaming up and producing apps for so few potential customers? On the other hand, just going for the cheap and fun model will make it seem like a toy. A gimmick that gets some headlines but isn't really for serious users.To truly dominate the market with developers on board, Apple will need to tackle both sides of the value equation.