10 interesting stories served every morning and every evening.




1 1,693 shares, 102 trendiness

Say hello to MacBook Neo

Say hello to MacBook Neo

Apple’s all-new MacBook fea­tures a durable alu­minum de­sign, a stun­ning 13-inch Liquid Retina dis­play, the power of Apple sil­i­con, and all-day bat­tery life — all for the break­through start­ing price of just $599

Apple to­day un­veiled MacBook Neo, an all-new lap­top that de­liv­ers the magic of the Mac at a break­through price, mak­ing it even more ac­ces­si­ble to mil­lions of peo­ple around the world. MacBook Neo starts with a beau­ti­ful Apple de­sign, fea­tur­ing a durable alu­minum en­clo­sure in an ar­ray of gor­geous col­ors — blush, in­digo, sil­ver, and a fresh new cit­rus. Its stun­ning 13-inch Liquid Retina dis­play brings web­sites, pho­tos, videos, and apps to life with high res­o­lu­tion and bright­ness, and sup­port for 1 bil­lion col­ors. Powered by A18 Pro, MacBook Neo can fly through every­day tasks, from brows­ing the web and stream­ing con­tent, to edit­ing pho­tos, ex­plor­ing cre­ative hob­bies, or us­ing AI ca­pa­bil­i­ties across apps. In fact, it’s up to 50 per­cent faster for every­day tasks like web brows­ing,1 and up to 3x faster when run­ning on-de­vice AI work­loads like ap­ply­ing ad­vanced ef­fects to pho­tos,2 com­pared to the best­selling PC with the lat­est ship­ping Intel Core Ultra 5. Providing up to 16 hours of bat­tery life, MacBook Neo al­lows users to go all day on a sin­gle charge.3 A 1080p FaceTime HD cam­era and dual mics make it easy to look and sound great, and the dual side-fir­ing speak­ers with Spatial Audio de­liver crisp, im­mer­sive sound. MacBook Neo also fea­tures Apple’s renowned Magic Keyboard for com­fort­able and pre­cise typ­ing, and a large Multi-Touch track­pad with sup­port for in­tu­itive ges­tures, en­abling smooth and pre­cise con­trol. Completing the MacBook Neo ex­pe­ri­ence is ma­cOS Tahoe, with pow­er­ful built-in apps like Messages, Pages, Calendar, and Safari; seam­less in­te­gra­tion with iPhone; Apple Intelligence; as well as broad com­pat­i­bil­ity with third-party apps. And start­ing at just $599 and $499 for ed­u­ca­tion, MacBook Neo is Apple’s most af­ford­able lap­top ever, pro­vid­ing an un­prece­dented com­bi­na­tion of qual­ity and value. MacBook Neo is avail­able to pre-or­der start­ing to­day, with avail­abil­ity be­gin­ning Wednesday, March 11.

We’re in­cred­i­bly ex­cited to in­tro­duce MacBook Neo, which de­liv­ers the magic of the Mac at a break­through price,” said John Ternus, Apple’s se­nior vice pres­i­dent of Hardware Engineering. Built from the ground up to be more af­ford­able for even more peo­ple, MacBook Neo is a lap­top only Apple could cre­ate. It fea­tures a durable alu­minum de­sign in four beau­ti­ful col­ors; a bril­liant Liquid Retina dis­play; Apple sil­i­con-pow­ered per­for­mance; all-day bat­tery life; a high-qual­ity cam­era, mics, and speak­ers; a Magic Keyboard and Multi-Touch track­pad; and the in­tu­itive and pow­er­ful fea­tures of ma­cOS. There is sim­ply no other lap­top like it.”

MacBook Neo pro­vides an un­matched com­bi­na­tion of qual­ity and af­ford­abil­ity for stu­dents, fam­i­lies, small busi­ness own­ers, new Mac users, and more.

A fanned-out ar­ray of MacBook Neo mod­els in its four col­ors: sil­ver, blush, cit­rus, and in­digo.

MacBook Neo comes in four beau­ti­ful col­ors — sil­ver, blush, cit­rus, and in­digo.

MacBook Neo comes in four beau­ti­ful col­ors — blush, in­digo, sil­ver, and cit­rus.

MacBook Neo comes in four beau­ti­ful col­ors — blush, in­digo, sil­ver, and cit­rus.

MacBook Neo comes in four beau­ti­ful col­ors — blush, in­digo, sil­ver, and cit­rus.

MacBook Neo comes in four beau­ti­ful col­ors — blush, in­digo, sil­ver, and cit­rus.

A user an­swers emails and browses the web on their cit­rus MacBook Neo.

A per­son uses ChatGPT and Canva on their blush MacBook Neo.

A per­son mul­ti­tasks be­tween apps on their in­digo MacBook Neo.

With A18 Pro, MacBook Neo can power through a wide range of every­day tasks, from brows­ing the web to send­ing emails and ef­fort­lessly mul­ti­task­ing be­tween apps.

With A18 Pro, MacBook Neo can power through a wide range of every­day tasks, from brows­ing the web to send­ing emails and ef­fort­lessly mul­ti­task­ing be­tween apps.

With A18 Pro, MacBook Neo can power through a wide range of every­day tasks, from brows­ing the web to send­ing emails and ef­fort­lessly mul­ti­task­ing be­tween apps.

A18 Pro fea­tures a 5-core GPU to fa­cil­i­tate smooth per­for­mance for every­thing from FaceTime calls to ca­sual game­play.

A stu­dent uses their cit­rus MacBook Neo in a class­room set­ting.

A per­son lounges in bed us­ing MacBook Neo while lis­ten­ing to mu­sic on AirPods Max.

A per­son uses their sil­ver MacBook Neo in an au­di­to­rium-like set­ting.

MacBook Neo de­liv­ers up to 16 hours of bat­tery life on a sin­gle charge, mak­ing it a per­fect on-the-go com­pan­ion for school, work, or play.

MacBook Neo de­liv­ers up to 16 hours of bat­tery life on a sin­gle charge, mak­ing it a per­fect on-the-go com­pan­ion for school, work, or play.

MacBook Neo de­liv­ers up to 16 hours of bat­tery life on a sin­gle charge, mak­ing it a per­fect on-the-go com­pan­ion for school, work, or play.

MacBook Neo de­liv­ers up to 16 hours of bat­tery life on a sin­gle charge, mak­ing it a per­fect on-the-go com­pan­ion for school, work, or play.

Customers can pre-or­der the new MacBook Neo start­ing to­day at ap­ple.com/​store and in the Apple Store app in 30 coun­tries and re­gions, in­clud­ing the U. S. It will be­gin ar­riv­ing to cus­tomers, and will be in Apple Store lo­ca­tions and Apple Authorized Resellers, start­ing Wednesday, March 11.

MacBook Neo starts at $599 (U.S.) and $499 (U.S.) for ed­u­ca­tion. It is avail­able in four col­ors — blush, in­digo, sil­ver, and cit­rus. Additional tech­ni­cal spec­i­fi­ca­tions, con­fig­ure-to-or­der op­tions, and ac­ces­sories are avail­able at ap­ple.com/​mac.

With Apple Trade In, cus­tomers can trade in their cur­rent com­puter and get credit to­ward a new Mac. Customers can visit ap­ple.com/​shop/​trade-in to see what their de­vice is worth.

AppleCare de­liv­ers ex­cep­tional ser­vice and sup­port, with flex­i­ble op­tions for Apple users. Customers can choose AppleCare+ to cover their new Mac, or in the U.S., AppleCare One to pro­tect mul­ti­ple prod­ucts in one sim­ple plan. Both plans in­clude cov­er­age for ac­ci­dents like drops and spills, theft and loss pro­tec­tion on el­i­gi­ble prod­ucts, bat­tery re­place­ment ser­vice, and 24/7 sup­port from Apple Experts. For more in­for­ma­tion, visit ap­ple.com/​ap­ple­care.

Every cus­tomer who buys di­rectly from Apple Retail gets ac­cess to Personal Setup. In these guided on­line ses­sions, a Specialist can walk them through setup, or fo­cus on fea­tures that help them make the most of their new de­vice. Customers can also learn more about get­ting started and go­ing fur­ther with their new de­vice with a Today at Apple ses­sion at their near­est Apple Store.

Customers in the U.S. who shop at Apple us­ing Apple Card can pay monthly at 0 per­cent APR when they choose to check out with Apple Card Monthly Installments, and they’ll get 3 per­cent Daily Cash back — all up front. More in­for­ma­tion — in­clud­ing de­tails on el­i­gi­bil­ity, ex­clu­sions, and Apple Card terms — is avail­able at ap­ple.com/​ap­ple-card/​monthly-in­stall­ments.

Apple’s all-new MacBook fea­tures a durable alu­minum de­sign, a stun­ning 13-inch Liquid Retina dis­play, the power of Apple sil­i­con, and all-day bat­tery life — all for the break­through start­ing price of just $599

CUPERTINO, CALIFORNIA Apple to­day un­veiled MacBook Neo, an all-new lap­top that de­liv­ers the magic of the Mac at a break­through price, mak­ing it even more ac­ces­si­ble to mil­lions of peo­ple around the world. MacBook Neo starts with a beau­ti­ful Apple de­sign, fea­tur­ing a durable alu­minum en­clo­sure in an ar­ray of gor­geous col­ors — blush, in­digo, sil­ver, and a fresh new cit­rus. Its stun­ning 13-inch Liquid Retina dis­play brings web­sites, pho­tos, videos, and apps to life with high res­o­lu­tion and bright­ness, and sup­port for 1 bil­lion col­ors. Powered by A18 Pro, MacBook Neo can fly through every­day tasks, from brows­ing the web and stream­ing con­tent, to edit­ing pho­tos, ex­plor­ing cre­ative hob­bies, or us­ing AI ca­pa­bil­i­ties across apps. In fact, it’s up to 50 per­cent faster for every­day tasks like web brows­ing,1 and up to 3x faster when run­ning on-de­vice AI work­loads like ap­ply­ing ad­vanced ef­fects to pho­tos,2 com­pared to the best­selling PC with the lat­est ship­ping Intel Core Ultra 5. Providing up to 16 hours of bat­tery life, MacBook Neo al­lows users to go all day on a sin­gle charge.3 A 1080p FaceTime HD cam­era and dual mics make it easy to look and sound great, and the dual side-fir­ing speak­ers with Spatial Audio de­liver crisp, im­mer­sive sound. MacBook Neo also fea­tures Apple’s renowned Magic Keyboard for com­fort­able and pre­cise typ­ing, and a large Multi-Touch track­pad with sup­port for in­tu­itive ges­tures, en­abling smooth and pre­cise con­trol. Completing the MacBook Neo ex­pe­ri­ence is ma­cOS Tahoe, with pow­er­ful built-in apps like Messages, Pages, Calendar, and Safari; seam­less in­te­gra­tion with iPhone; Apple Intelligence; as well as broad com­pat­i­bil­ity with third-party apps. And start­ing at just $599 and $499 for ed­u­ca­tion, MacBook Neo is Apple’s most af­ford­able lap­top ever, pro­vid­ing an un­prece­dented com­bi­na­tion of qual­ity and value. MacBook Neo is avail­able to pre-or­der start­ing to­day, with avail­abil­ity be­gin­ning Wednesday, March 11.

We’re in­cred­i­bly ex­cited to in­tro­duce MacBook Neo, which de­liv­ers the magic of the Mac at a break­through price,” said John Ternus, Apple’s se­nior vice pres­i­dent of Hardware Engineering. Built from the ground up to be more af­ford­able for even more peo­ple, MacBook Neo is a lap­top only Apple could cre­ate. It fea­tures a durable alu­minum de­sign in four beau­ti­ful col­ors; a bril­liant Liquid Retina dis­play; Apple sil­i­con-pow­ered per­for­mance; all-day bat­tery life; a high-qual­ity cam­era, mics, and speak­ers; a Magic Keyboard and Multi-Touch track­pad; and the in­tu­itive and pow­er­ful fea­tures of ma­cOS. There is sim­ply no other lap­top like it.”

MacBook Neo fea­tures a beau­ti­fully crafted alu­minum de­sign that’s built to last. With its soft, rounded cor­ners, MacBook Neo looks el­e­gant while feel­ing solid and com­fort­able to hold. At just 2.7 pounds, it’s also easy to carry in a back­pack or hand­bag. Bringing a fun touch of per­son­al­ity and style to every­day com­put­ing, MacBook Neo comes in a spec­trum of four gor­geous col­ors: blush, in­digo, sil­ver, and cit­rus. These col­ors ex­tend to the Magic Keyboard in lighter shades and new wall­pa­pers, cre­at­ing a co­he­sive de­sign aes­thetic and mak­ing MacBook Neo the most col­or­ful MacBook yet.

A gor­geous 13-inch Liquid Retina dis­play fea­tures a 2408-by-1506 res­o­lu­tion, 500 nits of bright­ness, and sup­port for 1 bil­lion col­ors, bring­ing to life sharp, crys­tal-clear text and vi­brant im­ages. The dis­play is both brighter and higher in res­o­lu­tion than most PC lap­tops in this price range, putting it in a class of its own. Finally, an anti-re­flec­tive coat­ing pro­vides a com­fort­able view­ing ex­pe­ri­ence in a va­ri­ety of light­ing con­di­tions, al­low­ing users to watch movies, edit pho­tos, or take video calls from any­where.

At the heart of MacBook Neo is A18 Pro, en­abling users to power through things they do every day, like brows­ing the web, cre­at­ing doc­u­ments, stream­ing con­tent, edit­ing pho­tos, and tak­ing ad­van­tage of AI. Users can seam­lessly work be­tween their fa­vorite apps, like Messages, WhatsApp, Canva, Excel, Safari, and more. MacBook Neo with A18 Pro is up to 50 per­cent faster for every­day tasks than the best­selling PC with the lat­est ship­ping Intel Core Ultra 5.1 And for more de­mand­ing ac­tiv­i­ties, it’s up to 3x faster for on-de­vice AI work­loads2 and up to 2x faster for tasks like photo edit­ing.4 The in­te­grated 5-core GPU brings graph­ics to life while play­ing ac­tion-packed games or ex­plor­ing cre­ative hob­bies. And a 16-core Neural Engine sup­ports fast on-de­vice Apple Intelligence fea­tures and every­day AI tasks like sum­ma­riz­ing notes in Bear or us­ing the Clean Up tool in the Photos app, while en­sur­ing user data stays pri­vate and se­cure. MacBook Neo is also fan­less, so it runs com­pletely silent.

Thanks to the in­cred­i­ble power ef­fi­ciency of Apple sil­i­con, MacBook Neo de­liv­ers up to 16 hours of bat­tery life on a sin­gle charge.3 This makes it a per­fect on-the-go com­pan­ion for work or play, from the class­room to the cof­fee shop, and every­where in be­tween.

MacBook Neo fea­tures Apple’s much-loved Magic Keyboard, which pro­vides a com­fort­able, pre­cise typ­ing ex­pe­ri­ence, while a large Multi-Touch track­pad lets users click, scroll, swipe, and pinch any­where on its sur­face. The MacBook Neo model with Touch ID en­ables easy, quick, and se­cure lo­gin au­then­ti­ca­tion, and the abil­ity to con­ve­niently au­tho­rize pur­chases us­ing Apple Pay.

The 1080p FaceTime HD cam­era on MacBook Neo has op­ti­mized im­age pro­cess­ing to de­liver vi­brant video calls. Dual mics with di­rec­tional beam­form­ing are de­signed to re­duce back­ground noise and iso­late a user’s voice, al­low­ing it to come across loud and clear for an ex­cel­lent video con­fer­enc­ing ex­pe­ri­ence. And dual side-fir­ing speak­ers with sup­port for Spatial Audio and Dolby Atmos pro­duce im­mer­sive sound for watch­ing a movie, lis­ten­ing to mu­sic, or us­ing apps like GarageBand.

MacBook Neo fea­tures two USB-C ports for con­nect­ing ac­ces­sories or an ex­ter­nal dis­play.5 Both ports can be used for charg­ing. MacBook Neo also in­cludes a head­phone jack for wired au­dio. Wi-Fi 6E pro­vides fast wire­less con­nec­tiv­ity, and Bluetooth 6 en­sures re­li­able wire­less con­nec­tions for pe­riph­er­als and ac­ces­sories.

ma­cOS is Apple’s pow­er­ful and in­tu­itive op­er­at­ing sys­tem for Mac.6 With in­cred­i­ble fea­tures and built-in apps like Safari, Photos, Messages, and FaceTime, ma­cOS en­ables users to get started right out of the box. Apple Intelligence fea­tures like Writing Tools, Live Translation, and more are deeply in­te­grated across ma­cOS, el­e­vat­ing the user ex­pe­ri­ence by bring­ing in­tel­li­gence to the apps users rely on every day.7 Advanced pri­vacy and se­cu­rity also come stan­dard, fea­tur­ing in­dus­try‑lead­ing en­cryp­tion, ro­bust virus pro­tec­tions, and au­to­matic free se­cu­rity up­dates to help keep users pro­tected.

iPhone users can tap in to Continuity fea­tures built in to ma­cOS to make work­ing across iPhone and Mac a breeze. Handoff lets users start a task on MacBook Neo and con­tinue it on iPhone, while Universal Clipboard al­lows users to copy and paste con­tent be­tween de­vices. With iPhone Mirroring, users can view and in­ter­act with their iPhone di­rectly on MacBook Neo, and users switch­ing to Mac for the first time can use iPhone to con­ve­niently and se­curely trans­fer set­tings, files, pho­tos, pass­words, and more.

Built with the Environment in Mind

MacBook Neo was built from the ground up to be Apple’s low­est-car­bon MacBook, and brings the com­pany even closer to reach­ing its am­bi­tious plan to be car­bon neu­tral across its en­tire foot­print by 2030. It fea­tures 60 per­cent re­cy­cled con­tent — the high­est per­cent­age of any Apple prod­uct.8 This in­cludes 90 per­cent re­cy­cled alu­minum over­all and 100 per­cent re­cy­cled cobalt in the bat­tery. The en­clo­sure is man­u­fac­tured with a ma­te­r­ial-ef­fi­cient form­ing process that uses 50 per­cent less alu­minum com­pared to tra­di­tional ma­chin­ing meth­ods. MacBook Neo is man­u­fac­tured with 45 per­cent re­new­able elec­tric­ity, like wind and so­lar, across the sup­ply chain. It also meets Apple’s high stan­dards for en­ergy ef­fi­ciency and safe chem­istry. Additionally, the pa­per pack­ag­ing is 100 per­cent fiber-based and can be eas­ily re­cy­cled.9

Customers can pre-or­der the new MacBook Neo start­ing to­day at ap­ple.com/​store and in the Apple Store app in 30 coun­tries and re­gions, in­clud­ing the U.S. It will be­gin ar­riv­ing to cus­tomers, and will be in Apple Store lo­ca­tions and Apple Authorized Resellers, start­ing Wednesday, March 11.

MacBook Neo starts at $599 (U.S.) and $499 (U.S.) for ed­u­ca­tion. It is avail­able in four col­ors — blush, in­digo, sil­ver, and cit­rus. Additional tech­ni­cal spec­i­fi­ca­tions, con­fig­ure-to-or­der op­tions, and ac­ces­sories are avail­able at ap­ple.com/​mac.

With Apple Trade In, cus­tomers can trade in their cur­rent com­puter and get credit to­ward a new Mac. Customers can visit ap­ple.com/​shop/​trade-in to see what their de­vice is worth.

AppleCare de­liv­ers ex­cep­tional ser­vice and sup­port, with flex­i­ble op­tions for Apple users. Customers can choose AppleCare+ to cover their new Mac, or in the U.S., AppleCare One to pro­tect mul­ti­ple prod­ucts in one sim­ple plan. Both plans in­clude cov­er­age for ac­ci­dents like drops and spills, theft and loss pro­tec­tion on el­i­gi­ble prod­ucts, bat­tery re­place­ment ser­vice, and 24/7 sup­port from Apple Experts. For more in­for­ma­tion, visit ap­ple.com/​ap­ple­care.

Every cus­tomer who buys di­rectly from Apple Retail gets ac­cess to Personal Setup. In these guided on­line ses­sions, a Specialist can walk them through setup, or fo­cus on fea­tures that help them make the most of their new de­vice. Customers can also learn more about get­ting started and go­ing fur­ther with their new de­vice with a Today at Apple ses­sion at their near­est Apple Store.

Customers in the U.S. who shop at Apple us­ing Apple Card can pay monthly at 0 per­cent APR when they choose to check out with Apple Card Monthly Installments, and they’ll get 3 per­cent Daily Cash back — all up front. More in­for­ma­tion — in­clud­ing de­tails on el­i­gi­bil­ity, ex­clu­sions, and Apple Card terms — is avail­able at ap­ple.com/​ap­ple-card/​monthly-in­stall­ments.

About Apple

Apple rev­o­lu­tion­ized per­sonal tech­nol­ogy with the in­tro­duc­tion of the Macintosh in 1984. Today, Apple leads the world in in­no­va­tion with iPhone, iPad, Mac, AirPods, Apple Watch, and Apple Vision Pro. Apple’s six soft­ware plat­forms — iOS, iPa­dOS, ma­cOS, watchOS, vi­sionOS, and tvOS — pro­vide seam­less ex­pe­ri­ences across all Apple de­vices and em­power peo­ple with break­through ser­vices in­clud­ing the App Store, Apple Music, Apple Pay, iCloud, and Apple TV. Apple’s more than 150,000 em­ploy­ees are ded­i­cated to mak­ing the best prod­ucts on earth and to leav­ing the world bet­ter than we found it.

Testing was con­ducted by Apple in January and February 2026 us­ing pre­pro­duc­tion MacBook Neo sys­tems with Apple A18 Pro, 6-core CPU, 5-core GPU, 8GB of uni­fied mem­ory, and 256GB SSD, as well as pro­duc­tion Intel Core Ultra 5-based PC sys­tems with Intel Graphics, 8GB of RAM, 256GB SSD, and the lat­est ver­sion of Windows 11 Home avail­able at the time of test­ing. Bestselling PC lap­top with the lat­est ship­ping Intel Core Ultra 5 proces­sor is based on pub­licly avail­able sales data over the prior six months. Speedometer 3.1 per­for­mance bench­mark tested with pre-re­lease Safari 26.3 on ma­cOS Tahoe, and both Chrome 144.0.7559.110 and Edge 144.0.3719.104 on Windows 11 Home. Performance tests are con­ducted us­ing spe­cific com­puter sys­tems and re­flect the ap­prox­i­mate per­for­mance of MacBook Neo.

Testing was con­ducted by Apple in January and February 2026 us­ing pre­pro­duc­tion MacBook Neo sys­tems with Apple A18 Pro, 6-core CPU, 5-core GPU, 8GB of uni­fied mem­ory, and 256GB SSD, as well as pro­duc­tion Intel Core Ultra 5-based PC sys­tems with Intel Graphics, 8GB of RAM, 256GB SSD, and the lat­est ver­sion of Windows 11 Home avail­able at the time of test­ing. Bestselling PC lap­top with the lat­est ship­ping Intel Core Ultra 5 proces­sor is based on pub­licly avail­able sales data over the prior six months. Adobe Photoshop 2026 27.3.0 tested us­ing the fol­low­ing fil­ters and func­tions: su­per zoom, depth blur, JPEG ar­ti­fact re­moval, style trans­fer, photo restora­tion, and land­scape mixer. Performance tests are con­ducted us­ing spe­cific com­puter sys­tems and re­flect the ap­prox­i­mate per­for­mance of MacBook Neo.

Testing was con­ducted by Apple in January 2026 us­ing pre­pro­duc­tion MacBook Neo sys­tems with Apple A18 Pro, 6-core CPU, 5-core GPU, 8GB of uni­fied mem­ory, and 256GB SSD. Wireless web bat­tery life tested by brows­ing 25 pop­u­lar web­sites while con­nected to Wi-Fi. Video stream­ing bat­tery life tested with 1080p con­tent in Safari while con­nected to Wi-Fi. All sys­tems tested with dis­play bright­ness set to eight clicks from bot­tom. Battery life varies by use and con­fig­u­ra­tion. See ap­ple.com/​bat­ter­ies for more in­for­ma­tion.

Testing was con­ducted by Apple in January and February 2026 us­ing pre­pro­duc­tion MacBook Neo sys­tems with Apple A18 Pro, 6-core CPU, 5-core GPU, 8GB of uni­fied mem­ory, and 256GB SSD, as well as pro­duc­tion Intel Core Ultra 5-based PC sys­tems with Intel Graphics, 8GB of RAM, 256GB SSD, and the lat­est ver­sion of Windows 11 Home avail­able at the time of test­ing. Bestselling PC lap­top with the lat­est ship­ping Intel Core Ultra 5 proces­sor is based on pub­licly avail­able sales data over the prior six months. Tested with Affinity v3.0.3.4027 us­ing the built-in bench­mark 30000. Performance tests are con­ducted us­ing spe­cific com­puter sys­tems and re­flect the ap­prox­i­mate per­for­mance of MacBook Neo.

MacBook Neo fea­tures two USB-C ports — USB 3 (left) and USB 2 (right). External dis­play con­nec­tiv­ity sup­ported on left USB 3 port only.

ma­cOS Tahoe is avail­able as a free soft­ware up­date. Some fea­tures may not be avail­able in all re­gions or in all lan­guages. See re­quire­ments at ap­ple.com/​os/​ma­cos.

Apple Intelligence is avail­able in beta with sup­port for these lan­guages: English, Danish, Dutch, French, German, Italian, Norwegian, Portuguese, Spanish, Swedish, Turkish, Vietnamese, Chinese (simplified), Chinese (traditional), Japanese, and Korean. Some fea­tures may not be avail­able in all re­gions or lan­guages. For fea­ture and lan­guage avail­abil­ity and sys­tem re­quire­ments, see sup­port.ap­ple.com/​en-us/​121115.

Product re­cy­cled or re­new­able con­tent is the mass of cer­ti­fied re­cy­cled ma­te­r­ial rel­a­tive to the over­all mass of the de­vice, not in­clud­ing pack­ag­ing or in-box ac­ces­sories. Comparison ex­cludes ac­ces­sories.

Breakdown of U.S. re­tail pack­ag­ing by weight. Adhesives, inks, and coat­ings are ex­cluded from cal­cu­la­tions.

Copy text

* Customers can pre-or­der the new MacBook Neo start­ing to­day at ap­ple.com/​store and in the Apple Store app in 30 coun­tries and re­gions, in­clud­ing the U.S. It will be­gin ar­riv­ing to cus­tomers, and will be in Apple Store lo­ca­tions and Apple Authorized Resellers, start­ing Wednesday, March 11.

* MacBook Neo starts at $599 (U.S.) and $499 (U.S.) for ed­u­ca­tion. It is avail­able in four col­ors — blush, in­digo, sil­ver, and cit­rus. Additional tech­ni­cal spec­i­fi­ca­tions, con­fig­ure-to-or­der op­tions, and ac­ces­sories are avail­able at ap­ple.com/​mac.

* With Apple Trade In, cus­tomers can trade in their cur­rent com­puter and get credit to­ward a new Mac. Customers can visit ap­ple.com/​shop/​trade-in to see what their de­vice is worth.

* AppleCare de­liv­ers ex­cep­tional ser­vice and sup­port, with flex­i­ble op­tions for Apple users. Customers can choose AppleCare+ to cover their new Mac, or in the U.S., AppleCare One to pro­tect mul­ti­ple prod­ucts in one sim­ple plan. Both plans in­clude cov­er­age for ac­ci­dents like drops and spills, theft and loss pro­tec­tion on el­i­gi­ble prod­ucts, bat­tery re­place­ment ser­vice, and 24/7 sup­port from Apple Experts. For more in­for­ma­tion, visit ap­ple.com/​ap­ple­care.

* Every cus­tomer who buys di­rectly from Apple Retail gets ac­cess to Personal Setup. In these guided on­line ses­sions, a Specialist can walk them through setup, or fo­cus on fea­tures that help them make the most of their new de­vice. Customers can also learn more about get­ting started and go­ing fur­ther with their new de­vice with a Today at Apple ses­sion at their near­est Apple Store.

* Customers in the U.S. who shop at Apple us­ing Apple Card can pay monthly at 0 per­cent APR when they choose to check out with Apple Card Monthly Installments, and they’ll get 3 per­cent Daily Cash back — all up front. More in­for­ma­tion — in­clud­ing de­tails on el­i­gi­bil­ity, ex­clu­sions, and Apple Card terms — is avail­able at ap­ple.com/​ap­ple-card/​monthly-in­stall­ments.

* Testing was con­ducted by Apple in January and February 2026 us­ing pre­pro­duc­tion MacBook Neo sys­tems with Apple A18 Pro, 6-core CPU, 5-core GPU, 8GB of uni­fied mem­ory, and 256GB SSD, as well as pro­duc­tion Intel Core Ultra 5-based PC sys­tems with Intel Graphics, 8GB of RAM, 256GB SSD, and the lat­est ver­sion of Windows 11 Home avail­able at the time of test­ing. Bestselling PC lap­top with the lat­est ship­ping Intel Core Ultra 5 proces­sor is based on pub­licly avail­able sales data over the prior six months. Speedometer 3.1 per­for­mance bench­mark tested with pre-re­lease Safari 26.3 on ma­cOS Tahoe, and both Chrome 144.0.7559.110 and Edge 144.0.3719.104 on Windows 11 Home. Performance tests are con­ducted us­ing spe­cific com­puter sys­tems and re­flect the ap­prox­i­mate per­for­mance of MacBook Neo.

* Testing was con­ducted by Apple in January and February 2026 us­ing pre­pro­duc­tion MacBook Neo sys­tems with Apple A18 Pro, 6-core CPU, 5-core GPU, 8GB of uni­fied mem­ory, and 256GB SSD, as well as pro­duc­tion Intel Core Ultra 5-based PC sys­tems with Intel Graphics, 8GB of RAM, 256GB SSD, and the lat­est ver­sion of Windows 11 Home avail­able at the time of test­ing. Bestselling PC lap­top with the lat­est ship­ping Intel Core Ultra 5 proces­sor is based on pub­licly avail­able sales data over the prior six months. Adobe Photoshop 2026 27.3.0 tested us­ing the fol­low­ing fil­ters and func­tions: su­per zoom, depth blur, JPEG ar­ti­fact re­moval, style trans­fer, photo restora­tion, and land­scape mixer. Performance tests are con­ducted us­ing spe­cific com­puter sys­tems and re­flect the ap­prox­i­mate per­for­mance of MacBook Neo.

* Testing was con­ducted by Apple in January 2026 us­ing pre­pro­duc­tion MacBook Neo sys­tems with Apple A18 Pro, 6-core CPU, 5-core GPU, 8GB of uni­fied mem­ory, and 256GB SSD. Wireless web bat­tery life tested by brows­ing 25 pop­u­lar web­sites while con­nected to Wi-Fi. Video stream­ing bat­tery life tested with 1080p con­tent in Safari while con­nected to Wi-Fi. All sys­tems tested with dis­play bright­ness set to eight clicks from bot­tom. Battery life varies by use and con­fig­u­ra­tion. See ap­ple.com/​bat­ter­ies for more in­for­ma­tion.

* Testing was con­ducted by Apple in January and February 2026 us­ing pre­pro­duc­tion MacBook Neo sys­tems with Apple A18 Pro, 6-core CPU, 5-core GPU, 8GB of uni­fied mem­ory, and 256GB SSD, as well as pro­duc­tion Intel Core Ultra 5-based PC sys­tems with Intel Graphics, 8GB of RAM, 256GB SSD, and the lat­est ver­sion of Windows 11 Home avail­able at the time of test­ing. Bestselling PC lap­top with the lat­est ship­ping Intel Core Ultra 5 proces­sor is based on pub­licly avail­able sales data over the prior six months. Tested with Affinity v3.0.3.4027 us­ing the built-in bench­mark 30000. Performance tests are con­ducted us­ing spe­cific com­puter sys­tems and re­flect the ap­prox­i­mate per­for­mance of MacBook Neo.

* MacBook Neo fea­tures two USB-C ports — USB 3 (left) and USB 2 (right). External dis­play con­nec­tiv­ity sup­ported on left USB 3 port only.

* ma­cOS Tahoe is avail­able as a free soft­ware up­date. Some fea­tures may not be avail­able in all re­gions or in all lan­guages. See re­quire­ments at ap­ple.com/​os/​ma­cos.

* Apple Intelligence is avail­able in beta with sup­port for these lan­guages: English, Danish, Dutch, French, German, Italian, Norwegian, Portuguese, Spanish, Swedish, Turkish, Vietnamese, Chinese (simplified), Chinese (traditional), Japanese, and Korean. Some fea­tures may not be avail­able in all re­gions or lan­guages. For fea­ture and lan­guage avail­abil­ity and sys­tem re­quire­ments, see sup­port.ap­ple.com/​en-us/​121115.

* Product re­cy­cled or re­new­able con­tent is the mass of cer­ti­fied re­cy­cled ma­te­r­ial rel­a­tive to the over­all mass of the de­vice, not in­clud­ing pack­ag­ing or in-box ac­ces­sories. Comparison ex­cludes ac­ces­sories.

* Breakdown of U.S. re­tail pack­ag­ing by weight. Adhesives, inks, and coat­ings are ex­cluded from cal­cu­la­tions.

Testing was con­ducted by Apple in January and February 2026 us­ing pre­pro­duc­tion MacBook Neo sys­tems with Apple A18 Pro, 6-core CPU, 5-core GPU, 8GB of uni­fied mem­ory, and 256GB SSD, as well as pro­duc­tion Intel Core Ultra 5-based PC sys­tems with Intel Graphics, 8GB of RAM, 256GB SSD, and the lat­est ver­sion of Windows 11 Home avail­able at the time of test­ing. Bestselling PC lap­top with the lat­est ship­ping Intel Core Ultra 5 proces­sor is based on pub­licly avail­able sales data over the prior six months. Speedometer 3.1 per­for­mance bench­mark tested with pre-re­lease Safari 26.3 on ma­cOS Tahoe, and both Chrome 144.0.7559.110 and Edge 144.0.3719.104 on Windows 11 Home. Performance tests are con­ducted us­ing spe­cific com­puter sys­tems and re­flect the ap­prox­i­mate per­for­mance of MacBook Neo.

Testing was con­ducted by Apple in January and February 2026 us­ing pre­pro­duc­tion MacBook Neo sys­tems with Apple A18 Pro, 6-core CPU, 5-core GPU, 8GB of uni­fied mem­ory, and 256GB SSD, as well as pro­duc­tion Intel Core Ultra 5-based PC sys­tems with Intel Graphics, 8GB of RAM, 256GB SSD, and the lat­est ver­sion of Windows 11 Home avail­able at the time of test­ing. Bestselling PC lap­top with the lat­est ship­ping Intel Core Ultra 5 proces­sor is based on pub­licly avail­able sales data over the prior six months. Adobe Photoshop 2026 27.3.0 tested us­ing the fol­low­ing fil­ters and func­tions: su­per zoom, depth blur, JPEG ar­ti­fact re­moval, style trans­fer, photo restora­tion, and land­scape mixer. Performance tests are con­ducted us­ing spe­cific com­puter sys­tems and re­flect the ap­prox­i­mate per­for­mance of MacBook Neo.

Testing was con­ducted by Apple in January 2026 us­ing pre­pro­duc­tion MacBook Neo sys­tems with Apple A18 Pro, 6-core CPU, 5-core GPU, 8GB of uni­fied mem­ory, and 256GB SSD. Wireless web bat­tery life tested by brows­ing 25 pop­u­lar web­sites while con­nected to Wi-Fi. Video stream­ing bat­tery life tested with 1080p con­tent in Safari while con­nected to Wi-Fi. All sys­tems tested with dis­play bright­ness set to eight clicks from bot­tom. Battery life varies by use and con­fig­u­ra­tion. See ap­ple.com/​bat­ter­ies for more in­for­ma­tion.

Testing was con­ducted by Apple in January and February 2026 us­ing pre­pro­duc­tion MacBook Neo sys­tems with Apple A18 Pro, 6-core CPU, 5-core GPU, 8GB of uni­fied mem­ory, and 256GB SSD, as well as pro­duc­tion Intel Core Ultra 5-based PC sys­tems with Intel Graphics, 8GB of RAM, 256GB SSD, and the lat­est ver­sion of Windows 11 Home avail­able at the time of test­ing. Bestselling PC lap­top with the lat­est ship­ping Intel Core Ultra 5 proces­sor is based on pub­licly avail­able sales data over the prior six months. Tested with Affinity v3.0.3.4027 us­ing the built-in bench­mark 30000. Performance tests are con­ducted us­ing spe­cific com­puter sys­tems and re­flect the ap­prox­i­mate per­for­mance of MacBook Neo.

MacBook Neo fea­tures two USB-C ports — USB 3 (left) and USB 2 (right). External dis­play con­nec­tiv­ity sup­ported on left USB 3 port only.

ma­cOS Tahoe is avail­able as a free soft­ware up­date. Some fea­tures may not be avail­able in all re­gions or in all lan­guages. See re­quire­ments at ap­ple.com/​os/​ma­cos.

Apple Intelligence is avail­able in beta with sup­port for these lan­guages: English, Danish, Dutch, French, German, Italian, Norwegian, Portuguese, Spanish, Swedish, Turkish, Vietnamese, Chinese (simplified), Chinese (traditional), Japanese, and Korean. Some fea­tures may not be avail­able in all re­gions or lan­guages. For fea­ture and lan­guage avail­abil­ity and sys­tem re­quire­ments, see sup­port.ap­ple.com/​en-us/​121115.

Product re­cy­cled or re­new­able con­tent is the mass of cer­ti­fied re­cy­cled ma­te­r­ial rel­a­tive to the over­all mass of the de­vice, not in­clud­ing pack­ag­ing or in-box ac­ces­sories. Comparison ex­cludes ac­ces­sories.

Breakdown of U. S. re­tail pack­ag­ing by weight. Adhesives, inks, and coat­ings are ex­cluded from cal­cu­la­tions.

...

Read the original on www.apple.com »

2 618 shares, 41 trendiness

Something is afoot in the land of Qwen

I’m be­hind on writ­ing about Qwen 3.5, a truly re­mark­able fam­ily of open weight mod­els re­leased by Alibaba’s Qwen team over the past few weeks. I’m hop­ing that the 3.5 fam­ily does­n’t turn out to be Qwen’s swan song, see­ing as that team has had some very high pro­file de­par­tures in the past 24 hours.

It all started with this tweet from Junyang Lin (@JustinLin610):

Junyang Lin was the lead re­searcher build­ing Qwen, and was key to re­leas­ing their open weight mod­els from 2024 on­wards.

As far as I can tell a trig­ger for this res­ig­na­tion was a re-org within Alibaba where a new re­searcher hired from Google’s Gemini team was put in charge of Qwen, but I’ve not con­firmed that de­tail.

More in­for­ma­tion is avail­able in this ar­ti­cle from 36kr.com. Here’s Wikipedia on 36Kr con­firm­ing that it’s a cred­i­ble me­dia source es­tab­lished in 2010 with a good track record re­port­ing on the Chinese tech­nol­ogy in­dus­try.

The ar­ti­cle is in Chinese—here are some quotes trans­lated via Google Translate:

At ap­prox­i­mately 1:00 PM Beijing time on March 4th, Tongyi Lab held an emer­gency All Hands meet­ing, where Alibaba Group CEO Wu Yongming frankly told Qianwen em­ploy­ees.

Twelve hours ago (at 0:11 AM Beijing time on March 4th), Lin Junyang, the tech­ni­cal lead for Alibaba’s Qwen Big Data Model, sud­denly an­nounced his res­ig­na­tion on X. Lin Junyang was a key fig­ure in pro­mot­ing Alibaba’s open-source AI mod­els and one of Alibaba’s youngest P10 em­ploy­ees. Amidst the in­dus­try up­roar, many mem­bers of Qwen were also un­able to ac­cept the sud­den de­par­ture of their team’s key fig­ure.

Given far fewer re­sources than com­peti­tors, Junyang’s lead­er­ship is one of the core fac­tors in achiev­ing to­day’s re­sults,” mul­ti­ple Qianwen mem­bers told 36Kr. […]

Regarding Lin Junyang’s where­abouts, no new con­clu­sions were reached at the meet­ing. However, around 2 PM, Lin Junyang posted again on his WeChat Moments, stat­ing, Brothers of Qwen, con­tinue as orig­i­nally planned, no prob­lem,” with­out ex­plic­itly con­firm­ing whether he would re­turn. […]

That piece also lists sev­eral other key mem­bers who have ap­par­ently re­signed:

With Lin Junyang’s de­par­ture, sev­eral other Qwen mem­bers also an­nounced their de­par­ture, in­clud­ing core lead­ers re­spon­si­ble for var­i­ous sub-ar­eas of Qwen mod­els, such as:

Binyuan Hui: Lead Qwen code de­vel­op­ment, prin­ci­pal of the Qwen-Coder se­ries mod­els, re­spon­si­ble for the en­tire agent train­ing process from pre-train­ing to post-train­ing, and re­cently in­volved in ro­bot­ics re­search.

Bowen Yu: Lead Qwen post-train­ing re­search, grad­u­ated from the University of Chinese Academy of Sciences, lead­ing the de­vel­op­ment of the Qwen-Instruct se­ries mod­els.

Kaixin Li: Core con­trib­u­tor to Qwen 3.5/VL/Coder, PhD from the National University of Singapore.

Besides the afore­men­tioned in­di­vid­u­als, many young re­searchers also re­signed on the same day.

Based on the above it looks to me like every­thing is still very much up in the air. The pres­ence of Alibaba’s CEO at the emergency All Hands meet­ing” sug­gests that the com­pany un­der­stands the sig­nif­i­cance of these res­ig­na­tions and may yet re­tain some of the de­part­ing tal­ent.

This story hits par­tic­u­larly hard right now be­cause the Qwen 3.5 mod­els ap­pear to be ex­cep­tion­ally good.

I’ve not spent enough time with them yet but the scale of the new model fam­ily is im­pres­sive. They started with Qwen3.5-397B-A17B on February 17th—an 807GB model—and then fol­lowed with a flurry of smaller sib­lings in 122B, 35B, 27B, 9B, 4B, 2B, 0.8B sizes.

I’m hear­ing pos­i­tive noises about the 27B and 35B mod­els for cod­ing tasks that still fit on a 32GB/64GB Mac, and I’ve tried the 9B, 4B and 2B mod­els and found them to be no­tably ef­fec­tive con­sid­er­ing their tiny sizes. That 2B model is just 4.57GB—or as small as 1.27GB quan­tized—and is a full rea­son­ing and multi-modal (vision) model.

It would be a real tragedy if the Qwen team were to dis­band now, given their proven track record in con­tin­u­ing to find new ways to get high qual­ity re­sults out of smaller and smaller mod­els.

If those core Qwen team mem­bers ei­ther start some­thing new or join an­other re­search lab I’m ex­cited to see what they do next.

...

Read the original on simonwillison.net »

3 562 shares, 41 trendiness

DeFlock

...

Read the original on deflock.org »

4 507 shares, 21 trendiness

Agentic Engineering Patterns

Subscribe

Patterns for get­ting the best re­sults out of cod­ing agents like Claude Code and OpenAI Codex. See my in­tro­duc­tion for more on this pro­ject.

Principles

Hoard things you know how to do

Testing and QA

...

Read the original on simonwillison.net »

5 446 shares, 70 trendiness

Anthropic CEO Dario Amodei calls OpenAI's messaging around military deal 'straight up lies,' report says

Anthropic co-founder and CEO Dario Amodei is not happy — per­haps pre­dictably so — with OpenAI chief Sam Altman. In a memo to staff, re­ported by The Information, Amodei re­ferred to OpenAI’s deal­ings with the Department of Defense as safety the­ater.”

The main rea­son [OpenAI] ac­cepted [the DoD’s deal] and we did not is that they cared about pla­cat­ing em­ploy­ees, and we ac­tu­ally cared about pre­vent­ing abuses,” Amodei wrote.

Last week, Anthropic and the U. S. Department of Defense (DoD) failed to come to an agree­ment over the mil­i­tary’s re­quest for un­re­stricted ac­cess to the AI com­pa­ny’s tech­nol­ogy. Anthropic, which al­ready had a $200 mil­lion con­tract with the mil­i­tary, in­sisted the DoD af­firm that it would not use the com­pa­ny’s AI to en­able do­mes­tic mass sur­veil­lance or au­tonomous weaponry.

Instead, the DoD — known un­der the Trump ad­min­is­tra­tion as the Department of War — struck a deal with OpenAI. Altman stated that his com­pa­ny’s new de­fense con­tract would in­clude pro­tec­tions against the same red lines that Anthropic had as­serted.

In a let­ter to staff, Amodei refers to OpenAI’s mes­sag­ing as straight up lies,” stat­ing that Altman is falsely presenting him­self as a peace­maker and deal­maker.”

Amodei might not be speak­ing solely from a po­si­tion of bit­ter­ness, here. Anthropic specif­i­cally took is­sue with the DoD’s in­sis­tence on the com­pa­ny’s AI be­ing avail­able for any law­ful use.” OpenAI said in a blog post that its con­tract al­lows use of its AI sys­tems for all law­ful pur­poses.”

It was clear in our in­ter­ac­tion that the DoW con­sid­ers mass do­mes­tic sur­veil­lance il­le­gal and was not plan­ning to use it for this pur­pose,” OpenAI’s blog post stated. We en­sured that the fact that it is not cov­ered un­der law­ful use was made ex­plicit in our con­tract.”

Critics have pointed out that the law is sub­ject to change, and what is con­sid­ered il­le­gal now might end up be­ing al­lowed in the fu­ture.

And the pub­lic seems to be sid­ing with Anthropic. ChatGPT unin­stalls jumped 295% af­ter OpenAI made its deal with the DoD.

I think this at­tempted spin/​gaslight­ing is not work­ing very well on the gen­eral pub­lic or the me­dia, where peo­ple mostly see OpenAI’s deal with the DoW as sketchy or sus­pi­cious, and see us as the he­roes (we’re #2 in the App Store now!),” Amodei wrote to his staff. It is work­ing on some Twitter mo­rons, which does­n’t mat­ter, but my main worry is how to make sure it does­n’t work on OpenAI em­ploy­ees.”

...

Read the original on techcrunch.com »

6 385 shares, 79 trendiness

googleworkspace/cli: Google Workspace CLI — one command-line tool for Drive, Gmail, Calendar, Sheets, Docs, Chat, Admin, and more. Dynamically built from Google Discovery Service. Includes AI agent skills.

One CLI for all of Google Workspace — built for hu­mans and AI agents.

Drive, Gmail, Calendar, and every Workspace API. Zero boil­er­plate. Structured JSON out­put. 40+ agent skills in­cluded.

npm in­stall -g @googleworkspace/cli

gws does­n’t ship a sta­tic list of com­mands. It reads Google’s own Discovery Service at run­time and builds its en­tire com­mand sur­face dy­nam­i­cally. When Google Workspace adds an API end­point or method, gws picks it up au­to­mat­i­cally.

npm in­stall -g @googleworkspace/cli

gws auth setup # walks you through Google Cloud pro­ject con­fig + OAuth lo­gin

gws drive files list –params {“pageSize”: 5}’

cargo in­stall –path .

A Nix flake is also avail­able at github:google­work­space/​cli

nix run github:google­work­space/​cli

For hu­mans — stop writ­ing curl calls against REST docs. gws gives you tab‑com­ple­tion, –help on every re­source, –dry-run to pre­view re­quests, and auto‑pag­i­na­tion.

For AI agents — every re­sponse is struc­tured JSON. Pair it with the in­cluded agent skills and your LLM can man­age Workspace with­out cus­tom tool­ing.

# List the 10 most re­cent files

gws drive files list –params {“pageSize”: 10}’

# Create a spread­sheet

gws sheets spread­sheets cre­ate –json {“properties”: {“title”: Q1 Budget”}}’

# Send a Chat mes­sage

gws chat spaces mes­sages cre­ate \

–params {“parent”: spaces/xyz”}’ \

–json {“text”: Deploy com­plete.“}’ \

–dry-run

# Introspect any method’s re­quest/​re­sponse schema

gws schema drive.files.list

# Stream pag­i­nated re­sults as NDJSON

gws drive files list –params {“pageSize”: 100}’ –page-all | jq -r .files[].name’

The CLI sup­ports mul­ti­ple auth work­flows so it works on your lap­top, in CI, and on a server.

Credentials are en­crypted at rest (AES-256-GCM) with the key stored in your OS keyring.

gws auth setup # one-time: cre­ates a Cloud pro­ject, en­ables APIs, logs you in

gws auth lo­gin # sub­se­quent lo­gins

Requires the gcloud CLI to be in­stalled and au­then­ti­cated.

Use this when gws auth setup can­not au­to­mate pro­ject/​client cre­ation, or when you want ex­plicit con­trol.

Configure OAuth brand­ing/​au­di­ence if prompted:

Download the client JSON and save it to:

gws auth lo­gin

You can com­plete OAuth ei­ther man­u­ally or with browser au­toma­tion.

* Agent-assisted flow: the agent opens the URL, se­lects ac­count, han­dles con­sent prompts, and re­turns con­trol once the lo­cal­host call­back suc­ceeds.

If con­sent shows Google has­n’t ver­i­fied this app” (testing mode), click Continue. If scope check­boxes ap­pear, se­lect re­quired scopes (or Select all) be­fore con­tin­u­ing.

On the head­less ma­chine:

ex­port GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE=/path/to/credentials.json

gws drive files list # just works

Point to your key file; no lo­gin needed.

ex­port GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE=/path/to/service-account.json

gws drive files list

ex­port GOOGLE_WORKSPACE_CLI_IMPERSONATED_USER=ad­min@ex­am­ple.com

Useful when an­other tool (e.g. gcloud) al­ready mints to­kens for your en­vi­ron­ment.

ex­port GOOGLE_WORKSPACE_CLI_TOKEN=$(gcloud auth print-ac­cess-to­ken)

Environment vari­ables can also live in a .env file.

The repo ships 100+ Agent Skills (SKILL.md files) — one for every sup­ported API, plus higher-level helpers for com­mon work­flows and 50 cu­rated recipes for Gmail, Drive, Docs, Calendar, and Sheets. See the full Skills Index for the com­plete list.

# Install all skills at once

npx skills add https://​github.com/​google­work­space/​cli

# Or pick only what you need

npx skills add https://​github.com/​google­work­space/​cli/​tree/​main/​skills/​gws-drive

npx skills add https://​github.com/​google­work­space/​cli/​tree/​main/​skills/​gws-gmail

Install the ex­ten­sion into the Gemini CLI:

gem­ini ex­ten­sions in­stall https://​github.com/​google­work­space/​cli

Installing this ex­ten­sion gives your Gemini CLI agent di­rect ac­cess to all gws com­mands and Google Workspace agent skills. Because gws han­dles its own au­then­ti­ca­tion se­curely, you sim­ply need to au­then­ti­cate your ter­mi­nal once prior to us­ing the agent, and the ex­ten­sion will au­to­mat­i­cally in­herit your cre­den­tials.

gws mcp starts a Model Context Protocol server over stdio, ex­pos­ing Google Workspace APIs as struc­tured tools that any MCP-compatible client (Claude Desktop, Gemini CLI, VS Code, etc.) can call.

gws mcp -s drive # ex­pose Drive tools

gws mcp -s drive,gmail,cal­en­dar # ex­pose mul­ti­ple ser­vices

gws mcp -s all # ex­pose all ser­vices (many tools!)

mcpServers”: {

gws”: {

command”: gws”,

args”: [“mcp”, -s”, drive,gmail,calendar”]

gws drive files cre­ate –json {“name”: report.pdf”}’ –upload ./report.pdf

Integrate Google Cloud Model Armor to scan API re­sponses for prompt in­jec­tion be­fore they reach your agent.

gws gmail users mes­sages get –params …’ \

–sanitize projects/P/locations/L/templates/T”

Build a clap::Com­mand tree from the doc­u­men­t’s re­sources and meth­ods

If a re­quired Google API is not en­abled for your GCP pro­ject, you will see a 403 er­ror with rea­son ac­cess­Not­Con­fig­ured:

error”: {

code”: 403,

message”: Gmail API has not been used in pro­ject 549352339482 …”,

reason”: accessNotConfigured”,

enable_url”: https://​con­sole.de­vel­op­ers.google.com/​apis/​api/​gmail.googleapis.com/​overview?pro­ject=549352339482

gws also prints an ac­tion­able hint to stderr:

Click the en­able_url link (or copy it from the en­able_url JSON field).

cargo build # dev build

cargo clippy — -D warn­ings # lint

cargo test # unit tests

./scripts/coverage.sh # HTML cov­er­age re­port → tar­get/​llvm-cov/​html/

...

Read the original on github.com »

7 354 shares, 22 trendiness

The one science reform we can all agree on, but we're too cowardly to do

If you ever want a good laugh, ask an aca­d­e­mic to ex­plain what they get paid to do, and who pays them to do it.

In STEM fields, it works like this: the uni­ver­sity pays you to teach, but un­less you’re at a lib­eral arts col­lege, you don’t ac­tu­ally get pro­moted or rec­og­nized for your teach­ing. Instead, you get pro­moted and rec­og­nized for your re­search, which the uni­ver­sity does not gen­er­ally pay you for. You have to ask some­one else to pro­vide that part of your salary, and in the US, that some­one else is usu­ally the fed­eral gov­ern­ment. If you’re lucky—and these days, very lucky—you get a chunk of money to grow your bac­te­ria or smash your elec­trons to­gether or what­ever, you write up your re­sults for pub­li­ca­tion, and this is where the mon­key busi­ness re­ally be­gins.

In most dis­ci­plines, the next step is send­ing your pa­per to a peer-re­viewed jour­nal, where it gets eval­u­ated by an ed­i­tor and (if the ed­i­tor sees some promise in it) a few re­view­ers. These peo­ple are aca­d­e­mics just like you, and they gen­er­ally do not get paid for their time. Editors maybe get a small stipend and a bit of pro­fes­sional cred, while re­view­ers get noth­ing but the warm fuzzies of do­ing service to the field”, or the cold thrill of tank­ing other peo­ple’s pa­pers.

If you’re lucky again, your pa­per gets ac­cepted by the jour­nal, which now owns the copy­right to your work. They do not pay you for this! If any­thing, you pay them an article pro­cess­ing charge” for the priv­i­lege of no longer own­ing the rights to your pa­per. This is con­sid­ered a great honor.

The jour­nals then pay­wall your work, sell the ac­cess back to you and your col­leagues, and pocket the profit. Universities cover these sub­scrip­tions and fees by charg­ing the gov­ern­ment indirect costs” on every grant—money that does­n’t go to the re­search it­self, but to all the things that sup­port the re­search, like keep­ing the lights on, clean­ing the toi­lets, and ac­cess­ing the jour­nals that the re­searchers need to read.

Nothing about this sys­tem makes sense, which is why I think we should build a new one. In the mean­time, though, we should also fix the old one. But that’s hard, for two rea­sons. First, many peo­ple are in­vested in things work­ing ex­actly the way they do now, so every stu­pid idea has a con­stituency be­hind it. Second, our cur­rent ad­min­is­tra­tion seems to be­lieve in pol­icy by blood­let­ting: if some­thing is­n’t work­ing, just slice it open at ran­dom. Thanks to these hap­haz­ard cuts and can­cel­la­tions, we now have a sys­tem that is both dys­func­tional and ane­mic.

I see a way to solve both prob­lems at once. We can sat­isfy both the sci­en­tists and the scalpel-wield­ing politi­cians by rid­ding our­selves of the one con­stituency that should not ex­ist. Of all the crazy parts of our crazy sys­tem, the cra­zi­est part is where tax­pay­ers pay for the re­search, then pay pri­vate com­pa­nies to pub­lish it, and then pay again so sci­en­tists can read it. We may not agree on much, but we can all agree on this: it is time, fi­nally and for­ever, to get rid of for-profit sci­en­tific pub­lish­ers.

The writer G. K. Chesterton once said that be­fore you knock any­thing down, you ought to know how it got there in the first place. So be­fore we show for-profit pub­lish­ers the pointy end of a pitch­fork, we ought to know where they came from and why they per­sist.

It used to be a huge pain to pro­duce a phys­i­cal jour­nal—some­one had to op­er­ate the print­ing presses, lick the stamps, and mail the copies all over the world. Unsurprisingly, aca­d­e­mics did­n’t care much about do­ing those things. When gov­ern­ment money started flow­ing into uni­ver­si­ties post-World War II and the num­ber of ar­ti­cles ex­ploded, pri­vate com­pa­nies were like, Hey, why don’t we take these jour­nals off your hands—you keep do­ing the sci­en­tific stuff and we’ll han­dle all the bor­ing stuff.” And the aca­d­e­mics were like Sounds good, we’re sure this won’t have any un­fore­seen con­se­quences.”

Those com­pa­nies knew they had a cap­tive au­di­ence, so they bought up as many jour­nals as they could. Journal ar­ti­cles aren’t in­ter­change­able com­modi­ties like corn or soy­beans—if your sci­ence sup­plier starts goug­ing you, you can’t just switch to a new one. Adding to this lock-in ef­fect, pub­lish­ing in high-impact” jour­nals be­came the key to suc­cess in sci­ence, which meant if you wanted to move up, your uni­ver­sity had to pay up. So, even as the in­ter­net made it much cheaper to pro­duce a jour­nal, pub­lish­ers made it much more ex­pen­sive to sub­scribe to one.

The peo­ple run­ning this scam had no il­lu­sions about it, even if they hoped that other peo­ple did. Here’s how one CEO de­scribed it:

You have no idea how prof­itable these jour­nals are once you stop do­ing any­thing. When you’re build­ing a jour­nal, you spend time get­ting good ed­i­to­r­ial boards, you treat them well, you give them din­ners. […] [and then] we stop do­ing all that stuff and then the cash just pours out and you would­n’t be­lieve how won­der­ful it is.

So here’s the re­port we can make to Mr. Chesterton: for-profit sci­en­tific pub­lish­ers arose to solve the prob­lem of pro­duc­ing phys­i­cal jour­nals. The in­ter­net mostly solved that prob­lem. Now the pub­lish­ers are the prob­lem. These days, Springer Nature, Elsevier, Wiley, and the like are ba­si­cally gi­ant op­er­a­tions that proof­read, for­mat, and store PDFs. That’s not noth­ing, but it’s pretty close to noth­ing.

No one knows how much pub­lish­ers make in re­turn for pro­vid­ing these mod­est ser­vices, but we can guess. In 2017, the Association of Research Libraries sur­veyed its 123 mem­ber in­sti­tu­tions and found they were pay­ing a col­lec­tive $1 bil­lion in jour­nal sub­scrip­tions every year. The ARL cov­ers some of the biggest uni­ver­si­ties, but not nearly all of them, so let’s guess that num­ber ac­counts for half of all uni­ver­sity sub­scrip­tion spend­ing. In 2023, the fed­eral gov­ern­ment es­ti­mated it paid nearly $380 mil­lion in ar­ti­cle pro­cess­ing charges alone, and those are sep­a­rate from sub­scrip­tions. So it would­n’t be crazy if American uni­ver­si­ties were pay­ing some­thing like $2.5 bil­lion to pub­lish­ers every year, with the ma­jor­ity of that ul­ti­mately com­ing from tax­pay­ers.

To put those costs in per­spec­tive: if the fed­eral gov­ern­ment cut out the pub­lish­ers, it would prob­a­bly save more money every year than it has saved” in its re­cent at­tempts to cut off sci­en­tific fund­ing to uni­ver­si­ties. It’s un­clear how much money will ul­ti­mately be clawed back, as grants con­tinue to get frozen, un­frozen, lit­i­gated, and ne­go­ti­ated. But right now, it seems like ~$1.4 bil­lion in promised sci­ence fund­ing is sim­ply not go­ing to be paid out. We could save more than that every year if we just stopped writ­ing checks to John Wiley & Sons.

How can such a scam con­tinue to ex­ist? In large part, it’s be­cause of a com­puter hacker from Kazakhstan.

The po­lit­i­cal sci­en­tist James C. Scott once wrote that many sys­tems only work” be­cause peo­ple dis­obey them. For in­stance, the Soviet Union at­tempted to im­pose agri­cul­tural reg­u­la­tions so strict that peo­ple would have starved if they fol­lowed the let­ter of the law. Instead, cit­i­zens grew and traded food in se­cret. This made it look like the reg­u­la­tions were suc­cess­ful, when in fact they were a sham.

Something sim­i­lar is hap­pen­ing right now in sci­ence, ex­cept Russia is on the op­po­site side of the story this time. In the early 2010s, a Kazakhstani com­puter pro­gram­mer named Alexandra Elbakyan started down­load­ing ar­ti­cles en masse and post­ing them pub­licly on a web­site called SciHub. The pub­lish­ers sued her, so she’s hid­ing out in Russia, which pro­tects her from ex­tra­di­tion. As you can see in the map be­low, mil­lions of peo­ple now use SciHub to ac­cess sci­en­tific ar­ti­cles, in­clud­ing lots of peo­ple who seem to work at uni­ver­si­ties:

Why would re­searchers re­sort to piracy when they have le­git­i­mate ac­cess them­selves? Maybe be­cause jour­nals’ in­ter­faces are so clunky and an­noy­ing that it’s faster to go straight to SciHub. Or maybe it’s be­cause those re­searchers don’t ac­tu­ally have ac­cess. Universities are al­ways try­ing to save money by can­cel­ing jour­nal sub­scrip­tions, so aca­d­e­mics of­ten have to rely on boot­leg copies. Either way, SciHub seems to be our mod­ern-day ver­sion of those Soviet se­cret gar­dens: for-profit pub­lish­ing only works” be­cause peo­ple find ways to cir­cum­vent it.

In a punk rock kind of way, it’s kinda cool that so many American sci­en­tists can only do their work thanks to a data­base main­tained by a Russia-backed fugi­tive. But it ought to be a huge em­bar­rass­ment to the US gov­ern­ment.

Instead, for some rea­son, the gov­ern­ment in­sists on sid­ing with pub­lish­ers against cit­i­zens. Sixteen years ago, the US had its own Elbakyan. His name was Aaron Swartz. He down­loaded mil­lions of pay­walled jour­nal ar­ti­cles us­ing a con­nec­tion at MIT, pos­si­bly in­tend­ing to share them pub­licly. Government agents ar­rested him, charged him with wire fraud, and in­tended to fine him $1 mil­lion and im­prison him for 35 years. Instead, he killed him­self. He was 26.

Scientists have tried to take on the mid­dle­men them­selves. They’ve founded open-ac­cess jour­nals. They’ve pub­lished preprints. They’ve tried al­ter­na­tive ways of eval­u­at­ing re­search. A few high-pro­file pro­fes­sors have pub­licly and dra­mat­i­cally sworn off all luxury” out­lets, and less-fa­mous folks have fol­lowed suit: in 2012, over 10,000 re­searchers signed a pledge not to pub­lish in any jour­nals owned by Elsevier.

None of this has worked. The biggest for-profit pub­lish­ers con­tinue mak­ing more money year af­ter year. Diamond” open ac­cess jour­nals—that is, pub­li­ca­tions that don’t charge au­thors or read­ers—only ac­count for ~10% of all ar­ti­cles. Four years af­ter that mas­sive pledge, 38% of sign­ers had bro­ken their promise and pub­lished in an Elsevier jour­nal.

These ef­forts have fiz­zled be­cause this is­n’t a prob­lem that can be solved by any in­di­vid­ual, or even many in­di­vid­u­als. Academia is so cut­throat that any­one who right­eously gives up an ad­van­tage will be out­com­peted by some­one who has fewer scru­ples. What we have here is a col­lec­tive ac­tion prob­lem.

Fortunately, we have an or­ga­ni­za­tion that ex­ists for the ex­press pur­pose of solv­ing col­lec­tive ac­tion prob­lems. It’s called the gov­ern­ment. And as luck would have it, they’re also the one pay­ing most of the bills!

So the so­lu­tion here is straight­for­ward: every gov­ern­ment grant should stip­u­late that the re­search it sup­ports can’t be pub­lished in a for-profit jour­nal. That’s it! If the pub­lic paid for it, it should­n’t be pay­walled.

The Biden ad­min­is­tra­tion tried to do this, but they did it in a stu­pid way. They man­dated that NIH-funded re­search pa­pers have to be open ac­cess”, which sounds like a so­lu­tion, but it’s ac­tu­ally a psyop. By re­plac­ing sub­scrip­tion fees with article pro­cess­ing charges”, pub­lish­ers can sim­ply make au­thors pay for writ­ing in­stead of mak­ing read­ers pay for read­ing. The com­pa­nies can keep skim­ming money off the sys­tem, and best of all, they get to call the re­sult open ac­cess”.

These fees can be wild. When my PhD ad­vi­sor and I pub­lished one of our pa­pers to­gether, the jour­nal charged us an open ac­cess” fee of $12,000. This arrange­ment is a tiny bit bet­ter than the al­ter­na­tive, be­cause at least every­body can read our pa­per now, in­clud­ing peo­ple who aren’t af­fil­i­ated with a uni­ver­sity. But those fees still have to come from some­where, and whether you charge writ­ers or read­ers, you’re ul­ti­mately charg­ing the same ac­count—namely, the US gov­ern­ment.

The Trump ad­min­is­tra­tion some­how found a way to make a stu­pid pol­icy even stu­pider. They sped up the time­line while also fir­ing a bunch of NIH staffers—ex­actly the peo­ple who would make sure that gov­ern­ment-spon­sored pub­li­ca­tions are, in fact, pub­licly ac­ces­si­ble. And you need some­one to check on that, be­cause re­searchers are no­to­ri­ously bad about this kind of stuff. They’re al­ready re­quired to up­load the re­sults of clin­i­cal tri­als to a pub­lic data­base, but more than half the time they just…don’t.

To do this right, you can­not al­low the rent-seek­ers to re­brand. You have to cut them out en­tirely. I don’t think this will fix every­thing that’s wrong with sci­ence; it will merely fix the wrongest thing. Nonprofit jour­nals still charge fees, but at least the money goes to or­ga­ni­za­tions that os­ten­si­bly care about sci­ence, rather than go­ing to CEOs who make $17 mil­lion a year. And al­most every jour­nal, for-profit or not, uses the same failed sys­tem of peer re­view. The biggest ben­e­fit of shak­ing things up, then, would be al­low­ing dif­fer­ent ap­proaches to have a chance at life, the same way an oc­ca­sional for­est fire clears away the dead wood, opens up the pinecones, and gives seedlings a shot at the sun­light.

Science phil­an­thropies should adopt the same pol­icy, and some of them al­ready have. The Navigation Fund, which over­sees bil­lions of dol­lars in sci­en­tific fund­ing, no longer bankrolls jour­nal pub­li­ca­tions at all. Seemay Chou, its di­rec­tor, re­ports that the ex­per­i­ment has been a great suc­cess:

Our re­searchers be­gan de­sign­ing ex­per­i­ments dif­fer­ently from the start. They be­came more cre­ative and col­lab­o­ra­tive. The goal shifted from telling pol­ished sto­ries to un­cov­er­ing use­ful truths. All re­sults had value, such as failed at­tempts, aban­doned in­quiries, or untested ideas, which we fre­quently re­lease through Arcadia’s Icebox. The bar for util­ity went up, as prox­ies like im­pact fac­tors dis­ap­peared.

Fifteen years ago, the open sci­ence move­ment was all about abol­ish­ing for-profit jour­nals—that’s what open sci­ence meant. It seemed like every speech would end with ELSEVIER DELENDA EST.

Now peo­ple barely bring it up at all. It’s like a tiger has es­caped the zoo and it’s gulp­ing down school­child­ren, but when peo­ple sug­gest zoo im­prove­ments, all the agenda items are like, We should add an­other Dippin’ Dots kiosk”. If you bring up the loose tiger, every­one gets an­noyed at you, like Of course, no one likes the tiger”.

I think two things hap­pened. First, we got cyn­i­cal about cy­ber­space. In the 1990s and 2000s, we re­ally thought the in­ter­net would solve most of our prob­lems. When those prob­lems per­sisted de­spite all of us get­ting broad­band, we shifted to think­ing that the in­ter­net was, in fact, caus­ing the prob­lems. And so it be­came cringe to think the in­ter­net could ever be a force for good. In 1995, for-profit pub­lish­ers were go­ing to be the in­ter­net’s first vic­tim”; in 2015, they were the busi­ness the in­ter­net could not kill”.

Second, when the repli­ca­tion cri­sis hit in the early 2010s, the open sci­ence move­ment got a new vil­lain—namely, naughty re­searchers. The fak­ers, the fraud­sters, the over-claimers: those are the real bad boys of sci­ence. It’s no longer cool to hate in­ter­na­tional pub­lish­ing con­glom­er­ates. Now it’s cool to hate your col­leagues.

Both of these shifts were a shame. The in­ter­net utopi­ans were right that the web would elim­i­nate the need for jour­nals, but they were wrong to think that would be enough. The repli­ca­tion po­lice were right to call out sci­en­tific malfea­sance, but they were wrong to for­get our old foes. The for-profit pub­lish­ers are just as bad as they ever were, and while the in­ter­net has made them more vul­ner­a­ble then ever, now we know they won’t go un­less they’re pushed.

If we want bet­ter sci­ence, we should catch the tiger. Not only be­cause it’s bad for the tiger to be loose, but be­cause it’s bad for us to look the other way. If you al­low an out­ra­geous scam to go unchecked, if you par­tic­i­pate in it, nor­mal­ize it—then what won’t you do? Why not also goose your stats a bit? Why not pub­lish some junk re­search? Look around: no one cares!

There are so many prob­lems with our cur­rent way of do­ing things, and most of those prob­lems are com­pli­cated and dif­fi­cult to solve. This one is­n’t. Let’s heave this suc­cubus off our sci­en­tific sys­tem and end this scam once and for all. After that, Dippin’ Dots all around.

...

Read the original on www.experimental-history.com »

8 313 shares, 19 trendiness

Qwen3.5 Fine-tuning Guide

...

Read the original on unsloth.ai »

9 292 shares, 12 trendiness

TLS Encrypted Client Hello

This is an Internet Standards Track doc­u­ment.¶

This doc­u­ment is a prod­uct of the Internet Engineering Task Force (IETF). It rep­re­sents the con­sen­sus of the IETF com­mu­nity. It has re­ceived pub­lic re­view and has been ap­proved for pub­li­ca­tion by the Internet Engineering Steering Group (IESG). Further in­for­ma­tion on Internet Standards is avail­able in Section 2 of RFC 7841.¶

Information about the cur­rent sta­tus of this doc­u­ment, any er­rata, and how to pro­vide feed­back on it may be ob­tained at https://​www.rfc-ed­i­tor.org/​info/​rfc9849.¶

Copyright (c) 2026 IETF Trust and the per­sons iden­ti­fied as the doc­u­ment au­thors. All rights re­served.¶

This doc­u­ment is sub­ject to BCP 78 and the IETF Trust’s Legal Provisions Relating to IETF Documents (https://​trustee.ietf.org/​li­cense-info) in ef­fect on the date of pub­li­ca­tion of this doc­u­ment. Please re­view these doc­u­ments care­fully, as they de­scribe your rights and re­stric­tions with re­spect to this doc­u­ment. Code Components ex­tracted from this doc­u­ment must in­clude Revised BSD License text as de­scribed in Section 4.e of the Trust Legal Provisions and are pro­vided with­out war­ranty as de­scribed in the Revised BSD License.¶

Although TLS 1.3 [RFC8446] en­crypts most of the hand­shake, in­clud­ing the server cer­tifi­cate, there are sev­eral ways in which an on-path at­tacker can learn pri­vate in­for­ma­tion about the con­nec­tion. The plain­text Server Name Indication (SNI) ex­ten­sion in ClientHello mes­sages, which leaks the tar­get do­main for a given con­nec­tion, is per­haps the most sen­si­tive in­for­ma­tion left un­en­crypted in TLS 1.3.¶

This doc­u­ment spec­i­fies a new TLS ex­ten­sion called Encrypted Client Hello (ECH) that al­lows clients to en­crypt their ClientHello to the TLS server. This pro­tects the SNI and other po­ten­tially sen­si­tive fields, such as the Application-Layer Protocol Negotiation (ALPN) list

[RFC7301]. Co-located servers with con­sis­tent ex­ter­nally vis­i­ble TLS con­fig­u­ra­tions and be­hav­ior, in­clud­ing sup­ported ver­sions and ci­pher suites and how they re­spond to in­com­ing client con­nec­tions, form an anonymity set. (Note that im­ple­men­ta­tion-spe­cific choices, such as ex­ten­sion or­der­ing within TLS mes­sages or di­vi­sion of data into record-layer bound­aries, can re­sult in dif­fer­ent ex­ter­nally vis­i­ble be­hav­ior, even for servers with con­sis­tent TLS con­fig­u­ra­tions.) Usage of this mech­a­nism re­veals that a client is con­nect­ing to a par­tic­u­lar ser­vice provider, but does not re­veal which server from the anonymity set ter­mi­nates the con­nec­tion. Deployment im­pli­ca­tions of this fea­ture are dis­cussed in Section 8.¶

ECH is not in it­self suf­fi­cient to pro­tect the iden­tity of the server. The tar­get do­main may also be vis­i­ble through other chan­nels, such as plain­text client DNS queries or vis­i­ble server IP ad­dresses. However, en­crypted DNS mech­a­nisms such as DNS over HTTPS [RFC8484], DNS over TLS/DTLS [RFC7858] [RFC8094], and DNS over QUIC [RFC9250]

pro­vide mech­a­nisms for clients to con­ceal DNS lookups from net­work in­spec­tion, and many TLS servers host mul­ti­ple do­mains on the same IP ad­dress. Private ori­gins may also be de­ployed be­hind a com­mon provider, such as a re­verse proxy. In such en­vi­ron­ments, the SNI re­mains the pri­mary ex­plicit sig­nal avail­able to ob­servers to de­ter­mine the server’s iden­tity.¶

ECH is sup­ported in TLS 1.3 [RFC8446], DTLS 1.3 [RFC9147], and newer ver­sions of the TLS and DTLS pro­to­cols.¶

The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL in this doc­u­ment are to be in­ter­preted as de­scribed in BCP 14 [RFC2119] [RFC8174]

when, and only when, they ap­pear in all cap­i­tals, as shown here. All TLS no­ta­tion comes from [RFC8446], Section 3.¶

This pro­to­col is de­signed to op­er­ate in one of two topolo­gies il­lus­trated be­low, which we call Shared Mode” and Split Mode”. These modes are de­scribed in the fol­low­ing sec­tion.¶

A client-fac­ing server en­ables ECH by pub­lish­ing an ECH con­fig­u­ra­tion, which is an en­cryp­tion pub­lic key and as­so­ci­ated meta­data. Domains which wish to use ECH must pub­lish this con­fig­u­ra­tion, us­ing the key as­so­ci­ated with the client-fac­ing server. This doc­u­ment de­fines the ECH con­fig­u­ra­tion’s for­mat, but del­e­gates DNS pub­li­ca­tion de­tails to [RFC9460]. See

[RFC9848] for specifics about how ECH con­fig­u­ra­tions are ad­ver­tised in SVCB and HTTPS records. Other de­liv­ery mech­a­nisms are also pos­si­ble. For ex­am­ple, the client may have the ECH con­fig­u­ra­tion pre­con­fig­ured.¶

When a client wants to es­tab­lish a TLS ses­sion with some back­end server, it con­structs a pri­vate ClientHello, re­ferred to as the ClientHelloInner. The client then con­structs a pub­lic ClientHello, re­ferred to as the

ClientHelloOuter. The ClientHelloOuter con­tains in­nocu­ous val­ues for sen­si­tive ex­ten­sions and an encrypted_client_hello” ex­ten­sion (Section 5), which car­ries the en­crypted ClientHelloInner. Finally, the client sends ClientHelloOuter to the server.¶

The server takes one of the fol­low­ing ac­tions:¶

If it does not sup­port ECH or can­not de­crypt the ex­ten­sion, it com­pletes the hand­shake with ClientHelloOuter. This is re­ferred to as re­ject­ing ECH.¶

If it suc­cess­fully de­crypts the ex­ten­sion, it for­wards the ClientHelloInner

to the back­end server, which com­pletes the hand­shake. This is re­ferred to as ac­cept­ing ECH.¶

Upon re­ceiv­ing the server’s re­sponse, the client de­ter­mines whether or not ECH was ac­cepted (Section 6.1.4) and pro­ceeds with the hand­shake ac­cord­ingly. When ECH is re­jected, the re­sult­ing con­nec­tion is not us­able by the client for ap­pli­ca­tion data. Instead, ECH re­jec­tion al­lows the client to retry with up-to-date con­fig­u­ra­tion (Section 6.1.6).¶

The pri­mary goal of ECH is to en­sure that con­nec­tions to servers in the same anonymity set are in­dis­tin­guish­able from one an­other. Moreover, it should achieve this goal with­out af­fect­ing any ex­ist­ing se­cu­rity prop­er­ties of TLS 1.3. See Section 10.1 for more de­tails about the ECH se­cu­rity and pri­vacy goals.¶

ECH uses Hybrid Public Key Encryption (HPKE) for pub­lic key en­cryp­tion [HPKE]. The ECH con­fig­u­ra­tion is de­fined by the fol­low­ing ECHConfig struc­ture.¶

The struc­ture con­tains the fol­low­ing fields:¶

The ECHConfigContents struc­ture con­tains the fol­low­ing fields:¶

The HpkeKeyConfig struc­ture con­tains the fol­low­ing fields:¶

The client-fac­ing server ad­ver­tises a se­quence of ECH con­fig­u­ra­tions to clients, se­ri­al­ized as fol­lows.¶

The ECHConfigList struc­ture con­tains one or more ECHConfig struc­tures in de­creas­ing or­der of pref­er­ence. This al­lows a server to sup­port mul­ti­ple ver­sions of ECH and mul­ti­ple sets of ECH pa­ra­me­ters.¶

To of­fer ECH, the client sends an encrypted_client_hello” ex­ten­sion in the

ClientHelloOuter. When it does, it MUST also send the ex­ten­sion in

ClientHelloInner.¶

The pay­load of the ex­ten­sion has the fol­low­ing struc­ture:¶

The outer ex­ten­sion uses the outer vari­ant and the in­ner ex­ten­sion uses the

in­ner vari­ant. The in­ner ex­ten­sion has an empty pay­load, which is in­cluded be­cause TLS servers are not al­lowed to pro­vide ex­ten­sions in ServerHello which were not in­cluded in ClientHello. The outer ex­ten­sion has the fol­low­ing fields:¶

When a client of­fers the outer ver­sion of an encrypted_client_hello” ex­ten­sion, the server MAY in­clude an encrypted_client_hello” ex­ten­sion in its EncryptedExtensions mes­sage, as de­scribed in Section 7.1, with the fol­low­ing pay­load:¶

The re­sponse is valid only when the server used the ClientHelloOuter. If the server sent this ex­ten­sion in re­sponse to the in­ner vari­ant, then the client

MUST abort with an unsupported_extension” alert.¶

Finally, when the client of­fers the encrypted_client_hello”, if the pay­load is the in­ner vari­ant and the server re­sponds with HelloRetryRequest, it MUST

in­clude an encrypted_client_hello” ex­ten­sion with the fol­low­ing pay­load:¶

The value of ECHHelloRetryRequest.confirmation is set to

hrr_ac­cep­t_­con­fir­ma­tion as de­scribed in Section 7.2.1.¶

This doc­u­ment also de­fines the ech_required” alert, which the client MUST send when it of­fered an encrypted_client_hello” ex­ten­sion that was not ac­cepted by the server. (See Section 11.2.)¶

Clients that im­ple­ment the ECH ex­ten­sion be­have in one of two ways: ei­ther they of­fer a real ECH ex­ten­sion, as de­scribed in Section 6.1, or they send a Generate Random Extensions And Sustain Extensibility (GREASE) [RFC8701]

ECH ex­ten­sion, as de­scribed in Section 6.2. The client of­fers ECH if it is in pos­ses­sion of a com­pat­i­ble ECH con­fig­u­ra­tion and sends GREASE ECH (see Section 6.2) oth­er­wise. Clients of the lat­ter type do not ne­go­ti­ate ECH; in­stead, they gen­er­ate a dummy ECH ex­ten­sion that is ig­nored by the server. (See Section 10.10.4 for an ex­pla­na­tion.) It is also pos­si­ble for clients to al­ways send GREASE ECH with­out im­ple­ment­ing the re­main­der of this spec­i­fi­ca­tion.¶

As de­scribed in Section 3.1, servers can play two roles, ei­ther as the client-fac­ing server or as the back­end server. Depending on the server role, the ECHClientHello will be dif­fer­ent:¶

A client-fac­ing server ex­pects an ECHClientHello.type of outer, and pro­ceeds as de­scribed in Section 7.1 to ex­tract a

ClientHelloInner, if avail­able.¶

A back­end server ex­pects an ECHClientHello.type of in­ner, and pro­ceeds as de­scribed in Section 7.2.¶

If ECHClientHello.type is not a valid ECHClientHelloType, then the server MUST abort with an illegal_parameter” alert.¶

In split mode, a client-fac­ing server which re­ceives a ClientHello

with ECHClientHello.type of in­ner MUST abort with an illegal_parameter” alert. Similarly, in split mode, a back­end server which re­ceives a ClientHello with ECHClientHello.type of outer

MUST abort with an illegal_parameter” alert.¶

In shared mode, a server plays both roles, first de­crypt­ing the

ClientHelloOuter and then us­ing the con­tents of the

ClientHelloInner. A shared mode server which re­ceives a

ClientHello with ECHClientHello.type of in­ner MUST abort with an illegal_parameter” alert, be­cause such a ClientHello should never be re­ceived di­rectly from the net­work.¶

If the encrypted_client_hello” is not pre­sent, then the server com­pletes the hand­shake nor­mally, as de­scribed in [RFC8446].¶

The de­sign of ECH as spec­i­fied in this doc­u­ment nec­es­sar­ily re­quires changes to client, client-fac­ing server, and back­end server. Coordination be­tween client-fac­ing and back­end server re­quires care, as de­ploy­ment mis­takes can lead to com­pat­i­bil­ity is­sues. These are dis­cussed in Section 8.1.¶

Beyond co­or­di­na­tion dif­fi­cul­ties, ECH de­ploy­ments may also cre­ate chal­lenges for uses of in­for­ma­tion that ECH pro­tects. In par­tic­u­lar, use cases which de­pend on this un­en­crypted in­for­ma­tion may no longer work as de­sired. This is elab­o­rated upon in Section 8.2.¶

In the ab­sence of an ap­pli­ca­tion pro­file stan­dard spec­i­fy­ing oth­er­wise, a com­pli­ant ECH ap­pli­ca­tion MUST im­ple­ment the fol­low­ing HPKE ci­pher suite:¶

This sec­tion con­tains se­cu­rity con­sid­er­a­tions for ECH.¶

ECH con­sid­ers two types of at­tack­ers: pas­sive and ac­tive. Passive at­tack­ers can read pack­ets from the net­work, but they can­not per­form any sort of ac­tive be­hav­ior such as prob­ing servers or query­ing DNS. A mid­dle­box that fil­ters based on plain­text packet con­tents is one ex­am­ple of a pas­sive at­tacker. In con­trast, ac­tive at­tack­ers can also write pack­ets into the net­work for ma­li­cious pur­poses, such as in­ter­fer­ing with ex­ist­ing con­nec­tions, prob­ing servers, and query­ing DNS. In short, an ac­tive at­tacker cor­re­sponds to the con­ven­tional threat model

[RFC3552] for TLS 1.3 [RFC8446].¶

Passive and ac­tive at­tack­ers can ex­ist any­where in the net­work, in­clud­ing be­tween the client and client-fac­ing server, as well as be­tween the client-fac­ing and back­end servers when run­ning ECH in split mode. However, for split mode in par­tic­u­lar, ECH makes two ad­di­tional as­sump­tions:¶

The chan­nel be­tween each client-fac­ing and each back­end server is au­then­ti­cated such that the back­end server only ac­cepts mes­sages from trusted client-fac­ing servers. The ex­act mech­a­nism for es­tab­lish­ing this au­then­ti­cated chan­nel is out of scope for this doc­u­ment.¶

The at­tacker can­not cor­re­late mes­sages be­tween a client and client-fac­ing server with mes­sages be­tween client-fac­ing and back­end server. Such cor­re­la­tion could al­low an at­tacker to link in­for­ma­tion unique to a back­end server, such as their server name or IP ad­dress, with a clien­t’s en­crypted ClientHelloInner. Correlation could oc­cur through tim­ing analy­sis of mes­sages across the client-fac­ing server, or via ex­am­in­ing the con­tents of mes­sages sent be­tween client-fac­ing and back­end servers. The ex­act mech­a­nism for pre­vent­ing this sort of cor­re­la­tion is out of scope for this doc­u­ment.¶

Given this threat model, the pri­mary goals of ECH are as fol­lows.¶

Security preser­va­tion. Use of ECH does not weaken the se­cu­rity prop­er­ties of TLS with­out ECH.¶

Handshake pri­vacy. TLS con­nec­tion es­tab­lish­ment to a server name within an anonymity set is in­dis­tin­guish­able from a con­nec­tion to any other server name within the anonymity set. (The anonymity set is de­fined in Section 1.)¶

Downgrade re­sis­tance. An at­tacker can­not down­grade a con­nec­tion that at­tempts to use ECH to one that does not use ECH.¶

These prop­er­ties were for­mally proven in [ECH-Analysis].¶

With re­gards to hand­shake pri­vacy, client-fac­ing server con­fig­u­ra­tion de­ter­mines the size of the anonymity set. For ex­am­ple, if a client-fac­ing server uses dis­tinct ECHConfig val­ues for each server name, then each anonymity set has size k = 1. Client-facing servers

SHOULD de­ploy ECH in such a way so as to max­i­mize the size of the anonymity set where pos­si­ble. This means client-fac­ing servers should use the same ECHConfig for as many server names as pos­si­ble. An at­tacker can dis­tin­guish two server names that have dif­fer­ent

ECHConfig val­ues based on the ECHClientHello.config_id value.¶

This also means pub­lic in­for­ma­tion in a TLS hand­shake should be con­sis­tent across server names. For ex­am­ple, if a client-fac­ing server ser­vices many back­end ori­gin server names, only one of which sup­ports some ci­pher suite, it may be pos­si­ble to iden­tify that server name based on the con­tents of the un­en­crypted hand­shake mes­sage. Similarly, if a back­end ori­gin reuses KeyShare val­ues, then that pro­vides a unique iden­ti­fier for that server.¶

Beyond these pri­mary se­cu­rity and pri­vacy goals, ECH also aims to hide, to some ex­tent, the fact that it is be­ing used at all. Specifically, the GREASE ECH ex­ten­sion de­scribed in Section 6.2 does not change the se­cu­rity prop­er­ties of the TLS hand­shake at all. Its goal is to pro­vide cover” for the real ECH pro­to­col (Section 6.1), as a means of ad­dress­ing the do not stick out” re­quire­ments of [RFC8744]. See Section 10.10.4 for de­tails.¶

The fol­low­ing pro­ce­dure processes the ech_outer_extensions” ex­ten­sion (see

Section 5.1) in lin­ear time, en­sur­ing that each ref­er­enced ex­ten­sion in the ClientHelloOuter is in­cluded at most once:¶

Let I be ini­tial­ized to zero and N be set to the num­ber of ex­ten­sions in ClientHelloOuter.¶

For each ex­ten­sion type, E, in OuterExtensions:¶

If E is encrypted_client_hello”, abort the con­nec­tion with an illegal_parameter” alert and ter­mi­nate this pro­ce­dure.¶

While I is less than N and the I-th ex­ten­sion of

ClientHelloOuter does not have type E, in­cre­ment I.¶

If I is equal to N, abort the con­nec­tion with an illegal_parameter” alert and ter­mi­nate this pro­ce­dure.¶

Otherwise, the I-th ex­ten­sion of ClientHelloOuter has type E. Copy it to the EncodedClientHelloInner and in­cre­ment I.¶

This doc­u­ment draws ex­ten­sively from ideas in [PROTECTED-SNI], but is a much more lim­ited mech­a­nism be­cause it de­pends on the DNS for the pro­tec­tion of the ECH key. , , ,

, , , and also pro­vided im­por­tant ideas and con­tri­bu­tions.¶

...

Read the original on www.rfc-editor.org »

10 284 shares, 20 trendiness

Making Firefox’s right-click not suck with about

On a fresh in­stal­la­tion of Firefox on MacOS, right-click­ing an im­age while some text on the page is high­lighted (to show as many but­tons as pos­si­ble) looks like so:

To be blunt: holy fuck­ing shit, what the fuck is all of this shit? 26 rows of which 2 are greyed-out (aka: fuck­ing use­less), 7 di­viders, 2 sub­menus; be­cause a sin­gle row for Ask an AI Chatbot” was­n’t enough, they just had to make an­other sub­menu. Amazing.

The Inspect Accessibility Properties” but­ton was added be­cause I opened the DevTools (Inspector) once. It’s not ob­vi­ous how to ac­tu­ally dis­able it ever again. Why am I shown Copy Clean Link” if there is no clean link (or the link is al­ready clean)? The same goes for Copy Clean Link to Highlight”. Why can’t I make it so it al­ways de­faults to the clean link” no mat­ter what (and get rid of Copy Link” com­pletely, in­stead)? Ask an AI Chatbot”? No, fuck you.

The rest? Completely use­less. Thanks for show­ing me every fea­ture you’ve ever shipped, with no au­thor­i­ta­tive se­lec­tion of what users ac­tu­ally care about — and mak­ing it com­pletely non-ob­vi­ous how to dis­able the use­less shit here.

Enough vent­ing, let’s clean this all up. The fol­low­ing set­tings in about:con­fig can be used to dis­able a ton of these use­less right-click menu but­tons. Note, some of them ac­tu­ally dis­able other func­tion­al­ity, so choose wisely. We can set the fol­low­ing to false:

* browser.trans­la­tions.se­lect.en­able — Removes the Translate Selection” but­ton from the right-click menu.

* screen­shots.browser.com­po­nent.en­abled — Disables the built-in Firefox screen­shot func­tion­al­ity, which also re­moves the Take Screenshot” but­ton.

* dom.tex­t_frag­ments.en­abled — Disables Text Fragments sup­port, which also re­moves the Copy Link to Highlight” but­ton (and dis­ables the auto-fo­cus on URLs that in­clude #:~:text=…).

* de­v­tools.ac­ces­si­bil­ity.en­abled — Disables the DevTools Accessibility Inspector and re­moves the Inspect Accessibility Properties” but­ton.

* browser.ml.linkPre­view.en­abled — Disables Link Previews (and the AI-generated key points in­side them), re­mov­ing Preview Link” but­ton.

* dom.text-recog­ni­tion.en­abled — Disables OCR on im­ages, re­mov­ing the Copy Text From Image” but­ton.

* ex­ten­sions.for­maut­ofill.ad­dresses.en­abled — Disables ad­dress aut­ofill and the as­so­ci­ated menu/​but­ton that some­times ap­pears in forms.

* ex­ten­sions.for­maut­ofill.cred­it­Cards.en­abled — Disables credit card/​pay­ment method aut­ofill and re­moves the as­so­ci­ated menu/​but­ton that some­times ap­pears in forms.

* wid­get.ma­cos.na­tive-con­text-menus — Turns off na­tive ma­cOS con­text menus so Firefox uses its own menus. This re­moves the Services” but­ton.

* print.en­abled — Completely dis­ables Firefox’ print­ing UI and ca­pa­bil­i­ties, which also re­moves the Print” and Print Selection…” but­tons.

How do we look now?

Great, much bet­ter, we’re down from 26 but­tons to just 15. Here’s what it looks like when you right-click on a page and when you right-click a link:

We still have the fol­low­ing use­less but­tons though:

Why do all of the above have …? (edit: ac­cord­ing to this, it means that more in­for­ma­tion is re­quired to com­plete the task (e.g. re­quest­ing the file­name for sav­ing a file)”. But the real bad news is that we can’t get rid of these things by sim­ply tog­gling some op­tion in about:con­fig.

We also have these when we right-click in a form:

Despite the browser only be­ing used in one lan­guage, there is no way to get rid of the Languages” menu there. It’s pos­si­ble to get rid of Check Spelling” by com­pletely dis­abling spellcheck, but that’s a use­ful fea­ture for me, so I don’t.

Those re­main­ing use­less but­tons can only be re­moved by cre­at­ing a cus­tom user­Chrome.css. I’ll cover how to do that in my next post.

For what it’s worth, it is nice that these but­tons can be en­abled/​dis­abled, and user­Chrome.css is cool. But at the same time, imag­ine be­ing a com­pletely new Firefox user, who has zero use for any of this? How are they sup­posed to fig­ure out how to do all of this? It took me a sig­nif­i­cant amount of time to find those set­tings to dis­able (and some of them are hacks, like dis­abling print.en­abled). Maybe Firefox should im­ple­ment some­thing sim­i­lar to their Customize Toolbar”, which makes it easy to plug & play each of the right-click but­tons. PRs wel­come” as they say, I sup­pose.

...

Read the original on joshua.hu »

To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".

10HN is also available as an iOS App

If you visit 10HN only rarely, check out the the best articles from the past week.

If you like 10HN please leave feedback and share

Visit pancik.com for more.