Kategorie

A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests. "This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent

A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests. "This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent Newsroomhttp://www.blogger.com/profile/[email protected]

As companies are scramble to get ahead in the artificial intelligence (AI) arms race, one problem the face is finding and retaining AI talent.

For example, Meta has been extending job offers to candidates with AI experience without even interviewing them, and CEO Mark Zuckerberg went so far as to email researchers at Google’s DeepMind unit to recruit talent.

According to a recent study led by the Oxford Internet Institute, “AI skills are particularly valuable as they have high levels of skill complementarity, increasing worker wages by 21% on average.”

Foote Partners, a consulting and research firm, recently published its latest IT skills and pay index, which found, not surprisingly, that companies are paying premiums for workers with AI-related abilities.

Foote Partners recognizes 47 “critical A.I. skills,” and on average, employees who obtain those skills get a pay premium of 7% to 21%. Those premiums can come in different forms, including bonuses and cash compensation.

“This is cash paid out, not as a salary increase but in addition to salary,” said David Foote, chief analyst at Foote Partners. “In fact, 28 of these core AI skills can add between 15% and 21% in pay, well above the 9.6% average premium across all 632 non-certified skills we report. They are very hot right now.”

Cash premiums for skills such as AI chatbot app developer and large language model (LLM) tuning are paid out separately from salaries so that as needs are met and the value of those talents declines, the payouts can be reduced or eliminated.

“Perhaps the main difference with skills pay is, unlike a bonus, skills pay premiums are typically paid out at every pay period — same as salary — instead of a lump sum at the end of year, which is more common with bonuses,” Foote said.

In addition, more than a dozen AI-related certifications “are showing real market value strength,” he said. Those skills include prompt engineering, neural networks, AI engineer, AI scientist, and AI model optimization.

According to Foote, a Certified Artificial Intelligence Scientist earns the highest pay premium, ranging 8% to 12%, with the average being 10% of base salary equivalent,. The next highest cash pay premium in this cluster is for a Microsoft Certified: Azure AI Engineer Associate, who can earn 9% of base equivalent in skills premium pay.

Averaging 8% of base salary equivalent in skills pay premium are: SAS Certified Professional: AI and Machine Learning; IBM Certified Specialist — AI Enterprise Workflow V1; Artificial Intelligence Engineer (AIE – all tracks); and Google Professional Machine Learning Engineer certifications.

“We’ve been tracking some of these AI-related skills for many years, updating every 90 days,” Foote said. “Others have been recently added. So, given all the volatility in the marketplace for skills cash pay premiums, there have been remarkable changes over time ,including most recently.”

Foote Partner’s findings are echoed elsewhere. Freelance work platform Upwork, which recently published its 2024 list of most in-demand skills, found that the rise of AI — especially generative AI in the last couple of years — has changed the top skills businesses seek from independent professionals. In particular, generative AI modeling, machine learning and data analytics are the top three fastest-growing data science and analytics skills, as well as among the most in-demand skills.

“In particular, skills in key programming languages commonly used in the development of AI — Python, Java, and SQL — rank among the top five most sought-after skills on the technical side in the US,” Ya Xu, head of data and AI at LinkedIn, said in a blog post.

Machine learning skills can command at least a 10% premium compared to the average tech worker, according to a survey conducted at the end of 2023 by tech staffing firm Dice. “But this is a fast-moving market where the demand is growing rapidly,” said Art Zeile, CEO of Dice. “I predict that this premium will only continue to grow as the gap between supply and demand for AI talent grows, and offering benefits such as continuous professional development and training will be key to retaining this top talent.”

A key differentiator in the job interview process now involves how a tech professional has upskilled themselves in the face of the growing demand for AI, Zeile noted.

“Now is the time to ensure that their skill sets encompass [LLM] theory and programming architecture, areas that may have been overlooked or haven’t been delved into fully,” he said. “Recruiters are looking for tech professionals who are quick on their feet and able to adapt to changes with agility and curiosity.”

In January 2023, AI or machine learning-related skill sets were referenced on 9% of tech job postings. Just over a year later, in February 2024, that figure had climbed to nearly 14% of all tech job postings, according to Zeile.

“As AI continues to evolve, its impact on organizations will be most prominent in key departments such as research and development, data analytics, and operations,” Zeile said.

To secure top AI talent in these areas, Zeile advised that companies:

• Invest in comprehensive recruiting strategies that show a full understanding of what a particular AI role actually requires — whether it’s machine learning, Python, or data science skills for tech jobs, or other content-centric skills such as copy writing and graphic design. 
• Establish competitive salaries and provide opportunities for professional growth and development. 
• Offer flexibility in the form of hybrid/remote work environments. Dice’s 2023 Tech Sentiment Report noted that remote work remains very important to tech professionals: 73% of those surveyed said it is “extremely” or “very” important to have the opportunity to work remotely at least three days a week.

While Amazon, Google, Meta and Microsoft are among the top 15 companies hiring for AI talent right now, according to Dice, there are a variety of factors tech pros must consider determining if Big Tech is right for them.

“While these Big Tech companies offer many opportunities for individuals with AI skills, candidates should also consider startups and other industries that align with their career goals and work/life balance preferences that would also still give them the ability to learn and flex their AI muscles,” Zeile said.  “Ultimately, it is up to tech professionals to decide what companies most align with their values and what kind of industries they want to work in.”

Startups, Zeille said, often provide more room for innovation and growth, but may have less rigorous AI programs in place. At the same time, compensation at Big Tech companies might be higher, but work/life balance lower. Once a candidate has decided what is important to prioritize in their future role, they can job search accordingly. 

Generative AI, IT Jobs, IT Skills

Atlassian has developed a new search tool  —  Atlassian  Rovo — that can surface data from a variety of third-party apps. Rovo, currently in preview, provides a chatbot interface to help workers access information across their organization,and even decipher workplace jargon. 

“Atlassian Rovo is designed to unlock knowledge discovery and accelerate action across the organization,” said Jamil Valliani, head of product AI at Atlassian. “Think of Rovo as a large knowledge model for your company that allows team members to move and act faster.”

There are three key elements to Rovo: Search, Chat, and Agents. 

Rovo Search expands on existing search functions in Atlassian apps, with the ability to access documents from a range of external sources in addition to data held in tools such as Jira and Confluence. This means surfacing information in third-party productivity tools such as Slack, Microsoft Teams, Figma and GitHub, as well as file storage platforms such as Google Drive and Microsoft SharePoint.  

Atlassian Rovo can help surface information and answer questions about technical jargon based on access to coporate documents.

Atlassian

Atlassian also plans to let Rovo access data from in-house applications, including finance or HR apps.

One way to access Rovo search is via the search bar in various Atlassian apps. A list of search results containing related documents is presented, as well as more detailed “knowledge cards” that present information relating to a project, for instance, or a team. Here, the knowledge card might contain links to related files, as well as information on project status, listed contributors, and more.  

Rovo Search can also learn and explain unfamiliar jargon specific to an industry or individual business based on the organization’s documents. This enables Rovo to provide definitions for acronyms and terms that appear within a Confluence document, for exam-le. It’s proved to be a popular feature, Atlassian said, and is used by three-quarters of staff testing Rovo. 

A semantic search function helps teams “connect with what they are looking for,” said Julie Mohr, principal analyst at Forrester, as well as “knowledge they didn’t know existed.” This helps employees “work the way they want to work with a comprehensive set of expressive tools — from video to pages, structured and unstructured, it is all knowledge,” she said. 

Another way to search for information is via Rovo Chat. Similar to the conversational interfaces in Microsoft’s Copilot, OpenAI’s ChatGPT, and others, the chatbot responds to user questions in natural language, with answers based on data held in documents across an organization. Links are provided to the original source.

Atlassian Rovo Chat uses genAI and a chatbot interface with natural language processing to deliver information to users.

Atlassian

Another aspect of Rovo that relies on generative AI is the addition of workflow automation “agents.” Accessible via the Rovo Chat sidebar, the Rovo Agents are tailored to a specific task. For instance, Rovo Agents can be designed to generate and review marketing content, collate feedback from various sources, or streamline processes such as clearing up Jira backlogs and organizing Confluence pages. 

Users can create their own Rovo Agents using a no-code text interface or Atlassian’s Forge app development platform. Atlassian expects there will be around 20 pre-built agents available when Rovo launches. 

Canva’s design software is an example of an Atlassian partner building its own agent. “There’s going to be a Canva agent that helps with generating simple artwork for social media posts, things that you don’t need an expert designer to do,” said Valliani. 

Atlassian Rovo agents are tailored to specific tasks and can include agents built by third-party vendors.

Atlassian

“Generative AI  has so much potential in knowledge management,” said Mohr. “Atlassian is taking the power of Confluence and improving those capabilities with sound knowledge management practices combined, with new features that take advantage of genAI.”

Making it easier to access information across an organization also means there’s potential for users to access sensitive documents. Atlassian said Rovo will respect permissions around the content it has access to, with restricted data in third-party apps remaining private.

As with any API or integration, businesses should assess risks when connecting to external systems and ensure that adequate permissions are in place around documents, said Mohr. But those risks shouldn’t put businesses off from widening access to information held across their organization, she said.

“[T]hink of all the undiscovered knowledge, all the ideas that are locked up in folders and private stores,” said Mohr. “There is a cultural change that needs to take place, where people as well as the systems understand the value of free access to knowledge.” 

Opening employee access to a wider range of information can “empower more collaboration and learning,” said Mohr, with businesses able to restrict access “when it is genuinely needed for regulatory or compliance purposes.”

Atlassian customers can join a waitlist to access Rovo in beta. The general availability date hasn’t yet been announced. 

Rovo will be sold as an add-on alongside cloud editions of Atlassian products, with a flexible pricing model based on unique users. More details will be announced at the general availability launch.

Atlassian, Chatbots, Generative AI, Productivity Software, Vendors and Providers

Hot on the heels of Jamf’s introduction of new compliance tools for Apple admins, Mosyle and Fleet have rolled out improvements to their own competing device management offerings.  

What all these solutions have in common is that they meet an enterprise market that is rapidly adopting Macs, iPads, and iPhones, prompting fast-paced service enhancements across the Apple device management industry.

Like art, business technology also seems set on reflecting life. “Apple Macs, iPhones, and iPads are now commonly used as productive business tools in enterprises across many industries,” said Phil Hochmuth, IDC research vice president for endpoint management and enterprise mobility. Apple itself understands this, and now offers a wide array of services and training for business users.

The growing Apple enterprise pie

“IT organizations are increasingly required to deliver a cohesive Apple experience to end users across multipole device types, while providing deep integration to enterprise applications and IT infrastructure platforms,” Hochmuth said. “Apple-focused UEM and device management tools can help organizations keep these devices managed and secure.”

That’s true, and it’s also correct to believe vendors in the space are competing for a big slice of the IT spending pie. IDC predicts global IT and business services revenues will reach $1.28 trillion this year; while Apple device management and security solutions represent only a few drops of that spend, those drops are worth a lot. With increasing focus on managed device, zero-trust security, managed services, and integrated administration tools, Apple’s MDM partners can’t resist the opportunity.

That’s the situation we find ourselves in, so what’s new from Mosyle and Fleet?

Mosyle aims at managed service providers

Unashamedly aimed at managed service providers (MSPs), Mosyle Fuse MSP combines five management and security tools in one bundle. The tools include those for device management, endpoint security, internet privacy and security, identity, and application management.

In use, these tools let MSPs set and automatically apply policies across all their customers from one place. Mosyle also says it’s possible to break out individual service components when required — so VPN profiles can be managed separately from Apple Push Certificates, for example. Billing has also been simplified to ensure MSPs only pay for licenses their customers actually use. More information on the combined package is available here.

“Mosyle is committed to growing the Apple ecosystem and helping MSPs scale,” Alcyr Araujo, founder and CEO at Mosyle, said in a statement. “Mosyle Fuse MSP is designed to accomplish both — delivering an automated and scalable platform for MSPs that offers comprehensive security and management for Apple-focused customers across the globe.”

Fleet simplifies multi-platform fleet management

A relatively new entrant to the market, Fleet’s USP sits in its open-source roots and its positioning as a device management solution for multiple operating systems, including Apple, Windows, and Linux.

Fleet’s Maintenance Window feature is designed to take the pain away from system upgrades on managed devices by figuring out the optimal time to apply updates through analysis of an employee’s own work calendar. The idea here is that when IT pushes an update at their fleet — Apple, Windows, or Linux — the system will not interrupt workflow or tie a computer up at the worst possible time.

That means your computer won’t restart to install something in the middle of a meeting or just before an important client appointment. “We’ve heard the complaints loud and clear and are doing something about one of the biggest problems in workplace productivity — disruptions caused by forced, unplanned OS updates,” said Fleet CEO Mike McNeil.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, iOS, Mobile Device Management, Mobile Security

A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet market. The findings come from Elliptic in collaboration with researchers from the&

A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet market. The findings come from Elliptic in collaboration with researchers from the&Newsroomhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol to secure its C2 communications. "Wpeeper is a typical backdoor Trojan for Android

Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol to secure its C2 communications. "Wpeeper is a typical backdoor Trojan for Android Newsroomhttp://www.blogger.com/profile/[email protected]

There’s a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you’ve got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard,

There’s a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you’ve got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard, The Hacker Newshttp://www.blogger.com/profile/[email protected]

The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and innovation in open-source OSes. As security practitioners and Linux administrators, we always seek stable and innovative operating systems that can meet our needs while keeping our systems secure.

The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected several versions of Ubuntu and could potentially lead to server disruption and injection of malicious code.

The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it's based on, indicating that it's being actively developed. "The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the original infection," Zscaler ThreatLabz researcher Santiago

The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it's based on, indicating that it's being actively developed. "The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the original infection," Zscaler ThreatLabz researcher Santiago Newsroomhttp://www.blogger.com/profile/[email protected]

No matter what type of Android phone you carry or how you usually use it, one thing is a near-universal constant:

You’re gonna spend a ton of time messing with messages.

The messages may be from clients, colleagues, or your cousin Crissy from Cleveland (damn it, Crissy!). But regardless of who sends ’em or what they’re about, they’re all popping up on your phone and cluttering your weary brainspace.

My fellow Android adorer, I’m here to tell you there’s a better way.

Google’s Android Messages app has gotten surprisingly good over the years. That’s no big secret. If you only rely on what you see on the surface, though, you’re missing out on some of Messages’ most powerful and underappreciated efficiency-enhancing options.

[Hey: Want even more advanced Android knowledge? Check out my free Android Shortcut Supercourse to learn tons of time-saving tricks for your phone!]

Today, we’ll explore the Android Messages app’s most effective out-of-sight superpowers. They may not be able to cut down on the number of messages you send and receive on your phone (DAMN IT, CRISSY!), but they will help you spend less time fussing with ’em. And they might just help you have a more pleasant experience, too.

Let’s dive in, shall we?

(Before you splash forward, take note: The tips on this page are all specific to the Google Messages app, which isn’t the same as the superfluous and wildly unnecessary Messages apps made by the likes of Samsung, OnePlus, and Verizon and baked into devices associated with those companies. If you’re using a phone where the Android Messages app wasn’t preinstalled or set as the default, you can download it from the Play Store and give it a whirl. You might be pleasantly surprised by what you find.)

Android Messages trick #1: Custom notifications for important people

We’ll start with what might be my favorite little-known trick within Google’s Android Messages app: With a couple quick adjustments, you can turn any of your contacts’ faces into a custom notification icon. That icon will then show up at the top of your phone whenever that person messages you for extra-easy visibility and access.

See?

A quick bit of simple setup, and bam: Anyone’s face can become their notification icon (for better or for worse!) on your phone.

JR Raphael, IDG

The only catch is that your phone needs to be running 2020’s Android 11 operating system or higher for the feature to be available. (And honestly, if your phone isn’t running Android 11 at this point, you’ve got bigger fish to fry, Francesco.) Also, Samsung has screwed around with this system for no apparent reason — a frustratingly common theme with Samsung’s heavily modified approach to Android, especially as of late — so you may or may not be able to take advantage of this on a Galaxy gadget, depending on how recently its software has been screwed up updated. (Exaggerated sigh. What more can I say?!)

On any reasonably recent Android device that sticks close to Google’s core Android interface, though, here’s how to make the magic happen:

• The next time you get a message from someone, press and hold your finger to the notification.
• That’ll pull up a screen that looks a little somethin’ like this:

Android’s Priority conversation setting is the key to creating custom notifications that really stand out.

JR Raphael, IDG

• Tap the “Priority” line, then tap “Apply” to save the changes.

And that’s it: The next time that person messages you, you’ll see their profile picture in place of the standard Messages icon in your status bar, and the notification will show up in a special section above any other alerts.

Hip, hip, hoorah!

Android Messages trick #2: Important contact prioritizing

Ever wish you could keep your most important messaging threads at the top of the list for easy ongoing access?

Poof: Wish granted. No matter what kind of Android phone you’re holding or how needlessly meddled with its software may be, just hold your finger onto the conversation in question on the main Messages app screen, then tap the pushpin-shaped icon in the app’s upper bar.

You can pin up to three conversations that way, and they’ll always appear above all other threads in that main inbox view.

Android Messages trick #3: Swift appointment scheduling

The next time you’re working to plan a meeting or event with a fellow Homo sapien in Messages, make yourself a mental note of this:

Anytime someone sends you a message that includes a specific date and time, the Messages app will underline that text. See it?

That underlined time is a covert link from an incoming message to your Android calendar agenda.

JR Raphael, IDG

You’d be forgiven for failing to realize, but you can actually tap that underlined text to reveal a shortcut for opening that very same day and time in your Android calendar app of choice. It’s a great way to get a quick ‘n’ easy glimpse at your availability for the time you’re discussing.

And if you then want to create a calendar event, just look for the “Create event” command that should appear right below that very same message. That’ll fire up a new calendar event for you on the spot, with the appropriate day and time already filled in.

That button to the left of the text suggestions is a spectacular time-saver for on-the-fly event creation.

JR Raphael, IDG

Don’tcha just love simple step-savers?

Android Messages trick #4: Seamless message scheduling

If you’re ready to hammer out a response to a message right now but don’t want your reply to be sent for a while, follow the advice shared by a reader in my Android Intelligence newsletter recently and simply schedule your message for some specific future time.

The Android Messages app’s scheduling system is spectacularly useful. You can rely on it for setting reminders to be sent to clients, business-related messages to be pushed out the next morning, or context-free middle-finger emojis to be delivered to your cousin in Cleveland at ungodly hours in the middle of the night.

To tap into this productivity-boosting power, just type out your message normally — but then, instead of tapping the triangle-shaped send icon at the right of the composing window, press and hold your finger onto that same button when you’re done.

No reasonably sane person would possibly realize it, but that’ll pull up a hidden menu for selecting precisely when your message should be sent.

Send any message, anytime — no matter when you actually write it.

JR Raphael, IDG

And the person on the other end will have no way of even knowing you wrote the thing in advance.

Android Messages trick #5: Important message saving

When you run into a message you know you’ll want to reference again, save yourself the trouble of trying to dig it back up later and instead star it on the spot to make it fast as can be to find in the future.

It couldn’t be much easier to do: Whilst viewing an individual message thread, just press and hold your finger onto the specific message you want to save, then tap the star-shaped icon that appears in the bar at the top of the screen.

Then, when you want to find the message again, tap the search icon at the top of the main Messages screen and select “Starred” from the menu that comes up. That’ll show you every message you’ve starred for exceptionally effortless resurfacing.

Android Messages trick #6: Advanced message searching

Speaking of that Messages search system: Starring is sublime, but sometimes, you need to dig up an old message that you didn’t go out of your way to save.

The Android Messages app makes that even easier than you might realize. Tap that same search icon at the top of the app’s main screen — and in addition to searching your entire history message for any specific string of text, take note:

• You can start typing out the name of anyone in your contacts, then select them from the suggestion that appears — and then type in some text to look for something specific only within messages from that one person.
• You can use the options within the main Messages search screen to look specifically at images, videos, locations, or links people have sent you.
• And you can combine any of those variables for even more granular finding — looking for links you sent to a particular client, for instance, or locations an out-of-town colleague sent to you.

The Android Messages app’s search system is chock-full of helpful info.

JR Raphael, IDG

How ’bout them apples?!

Android Messages trick #7: Easier-to-read text

File this next Android Messages feature under “accidental discoveries”: The next time you find yourself squinting at something in a messaging thread on your phone, try a good old-fashioned zoom gesture on the screen — placing your finger and thumb together and then spreading ’em slowly apart.

You’d never know it, but the Messages app supports that standard gesture for zooming into a conversation. The inverse applies, too: When you’re ready to zoom back out and make everything smaller, just bring your two fingers closer together.

And if those actions aren’t working for you, tap your profile picture in the upper-right corner of the main Messages screen and select “Messages settings,” then make sure the toggle next to “Pinch to zoom conversation text” is in the on position.

Android Messages trick #8: Custom conversation colors

While we’re thinking about easier reading, a brand spankin’ new Android Messages trick that’s trickling out as we speak can let you create a custom color palette for any conversations you’ve got goin’.

That way, you can always remember that texts with your significant other are in, say, purple, whereas messages with your most important client are in red. (Best not to get those two threads confused.)

This one works only with messages sent using the modern RCS messaging platform, which basically means messages involving other people on Android at this point (though that will allegedly expand to include iFolk soon — if Apple actually follows through on its years-late promise to stop deliberately dumbing down messages between iPhone users and people on other platforms).

With any currently supported conversation, though, open up the thread within Messages — then:

• Tap the three-dot menu icon in the screen’s upper-right corner.
• Select “Change colors” from the menu that appears. (And if you aren’t seeing it yet, even in an RCS-enabled conversation, give it a few days and check back again. This one’s actively rolling out right now, so it should reach you soon — if it hasn’t already!)
• Pick the color scheme you prefer, then tap the Confirm button at the bottom.

Every Android Messages conversation can have its own distinctive color, if you take the time to set it up.

JR Raphael, IDG

Repeat for any other compatible conversations, and you’ll always know exactly what you’re looking at even with a fast glance — and without having to give it an ounce of active thought.

Android Messages trick #9: Enriched inline media

You know a fantastic way to waste time? I’ll tell ya: moving from one app to another just to glance at something someone sent you (like those blasted Bangles video Crissy is always blasting your way).

Well, get this: Google’s Android Messages app can let you preview and even watch entire YouTube videos without ever leaving your current conversation — and it can give you helpful previews of web links right within the app, too.

The key is to make sure you’ve got the associated options enabled:

• Tap your profile picture in the upper-right corner of the main Messages screen.
• Select “Messages settings,” then tap “Automatic previews.”
• Make sure the toggle next to “Show all previews” is on and active.

Now, the next time someone sends you a video link, you’ll see the video’s thumbnail and description right then and there, within the Messages conversation:

Videos expanded in-line within Messages — easy peasy.

JR Raphael, IDG

With web pages, Messages will show you just enough of a preview to let you make an educated decision about whether you want to tap the link or not.

Web links gain useful extra context once you enable the right option within the Android Messages settings.

JR Raphael, IDG

Almost painfully sensible, wouldn’t ya say?

Android Messages trick #10: Smarter shortcuts

If I had to pick the simplest Android Messages trick for enhancing your efficiency, it’d be embracing the built-in shortcuts Google gives us for faster message actions.

From the main Messages screen, you can swipe left or right on any message to perform an instant action — archiving the conversation, permanently deleting it, or toggling it between read and unread status.

All you’ve gotta do is mosey your way back into the Messages app’s settings areas and tap on the “Swipe actions” item to set things up the way you want…

Step-saving swipes within Messages — now available for your customization.

JR Raphael, IDG

…and then, just remember to actually use those gestures moving forward. (That part’s on you.)

Android Messages trick #11: Automated cleanup

Certain services love to send confirmation codes via text messaging when you sign in or try to perform some action. It may not be the most advisable or effective form of extra security, but — well, it’s better than nothing. And for better or for worse, it’s a pretty common tactic.

Core security considerations aside, the most irksome part of these confirmation codes is having ’em clutter up your messages list at every Goog-forsaken moment. But the Google-made Android Messages app can actually take care of that for you, without any ongoing effort — if you take about 20 seconds to make the right tweak now.

Here’s the secret:

• Tappity-tap that comely character in the upper-right corner of the main Messages screen (y’know, the one whose appearance has a striking resemblance to your oversized head).
• Tap “Messages settings” in the menu that comes up, then select “Messages organization.”
• Within that curiously created section, you’ll see only one option: “Auto-delete OTPs after 24 hrs.” OTP may not exactly be an everyday, universally known abbreviation, but fear not — for it isn’t an erroneous reference to an early 90s rap hit with equally ambiguous meaning. Nope: It stands for one-time password, which is the same thing we’re thinking about here.
• Flip that toggle into the on and active position, then flip a finger of your choice to all the confirmation codes in your messages list and rest easy knowing they’ll be auto-purged a day after their arrival from that point forward.

Who’s down with OTP? Every last homie. (I apologize.)

Android Messages trick #12: Instant reactions

Slack-style reactions may seem silly on the surface, but they serve an important communication purpose in allowing you to quickly acknowledge a message without having to carry the conversation on further. Whether it’s a thumbs-up, a clapping hands symbol, or even perhaps an occasional burrito emoji, it really can be a handy way to say “Yup, got it” (or “Yup, want beefy goodness”) without having to use a single word.

You probably know you can summon a reaction within the Android Messages app by pressing and holding a specific message within a conversation and then selecting from the list of available emoji options — right? But beyond that, Messages packs an even faster way to issue a reaction in the blink of an eye.

And here it is: Simply double-tap your finger onto any individual message within a conversation. That’ll apply the heart reaction to it without the need for any long-press or symbol selection.

It’d be nice if there were a way to customize which reaction is used for that action by default — so that, obviously, we could all change it to the burrito emoji, since that’s what any sane person uses most often — but if and when a heart will do the job, now you’ve got a super-easy way to bring it into any conversation with a fast finger tap.

Android Messages trick #13: Less annoying iPhone interactions

Last but not least in our list of magnificent Messages enhancements is something specific for your conversations with the Apple-adoring animals in your life. And it relates to those very same sorts of reactions we were just going over.

One obnoxious side effect of Apple’s “no one exists outside of iOS” mentality, y’see, is the way the iPhone’s equivalent of those reactions show up on Android. Plain and simple, they show up as — well, plain and simple text messages, instead of coming through as reactions.

Surely you’ve encountered this, right? Those pointless messages you get from iGoobers that say stuff like “Loved ‘Please stop texting me, Crissy'”?

Well, get this: Google’s Android Messages app is actually able to intercept those absurd platform-specific reactions and turn ’em into standard reactions instead of plain-text interruptions. And it’ll take you all of 12 seconds to enable the option:

• Head back into the Messages app’s settings.
• Tap “Advanced.”
• Look for the line labeled “Show iPhone reactions as emoji” and make sure the toggle next to it is in the on position.

All that’s left is to breathe a heavy sigh of relief — and to send Crissy a well-deserved burrito reaction.

Hey: Don’t let the learning stop here. Get six full days of advanced shortcut knowledge with my free Android Shortcut Supercourse. You’ll discover tons of time-saving tricks!

Android, Google, Messaging Apps, Mobile Apps, Smartphones

For all of the promise of LLMs (large language models) to handle a seemingly infinite number of enterprise tasks, IT executives are discovering that they can be extremely delicate, opting to ignore guardrails and other limitations with the slightest provocation. 

For example, if an end user innocuously — or an attacker maliciously — inputs too much data into an LLM query window, no error message is returned and the system won’t seemingly crash. But the LLM will often instantly override its programming and disable all guardrails. 

“The friction is that I can’t add a bazillion lines of code. One of the biggest threats around [LLMs] is an efficient jailbreak of overflow,” said Dane Sherrets, a senior solutions architect at HackerOne. “Give it so much information and it will overflow. It will forget its systems prompts, its training, its fine-tuning.” (AI research startup Anthropic, which makes the Claude family of LLMs, wrote a detailed look at this security hole.) 

Consider the case of a publicly held company that has to severely restrict access to not-yet-reported financials. Or a military contractor that needs to limit access to weapons blueprints to those with a specific clearance level. If an LLM becomes overloaded and ignores those restrictions, the consequences will be severe.

And that’s just one of the ways that LLM guardrails can fail. These systems are generally cloud-based, controlled by the vendor who owns the license to those particular LLM algorithms. A few enterprises (weapons manufacturers working for the government, for example) take the LLM code and solely run it on-premises in an air-gapped environment, but they are the rare exceptions.

IT leaders deploying LLMs have uncovered other subtle but serious flaws that put their systems and data at risk and/or fail to deliver useful results. Here are five major LLM issues to be aware of — and avoid — before it’s too late.

LLMs that see too much

One massive flaw in today’s LLM systems — which Microsoft acknowledged on March 6 when it introduced a new SharePoint feature for use with its Copilot LLM — is the ability to access a wide range of SharePoint files that are not intended to be shared. 

With Copilot, “when you enable access for a user, it replicates the access that they have. It can then access anything that they have access to, whether they know it or not,” said Nick Mullen, the IT governance manager for a Fortune 500 insurance company.

“The SharePoint repository runs in the background, but it also has access to anything that is public in your entire ecosystem. A lot of these sites are public by default,” said Mullen, who also runs his own security company called Sanguine Security.

Available in public preview, the new feature is called Restricted SharePoint Search. Microsoft says the feature “allows you to restrict both organization-wide search and Copilot experiences to a curated set of SharePoint sites of your choice.”

The current default option is for public access. According to Microsoft’s support documentation, “Before the organization uses Restricted SharePoint Search, Alex [a hypothetical user] can see not only his own personal contents, like his OneDrive files, chats, emails, contents that he owns or visited, but also content from some sites that haven’t undergone access permission review or Access Control Lists (ACL) hygiene, and doesn’t have data governance applied.” Because Alex has access to sensitive information (even if he’s not aware of it), so does Copilot.

The same problem applies to any corporate data storage environment. IT must thoroughly audit users’ data access priveleges and lock down sensitive data before allowing them to run queries with an LLM.

LLMs with the keys to the kingdom

Part of the problem with LLMs today is that they are often unintentionally given broad or even unlimited access to all enterprise systems. Far worse, Mullen said, is that most of the current enterprise defensive systems will not detect and therefore not block the LLM, even if it goes rogue. 

This means that enterprises have “the most powerful and intuitive search engine that can search across everything,” he said. “Historically, that type of internal scanning would fire off an alert. But LLMs are different. This is an entirely new threat vector that is extremely difficult to detect. EDR [endpoint detection and response] is not going to pick it up because it’s behaving as expected. Right now, there is not a good way to secure that. Depending on who is compromised, an attacker could gain access to a treasure trove.”

Added Mullen: “LLMs are very temperamental, and people are getting a little bit ahead of themselves. The technology is so new that a lot of the risks are still unknown. It’s a scenario where it’s not going to be known until you see it. It’s the law of unintended consequences. [IT is] turning [LLMs] on and giving them access to an insane amount of resources, which should give every organization pause.”

Artur Kiulian, the founder of PolyAgent, a nonprofit research lab focused on AI issues, sees many enterprises embracing LLMs too quickly, before the proper controls can be put into place.

“Most enterprises that are implementing LLMs are at the stage of experimentation,” Kiulian said. “Most companies use the guardrails of prompt engineering. It’s not enough. You need permission-based controls. Most enterprises are simply not there yet.”

HackerOne’s Sherrets agreed with how risky LLMs are today: “It can interact with other applications. It’s terrifying because you are giving black box control over doing things in your internal infrastructure. What utilities is the LLM touching?”

David Guarrera, a principal with EY Americas Technology Consulting who leads GenerativeAI initiatives, is also concerned about the risks posed by early enterprise LLM deployments. “There are a lot of new emerging attacks where you can trick the LLMs into getting around the guardrails. Random strings that make the LLM go crazy. Organizations need to be aware of these risks,” Guarrera said.

He advises enterprises to create isolated independent protections for sensitive systems, such as payroll or supply chain. IT needs “permissions that are handled outside of the LLM’s [access]. We need to think deeply how we engineer access to these systems. You have to do it at the data layer, something that is invisible to the LLM. You also need to engineer a robust authentication layer,” he said.

LLMs with a civil service mentality

Another concern is trying to program LLMs to manage need-to-know rules, the idea that the system will restrict some data, sharing it only with people with certain roles in the company or who work in specific departments.

This runs into what some describe as the civil service mentality problem. That is where someone is trained on the rules and might even memorize the rules, but they are not trained on why the rules were initially created. Without that background, they can’t make an informed decision about when an exception is warranted, and they therefore tend to interpret the rules strictly and literally.

That is also true for LLMs. But much sensitive enterprise data is not nearly that binary.

Take the earlier example of the finances of a publicly held company. It is true that data about unannounced finances for this quarter have to be restricted to a handful of authorized people. But has the LLM been programmed to know that the data is instantly world-readable as soon as it is announced and filed with the SEC? And that only the data reported is now public, while unreported data is still proprietary?

A related issue: Let’s say that it is crunch time for the finances to be prepared for filing, and the CFO asks for — and is granted — permission for an additional 30 people from different company business units to temporarily help with the filings. Does someone think to reprogram the LLM to grant temporary data access to those 30 temporary resources? And does someone remember to go back and remove their access once they return to their regular roles?

Unrecognized glitches

Another LLM concern is more practical. Veteran IT managers have many years of experience working with all manner of software. Their experience teaches them how systems look when they crash, such as slowing down, halting, generating error messages, and throwing out screens of garbage characters. But when an LLM glitches — its version of crashing — it doesn’t act that way.

“When traditional software is broken, it’s obvious: screens don’t load, error messages are everywhere. When [LLM] software is broken, it’s much more opaque: you don’t get glaring errors, you just get a model with bad predictions,” said Kevin Walsh, head of artificial intelligence at HubSpot. “It may take weeks or months of having the LLM out in the real world before hearing from users that it’s not solving the problem it is supposed to.”

That could be significant, because if IT doesn’t recognize that there is a problem quickly, its attempts to fix and limit the system will be delayed, possibly making the response too late to stop the damage.

Because LLMs fail differently and in far more hidden ways than traditional software, IT needs to set up far more tracking, testing, and monitoring. It might be a routine assignment for someone to test the LLM each morning.

Unrealistic expectations

Allie Mellen, principal analyst for SecOps and AI security tools at Forrester says there is an inaccurate perception of LLMs, often because LLMs do such a persuasive job of impersonating human thought.

“We have this flawed perception of generative AI because it appears more human. It can’t have original thoughts. It just anticipates the next word. The expectation that it can write code is way overblown,” she said.

LLMs need to handled very carefully, she added. “There are many ways around the guardrails. An individual might come up with a slightly different prompt” to get around programmed restrictions, she said.

IT “must focus on what can realistically be implemented in realistic use cases,” Mellen said. “Don’t treat it as though LLMs are hammers and all of your problems are nails. The [LLM] capabilities are being oversold by most of the business world — investors and executives.”

Generative AI, IT Operations

Both Windows 11 and Windows 10 are full of advertisements and other Microsoft-provided messages that pop up seemingly everywhere and can get in the way of your day-to-day routines. And then there are things that aren’t exactly ads — noisy notifications about viral online articles on MSN, for instance, where Microsoft gets a cut of the advertising. 

Want to get rid of all the annoying ads and pop-ups you can? After a few tweaks, Windows will quiet down and stop bothering you so much when you’re trying to get work done. (Alas, Microsoft doesn’t make it possible to turn off everything, so don’t be surprised if you still see a few surprises even after following this guide.) 

I’ve got so many more useful PC tips and tricks to share with you! Sign up for my free Windows Intelligence newsletter — three things to try every Friday. Plus, get free copies of Paul Thurrott’s Windows 11 and Windows 10 Field Guides (a $10 value) for signing up. 

Disable Start menu ads

Windows 11 is getting advertisements for apps in its Start menu — something Windows 10 PCs already have. To avoid seeing these: 

• In Windows 11, open the Settings app and head to Personalization > Start. Turn off “Show recommendations for tips, shortcuts, new apps, and more.” 
• In Windows 10, open the Settings app and head to Personalization > Start. Turn off “Show suggestions occasionally in Start.”  

Get rid of notification ads and full-screen prompts 

Windows might sometimes send you notification pop-ups with “tips and suggestions.” These tips can include recommendations to use Microsoft Edge and messages pushing the Microsoft Rewards points program. Additionally, Windows sometimes shows you “finish setting up your PC” prompts with messages about using OneDrive and Microsoft 365. To get rid of these: 

• In Windows 11, open the Settings app and head to System > Notifications. Scroll down to the bottom of the screen, expand the “Additional settings” section, and uncheck the three options here: “Get tips and suggestions when using Windows,” “Suggest ways to get the most out of Windows and finish setting up this device,” and “Show the Windows welcome experience after updates and when signed in to show what’s new and suggested.” 
• In Windows 10, open the Settings app and head to System > Notifications & actions. Turn off these three options: “Show me the Windows welcome experience after updates and occasionally when I sign in to highlight what’s new and suggested,” “Suggest ways I can finish setting up my device to get the most out of Windows,” and “Get tips, tricks, and suggestions as you use Windows” options. 

Stop seeing ads in Settings 

Windows shows you more “suggestions” for subscriptions like Microsoft 365, Copilot Pro, and Xbox Game Pass in the Settings app. To get rid of these: 

• In Windows 11, open the Settings app and head to Privacy & security > General. Turn off “Show me suggested content in the Settings app.” 

• In Windows 10, open the Settings app and head to Privacy > General. Turn off “Show me suggested content in the Settings app.” 

The Settings app now pushes Microsoft’s subscription services hard. 

Chris Hoffman, IDG

Hide ads in File Explorer 

Microsoft has used banners in File Explorer to show advertisements for OneDrive storage. To avoid seeing these: 

• In Windows 11, open File Explorer, click the “…” menu on the toolbar, and select “Options.” Click over to the “View” tab, scroll down to near the bottom of the list, and uncheck “Show sync provider notifications.” Click “OK.” 

• In Windows 10, open File Explorer, click the “View” tab on the ribbon, and click “Options.” Click over to the “View” tab, scroll down to near the bottom of the list, and uncheck “Show sync provider notifications.” Click “OK.” 

Avoid lock screen ads 

Windows PCs can use Microsoft’s Windows Spotlight feature to see regularly updated background images on their lock screen. It’s a nice feature, but Microsoft has also used it to push full-screen advertisements for PC games and advertising-type messages. To stop this from happening: 

• In Windows 11, open the Settings app and head to Personalization > Background. Set “Personalize your background” to something like “Picture” and choose whatever picture you like — anything but “Windows Spotlight.” 

• In Windows 10, open the Settings app, head to Personalization > Lock screen. Click the “Background” box and select “Picture” or “Slideshow” — anything but “Windows Spotlight.” Turn off the “Get fun facts, tips, and more from Windows and Cortana on your lock screen” switch here, too. (It won’t appear if Windows Spotlight is turned off.) 

Personally, I put up with this — I’d rather have the fresh lock-screen images, even if I see an advertisement every now and then. It’s up to you. 

Hide clutter in the search pane 

The search box on the taskbar and the pop-up search experience both have “highlights” that recommend all kinds of shopping content, games, and other viral things. To turn those off: 

• In Windows 11, open the Settings app and head to Privacy & security > Search permissions. Scroll down and turn off “Show search highlights” here. 

• Windows 10 does not have this feature, so there’s nothing to turn off. 

The search pane normally recommends shopping and games when you start a search. 

Chris Hoffman, IDG

Never see feedback popups 

Windows might sometimes ask for feedback about your PC experience: Would you recommend Windows to other people? To avoid these interruptions and stop Windows from asking for feedback: 

• In Windows 11, open the Settings app and head to Privacy & security > Diagnostics & feedback. Click the “Feedback frequency” box and set it to “Never.” 

• In Windows 10, open the Settings app and head to Privacy > Diagnostics & feedback. Scroll down and set the “Feedback frequency” box to “Never.” 

Turn off the viral firehose in Widgets 

Windows 11’s Widgets experience pushes viral news articles and shows stock price movements on your taskbar by default. Windows 10 has a similar feature that also recommends viral stories. To turn off Widgets completely: 

• In Windows 11, right-click an empty spot on the taskbar, select “Taskbar settings,” and turn off “Widgets.” 

• In Windows 10, right-click an empty spot on the taskbar, point to “News and interests,” and select “Turn off.” 

Or, you can just turn off those viral stories: 

• In Windows 11, click the Widgets icon at the left side of the taskbar, click the gear icon at the top-right corner of the Widgets pane, click “Show or hide feeds,” and turn off “My feed.” 

• Windows 10 doesn’t let you turn off the viral story feed while keeping the weather on the taskbar. 

Windows 11’s Widgets feed is still the most annoying part of the operating system. 

Chris Hoffman, IDG

Toss apps that come stuck to your Start menu 

Windows PCs come with a bunch of app shortcuts “pinned” to their Start menus. Most of these apps aren’t technically installed yet — they’ll just be installed if you click their shortcuts. For example, you might see apps like “Luminar Neo – AI Photo Editor” and “Grammarly” pinned to your Start menu. To get rid of them: 

• In Windows 11, open the Start menu. Look at the list of pinned apps. Right-click apps you don’t use and select either “Uninstall” or “Unpin from Start.” 

• In Windows 10, open the Start menu. Look at the list of pinned app tiles on the right side of the menu. Right-click apps you want to get out of there and select either “Uninstall” or “Unpin from Start.” 

If your Windows 10 PC is old enough, you might even see a tile for Candy Crush! (Amusingly enough, Microsoft now owns Candy Crush after its controversial acquisition of Activision-Blizzard.) 

You might also want to uninstall bundled apps you don’t want. For example, many new PCs come with a trial of McAfee antivirus — you can uninstall McAfee antivirus if you’re not going to use it. 

Clean up Microsoft Edge

The Microsoft Edge browser is stuffed full of viral news stories, AI features, links to MSN games, recommendations for coupons, and all kinds of other additional things. You can avoid them by switching to another web browser, but if you want to use Edge, here are a few steps you can take: 

• Clean up Edge’s Start page: Open a new tab in Microsoft Edge, click the gear icon at the top-right corner of the page, turn off “Content,” and turn off “Show sponsored background.” 

• Turn off the sidebar: Click the gear icon at the bottom of the sidebar on the right side of the Edge browser. Uncheck “Always show sidebar.” 

• Get rid of shopping notifications: Click the menu icon near the top-right corner of the Edge browser window and choose “Settings.” Select “Privacy, search, and services” at the left side of the Settings page, scroll down to the “Services” section, and turn off “Save time and money with Shopping in Microsoft Edge.” 

If you like some of these features — that’s fine! But there’s a lot going on in Edge, and just changing these few settings should quieten things down. 

Using Edge becomes a much more peaceful experience after you clean up its new tab page. 

Chris Hoffman, IDG

More PC annoyances you can end 

If you’d like to take control over your PC, be sure to check out my guide on how to sign in with a local account. There’s a secret handshake you can use while setting up your computer. 

Still find Windows annoying? Some of the biggest annoyances on Windows 11 and Windows 10 PCs aren’t ads at all! Here’s a list of 10 Windows annoyances — and how to fix them. For example, you can turn off Bing search in the Start menu completely — but Microsoft buries this option and makes it hard to find. 

Want something that’s not annoying? Get even more Windows insights, tips, and tricks with my free Windows Intelligence newsletter, which brings you three new things to try every Friday. Plus, get free Windows 10 and 11 Field Guides as soon as you sign up. 

Microsoft, Operating Systems, Windows, Windows 10, Windows 11, Windows PCs

A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust," said FBI Director Christopher Wray.

A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust," said FBI Director Christopher Wray. Newsroomhttp://www.blogger.com/profile/[email protected]