GoPro has announced a restructuring plan that involves cutting about 15% of its workforce. "The company expects to take charges in the range of $5 million to $7 million for the restructuring plan, with cash expenses of $1 million to be recognized in the third quarter and about $4 million to $6 million in the fourth quarter of 2024," reports Reuters. From the report: The layoffs - around 139 jobs - are expected to begin in the third quarter and would be completed by the end of 2024. Shares of the company, which had 925 full-time employees at the end of the second quarter ended June 30, were up 1.5% after the layoffs were announced. Earlier this month, GoPro reported revenue of $186 million for second quarter, down 22.7% compared to last year and operating expenses of $103 million, an increase of 5% from a year ago.Read more of this story at Slashdot.
NASA astronauts Butch Wilmore and Suni Williams are facing challenges returning to Earth due to compatibility issues between their Boeing-designed spacesuits and SpaceX's Dragon spacecraft. Inc. Magazine reports: The space suits in question are the "intra-vehicular activity" outfits now worn by astronauts. They're simpler than the bulky extra-vehicular space suits used on space walks, and are designed to keep astronauts safe in the capsule in the very unlikely case there's a problem that causes the capsule's atmosphere to be lost. The problem is simple: Should Butch and Suni need to fly back aboard SpaceX's vehicle, their suits won't fit in Dragon's seats. [...] Boeing and SpaceX suits evolved under totally different design sensibilities. If Boeing and NASA deem Starliner unsafe for humans to fly home in, Butch and Suni must head earthward aboard a SpaceX Dragon, but their suits won't be able to plug into Dragon's systems. Like trying to plug an essentially outdated USB A socket into an iPhone's charge port, the suit connectors have different shapes, styles, and functions. The suits themselves have different systems that integrate with their own capsules for purposes like air leak checks during pre-flight testing. So if an emergency situation presents itself and astronauts have to come back to Earth before proper plans are finalized, Butch and Suni will have to return inside the cargo section of a Dragon space capsule "unsuited," according to NASA leadership who spoke on the matter in a press conference last week. Other plans include flying up suitable Dragon-connecting space suits for the two astronauts on a later mission, should Starliner be deemed incapable of bringing them back.Read more of this story at Slashdot.
An anonymous reader quotes a report from Interesting Engineering: A student has successfully developed a small nuclear fusion reactor as part of his A-Levels. The 17-year-old built the reactor to generate neutrons as part of his Extended Project Qualification (EPQ). Notably, Cesare Mencarini's work is claimed to be the only nuclear reactor built in a school environment. Showcased at the Cambridge Science Festival recently, the nuclear reactor achieved plasma a few months ago. It also gave Mencarini an A* in his A-Level results, according to reports. [...] Mencarini maintained that the goal of the reactor is to create conditions that are required for fusion. However, the project couldn't get same pressure that's generated by the Sun due to its own gravity. Therefore, to make atoms hot enough, the teen used high voltage. The reactor achieved plasma in June. "Two days ago I achieved plasma, which was brilliant and I'm massively happy about this," wrote Mencarini in a LinkedIn post. "The system is running thanks to a Leybold Trivac E2 roughing pump, which allows me to achieve a minimum pressure of 8E-3 Torr." At that time, he mentioned that Pfeiffer TPH062 would be used later to achieve fusion. "This turbomolecular pump is currently isolated by a VAT Throttling Valve." "The grid is then attached to a 30kV rated High Voltage Feedthrough connected to a 5kV Unilab power supply, which allows me to use the fusor in my school (It is limited to a 2mA output). While running the fusor I experimented with 2 grids which you can see in the images," added Mencarini in the post.Read more of this story at Slashdot.
Security researcher Brian Krebs writes: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers and in some cases email addresses for more than 272 million people (including many who are now deceased). NPD acknowledged the intrusion on Aug. 12, saying it dates back to a security incident in December 2023. In an interview last week, USDoD blamed the July data leak on another malicious hacker who also had access to the company's database, which they claimed has been floating around the underground since December 2023. Following last week's story on the breadth of the NPD breach, a reader alerted KrebsOnSecurity that a sister NPD property -- the background search service recordscheck.net -- was hosting an archive that included the usernames and password for the site's administrator. A review of that archive, which was available from the Records Check website until just before publication this morning (August 19), shows it includes the source code and plain text usernames and passwords for different components of recordscheck.net, which is visually similar to nationalpublicdata.com and features identical login pages. The exposed archive, which was named "members.zip," indicates RecordsCheck users were all initially assigned the same six-character password and instructed to change it, but many did not. According to the breach tracking service Constella Intelligence, the passwords included in the source code archive are identical to credentials exposed in previous data breaches that involved email accounts belonging to NPD's founder, an actor and retired sheriff's deputy from Florida named Salvatore "Sal" Verini. Reached via email, Mr. Verini said the exposed archive (a .zip file) containing recordscheck.net credentials has been removed from the company's website, and that the site is slated to cease operations "in the next week or so." "Regarding the zip, it has been removed but was an old version of the site with non-working code and passwords," Verini told KrebsOnSecurity. "Regarding your question, it is an active investigation, in which we cannot comment on at this point. But once we can, we will [be] with you, as we follow your blog. Very informative." The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment. CreationNext.com's homepage features a positive testimonial from Sal Verini.Read more of this story at Slashdot.
Waymo has unveiled its sixth-generation robotaxi, an electric minivan made by Chinese automaker Zeekr. While the company claims it's more advanced than previous generations, it features fewer sensors to help reduce costs. The Verge reports: [W]ithin its high-powered computer, it contains all the learnings of the previous five generations of Waymo's autonomous vehicles, meaning it won't have to do as much real-world testing as past models before it can be rolled out to the public. But looming over Waymo's assertion that its new robotaxi will be cheaper to produce is the possibility that it could also be subject to costly new tariffs against Chinese-made electric vehicles. Earlier this year, the Biden administration said it would quadruple tariffs on EVs from China to 100 percent, from the current 25 percent, as a way to "protect American workers and American companies from China's unfair trade practices." [...] Waymo says the sixth-gen robotaxi will feature a streamlined sensor suite of "16 cameras, 5 lidar, 6 radar, and an array of external audio receivers (EARs)." These sensors will help provide "overlapping fields of view, all around the vehicle, up to 500 meters away, day and night, and in a range of weather conditions." That's the equivalent of over five football fields of visible range. Waymo's use of multiple sensors is important for redundancy, in which multiple sensors and cameras can ensure the vehicle can continue to detect and respond to its surroundings if something fails. It's unclear where and when the new sixth-gen robotaxis will first appear. "Waymo currently operates in Phoenix, San Francisco, and Los Angeles, with plans to launch commercial service in Austin, Texas," notes the report. "The company has been manually testing the Zeekr-made minivans on public roads, with the goal of adding them to its commercial fleet sometime soon."Read more of this story at Slashdot.
Hyundai Motor Group, which includes Kia and Genesis, accounted for 10% of the U.S. EV market through the first seven months of 2024, outpacing Ford (7.4%) and GM (6.3%). Electrek reports: Although IONIQ 5 and 6 sales slipped last month, they are still up 25% and 54% year-to-date, respectively. Meanwhile, sister company Kia continued its record-setting performance in July after EV sales nearly doubled YTD. Kia's new EV9, its first three-row electric SUV, is a major part of its growth. According to Kelley Blue Book, Kia EV9 sales outpaced the Toyota bZ4X, VW ID.4, Nissan Ariya, Rivian R1T, and Tesla Model S in the US through the first half of 2024. It even topped Kia's Niro EV sales. Hyundai's luxury brand, Genesis, remains a dark horse in the US EV market. Genesis is quickly expanding in the US. After adding 21 dedicated retailers in the US this year, including in eight new states, Genesis recently announced it now has 56 standalone facilities. "In two short years, Genesis' retail footprint has grown rapidly from one dedicated retail facility in Louisiana to 56 retail facilities nationwide," Genesis North America COO Claudia Marquez said.Read more of this story at Slashdot.
An anonymous reader quotes a report from The Guardian: Voters in Wyoming's capital city on Tuesday are faced with deciding whether to elect a mayoral candidate who has proposed to let an artificial intelligence bot run the local government. Earlier this year, the candidate in question -- Victor Miller -- filed for him and his customized ChatGPT bot, named Vic (Virtual Integrated Citizen), to run for mayor of Cheyenne, Wyoming. He has vowed to helm the city's business with the AI bot if he wins. Miller has said that the bot is capable of processing vast amounts of data and making unbiased decisions. In what AI experts say is a first for US political campaigns, Miller and Vic have told local news outlets in interviews that their form of proposed governance is a "hybrid approach." The AI bot told Your Wyoming Link that its role would be to provide data-driven insights and innovative solutions for Cheyenne. Meanwhile, Vic said, the human elected office contender, Miller, would serve as the official mayor if chosen by voters and would ensure that "all actions are legally and practically executed." "It's about blending AI's capabilities with human judgment to effectively lead Cheyenne," the bot said. The bot said it did not have political affiliations -- and its goal is to "focus on data-driven practical solutions that benefit the community." During a meet-and-greet this summer, the Washington Post reported that the AI bot was asked how it would go about making decisions "according to human factor, involving humans, and having to make a decision that affects so many people." "Making decisions that affect many people requires a careful balance of data-driven insights and human empathy," the AI bot responded, according to an audio recording obtained and published by the Washington Post. Vic then ran through a multi-part plan that suggested using AI technology to gather data on public opinion and feedback from the community, holding town hall meetings to listen to residents' concerns, consulting experts in relevant fields, evaluating the human impact of the decision and providing transparency about the decision-making. According to Wyoming Public Media, Miller has also pledged that he would donate half the mayoral salary to a non-profit if he is elected. The other half could be used to continually improve the AI bot, he said. Miller has faced some pushback since announcing his mayoral campaign. Wyoming's Secretary of State, Chuck Gray, launched an investigation to determine if the AI bot could legally appear on the ballot, citing state law that says only real people that are registered to vote can run for office. City officials clarified that Miller is the actual candidate, so he was allowed to continue. However, Laramie County ruled that only Miller's name would appear on the ballot, not the bot's. OpenAI later shut down Miller's account, but he quickly created a new one and continued his campaign.Read more of this story at Slashdot.
Apple's Podcasts app is now available on all major web browsers, allowing you to stream episodes directly from the web at www.podcasts.apple.com. TechCrunch reports: The new dedicated web experience aims to make it easier for anyone with a web browser on any device to access podcasts. Web listening has been available for some time; however, in order to listen to an episode, users had to look up a show on a search engine and go to the show's Apple Podcasts Preview page. Now Apple Podcasts on the web has launched a new interface, allowing users to access features that were previously only available on the app. These include browsing millions of shows, accessing sections like Library and Top Charts, purchasing premium podcast subscriptions, and more. Listeners can sync their Apple Accounts to be able to pause a podcast and save their play progress to listen to later, as well as see their followed shows and subscriptions. Users without an Apple Account can also use the web experience but can only browse and listen. You can try it out by listening to the latest episode of the SourceForge Podcast!Read more of this story at Slashdot.
The Department of Justice has amended its antitrust lawsuit against Ticketmaster and Live Nation, alleging that Ticketmaster's introduction of nontransferable tickets and the SafeTix system was primarily intended to stifle competition from rival platforms like StubHub and SeatGeek, rather than merely to reduce ticket fraud. "The complaint, which was amended on Monday after 10 states joined the DOJ's lawsuit, cites internal Ticketmaster documents obtained during the legal process," notes The Verge. From the report: In 2019, Ticketmaster rolled out SafeTix, which replaced static barcodes on electronic tickets with encrypted barcodes that refresh every 15 seconds. Ticketmaster marketed SafeTix as a way of reducing ticket fraud, but the complaint claims reducing competition was "a primary motivation" for the new ticketing system. [...] The amended complaint includes new information about Ticketmaster's dominance of the events market. One internal Live Nation document cited in the complaint notes that Ticketmaster is the primary ticketer for approximately 80 percent of arenas across the country that host NBA or NHL teams. As of 2022, Live Nation-promoted events accounted for 70 percent of all amphitheater shows across the country, according to internal Live Nation events mentioned in the complaint. The DOJ alleges that because of Ticketmaster's conduct, consumers have "paid more and continue to pay more for fees relating to tickets to live events than they would have paid in a free and open competitive market." The exact amount of monetary harm is still unknown, the complaint claims, and will require discovery from Ticketmaster and Live Nation's books, as well as from its third-party competitors.Read more of this story at Slashdot.
Smonster writes: The maker of the Snoo, a popular high-tech bassinet, touched off a firestorm of outrage after requiring a paid subscription to use several key features. Most new parents are looking for a way to reclaim even a hint of the sleep they used to get pre-infant. So a smart bassinet that uses sensors to detect when a crying baby needs pacifying, simulating the sounds and rhythms of the womb, offers an irresistible promise to sleep-strapped parents: another hour or two of shut-eye. The dream doesn't come cheap: One of the more popular models, the Snoo retails for $1,700, though enterprising parents can score one secondhand from friends, neighbors or relatives whose own children have outgrown it. But last month, that hand-me-down network was dealt a blow when Happiest Baby, the company that makes Snoo, began charging for access to some of the bassinet's premium features -- features that used to be available to Snoo users indefinitely, at no extra cost. Now, access to the app needed to lock in the bassinet's rocking level, to track the baby's sleep and to use the so-called weaning mode, among other features, will cost parents $20 a month. The change has angered secondhand users and original buyers alike. On Reddit, the new subscription model has prompted review bombs, group brainstorms for collective action and detailed instructions for outraged parents seeking recourse. Some have taken to filing complaints with the Federal Trade Commission, Better Business Bureau and state-run consumer protection offices.Read more of this story at Slashdot.
Longtime Slashdot reader whoever57 writes: A powerful storm sank the "Bayesian," a superyacht that was carrying Mike Lynch and some guests. In total, there is one confirmed death and another six missing, including Mike lynch and his daughter. It is believed that the yacht is effectively owned by Lynch. The 56-meter yacht had an aluminum hull and could carry 12 guests and a crew of up to 10. "Lynch co-founded Autonomy, a software firm that became one of the shining lights of the UK tech scene, in the mid-90s," notes The Guardian. "Once described as Britain's Bill Gates, Lynch spent much of the last decade in court defending his name against allegations of fraud related to the sale of Autonomy to the U.S. tech company Hewlett-Packard for $11 billion. The 59-year-old was acquitted by a jury in San Francisco in June, after he had spent more than a year living in effect under house arrest." "He was awarded an OBE for services to enterprise in 2006, and appointed in 2011 to the science and technology council of the then prime minister, David Cameron. He was elected as a fellow to the Royal Academy of Engineering in 2008 and the Royal Society in 2014."Read more of this story at Slashdot.
An anonymous reader shares a report: The tech review world has been full of murky deals between companies and influencers for years, but it appears Google finally crossed a line with the Pixel 9. The company's invite-only Team Pixel program -- which seeds Pixel products to influencers before public availability -- stipulated that participating influencers were not allowed to feature Pixel products alongside competitors, and those who showed a preference for competing phones risked being kicked out of the program. For those hoping to break into the world of tech reviews, the new terms meant having to choose between keeping access or keeping their integrity. The Verge has independently confirmed screenshots of the clause in this year's Team Pixel agreement for the new Pixel phones, which various influencers began posting on X and Threads last night. The agreement tells participants they're "expected to feature the Google Pixel device in place of any competitor mobile devices." It also notes that "if it appears other brands are being preferred over the Pixel, we will need to cease the relationship between the brand and the creator." The link to the form appears to have since been shut down.Read more of this story at Slashdot.
Microsoft has finally patched a workaround exploited by users seeking an upgrade path for Windows 11 that dodged the company's hardware requirements. From a report: The tweak arrived without fanfare in the Windows Insider build 27686. There were a few neat tweaks in the build, including updates to the Windows Sandbox Client preview and a much-needed bump from 32 GB to 2 TB for FAT32 when running the command line format function. However, the documentation did not mention an apparent end to one workaround that bypasses Microsoft's requirements check for Windows 11. According to X user @TheBobPony, the "setup.exe /product server" workaround is not supported in the latest build. The Register contacted Microsoft to understand its intentions with the change. The switch still works in the Windows 24H2 update, but the hardware check appears to no longer be bypassed in the latest Canary channel build (27686). The company has yet to respond.Read more of this story at Slashdot.
Concerns over the environmental impact of datacenters in the US state of Virginia are being raised again amid claims their water consumption has stepped up by almost two-thirds since 2019, and AI could make it worse. From a report: Virginia is described as the datacenter capital of the world, particularly Northern Virginia where it is understood there are about 300 facilities. According to the Financial Times, water consumption by bit barns in some areas has increased markedly over the past five years by almost two-thirds. It cites data gathered by freedom of information requests to claim that more than 1.85 billion US gallons was used in 2023, up from 1.13 billion gallons in 2019. Those figures came from water authorities in Northern Virginia in Fairfax, Loudoun, Prince William, and Fauquier counties. Water is typically used in datacenters for cooling, and the FT points to anxiety over expected increases in demand for computing infrastructure due to AI, which is particularly power intensive during processing for training of large models. It reported that some existing facilities are in water-stressed regions, including parts of Virginia suffering from droughts.Read more of this story at Slashdot.
Google is denying a recent report that it is no longer making Fitbit smartwatches. From a report: A company spokesperson told Ars Technica today that Google has no current plans to discontinue the Fitbit Sense or Fitbit Versa product lines. On Sunday, TechRadar published an article titled "RIP Fitbit smartwatches -- an end we could see coming a mile away." The article noted last week's announcement of the new Google Pixel Watch 3. Notably, the watch from Google, which acquired Fitbit in 2019, gives users free access to the Daily Readiness Score, a feature that previously required a Fitbit Premium subscription (Pixel Watch 3 owners also get six free months of Fitbit Premium). The publication said that Fitbit has been "consigned to wearable history" and reported: "Google quietly confirmed that there would never be another Fitbit Sense or Versa model produced. From now on, Fitbit-branded devices will be relegated to Google's best fitness trackers: the Fitbit Inspire, Luxe, and Charge ranges. The smartwatch form factor would be exclusively reserved for the Pixel Watch line."Read more of this story at Slashdot.
Dozens of VPN apps have vanished from Brazil's Apple App Store, including popular services NordVPN, ExpressVPN, and Surfshark. Simone Magliano, Head of Research at Top10VPN, reports that at least 30 VPN apps have become unavailable, though their store listings remained visible. Proton VPN, a major free VPN provider, confirmed the App Store issues, speculating it could be "a bug, or Apple implementing a secret censorship order." The move follows X, formerly Twitter, announcing over the weekend that it was shutting its Brazil operations, citing a "secret order" to arrest its legal representative if X didn't "comply with his [Brazilian Supreme Court Justice Alexandre de Morae] censorship orders."Read more of this story at Slashdot.
General Motors is cutting around 1,000 software workers around the world in a bid to focus on more "high-priority" initiatives like improving its Super Cruise driver assistance system, the quality of its infotainment platform and exploring the use of AI. From a report: The job cuts are not about cost cutting or individual performance, GM spokesperson Stuart Fowle told TechCrunch. Rather, they are meant to help the company move more quickly as it tries to compete in the world of "software-defined vehicles." For example, Fowle said, that could mean moving away from developing many different infotainment features and instead focusing on ones that matter most to consumers. The shuffle comes after GM has struggled with recent software problems. The automaker temporarily halted sales of its new Blazer EV in late 2023 after early vehicles encountered glitches. In June, GM promoted two former Apple executives to run its software and services division. The promotions were meant to fill the gap left by Mike Abbott, another Apple veteran who had joined GM as its executive vice president of software and services. Abbott left GM in March for health reasons.Read more of this story at Slashdot.
An anonymous reader shares a report: Many Procreate users can breathe a sigh of relief now that the popular iPad illustration app has taken a definitive stance against generative AI. "We're not going to be introducing any generative AI into our products," Procreate CEO James Cuda said in a video posted to X. "I don't like what's happening to the industry, and I don't like what it's doing to artists." The creative community's ire toward generative AI is driven by two main concerns: that AI models have been trained on their content without consent or compensation, and that widespread adoption of the technology will greatly reduce employment opportunities. Those concerns have driven some digital illustrators to seek out alternative solutions to apps that integrate generative AI tools, such as Adobe Photoshop. "Generative AI is ripping the humanity out of things. Built on a foundation of theft, the technology is steering us toward a barren future," Procreate said on the new AI section of its website. "We think machine learning is a compelling technology with a lot of merit, but the path generative AI is on is wrong for us."Read more of this story at Slashdot.
Raspberry Pi, the British computer manufacturer, unveiled a new 2GB variant of its flagship Raspberry Pi 5 single-board computer on Monday, priced at $50. Raspberry Pi CEO Eben Upton said the company aims to "bring high-performance general-purpose computing to the widest possible audience" with the new offering. The 2GB Raspberry Pi 5 utilizes a cost-optimized D0 stepping of the BCM2712 application processor, which removes non-essential functionality to reduce manufacturing costs. Upton stated the chip is "functionally identical" to users compared to higher-memory variants. While the reduced RAM may limit multitasking capabilities, Raspberry Pi's optimized OS allows for efficient resource usage. The company expects the 2GB model to suffice for many users' needs, while power users may opt for 4GB or 8GB versions priced at $60 and $80 respectively. The Raspberry Pi 5, launched in October 2023, features a quad-core Arm Cortex-A76 CPU running at 2.4GHz, dual 4K display output, and support for PCIe SSDs. Upton noted the latest model is "about 150 times as powerful" as the original Raspberry Pi from 2012.Read more of this story at Slashdot.
AMD agreed to buy server maker ZT Systems in a cash and stock transaction valued at $4.9 billion, adding data center technology that will bolster its efforts to challenge Nvidia. From a report: ZT Systems, based in Secaucus, New Jersey, will become part of AMD's Data Center Solutions Business Group, according to a statement Monday. AMD will retain the business's design and customer teams and look to sell the manufacturing division. Closely held ZT has extensive experience making server computers for owners of large data centers -- the kind of customers that are pouring billions into new AI capabilities. The acquisition will "significantly strengthen our data center AI systems," AMD Chief Executive Officer Lisa Su said in the statement.Read more of this story at Slashdot.
From a paper on the National Bureau of Economic Research: We investigate the relationship between physical attractiveness and the time people devote to video/computer gaming. Average American teenagers spend 2.6% of their waking hours gaming, while for adults this figure is 2.7%. Using the American Add Health Study, we show that adults who are better-looking have more close friends. Arguably, gaming is costlier for them, and they thus engage in less of it. Physically attractive teens are less likely to engage in gaming at all, whereas unattractive teens who do game spend more time each week on it than other gamers. Attractive adults are also less likely than others to spend any time gaming; and if they do, they spend less time on it than less attractive adults. Using the longitudinal nature of the Add Health Study, we find supportive evidence that these relationships are causal for adults: good looks decrease gaming time, not vice-versa.Read more of this story at Slashdot.
Security Week brings news about CI/CD workflows using GitHub Actions in build processes. Some workflows can generate artifacts that "may inadvertently leak tokens for third party cloud services and GitHub, exposing repositories and services to compromise, Palo Alto Networks warns."[The artifacts] function as a mechanism for persisting and sharing data across jobs within the workflow and ensure that data is available even after the workflow finishes. [The artifacts] are stored for up to 90 days and, in open source projects, are publicly available... The identified issue, a combination of misconfigurations and security defects, allows anyone with read access to a repository to consume the leaked tokens, and threat actors could exploit it to push malicious code or steal secrets from the repository. "It's important to note that these tokens weren't part of the repository code but were only found in repository-produced artifacts," Palo Alto Networks' Yaron Avital explains... "The Super-Linter log file is often uploaded as a build artifact for reasons like debuggability and maintenance. But this practice exposed sensitive tokens of the repository." Super-Linter has been updated and no longer prints environment variables to log files. Avital was able to identify a leaked token that, unlike the GitHub token, would not expire as soon as the workflow job ends, and automated the process that downloads an artifact, extracts the token, and uses it to replace the artifact with a malicious one. Because subsequent workflow jobs would often use previously uploaded artifacts, an attacker could use this process to achieve remote code execution (RCE) on the job runner that uses the malicious artifact, potentially compromising workstations, Avital notes. Avital's blog post notes other variations on the attack - and "The research laid out here allowed me to compromise dozens of projects maintained by well-known organizations, including firebase-js-sdk by Google, a JavaScript package directly referenced by 1.6 million public projects, according to GitHub. Another high-profile project involved adsys, a tool included in the Ubuntu distribution used by corporations for integration with Active Directory." (Avital says the issue even impacted projects from Microsoft, Red Hat, and AWS.) "All open-source projects I approached with this issue cooperated swiftly and patched their code. Some offered bounties and cool swag." "This research was reported to GitHub's bug bounty program. They categorized the issue as informational, placing the onus on users to secure their uploaded artifacts."My aim in this article is to highlight the potential for unintentionally exposing sensitive information through artifacts in GitHub Actions workflows. To address the concern, I developed a proof of concept (PoC) custom action that safeguards against such leaks. The action uses the @actions/artifact package, which is also used by the upload-artifact GitHub action, adding a crucial security layer by using an open-source scanner to audit the source directory for secrets and blocking the artifact upload when risk of accidental secret exposure exists. This approach promotes a more secure workflow environment... As this research shows, we have a gap in the current security conversation regarding artifact scanning. GitHub's deprecation of Artifacts V3 should prompt organizations using the artifacts mechanism to reevaluate the way they use it. Security defenders must adopt a holistic approach, meticulously scrutinizing every stage - from code to production - for potential vulnerabilities. Overlooked elements like build artifacts often become prime targets for attackers. Reduce workflow permissions of runner tokens according to least privilege and review artifact creation in your CI/CD pipelines. By implementing a proactive and vigilant approach to security, defenders can significantly strengthen their project's security posture. The blog post also notes protection and mitigation features from Palo Alto Networks....Read more of this story at Slashdot.
In the 1980s, a radio show about home computers was broadcast on a handful of California radio stations. 40 years later, reel-to-reel tapes of the shows were re-discovered - and digitized - by an Internet Archive special collections manager. An Internet Archive blog post tells the story:Earlier this year archivist Kay Savetz recovered several of the tapes in a property sale, and recognizing their value and worthiness of professional transfer, launched a GoFundMe to have them digitized, and made them available at Internet Archive with the permission of the show's creators... Interviews in the recovered recordings include Timothy Leary, Douglas Adams, Bill Gates, Atari's Jack Tramiel, Apple's Bill Atkinson, and dozens of others. The recovered shows span November 17 1984 through July 12, 1985. Many more of the original reel-to-reel tapes - including shows with interviews with Ray Bradbury, Robert Moog, Donny Osmond, and Gene Roddenberry - are still lost, and perhaps are still waiting to be found in the Los Angeles area. [Though there appears to be a transcript of the Gene Roddenberry interview.] The stories of how The Famous Computer Cafe was created - and saved, 40 years later - is explored in an episode of the Radio Survivor podcast. The podcast interviewed show co-creator Ellen Fields and archivist Kay Savetz, providing a dual perspective of how the show was created and how it was recovered. The recovery of these interviews, 40 years after their original airing, holds out hope that many more relics and treasures still await discovery. You get another perspective on the past from the show's advertisements for 1980s software (and from the production values of 1980s-era radio technology). Bill Gates was just 29 when he recorded his interview. And Douglas Adams was 32.Read more of this story at Slashdot.
Slashdot reader yeokm1 is the Singapore-based embedded security researcher whose side projects include installing Linux on a 1993 PC and building a ChatGPT client for MS-DOS. Today he writes:When one thinks of modern technologies like Thunderbolt, 2.5 Gigabit Ethernet and modern CPUs, one would associate them with modern operating systems. How about DOS? It might seem impossible, however I did an experiment on a relatively modern 2020 Thinkpad and found that it can still run MS-DOS 6.22. MS-DOS 6.22 is the last standalone version of DOS released by Microsoft in June 1994. This makes it 30 years old today. I'll share the steps and challenges in locating a modern laptop capable of doing so - and the challenge of making the 30-year-old OS work on it with audio and networking functions. This is likely among the final generation of laptops able to run DOS natively.Read more of this story at Slashdot.
Bloomberg's Mark Gruman remembers how Apple's hardware group "allowed Apple to dump Intel chips from its entire Mac lineup." And they're now building an in-house cellular modem:For more than a decade, Apple has used modem chips designed by Qualcomm... But in 2018 - while facing a legal battle over royalties and patents - Apple started work on its own modem design.... It's devoting billions of dollars, thousands of engineers and millions of working hours to a project that won't really improve its devices - at least at the outset... Over the past few years, Apple's modem project has suffered numerous setbacks. There have been problems with performance and overheating, and Apple has been forced to push back the modem's debut until next year at the earliest. The rollout will take place on a gradual basis - starting with niche models - and take a few years to complete. In a sign of this slow transition, Apple extended its supplier agreement with Qualcomm through March 2027... But Qualcomm has said that Apple will still have to pay it some royalties regardless (the chipmaker believes that Apple won't be able to avoid infringing its patents). So it's hard to tell how big the benefits will be in the near term. Down the road, there are plans for Apple to fold its modem design into a new wireless chip that handles Wi-Fi and Bluetooth access. That would create a single connectivity component, potentially improving reliability and battery life. There's also the possibility that Apple could one day combine all of this into the device's main system on a chip, or SoC. That could further cut costs and save space inside the iPhone, allowing for more design choices. Furthermore, if Apple does ultimately save money by switching away from Qualcomm, it could redirect that spending toward new features and components.Read more of this story at Slashdot.
"AI is already able to mimic sight and hearing," writes CNBC. And now a startup named Osmo "wants to use the technology to digitize another: smell." Co-founded by a former Google research scientist, the company built an AI that's "superhuman in its ability to predict what things smelled like," the company's co-founder says. And he believes this might actually prove useful. "We've known that smell contains information we can use to detect disease. But computers can't speak that language and can't interpret that data yet... We will eventually be able to detect disease with scent and we're on our way to building that technology. It's not going to happen this year or anytime soon, but we're on our way." CoinTelegraph describes how the company invented a training dataset from scratch - a kind of "smell map" with labelled examples of molecular bond associations to teach the AI to identify specific patterns.The team also hopes to develop a method to recreate smells using molecular synthesis. This would, for example, allow a computer in one place to "smell" something and then send that information to another computer for resynthesis - essentially teleporting odor over the internet. This also means scent could join sight and sound as part of the marketing and branding world.Read more of this story at Slashdot.
Indian influencersIt's the largest country on earth - home to 1.4 billion people. But "The Indian government has plans to classify social media creators as 'digital news broadcasters,'" according to the nonprofit site RestofWorld.org. While there's "no clarity" on the government's next move, the proposed legislation would require social media creators "to register with the government, set up a content evaluation committee that checks all content before it is published, and appoint complaint handlers - all at their own expense. Any failures in compliance could lead to criminal charges, including jail term."On July 26, the Hindustan Times reported that the government plans to tweak the proposed Broadcasting Services (Regulation) Bill, which aims to combine all regulations for broadcasters under one law. As per a new version of the bill, which has been reviewed by Rest of World, the government defines "digital news broadcaster" as "any person who broadcasts news and current affairs programs through an online paper, news portal, website, social media intermediary, or other similar medium as part of a systematic business, professional or commercial activity." Creators and digital rights activists believe the potential legislation will tighten the government's grip over online content and threaten the last bastion of press freedom for independent journalists in the country. Over 785 Indian creators have sent a letter to the government seeking more transparency in the process of drafting the bill. Creators have also stormed social media with hashtags like #KillTheBill, and made videos to educate their followers about the proposal. One YouTube creator told the site that if the government requires them to appoint a "grievance redressal officer," they might simply film themselves, responding to grievances - to "make content out of it".Read more of this story at Slashdot.
"From the beginning, we have believed that the right way to build these AI models is with open licenses," says the Open Model Initiative. SD Times quotes them as saying that open licenses "allow creatives and businesses to build on each other's work, facilitate research, and create new products and services without restrictive licensing constraints." Phoronix explains the community initiative "came about over the summer to help advance open-source AI models while now is becoming part of the Linux Foundation to further their cause."As part of the Linux Foundation, the OMI will be working to establish a governance framework and working groups, create shared standards to enhance model interoperability and metadata practices, develop a transparent dataset for training and captioning, complete an alpha test model for targeted red teaming, and release an alpha version of a new model with fine-tuning scripts before the end of 2024. The group was established "in response to a number of recent decisions by creators of popular open-source models to alter their licensing terms," reports Silicon Angle:The creators highlighted the recent licensing change announced by Stability AI Ltd., regarding its popular image-generation model Stable Diffusion 3 (SD3). That model had previously been entirely free and open, but the changes introduced a monthly fee structure and imposed limitations on its usage. Stability AI was also criticized for the lack of clarity around its licensing terms, but it isn't the only company to have introduced licensing restrictions on previously free software. The OMI intends to eliminate all barriers to enterprise adoption by focusing on training and developing AI models with "irrevocable open licenses without deletion clauses or recurring costs for access," the Linux Foundation said. InfoWorld also notes "the unavailability of source code and the license restrictions from LLM providers such as Meta, Mistral and Anthropic, who put caveats in the usage policies of their 'open source' models."Meta, for instance, does provide the rights to use Llama models royalty free without any license, but does not provide the source code, according to [strategic research firm] Everest Group's AI practice leader Suseel Menon. "Meta also adds a clause: 'If, on the Meta Llama 3, monthly active users of the products or services is greater than 700 million monthly active users, you must request a license from Meta.' This clause, combined with the unavailability of the source code, raises the question if the term open source should apply to Llama's family of models," Menon explained.... The OMI's objectives and vision received mixed reactions from analysts. While Amalgam Insights' chief analyst Hyoun Park believes that the OMI will lead to the development of more predictable and consistent standards for open source models, so that these models can potentially work with each other more easily, Everest Group's Malik believes that the OMI may not be able to stand before the might of vendors such as Meta and Anthropic. "Developing LLMs is highly compute intensive and has cost big tech giants and start-ups billions in capital expenditure to achieve the scale they currently have with their open-source and proprietary LLMs," Malik said, adding that this could be a major challenge for community-based LLMs. The AI practice leader also pointed out that previous attempts at a community-based LLM have not garnered much adoption, as models developed by larger entities tend to perform better on most metrics... However, Malik said that the OMI might be able to find appropriate niches within the content development space (2D/3D image generation, adaptation, visual design, editing, etc.) as it begins to build its models... One of the other use cases for the OMI's community LLMs is to see their use as small language models (SLMs), which can offer specific functionality at high effectiveness or functionality that is restricted to unique applications or use cases, analysts said.Currently, the OMI's GitHub page has three repositories, all under the Apache 2.0 license.Read more of this story at Slashdot.
"Ben Affleck and Matt Damon have acquired a screenplay called Killing Gawker," reports TechCrunch, for a film which "presumably delves into billionaire VC Peter Thiel's campaign to bury the media outfit for posting excerpts from a Hulk Hogan sex tape."The film is based on a book that details the 2016 court case in which Hogan won a $140 million judgment against a Gawker editor, Gawker founder Nick Denton, and Gawker itself, whose Valleywag site long chronicled Silicon Valley personalities and routinely zeroed in on Thiel. While casting hasn't been announced, it's "been rumored" Hulk Hogan will be played by Ben Affleck, writes Variety. "Gus Van Sant, who previously helmed Affleck and Damon's Good Will Hunting, is set to direct". The script was adapted from the book Conspiracy: Peter Thiel, Hulk Hogan, Gawker and the Anatomy of Intrigue, they report - though the movie currently "has no formal start date or production schedule."Read more of this story at Slashdot.
"A new Mozilla logo appears to be on the way," writes the blog OMG Ubuntu, " marking the company's first major update to its word-mark since 2017."The existing logo, which incorporates the internet protocol "://" and chosen based on feedback from the community, has become synonymous with the non-profit company. But German blogger Soren Hentzschel, an avid watcher of all things Mozilla, recently noticed that a different Mozilla word-mark was accompanying the (unchanged) Firefox logo on Mozilla's 'Nothing Personal' webpage [upper-left]. Some digging uncovered a number of recent code commits readying and referencing a refreshed word-mark and symbol for use in the navigation areas of Mozilla websites, landing pages, and so on... However, what's most exciting (to a nerd like me) with this new logo is the ASCII symbol at the end. It could be viewed as a flag on a pole. Sort of like Mozilla planting its values in the ground to say "we're here, come join". But it's more likely a nod to the original Mozilla mascot (inherited from its Netscape beginnings), which was a red dinosaur (an interesting logo of itself as it was designed by Shepard Fairey who created other seminal design works, and the skate brand OBEY)... Between the inclusion on a live webpage, code commits readying new logo for Mozilla websites, and the fact people can buy official Mozilla merchandise emblazoned with the new design, it seems a formal rebrand announcement is fairly imminent...Read more of this story at Slashdot.
Apple is building "a pricey tabletop home device" which uses "a thin robotic arm to move around a large screen," using actuators "to tilt the display up and down and make it spin 360 degree," according to Bloomberg's Mark Gurman. Citing "people with knowledge of the matter," Gurman writes that Apple assigned "several hundred people" to the project:The device is envisioned as a smart home command center, videoconferencing machine and remote-controlled home security tool, said the people... The project - codenamed J595 - was approved by Apple's executive team in 2022 but has started to formally ramp up in recent months, they said... Apple has now decided to prioritize the device's development and is aiming for a debut as early as 2026 or 2027, according to the people. The company is looking to get the price down to around $1,000. But with years to go before an expected release, the plans could theoretically change... The idea is for the tabletop product to be primarily controlled using the Siri digital assistant and upcoming features in Apple Intelligence. The device could respond to commands, such as "look at me," by repositioning the screen to focus on the person saying the words - say, during a video call. It also could understand different voices and adjust its focus accordingly. Current models in testing run a customized version of the iPad operating system... The company also is working on robots that move around the home and has discussed the idea of a humanoid version. Those projects are being led, in part, by Hanns Wolfram Tappeiner, a robotics expert who now has about 100 former car team engineers reporting to him. In a job listing published this month, Apple said it has a team "working to leverage and build upon groundbreaking machine learning robotics research, thereby enabling development of generalizable and reliable robot systems." The company said it's seeking experts with experience in "robot manipulation" and creating AI models for robot control. The article calls points out that Apple "still gets roughly half its revenue from the iPhone," and calls the robotics effort "one of a few avenues Apple is pursuing to generate new sources of revenue" - and to "capitalize" on its AI technology. (Apple is also working on both smart eyeglasses and augmented reality galsses.)Read more of this story at Slashdot.
Data center construction "could delay California's transition away from fossil fuels and raise electric bills for everyone else," warns the Los Angeles Times - and also increase the risk of blackouts:Even now, California is at the verge of not having enough power. An analysis of public data by the nonprofit GridClue ranks California 49th of the 50 states in resilience - or the ability to avoid blackouts by having more electricity available than homes and businesses need at peak hours... The state has already extended the lives of Pacific Gas & Electric Co.'s Diablo Canyon nuclear plant as well as some natural gas-fueled plants in an attempt to avoid blackouts on sweltering days when power use surges... "I'm just surprised that the state isn't tracking this, with so much attention on power and water use here in California," said Shaolei Ren, associate professor of electrical and computer engineering at UC Riverside. Ren and his colleagues calculated that the global use of AI could require as much fresh water in 2027 as that now used by four to six countries the size of Denmark. Driving the data center construction is money. Today's stock market rewards companies that say they are investing in AI. Electric utilities profit as power use rises. And local governments benefit from the property taxes paid by data centers. The article notes a Goldman Sachs estimate that by 2030, data centers could consume up to 11% of all U.S. power demand - up from 3% now. And it shows how the sprawling build-out of data centers across America is impacting surrounding communities:The article notes that California's biggest concentration of data centers - more than 50 near the Silicon Valley city of Santa Clara - are powered by a utility emitting "more greenhouse gas than the average California electric utility because 23% of its power for commercial customers comes from gas-fired plants. Another 35% is purchased on the open market where the electricity's origin can't be traced." Consumer electric rates are rising "as the municipal utility spends heavily on transmission lines and other infrastructure," while the data centers now consume 60% of the city's electricity.Energy officials in northern Virginia "have proposed a transmission line to shore up the grid that would depend on coal plants that had been expected to be shuttered."In 2022 an Oregon newspaper discovered Google data centers were consuming 29% of one city's water supply."Earlier this year, Pacific Gas & Electric told investors that its customers have proposed more than two dozen data centers, requiring 3.5 gigawatts of power - the output of three new nuclear reactors."Read more of this story at Slashdot.
The Washington Post reviews a new book about Microsoft's 68-year-old co-founder Bill Gates:"He's not the Messiah, he's a very naughty boy." That immortal line from Monty Python's Life of Brian kept running through my head as I was reading "Billionaire, Nerd, Savior, King: Bill Gates and His Quest to Shape Our World," by Anupreeta Das, a reporter at the New York Times... which often feels like an extended list of all the major and minor complaints that Das could find not only about Gates but also about billionaires, nerds and the broader practice of philanthropy... [T]he philanthropist who played a central role in the spectacularly successful fight against diseases like HIV/AIDS; the environmentalist whose net-zero vision has led him to create a multibillion-dollar nuclear-power company - that man barely makes an appearance in this book... Rather than weigh Gates's accomplishments against his failures, Das focuses on his personal weaknesses - his unpleasant management style, his extramarital affairs and, especially, his association with the convicted sex offender Jeffrey Epstein, who is featured extensively throughout, including in the beginning of the book's introduction and in a 12-page section that leads off the chapter titled "Cancel Bill." Frustratingly, Das sheds little new light on the Gates-Epstein relationship, beyond suggesting that Epstein first attracted the billionaire by indicating that he might be able to get Gates his coveted Nobel Peace Prize. While I and others have reported that a $2 million donation from Gates to the MIT Media Lab was thought of within MIT as being Epstein money, for instance, Das will go only so far as to say that "the donation may or may not have been at Epstein's recommendation." The Guardian also notes that the Gates Foundation and the Gateses "have prevented millions of deaths, pumping billions of dollars into fighting Aids, tuberculosis and malaria around the world." They co-founded Gavi, the Vaccine Alliance, which vaccinated half the world's children... [During the pandemic] the Gates-backed Covax partnership was spearheading the global vaccination effort, procuring more than 1bn doses for people in poorer countries. But this doesn't seem to wash with Das, who reports that the foundation is "bigfooting", "neocolonial", "antidemocratic", and "top down", and sees it as an egotistical way for Bill to charity-wash his reputation... The penultimate chapter is titled Cancel Bill, and that's what the whole book feels like: an appeal to public opinion to write Gates off. As yet, and in the context of what other American billionaires do and get away with, it seems a little unfair.Read more of this story at Slashdot.
"Electronic shelf labels are already common in Europe," reports the Los Angeles Times, "and will become wider spread in the U.S., with Walmart planning to implement the labels in 2,300 stores by 2026." And grocery giant Kroger also plans to introduce digital labels. But will they also bring "dynamic pricing", where stores raise the price of ice cream on hot days - or jack the cost of water and canned goods before upcoming storms?Kroger and Walmart said they have no plans to implement dynamic pricing, and added that electronic shelf labels will only be used to help lower costs. "Kroger's business model is to lower prices over time so that more customers shop with us," a Kroger spokesperson said. "Any test of electronic shelf tags is to lower prices more for customers where it matters most. To suggest otherwise is not true." A Walmart spokesperson said updates to the electronic tags will be used to reflect lower prices for items on sale or final clearance. Prices will not change throughout the day, she said... Grocery industry analyst Phil Lempert said the digital tags will help save time and money amid a labor shortage, but they could lead grocery chains down a slippery slope. "If you can make it electronic you can take a lot of costs out of the system, and that's great," Lempert said. "But once that's installed, and regardless of what any retailer is going to say, it's now easy to change prices." Santiago Gallino, a professor specializing in retail management at the University of Pennsylvania, said he hasn't seen signs that retailers plan to use electronic shelf labels for surge pricing. "In my conversation with retailers, it's clear that those who are pushing towards this technology are mainly trying to drive efficiency up in the stores and try to reduce costs," Gallino said. "Grocery retailers operate on very thin margins, so every time they find technology that can help them save in labor, they will do that." What grocery stores save in labor they may lose in customer trust and loyalty, however, said Dominick Miserandino [CEO of the retail disussion forum RetailWire.] "Consumers are exceptionally skeptical," he said. "When most of the consumer reaction to any product seems to be overwhelmingly negative, it's probably a product that one might want to reevaluate quickly." The article notes one U.S. presidential candidate has already pledged they'd "work to pass the first-ever federal ban on price gouging on food."Read more of this story at Slashdot.
In 1999 Los Angeles Times reporter Michael Hiltzik co-authored a Pulitzer Prize-winning story. Now a business columnist for the Times, this week he covers new pushback on the COVID lab leak claim:Here's an indisputable fact about the theory that COVID originated in a laboratory: Most Americans believe it to be true. That's important for several reasons. One is that evidence to support the theory is nonexistent. Another is that the claim itself has fomented a surge of attacks on science and scientists that threatens to drive promising researchers out of the crucial field of pandemic epidemiology. That concern was aired in a commentary by 41 biologists, immunologists, virologists and physicians published Aug. 1 in the Journal of Virology. The journal probably isn't in the libraries of ordinary readers, but the article's prose is commendably clear and its conclusions eye-opening. "The lab leak narrative fuels mistrust in science and public health infrastructures," the authors observe. "Scientists and public health professionals stand between us and pandemic pathogens; these individuals are essential for anticipating, discovering, and mitigating future pandemic threats. Yet, scientists and public health professionals have been harmed and their institutions have been damaged by the skewed public and political opinions stirred by continued promotion of the lab leak hypothesis in the absence of evidence...." [O]ne can't advance the lab leak theory without positing a vast conspiracy encompassing scientists in China and the U.S., and Chinese and U.S. government officials. How else could all the evidence of a laboratory event that resulted in more than 7 million deaths worldwide be kept entirely suppressed for nearly five years... "Validating the lab leak hypothesis requires intelligence evidence that the WIV possessed or carried out work on a SARS-CoV-2 precursor virus prior to the pandemic," the Virology paper asserts. "Neither the scientific community nor multiple western intelligence agencies have found such evidence." Despite that, "the lab leak hypothesis receives persistent attention in the media, often without acknowledgment of the more solid evidence supporting zoonotic emergence," the paper says... I've written before about the smears, physical harassment and baseless accusations of fraud and other wrongdoing that lab leak propagandists have visited upon scientists whose work has challenged their claims; similar attacks have targeted experts who have worked to debunk other anti-science narratives, including those about global warming and vaccines... What's notable about the Virology paper is that it represents a comprehensive and long-overdue pushback by the scientific community against such behavior. More to the point, it focuses on the consequences for public health and the scientific mission from the rise of anti-science propaganda... "Scientists have withdrawn from social media platforms, rejected opportunities to speak in public, and taken increased safety measures to protect themselves and their families," the authors report. "Some have even diverted their work to less controversial and less timely topics. We now see a long-term risk of having fewer experts engaged in work that may help thwart future pandemics...." Thanks in part to social media, anti-science has become more virulent and widespread, the Virology authors write.Read more of this story at Slashdot.
17,000 AT&T workers from the CWA union went on strike Friday.NPR notes the strike affects workers in nine states: Alabama, Florida, Georgia, Kentucky, Louisiana, Mississippi, North Carolina, South Carolina and Tennessee. A North Carolina newspaper says the union will remain on strike until they believe AT&T "begins to bargain over a new contract in good faith" after their previous contract expired back on August 3. And meanwhile, their article notes that the strike comes as some AT&T customers in North Carolina's Raleigh-Durham-Chapel Hill area "report prolonged internet outages."Saturday afternoon, AT&T also reported internet outages within a circle of northern Charlotte neighborhoods. "As far as the impact, the trained, experienced CWA members who are on strike do critical work installing, maintaining and supporting AT&T's residential and business wireline telecommunications network," CWA communications director Beth Allen said. "Customers should be aware that these workers will not be available to respond to service calls during the strike." Since at least Wednesday, AT&T internet customers in Durham have reported being without residential service. According to the company's website, outages have been detected across a wide section of the city, including downtown and around Duke University. AT&T has alerted some affected residents in southwest Durham their internet service "should be online" by Tuesday morning. An AT&T spokesperson told the newspaper that "We have various business continuity measures in place to avoid disruptions to operations and will continue to provide our customers with the great service they expect." A union executive said in a statement that AT&T's contract negotiators "did not seem to have the actual bargaining authority required by the legal obligation to bargain in good faith. Our members want to be on the job, providing the quality service that our customers deserve. It's time for AT&T to start negotiating in good faith so that we can move forward towards a fair contract."Read more of this story at Slashdot.
"I've been somewhat okay about backing up our home data," writes long-time Slashdot reader 93 Escort Wagon. But they could use some good advice:We've got a couple separate disks available as local backup storage, and my own data also gets occasionally copied to encrypted storage at BackBlaze. My daughter has her own "cloud" backups, which seem to be a manual push every once in a while of random files/folders she thinks are important. Including our media library, between my stuff, my daughter's, and my wife's... we're probably talking in the neighborhood of 10 TB for everything at present. The whole setup is obviously cobbled together, and the process is very manual. Plus it's annoying since I'm handling Mac, Linux, and Windows backups completely differently (and sub-optimally). Also, unsurprisingly, the amount of data we possess does seem to be increasing with time. I've been considering biting the bullet and buying an NAS [network-attached storage device], and redesigning the entire process - both local and remote. I'm familiar with Synology and DSM from work, and the DS1522+ looks appealing. I've also come across a lot of recommendations for QNAP's devices, though. I'm comfortable tackling this on my own, but I'd like to throw this out to the Slashdot community. What NAS do you like for home use. And what disks did you put in it? What have your experiences been? Long-time Slashdot reader AmiMoJo asks "Have you considered just building one?" while suggesting the cheapest option is low-powered Chinese motherboards with soldered-in CPUs. And in the comments on the original submission, other Slashdot readers shared their examples: destined2fail1990 used an AMD Threadripper to build their own NAS with 10Gbps network connectivity. DesertNomad is using "an ancient D-Link" to connect two Synology DS220 DiskStations Darth Technoid attached six Seagate drives to two Macbooks. "Basically, I found a way to make my older Mac useful by simply leaving it on all the time, with the external drives attached."But what's your suggestion? Share your own thoughts and experiences. What NAS do you like for home use? What disks would you put in it? And what have your experiences been?Read more of this story at Slashdot.
The Los Angeles Times spoke to Ryan Kiskis, an environmentally-conscious owner of a hydrogen fuel cell vehicle (the Toyota Mirai):He soon learned that hydrogen refueling stations are scarce and reliably unreliable. He learned that apps to identify broken stations hand out bad information. He learned that the state of California, which is funding the station buildout, is far behind schedule - 200 stations were supposed to be up and running by 2025, but only 54 exist. And since Kiskis bought his car, the price of hydrogen has more than doubled, currently the equivalent of $15 a gallon of gasoline. With fueling so expensive and stations so undependable, Kiskis - who lives in Pacific Palisades and works at Google in Playa Vista - drives a gasoline Jeep for everything but short trips around the neighborhood. "I've got a great car that sits in the driveway," he said. Bryan Caluwe can relate. The retired Santa Monican bought a Mirai in 2022. He likes his car too. "But it's been a total inconvenience." Hydrogen stations "are either down for mechanical reasons, or they're out of fuel, or, in the case of Shell, they've rolled up the carpet and gone home." And don't get Irving Alden started. He runs a commercial print shop in North Hollywood. He leases a Mirai. He too loves the car. But the refueling system? "It's a frickin' joke." The three are part of a class action lawsuit filed in July against Toyota. They claim that Toyota salespeople misled them about the sorry state of California's hydrogen refueling system. "They were told the stations were convenient and readily available," said lawyer Nilofar Nouri of Beverly Hills Trial Attorneys. "That turned out to be far from reality." The class action now amounts to two dozen plaintiffs and growing, Nouri said. "We have thousands of these individuals in California who are stuck with this vehicle." Kiskis believes Toyota sales staff duped him - but says, "I'm just as irritated with the state of California" for poor oversight of the program it's funding... Hyundai also sells a fuel cell car in California called the Nexo, and although the the suit is aimed only at Toyota, the hydrogen station situation affects Hyundai too. Toyota told The Times it's "committed to customer satisfaction and will continue to evaluate how we can best support our customers. We will respond to the allegations in this lawsuit in the appropriate forum." The article does note that the California Energy Commission awarded an extra $9.4 million to hydrogen station operators this year to cover "operations and maintenance" - and that hydrogen cars have their advantages. "The full tank range is 350 to 400 miles. A fill-up usually takes no more than five or 10 minutes. "But unlike electric vehicles, you can't fill up at home. You have to travel to a dedicated fueling station...."Read more of this story at Slashdot.
InfoWorld reports that Microsoft-owned GitHub "has unveiled Copilot Autofix, an AI-powered software vulnerability remediation service." The feature became available Wednesday as part of the GitHub Advanced Security (or GHAS) service:"Copilot Autofix analyzes vulnerabilities in code, explains why they matter, and offers code suggestions that help developers fix vulnerabilities as fast as they are found," GitHub said in the announcement. GHAS customers on GitHub Enterprise Cloud already have Copilot Autofix included in their subscription. GitHub has enabled Copilot Autofix by default for these customers in their GHAS code scanning settings. Beginning in September, Copilot Autofix will be offered for free in pull requests to open source projects. During the public beta, which began in March, GitHub found that developers using Copilot Autofix were fixing code vulnerabilities more than three times faster than those doing it manually, demonstrating how AI agents such as Copilot Autofix can radically simplify and accelerate software development. "Since implementing Copilot Autofix, we've observed a 60% reduction in the time spent on security-related code reviews," says one principal engineer quoted in GitHub's announcement, "and a 25% increase in overall development productivity." The announcement also notes that Copilot Autofix "leverages the CodeQL engine, GPT-4o, and a combination of heuristics and GitHub Copilot APIs."Code scanning tools detect vulnerabilities, but they don't address the fundamental problem: remediation takes security expertise and time, two valuable resources in critically short supply. In other words, finding vulnerabilities isn't the problem. Fixing them is... Developers can keep new vulnerabilities out of their code with Copilot Autofix in the pull request, and now also pay down the backlog of security debt by generating fixes for existing vulnerabilities... Fixes can be generated for dozens of classes of code vulnerabilities, such as SQL injection and cross-site scripting, which developers can dismiss, edit, or commit in their pull request.... For developers who aren't necessarily security experts, Copilot Autofix is like having the expertise of your security team at your fingertips while you review code... As the global home of the open source community, GitHub is uniquely positioned to help maintainers detect and remediate vulnerabilities so that open source software is safer and more reliable for everyone. We firmly believe that it's highly important to be both a responsible consumer of open source software and contributor back to it, which is why open source maintainers can already take advantage of GitHub's code scanning, secret scanning, dependency management, and private vulnerability reporting tools at no cost. Starting in September, we're thrilled to add Copilot Autofix in pull requests to this list and offer it for free to all open source projects... While responsibility for software security continues to rest on the shoulders of developers, we believe that AI agents can help relieve much of the burden.... With Copilot Autofix, we are one step closer to our vision where a vulnerability found means a vulnerability fixed.Read more of this story at Slashdot.
Long-time Slashdot reader theodp writes: Christie's this week announced the items that will be auctioned in three sales from the Paul G. Allen Collection, including historic computers and artifacts from the late Microsoft co-founder's former Living Computers Museum + Labs in Seattle.They include an Apple-1 from the desk of late Apple co-founder Steve Jobs, estimated at $500,000 to $800,000, to be auctioned as part of a live sale on Sept. 10 at Christie's Rockefeller Center in New York. Among the lot of "Firsts" from the Paul Allen Collection is a circa-1984 PC's Limited Personal Computer (est. $600-$800), which comes with a manual for the Microsoft-developed IBM DOS. Also being offered is a circa-1975 IMSAI 8080 microcomputer (est. $2,000-$3,000). Both computers ran operating systems that can be traced back to the efforts of Digital Research founder Gary Kildall. Kildall's CP/M was adapted for IMSAI in 1975 and inspired the "CP/M work-alike" Quick And Dirty Operating System (QDOS) that Microsoft purchased in 1981, ported to the new IBM PC as MS-DOS, and licensed to IBM, who in turn offered it as PC-DOS... Interestingly, not present in the any of the three Christie's Paul G. Allen Collection auctions is Allen's rare unedited copy of Kildall's Computer Connections: People, Places, and Events in the Evolution of the Personal Computer Industry (edited version available at CHM), one of only 20 copies that were originally distributed to family and friends shortly before Kildall's death in 1994. (In the unpublished memoir, Kildall's Seattle Times obit reported, Kildall called DOS "plain and simple theft" of CP/M). Documents released in response to a 2018 Washington Public Records Act request revealed that one of those copies found its way into the hands of Allen in 2017, gifted by University of Washington CS professor Ed Lazowska, who led fundraising campaigns for UW's Paul G. Allen Center for Computer Science & Engineering.Read more of this story at Slashdot.
Slashdot reader Dave Knott writes: After once again being plagued by controversy, this time due to a thwarted ballot-stuffing campaign, the 2024 Hugo Awards have been awarded at the 2024 World Science Fiction Convention. This year's winners are: * Best Novel: Some Desperate Glory, by Emily Tesh* Best Novella: Thornhedge, by T. Kingfisher* Best Novelette: "The Year Without Sunshine", by Naomi Kritzer* Best Short Story: "Better Living Through Algorithms", by Naomi Kritzer* Best Series: Imperial Radch, by Ann Leckie* Best Graphic Story or Comic: Saga, Vol. 11, written by Brian K. Vaughan, art by Fiona Staples* Best Related Work: A City on Mars: Can We Settle Space, Should We Settle Space, and Have We Really Thought This Through?, by Kelly Weinersmith and Zach Weinersmith* Best Dramatic Presentation, Long Form: Dungeons & Dragons: Honor Among Thieves * Best Dramatic Presentation, Short Form: The Last of Us: "Long, Long Time", written by Craig Mazin and Neil Druckmann, directed by Peter Hoar* Best Game or Interactive Work: Baldur's Gate 3, produced by Larian Studios* Best Editor Short Form: Neil Clarke* Best Editor Long Form: Ruoxi Chen* Best Professional Artist: Rovina Cai* Best Semiprozine: Strange Horizons, by the Strange Horizons Editorial Collective* Best Fanzine: Nerds of a Feather, Flock Together, editors Roseanna Pendlebury, Arturo Serrano, Paul Weimer; senior editors Joe Sherry, Adri Joy, G. Brown, Vance Kotrla* Best Fancast: Octothorpe, by John Coxon, Alison Scott, and Liz Batty* Best Fan Writer: Paul Weimer* Best Fan Artist: Laya Rose* Lodestar Award for Best YA Book: To Shape a Dragon's Breath by Moniquill Blackgoose* Astounding Award for Best New Writer: Xiran Jay ZhaoRead more of this story at Slashdot.
X.com "says it's ending business operations in Brazil effective immediately," reports Engadget, "but the service will remain available to users in the country." The company says Alexandre de Moraes, the president of the Superior Electoral Court and a justice of the Supreme Federal Court, threatened one of X's legal representatives with arrest if it did not "comply with his censorship orders." According to Reuters, de Moreas demanded that X remove certain content from its platform. Rather than comply, X has opted to end its local operations "to protect the safety of our staff." According to X, de Moraes made the threat in a "secret order," which it shared publicly. X owner Elon Musk claimed that the demand "would require us to break (in secret) Brazilian, Argentinian, American and international law."Read more of this story at Slashdot.
"Some corporate landlords collude with each other to set artificially high rental prices, often using algorithms and price-fixing software to do it." That's a U.S. presidential candidate, speaking yesterday in North Carolina to warn that the practice "is anticompetitive, and it drives up costs. I will fight for a law that cracks down on these practices." Ironically, it's a problem caused by technology that's impacting some of America's major tech-industry cities. Investopedia reports:Harris proposed a slate of policies aimed at curbing the high cost of housing, which many economists have traced to a long-standing shortage. The affordability situation for both renters and first-time buyers took a turn for the worse starting in 2020 when home prices and rents rose sharply. Harris's plan called for the construction of 3 million new houses to close the gap between how many homes exist in the country, and how many are needed, with the aim of evening out supply and demand and putting downward pressure on prices. This would be accomplished by offering tax incentives to builders for constructing starter homes, by funding local construction, and by cutting bureaucratic red tape that slows down construction projects. Harris would also help buyers out directly, through the first-time buyer credit. For renters, Harris said she would crack down on companies that own many apartments, who she said have "colluded" to raise rents using pricing algorithms. She also called for a law blocking large investors from buying houses to rent out, a practice she said was driving up prices by competing with individual private buyers. Harris's focus on corporate crackdowns extended to the food business, where she called for a "federal ban on price gouging on food and groceries," without going into specifics about what exact behavior the ban would target. Investopedia reminds readers that the executive branch is just one of three branches of the U.S. government:Should Harris win the 2024 election and become president, her ideas are still not guaranteed to be implemented, since many would require the support of Congress. Lawmakers are currently divided with Republicans controlling the House of Representatives and Democrats in control of the Senate.Read more of this story at Slashdot.
"We're testing a few new ways to plan and manage your presence on Threads," announced top Threads/Instagram executive Adam Mosseri, promising their 200 million-plus users "enhanced insights to help you better understand your followers and how posts perform, and the ability to save multiple drafts with scheduling coming soon." Axios reports:Helping creators avoid burnout has become a growing focus for Meta CEO Mark Zuckerberg, who said in July that the company's new generative AI tools can alleviate certain tasks like communicating with followers. Thursday's announcement was positioned as helping both businesses and creators - suggesting that Meta is ramping up plans to start monetizing Threads, which could be as early as this year.Read more of this story at Slashdot.
"A new front has opened in the longstanding debate over how fast the universe is expanding," writes Science magazine:For years astronomers have argued over a gulf between the expansion rate as measured from galaxies in the local universe and as calculated from studies of the cosmic microwave background (CMB), the afterglow of the Big Bang. The disparity was so large and persistent that some astronomers thought the standard theory of the universe might have to be tweaked. But over the past week, results from NASA's new James Webb Space Telescope orbiting observatory suggest the problem may be more mundane: some systematic error in the strategies used to measure the distance to nearby galaxies. "The evidence based on these data does not suggest the need for additional physics," says Wendy Freedman of the University of Chicago, who leads [the Carnegie-Chicago Hubble Program, or CCHP] that calculated the expansion rate from JWST data using three different galactic distance measurements and released the results on the arXiv preprint server. (The papers have not yet been peer reviewed.) The methods disagreed about the expansion rate, known as the Hubble constant, or H0, and two were close to the CMB prediction. Specifically, the team used JWST to measure the distance to 10 local galaxies using three stars with a predictable brightness: Cepheids, the brightest red giant stars, and carbon stars. Science notes that the last two methods "agreed to about 1%, but differed from the Cepheid-based distance by 2.5% to 4%." Combining all three methods the team derived a value "just shy of 70 km/s per Mpc," according to the article - leading the University of Chicago's Freedman to say "There's something systematic in the measurements. Until we can establish unambiguously where the issue lies in the nearby universe, we can't be claiming that there's additional physics in the distant universe." But the controversy continues, according to Adam Riess of Johns Hopkins University (leader of a team of Hubble Constant researchers known as SH0ES).Riess points out that other teams have used JWST to measure distances with all three methods separately and have come up with values closer to the original SH0ES result. He also questions why CCHP excluded data from telescopes other than JWST. "I don't see a compelling justification for excluding the data they do," he says. Thanks to long-time Slashdot reader sciencehabit for sharing the article.Read more of this story at Slashdot.
Wednesday GitHub "broke itself," reports the Register, writing that "the Microsoft-owned code-hosting outfit says it made a change involving its database infrastructure, which sparked a global outage of its various services." Or, as the Verge puts it, GitHub experienced "some major issues" which apparently lasted for 36 minutes:When we first published this story, navigating to the main GitHub website showed an error message that said "no server is currently available to service your request," but the website was working again soon after. (The error message also featured an image of an angry unicorn.) GitHub's report of the incident also listed problems with things like pull requests, GitHub Pages, Copilot, and the GitHub API. GitHub attributed the downtime to "an erroneous configuration change rolled out to all GitHub.com databases that impacted the ability of the database to respond to health check pings from the routing service. As a result, the routing service could not detect healthy databases to route application traffic to. This led to widespread impact on GitHub.com starting at 23:02 UTC." (Downdetector showed "more than 10,000 user reports of problems," according to the Verge, "and that the problems were reported quite suddenly.") GitHub's incident report adds that "Given the severity of this incident, follow-up items are the highest priority work for teams at this time."To prevent recurrence we are implementing additional guardrails in our database change management process. We are also prioritizing several repair items such as faster rollback functionality and more resilience to dependency failures.Read more of this story at Slashdot.
In his new memoir, Imminent, former senior intelligence official Luis Elizondo claims that a supersecret program has been retrieving technology and biological remains of nonhuman origin for decades, warning that these phenomena could pose a serious national security threat or even an existential threat to humanity. The New York Times reports: Luis Elizondo made headlines in 2017 when he resigned as a senior intelligence official running a shadowy Pentagon program investigating U.F.O.s and publicly denounced the excessive secrecy, lack of resources and internal opposition that he said were thwarting the effort. Elizondo's disclosures at the time created a sensation. They were buttressed by explosive videos and testimony from Navy pilots who had encountered unexplained aerial phenomena, and led to congressional inquiries, legislation and a 2023 House hearing in which a former U.S. intelligence official testified that the federal government has retrieved crashed objects of nonhuman origin. Now Elizondo, 52, has gone further in a new memoir. In the book he asserted that a decades-long U.F.O. crash retrieval program has been operating as a supersecret umbrella group made up of government officials working with defense and aerospace contractors. Over the years, he wrote, technology and biological remains of nonhuman origin have been retrieved from these crashes. "Humanity is, in fact, not the only intelligent life in the universe, and not the alpha species," Elizondo wrote. The book, "Imminent: Inside the Pentagon's Hunt for U.F.O.s," is being published by HarperCollins on Aug. 20 after a yearlong security review by the Pentagon.Read more of this story at Slashdot.
Citizen scientists from NASA's Backyard Worlds: Planet 9 project discovered a hypervelocity object, CWISE J1249, moving fast enough to escape the Milky Way. "This hypervelocity object is the first such object found with the mass similar to or less than that of a small star," reports NASA's Science Editorial Team, suggesting the object may have originated from a binary star system or a globular cluster. From the report: A few years ago, longtime Backyard Worlds citizen scientists Martin Kabatnik, Thomas P. Bickle, and Dan Caselden spotted a faint, fast-moving object called CWISE J124909.08+362116.0, marching across their screens in the WISE images. Follow-up observations with several ground-based telescopes helped scientists confirm the discovery and characterize the object. These citizen scientists are now co-authors on the team's study about this discovery published in the Astrophysical Journal Letters (a pre-print version is available here). CWISE J1249 is zooming out of the Milky Way at about 1 million miles per hour. But it also stands out for its low mass, which makes it difficult to classify as a celestial object. It could be a low-mass star, or if it doesn't steadily fuse hydrogen in its core, it would be considered a brown dwarf, putting it somewhere between a gas giant planet and a star. Ordinary brown dwarfs are not that rare. Backyard Worlds: Planet 9 volunteers have discovered more than 4,000 of them! But none of the others are known to be on their way out of the galaxy. This new object has yet another unique property. Data obtained with the W. M. Keck Observatory in Maunakea, Hawaii, show that it has much less iron and other metals than other stars and brown dwarfs. This unusual composition suggests that CWISE J1249 is quite old, likely from one of the first generations of stars in our galaxy. Why does this object move at such high speed? One hypothesis is that CWISE J1249 originally came from a binary system with a white dwarf, which exploded as a supernova when it pulled off too much material from its companion. Another possibility is that it came from a tightly bound cluster of stars called a globular cluster, and a chance meeting with a pair of black holes sent it soaring away.Read more of this story at Slashdot.
An anonymous reader quotes a report from NPR: Safety advocates have been touting the potential of technology that allows vehicles to communicate wirelessly for years. So far, the rollout has been slow and uneven. Now the U.S. Department of Transportation is releasing a roadmap it hopes will speed up deployment of that technology -- and save thousands of lives in the process. "This is proven technology that works," Shailen Bhatt, head of the Federal Highway Administration, said at an event Friday to mark the release of the deployment plan (PDF) for vehicle-to-everything, or V2X, technology across U.S. roads and highways. V2X allows cars and trucks to exchange location information with each other, and potentially cyclists and pedestrians, as well as with the roadway infrastructure itself. Users could send and receive frequent messages to and from each other, continuously sharing information about speed, position, and road conditions -- even in situations with poor visibility, including around corners or in dense fog or heavy rain. [...] Despite enthusiasm from safety advocates and federal regulators, the technology has faced a bumpy rollout. During the Obama administration, the National Highway Traffic Safety Administration proposed making the technology mandatory on cars and light trucks. But the agency later dropped that idea during the Trump administration. The deployment of V2X has been "hampered by regulatory uncertainty," said John Bozzella, president and CEO of the Alliance for Automotive Innovation, a trade group that represents automakers. But he's optimistic that the new plan will help. "This is the reset button," Bozzella said at Friday's announcement. "This deployment plan is a big deal. It is a crucial piece of this V2X puzzle." The plan lays out some goals and targets for the new technology. In the short-term, the plan aims to have V2X infrastructure in place on 20% of the National Highway System by 2028, and for 25% of the nation's largest metro areas to have V2X enabled at signalized intersections. V2X technology still faces some daunting questions, including how to pay for the rollout of critical infrastructure and how to protect connected vehicles from cyberattack. But safety advocates say it's past time to find the answers.Read more of this story at Slashdot.
BleepingComputer's Ionut Ilascu reports: Background check service National Public Data confirms that hackers breached its systems after threat actors leaked a stolen database with millions of social security numbers and other sensitive personal information. The company states that the breached data may include names, email addresses, phone numbers, social security numbers (SSNs), and postal addresses. In the statement disclosing the security incident, National Public Data says that "the information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es)." The company acknowledges the "leaks of certain data in April 2024 and summer 2024" and believes the breach is associated with a threat actor "that was trying to hack into data in late December 2023." NPD says they investigated the incident, cooperated with law enforcement, and reviewed the potentially affected records. If significant developments occur, the company "will try to notify" the impacted individuals.Read more of this story at Slashdot.
Slashdot