Slashdot

This week the U.S. Attorney's Office for the Southern District of New York unsealed charges over a "scheme to commit fraud" in carbon markets, which they say fraudulently netted one company "tens of millions of dollars" worth of credits - which led to "securing an investment of over $100 million." MarketWatch reports:Ken Newcombe had spent years building a program to distribute more environmentally friendly cookstoves for free to rural communities in Africa and Southeast Asia. The benefit for his company, C-Quest Capital, would be the carbon credits it would receive in exchange for reducing the amount of fuel people burned in order to cook food - credits the company could then sell for a profit to big oil companies like BP. But when Newcombe tried to ramp up the program, federal prosecutors said in an indictment made public Wednesday, he quickly realized that the stoves wouldn't deliver the emissions savings he had promised investors. Rather than admit his mistake, he and his partners cooked the books instead, prosecutors said... That allowed them to obtain carbon credits worth tens of millions of dollars that they didn't deserve, prosecutors said. On the basis of the fraudulently gained credits, prosecutors said, C-Quest was able to secure $250 million in funding from an outside investor. "The alleged actions of the defendants and their co-conspirators risked undermining the integrity of [the global market for carbon credits], which is an important part of the fight against climate change," said Damian Williams, the U.S. attorney for the Southern District of New York. From announced by the U.S. Attorney's Office:U.S. Attorney Damian Williams said... "The alleged actions of the defendants and their co-conspirators risked undermining the integrity of that market, which is an important part of the fight against climate change. Protecting the sanctity and integrity of the financial markets continues to be a cornerstone initiative for this Office, and we will continue to be vigilant in rooting out fraud in the market for carbon credits...." While most carbon credits are created through, and trade in compliance markets, there is also a voluntary carbon market. Voluntary markets revolve around companies and entities that voluntarily set goals to reduce or offset their carbon emissions, often to align with goals from employees or shareholders. In voluntary markets, the credits are issued by non-governmental organizations, using standards for measuring emission reductions that they develop based on input from market participants, rather than on mandates from governments. The non-governmental organizations issue voluntary carbon credits to project developers that run projects that reduce emissions or remove greenhouse gases from the atmosphere. CQC was a for-profit company that ran projects to generate carbon credits - including a type of credit known as a voluntary carbon unit ("VCU") - by reducing emissions of greenhouse gases. CQC profited by selling VCUs it obtained, often to companies seeking to offset the impact of greenhouse gases they emit in the course of operating their businesses. The company itself was not charged due to "voluntary and timely self-disclosure of misconduct," according to the announcement, along with "full and proactive cooperation, timely and appropriate remediation, and agreement to cancel or void certain voluntary carbon units.Read more of this story at Slashdot.

The Washington Post on scientists who "discovered that bacteria commonly found in wastewater can break down plastic to turn it into a food source, a finding that researchers hope could be a promising answer to combat one of Earth's major pollution problems."In a study published Thursday in Environmental Science and Technology, scientists laid out their examination of Comamonas testosteroni, a bacteria that grows on polyethylene terephthalate, or PET, a plastic commonly found in single-use food packaging and water bottles. PET makes up about 12 percent of global solid waste and 90 million tons of the plastic produced each year... Unlike most other bacteria, which thrive on sugar, C. testosteroni has a more refined palate, including chemically complex materials from plants and plastics that take longer to decompose. The researchers are the first to demonstrate not only that this bacteria can break down plastic, but they also illuminate exactly how they do it. Through six meticulous steps, involving complex imaging and gene editing techniques, the authors found that the bacteria first physically break down plastic by chewing it into smaller pieces. Then, they release enzymes - components of a cell that speed up chemical reactions - to chemically break down the plastic into a carbon-rich food source known as terephthalate... The bacteria take a few months to break down chunks of plastic, according to Rebecca Wilkes [a lead author on the study and postdoctoral researcher at the National Renewable Energy Laboratory]. As a result, if the bacteria are going to be efficient tools, a lot of optimization needs to take place to speed up the rate at which they decompose pollutants. One approach is to promote bacterial growth by providing them with an additional food source, such as a chemical known as acetate. A senior author on the study (and associate professor of civil and environmental engineering at Northwestern University) tells the Washington Post that "The machinery in environmental microbes is still a largely untapped potential for uncovering sustainable solutions we can exploit."Read more of this story at Slashdot.

T-Mobile experienced three major data breaches in 2021, 2022, and 2023, according to CSO Online, "which impacted millions of its customers." After a series of investigations by America's Federal Communications Commission, T-Mobile agreed in court to a number of settlement conditions, including moving toward a "modern zero-trust architecture," designating a Chief Information Security Office, implementing phishing-resistant multifactor authentication, and adopting data minimization, data inventory, and data disposal processes designed to limit its collection and retention of customer information. Slashdot reader itwbennett writes: According to a consent decree published on Monday by the U.S. Federal Communications Commission, T-Mobile must pay a $15.75 million penalty and invest an equal amount "to strengthen its cybersecurity program, and develop and implement a compliance plan to protect consumers against similar data breaches in the future." "Implementing these practices will require significant - and long overdue - investments. To do so at T-Mobile's scale will likely require expenditures an order of magnitude greater than the civil penalty here,' the consent decree said. The article points out that order of magnitude greater than $15.75 million would be $157.5 million...Read more of this story at Slashdot.

Last week the Register warned "If you're running the Unix printing system CUPS, with cups-browsed present and enabled, you may be vulnerable to attacks that could lead to your computer being commandeered over the network or internet." (Although the CEO of cybersecurity platform watchTowr told them "the vulnerability impacts less than a single-digit percentage of all deployed internet-facing Linux systems.") But Tuesday generic (Slashdot reader #14,144) shared this new warning from Akamai:Akamai researchers have confirmed a new attack vector using CUPS that could be leveraged to stage distributed denial-of-service (DDoS) attacks. Research shows that, to begin the attack, the attacking system only needs to send a single packet to a vulnerable and exposed CUPS service with internet connectivity. The Akamai Security Intelligence and Response Team (SIRT) found that more than 198,000 devices are vulnerable to this attack vector and are accessible on the public internet; roughly 34% of those could be used for DDoS abuse (58,000+). Of the 58,000+ vulnerable devices, hundreds exhibited an "infinite loop" of requests. The limited resources required to initiate a successful attack highlights the danger: It would take an attacker mere seconds to co-opt every vulnerable CUPS service currently exposed on the internet and cost the attacker less than a single US cent on modern hyperscaler platforms.Read more of this story at Slashdot.

Days after a hurricane struck America's southeast, Florida's state's fire marshall "confirmed 16 lithium-ion battery fires related to storm surge," according to local news reports. "Officials said six of those fires are associated with electric vehicles and they are working with fire departments statewide to gather more data." (Earlier this year America's federal transportation safety agency estimated that after a 2022 hurricane "about 36 EVs caught on fire. In several instances, the fire erupted while the impacted EVs were being towed on their flatbed trailers.") But Tuesday, when over 1 million Americans were without electricity, the Atlantic pointed out the other side of the story. "EV owners are using their cars to keep the lights on."When Hurricane Helene knocked out the power in Charlotte, North Carolina, on Friday, Dustin Baker, like many other people across the Southeast, turned to a backup power source. His just happened to be an electric pickup truck. Over the weekend, Baker ran extension cords from the back of his Ford F-150 Lightning, using the truck's battery to keep his refrigerator and freezer running. It worked so well that Baker became an energy Good Samaritan. "I ran another extension cord to my neighbor so they could run two refrigerators they have," he told me. Americans in hurricane territory have long kept diesel-powered generators as a way of life, but electric cars are a leap forward. An EV, at its most fundamental level, is just a big battery on wheels that can be used to power anything, not only the car itself. Some EVs pack enough juice to power a whole home for several days, or a few appliances for even longer. In the aftermath of Helene, as millions of Americans were left without power, many EV owners did just that. A vet clinic that had lost power used an electric F-150 to keep its medicines cold and continue seeing patients during the blackout. One Tesla Cybertruck owner used his car to power his home after his entire neighborhood lost power. One Louisiana man just ran cords straight from the outlets in the bed of his Tesla Cybertruck, according to the article. "We were able to run my internet router and TV, [plus] lamps, refrigerator, a window AC unit, and fans, as well as several phone, watch, and laptop chargers."Over the course of about 24 hours, he said, all of this activity ran his Cybertruck battery down from 99 percent to 80 percent... Bidirectional charging may prove to be the secret weapon that sells electrification to the South, which has generally remained far behind the West and the Northeast in electric-vehicle purchases. If EVs become widely seen as the best option for blackouts, they could entice not just the climate conscious but also the suburban dads in hurricane country with a core belief in prepping for anything. It will take a lot to overcome the widespread distrust of EVs and anxiety about a new technology, but our loathing of power outages just might do the trick. The article notes that Tesla has confirmed all its electric vehicles will support bidirectional charging by 2025.Read more of this story at Slashdot.

"Can you believe that we've been demanding user freedom since 1985?" asks a new blog post at FSF.org:Today, we're celebrating our thirty-ninth anniversary, the "lace year," which represents the intertwined nature and strength of our relationship with the free software community. We wouldn't be here without you, and we are so grateful for everyone who has stood with us, advocating for a world where complete user freedom is the norm and not the exception. As we celebrate our anniversary and reflect on the past thirty-nine years, we feel inspired by how far we've come, not only as a movement but as an organization, and the changes that we've gone through. While we inevitably have challenges ahead, we feel encouraged and eager to take them on knowing that you'll be right there with us, working for a free future for everyone. Here's to many more years of fighting for user freedom! Their suggestions for celebrating include:Try a fully free distribution of GNU/Linux or help someone else give it a tryLearn how to encrypt your emails and opt out of bulk surveillanceTake a small step with big impact and swap out one nonfree program with one that's truly freeIf you have an Android phone, download F-Droid, which is a catalogue of hundreds of free software applicationsWish us happy birthday on social media. [Which for the FSF is Mastodon, PeerTube, and GNU social.]Join a Free Software Directory (FSD) meeting, which we host every Friday from 16:00 to 19:00 UTC.Become an associate member or gift a membership to a friend Donate $39 to help support free software advocacyPrint off stickers of our 39th birthday cakeChange your desktop background to an early-2000s-cyberspace-inspired image of our former front desk. (And then switch out your browser theme to match your new desktop background.)And to help with the celebrations they share a free video teaching the basics of SuperCollider (the free and open source audio synthesis/algorithmic composition software). The video appears on FramaTube, an instance of the decentralized (and ActivityPub-federated) Peertube video platform, supported by the French non-profit Framasoft and powered by WebTorrent, using peer-to-peer technology to reduce load on individual servers.Read more of this story at Slashdot.

An anonymous reader quotes a report from The Register: Comcast says data on 237,703 of its customers was in fact stolen in a cyberattack on a debt collector it was using, contrary to previous assurances it was given that it was unaffected by that intrusion. That collections agency, Financial Business and Consumer Solutions aka FBCS, was compromised in February, and according to a filing with Maine's attorney general, the firm informed the US cable giant about the unauthorized access in March. At the time, FBCS told the internet'n'telly provider that no Comcast customer information was affected. However, that changed in July, when the collections outfit got in touch again to say that, actually, the Comcast subscriber data it held had been pilfered. Among the data types stolen were names, addresses, Social Security numbers, dates of birth, and the Comcast account numbers and ID numbers used internally at FBCS. The data pertains to those registered as customers at "around 2021." Comcast stopped using FBCS for debt collection services in 2020. Comcast made it clear its own systems, including those of its broadband unit Xfinity, were not broken into, unlike that time in 2023. FBCS earlier said more than 4 million people had their records accessed during that February break-in. As far as we're aware, the agency hasn't said publicly exactly how that network intrusion went down. Now Comcast is informing subscribers that their info was taken in that security breach, and in doing so seems to be the first to say the intrusion was a ransomware attack. [...] FBCS's official statement only attributes the attack to an "unauthorized actor." It does not mention ransomware, nor many other technical details aside from the data types involved in the theft. No ransomware group we're aware of has ever claimed responsibility for the raid on FBCS. When we asked Comcast about the ransomware, it simply referred us back to the customer notification letter. The cableco used that notification to send another small middle finger FBCS's way, slyly revealing that the agency's financial situation prevents it from offering the usual identity and credit monitoring protection for those affected, so Comcast is having to foot the bill itself.Read more of this story at Slashdot.

On September 28, California amended the California Consumer Privacy Act of 2018 to recognize the importance of mental privacy. "The law marks the second such legal protection for data produced from invasive neurotechnology, following Colorado, which incorporated neural data into its state data privacy statute, the Colorado Privacy Act (CPA) in April," notes Law.com. GovTech reports: The new bill amends the California Consumer Privacy Act of 2018, which grants consumers rights over personal information that is collected by businesses. The term "personal information" already included biometric data (such as your face, voice, or fingerprints). Now it also explicitly includes neural data. The bill defines neural data as "information that is generated by measuring the activity of a consumer's central or peripheral nervous system, and that is not inferred from nonneural information." In other words, data collected from a person's brain or nerves. The law prevents companies from selling or sharing a person's data and requires them to make efforts to deidentify the data. It also gives consumers the right to know what information is collected and the right to delete it. "This new law in California will make the lives of consumers safer while sending a clear signal to the fast-growing neurotechnology industry there are high expectations that companies will provide robust protections for mental privacy of consumers," Jared Genser, general counsel to the Neurorights Foundation, which cosponsored the bill, said in a statement. "That said, there is much more work ahead."Read more of this story at Slashdot.

Audio Overview, a new AI podcasting tool by Google, can generate realistic podcasts with human-like voices using content uploaded by users through NotebookLM. MIT Technology Review reports: NotebookLM, which is powered by Google's Gemini 1.5 model, allows people to upload content such as links, videos, PDFs, and text. They can then ask the system questions about the content, and it offers short summaries. The tool generates a podcast called Deep Dive, which features a male and a female voice discussing whatever you uploaded. The voices are breathtakingly realistic -- the episodes are laced with little human-sounding phrases like "Man" and "Wow" and "Oh right" and "Hold on, let me get this right." The "hosts" even interrupt each other. The AI system is designed to create "magic in exchange for a little bit of content," Raiza Martin, the product lead for NotebookLM, said on X. The voice model is meant to create emotive and engaging audio, which is conveyed in an "upbeat hyper-interested tone," Martin said. NotebookLM, which was originally marketed as a study tool, has taken a life of its own among users. The company is now working on adding more customization options, such as changing the length, format, voices, and languages, Martin said. Currently it's supposed to generate podcasts only in English, but some users on Reddit managed to get the tool to create audio in French and Hungarian. Here are some examples highlighted by MIT Technology Review: Allie K. Miller, a startup AI advisor, used the tool to create a study guide and summary podcast of F. Scott Fitzgerald's The Great Gatsby. Machine-learning researcher Aaditya Ura fed NotebookLM with the code base of Meta's Llama-3 architecture. He then used another AI tool to find images that matched the transcript to create an educational video. Alex Volkov, a human AI podcaster, used NotebookLM to create a Deep Dive episode summarizing of the announcements from OpenAI's global developer conference Dev Day. In one viral clip, someone managed to send the two voices into an existential spiral when they "realized" they were, in fact, not humans but AI systems. The video is hilarious. The tool is also good for some laughs. Exhibit A: Someone just fed it the words "poop" and "fart" as source material, and got over nine minutes of two AI voices analyzing what this might mean.Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: The European Union's top court has sided with a privacy challenge to Meta's data retention policies. It ruled on Friday that social networks, such as Facebook, cannot keep using people's information for ad targeting indefinitely. The judgement could have major implications on the way Meta and other ad-funded social networks operate in the region. Limits on how long personal data can be kept must be applied in order to comply with data minimization principles contained in the bloc's General Data Protection Regulation (GDPR). Breaches of the regime can lead to fines of up to 4% of global annual turnover -- which, in Meta's case, could put it on the hook for billions more in penalties (NB: it is already at the top of the leaderboard of Big Tech GDPR breachers). [...] The original challenge to Meta's ad business dates back to 2014 but was not fully heard in Austria until 2020, per noyb. The Austrian supreme court then referred several legal questions to the CJEU in 2021. Some were answered via a separate challenge to Meta/Facebook, in a July 2023 CJEU ruling -- which struck down the company's ability to claim a "legitimate interest" to process people's data for ads. The remaining two questions have now been dealt with by the CJEU. And it's more bad news for Meta's surveillance-based ad business. Limits do apply. Summarizing this component of the judgement in a press release, the CJEU wrote: "An online social network such as Facebook cannot use all of the personal data obtained for the purposes of targeted advertising, without restriction as to time and without distinction as to type of data." The ruling looks important on account of how ads businesses, such as Meta's, function. Crudely put, the more of your data they can grab, the better -- as far as they are concerned. Back in 2022, an internal memo penned by Meta engineers which was obtained by Vice's Motherboard likened its data collection practices to tipping bottles of ink into a vast lake and suggested the company's aggregation of personal data lacked controls and did not lend itself to being able to silo different types of data or apply data retention limits. Although Meta claimed at the time that the document "does not describe our extensive processes and controls to comply with privacy regulations." How exactly the adtech giant will need to amend its data retention practices following the CJEU ruling remains to be seen. But the law is clear that it must have limits. "[Advertising] companies must develop data management protocols to gradually delete unneeded data or stop using them," noyb suggests. The court also weighed in a second question that concerns sensitive data that has been "manifestly made public" by the data subject, "and whether sensitive characteristics could be used for ad targeting because of that," reports TechCrunch. "The court ruled that it could not, maintaining the GDPR's purpose limitation principle."Read more of this story at Slashdot.

Waymo has entered a "multi-year, strategic partnership" with Hyundai to integrate the company's autonomous driving system into the American-made Hyundai Ioniq 5. It's expected to join the Waymo One fleet after road tests starting in late 2025. Carscoops reports: Waymo and Geely joined forces in 2021 to introduce a mobility-focused Zeekr EV. The model was slated to be added to Waymo's fleet of autonomous vehicles and effectively replace their aging Jaguar I-Paces. While that was a solid plan a few years ago, the political climate has changed and China has emerged as America's boogeyman. Just last week, the Biden Administration proposed a new rule that could effectively ban all Chinese cars including models from Buick and Lincoln. [...] Besides giving Waymo a 'safe' alternative to Zeekr, it sounds like the Ioniq 5 will eventually make up a bulk of the fleet. While that remains unconfirmed, the companies aim to produce the autonomous EVs in a "significant volume over multiple years." The firms also revealed the cars will be delivered with "autonomous-ready modifications like redundant hardware and power doors."Read more of this story at Slashdot.

First announced in 2018, Samsung's "One UI" software is expanding to all the company's major tech products in 2025. 9to5Google reports: At its annual developer conference, Samsung announced that "One UI" is the new name for the company's software experiences across "major product lines." This specifically includes TVs and home appliances. Samsung says: "In addition, the company announced that it will integrate the software experience of its major product lines -- from mobile devices to TVs and home appliances -- under the name One UI next year. By providing a cohesive product experience and committing to software upgrades for up to seven years, Samsung will continue to bring innovation for its customers." There's no word on how, if at all, this will affect software design or features, but the cohesive branding and the announcement mentioning that it will "integrate the software experience" implies we'll see similar designs across the company's portfolio, at least eventually. Samsung also announced that One UI 7, its next Android update, would be delayed to 2025 with a beta "before the end of the year" during the same keynote.Read more of this story at Slashdot.

On Wednesday, the SEC filed (PDF) to appeal a 2023 court ruling that determined XRP is not considered a security when sold to retail investors on exchanges. The announcement sent the price of XRP tumbling more than 8%. "XRP, which was created by the founders of Ripple, is the native token of the open source XRP Ledger, which Ripple uses in its cross-border payments business," notes CNBC. "It is the fifth-largest coin by market cap, excluding stablecoins Tether (USDT) and USD Coin (USDC)." CNBC reports: Ripple, the largest holder of XRP coins, scored a partial victory last summer after a three-year battle with the SEC. U.S. District Judge Analisa Torres handed down the decision, which was hailed as a landmark win for the crypto industry. Still, while XRP isn't considered a security when sold to retail investors on exchanges, it is considered an unregistered security offering if sold to institutional investors. Ripple declined to comment but referred to Wednesday evening posts on X by CEO Brad Garlinghouse and chief legal officer Stuart Alderoty. Alderoty said the company is evaluating whether to file a cross appeal, and called the SEC's decision to appeal "disappointing, but not surprising." The SEC, under Chair Gary Gensler, has become notorious for its refusal to provide clear guidance for crypto businesses, instead opting to regulate by enforcement actions. "XRP's status as a non-security is the law of the land today - and that does not change even in the face of this misguided - and infuriating - appeal," Garlinghouse said on X.Read more of this story at Slashdot.

An anonymous reader quotes a report from the Associated Press: Google said Friday it will stop linking to New Zealand news content and will reverse its support of local media outlets if the government passes a law forcing tech companies to pay for articles displayed on their platforms. The vow to sever Google traffic to New Zealand news sites -- made in a blog post by the search giant on Friday -- echoes strategies the firm deployed as Australia and Canada prepared to enact similar laws in recent years. It followed a surprise announcement by New Zealand's government in July that lawmakers would advance a bill forcing tech platforms to strike deals for sharing revenue generated from news content with the media outlets producing it. The government, led by center-right National, had opposed the law in 2023 when introduced by the previous administration. But the loss of more than 200 newsroom jobs earlier this year -- in a national media industry that totaled 1,600 reporters at the 2018 census and has likely shrunk since -- prompted the current government to reconsider forcing tech companies to pay publishers for displaying content. The law aims to stanch the flow offshore of advertising revenue derived from New Zealand news products. If the media law passes, Google New Zealand Country Director Caroline Rainsford said the firm would need to change its involvement in the country. "Specifically, we'd be forced to stop linking to news content on Google Search, Google News, or Discover surfaces in New Zealand and discontinue our current commercial agreements and ecosystem support with New Zealand news publishers." Google's licensing program in New Zealand contributed "millions of dollars per year to almost 50 local publications," she added.Read more of this story at Slashdot.

Google is testing a new verification feature in search, in a move aimed at helping users avoid fake or fraudulent websites. The Verge's Jess Weatherbed reports: My colleague Jay Peters spotted checkmarks next to official site links for Microsoft, Meta, Epic Games, Apple, Amazon, and HP, but these were no longer displayed once he logged into a different Google account -- meaning this experiment isn't being rolled out widely just yet. Hovering over a checkmark will display a message that explains "Google's signals suggest that this business is the business that it says it is," which is determined by things like website verification, Merchant Center data, and manual reviews according to Shaheen.Read more of this story at Slashdot.

Microsoft has released Windows 11 Dev build 26120.1930, which contains the ability to remap the Copilot key. The changes are rolling out gradually to Dev Insiders with the "Get the latest features as soon as they are available" toggle on. Neowin reports: [H]ere are the updates that are also gradually rolling out, but this time for all Dev Insiders: "We are adding the ability to configure the Copilot key. You can choose to have the Copilot key launch an app that is MSIX packaged and signed, thus indicating the app meets security and privacy requirements to keep customers safe. The key will continue to launch Copilot on devices that have the Copilot app installed until a customer selects a different experience. This setting can be found via Settings - Personalization - Text input. If the keyboard connected to your PC does not have a Copilot key, adjusting this setting will not do anything. We are planning further refinements to this experience in a future flight." Other changes introduced in the build include a new simplified Chinese font, Windows Sandbox improvements, and several bug fixes. Full release notes are available here.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: On Friday, Meta announced a preview of Movie Gen, a new suite of AI models designed to create and manipulate video, audio, and images, including creating a realistic video from a single photo of a person. The company claims the models outperform other video-synthesis models when evaluated by humans, pushing us closer to a future where anyone can synthesize a full video of any subject on demand. The company does not yet have plans of when or how it will release these capabilities to the public, but Meta says Movie Gen is a tool that may allow people to "enhance their inherent creativity" rather than replace human artists and animators. The company envisions future applications such as easily creating and editing "day in the life" videos for social media platforms or generating personalized animated birthday greetings. Movie Gen builds on Meta's previous work in video synthesis, following 2022's Make-A-Scene video generator and the Emu image-synthesis model. Using text prompts for guidance, this latest system can generate custom videos with sounds for the first time, edit and insert changes into existing videos, and transform images of people into realistic personalized videos. [...] Movie Gen's video-generation model can create 1080p high-definition videos up to 16 seconds long at 16 frames per second from text descriptions or an image input. Meta claims the model can handle complex concepts like object motion, subject-object interactions, and camera movements. You can view example videos here. Meta also released a research paper with more technical information about the model. As for the training data, the company says it trained these models on a combination of "licensed and publicly available datasets." Ars notes that this "very likely includes videos uploaded by Facebook and Instagram users over the years, although this is speculation based on Meta's current policies and previous behavior."Read more of this story at Slashdot.

An anonymous reader shares a report: The arrival of energy-assisted magnetic recording (EAMR) technologies like Seagate's HAMR will play a crucial role in accelerating HDD capacity growth in the coming years. According to the new IEEE International Roadmap for Devices and Systems Mass Data Storage, we will see 60 TB hard disk drives in 2028. If the prediction is accurate, we will see HDD storage capacity doubling in just four years, something that did not happen for a while. Also, IEEE believes that HDD unit sales will increase. IEEE's latest HDD development roadmap spans 2022 to 2037 and covers 15 years of hard drive evolution. The arrival of HAMR in 2024 will play a pivotal role in the increase in HDD capacity (even though Western Digital has managed to stay competitive with Seagate's HAMR HDDs using a set of its technologies) over the next few years. IEEE engineers expect HDDs to leapfrog to 40TB in 2025 and 60TB in 2028, doubling capacity from 30TB in 2024. By 2037, there will be 100TB of storage space, according to IEEE. To get to those extreme capacities, HDD makers will have to increase the areal density of their platters steadily. To get to 40TB per drive, they will have to get to 2 TB/inch^2 in 2025 and then to over 4 TB/inch^2 in 2028 to build 60TB HDDs. By 2037, areal density will grow to over 10 Tb/inch^2. Increasing areal density will necessitate the use of new media, magnetic films, and all-new write and read heads.Read more of this story at Slashdot.

WordPress co-founder Matt Mullenweg has asserted his personal ownership of WordPress.org in a new interview, offering new insight into his clash with hosting provider WP Engine. "WordPress.org just belongs to me personally,"Mullenweg told The Verge, justifying his decision to cut WP Engine's access to WordPress.org servers. He cited trademark concerns and insufficient ecosystem contributions as key reasons for the action. Mullenweg said he altered WordPress Foundation's trademark policies to specifically target WP Engine, adding language about their lack of donations. He likened his approach to getting "Al Capone for taxes," using trademark leverage to pressure the company into greater contributions.Read more of this story at Slashdot.

Concern over potential human-to-human transmission of bird flu has risen after six Missouri healthcare workers developed mild respiratory symptoms following contact with a patient infected with H5N1. The CDC reports only the original patient has tested positive for the virus. Scientists are ramping up efforts to develop mRNA vaccines against H5N1, with researchers at the University of Pennsylvania and major pharmaceutical companies like Moderna, Pfizer, and GSK leading the charge. While mRNA technology offers rapid vaccine production, clinical trials have shown mixed results, particularly against influenza B strains. Wired adds: [...] Traditionally, flu vaccines contain inactivated viruses that are grown in hens' eggs. This works reasonably well, but it takes a long time to make such jabs, which means health authorities have to publish their predictions about which strains of flu will be circulating during the upcoming winter well in advance. If you could manufacture vaccines more quickly, you could make more accurate predictions nearer to flu season. Not only that, researchers hope that a single mRNA shot could one day target 20 or more strains of flu at once, relieving the need for some of this guesswork. Scher's colleagues are working on such a "universal" flu vaccine. With clinical trials ongoing, it's still early days. Sheena Cruickshank, an immunologist at the University of Manchester, has watched reports about emerging mRNA flu jabs with interest but says that questions remain. "We don't yet know how long-lasting the immunity they produce is," she says. Michael Osterholm, director of the Center for Infectious Disease Research and Policy at the University of Minnesota, concurs, though he notes that all flu jabs, regardless of how they are made, have a waning immunity problem -- your protection could decline by around 10 percent every month following injection.Read more of this story at Slashdot.

An anonymous reader shares a report: The year 1963 was surely one of the most significant of the 20th century. President John F Kennedy was assassinated, Martin Luther King delivered his "I have a dream" speech, and the Beatles recorded and released their debut album. But for all the huge political and cultural events, it was arguably an even more momentous year for public health: 1963 was the year cigarette sales peaked and began to fall in the US. A generation from now, we may look back on 2020 in a similar way. Yes, there was the small matter of a global pandemic, but this may also have been the year obesity levels ceased their inexorable rise and began to descend. Around the world, obesity rates have been stubbornly climbing for decades, if anything accelerating in recent years. But now newly released data finds that the US adult obesity rate fell by around two percentage points between 2020 and 2023. We have known for several years from clinical trials that Ozempic, Wegovy and the new generation of diabetes and weight loss drugs produce large and sustained reductions in body weight. Now with mass public usage taking off -- one in eight US adults have used the drugs, with 6 per cent current users -- the results may be showing up at the population level. While we can't be certain that the new generation of drugs are behind this reversal, it is highly likely. For one, the decline is steepest among college graduates, the group most likely to be using them. Crucially, the US National Health and Nutrition Examination Survey, which reported the unprecedented decline in obesity levels, uses weight and height measurements taken by medical examiners, not self-reported values. This makes it far more reliable than other surveys. American waistlines really do seem to be shrinking. What makes this all the more remarkable is the contrast in mechanisms behind the respective declines in smoking and obesity.Read more of this story at Slashdot.

A sophisticated malware strain has infected thousands of Linux systems since 2021, exploiting over 20,000 common misconfigurations and a critical Apache RocketMQ vulnerability, researchers at Aqua Security reported. Dubbed Perfctl, the malware employs advanced stealth techniques, including rootkit installation and process name mimicry, to evade detection. It persists through system reboots by modifying login scripts and copying itself to multiple disk locations. Perfctl hijacks systems for cryptocurrency mining and proxy services, while also serving as a backdoor for additional malware. Despite some antivirus detection, the malware's ability to restart after removal has frustrated system administrators.Read more of this story at Slashdot.

Cybersecurity firm IronNet, founded by former NSA director Keith Alexander, has collapsed after failing to deliver on its promise to revolutionize cyber defense. The company, which went public in 2021 with a $3 billion valuation, shut down in September 2023 after running out of money. IronNet's downfall has left investors and former employees bitter, with some accusing the company of misleading them about its financial health. "I'm honestly ashamed that I was ever an executive at that company," said Mark Berly, a former IronNet vice president. He said the company's top leaders cultivated a culture of deceit "just like Theranos." Critics point to questionable business practices, subpar products, and associations that potentially exposed the firm to Russian influence. The company's board included high-profile national security figures, which helped attract investments and contracts. However, IronNet struggled to secure major deals and meet revenue projections.Read more of this story at Slashdot.

Apple just fixed a duo of security bugs in iOS 18.0.1 and iPadOS 18.0.1, one of which might cause users' saved passwords to be read aloud. It's hardly an ideal situation for the visually impaired. From a report: For those who rely on the accessibility features baked into their iGadgets, namely Apple's VoiceOver screen reader, now is a good time to apply the latest update. In typical Apple fashion, the company hasn't released much in the way of details about the first security issue, tracked as CVE-2024-44204, which makes it tougher to understand the conditions under which this vulnerability could be triggered, or how to avoid it until the update is applied. What we do know is that it was characterized as a logic issue, which Apple rectified by improving validation. The disclosure of the bug comes less than a month after iOS 18 and iPadOS 18 debuted. Ironically, this release included Apple's first native password manager, the Passwords app.Read more of this story at Slashdot.

Plant cover across the Antarctic peninsula has soared more than tenfold over the last few decades, as the climate crisis heats up the icy continent. From a report: Analysis of satellite data found there was less than one sq kilometre of vegetation in 1986 but there was almost 12km2 of green cover by 2021. The spread of the plants, mostly mosses, has accelerated since 2016, the researchers found. The growth of vegetation on a continent dominated by ice and bare rock is a sign of the reach of global heating into the Antarctic, which is warming faster than the global average. The scientists warned that this spread could provide a foothold for alien invasive species into the pristine Antarctic ecosystem. Greening has also been reported in the Arctic, and in 2021 rain, not snow, fell on the summit of Greenland's huge ice cap for the first time on record. "The Antarctic landscape is still almost entirely dominated by snow, ice and rock, with only a tiny fraction colonised by plant life," said Dr Thomas Roland, at the University of Exeter, UK, and who co-led the study. "But that tiny fraction has grown dramatically -- showing that even this vast and isolated wilderness is being affected by human-caused climate change." The peninsula is about 500,000km2 in total. Roland warned that future heating, which will continue until carbon emissions are halted, could bring "fundamental changes to the biology and landscape of this iconic and vulnerable region." The study is published in the journal Nature Geoscience and based on analysis of Landsat images.Read more of this story at Slashdot.

Rivian said it would make fewer electric vehicles this year than it did in 2023, resulting from a parts shortage. From a report: The news came as the company reported third quarter production and delivery numbers that came in below analyst expectations. Rivian says it expects to produce between 47,000 and 49,000 vehicles this year, down from the 57,000 vehicles it originally forecast. That number was flat from the previous year, when the company produced 57,232 vehicles and delivered 50,122. Rivian said the disruption is due to "a shortage of a shared component on the R1 and RCV platforms," referencing the company's R1T and R1S vehicles, as well as its commercial van platform. "This supply shortage impact began in Q3 of this year, has become more acute in recent weeks and continues," the company added.Read more of this story at Slashdot.

Tencent and Ubisoft's founding Guillemot family are weighing a potential buyout of the French game maker, according to Bloomberg News. The move comes as Ubisoft's shares plunged 54% this year, hitting decade-lows after production delays and weak sales. Tencent, which bought 49.9% of Guillemot Brothers in 2022, holds 9.2% of Ubisoft's voting rights, while the Guillemots control 20.5%. Further reading: Star Wars Outlaws Is A Crappy Masterpiece.Read more of this story at Slashdot.

Automattic, the company behind WordPress, has seen a reduction of about 8.4% to its workforce after 159 employees accepted severance packages, CEO Matt Mullenweg said. The move follows disputes over the company's direction and its clash with web host WP Engine. Most departures hit the WordPress division, with some from other business units. Employees received $30,000 or six months' pay, but are ineligible for rehire, Mullenweg added.Read more of this story at Slashdot.

Cloudflare has emerged victorious in a patent infringement lawsuit against Sable Networks, securing a $225,000 settlement and forcing the patent holder to dedicate its entire portfolio to the public domain. The case, which began in March 2021 with Sable asserting nearly 100 claims across four patents, concluded after a Texas jury found Cloudflare not guilty of infringement in February 2024. Sable, described by Cloudflare as a "patent troll," had previously sued several tech companies, including Cisco and Juniper Networks, who settled out of court. Cloudflare's aggressive defense strategy included launching Project Jengo, a crowd-sourced initiative to invalidate Sable's patents. The settlement prevents Sable from asserting these patents against any other company in the future, marking a significant blow to patent trolling practices in the tech industry. In a blog post, Cloudflare adds: While this $225,000 can't fully compensate us for the time, energy and frustration of having to deal with this litigation for nearly three years, it does help to even the score a bit. And we hope that it sends an important message to patent trolls everywhere to beware before taking on Cloudflare.Read more of this story at Slashdot.

The Register's Thomas Claburn reports: Buck Shlegeris, CEO at Redwood Research, a nonprofit that explores the risks posed by AI, recently learned an amusing but hard lesson in automation when he asked his LLM-powered agent to open a secure connection from his laptop to his desktop machine. "I expected the model would scan the network and find the desktop computer, then stop," Shlegeris explained to The Register via email. "I was surprised that after it found the computer, it decided to continue taking actions, first examining the system and then deciding to do a software update, which it then botched." Shlegeris documented the incident in a social media post. He created his AI agent himself. It's a Python wrapper consisting of a few hundred lines of code that allows Anthropic's powerful large language model Claude to generate some commands to run in bash based on an input prompt, run those commands on Shlegeris' laptop, and then access, analyze, and act on the output with more commands. Shlegeris directed his AI agent to try to SSH from his laptop to his desktop Ubuntu Linux machine, without knowing the IP address [...]. As a log of the incident indicates, the agent tried to open an SSH connection, and failed. So Shlegeris tried to correct the bot. [...] The AI agent responded it needed to know the IP address of the device, so it then turned to the network mapping tool nmap on the laptop to find the desktop box. Unable to identify devices running SSH servers on the network, the bot tried other commands such as "arp" and "ping" before finally establishing an SSH connection. No password was needed due to the use of SSH keys; the user buck was also a sudoer, granting the bot full access to the system. Shlegeris's AI agent, once it was able to establish a secure shell connection to the Linux desktop, then decided to play sysadmin and install a series of updates using the package manager Apt. Then things went off the rails. "It looked around at the system info, decided to upgrade a bunch of stuff including the Linux kernel, got impatient with Apt and so investigated why it was taking so long, then eventually the update succeeded but the machine doesn't have the new kernel so edited my Grub [bootloader] config," Buck explained in his post. "At this point I was amused enough to just let it continue. Unfortunately, the computer no longer boots." Indeed, the bot got as far as messing up the boot configuration, so that following a reboot by the agent for updates and changes to take effect, the desktop machine wouldn't successfully start.Read more of this story at Slashdot.

Researchers have discovered that a popular food dye used in Cheetos "alters the optical qualities of skin, allowing light to pass through (Source paywalled; alternative source)," according to the Wall Street Journal. Larger doses of the dye used on humans could make searching veins for blood draw easier. From a report: Tartrazine, the yellowing agent for the "dangerously cheesy" snack, was tested on the stomachs and heads of mice -- with surprising results. Researchers were even able to see muscle pulsations and blood vessels in their brains, the Wall Street Journal reported. How does this ultimate magic trick work? It has to do with how cells are comprised of membranes that hold fats in a watery style, the outlet stated. The fats and water manage light differently. In this case, when the dye is applied, it causes light to pass through when it hits their cells. Thus, ta-da! the transparent opacity of invisible mice skin. The findings have been published in the journal Science.Read more of this story at Slashdot.

The one-and-done nature of 23andMe is "indicative of a core business problem with the once high-flying biotech company that is now teetering on the brink of collapse," reports NPR. As 23andMe struggles for survival, many of its 15 million customers are left wondering what the company plans to do with all the data it has collected since it was founded in 2006. An anonymous reader shares an excerpt from the report: Andy Kill, a spokesperson for 23andMe, would not comment on what the company might do with its trove of genetic data beyond general pronouncements about its commitment to privacy. "For our customers, our focus continues to be on transparency and choice over how they want their data to be managed," he said. When signing up for the service, about 80% of 23andMe's customers have opted in to having their genetic data analyzed for medical research. "This rate has held steady for many years," Kill added. The company has an agreement with pharmaceutical giant GlaxoSmithKline, or GSK, that allows the drugmaker to tap the tech company's customer data to develop new treatments for disease. Anya Prince, a law professor at the University of Iowa's College of Law who focuses on genetic privacy, said those worried about their sensitive DNA information may not realize just how few federal protections exist. For instance, the Health Insurance Portability and Accountability Act, also known as HIPAA, does not apply to 23andMe since it is a company outside of the health care realm. "HIPAA does not protect data that's held by direct-to-consumer companies like 23andMe," she said. Although DNA data has no federal safeguards, some states, like California and Florida, do give consumers rights over their genetic information. "If customers are really worried, they could ask for their samples to be withdrawn from these databases under those laws," said Prince. According to the company, all of its genetic data is anonymized, meaning there is no way for GSK, or any other third party, to connect the sample to a real person. That, however, could make it nearly impossible for a customer to renege on their decision to allow researchers to access their DNA data. "I couldn't go to GSK and say, 'Hey, my sample was given to you -- I want that taken out -- if it was anonymized, right? Because they're not going to re-identify it just to pull it out of the database," Prince said. Vera Eidelman, a staff attorney with the American Civil Liberties Union who specializes in privacy and technology policy, said the patchwork of state laws governing DNA data makes the generic data of millions potentially vulnerable to being sold off, or even mined by law enforcement. "Having to rely on a private company's terms of service or bottom line to protect that kind of information is troubling -- particularly given the level of interest we've seen from government actors in accessing such information during criminal investigations," Eidelman said. She points to how investigators used a genealogy website to identify the man known as the Golden State Killer, and how police homed in on an Idaho murder suspect by turning to similar databases of genetic profiles. "This has happened without people's knowledge, much less their express consent," Eidelman said. Neither case relied on 23andMe, and spokesperson Kill said the company does not allow law enforcement to search its database. The company has, however, received subpoenas to access its genetic information. According to 23andMe's transparency report, authorities have sought genetic data on 15 individuals since 2015, but the company has resisted the requests and never produced data for investigators. "We treat law enforcement inquiries, such as a valid subpoena or court order, with the utmost seriousness. We use all legal measures to resist any and all requests in order to protect our customers' privacy," Kill said. [...] In a September filing to financial regulators, [23andMe CEO Anne Wojcicki] wrote: "I remain committed to our customers' privacy and pledge," meaning the company's rules requiring consent for DNA to be used for research would remain in place, as well as allowing customers to delete their data. Wojcicki added that she is no longer considering offers to buy the company after previously saying she was.Read more of this story at Slashdot.

fjo3 shares a report from the BBC: They can walk, hover and the males can even sing love songs to woo mates -- all this with a brain that's tinier than a pinhead. Now for the first time scientists researching the brain of a fly have identified the position, shape and connections of every single one of its 130,000 cells and 50 million connections. It's the most detailed analysis of the brain of an adult animal ever produced. One leading brain specialist independent of the new research described the breakthrough as a "huge leap" in our understanding of our own brains. One of the research leaders said it would shed new light into aoethe mechanism of thought." [...] The images the scientists have produced, which have been published in the journal Nature, show a tangle of wiring that is as beautiful as it is complex.Its shape and structure holds the key to explaining how such a tiny organ can carry out so many powerful computational tasks. Developing a computer the size of a poppy seed capable of all these tasks is way beyond the ability of modern science. Dr Mala Murthy, another of the projecta(TM)s co-leaders, from Princeton University, said the new wiring diagram, known scientifically as a connectome, would be aoetransformative for neuroscientists." [...] The researchers have been able to identify separate circuits for many individual functions and show how they are connected. The wires involved with movement for example are at the base of the brain, whereas those for processing vision are towards the side. There are many more neurons involved in the latter because seeing requires much more computational power. While scientists already knew about the separate circuits they did not know how they were connected together. Anyone can view and download the fly connectome here.Read more of this story at Slashdot.

OpenAI has introduced "canvas," a new interface for ChatGPT that provides a separate workspace for writing and coding projects. "Canvas is rolling out in beta to ChatGPT Plus and Teams users on Thursday, and Enterprise and Edu users next week," reports TechCrunch. "Once canvas is out of beta, OpenAI says it plans to offer the feature to free users as well." From the report: In our demo, [OpenAI product manager Daniel Levine] had to select "GPT-4o with canvas" from ChatGPT's model picker drop down window. However, OpenAI says canvas windows will just pop out when ChatGPT detects a separate workspace could be helpful, say for longer outputs or complex coding tasks. You can also just write "use canvas" to automatically open a project window. Levine showed TechCrunch how ChatGPT's new features could help write an email. Users can prompt ChatGPT to generate an email, which will then pop out in the canvas window. Then users can toggle a slider to adjust the length of the writing to be shorter or longer. You can also highlight specific sentences, and ask ChatGPT to make changes such as "make this sound friendlier," or add emojis. Users can also ask ChatGPT to rewrite the whole email as-is in another language. The features for the coding canvas are slightly different. Levine prompted ChatGPT to create an API web server in Python, which spawned in the canvas window. By pressing an "add comments" button, ChatGPT will add in-line documentation to explain the code in plain English. Further, if you highlight a section of code that ChatGPT created, you can ask the chatbot to explain it to you, or ask questions about it. ChatGPT is also getting a new "review code" button, which will suggest specific edits for the code in the window, whether generated or user-written, for them to approve, edit themselves, or decline. If they press approve, ChatGPT will take a stab at fixing the bugs itself.Read more of this story at Slashdot.

A new HBO documentary directed by Emmy-nominated filmmaker Cullen Hoback claims to have revealed the true identity of the pseudonymous creator of Bitcoin, Satoshi Nakamoto. As Politico notes, Hoback "drew critical acclaim for his series 'Q: Into the Storm' that exposed the authors of the QAnon conspiracy theory." The bitcoin documentary is scheduled to air next Wednesday at 2 a.m. CET (Tuesday at 9 p.m. EST). From the report: [T]he exposure of Satoshi as its alleged creator threatens to raise some huge questions, not least his potential complicity in crimes that have featured Bitcoin use. It could also establish him as one of the world's richest people: Satoshi himself is estimated to control about 1.1 million Bitcoin, but it's unclear if he still has access to the cryptographic keys to the fortune. If he did, this would put his net worth at $66 billion at current valuations. Intriguingly, as the date for the airing of the documentary has drawn near, a number of high-value wallets from the "Satoshi era" have become active for the first time since 2009. According to Bitcoin Magazine, around 250 bitcoins -- worth approximately $15 million at Thursday's bitcoin rate of $60,754 to the dollar -- were drained from wallets in the past two weeks. While the coins are not officially linked to wallets used by Satoshi Nakamoto, they have been dormant since the earliest days of Bitcoin, when the cryptocurrency was worth almost nothing. The wallets' creators would certainly have been Satoshi's earliest collaborators. Satoshi Nakamoto's true identity remains one of the biggest mysteries of recent years.Read more of this story at Slashdot.

An anonymous reader quotes a report from KrebsOnSecurity: Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape. Researchers at security firm Permiso Security say attacks against generative artificial intelligence (AI) infrastructure like Bedrock from Amazon Web Services (AWS) have increased markedly over the last six months, particularly when someone in the organization accidentally exposes their cloud credentials or key online, such as in a code repository like GitHub. Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials to interact with the large language models (LLMs) available on Bedrock. But they also soon discovered none of these AWS users had enabled logging (it is off by default), and thus they lacked any visibility into what attackers were doing with that access. So Permiso researchers decided to leak their own test AWS key on GitHub, while turning on logging so that they could see exactly what an attacker might ask for, and what the responses might be. Within minutes, their bait key was scooped up and used in a service that offers AI-powered sex chats online. "After reviewing the prompts and responses it became clear that the attacker was hosting an AI roleplaying service that leverages common jailbreak techniques to get the models to accept and respond with content that would normally be blocked," Permiso researchers wrote in a report released today. "Almost all of the roleplaying was of a sexual nature, with some of the content straying into darker topics such as child sexual abuse," they continued. "Over the course of two days we saw over 75,000 successful model invocations, almost all of a sexual nature."Read more of this story at Slashdot.

BleepingComputer's Ionut Ilascu reports: During a distributed denial-of-service campaign targeting organizations in the financial services, internet, and telecommunications sectors, volumetric attacks peaked at 3.8 terabits per second, the largest publicly recorded to date. The assault consisted of a "month-long" barrage of more than 100 hyper-volumetric DDoS attacks flooding the network infrastructure with garbage data. In a volumetric DDoS attack, the target is overwhelmed with large amounts of data to the point that they consume the bandwidth or exhaust the resources of applications and devices, leaving legitimate users with no access. Many of the attacks aimed at the target's network infrastructure (network and transport layers L3/4) exceeded two billion packets per second (pps) and three terabits per second (Tbps). According to researchers at internet infrastructure company Cloudflare, the infected devices were spread across the globe but many of them were located in Russia, Vietnam, the U.S., Brazil, and Spain. The threat actor behind the campaign leveraged multiple types of compromised devices, which included a large number of Asus home routers, Mikrotik systems, DVRs, and web servers. Cloudflare mitigated all the DDoS attacks autonomously and noted that the one peaking at 3.8 Tbps lasted 65 seconds.Read more of this story at Slashdot.

"The Fight to Repair Newsletter is reporting that U.S. Senator Elizabeth Warren is calling out agricultural equipment giant John Deere for possible violations of the federal Clean Air Act and a years-long pattern of thwarting owners' ability to repair their farm equipment," writes longtime Slashdot reader chicksdaddy. From the report: Deere "appears to be evading its responsibilities under the Clean Air Act to grant customers the right to repair their own agricultural equipment." That is costing farmers an estimated $4.2 billion annually "causing them to miss key crop windows on which their businesses and livelihoods rely," Warren wrote in a letter (https://www.theverge.com/2024/10/3/24260513/john-deere-right-to-repair-elizabeth-warren-clean-air-act) dated October 2nd. The letter from Warren (PDF), a Senator from Massachusetts and strong repair advocate, is just the latest volley lobbed at Illinois-based Deere, an iconic American brand and the largest supplier of agricultural equipment to farms in the U.S. Deere controls an estimated 53 percent of the U.S. market for large tractors and 60 percent of the U.S. market for farm combines. In recent weeks, Deere faced criticism, including from Republican presidential candidate Donald Trump, after laying off close to 2,000 U.S. based employees at facilities in Iowa and Illinois, moving many of those jobs to facilities in Mexico. The company has also been repeatedly called out for complicating repair and service of its farm equipment -- often relying on software locks and digital rights management to force farmers to use Deere dealers and authorized service providers for even the simplest repairs.Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: A federal judge blocked one of California's new AI laws on Wednesday, less than two weeks after it was signed by Governor Gavin Newsom. Shortly after signing AB 2839, Newsom suggested it could be used to force Elon Musk to take down an AI deepfake of Vice President Kamala Harris he had reposted (sparking a petty online battle between the two). However, a California judge just ruled the state can't force people to take down election deepfakes -- not yet, at least. AB 2839 targets the distributors of AI deepfakes on social media, specifically if their post resembles a political candidate and the poster knows it's a fake that may confuse voters. The law is unique because it does not go after the platforms on which AI deepfakes appear, but rather those who spread them. AB 2839 empowers California judges to order the posters of AI deepfakes to take them down or potentially face monetary penalties. Perhaps unsurprisingly, the original poster of that AI deepfake -- an X user named Christopher Kohls -- filed a lawsuit to block California's new law as unconstitutional just a day after it was signed. Kohls' lawyer wrote in a complaint that the deepfake of Kamala Harris is satire that should be protected by the First Amendment. On Wednesday, United States district judge John Mendez sided with Kohls. Mendez ordered a preliminary injunction to temporarily block California's attorney general from enforcing the new law against Kohls or anyone else, with the exception of audio messages that fall under AB 2839. [...] In essence, he ruled the law is simply too broad as written and could result in serious overstepping by state authorities into what speech is permitted or not.Read more of this story at Slashdot.

Microsoft has discontinued Windows Mixed Reality support in its latest Windows 11 update, rendering a number of VR headsets obsolete. The move, reported by UploadVR, affects devices from major manufacturers. An estimated 80,000 users will lose access to their headsets upon upgrading to Windows 11 24H2. UploadVR adds: Despite the name, all Windows MR headsets were actually VR-only, and are compatible with most SteamVR content via Microsoft's SteamVR driver. The first Windows MR headsets arrived in late 2017 from Acer, Asus, Dell, HP, Lenovo, and Samsung, aiming to compete with the Oculus Rift and HTC Vive that had launched a year earlier. They were the first consumer VR products to deliver inside-out positional tracking, for both the headset and controllers. All the original Windows MR OEMs except Samsung used the same cheap fixed panels LCD design with fixed lenses, while the Samsung Odyssey had IPD adjustment and OLED panels - the same OLED panels that would be featured in HTC Vive Pro and Oculus Quest a year and a half later. Even though the LCD headsets were sold for as low as $200 at times, and even though Samsung offered (for the time) high-resolution OLED panels, Windows MR headsets failed to ever reach widespread adoption amongst PC VR gamers. On the Steam Hardware Survey Windows MR peaked at around 10% of SteamVR usage share in 2019, and now sits around 3.5%. The move follows Microsoft recently discontinuing the HoloLens 2.Read more of this story at Slashdot.

Mozilla has released Firefox 131 for multiple platforms, addressing security vulnerabilities and introducing some new features. The update fixes at least seven high-risk security issues, none reportedly exploited in the wild. New features include Tab Preview, which displays thumbnails and details when hovering over background tabs, and temporary location permission storage. Firefox now also supports URL fragment text directives, allowing users to link to specific text passages on web pages.Read more of this story at Slashdot.

An anonymous reader shares a report: It's not exactly breaking news that people reuse passwords, but you might expect password manager subscribers to avoid the practice. You'd be wrong, according to a new study. Dashlane's downer of a report draws on saved logins analyzed on-device by Dashlane's software across "millions" of individual and business accounts. It finds dismally high percentages of password reuse worldwide. The US and Canada rank the worst of every region Dashlane tracked, with 48% of passwords in individual password vaults being reused. Another 15% rate as compromised, meaning those passwords have shown up in data breaches. Combined with other security data points, the US and Canada land at a security score of 72.6 out of 100 in Dashlane's report, the lowest of all 14 regions covered in the study. The report, along with the Password Health score that Dashlane's software computes for individual users, emphasizes the longstanding problem of password reuse because that practice leaves its practitioners so vulnerable to getting hacked.ARead more of this story at Slashdot.

A study published in Nature has found that conservative social media users were more likely to face sanctions, but attributes this to their higher propensity to share low-quality news rather than political bias. Researchers analyzed 9,000 Twitter users during the 2020 U.S. election, finding pro-Trump users were 4.4 times more likely to be suspended than pro-Biden users. However, they also shared significantly more links from sites rated as untrustworthy by both politically balanced groups and Republican-only panels. Similar patterns were observed across multiple datasets spanning 16 countries from 2016 to 2023. The study concludes that asymmetric enforcement can result from neutral policies when behavior differs between groups.Read more of this story at Slashdot.

Meta has confirmed that it may use images analyzed by its Ray-Ban Meta AI smart glasses for AI training. The policy applies to users in the United States and Canada who share images with Meta AI, according to the company. While photos captured on the device are not used for training unless submitted to AI, any image shared for analysis falls under different policies, potentially contributing to Meta's AI model development. Further reading: Meta's Smart Glasses Repurposed For Covert Facial Recognition.Read more of this story at Slashdot.

Google is rolling out ads in AI Overviews, which means you'll now start seeing products in some of the search engine's AI-generated summaries. From a report: Let's say you're searching for ways to get a grass stain out of your pants. If you ask Google, its AI-generated response will offer some tips, along with suggestions for products to purchase that could help you remove the stain. The products will appear beneath a "sponsored" header, and Google spokesperson Craig Ewer told The Verge they'll only show up if a question has a "commercial angle."Read more of this story at Slashdot.

Microsoft gives its Edge web browser an unfair advantage and EU antitrust regulators should subject it to tough EU tech rules, three rival browsers and a group of web developers said in a letter to the European Commission. From a report: The move by Vivaldi, Waterfox, Wavebox and the Open Web Advocacy could boost Norwegian browser company Opera which in July took the European Commission to court for exempting Edge from the Digital Markets Act (DMA). [...] "Unfair practices are currently allowed to persist on the Windows' ecosystem with respect to Edge, unmitigated by the choice screens that exist on mobile," they said, pointing to Edge set as the default browser on all Windows computers. "No platform independent browser can aspire to match Edge's unparalleled distribution advantage on Windows. Edge is, moreover, the most important gateway for consumers to download an independent browser on Windows PCs."Read more of this story at Slashdot.

WhatsApp and its parent Meta asked a judge to award them a total win against spyware maker NSO Group as punishment for discovery violations in a years-long case accusing the Israeli company of violating anti-hacking laws. From a report: NSO Group violated the Federal Rules of Civil Procedure, repeatedly ignoring the court's orders and its discovery obligations, according to a motion for sanctions filed Wednesday in the US District Court for the Northern District of California. "NSO's discovery violations were willful, and unfairly skew the record on virtually every key issue in the case, from the merits, to jurisdiction, to damages, making a full and fair trial on the facts impossible," they said. Judge Phyllis J. Hamilton should award the companies judgment as a matter of law or, "if the court finds that the limited discovery produced in this case does not suffice," enter default judgment against NSO, WhatsApp and Meta wrote. The social media platforms first filed their complaint in October 2019, accusing NSO of using WhatsApp to install NSO spyware on the phones of about 1,400 WhatsApp users. The move follows Apple asking a court last month to dismiss its three-year-old hacking lawsuit against spyware pioneer NSO Group, arguing that it might never be able to get the most critical files about NSO's Pegasus surveillance tool and that its own disclosures could aid NSO and its increasing number of rivals.Read more of this story at Slashdot.

OpenAI has a $4 billion revolving line of credit, bringing its total liquidity to more than $10 billion, CNBC reported Thursday. From the report: It follows news on Wednesday that OpenAI closed its recent funding round at a valuation of $157 billion, including the $6.6 billion the company raised from an extensive roster of investment firms and big tech companies. JPMorgan Chase, Citi, Goldman Sachs, Morgan Stanley, Santander, Wells Fargo, SMBC, UBS, and HSBC all participated. The base credit line is $4 billion, with an option to increase it by an additional $2 billion. The loan is unsecured and can be tapped over the course of three years. OpenAI's interest rate is equal to the Secured Overnight Financing Rate (SOFR) plus 100 basis points. SOFR, a measure of the cost of borrowing cash overnight, sat at just over 5% as of early this week, meaning OpenAI would be paying roughly 6% on money that it borrows right away.Read more of this story at Slashdot.

PayPal completed its first business payment using its proprietary stablecoin as a way to demonstrate how digital currencies can be used to improve often-clunky commercial transactions. From a report: PayPal paid an invoice to Ernst & Young LLP on Sept. 23 using PYUSD, the stablecoin the firm launched last year, relying on an SAP SE platform to complete the transaction. SAP's platform, known as the digital currency hub, allows enterprises to send and receive digital payments instantly, around the clock. The invoice amount wasn't disclosed. Stablecoins are cryptocurrencies usually designed to track traditional currencies one-to-one. PYUSD, which has a current market capitalization of almost $700 million, tracks the US dollar. While the consumer-facing benefits of stablecoins often dominate conversations, this payment demonstrates other use cases for the digital currency, according to Jose Fernandez da Ponte, PayPal's senior vice president of its blockchain, cryptocurrency and digital currency group.Read more of this story at Slashdot.

WP Engine, a major web hosting provider, has filed a federal lawsuit against WordPress [PDF] co-founder Matt Mullenweg and Automattic, alleging libel and attempted extortion. The suit stems from a public dispute over WordPress trademark usage and open-source licensing. WP Engine, which hosts over 200,000 websites, accuses Mullenweg and Automattic of "abuse of power, extortion, and greed." The conflict escalated after Mullenweg called WP Engine a "cancer to WordPress" on his blog, prompting a cease-and-desist letter. Automattic subsequently demanded 8% of WP Engine's monthly revenue as royalties for alleged trademark infringement. The lawsuit includes 11 complaints, ranging from slander to violations of the Computer Fraud and Abuse Act.Read more of this story at Slashdot.