Slashdot

TechCrunch's Paul Sawers reports: Fledgling fintech startup OpenBB is revealing the next step in its plans to take on the heavyweights of the investment research world. The company is launching a new, free version of a product that will open its arsenal of data and financial tooling to more users. OpenBB is the handiwork of software engineer Didier Lopes, who launched the Python-based platform back in 2021 as a way for amateur investors and enthusiasts to do investment research using different datasets for free, via a command line interface (CLI). The company went on to raise $8.5 million in seed funding from OSS Capital and angel investors such as Ram Shriram, an early backer of Google. While the community-based, open source project has amassed some 50,000 users, OpenBB has also been building an enterprise incarnation called Terminal Pro. This paid version gives teams access to an interface, pre-built database integrations, an Excel add-in, and various security and support bolt-ons that would appeal to larger businesses. [...] The all-new OpenBB Terminal -- not to be confused with the previous CLI-based OpenBB Terminal that the startup sunsetted in March -- is a full-fledged web app, though it strips out many of the premium features of Terminal Pro. It's fully customizable, can run on any operating system or platform, and provides access to an AI-enabled OpenBB copilot. Like the previous OpenBB Terminal, the all-new web app is also free to use. OpenBB Terminal is perhaps something of a middle ground between the CLI centricity of the open source project and the bells-and-whistles feature set of the enterprise product. The OpenBB Terminal serves as a single end point for accessing financial information from some 100 data sources, spanning equity, options, forex, the macro economy, and more. Users can also throw all their new data into the mix -- the community has previously contributed financial datasets such as historical currency exchange rates and crypto pricing data. There are also a slew of extensions and toolkits to bring more functionality to OpenBB -- such as an AI stock analysis agent. Users are free to incorporate their own AI systems and large language models (LLMs), which might be particularly important for security and compliance use cases. But with the OpenBB Copilot, categorized as a "compound AI system," users can run natural-language queries about their data out of the box. While OpenBB has been likened to an "open-source Bloomberg," TechCrunch notes that it's not a direct competitor due to Bloomberg's massive data resources and built-in chat functionality. OpenBB, however, offers flexibility with its open-source platform and customization options. OpenBB filed for a trademark, but Bloomberg has requested an extension to potentially oppose it, despite the company asserting there's no link between OpenBB and Bloomberg's abbreviation "BBG". Lopes says the name originates from BlackBerry stock, where the founders had lost money during the meme stock craze.Read more of this story at Slashdot.

Global semiconductor sales recorded a 20.6% year-on-year increase in August to $53.1 billion, according to the Semiconductor Industry Association (SIA). The Register reports: The Americas led the way, with sales up 43.9 percent to $15.4 billion over last year to notch up what may be the highest on record for August, the SIA said. This comes on the back of swelling demand from sectors such as AI, cloud computing, and automotive. Over in Asia-Pacific sales grew year-on-year by 17.1 percent to $10.95 billion, according to the World Semiconductor Trade Statistics organization, which compiles these stats for the SIA. China was up 19.2 percent to $13 billion and Japan grew two percent to $4 billion. Europe was the outlier, recording a nine percent drop to $4.7 billion. No reason was given for this decline. However, on a worldwide basis, all continents returned positive month-on-month numbers in August for the first time since October 2023, indicating that the semiconductor industry is on a path to recovery.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission gave Starlink and T-Mobile emergency authority to provide satellite-to-phone coverage in areas hit by Hurricane Helene. "SpaceX and T-Mobile have been given emergency special temporary authority by the FCC to enable Starlink satellites with direct-to-cell capability to provide coverage for cell phones in the affected areas of Hurricane Helene," SpaceX said yesterday. "The satellites have already been enabled and started broadcasting emergency alerts to cell phones on all networks in North Carolina. In addition, we may test basic texting (SMS) capabilities for most cell phones on the T-Mobile network in North Carolina." SpaceX warned of limits since the service isn't ready for a commercial rollout. "SpaceX's direct-to-cell constellation has not been fully deployed, so all services will be delivered on a best-effort basis," the company said. Starlink is being used to provide wireless emergency alerts to cell phones from all carriers in North Carolina, according to Ben Longmier, senior director of satellite engineering for SpaceX. "We are also closely monitoring Hurricane Milton and standing by ready to take action in Florida," he wrote. The FCC said (PDF) the approval "enabl[es] SpaceX to operate Supplemental Coverage from Space (SCS) in the 1910-1915 MHz and 1990-1995 MHz frequency bands leased from T-Mobile in areas affected by the Hurricane Helene." An FCC spokesperson told Ars that the approval is for all areas affected by Hurricane Helene, although it's only active in North Carolina so far. The FCC also said (PDF) that it is granting "special temporary authorities to licensees and issuing rule waivers to help communications providers maintain and restore service, support emergency operations, and assist public safety, including search and rescue efforts." Separately, the FCC last week waived (PDF) certain Lifeline program eligibility rules to help people in disaster areas (PDF) apply for discounted phone and broadband service.Read more of this story at Slashdot.

Phoronix's Michael Larabel reports: Yesterday when announcing the Linux 6.12-rc2 kernel, Linus Torvalds asked that the kernel maintainers do a better job moving forward with their commit messages. In particular, Torvalds is hoping that kernel maintainers will do a better job using an active, imperative voice when describing the changes within their pull requests. The Linux creator explained in the 6.12-rc2 announcement: "Anyway, on a completely different note: I try to make my merge commit messages be somewhat "cohesive", and so I often edit the pull request language to match a more standard layout and language. It's not a big deal, and often it's literally just about whitespace so that we don't have fifteen different indentation models and bullet syntaxes. I generally do it as I read through the text anyway, so it's not like it makes extra work for me. But what *does* make extra work is when some maintainers use passive voice, and then I try to actively rewrite the explanation (or, admittedly, sometimes I just decide I don't care quite enough about trying to make the messages sound the same). So I would ask maintainers to please use active voice, and preferably just imperative. [...]"Read more of this story at Slashdot.

Along with 343 Industries now becoming Halo Studios, future Halo games will be developed using Unreal Engine 5. The Verge's Tom Warren reports: Halo moving to Unreal Engine 5 is being positioned as the first step of a transformation for Halo Studios to change its technology, structure, processes, and even culture. "We're not just going to try improve the efficiency of development, but change the recipe of how we make Halo games," says Pierre Hintze, studio head at Halo Studios. The team building Halo will move from the studio's Slipspace Engine to Unreal, after the proprietary engine it built for Halo Infinite became difficult to use and strained development. Halo Studios has had to dedicate a lot of staff to developing the Slipspace Engine, and parts of it are almost 25 years old. "One of the primary things we're interested in is growing and expanding our world so players have more to interact with and more to experience," says Chris Matthews, art director at Halo Studios. "Nanite and Lumen [Unreal's rendering and lighting technologies] offer us an opportunity to do that in a way that the industry hasn't seen before. As artists, it's incredibly exciting to do that work." Halo Studios isn't committing to any release dates or new Halo game announcements just yet, but the team has been building some examples of Halo running in Unreal. Dubbed Project Foundry, the work is "neither a game nor a tech demo," but more of a research, development, and training tool. It's also the foundation for how the studio is changing up the way it builds Halo games. Project Foundry has been built as if it was a shipping game so that a bunch of it can appear in Halo games in the future. "It's fair to say that our intent is that the majority of what we showcased in Foundry is expected to be in projects which we are building, or future projects," says Hintze. Project Foundry includes more detailed landscapes for Halo biomes, as well as foliage levels we haven't seen in Halo games in the past. Master Chief's armor has even been remodeled in this footage [...]. Halo Studios is now working on multiple Halo games, while the Slipstream Engine will continue to power Halo Infinite. "We had a disproportionate focus on trying to create the conditions to be successful in servicing Halo Infinite," says Hintze. "[But switching to Unreal] allows us to put all the focus on making multiple new experiences at the highest quality possible."Read more of this story at Slashdot.

An anonymous reader shares a report: The companies behind the streaming industry, including smart TV and streaming stick manufacturers and streaming service providers, have developed a "surveillance system" that has "long undermined privacy and consumer protection," according to a report from the Center for Digital Democracy (CDD) published today and sent to the Federal Trade Commission (FTC). Unprecedented tracking techniques aimed at pleasing advertisers have resulted in connected TVs (CTVs) being a "privacy nightmare," according to Jeffrey Chester, report co-author and CDD executive director, resulting in calls for stronger regulation. The 48-page report, How TV Watches Us: Commercial Surveillance in the Streaming Era [PDF], cites Ars Technica, other news publications, trade publications, blog posts, and statements from big players in streaming -- from Amazon to NBCUniversal and Tubi, to LG, Samsung, and Vizio. It provides a detailed overview of the various ways that streaming services and streaming hardware target viewers in newfound ways that the CDD argues pose severe privacy risks. The nonprofit composed the report as part of efforts to encourage regulation. Today, the CDD sent letters to the FTC [PDF], Federal Communications Commission (FCC), California attorney general [PDF], and California Privacy Protection Agency (CPPA) [PDF], regarding its concerns. "Not only does CTV operate in ways that are unfair to consumers, it is also putting them and their families at risk as it gathers and uses sensitive data about health, children, race, and political interests,a Chester said in a statement.Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: The U.S. Federal Trade Commission's case accusing Amazon of stifling competition in online retail will move forward, though some of the states that sued alongside the agency had their claims dismissed, court documents showed. U.S. District Judge John Chun in Seattle unsealed his ruling from Sept. 30, which dismissed some of the claims brought by attorneys general in New Jersey, Pennsylvania, Maryland and Oklahoma. Last year, the FTC alleged Amazon.com, which has 1 billion items in its online superstore, was using an algorithm that pushed up prices U.S. households paid by more than $1 billion. Amazon has said in court papers it stopped using the program in 2019. The FTC has accused the online retailer of using anti-competitive tactics to maintain dominance among online superstores and marketplaces.Amazon asked Chun to dismiss the case in December, saying the FTC had raised no evidence of harm to consumers. The judge said in his ruling that he cannot consider Amazon's claims that its actions benefited competition at this early stage in the case.Read more of this story at Slashdot.

American scientists Victor Ambros and Gary Ruvkun won the Nobel Prize in Physiology or Medicine on Monday for discovering microRNA, tiny molecules that regulate gene expression. Their groundbreaking work in the 1990s revealed a new layer of genetic control, opening fresh avenues for understanding human development and disease. Ambros first identified microRNA in 1993, while Ruvkun later found similar molecules in humans and other species. These RNA fragments, about 100 times smaller than typical messenger RNA, can silence genes and fine-tune protein production. The discovery has spurred research into potential treatments for cancer, heart disease, and neurological disorders. Several biotechnology companies are now developing drugs that target or mimic microRNAs.Read more of this story at Slashdot.

The decline of journalism has been attributed to many factors, from slow adaptation to the internet to the dominance of tech giants in advertising. But a veteran journalist offers a new perspective: the death of the hyperlink could be changing the fundamental nature of the internet, with significant implications for the news industry. Matt Pearce: There is a real bias against hyperlinking that has developed on platforms and apps over the last five years in particular. It's something that's kind of operating hand-in-hand with the rise of algorithmic recommendations. You see this on Elon Musk's version of Twitter, where posts with hyperlinks are degraded. Facebook itself has decided to detach itself from displaying a lot of links. That's why you get so much AI scum on Facebook these days. Instagram itself has always been kind of hostile to linking. TikTok as well... If you degrade hyperlinks, and you degrade this idea of the internet as something that refers you to other things, you instead have this stationary internet where a generative AI agent will hoover up and summarize all the information that's out there, and place it right in front of you so that you never have to leave the portal... That was a real epiphany to me, because the argument against one form of this legislation was, "My God, you'll destroy this fundamental way of how the internet works." I'm like, dude, these companies are already destroying the fundamental way of how the internet works. [...] If you look at what technology has done to journalism over the last 10 years, it was journalists who figured out how to make Twitter work for them. It was journalists who figured out how to be really good on Instagram and Tik Tok. I know there's this argument about content creators and versus journalists, but I'm like, we're all in the same ecosystem. If you're performing the functions of a journalist, you're a journalist. Some people are really good on different platforms. But it's hard to imagine a scenario where Google is going to be the party that creates a more humane, intelligent, responsive form of journalism.Read more of this story at Slashdot.

A U.S. federal judge has mandated significant changes to Google's Android app store operations. Judge James Donato's ruling in Epic v. Google requires Google to allow rival app stores within its Play Store and grant them access to its app catalog for three years, beginning November 2024. The order prohibits Google from requiring its payment system for Play Store apps and permits developers to inform users about alternative payment methods. Google is also barred from offering incentives for app launch exclusivity or sharing app revenue with potential app store competitors. The ruling restricts Google from providing financial perks to device makers and carriers for Play Store exclusivity.Read more of this story at Slashdot.

Apple has rolled out an update to macOS 15 Sequoia that addresses compatibility issues with third-party security software that emerged in the initial release. The update, macOS 15.0.1, aims to resolve problems affecting products from CrowdStrike and Microsoft. The compatibility problems had disrupted the functionality of several cybersecurity tools when macOS 15 first launched in September.Read more of this story at Slashdot.

Google is developing a version of Chrome for Android that supports browser extensions, a feature long absent from mobile versions, AndroidAuthority reports. The report adds: Specifically, the company is experimenting with "desktop" builds of Chrome for Android. These "desktop" builds are currently intended for Chromebooks as they transition to use more parts of Android, but there's hope the work will benefit mobile devices, too.Read more of this story at Slashdot.

Tech giants Amazon and Microsoft have inked major deals with U.S. nuclear power plants to fuel their energy-hungry data centers, marking a shift in the industry's power sourcing strategy. The move comes as AI-driven facilities strain companies' climate goals, pushing them towards carbon-free electricity sources. Microsoft plans to revive the shuttered Three Mile Island plant by 2028, while Amazon secured power from Pennsylvania's Susquehanna Nuclear facility in a $650 million deal. Google is also exploring nuclear options, including small modular reactors still under development. This trend could potentially triple U.S. nuclear capacity by 2050, according to a Department of Energy report.Read more of this story at Slashdot.

U.S. exchanges' four-character limit for ETF tickers is creating fierce competition in the $10 trillion industry, particularly for single-stock funds. With 456,976 possible combinations, options narrow drastically when built around existing company tickers. MicroStrategy-inspired ETFs, for instance, leave issuers with just 52 choices using 'MST'. Memorable tickers are crucial for differentiation and can improve stock liquidity.Read more of this story at Slashdot.

U.S. public utility giant American Water says it has disconnected some of its systems after discovering that hackers breached its internal networks last week. From a report: American Water, which supplies drinking water and wastewater services to more than 14 million people across the United States, confirmed the security incident in an 8-K regulatory filing with the U.S. Securities and Exchange Commission on Monday. The New Jersey-based company said in its filing that its water and wastewater facilities are "at this time" not affected and continue to operate without interruption, though the company noted that it's currently "unable to predict the full impact of this incident." American Water said it also notified law enforcement of the intrusion. The company said it discovered "unauthorized activity" within its networks on October 3 and promptly moved to disconnect affected systems. In a statement on its website, American Water said it is "pausing billing until further notice." "In an effort to protect our customers' data and to prevent any further harm to our environment, we disconnected or deactivated certain systems," Ruben E. Rodriguez, a spokesperson for American Water, told TechCrunch in a statement. "There will be no late charges for customers while these systems are unavailable." Rodriguez declined to state which systems were unavailable and also declined to comment on the nature of the cybersecurity incident.Read more of this story at Slashdot.

doc1623 writes: Advocacy groups behind a so-called suicide capsule said Sunday they have suspended the process of taking applications to use it -- which numbered over 370 last month -- as a criminal investigation into its first use in Switzerland is completed. The president of Switzerland-based The Last Resort, Florian Willet, is being held in pretrial detention, said the group and Exit International, an affiliate founded in Australia over a quarter century ago. Swiss police arrested Willet and several other people following the death of an unidentified 64-year-old woman from the U.S. Midwest who on Sept. 23 became the first person to use the device, known as the "Sarco," in a forest in the northern Schaffhausen region near the German border. Others initially detained were released from custody, authorities have said.Read more of this story at Slashdot.

Amazon will likely eliminate around 14,000 corporate jobs by early next year as part of ongoing efforts to reduce costs, according to a note Morgan Stanley sent to clients that Slashdot has reviewed. Brian Nowak of Morgan Stanley estimated Amazon could cut approximately 13,800 manager positions by the end of the first quarter of 2025, based on the company's stated goal of increasing the ratio of individual contributors to managers by at least 15%. "AMZN management's recent letter laying out an increased focus on efficiency should lead to further EBIT cushion and (potential) upside in '25," Nowak wrote. The potential headcount reduction could result in $2.1 billion to $3.6 billion in annual cost savings for Amazon, adding 3% to 5% to the company's 2025 operating profit, according to Nowak's analysis. Amazon has already cut over 27,000 jobs since late 2022 as part of a major cost-cutting push. The company employed 1.54 million people globally as of the end of June.Read more of this story at Slashdot.

Google's grip on the nearly $300 billion search advertising business is loosening. From a report: For years, the tech giant has seemed invincible in this corner of the ad market, which is the foundation of its business. Now, rivals are beginning to eat into its lead, and new offerings -- fueled by the rise of artificial intelligence and social video -- threaten to reshape the landscape. TikTok, the wildly popular short-form video platform, has recently started allowing brands to target ads based on users' search queries -- a direct challenge to Google's core business. Perplexity, an AI search startup backed by Jeff Bezos, plans to introduce ads later this month under its AI-generated answers. Until now, it has made revenue mostly from a $20-a-month subscription offering that grants access to more-powerful AI technology. The new initiatives add to the pressure on Google from the rise of Amazon.com, which has taken a chunk of search ad spending. Many consumers begin product searches on the e-commerce platform. Google's share of the U.S. search ad market is expected to drop below 50% next year for the first time in over a decade, according to the research firm eMarketer. Amazon is expected to have 22.3% of the market this year, with 17.6% growth, compared with Google's 50.5% share and its 7.6% growth.Read more of this story at Slashdot.

An anonymous Slashdot reader shared the EFF's "Deeplink" blog post:EFF, along with the ACLU and the ACLU of Mississippi, filed an amicus brief on Thursday asking a federal appellate court to continue to block Mississippi's HB 1126 - a bill that imposes age verification mandates on social media services across the internet. Our friend-of-the-court brief, filed in the U.S. Court of Appeals for the Fifth Circuit, argues that HB 1126 is "an extraordinary censorship law that violates all internet users' First Amendment rights to speak and to access protected speech" online. HB 1126 forces social media sites to verify the age of every user and requires minors to get explicit parental consent before accessing online spaces. It also pressures them to monitor and censor content on broad, vaguely defined topics - many of which involve constitutionally protected speech. These sweeping provisions create significant barriers to the free and open internet and "force adults and minors alike to sacrifice anonymity, privacy, and security to engage in protected online expression." A federal district court already prevented HB 1126 from going into effect, ruling that it likely violated the First Amendment. At the heart of our opposition to HB 1126 is its dangerous impact on young people's free expression. Minors enjoy the same First Amendment right as adults to access and engage in protected speech online. "No legal authority permits lawmakers to burden adults' access to political, religious, educational, and artistic speech with restrictive age-verification regimes out of a concern for what minors might see" [argues the brief]. "Nor is there any legal authority that permits lawmakers to block minors categorically from engaging in protected expression on general purpose internet sites like those regulated by HB 1126..." "The law requires all users to verify their age before accessing social media, which could entirely block access for the millions of U.S. adults who lack government-issued ID..." And it also asks another question. "Would you want everything you do online to be linked to your government-issued ID?" And the blog post makes one more argument. "in an era where data breaches and identity theft are alarmingly common." So the bill "puts every user's personal data at risk... No one - neither minors nor adults - should have to sacrifice their privacy or anonymity in order to exercise their free speech rights online."Read more of this story at Slashdot.

An anonymous reader shared this post from the blog It's FOSSIt has been more than two years since K-9 Mail (an open-source email client for Android) joined the Mozilla Thunderbird project. Instead of making a new mobile app from scratch, Mozilla decided to convert K-9 Mail slowly into the new Thunderbird Android app. While we have known about it for some time now, we finally have something to test: Thunderbird for Android (Beta). Mozilla is looking for users to test it and plans a stable release at the end of October. The new Thunderbird app is now available on the Play Store as a beta version for user testing. So, we are closer to the stable launch than ever before. The article includes a few screenshots of the app... "For the functionality side, you can expect things like light/dark theme, email signature, unified inbox, ability to enable/disable contact pictures, threaded view, and opt out of data usage collection for privacy..."Read more of this story at Slashdot.

800,000 tons of rock have been excavated from a South Dakota research facility - part of a multi-year process "to help answer some of physics' biggest questions," writes America's Energy Department. "The caverns they excavated will hold a massive particle detector and accompanying equipment."Along with partners from more than 35 countries, the Department of Energy's Office of Science is supporting the Deep Underground Neutrino Experiment at the Long-Baseline Neutrino Facility (LBNF-DUNE)... To study how neutrinos change type as they travel, LBNF-DUNE will be sending a stream of neutrinos from DOE's Fermilab National Accelerator Laboratory in Illinois [nearly 600 miles away] to South Dakota. At the beginning and end of the particles' journey, detectors will measure the types of neutrinos and antineutrinos. By comparing the rates of how both particles change type, scientists may find a difference that accounts for that ancient misalignment. There's also hope they'll detect neutrinos from supernovae explosions - and maybe even decaying protonsLBNF-DUNE will use massive, seven-story tall detectors. Each detector will have 17,000 tons of liquid argon. That vast quantity of liquid maximizes the likelihood that scientists will detect as many neutrinos as possible. The far detector - the one in South Dakota - will be located about a mile underground. That distance places it in the right location compared to Fermilab and blocks the detector from other cosmic particles. "Just carrying out the excavation took three years," the announcement notes. ("The team had to dissemble the equipment, move it deep underground, and then reassemble it.) The 800,000 tons of rock were moved to the surface and then stored in a former mine. "Now that the excavation is complete, the LBNF-DUNE team is moving on to the next steps. Currently, they are installing the far detector in the Sanford Underground Research Facility. They anticipate finishing construction and starting to operate the detector in 2028. The team will then move on to installing the near detector at Fermilab. "The launch of LBNF/DUNE will be the beginning of a new era in understanding neutrinos and knowing more about our universe as a whole."Read more of this story at Slashdot.

Long-time Slashdot reader Bismillah writes: Python New Zealand has gone through some rough times lately, with its then-treasurer stealing money from the society.. Things were looking really serious for a while, with Python NZ looking at being liquidated due to the theft of funds. However, there is a silver lining to the story, as the free and open source movement rallied behind Python NZ and got them out of a serious pickle. "Our friends at Linux Australia and at the Python Software Foundation went well above and beyond to support us, and save us," says Tom Eastman president of Python New Zealand, in an article from interest.co.nz. He also says he hopes the treasure is ordered by the court to pay restitution. (In the article the treasurer confirms that he's pleaded guilty to the theft, which took place between February 2019 and October 2023 - leaving Python NZ owing conference supplies around $55,000.) "We had $26 in the bank accounts," Eastman tells the site. The group now has new transparency and accountability measures...Read more of this story at Slashdot.

Long-time Slashdot reader schwit1 shared this report from Australia's public broadcaster ABC:Ecovacs robot vacuums, which have been found to suffer from critical cybersecurity flaws, are collecting photos, videos and voice recordings - taken inside customers' houses - to train the company's AI models. The Chinese home robotics company, which sells a range of popular Deebot models in Australia, said its users are "willingly participating" in a product improvement program. When users opt into this program through the Ecovacs smartphone app, they are not told what data will be collected, only that it will "help us strengthen the improvement of product functions and attached quality". Users are instructed to click "above" to read the specifics, however there is no link available on that page. Ecovacs's privacy policy - available elsewhere in the app - allows for blanket collection of user data for research purposes, including: - The 2D or 3D map of the user's house generated by the device- Voice recordings from the device's microphone - Photos or videos recorded by the device's camera "It also states that voice recordings, videos and photos that are deleted via the app may continue to be held and used by Ecovacs..."Read more of this story at Slashdot.

An anonymous reader shared this report from the Washington Post:Hundreds of Americans have been arrested after being connected to a crime by facial recognition software, a Washington Post investigation has found, but many never know it because police seldom disclose their use of the controversial technology... In fact, the records show that officers often obscured their reliance on the software in public-facing reports, saying that they identified suspects "through investigative means" or that a human source such as a witness or police officer made the initial identification... The Coral Springs Police Department in South Florida instructs officers not to reveal the use of facial recognition in written reports, according to operations deputy chief Ryan Gallagher. He said investigative techniques are exempt from Florida's public disclosure laws... The department would disclose the source of the investigative lead if it were asked in a criminal proceeding, Gallagher added.... Prosecutors are required to inform defendants about any information that would help prove their innocence, reduce their sentence or hurt the credibility of a witness testifying against them. When prosecutors fail to disclose such information - known as a "Brady violation" after the 1963 Supreme Court ruling that mandates it - the court can declare a mistrial, overturn a conviction or even sanction the prosecutor. No federal laws regulate facial recognition and courts do not agree whether AI identifications are subject to Brady rules. Some states and cities have begun mandating greater transparency around the technology, but even in these locations, the technology is either not being used that often or it's not being disclosed, according to interviews and public records requests... Over the past four years, the Miami Police Department ran 2,500 facial recognition searches in investigations that led to at least 186 arrests and more than 50 convictions. Among the arrestees, just 1 in 16 were told about the technology's use - less than 7 percent - according to a review by The Post of public reports and interviews with some arrestees and their lawyers. The police department said that in some of those cases the technology was used for purposes other than identification, such as finding a suspect's social media feeds, but did not indicate in how many of the cases that happened. Carlos J. Martinez, the county's chief public defender, said he had no idea how many of his Miami clients were identified with facial recognition until The Post presented him with a list. "One of the basic tenets of our justice system is due process, is knowing what evidence there is against you and being able to challenge the evidence that's against you," Martinez said. "When that's kept from you, that is an all-powerful government that can trample all over us." After reviewing The Post's findings, Miami police and local prosecutors announced plans to revise their policies to require clearer disclosure in every case involving facial recognition. The article points out that Miami's Assistant Police Chief actually told a congressional panel on law enforcement AI use that his department is "the first to be completely transparent about" the use of facial recognition. (When confronted with the Washington Post's findings, he "acknowledged that officers may not have always informed local prosecutors [and] said the department would give prosecutors all information on the use of facial recognition, in past and future cases". He told the Post that the department would "begin training officers to always disclose the use of facial recognition in incident reports." But he also said they would "leave it up to prosecutors to decide what to disclose to defendants."Read more of this story at Slashdot.

Amazon launched "cashierless checkout" stores In 2018, reports CNBC - but by 2020 it was licensing the "Just Walk Out" technology to other stores in airports, hospitals, and stadiums.In April, Amazon announced it was removing cashierless checkout from its U.S. Fresh stores and Whole Foods locations... In place of Just Walk Out, which typically requires ceiling-mounted cameras, shelf sensors and gated entry points, Amazon Fresh stores and Whole Foods supermarkets will feature Dash Carts. The carts track and tally up items as shoppers place them in bags, enabling people to skip the checkout line. Amazon continues to use Just Walk Out in its grab-and-go marts and UK Fresh stores... While it's no longer featuring Just Walk Out as prominently in its own stores, Amazon says it has inked deals with a growing list of customers. More than 200 third-party stores have paid Amazon to install the cashierless system. The company expects to double the number of third-party Just Walk Out stores this year, Jon Jenkins, who previously served as vice president of Amazon's Just Walk Out technology, said in a recent interview... Amazon's "primary focus" is selling the technology to third-party businesses and deploying it in small to medium-sized store formats, where the system "tends to generate a little better [return on investment]," Jenkins said... At one Just Walk Out store, inside Seattle's Lumen Field, home to the NFL's Seahawks, the company said it boosted sales by 112% last season, with 85% more transactions during the course of a game. Two interesting points from the article:"Earlier this year, Amazon also began selling its connected grocery carts to third parties.""With Just Walk Out, Amazon faces the challenge of convincing retailers that they cantrust one of their biggest competitors with handling valuable shopper data..."Read more of this story at Slashdot.

"Pine64 has confirmed that its open-source e-ink tablet is returning," reports the blog OMG Ubuntu:The [10.1-inch e-ink display] PineNote was announced in 2021, building on the success of its non-SBC devices like the PinePhone (and later Pro model), the PineTab, and PineBook devices. Like most of Pine64's devices, software support is largely tackled by the community. But only a small batch of developer units were ever sold, primarily by enthusiasts within the open-source community who had the knowledge and desire to work on getting a modern Linux OS to run on the hardware, and adapt to the e-ink display. That process has taken a while, as Pine64's community bloggers explain: "The PineNote was stuck in a chicken-and-egg situation because of the very high cost of manufacturing the device (ePaper screens are sadly still expensive), and so the risk of manufacturing units that then didn't have a working Linux OS and would not sell was huge." However, the proverbial egg has finally hatched. The PineNote now has a reliable Debian-based OS, developed by Maximilian Weigand. This is described as "not only a bare-bones capable OS but a genuinely daily-usable system that 'just works'" according to the Pine64 blog. ["This is excellent as it also moves the target audience from developers to every day users. You should be able to power on the device and drop into a working Gnome experience."] It is said to use the GNOME desktop plus a handful of extensions designed to ensure the UI adapts to working well with an e-ink display. Software pre-installed includes Xournal++ for note taking, Firefox for web browsing, and Foliate for reading ebooks, among others. [And it even runs Doom...] Existing PineNote owners can download the the new OS image, flash it to their device, and help test it... Touch and stylus input are major selling points of the PineNote, positioning it as a libre alternative to leading e-ink note-taking devices like the Remarkable 2, Onyx BOOX, and Amazon Scribe. "I do not (yet) have a launch date target," according to the blog post, "as behind-the-scenes the Pine Store team are still working on all things production." But the update also links to some blog posts about their free and open source smartwatch PineTime...Read more of this story at Slashdot.

The British Post Office scandal "was first exposed by Computer Weekly in 2009, revealing the stories of seven subpostmasters and the problems they suffered due to Horizon accounting software," remembers Computer Weekly, "which led to the most widespread miscarriage of justice in British history." But now the Post Office "is investigating allegations that a senior executive instructed staff to destroy or conceal documents that could be of interest to the Post Office scandal public inquiry," Computer Weekly writes. A company employee acknowleged a report in an internal whistleblower program "regarding destroying or concealing material... allegations that a senior Post Office member of staff had instructed their team to destroy or conceal material of possible interest to the inquiry, and that the same individual had engaged in inappropriate behaviour."The shocking revelation echoes evidence from appeals against wrongful convictions in 2021. During the Court of Appeal trials it was revealed that a senior Post Office executive instructed employees to shred documents that undermined an insistence that its Horizon computer system was robust, amid claims that errors in the system caused unexplained accounting shortfalls.Read more of this story at Slashdot.

"Scientists can't agree on the exact rate of expansion of the universe, dictated by the Hubble constant," a new article at Space.com reminds us:The rate can be measured starting from the local (and therefore recent) universe, then going farther back in time - or, it can be calculated starting from the distant (and therefore early) universe, then working your way up. The issue is both methods deliver values that don't agree with each other. This is where the James Web Space Telescope (JWST) comes in. Gravitationally lensed supernovas in the early cosmos the JWST is observing could provide a third way of measuring the rate, potentially helping resolve this "Hubble trouble." "The supernova was named 'supernova Hope' since it gives astronomers hope to better understand the universe's changing expansion rate," Brenda Frye, study team leader and a University of Arizona researcher, said in a NASA statement. This investigation of supernova Hope began when Frye and her global team of scientists found three curious points of light in a JWST image of a distant, densely packed cluster of galaxies. Those points of light in the image were not visible when the Hubble Space Telescope imaged the same cluster, known as PLCK G165.7+67.0 or, more simply, G165, back in 2015. "It all started with one question by the team: 'What are those three dots that weren't there before? Could that be a supernova?'" Frye said. The team noted a "high rate of star formation... more than 300 solar masses per year," according to NASA's statement: Dr. Frye: "Initial analyses confirmed that these dots corresponded to an exploding star, one with rare qualities. First, it's a Type Ia supernova, an explosion of a white dwarf star. This type of supernova is generally called a 'standard candle,' meaning that the supernova had a known intrinsic brightness. Second, it is gravitationally lensed. Gravitational lensing is important to this experiment. The lens, consisting of a cluster of galaxies that is situated between the supernova and us, bends the supernova's light into multiple images... To achieve three images, the light traveled along three different paths. Since each path had a different length, and light traveled at the same speed, the supernova was imaged in this Webb observation at three different times during its explosion... Trifold supernova images are special: The time delays, supernova distance, and gravitational lensing properties yield a value for the Hubble constant... The team reports the value for the Hubble constant as 75.4 kilometers per second per megaparsec, plus 8.1 or minus 5.5... This is only the second measurement of the Hubble constant by this method, and the first time using a standard candle. Their result? "The Hubble constant value matches other measurements in the local universe, and is somewhat in tension with values obtained when the universe was young."Read more of this story at Slashdot.

An anonymous reader shared this report from Engadget:Three new theft protection features that Google announced earlier this year have reportedly started rolling out on Android. The tools - Theft Detection Lock, Offline Device Lock and Remote Lock - are aimed at giving users a way to quickly lock down their devices if they've been swiped, so thieves can't access any sensitive information. Android reporter Mishaal Rahman shared on social media that the first two tools had popped up on a Xiaomi 14T Pro, and said some Pixel users have started seeing Remote Lock. Theft Detection Lock is triggered by the literal act of snatching. The company said in May that the feature "uses Google AI to sense if someone snatches your phone from your hand and tries to run, bike or drive away." In such a scenario, it'll lock the phone's screen. The Android reporter summarized the other two locking features in a post on Reddit:Remote Lock "lets you remotely lock your phone using just your phone number in case you can't sign into Find My Device using your Google account password."Offline Device Lock "automatically locks your screen if a thief tries to keep your phone disconnected from the Internet for an extended period of time.""All three features entered beta in August, starting in Brazil. Google told me the final versions of these features would more widely roll out this year, and it seems the features have begun expanding."Read more of this story at Slashdot.

He's the long-time Slashdot reader who installed Linux on a 1993 PC - and then installed a 1994 version of MS-DOS on a modern Thinkpad X13. (And somewhere along the way, he even built a ChatGPT client for DOS...) But in a new blog post, yeokm1 reveals "I recently built myself a PC," salvaging parts from a previous desktop system to bootstrap an upgrade. And "I decided to build one with the ability to still reach back into the past to run MS-DOS..." The result? A Ryzen 5 7600 and GeForce 4060 Ti system, but with a floppy drive, optical drive, Sound Blaster card, serial, parallel and PS/2 ports - that runs MS-DOS.The fact that a 30-year-old MS-DOS 6.22 can still work well enough on such a modern hardware is testament to the efforts made by the industry to ensure good x86 PC backward compatibility. AMD, Nvidia and Asus deserve to be commended on their efforts here. I'm also impressed that the modern Nvidia Geforce 4060 Ti still supports some legacy video BIOS modes to a usable level although this is not complete. I didn't document in this blog post but brief tests with other VESA modes and resolutions didn't work so well. I wonder how long more this amount of x86 PC backward-compatibility will continue to last though... It definitely feels like the end is near. Their blog post includes a video about their system. (And yes, it plays Doom.) But their ultimate goal is to use it to play modern games like Cyberpunk 2077 and Flight Simulator 2020 (as well as the upcoming Flight Simulator 2024) "at reasonably good settings and performance. (And also to experiment with light machine-learning workloads, do basic video editing, run virtual machines.) After successfully building their DOS-running system, they asked ChatGPT what it thought. Would the system's specs be powerful enough to handle the 30-year-old operation system? And ChatGPT confidently replied: "Neither the Ryzen 5 7600 nor the GeForce RTX 4060 Ti is designed to run DOS natively. DOS is an older operating system that was primarily used on x86 architecture from the late 20th century, and modern hardware like the Ryzen 5 7600 and GeForce RTX 4060 Ti are not compatible with DOS due to their 64-bit architecture and lack of necessary drivers to interface correctly with DOS, which relied on much older technology..." yeokm1's blog post concludes: "I think I just proved ChatGPT wrong :P"Read more of this story at Slashdot.

An anonymous reader shared this report from Reuters:Brazil's Supreme Court said on Friday that lawyers representing social media platform X did not pay pending fines to the proper bank, postponing its decision on whether to allow the tech firm to resume services in Brazil. The payment of the fines, which X lawyers argued that the company had paid correctly, is the only outstanding measure demanded by the court in order to authorize X to operate again in Brazil... Earlier on Friday, X, owned by billionaire Elon Musk, filed a fresh request to have its services restored in Brazil, saying it had paid all pending fines. In response to the request, Supreme Court Justice Alexandre de Moraes requested the payment to be transferred to the right bank. He also determined that once fines are sorted out, Brazil's prosecutor general will give his opinion on the recent requests made by X's legal team in Brazil, which has been seeking to have the platform restored in the country. Following Moraes' decision on Friday, X lawyers again asked the court for authorization to resume operations in Brazil, denying that the company had paid the fines to the wrong account and saying they do not see the need for the prosecutor general to be consulted before the ban is lifted.Read more of this story at Slashdot.

"China Telecom, one of the largest wireless carriers in mainland China, says that it has developed two large language models (LLMs) relying solely on domestically manufactured AI chips..." reports Tom's Hardware."If the information is accurate, this is a crucial milestone in China's attempt at becoming independent of other countries for its semiconductor needs, especially as the U.S. is increasingly tightening and banning the supply of the latest, highest-end chips for Beijing in the U.S.-China chip war." Huawei, which has mostly been banned from the U.S. and other allied countries, is one of the leaders in China's local chip industry... If China Telecom's LLMs were indeed fully trained using Huawei chips alone, then this would be a massive success for Huawei and the Chinese government. The project's GitHub page "contains a hint about how China Telecom may have trained the model," reports the Register, "in a mention of compatibility with the 'Ascend Atlas 800T A2 training server' - a Huawei product listed as supporting the Kunpeng 920 7265 or Kunpeng 920 5250 processors, respectively running 64 cores at 3.0GHz and 48 cores at 2.6GHz. Huawei builds those processors using the Arm 8.2 architecture and bills them as produced with a 7nm process." The South China Morning Post says the unnamed model has 1 trillion parameters, according to China Telecom, while the TeleChat2t-115B model has over 100 billion parameters. Thanks to long-time Slashdot reader hackingbear for sharing the news.Read more of this story at Slashdot.

"Pig Butchering Alert: Fraudulent Trading App targeted iOS and Android users." That's the title of a new report released this week by cybersecurity company Group-IB revealing the official Apple App Store and Google Play store offered apps that were actually one part of a larger fraud campaign. "To complete the scam, the victim is asked to fund their account... After a few seemingly successful trades, the victim is persuaded to invest more and more money. The account balance appears to grow rapidly. However, when the victim attempts to withdraw funds, they are unable to do so." Forbes reports:Group-IB determined that the frauds would begin with a period of social engineering reconnaissance and entrapment, during which the trust of the potential victim was gained through either a dating app, social media app or even a cold call. The attackers spent weeks on each target. Only when this "fattening up" process had reached a certain point would the fraudsters make their next move: recommending they download the trading app from the official App Store concerned. When it comes to the iOS app, which is the one that the report focussed on, Group-IB researchers said that the app remained on the App Store for several weeks before being removed, at which point the fraudsters switched to phishing websites to distribute both iOS and Android apps. The use of official app stores, albeit only fleetingly as Apple and Google removed the fake apps in due course, bestowed a sense of authenticity to the operation as people put trust in both the Apple and Google ecosystems to protect them from potentially dangerous apps. "The use of web-based applications further conceals the malicious activity," according to the researchers, "and makes detection more difficult."[A]fter the download is complete, the application cannot be launched immediately. The victim is then instructed by the cybercriminals to manually trust the Enterprise developer profile. Once this step is completed, the fraudulent application becomes operational... Once a user registers with the fraudulent application, they are tricked into completing several steps. First, they are asked to upload identification documents, such as an ID card or passport. Next, the user is asked to provide personal information, followed by job-related details... The first discovered application, distributed through the Apple App Store, functions as a downloader, merely retrieving and displaying a web-app URL. In contrast, the second application, downloaded from phishing websites, already contains the web-app within its assets. We believe this approach was deliberate, since the first app was available in the official store, and the cybercriminals likely sought to minimise the risk of detection. As previously noted, the app posed as a tool for mathematical formulas, and including personal trading accounts within an iOS app would have raised immediate suspicion. The app (which only runs on mobile phones) first launches a fake activity with formulas and graphics, according to the researchers. "We assume that this condition must bypass Apple's checks before being published to the store. As we can see, this simple trick allows cybercriminals to upload their fraudulent application to the Apple Store." They argue their research "reinforces the need for continued review of app store submissions to prevent such scams from reaching unsuspecting victims". But it also highlights "the importance of vigilance and end-user education, even when dealing with seemingly trustworthy apps..." "Our investigation began with an analysis of Android applications at the request of our client. The client reported that a user had been tricked into installing the application as part of a stock investment scam. During our research, we uncovered a list of similar fraudulent applications, one of which was available on the Google Play Store. These apps were designed to display stock-related news and articles, giving them a false sense of legitimacy."Read more of this story at Slashdot.

Wired reports on "AI-powered cameras mounted on cars and trucks, initially designed to capture license plates, but which are now photographing political lawn signs outside private homes, individuals wearing T-shirts with text, and vehicles displaying pro-abortion bumper stickers - all while recordi00ng the precise locations of these observations..." The detailed photographs all surfaced in search results produced by the systems of DRN Data, a license-plate-recognition (LPR) company owned by Motorola Solutions. The LPR system can be used by private investigators, repossession agents, and insurance companies; a related Motorola business, called Vigilant, gives cops access to the same LPR data. However, files shared with WIRED by artist Julia Weist, who is documenting restricted datasets as part of her work, show how those with access to the LPR system can search for common phrases or names, such as those of politicians, and be served with photographs where the search term is present, even if it is not displayed on license plates... Beyond highlighting the far-reaching nature of LPR technology, which has collected billions of images of license plates, the research also shows how people's personal political views and their homes can be recorded into vast databases that can be queried. "It really reveals the extent to which surveillance is happening on a mass scale in the quiet streets of America," says Jay Stanley, a senior policy analyst at the American Civil Liberties Union. "That surveillance is not limited just to license plates, but also to a lot of other potentially very revealing information about people." DRN, in a statement issued to WIRED, said it complies with "all applicable laws and regulations...." Over more than a decade, DRN has amassed more than 15 billion "vehicle sightings" across the United States, and it claims in its marketing materials that it amasses more than 250 million sightings per month. Images in DRN's commercial database are shared with police using its Vigilant system, but images captured by law enforcement are not shared back into the wider database. The system is partly fueled by DRN "affiliates" who install cameras in their vehicles, such as repossession trucks, and capture license plates as they drive around. Each vehicle can have up to four cameras attached to it, capturing images in all angles. These affiliates earn monthly bonuses and can also receive free cameras and search credits... "License plate recognition (LPR) technology supports public safety and community services, from helping to find abducted children and stolen vehicles to automating toll collection and lowering insurance premiums by mitigating insurance fraud," Jeremiah Wheeler, the president of DRN, says in a statement... Wheeler did not respond to WIRED's questions about whether there are limits on what can be searched in license plate databases, why images of homes with lawn signs but no vehicles in sight appeared in search results, or if filters are used to reduce such images. Privacy experts shared their reactions with Wired"Perhaps [people] want to express themselves in their communities, to their neighbors, but they don't necessarily want to be logged into a nationwide database that's accessible to police authorities." - Jay Stanley, a senior policy analyst at the American Civil Liberties Union"When government or private companies promote license plate readers, they make it sound like the technology is only looking for lawbreakers or people suspected of stealing a car or involved in an amber alert, but that's just not how the technology works. The technology collects everyone's data and stores that data often for immense periods of time." - Dave Maass, an EFF director of investigations "The way that the country is set up was to protect citizens from government overreach, but there's not a lot put in place to protect us from private actors who are engaged in business meant to make money." - Nicole McConlogue, associate law professor at Mitchell Hamline School of Law (who has researched license-plate-surveillance systems)Thanks to long-time Slashdot reader schwit1 for sharing the article.Read more of this story at Slashdot.

The Washington Post interviewed Lebanese officials, people close to Hezbollah, and Israeli, Arab and U.S. security officials and politicians about a years-long plan (originated at Mossad headquarters) that ultimately killed or maimed "as many as 3,000 Hezbollah officers and members - most of them rear-echelon figures... along with an unknown number of civilians... when Israel's Mossad intelligence service triggered the devices remotely on September 17."In the initial sales pitch to Hezbollah two years ago, the new line of Apollo pagers seemed precisely suited to the needs of a militia group with a sprawling network of fighters and a hard-earned reputation for paranoia... Best of all, there was no risk that the pagers could ever be tracked by Israel's intelligence services. Hezbollah's leaders were so impressed they bought 5,000 of them and began handing them out to mid-level fighters and support personnel in February. None of the users suspected they were wearing an ingeniously crafted Israeli bomb... Israeli officials had watched with increasing anxiety as the Lebanese group added new weapons to an arsenal already capable of striking Israeli cities with tens of thousands of precision-guided missiles. Mossad, the Israeli intelligence service responsible for combating foreign threats to the Jewish state, had worked for years to penetrate the group with electronic monitoring and human informants. Over time, Hezbollah leaders learned to worry about the group's vulnerability to Israeli surveillance and hacking, fearing that even ordinary cellphones could be turned into Israeli-controlled eavesdropping and tracking devices. Thus was born the idea of creating a kind of communications Trojan horse, the officials said. Hezbollah was looking for hack-proof electronic networks for relaying messages, and Mossad came up with a pair of ruses that would lead the militia group to purchase devices that seemed perfect for the job - equipment that Mossad designed and had assembled in Israel. The first part of the plan, booby-trapped walkie-talkies, began being inserted into Lebanon by Mossad nearly a decade ago, in 2015. The mobile two-way radios contained oversized battery packs, a hidden explosive and a transmission system that gave Israel complete access to Hezbollah communications. For nine years, the Israelis contented themselves with eavesdropping on Hezbollah, the officials said, while reserving the option to turn the walkie-talkies into bombs in a future crisis. But then came a new opportunity and a glitzy new product: a small pager equipped with a powerful explosive. In an irony that would not become clear for many months, Hezbollah would end up indirectly paying the Israelis for the tiny bombs that would kill or wound many of its operatives. Because Hezbollah leaders were alert to possible sabotage, the pagers could not originate in Israel, the United States or any other Israeli ally. So, in 2023, the group began receiving solicitations for the bulk purchase of Taiwanese-branded Apollo pagers, a well-recognized trademark and product line with a worldwide distribution and no discernible links to Israeli or Jewish interests. The Taiwanese company had no knowledge of the plan, officials said... The marketing official had no knowledge of the operation and was unaware that the pagers were physically assembled in Israel under Mossad oversight, officials said... In a feat of engineering, the bomb component was so carefully hidden as to be virtually undetectable, even if the device was taken apart, the officials said. Israeli officials believe that Hezbollah did disassemble some of the pagers and may have even X-rayed them. "Thousands of Apollo-branded pagers rang or vibrated at once, all across Lebanon and Syria," according to the article, with a short sentence in Arabic that said "You received an encrypted message." The two-button de-encryption procedure "ensured most users would be holding the pager with both hands when it detonated," according to the article, although "Less than a minute later, thousands of other pagers exploded by remote command, regardless of whether the user ever touched his device. The following day, on September 18, hundreds of walkie-talkies blew up in the same way, killing and maiming users and bystanders..." "As Hezbollah reeled, Israel struck again, pounding the group's headquarters, arsenals and logistic centers with 2,000-pound bombs," the article concludes. And the strike "convinced the country's political leaders that Hezbollah could be put on the ropes, susceptible to a systematic dismantling using airstrikes and, eventually a ground invasion..."Read more of this story at Slashdot.

"A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers," reports the Wall Street Journal, "potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests. "For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk."The attackers also had access to other tranches of more generic internet traffic, they said. Verizon Communications, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, the people said. The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said... The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn't be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach... The hackers appear to have engaged in a vast collection of internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers. Additionally, there are indications that the hacking campaign targeted a small number of service providers outside the U.S., the people said. A person familiar with the attack said the U.S. government considered the intrusions to be historically significant and worrisome... "It will take time to unravel how bad this is, but in the meantime it's the most significant in a long string of wake-up calls that show how the PRC has stepped up their cyber game," said Brandon Wales, former executive director at the Cybersecurity and Infrastructure Security Agency and now a vice president at SentinelOne, referring to the People's Republic of China. "If companies and governments weren't taking this seriously before, they absolutely need to now." Three weeks ago TechCrunch also reported that the FBI "took control of a botnet made up of hundreds of thousands of internet-connected devices, such as cameras, video recorders, storage devices, and routers, which was run by a Chinese government hacking group, FBI director Christopher Wray and U.S. government agencies revealed Wednesday.Read more of this story at Slashdot.

This week the U.S. Attorney's Office for the Southern District of New York unsealed charges over a "scheme to commit fraud" in carbon markets, which they say fraudulently netted one company "tens of millions of dollars" worth of credits - which led to "securing an investment of over $100 million." MarketWatch reports:Ken Newcombe had spent years building a program to distribute more environmentally friendly cookstoves for free to rural communities in Africa and Southeast Asia. The benefit for his company, C-Quest Capital, would be the carbon credits it would receive in exchange for reducing the amount of fuel people burned in order to cook food - credits the company could then sell for a profit to big oil companies like BP. But when Newcombe tried to ramp up the program, federal prosecutors said in an indictment made public Wednesday, he quickly realized that the stoves wouldn't deliver the emissions savings he had promised investors. Rather than admit his mistake, he and his partners cooked the books instead, prosecutors said... That allowed them to obtain carbon credits worth tens of millions of dollars that they didn't deserve, prosecutors said. On the basis of the fraudulently gained credits, prosecutors said, C-Quest was able to secure $250 million in funding from an outside investor. "The alleged actions of the defendants and their co-conspirators risked undermining the integrity of [the global market for carbon credits], which is an important part of the fight against climate change," said Damian Williams, the U.S. attorney for the Southern District of New York. From announced by the U.S. Attorney's Office:U.S. Attorney Damian Williams said... "The alleged actions of the defendants and their co-conspirators risked undermining the integrity of that market, which is an important part of the fight against climate change. Protecting the sanctity and integrity of the financial markets continues to be a cornerstone initiative for this Office, and we will continue to be vigilant in rooting out fraud in the market for carbon credits...." While most carbon credits are created through, and trade in compliance markets, there is also a voluntary carbon market. Voluntary markets revolve around companies and entities that voluntarily set goals to reduce or offset their carbon emissions, often to align with goals from employees or shareholders. In voluntary markets, the credits are issued by non-governmental organizations, using standards for measuring emission reductions that they develop based on input from market participants, rather than on mandates from governments. The non-governmental organizations issue voluntary carbon credits to project developers that run projects that reduce emissions or remove greenhouse gases from the atmosphere. CQC was a for-profit company that ran projects to generate carbon credits - including a type of credit known as a voluntary carbon unit ("VCU") - by reducing emissions of greenhouse gases. CQC profited by selling VCUs it obtained, often to companies seeking to offset the impact of greenhouse gases they emit in the course of operating their businesses. The company itself was not charged due to "voluntary and timely self-disclosure of misconduct," according to the announcement, along with "full and proactive cooperation, timely and appropriate remediation, and agreement to cancel or void certain voluntary carbon units.Read more of this story at Slashdot.

The Washington Post on scientists who "discovered that bacteria commonly found in wastewater can break down plastic to turn it into a food source, a finding that researchers hope could be a promising answer to combat one of Earth's major pollution problems."In a study published Thursday in Environmental Science and Technology, scientists laid out their examination of Comamonas testosteroni, a bacteria that grows on polyethylene terephthalate, or PET, a plastic commonly found in single-use food packaging and water bottles. PET makes up about 12 percent of global solid waste and 90 million tons of the plastic produced each year... Unlike most other bacteria, which thrive on sugar, C. testosteroni has a more refined palate, including chemically complex materials from plants and plastics that take longer to decompose. The researchers are the first to demonstrate not only that this bacteria can break down plastic, but they also illuminate exactly how they do it. Through six meticulous steps, involving complex imaging and gene editing techniques, the authors found that the bacteria first physically break down plastic by chewing it into smaller pieces. Then, they release enzymes - components of a cell that speed up chemical reactions - to chemically break down the plastic into a carbon-rich food source known as terephthalate... The bacteria take a few months to break down chunks of plastic, according to Rebecca Wilkes [a lead author on the study and postdoctoral researcher at the National Renewable Energy Laboratory]. As a result, if the bacteria are going to be efficient tools, a lot of optimization needs to take place to speed up the rate at which they decompose pollutants. One approach is to promote bacterial growth by providing them with an additional food source, such as a chemical known as acetate. A senior author on the study (and associate professor of civil and environmental engineering at Northwestern University) tells the Washington Post that "The machinery in environmental microbes is still a largely untapped potential for uncovering sustainable solutions we can exploit."Read more of this story at Slashdot.

T-Mobile experienced three major data breaches in 2021, 2022, and 2023, according to CSO Online, "which impacted millions of its customers." After a series of investigations by America's Federal Communications Commission, T-Mobile agreed in court to a number of settlement conditions, including moving toward a "modern zero-trust architecture," designating a Chief Information Security Office, implementing phishing-resistant multifactor authentication, and adopting data minimization, data inventory, and data disposal processes designed to limit its collection and retention of customer information. Slashdot reader itwbennett writes: According to a consent decree published on Monday by the U.S. Federal Communications Commission, T-Mobile must pay a $15.75 million penalty and invest an equal amount "to strengthen its cybersecurity program, and develop and implement a compliance plan to protect consumers against similar data breaches in the future." "Implementing these practices will require significant - and long overdue - investments. To do so at T-Mobile's scale will likely require expenditures an order of magnitude greater than the civil penalty here,' the consent decree said. The article points out that order of magnitude greater than $15.75 million would be $157.5 million...Read more of this story at Slashdot.

Last week the Register warned "If you're running the Unix printing system CUPS, with cups-browsed present and enabled, you may be vulnerable to attacks that could lead to your computer being commandeered over the network or internet." (Although the CEO of cybersecurity platform watchTowr told them "the vulnerability impacts less than a single-digit percentage of all deployed internet-facing Linux systems.") But Tuesday generic (Slashdot reader #14,144) shared this new warning from Akamai:Akamai researchers have confirmed a new attack vector using CUPS that could be leveraged to stage distributed denial-of-service (DDoS) attacks. Research shows that, to begin the attack, the attacking system only needs to send a single packet to a vulnerable and exposed CUPS service with internet connectivity. The Akamai Security Intelligence and Response Team (SIRT) found that more than 198,000 devices are vulnerable to this attack vector and are accessible on the public internet; roughly 34% of those could be used for DDoS abuse (58,000+). Of the 58,000+ vulnerable devices, hundreds exhibited an "infinite loop" of requests. The limited resources required to initiate a successful attack highlights the danger: It would take an attacker mere seconds to co-opt every vulnerable CUPS service currently exposed on the internet and cost the attacker less than a single US cent on modern hyperscaler platforms.Read more of this story at Slashdot.

Days after a hurricane struck America's southeast, Florida's state's fire marshall "confirmed 16 lithium-ion battery fires related to storm surge," according to local news reports. "Officials said six of those fires are associated with electric vehicles and they are working with fire departments statewide to gather more data." (Earlier this year America's federal transportation safety agency estimated that after a 2022 hurricane "about 36 EVs caught on fire. In several instances, the fire erupted while the impacted EVs were being towed on their flatbed trailers.") But Tuesday, when over 1 million Americans were without electricity, the Atlantic pointed out the other side of the story. "EV owners are using their cars to keep the lights on."When Hurricane Helene knocked out the power in Charlotte, North Carolina, on Friday, Dustin Baker, like many other people across the Southeast, turned to a backup power source. His just happened to be an electric pickup truck. Over the weekend, Baker ran extension cords from the back of his Ford F-150 Lightning, using the truck's battery to keep his refrigerator and freezer running. It worked so well that Baker became an energy Good Samaritan. "I ran another extension cord to my neighbor so they could run two refrigerators they have," he told me. Americans in hurricane territory have long kept diesel-powered generators as a way of life, but electric cars are a leap forward. An EV, at its most fundamental level, is just a big battery on wheels that can be used to power anything, not only the car itself. Some EVs pack enough juice to power a whole home for several days, or a few appliances for even longer. In the aftermath of Helene, as millions of Americans were left without power, many EV owners did just that. A vet clinic that had lost power used an electric F-150 to keep its medicines cold and continue seeing patients during the blackout. One Tesla Cybertruck owner used his car to power his home after his entire neighborhood lost power. One Louisiana man just ran cords straight from the outlets in the bed of his Tesla Cybertruck, according to the article. "We were able to run my internet router and TV, [plus] lamps, refrigerator, a window AC unit, and fans, as well as several phone, watch, and laptop chargers."Over the course of about 24 hours, he said, all of this activity ran his Cybertruck battery down from 99 percent to 80 percent... Bidirectional charging may prove to be the secret weapon that sells electrification to the South, which has generally remained far behind the West and the Northeast in electric-vehicle purchases. If EVs become widely seen as the best option for blackouts, they could entice not just the climate conscious but also the suburban dads in hurricane country with a core belief in prepping for anything. It will take a lot to overcome the widespread distrust of EVs and anxiety about a new technology, but our loathing of power outages just might do the trick. The article notes that Tesla has confirmed all its electric vehicles will support bidirectional charging by 2025.Read more of this story at Slashdot.

"Can you believe that we've been demanding user freedom since 1985?" asks a new blog post at FSF.org:Today, we're celebrating our thirty-ninth anniversary, the "lace year," which represents the intertwined nature and strength of our relationship with the free software community. We wouldn't be here without you, and we are so grateful for everyone who has stood with us, advocating for a world where complete user freedom is the norm and not the exception. As we celebrate our anniversary and reflect on the past thirty-nine years, we feel inspired by how far we've come, not only as a movement but as an organization, and the changes that we've gone through. While we inevitably have challenges ahead, we feel encouraged and eager to take them on knowing that you'll be right there with us, working for a free future for everyone. Here's to many more years of fighting for user freedom! Their suggestions for celebrating include:Try a fully free distribution of GNU/Linux or help someone else give it a tryLearn how to encrypt your emails and opt out of bulk surveillanceTake a small step with big impact and swap out one nonfree program with one that's truly freeIf you have an Android phone, download F-Droid, which is a catalogue of hundreds of free software applicationsWish us happy birthday on social media. [Which for the FSF is Mastodon, PeerTube, and GNU social.]Join a Free Software Directory (FSD) meeting, which we host every Friday from 16:00 to 19:00 UTC.Become an associate member or gift a membership to a friend Donate $39 to help support free software advocacyPrint off stickers of our 39th birthday cakeChange your desktop background to an early-2000s-cyberspace-inspired image of our former front desk. (And then switch out your browser theme to match your new desktop background.)And to help with the celebrations they share a free video teaching the basics of SuperCollider (the free and open source audio synthesis/algorithmic composition software). The video appears on FramaTube, an instance of the decentralized (and ActivityPub-federated) Peertube video platform, supported by the French non-profit Framasoft and powered by WebTorrent, using peer-to-peer technology to reduce load on individual servers.Read more of this story at Slashdot.

An anonymous reader quotes a report from The Register: Comcast says data on 237,703 of its customers was in fact stolen in a cyberattack on a debt collector it was using, contrary to previous assurances it was given that it was unaffected by that intrusion. That collections agency, Financial Business and Consumer Solutions aka FBCS, was compromised in February, and according to a filing with Maine's attorney general, the firm informed the US cable giant about the unauthorized access in March. At the time, FBCS told the internet'n'telly provider that no Comcast customer information was affected. However, that changed in July, when the collections outfit got in touch again to say that, actually, the Comcast subscriber data it held had been pilfered. Among the data types stolen were names, addresses, Social Security numbers, dates of birth, and the Comcast account numbers and ID numbers used internally at FBCS. The data pertains to those registered as customers at "around 2021." Comcast stopped using FBCS for debt collection services in 2020. Comcast made it clear its own systems, including those of its broadband unit Xfinity, were not broken into, unlike that time in 2023. FBCS earlier said more than 4 million people had their records accessed during that February break-in. As far as we're aware, the agency hasn't said publicly exactly how that network intrusion went down. Now Comcast is informing subscribers that their info was taken in that security breach, and in doing so seems to be the first to say the intrusion was a ransomware attack. [...] FBCS's official statement only attributes the attack to an "unauthorized actor." It does not mention ransomware, nor many other technical details aside from the data types involved in the theft. No ransomware group we're aware of has ever claimed responsibility for the raid on FBCS. When we asked Comcast about the ransomware, it simply referred us back to the customer notification letter. The cableco used that notification to send another small middle finger FBCS's way, slyly revealing that the agency's financial situation prevents it from offering the usual identity and credit monitoring protection for those affected, so Comcast is having to foot the bill itself.Read more of this story at Slashdot.

On September 28, California amended the California Consumer Privacy Act of 2018 to recognize the importance of mental privacy. "The law marks the second such legal protection for data produced from invasive neurotechnology, following Colorado, which incorporated neural data into its state data privacy statute, the Colorado Privacy Act (CPA) in April," notes Law.com. GovTech reports: The new bill amends the California Consumer Privacy Act of 2018, which grants consumers rights over personal information that is collected by businesses. The term "personal information" already included biometric data (such as your face, voice, or fingerprints). Now it also explicitly includes neural data. The bill defines neural data as "information that is generated by measuring the activity of a consumer's central or peripheral nervous system, and that is not inferred from nonneural information." In other words, data collected from a person's brain or nerves. The law prevents companies from selling or sharing a person's data and requires them to make efforts to deidentify the data. It also gives consumers the right to know what information is collected and the right to delete it. "This new law in California will make the lives of consumers safer while sending a clear signal to the fast-growing neurotechnology industry there are high expectations that companies will provide robust protections for mental privacy of consumers," Jared Genser, general counsel to the Neurorights Foundation, which cosponsored the bill, said in a statement. "That said, there is much more work ahead."Read more of this story at Slashdot.

Audio Overview, a new AI podcasting tool by Google, can generate realistic podcasts with human-like voices using content uploaded by users through NotebookLM. MIT Technology Review reports: NotebookLM, which is powered by Google's Gemini 1.5 model, allows people to upload content such as links, videos, PDFs, and text. They can then ask the system questions about the content, and it offers short summaries. The tool generates a podcast called Deep Dive, which features a male and a female voice discussing whatever you uploaded. The voices are breathtakingly realistic -- the episodes are laced with little human-sounding phrases like "Man" and "Wow" and "Oh right" and "Hold on, let me get this right." The "hosts" even interrupt each other. The AI system is designed to create "magic in exchange for a little bit of content," Raiza Martin, the product lead for NotebookLM, said on X. The voice model is meant to create emotive and engaging audio, which is conveyed in an "upbeat hyper-interested tone," Martin said. NotebookLM, which was originally marketed as a study tool, has taken a life of its own among users. The company is now working on adding more customization options, such as changing the length, format, voices, and languages, Martin said. Currently it's supposed to generate podcasts only in English, but some users on Reddit managed to get the tool to create audio in French and Hungarian. Here are some examples highlighted by MIT Technology Review: Allie K. Miller, a startup AI advisor, used the tool to create a study guide and summary podcast of F. Scott Fitzgerald's The Great Gatsby. Machine-learning researcher Aaditya Ura fed NotebookLM with the code base of Meta's Llama-3 architecture. He then used another AI tool to find images that matched the transcript to create an educational video. Alex Volkov, a human AI podcaster, used NotebookLM to create a Deep Dive episode summarizing of the announcements from OpenAI's global developer conference Dev Day. In one viral clip, someone managed to send the two voices into an existential spiral when they "realized" they were, in fact, not humans but AI systems. The video is hilarious. The tool is also good for some laughs. Exhibit A: Someone just fed it the words "poop" and "fart" as source material, and got over nine minutes of two AI voices analyzing what this might mean.Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: The European Union's top court has sided with a privacy challenge to Meta's data retention policies. It ruled on Friday that social networks, such as Facebook, cannot keep using people's information for ad targeting indefinitely. The judgement could have major implications on the way Meta and other ad-funded social networks operate in the region. Limits on how long personal data can be kept must be applied in order to comply with data minimization principles contained in the bloc's General Data Protection Regulation (GDPR). Breaches of the regime can lead to fines of up to 4% of global annual turnover -- which, in Meta's case, could put it on the hook for billions more in penalties (NB: it is already at the top of the leaderboard of Big Tech GDPR breachers). [...] The original challenge to Meta's ad business dates back to 2014 but was not fully heard in Austria until 2020, per noyb. The Austrian supreme court then referred several legal questions to the CJEU in 2021. Some were answered via a separate challenge to Meta/Facebook, in a July 2023 CJEU ruling -- which struck down the company's ability to claim a "legitimate interest" to process people's data for ads. The remaining two questions have now been dealt with by the CJEU. And it's more bad news for Meta's surveillance-based ad business. Limits do apply. Summarizing this component of the judgement in a press release, the CJEU wrote: "An online social network such as Facebook cannot use all of the personal data obtained for the purposes of targeted advertising, without restriction as to time and without distinction as to type of data." The ruling looks important on account of how ads businesses, such as Meta's, function. Crudely put, the more of your data they can grab, the better -- as far as they are concerned. Back in 2022, an internal memo penned by Meta engineers which was obtained by Vice's Motherboard likened its data collection practices to tipping bottles of ink into a vast lake and suggested the company's aggregation of personal data lacked controls and did not lend itself to being able to silo different types of data or apply data retention limits. Although Meta claimed at the time that the document "does not describe our extensive processes and controls to comply with privacy regulations." How exactly the adtech giant will need to amend its data retention practices following the CJEU ruling remains to be seen. But the law is clear that it must have limits. "[Advertising] companies must develop data management protocols to gradually delete unneeded data or stop using them," noyb suggests. The court also weighed in a second question that concerns sensitive data that has been "manifestly made public" by the data subject, "and whether sensitive characteristics could be used for ad targeting because of that," reports TechCrunch. "The court ruled that it could not, maintaining the GDPR's purpose limitation principle."Read more of this story at Slashdot.

Waymo has entered a "multi-year, strategic partnership" with Hyundai to integrate the company's autonomous driving system into the American-made Hyundai Ioniq 5. It's expected to join the Waymo One fleet after road tests starting in late 2025. Carscoops reports: Waymo and Geely joined forces in 2021 to introduce a mobility-focused Zeekr EV. The model was slated to be added to Waymo's fleet of autonomous vehicles and effectively replace their aging Jaguar I-Paces. While that was a solid plan a few years ago, the political climate has changed and China has emerged as America's boogeyman. Just last week, the Biden Administration proposed a new rule that could effectively ban all Chinese cars including models from Buick and Lincoln. [...] Besides giving Waymo a 'safe' alternative to Zeekr, it sounds like the Ioniq 5 will eventually make up a bulk of the fleet. While that remains unconfirmed, the companies aim to produce the autonomous EVs in a "significant volume over multiple years." The firms also revealed the cars will be delivered with "autonomous-ready modifications like redundant hardware and power doors."Read more of this story at Slashdot.

First announced in 2018, Samsung's "One UI" software is expanding to all the company's major tech products in 2025. 9to5Google reports: At its annual developer conference, Samsung announced that "One UI" is the new name for the company's software experiences across "major product lines." This specifically includes TVs and home appliances. Samsung says: "In addition, the company announced that it will integrate the software experience of its major product lines -- from mobile devices to TVs and home appliances -- under the name One UI next year. By providing a cohesive product experience and committing to software upgrades for up to seven years, Samsung will continue to bring innovation for its customers." There's no word on how, if at all, this will affect software design or features, but the cohesive branding and the announcement mentioning that it will "integrate the software experience" implies we'll see similar designs across the company's portfolio, at least eventually. Samsung also announced that One UI 7, its next Android update, would be delayed to 2025 with a beta "before the end of the year" during the same keynote.Read more of this story at Slashdot.

On Wednesday, the SEC filed (PDF) to appeal a 2023 court ruling that determined XRP is not considered a security when sold to retail investors on exchanges. The announcement sent the price of XRP tumbling more than 8%. "XRP, which was created by the founders of Ripple, is the native token of the open source XRP Ledger, which Ripple uses in its cross-border payments business," notes CNBC. "It is the fifth-largest coin by market cap, excluding stablecoins Tether (USDT) and USD Coin (USDC)." CNBC reports: Ripple, the largest holder of XRP coins, scored a partial victory last summer after a three-year battle with the SEC. U.S. District Judge Analisa Torres handed down the decision, which was hailed as a landmark win for the crypto industry. Still, while XRP isn't considered a security when sold to retail investors on exchanges, it is considered an unregistered security offering if sold to institutional investors. Ripple declined to comment but referred to Wednesday evening posts on X by CEO Brad Garlinghouse and chief legal officer Stuart Alderoty. Alderoty said the company is evaluating whether to file a cross appeal, and called the SEC's decision to appeal "disappointing, but not surprising." The SEC, under Chair Gary Gensler, has become notorious for its refusal to provide clear guidance for crypto businesses, instead opting to regulate by enforcement actions. "XRP's status as a non-security is the law of the land today - and that does not change even in the face of this misguided - and infuriating - appeal," Garlinghouse said on X.Read more of this story at Slashdot.

An anonymous reader quotes a report from the Associated Press: Google said Friday it will stop linking to New Zealand news content and will reverse its support of local media outlets if the government passes a law forcing tech companies to pay for articles displayed on their platforms. The vow to sever Google traffic to New Zealand news sites -- made in a blog post by the search giant on Friday -- echoes strategies the firm deployed as Australia and Canada prepared to enact similar laws in recent years. It followed a surprise announcement by New Zealand's government in July that lawmakers would advance a bill forcing tech platforms to strike deals for sharing revenue generated from news content with the media outlets producing it. The government, led by center-right National, had opposed the law in 2023 when introduced by the previous administration. But the loss of more than 200 newsroom jobs earlier this year -- in a national media industry that totaled 1,600 reporters at the 2018 census and has likely shrunk since -- prompted the current government to reconsider forcing tech companies to pay publishers for displaying content. The law aims to stanch the flow offshore of advertising revenue derived from New Zealand news products. If the media law passes, Google New Zealand Country Director Caroline Rainsford said the firm would need to change its involvement in the country. "Specifically, we'd be forced to stop linking to news content on Google Search, Google News, or Discover surfaces in New Zealand and discontinue our current commercial agreements and ecosystem support with New Zealand news publishers." Google's licensing program in New Zealand contributed "millions of dollars per year to almost 50 local publications," she added.Read more of this story at Slashdot.