Government delegations will gather in Nairobi, Kenya, to hammer out details of what could be the first global treaty to tackle the plastic pollution crisis. From a report: A key focus for the discussions on Monday will be whether targets to restrict plastic production should be decided unilaterally or whether states should choose their own targets; this is, say environmentalists, the "centre of gravity" for the treaty's ambition. At the last round of negotiations in Paris in May run by the international negotiating committee (INC) the US, Saudi Arabia, India and China favoured a "Paris-style" agreement where states would have the freedom to determine their own commitments, while others, including Africa and many developing countries, preferred strong global commitments. But there are signs, some observers say, of a shift in the US's position on this key issue, though details have yet to emerge. "The main takeaway for many environmental groups, after INC2 [the negotiations in Paris], was how bad the US position was, in terms of Paris-style voluntary commitments," said Graham Forbes, the global plastics campaign lead for Greenpeace USA. He said there had been signals of a shift. "We are going to be watching very closely to see how that plays out. We need to be speaking about rules and putting in place regulations." Last month, a "zero draft" version of the text published by the INC as the basis of negotiations over what the head of the United Nations Environment Programme has described as the most important multilateral treaty since the Paris accord in 2015. The goal is to have a formal treaty in place by the end of 2024. This third round of talks, in Kenya from 13-17 November, will mark the halfway point.Read more of this story at Slashdot.
The Biden administration on Monday told US agencies to work toward giving up use of some telecommunications airwaves in order to make room for commercial providers facing surging demand for fast 5G services. From a report: The plan, called the National Spectrum Strategy, called for "detailed studies" to be concluded within two years. The document provides for "more transparent, more coordinated" efforts at airwaves management, Lael Brainard, director of the National Economic Council, said. "We have to make better use of the airwaves we have," said Alan Davidson, an assistant secretary of commerce who will help lead further steps to fulfill the strategy. Commercial providers have long sought more access to airwaves occupied by US agencies, saying that government uses at times aren't efficient and they should share space with new commercial technologies. Spectrum refers to the array of airwaves that carry everything from voice calls to satellite transmissions to signals for industrial machinery.Read more of this story at Slashdot.
OpenAI plans to secure further financial backing from its biggest investor Microsoft as the ChatGPT maker's chief executive Sam Altman pushes ahead with his vision to create artificial general intelligence (AGI) -- computer software as intelligent as humans. From a report: In an interview with the Financial Times, Altman said his company's partnership with Microsoft's chief executive Satya Nadella was "working really well" and that he expected "to raise a lot more over time" from the tech giant among other investors, to keep up with the punishing costs of building more sophisticated AI models. Microsoft earlier this year invested $10bn in OpenAI as part of a "multiyear" agreement that valued the San Francisco-based company at $29bn, according to people familiar with the talks. Asked if Microsoft would keep investing further, Altman said: "I'd hope so." He added: "There's a long way to go, and a lot of compute to build out between here and AGI... training expenses are just huge." Altman said "revenue growth had been good this year," without providing financial details, and that the company remained unprofitable due to training costs. But he said the Microsoft partnership would ensure "that we both make money on each other's success, and everybody is happy."Read more of this story at Slashdot.
Rovers and orbiters will continue collecting limited data during a two-week communications pause due to the position of Earth, the Sun, and the Red Planet. From a report: NASA will hold off sending commands to its Mars fleet for two weeks, from Nov. 11 to 25, while Earth and the Red Planet are on opposite sides of the Sun. Called Mars solar conjunction, this phenomenon happens every two years. The missions pause because hot, ionized gas expelled from the Sun's corona could potentially corrupt radio signals sent from Earth to NASA's Mars spacecraft, leading to unexpected behaviors. That's not to say those robotic explorers are on holiday. NASA's Perseverance and Curiosity rovers will monitor changes in surface conditions, weather, and radiation as they stay parked. Although momentarily grounded, the Ingenuity Mars Helicopter will use its color camera to study the movement of sand, which poses an ever-present challenge to Mars missions. The Mars Reconnaissance Orbiter and the Odyssey orbiter will continue imaging the surface. And MAVEN will continue collecting data on interactions between the atmosphere and the Sun.Read more of this story at Slashdot.
The Nepal government has decided to impose a ban on TikTok. From a report on the local newspaper Kathmandu Post: A Cabinet meeting on Monday took the decision to ban the Chinese-owned app, citing its negative effects on social harmony. However, when the decision will be brought into force is yet to be ascertained. Although freedom of expression is a basic right, a large section of society has criticised TikTok for encouraging a tendency of hate speech, the government said. In the past four years, 1,647 cases of cyber crime have been reported on the video sharing app. The Cyber Bureau of the Nepal Police, Ministry of Home Affairs, and representatives of TikTok discussed the issue earlier last week. Monday's decision is expected to be enforced following the completion of technical preparations. The latest decision has come within days after the government introduced the 'Directives on the Operation of Social Networking 2023.' As per the new rule, social media platforms operating in Nepal required to set up their offices in the country.Read more of this story at Slashdot.
Australian telecoms provider Optus said on Monday that a massive outage which effectively cut off 40% of the country's population and triggered a political firestorm was caused by "changes to routing information" after a "routine software upgrade." From a report: More than 10 million Australians were hit by the 12-hour network blackout at the Singapore Telecommunications-owned telco on Nov. 8, triggering fury and frustration among customers and raising wider concerns about the telecommunications infrastructure. Optus said in a statement that an initial investigation found the company's network was affected by "changes to routing information from an international peering network" early that morning, "following a routine software upgrade." It added: "These routing information changes propagated through multiple layers in our network and exceeded preset safety levels on key routers which could not handle these. This resulted in those routers disconnecting from the Optus IP Core network to protect themselves." The project to reconnect the routers was so large that "in some cases (it) required Optus to reconnect or reboot routers physically, requiring the dispatch of people across a number of sites in Australia", it added.Read more of this story at Slashdot.
For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. ArsTechnica: Underscoring the importance of their discovery, the researchers used their findings to calculate the private portion of almost 200 unique SSH keys they observed in public Internet scans taken over the past seven years. The researchers suspect keys used in IPsec connections could suffer the same fate. SSH is the cryptographic protocol used in secure shell connections that allows computers to remotely access servers, usually in security-sensitive enterprise environments. IPsec is a protocol used by virtual private networks that route traffic through an encrypted tunnel. The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host. While the percentage is infinitesimally small, the finding is nonetheless surprising for several reasons -- most notably because most SSH software in use has deployed a countermeasure for decades that checks for signature faults before sending a signature over the Internet. Another reason for the surprise is that until now, researchers believed that signature faults exposed only RSA keys used in the TLS -- or Transport Layer Security -- protocol encrypting Web and email connections. They believed SSH traffic was immune from such attacks because passive attackers -- meaning adversaries simply observing traffic as it goes by -- couldn't see some of the necessary information when the errors happened.Read more of this story at Slashdot.
Press2ToContinue writes: Starting next year, Meta will play the role of a strict schoolteacher for political ads, making them fess up if they've used AI to tweak images or sounds. This new 'honesty policy' will kick in worldwide on Facebook and Instagram, aiming to prevent voters from being duped by digitally doctored candidates or made-up events. Meanwhile, Microsoft is jumping on the integrity bandwagon, rolling out anti-tampering tech and a support squad to shield elections from AI mischief.Read more of this story at Slashdot.
Nvidia, the world's most valuable chipmaker, is updating its H100 artificial intelligence processor, adding more capabilities to a product that has fueled its dominance in the AI computing market. From a report: The new model, called the H200, will get the ability to use high-bandwidth memory, or HBM3e, allowing it to better cope with the large data sets needed for developing and implementing AI, Nvidia said Monday. Amazon's AWS, Alphabet's Google Cloud and Oracle's Cloud Infrastructure have all committed to using the new chip starting next year. The current version of the Nvidia processor -- known as an AI accelerator -- is already in famously high demand. It's a prized commodity among technology heavyweights like Larry Ellison and Elon Musk, who boast about their ability to get their hands on the chip. But the product is facing more competition: AMD is bringing its rival MI300 chip to market in the fourth quarter, and Intel claims that its Gaudi 2 model is faster than the H100. With the new product, Nvidia is trying to keep up with the size of data sets used to create AI models and services, it said. Adding the enhanced memory capability will make the H200 much faster at bombarding software with data -- a process that trains AI to perform tasks such as recognizing images and speech.Read more of this story at Slashdot.
Google is suing scammers who are trying to use the hype around generative AI to trick people into downloading malware, the company has announced. From a report: In a lawsuit filed today in California, the company says individuals believed to be based in Vietnam are setting up social media pages and running ads encouraging users to "download" its generative AI service Bard. The download actually delivers malware to the victims, which steals social media credentials for the scammers to use. "Defendants are three individuals whose identities are unknown who claim to provide, among other things, 'the latest version' of Google Bard for download," the lawsuit reads. "Defendants are not affiliated with Google in any way, though they pretend to be. They have used Google trademarks, including Google, Google AI, and Bard to lure unsuspecting victims into downloading malware onto their computers." The lawsuit notes that scammers have specifically used promoted Facebook posts in an attempt to distribute malware. Similar to crypto scams, the lawsuit highlights how interest in an emerging technology can be weaponized against people who may not fully understanding how it operates.Read more of this story at Slashdot.
Netflix's annual virtual event "Geeked Week" pre-announces its biggest upcoming shows. This year Netflix released a trailer for its upcoming adaptation of The Three-Body Problem, and for its new live-action Avatar: The Last Airbender series. (And there's also going to be some kind of live-action Stranger Things stage show opening in London in December.) Variety noted the "explosive" new trailer for Zach Snyder's new "action-packed space opera" Rebel Moon. The film - which will also have a one-week theatrical run in December - takes place in the same universe as Snyder's Army of the Dead. But instead of being set in Las Vegas, "The story centers on a young woman living on the outskirts of a galaxy who must find a group of warriors to save the galaxy from an invasion from a tyrant." The Verge pulled together a good rundown of all the other announcements - one of which involves Neil Gaiman:Following last year's The Sandman, Netflix is bringing even more beloved Neil Gaiman characters to the small screen. This time it's Dead Boy Detectives - which was originally slated to stream on Max - based on a crime-solving duo who made their debut in a Sandman comic in the '90s. The news was paired with the first trailer for the series, which shows off a pretty fun-looking supernatural whodunit... Netflix says the new eight-episode series is part of its growing "Sandman universe"... with Gaiman serving as one of the executive producers. [Coming sometime in 2024] They're also launching several animated series. Netflix released a short teaser for Terminator: the Anime Series.An animated new take on Ultraman.An animated He-Man reboot, Masters of the Universe: Revolution (with Mark Hamill providing the voice of Skeletor).An adult animated comedy series based on the card game Exploding Kittens. (The Verge writes that its trailer "features god in the body of a cat and a very confounding garage door" - and that there will also be an accompanying mobile game.)Netflix also has a new Chicken Run movie coming in December with its own tie-in game called Eggstraction.Read more of this story at Slashdot.
There's already a powerful immunotherapy that "involves engineering a patient's T cells so they recognize and attack cancer cells," writes one of America's top cancer hospitals. The Memorial Sloan Kettering Cancer Center notes that CAR T cell therapy has already begun to revolutionize cancer treatment," with these "chimeric" T cells "multiplied in a lab and given back to the patient to be a continual fighting force against the cancer." But now "New research from the lab of physician-scientist Michel Sadelain, MD, PhD, shows that disrupting a single gene in the CAR T cells can make them more potent and able to fight tumors longer." In a paper published in Cancer Discovery, the team demonstrated that disrupting the gene SUV39H1 causes a ripple effect: It restores the expression of multiple genes that help sustain the T cells' longevity. The researchers showed that this approach improved CAR T cell effectiveness against multiple cancers in mice... The researchers used the gene-editing tool CRISPR/Cas9 to alter SUV39H1 in human CAR T cells. They placed these modified CAR T cells into mice that had been implanted with either human leukemia cells or prostate cancer cells. For both cancers, the CAR T cells were able to sustain their function without becoming exhausted, leading to tumor elimination. By contrast, mice with unedited CAR T cells did not survive the cancer. "The edited CAR T cells can maintain their anti-cancer effects, even when we challenged them repeatedly by exposing them to new tumors over time," Dr. Zhao says. "These results suggest that SUV39H1-edited CAR T cells may reduce tumor relapse in patients." There did not appear to be serious side effects in the mice, although researchers will need to confirm the safety of this approach in humans. The biotechnology company Mnemo Therapeutics is exploring the possibility of conducting clinical trials based on this research.Read more of this story at Slashdot.
Cells have a protein receptor that will cause that cell to die - in theory. Unfortunately, "Previous efforts to target this receptor have been unsuccessful," says Jogender Tushir-Singh, an associate professor in the Department of Medical Microbiology and Immunology at the University of California, Davis. But he's now led a team of researchers at the university's Comprehensive Cancer Center that's identified a receptor-activating protein section. And more importantly, "now that we've identified this epitope, there could be a therapeutic path forward" for targeting that receptor... in tumors.The findings were published Oct. 14 in the Nature journal Cell Death & Differentiation... Death receptors do precisely what their name implies - when targeted, they trigger programmed cell death of tumor cells. They offer a potential workaround that could simultaneously kill tumor cells and pave the way for more effective immunotherapies and CAR T-cell therapy... Tushir-Singh and his colleagues knew they might be able to target cancer cells selectively if they found the right epitope. Having identified this specific epitope, he and other researchers can now design a new class of antibodies to selectively bind to and activate Fas to potentially destroy tumor cells specifically. Singh says their research "sets the stage" to develop antibodies that selectively kill tumor cells.Read more of this story at Slashdot.
Around 40% of goods entering and leaving Australia are managed by a single ports operator. But from Friday to Monday morning, they were suffering from a cyberattack that had "crippled" their facilities in Melbourne, Sydney, Brisbane and Perth, reports the BBC:The outage has not affected the supply of goods to major Australian supermarkets, the BBC understands. DP World Australia, a unit of the Dubai state-owned DP World, said its ports resumed operations at 9am local time "following successful tests of key systems overnight". It added "The company expects that approximately 5,000 containers will move out of the four Australian terminals today...." DP World said it halted internet connectivity at its ports on Friday to prevent "any ongoing unauthorised access" to its network. Going offline meant trucks had been unable to transport containers in and out of the affected sites. The resumption of service on Monday is the first step towards tackling the attack on its network. DP World said it was still in the process of investigating the disruption and guarding its systems against cyber attacks.Read more of this story at Slashdot.
MacRumors writes that the second beta of iOS 17.2 "adds a new feature that allows an iPhone 15 Pro or iPhone 15 Pro Max to record Spatial Video" - that is, in the immersive 3D format for the yet-to-be-released Apple Vision Pro (where it can be viewed in the "Photos" app):Spatial Video recording can be enabled by going to the Settings app, tapping into the Camera section, selecting Formats, and toggling on "Spatial Video for aOEApple Vision ProaOE..." Spatial Videos taken with an aOEiPhone 15 ProaOE can be viewed on the aOEiPhoneaOE as well, but the video appears to be a normal video and not a Spatial Video. Tech blogger John Gruber got to test the technology, watching the videos on a (still yet-to-be-released) Vision Pro headset. "I'm blown away once again," he wrote, calling the experience "astonishing." "Before my demo, I provided Apple with my eyeglasses prescription, and the Vision Pro headset I used had appropriate corrective lenses in place. As with my demo back in June, everything I saw through the headset looked incredibly sharp..."The Vision Pro experience is highly dependent upon foveated rendering, which Wikipedia succinctly describes as "a rendering technique which uses an eye tracker integrated with a virtual reality headset to reduce the rendering workload by greatly reducing the image quality in the peripheral vision (outside of the zone gazed by the fovea)..." It's just incredible, though, how detailed and high resolution the overall effect is... Plain old still photos look amazing. You can resize the virtual window in which you're viewing photos to as large as you can practically desire. It's not merely like having a 20-foot displaya - aa size far more akin to that of a movie theater screen than a television. It's like having a 20-foot display with retina quality resolution, and the best brightness and clarity of any display you've ever used... And then there are panoramic photos... Panoramic photos viewed using Vision Pro are breathtaking. There is no optical distortion at all, no fish-eye look. It just looks like you're standing at the place where the panoramic photo was takena - aand the wider the panoramic view at capture, the more compelling the playback experience is. It's incredible... As a basic rule, going forward, I plan to capture spatial videos of people, especially my family and dearest friends, and panoramic photos of places I visit. It's like teleportation... When you watch regular (non-spatial) videos using Vision Pro, or view regular still photography, the image appears in a crisply defined window in front of you. Spatial videos don't appear like that at all. I can't describe it any better today than I did in June: it's like watchinga - aand listening toa - aa dream, through a hazy-bordered portal opened into another world... Nothing you've ever viewed on a screen, however, can prepare you for the experience of watching these spatial videos, especially the ones you will have shot yourself, of your own family and friends. They truly are more like memories than videos... [T]he ones I shot myself were more compelling, and took my breath away... Prepare to be moved, emotionally, when you experience this.Read more of this story at Slashdot.
"In an open-air warehouse in California's Central Valley, 40-foot-tall racks hold hundreds of trays filled with a white powder that turns crusty as it absorbs carbon dioxide from the sky," reports the New York Times. "The start-up that built the facility, Heirloom Carbon Technologies, calls it the first commercial plant in the United States to use direct air capture, which involves vacuuming greenhouse gases from the atmosphere."Another plant is operating in Iceland, and some scientists say the technique could be crucial for fighting climate change. Heirloom will take the carbon dioxide it pulls from the air and have the gas sealed permanently in concrete, where it can't heat the planet. To earn revenue, the company is selling carbon removal credits to companies paying a premium to offset their own emissions. Microsoft has already signed a deal with Heirloom to remove 315,000 tons of carbon dioxide from the atmosphere. The company's first facility in Tracy, California, which opens Thursday, is fairly small. The plant can absorb a maximum of 1,000 tons of carbon dioxide per year, equal to the exhaust from about 200 cars. But Heirloom hopes to expand quickly. "We want to get to millions of tons per year," said Shashank Samala, the company's chief executive. "That means copying and pasting this basic design over and over." Heirloom's technology hinges on a simple bit of chemistry: Limestone, one of the most abundant rocks on the planet, forms when calcium oxide binds with carbon dioxide. In nature, that process takes years. Heirloom speeds it up. At the California plant, workers heat limestone to 1,650 degrees Fahrenheit in a kiln powered by renewable electricity. Carbon dioxide is released from the limestone and pumped into a storage tank. The leftover calcium oxide, which looks like flour, is then doused with water and spread onto large trays, which are carried by robots onto tower-high racks and exposed to open air. Over three days, the white powder absorbs carbon dioxide and turns into limestone again. Then it's back to the kiln and the cycle repeats. "That's the beauty of this, it's just rocks on trays," Mr. Samala, who co-founded Heirloom in 2020, said. The hard part, he added, was years of tweaking variables like particle size, tray spacing and moisture to speed up absorption... In future projects, Heirloom also plans to pump carbon dioxide into underground storage wells, burying it. The company received funding from Microsoft's Climate Innovation Fund and Bill Gates' Breakthrough Energy Ventures, according to Bloomberg, which adds that Heirloom's technology will later "be deployed at a major hub in Louisiana the government expects will remove 1 million tons of CO2 a year by the end of the decade." The New York Times notes there was also federal funding, something that's been fueling the ambitions of hundreds of carbon-capture startups. "The science is clear," says America's Energy Secretary. "Cutting back carbon emissions through renewable energy alone won't stop the damage from climate change. Direct air capture technology is a game-changing tool that gives us a shot at removing the carbon pollution that has been building in the atmosphere since the Industrial Revolution."Read more of this story at Slashdot.
Greek economist/politician Yanis Varoufakis "was briefly Greek finance minister in 2015," remembers the Conversation. Now his new book asks the question, "What killed capitalism," with the title's first word providing an answer. "Techno-feudalism."Varoufakis argues that we no longer live in a capitalist society... "Today, capitalist relations remain intact, but techno-feudalist relations have begun to overtake them," writes Varoufakis. Traditional capitalists, he proposes, have become "vassal capitalists". They are subordinate and dependent on a new breed of "lords" - the Big Tech companies - who generate enormous wealth via new digital platforms. A new form of algorithmic capital has evolved - what Varoufakis calls "cloud capital" - and it has displaced "capitalism's two pillars: markets and profits". Markets have been "replaced by digital trading platforms which look like, but are not, markets". The moment you enter amazon.com "you exit capitalism" and enter something that resembles a "feudal fief": a digital world belonging to one man and his algorithm, which determines what products you will see and what products you won't see. If you are a seller, the platform will determine how you can sell and which customers you can approach. The terms in which you interact, share information and trade are dictated by an "algo" that "works for [Jeff Bezos'] bottom line"... Access to the "digital fief" comes at the cost of exorbitant rents. Varoufakis notes that many third-party developers on the Apple store, for example, pay 30% "on all their revenues", while Amazon charges its sellers "35% of revenues". This, he argues, is like a medieval feudal lord sending round the sheriff to collect a large chunk of his serfs' produce because he owns the estate and everything within it. There is "no disinterested invisible hand of the market" here. The Big Tech platforms are exempted from free-market competition. And in the meantime, users are unknowingly training their algorithms for them - so "In this interaction, we are all high-tech 'cloud serfs'... [T]he 'cloud capital' we are generating for them all the time increases their capacity to generate yet more wealth, and thus increases their power - something we have only begun to realise."Approximately 80% of the income of traditional capitalist conglomerates go to salaries and wages, according to Varoufakis, while Big Tech's workers, in contrast, collect "less than 1% of their firms' revenues"... For Varoufakis, we are not just living through a tech revolution, but a tech-driven economic revolution. He challenges us to come to terms with just what has happened to our economies - and our societies - in the era of Big Tech and Big Finance. Thanks to Slashdot reader ZipNada for sharing the article.Read more of this story at Slashdot.
Images and information from social media (and other online sources) are being used by AI to create "create convincing and personalized scam calls, texts and emails," writes the Palm Beach Post, citing a warning from Florida's consumer watchdog agency.In an older version of the scam, a caller would greet "Grandma" or "Grandpa" before saying, "It's me - I know I sound funny because I have a cold," and then make an urgent plea for money to get out of a scrap... Using audio and video clips found online, the con artist can clone the voice of a family member to make the call more compelling... Listen for clues to a con like incorrect or mispronounced names or unfamiliar terms of endearment. The pressure to act quickly and to keep the call a secret are all timeless hallmarks of a scam, the agency notes. Detailed instructions on how to deliver funds in a form that is hard to recover - wired funds, a gift card or pay app - are also indications of a ripoff in the making. The consumer watchdog agency suggests this precaution. "Encourage family members to set their social media pages to private." Thanks to long-time Slashdot reader SonicSpike for sharing the article.Read more of this story at Slashdot.
Despite a six-episode Ms. Marvel miniseries on Disney+, audiences aren't turning out now to see the 16-year-old superhero's team-up with Captain Marvel on the big screen. The Marvels earned $47 million in its opening weekend, reports Deadline, "the lowest ever for Disney's Marvel Cinematic Universe," and $110 million worldwide, "which is also a bottom rung for the MCU and below the $140M we were forecasting."In regards to U.S. admissions, The Marvels came in per EntTelligence at 3.3M compared to other superhero bombs, The Flash's 3.9M and Eternals' 5.5M. By all accounts and by all sources, it's a disastrous result for a $200 million Marvel Studios movie... Months ago, who would have thought that Universal/Blumhouse's Five Nights at Freddys two weeks ago in a day-and-date debut on Peacock would post a higher opening at the box office ($80M) than The Marvels...? The Marvels meltdown isn't about superhero fatigue. It's about Disney's overexposure of the Marvel Cinematic Universe brand on Disney+, and those moth holes are beginning to show: Keep what's meant for the cinema in cinemas, and keep what's meant for in-homes in the home. Meaning, this whole crossover streaming-into-film master plan isn't working, nor is it really connected in a jaw-dropping way.. The Marvels - with its crossover streaming series blah-blah - looks like it was built to be seen in homes, not to get audiences off the couch.Read more of this story at Slashdot.
SysAid's system management software has "a vulnerability actively being exploited to deploy Clop ransomware," according to SiliconAngle:The warning came from Microsoft Corp.'s Threat Intelligence team, which wrote on X that it had discovered the exploitation of a zero-day vulnerability in SysAid's IT support software that's being exploited by the Lace Tempest ransomware gang. Lace Tempest first emerged earlier this year from its attacks involving the MOVEit Transfer and GoAnywhere MFT. This group has been characterized by its sophisticated attack methods, often exploiting zero-day vulnerabilities to infiltrate organizations' systems to deploy ransomware and exfiltrate sensitive data... In a blog post, SysAid said that the vulnerability, tracked as CVE-2023-47246, was first discovered on Novembers 2 and is a path traversal vulnerability leading to code execution within the SysAid on-prem software... "Given the scale and impact of the MOVEit breach, which was considered one of the largest in recent history, the potential for the SysAid vulnerability to reach similar levels of disruption is not inconceivable, though several factors would influence this outcome," Craig Jones, vice president of security operations at managed detection and response provider Ontinue Inc., told SiliconANGLE. "The MOVEit breach, exploited by the Clop ransomware group, impacted over 1,000 organizations and more than 60 million individuals," Jones explained. "Comparatively, SysAid claims more than 5,000 customers across various industries globally. The potential damage from the SysAid vulnerability would depend on factors such as how widespread the exploitation is, how quickly the patch is applied and the sensitivity of the accessed data." SysAid's blog post confirms the zero-day vulnerability, and says they've begun "proactively communicating with our on-premise customers to ensure they could implement a mitigation solution we had identified..." "We urge all customers with SysAid on-prem server installations to ensure that your SysAid systems are updated to version 23.3.36, which remediates the identified vulnerability, and conduct a comprehensive compromise assessment of your network..."The attacker uploaded a WAR archive containing a WebShell and other payloads into the webroot of the SysAid Tomcat web service [which] provided the attacker with unauthorized access and control over the affected system.Subsequently, the attacker utilized a PowerShell script, deployed through the WebShell, to execute a malware loader named user.exe on the compromised host, which was used to load the GraceWire trojan... After this initial access and the deployment of the malware, the attacker utilized a second PowerShell script to erase evidence associated with the attacker's actions from the disk and the SysAid on-prem server web logs... Given the severity of the threat posed, we strongly recommend taking immediate steps according to your incident response playbook and install any patches as they become available.Read more of this story at Slashdot.
Wednesday nearly half of Australia was left without internet or phone service after the country's second largest telecommunications company experienced a service outage affecting 10 million people. But that's not Optus's only problem, according to this report from the Guardian:Optus has lost a bid in the federal court to keep secret a report on the cause of the 2022 cyber-attack - which resulted in the personal information of about 10 million customers being exposed - after a judge rejected the telco's legal privilege claim. After the hack, the company announced in October last year that it had recruited consultancy firm Deloitte to conduct a forensic assessment of what had led to the cyber-attack.Since then, the company has also faced an investigation by the Office of the Australian Information Commissioner, and a class action case in the federal court. As part of the class action case, law firm Slater and Gordon, acting for the applicants, had sought access to the Deloitte report that was never made public... It came as the embattled CEO faces pressure over the company's handling of a 14-hour outage on Wednesday, that took phone and internet services offline for 10 million customers, delayed trains, disconnected call centres and hospital phone lines. The company has not announced any independent report into the incident, but it is now subject to two government investigations and a Senate inquiry.Read more of this story at Slashdot.
This week the Council of the European Union made an announcement. "With a view to ensuring a trusted and secure digital identity for all Europeans, the Council presidency and European Parliament representatives reached today a provisional agreement on a new framework for a European digital identity (eID)." The proposed new framework would also require member states "to issue a digital wallet under a notified eID scheme, built on common technical standards, following compulsory certification." "With the approval of the European digital identity regulation, we are taking a fundamental step so that citizens can have a unique and secure European digital identity," said Nadia CalviAo, acting Spanish first vice-president and minister for economy and digitalisation. From the announcement:The revised regulation constitutes a clear paradigm shift for digital identity in Europe aiming to ensure universal access for people and businesses to secure and trustworthy electronic identification and authentication. Under the new law, member states will offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g., driving licence, diplomas, bank account). Citizens will be able to prove their identity and share electronic documents from their digital wallets with a click of a button on their mobile phone. The new European digital identity wallets will enable all Europeans to access online services with their national digital identification, which will be recognised throughout Europe, without having to use private identification methods or unnecessarily sharing personal data. User control ensures that only information that needs to be shared will be shared... The revised law clarifies the scope of the qualified web authentication certificates (QWACs), which ensures that users can verify who is behind a website, while preserving the current well-established industry security rules and standards. "When finalised, the text will be submitted to the member statesa(TM) representatives (Coreper) for endorsement. Subject to a legal/linguistic review, the revised regulation will then need to be formally adopted by the Parliament and the Council before it can be published in the EUa(TM)s Official Journal and enter into force."Read more of this story at Slashdot.
Started in 2013, "Hour of Code" is an annual tradition started by the education non-profit Code.org (which provides free coding lessons to schools). Its FAQ describes the December event for K-12 students as "a worldwide effort to celebrate computer science, starting with 1-hour coding activities," and over 100 million schoolkids have participated over the years. This year's theme will be "Creativity With AI," and the "computer vision" lesson includes a short video (less than 7 minutes) featuring a Tesla Autopilot product manager from its computer vision team. "I build self-driving cars," they say in the video. "Any place where there can be resources used more efficiently I think is a place where technology can play a role. But of course one of the best, impactful ways of AI, I hope, is through self-driving cars." (The video then goes on to explain how lots of training data ultimately generates a statistical model, "which is just a fancy way of saying, a guessing machine.") The 7-minute video is part of a larger lesson plan (with a total estimated time of 45 minutes) in which students tackle a fun story problem. If a sports arena's scoreboard is showing digital numbers, what series of patterns would a machine-vision system have to recognize to identify each digit. (Students are asked to collaborate in groups.) And it's just one of seven 45-minute lessons, each one accompanied by a short video. (The longest video is 7 minutes and 28 seconds, and all seven videos, if watched back-to-back, would run for about 31 minutes.) Not all the lessons involve actual coding, but the goal seems to be familiarizing students (starting at the 6th grade level) with artificial intelligence of today, and the issues it raises. The second-to-last lesson is titled "Algorithmic Bias" - with a video including interviews with an ethicist at Open AI and professor focused on AI from both MIT and Stanford. And the last lesson - "Our AI Code of Ethics" - challenges students to assemble documents and videos on AI-related "ethical pitfalls," and then pool their discoveries into an educational resource "for AI creators and legislators everywhere." This year's installment is being billed as "the largest learning event in history." And it's scheduled for the week of December 4 so it coincides with "Computer Science Education Week" (a CS-education event launched in 2009 by the Association for Computing Machinery, with help from partners including Intel, Microsoft, Google, and the National Science Foundation).Read more of this story at Slashdot.
The senior security editor at Ars Technica writes:Highly invasive malware targeting software developers is once again circulating in Trojanized code libraries, with the latest ones downloaded thousands of times in the last eight months, researchers said Wednesday. Since January, eight separate developer tools have contained hidden payloads with various nefarious capabilities, security firm Checkmarx reported. The most recent one was released last month under the name "pyobfgood." Like the seven packages that preceded it, pyobfgood posed as a legitimate obfuscation tool that developers could use to deter reverse engineering and tampering with their code. Once executed, it installed a payload, giving the attacker almost complete control of the developera(TM)s machine. Capabilities include: - Exfiltrate detailed host information- Steal passwords from the Chrome web browser- Set up a keylogger- Download files from the victim's system- Capture screenshots and record both screen and audio- Render the computer inoperative by ramping up CPU usage, inserting a batch script in the startup directory to shut down the PC, or forcing a BSOD error with a Python script- Encrypt files, potentially for ransom- Deactivate Windows Defender and Task Manager- Execute any command on the compromised host In all, pyobfgood and the previous seven tools were installed 2,348 times. They targeted developers using the Python programming language... Downloads of the package came primarily from the US (62%), followed by China (12%) and Russia (6%) Ars Technica concludes that "The never-ending stream of attacks should serve as a cautionary tale underscoring the importance of carefully scrutinizing a package before allowing it to run."Read more of this story at Slashdot.
This week the Verge's podcast Decoder interviewed former U.S. president Barack Obama for a discussion on "AI, free speech, and the future of the internet." Obama warns that future copyright questions are just part of a larger issue. "If AI turns out to be as pervasive and as powerful as it's proponents expect - and I have to say the more I look into it, I think it is going to be that disruptive - we are going to have to think about not just intellectual property; we are going to have to think about jobs and the economy differently." Specific issues may include the length of the work week and the fact that health insurance coverage is currently tied to employment - but it goes far beyond that:The broader question is going to be what happens when 10% of existing jobs now definitively can be done by some large language model or other variant of AI? And are we going to have to reexamine how we educate our kids and what jobs are going to be available...? The truth of the matter is that during my presidency, there was I think a little bit of naivete, where people would say, you know, "The answer to lifting people out of poverty and making sure they have high enough wages is we're going to retrain them and we're going to educate them, and they should all become coders, because that's the future." Well, if AI's coding better than all but the very best coders? If ChatGPT can generate a research memo better than the third-, fourth-year associate - maybe not the partner, who's got a particular expertise or judgment? - now what are you telling young people coming up? While Obama believes in the transformative potential of AI, "we have to be maybe a little more intentional about how our democracies interact with what is primarily being generated out of the private sector. What rules of the road are we setting up, and how can we make sure that we maximize the good and maybe minimize some of the bad?" AI's impact will be a global problem, Obama believes, which may require "cross-border frameworks and standards and norms". (He expressed a hope that governments can educate the public on the idea that AI is "a tool, not a buddy".) During the 44-minute interview Obama predicted AI will ultimately force a "much more robust" public conversation about rules needed for social media - and that at least some of that pressure could come from how consumers interact with companies. (Obama also argues there will still be a market for products that don't just show you what you want to see.) "One of Obama's worries is that the government needs insight and expertise to properly regulate AI," writes the Verge's editor-in-chief in an article about the interview, "and you'll hear him make a pitch for why people with that expertise should take a tour of duty in the government to make sure we get these things right."You'll hear me get excited about a case called Red Lion Broadcasting v. FCC, a 1969 Supreme Court decision that said the government could impose something called the Fairness Doctrine on radio and television broadcasters because the public owns the airwaves and can thus impose requirements on how they're used. There's no similar framework for cable TV or the internet, which don't use public airwaves, and that makes them much harder, if not impossible, to regulate. Obama says he disagrees with the idea that social networks are something called "common carriers" that have to distribute all information equally. Obama also applauded last month's newly-issued Executive Order from the White House, a hundred-page document which Obama calls important as "the beginning of building out a framework."We don't know all the problems that are going to arise out of this. We don't know all the promising potential of AI, but we're starting to put together the foundations for what we hope will be a smart framework for dealing with it... In talking to the companies themselves, they will acknowledge that their safety protocols and their testing regimens may not be where they need to be yet. I think it's entirely appropriate for us to plant a flag and say, "All right, frontier companies, you need to disclose what your safety protocols are to make sure that we don't have rogue programs going off and hacking into our financial system," for example. Tell us what tests you're using. Make sure that we have some independent verification that right now this stuff is working. But that framework can't be a fixed framework. These models are developing so quickly that oversight and any regulatory framework is going to have to be flexible, and it's going to have to be nimble.Read more of this story at Slashdot.
An anonymous reader shared this report from security research Brian Krebs:In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account... The homepage said I needed to provide a Social Security number and mobile phone number, and that I'd soon receive a link that I should click to verify myself. The site claims that the phone number you provide will be used to help validate your identity. But it appears you could supply any phone number in the United States at this stage in the process, and Experian's website would not balk. One user said they recreated their account this week - even though the phone number they'd input was a random number. "The only difference: it asked me FIVE questions about my personal history (last time it only asked three) before proclaiming, 'Welcome back, Pete!,' and granting full access," @PeteMayo wrote. "I feel silly saving my password for Experian; may as well just make a new account every time." And Krebs points out that "Regardless, users can simply skip this step by selecting the option to 'Continue another way.'"Experian then asks for your full name, address, date of birth, Social Security number, email address and chosen password. After that, they require you to successfully answer between three to five multiple-choice security questions whose answers are very often based on public records. When I recreated my account this week, only two of the five questions pertained to my real information, and both of those questions concerned street addresses we've previously lived at - information that is just a Google search away... Experian will send a message to the old email address tied to the account, saying certain aspects of the user profile have changed. But this message isn't a request seeking verification: It's just a notification from Experian that the account's user data has changed, and the original user is offered zero recourse here other than to a click a link to log in at Experian.com. And of course, a user who receives one of these notices will find that the credentials to their Experian account no longer work. Nor do their PIN or account recovery question, because those have been changed also. Your only option at this point is recreate your account at Experian and steal it back from the ID thieves! Experian's security measures "are constantly evolving," insisted Experian spokesperson Scott Anderson - though Krebs remains unsatisfied.Anderson said all consumers have the option to activate a multi-factor authentication method that's requested each time they log in to their account. But what good is multi-factor authentication if someone can simply recreate your account with a new phone number and email address?Read more of this story at Slashdot.
In Chrome, JavaScript (and WebAssembly) code are both executed by Google's open source V8 engine - which already has garbage-collecting capabilities. "This means developers making use of, for example, PHP compiled to Wasm, end up shipping a garbage collector implementation of the ported language (PHP) to the browser that already has a garbage collector," writes Google developer advocate Thomas Steiner, "which is as wasteful as it sounds." "This is where WasmGC comes in."WebAssembly Garbage Collection (or WasmGC) is a proposal of the WebAssembly Community Group [which] adds struct and array heap types, which means support for non-linear memory allocation... In simplified terms, this means that with WasmGC, porting a programming language to WebAssembly means the programming language's garbage collector no longer needs to be part of the port, but instead the existing garbage collector can be used. Sometime on Halloween, Steiner wrote that in Chrome, WebAssembly garbage collection is now enabled by default. But then he explored what this means for high-level programming languages (with their own built-in garbage collection) being compiled into WebAssembly:To verify the real-world impact of this improvement, Chrome's Wasm team has compiled versions of the Fannkuch benchmark (which allocates data structures as it works) from C, Rust, and Java. The C and Rust binaries could be anywhere from 6.1 K to 9.6 K depending on the various compiler flags, while the Java version is much smaller at only 2.3 K! C and Rust do not include a garbage collector, but they do still bundle malloc/free to manage memory, and the reason Java is smaller here is because it doesn't need to bundle any memory management code at all. This is just one specific example, but it shows that WasmGC binaries have the potential of being very small, and this is even before any significant work on optimizing for size. The blog post includes two examples of WasmGC-ported programming languages in action:"One of the first programming languages that has been ported to Wasm thanks to WasmGC is Kotlin in the form of Kotlin/Wasm.""The Dart and Flutter teams at Google are also preparing support for WasmGC. The Dart-to-Wasm compilation work is almost complete, and the team is working on tooling support for delivering Flutter web applications compiled to WebAssembly."Read more of this story at Slashdot.
This week GitHub announced the approaching general availability of the GPT-4-powered GitHub Copilot Chat in December "as part of your existing GitHub Copilot subscription" (and "available at no cost to verified teachers, students, and maintainers of popular open source projects.") And this "code-aware guidance and code generation" will also be integrated directly into github.com, "so developers can dig into code, pull requests, documentation, and general coding questions with Copilot Chat providing suggestions, summaries, analysis, and answers." With GitHub Copilot Chat we're enabling the rise of natural language as the new universal programming language for every developer on the planet. Whether it's finding an error, writing unit tests, or helping debug code, Copilot Chat is your AI companion through it all, allowing you to write and understand code using whatever language you speak... Copilot Chat uses your code as context, and is able to explain complex concepts, suggest code based on your open files and windows, help detect security vulnerabilities, and help with finding and fixing errors in code, terminal, and debugger... With the new inline Copilot Chat, developers can chat about specific lines of code, directly within the flow of their code and editor. InfoWorld notes it will chat in "whatever language a developer speaks." (And that Copilot Chat will also be available in GitHub's mobile app.) But why wait until December? GitHub's blog post says that Copilot Chat "will come to the JetBrains suite of IDEs, available in preview today." GitHub also plans to introduce "slash commands and context variables" for GitHub Copilot, "so fixing or improving code is as simple as entering /fix and generating tests now starts with /tests." "With Copilot in the code editor, in the CLI, and now Copilot Chat on github.com and in our mobile app, we are making Copilot ubiquitous throughout the software development lifecycle and always available in all of GitHub's surface areas..." CNBC adds that "Microsoft-owned GitHub" also plans to introduce "a more expensive Copilot assistant" in February "for developers inside companies that can explain and provide recommendations about internal source code." Wednesday's blog post announcing these updates was written by GitHub's CEO, who seemed to be predicting an evolutionary leap into a new future. "Just as GitHub was founded on Git, today we are re-founded on Copilot." He promised they'd built on their vision of a future "where AI infuses every step of the developer lifecycle."Open source and Git have fundamentally transformed how we build software. It is now evident that AI is ushering in the same sweeping change, and at an exponential pace... We are certain this foundational transformation of the GitHub platform, and categorically new way of software development, is necessary in a world dependent on software. Every day, the world's developers balance an unsustainable demand to both modernize the legacy code of yesterday and build our digital tomorrow. It is our guiding conviction to make it easier for developers to do it all, from the creative spark to the commit, pull request, code review, and deploy - and to do it all with GitHub Copilot deeply integrated into the developer experience. And if you're worried about the security of AI-generated code...Today, GitHub Copilot applies an LLM-based vulnerability prevention system that blocks insecure coding patterns in real-time to make GitHub Copilot's suggestions more secure. Our model targets the most common vulnerable coding patterns, including hardcoded credentials, SQL injections, and path injections. GitHub Copilot Chat can also help identify security vulnerabilities in the IDE, explain the mechanics of a vulnerability with its natural language capabilities, and suggest a specific fix for the highlighted code. But for Enterprise accounts paying for GitHub Advanced Security, there's also an upgrade coming: "new AI-powered application security testing features designed to detect and remediate vulnerabilities and secrets in your code." (It's already available in preview mode.) GitHub even announced plans for a new AI assistant in 2024 that generates a step-by-step plan for responding to GitHub issues. (GitHub describes it as "like a pair programming session with a partner that knows about every inch of the project, and can follow your lead to make repository-wide changes from the issue to the pull request with the power of AI.") CNBC notes that AI-powered coding assistants "are still nascent, though, with less than 10% enterprise adoption, according to Gartner, a technology industry research firm." But last month Microsoft CEO Satya Nadella told analysts GitHub Copilot already had one million paying users... And GitHub's blog post concludes, "And we're just getting started."Read more of this story at Slashdot.
"Dealers don't want to change the model. They want to be the gatekeepers." That's according to Daniel Crane, a law professor at the University of Michigan who studies the laws and economics of car dealerships. He's quoted in a Washington Post article warning that "Electric vehicles are hitting a road block: Car dealers." Former Chevy salesman Buzz Smith tells the Post that it can take longer to sell electric cars (with multiple visits and questions about their technology and chargers) - in effect reducing what a salesman earns per hour. But more to the point, "he believes the pay structure of auto salespeople isn't a good fit for the EV era."Electric cars have narrower profit margins, he said, which cuts into the commission a dealer can get. And if a customer returns to the dealership multiple times, salespeople may have to split the commission, again cutting into their take-home pay. At the same time, car dealerships make most of their overall profits from providing service for vehicles - not selling new cars. According to an analysis from the U.S. Bureau of Labor Statistics, just 16 percent of dealers' gross profits came from new car sales, while 43 percent came from parts, labor and service. (The rest of the profits come from used car sales and financing and incentives...) That could also discourage dealers from selling EVs. Gas cars have 100 times more moving parts than electric vehicles do, and studies show that EVs have lower maintenance costs. An average gas-powered car, for example, needs an oil change about every six months, or every 5,000 to 7,500 miles. But many electric cars don't require a major service until around 150,000 miles. "They're all terrified of that loss of maintenance," Smith said. The Post reports one woman's complain that after buying an electric car, her salesperson "offered her a plan for oil changes and an extended warranty for a gas-powered car." But is there something bigger going on? Since the 1950s dozens of states passed laws protecting auto dealerships, and many of those laws prevent manufacturers from selling directly to consumers. The Post notes that now "many automakers have to sell their vehicles through one of the country's more than 16,000 franchised auto dealerships. And those salespeople often don't have extensive training on how to sell an EV or even on the technology itself."Frustrated customers told The Washington Post that dealers tried to redirect their attention toward gas cars, or gave incorrect or unclear answers to questions about charging and day-to-day electric vehicle use... Then there is the maze of federal and state tax incentives that can help drivers afford a new or used EV - but only if the dealer and the consumer can understand how they work. Some dealers, however, don't seem to want to offer electric cars: According to a survey that the Sierra Club conducted at the end of 2022, 66 percent of dealerships did not have an EV available for sale. That was at the height of EV supply chain problems, but 45 percent of those dealers - or 30 percent of all dealers surveyed - said they wouldn't offer an EV even if they could. Amid concern over an EV slowdown, electric cars are sitting longer on dealerships' lots than gas-powered cars. According to data from Cox Automotive, dealerships started the year with a roughly 50 days' supply of gas cars and electric cars. Now the supply of gas cars is around the same, but the supply of EVs has doubled.Read more of this story at Slashdot.
A a report from TechSpot says AMD has recently increased its market share in the CPU sector for desktops, laptops, and servers:According to Mercury Research (via Tom's Hardware), AMD gained 5.8% unit share in desktops, 3.8% in laptops, and 5.8% in servers. In terms of revenue share, Team Red gained 4.1% in desktops, 5.1% in laptops, and 1.7% in servers. The report does not mention competitors by name, but the global PC industry only has one other major CPU supplier, Intel, which has a major stake in all the market segments. While Intel and AMD make x86 processors for PCs, Qualcomm offers Arm-based SoCs for Windows notebooks, but its market share is minuscule by comparison. So, while the report doesn't say anything about the market share of Intel or Qualcomm, it is fair to assume that most of AMD's gains came at Intel's expense. Thanks to Slashdot reader jjslash for sharing the news.Read more of this story at Slashdot.
From AaronSwartzDay.com:Aaron Swartz Day was founded, in 2013, after the death of Aaron Swartz, with these combined goals: To draw attention to what happened to Aaron, in the hopes of stopping it from happening to anyone else. - This includes clarifying that, although Aaron was a hacker, he didn't hack MIT. To provide a yearly showcase of many of the projects that were started by Aaron before his death. - SecureDrop - Open Library To provide a yearly showcase of new projects that were directly inspired by Aaron and his work. A few Aaron-inspired examples from this year's event include:- The Pursuance Project (by Barrett Brown & Steve Phillips) - Open Archive (by Natalie Cadranel)- Jason Leopold's Freedom of Information Act Request (FOIA) activism (article from 2013) Happening right now is a livestream from 11 a.m. to 6:30 p.m. PST of "intimate virtual talks," including a special presentation by members of Brazil's Aaron Swartz Institute starting in just a few minutes. You can also playback video for talks that happened earlier today. Other speakers include: Scifi novelist/technology activist Cory Doctorow (11 a.m.)Signal user support engineer/project manager Riya Abraham (11:30 a.m.)EFF executive director Cindy Cohn (12)EFF Certbot director of engineering Alexis Hancock (12:20)Internet Archive's Brewster Kahle (12:40)Anaconda CEO Peter Wang (1)The Freedom of the Press Foundation's Kevin O'Gorman (speaking on SecureDrop at 1:30)Read more of this story at Slashdot.
With 1.4 billion people, India is the second most-populous country in the world. But a new article in the Washington Post alleges that India has "set a global standard for online censorship."For years, a committee of executives from U.S. technology companies and Indian officials convened every two weeks in a government office to negotiate what could - and could not - be said on Twitter, Facebook and YouTube. At the "69A meetings," as the secretive gatherings were informally called, officials from India's information, technology, security and intelligence agencies presented social media posts they wanted removed, citing threats to India's sovereignty and national security, executives and officials who were present recalled. The tech representatives sometimes pushed back in the name of free speech... But two years ago, these interactions took a fateful turn. Where officials had once asked for a handful of tweets to be removed at each meeting, they now insisted that entire accounts be taken down, and numbers were running in the hundreds. Executives who refused the government's demands could now be jailed, their companies expelled from the Indian market. New regulations had been adopted that year to hold tech employees in India criminally liable for failing to comply with takedown requests, a provision that executives referred to as a "hostage provision." After authorities dispatched anti-terrorism police to Twitter's New Delhi office, Twitter whisked its top India executive out of the country, fearing his arrest, former company employees recounted. Indian officials say they have accomplished something long overdue: strengthening national laws to bring disobedient foreign companies to heel... Digital and human rights advocates warn that India has perfected the use of regulations to stifle online dissent and already inspired governments in countries as varied as Nigeria and Myanmar to craft similar legal frameworks, at times with near-identical language. India's success in taming internet companies has set off "regulatory contagion" across the world, according to Prateek Waghre, a policy director at India's Internet Freedom Foundation... Despite the huge size of China's market, companies like Twitter and Facebook were forced to steer clear of the country because Beijing's rules would have required them to spy on users. That left India as the largest potential growth market. Silicon Valley companies were already committed to doing business in India before the government began to tighten its regulations, and today say they have little choice but to obey if they want to remain there. The Post spoke to Rajeev Chandrasekhar, the deputy technology minister in the BJP government who oversees many of the new regulations, who argued "The shift was really simple: We've defined the laws, defined the rules, and we have said there is zero tolerance to any noncompliance with the Indian law... "You don't like the law? Don't operate in India," Chandrasekhar added. "There is very little wiggle room."Read more of this story at Slashdot.
The longest actor's strike in Hollywood history ended with "groundbreaking" protections against the use of AI, reports CNN:Studios will have to provide informed consent for the creation of any kind of digital replica of a performer or background actor, with a specific description of the intended use, the union officials said. Compensation for the replica will vary. Notably, the contract also protects background performers from any use of their digital replica without their consent, SAG leadership said. [Even after they are deceased.] Negotiations over using AI to create synthetic performers continued down to the wire. Union leadership said studios will have to gain consent for any actors whose facial features are used for the AI performer, the studios have to inform actors they're using AI, and the union can bargain over compensation for those affected by it. The separate deal signed in September with the writer's guild "also includes assurances that AI cannot write or rewrite literary material," the article adds, "and will require AI-generated materials to be disclosed to writers." Now the president of the actor's union tells the Hollywood Reporter, "We got everything we wanted with the AI protections, which was key. Plus we're going to be meeting with the AMPTP [the entertainment industry's bargaining unit] twice a year to make sure that our finger remains on the pulse of the progress, and also to align ourselves on the same side with regard to federal regulations and protections against piracy." And the union president underscored the importance of AI-related protections to Rolling Stone""If we didn't get that package, then what are we doing? We're not really able to protect our members in the way that they needed to be protected... If we didn't get those barricades, what would it be in three years...?" In the union's initial announcement of the tentative deal on Wednesday, SAG-AFTRA promised it had secured a contract "of extraordinary scope" valued at more than $1 billion and "unprecedented provisions for consent and compensation that will protect members from the threat of AI."Read more of this story at Slashdot.
A new book argues lockdowns during the pandemic were "a failure." But in response CNN published an opinion piece disagreeing - written by physician/infectious disease expert Kent Sepkowitz from the Memorial Sloan Kettering Cancer Center in New York - who argues "You bet it was worth it."[Authors Joe Nocera and Bethany McLean] consider the lockdown a single activity stretched across the entire pandemic; in contrast, I would distinguish the initial lockdown, which was crucial, from the off-and-on lockdowns as therapies, vaccines and overall care improved. There is an argument to be made that these were not anywhere near as effective... One only had to work in health care in New York City to see the difference between early 2020, when the explosion of cases overwhelmed the city, versus later in 2020 when an effective therapy had been identified, supplies and diagnostic testing had been greatly improved (though still completely inadequate) and the makeshift ICUs and emergency rooms had been set in place. It was still a nightmare to be sure, but it was a vastly more organized nightmare. The "short-term benefits" at the start of the pandemic are simple to characterize: Every infection that was delayed due to the lockdowns was a day to the good, a day closer to the release of the mRNA vaccines in December 2020, a less-hectic day for the health care workers, a day for clinical trials to mature. Therefore, the authors' statement that lockdowns "were a mistake that should not be repeated" because they had no "purpose other than keeping hospitals from being overrun in the short-term" is to me a fundamental misunderstanding of the day-to-day work that was being done. Most disturbing to me about this assessment and the others that have come along are the minimal mention of the death and debility the infection caused. A reminder for those who have forgotten just how brutal the pandemic was: Worldwide there have been 7 million deaths. In the U.S., there have been more than a million deaths, millions have some post-infection debility and many health care workers remain profoundly demoralized. [By these figures the U.S., with 4.2% of the world's population, had 14% of Covid fatalities.] In this context, many of the outcomes of concern listed by Nocera and McLean - suicidal thoughts in teens, alcoholism and drug use increases, violence - are as easily explained by this staggering death toll as by the cabin fever brought on by lockdowns. Once again: About 1 out of every 350 Americans died in the Covid-19 pandemic. Another way to consider the impact of so many deaths is examination of life expectancy. Of note, life expectancy in the U.S. fell in 2020 (1.8 years) and 2021 (0.6 years), the sharpest drop since the 1920s; per the US Centers for Disease Control and Prevention, 74% of the drop was attributed to Covid-19... To fall more than two years so precipitously requires the deaths of many in their 30s and 40s and 50s, as occurred with the first year of the pandemic.Read more of this story at Slashdot.
Slashdot reader sciencehabit writes:The Scottish wildcat--a fierce, solitary feline with striking stripes and a legendary reputation in Scotland--may be extinct, due to breeding with domestic cats. Domestic cats and European wildcats (a species to which the Scottish wildcat belongs) shared Europe for more than 2000 years without interbreeding, according to a new study. But around 70 years ago, something changed. In the mid-1950s, more than 5% of the genetic markers in Scottish wildcats began to resemble those of domestic cats, according to a second new study. After 1997, that figure jumped to as high as 74%. In the wild, the markings of the Scottish wildcat became muddled and spotted, its short, bushy tail replaced by the long, thin tail of domestic cats. Today, the genome of the Scottish wildcat is so "swamped" with domestic cat DNA that the animal is "genomically extinct," the authors conclude. All that's left in nature is a "hybrid swarm," they write, a confused mix of wild and domestic DNA. "Everything these wildcats have evolved over thousands of years is being lost in a few generations," says the study's lead author, Jo Howard-McCombe, a conservation geneticist at the Royal Zoological Society of Scotland. The reason appears to be a shrinking wildcat population in Scotland-the last stronghold of the European wildcat in Britain-and human encroachment, both of which forced the wildcats to breed with domestic cats. The only hope may lie in a captive population of Scottish wildcats, which researchers have begun releasing into the wild, far from domestic felines. The team hopes that as the animals adapt to their environment over several generations, they'll begin to shed their domestic DNA. It may be an uphill battle, but the project's lead, Helen Senn, says, "We've got to start somewhere."Read more of this story at Slashdot.
Wednesday five of the U.S. Republican candidates for president gathered for their third debate in Miami - where they again urged the banning of TikTok in America: Moderator: Last week congressman Mike Gallagher, who is chairman of the House bipartisan select committee on the Chinese Community party, published a long essay on TikTok... [H]e called the app "predatory... controlled by America's preeminent adversary," used to push propaganda and divide America. It's "spyware," he said - a means of surveillance. Governor Christie, do you agree with chairman Gallgaher, and if so would you ban or force the sale of TikTok. Chris Christie: I agree 100% with chairman Gallagher, and let me say this. TikTok is not only spyware. it is polluting the minds of American young people, all throughout this country. And they're doing it intentionally... This is China trying to further divide the United States of America... In my first week as president, we would ban TikTok. They want to go ahead and sell it, let 'em go ahead and sell it. But I'll tell you another reason we would do it. Facebook's not in China. X is not in China. They're not permitting a free flow of information to the Chinese people from our social media companies. Yet we just open the door and let them do what they're doing. TikTok should be banned because they are poisoning American minds, and I would do it Week One... [Applause from audience.] Ron DeSantis: [DeSantis began by saying he would also ban TikTok.] I think that China's the top threat we face. They've been very effective at infiltrating different parts of our society... And as the dad of a 6-, 5-, and a 3-year-old, I'm concerned about the data that they're getting from our young people, and what they're doing to pollute the minds of our young people... Their role in our culture? If we ignore that, we're not going to be able to win the fight... Vivek Ramaswamy: In the last debate [Nikki Haley] made fun of me for joining TikTok? Well her own daughter was actually using the app for a long time, so you might want to take care of your family first... [Audience boos] Nikki Haley: Leave my daughter out of your voice. Vivek Ramaswamy: The next generation of Americans are using it, and that's actually the point... Here's the truth. The easy answer is actually to say that we're just going to ban one app. We gotta go further. We have to ban any U.S. company actually transferring U.S. data to the Chinese. Here's a story most people don't know. Airbnb hands over U.S. user data to the CCP. Now that's a U.S.-owned company... Even U.S. companies in Silicon Valley are regularly doing it... Tim Scott: What we should do is ban TikTok, period... If you cannot ban TikTok, you should eliminate the Chinese presence on the app. Period. In the previous debate Nikki Haley made her own position clear. "We can't have TikTok in our kids' lives. We need to ban it."Read more of this story at Slashdot.
"Scientists have discovered the oldest black hole yet," reports the CBC, calling it "a cosmic beast formed a mere 470 million years after the Big Bang." "The findings, published Monday, confirm what until now were theories that supermassive black holes existed at the dawn of the universe..."Given the universe is 13.7 billion years old, that puts the age of this black hole at 13.2 billion years. Even more astounding to scientists, this black hole is a whopper - 10 times bigger than the black hole in our own Milky Way. It's believed to weigh anywhere from 10 to 100 per cent the mass of all the stars in its galaxy, said lead author Akos Bogdan of the Harvard-Smithsonian Center for Astrophysics. That is nowhere near the miniscule ratio of the black holes in our Milky Way and other nearby galaxies - an estimated 0.1 per cent, he noted. "It's just really early on in the universe to be such a behemoth," said Yale University's Priyamvada Natarajan, who took part in the study published in the journal Nature Astronomy. A companion article appeared in the Astrophysical Journal Letters... The researchers believe the black hole formed from colossal clouds of gas that collapsed in a galaxy next door to one with stars. The two galaxies merged, and the black hole took over. The researchers combined data from NASA's Chandra X-ray Observatory and NASA's James Webb Space Telescope, reports NASA:"We needed Webb to find this remarkably distant galaxy and Chandra to find its supermassive black hole," said Akos Bogdan of the Center for Astrophysics/Harvard & Smithsonian who leads a new paper in the journal Nature Astronomy describing these results. "We also took advantage of a cosmic magnifying glass that boosted the amount of light we detected." This magnifying effect is known as gravitational lensing... This discovery is important for understanding how some supermassive black holes can reach colossal masses soon after the big bang. Do they form directly from the collapse of massive clouds of gas, creating black holes weighing between about 10,000 and 100,000 Suns? Or do they come from explosions of the first stars that create black holes weighing only between about 10 and 100 Suns...? Bogdan's team has found strong evidence that the newly discovered black hole was born massive... The large mass of the black hole at a young age, plus the amount of X-rays it produces and the brightness of the galaxy detected by Webb, all agree with theoretical predictions in 2017 by co-author Priyamvada Natarajan of Yale University for an "Outsize Black Hole" that directly formed from the collapse of a huge cloud of gas. "We think that this is the first detection of an 'Outsize Black Hole' and the best evidence yet obtained that some black holes form from massive clouds of gas," said Natarajan. "For the first time we are seeing a brief stage where a supermassive black hole weighs about as much as the stars in its galaxy, before it falls behind." The researchers plan to use this and other results pouring in from Webb and those combining data from other telescopes to fill out a larger picture of the early universe.Read more of this story at Slashdot.
An anonymous reader quotes a report from The Record: One of the nation's largest private radiology companies agreed to pay a $450,000 fine after a 2021 ransomware attack led to the exposure of sensitive information from nearly 200,000 patients. In an agreement announced on Wednesday, New York Attorney General Letitia James said US Radiology failed to remediate a vulnerability announced by security company SonicWall in January 2021. US Radiology used the company's firewall to protect its network and provide managed services for many of its partner companies, including the Windsong Radiology Group, which has six facilities across Western New York. The vulnerability highlighted by the attorney general -- CVE-2021-20016 -- was used by ransomware gangs in several attacks. US Radiology was unable to install the firmware patch for the zero-day because its SonicWall hardware was at an end-of-life stage and was no longer supported. The company planned to replace the hardware in July 2021, but the project was delayed "due to competing priorities and resource restraints." The vulnerability was never addressed, and the company was attacked by an unnamed ransomware gang on December 8, 2021. An investigation determined that the hacker was able to gain access to files that included the names, dates of birth, patient IDs, dates of service, provider names, types of radiology exams, diagnoses and/or health insurance ID numbers of 198,260 patients. The data exposed during the incident also included driver's license numbers, passport numbers, and Social Security numbers for 82,478 New Yorkers. [...] In addition to the $450,000 penalty, the company will have to upgrade its IT network, hire someone to manage its data security program, encrypt all sensitive patient information and develop a penetration testing program. The company will have to delete patient data "when there is no reasonable business purpose to retain it" and submit compliance reports to the state for two years. "When patients visit a medical facility, they deserve confidence in knowing that their personal information will not be compromised when they are receiving care," said Attorney General James. "US Radiology failed to protect New Yorkers' data and was vulnerable to attack because of outdated equipment. In the face of increasing cyberattacks and more sophisticated scams to steal private data, I urge all companies to make necessary upgrades and security fixes to their computer hardware and systems."Read more of this story at Slashdot.
Alison Snyder reports via Axios: For more than 15 years, scientists have worked to build a complex cell with an entire genome built from scratch. This week they announced a major milestone: They've created synthetic versions of the 16 chromosomes in a yeast cell and successfully combined some of them in one cell. The feat is revealing new information about fundamental processes in cells, and it is a key step toward some scientists' vision of creating programmable cellular factories to produce biofuels, materials, medicines and other products. The changes researchers made to yeast chromosomes fall into three main categories: increasing stability of the genome, repurposing codons (genetic sequences that carry instructions for reading DNA or RNA) and introducing a system that allows scientists to make millions of cells, each with different genetic properties. "A big problem is a lot of the things you want to make are actually toxic to the cells," [says Benjamin Blount, a synthetic biologist at the University of Nottingham in the U.K. and co-author of some of the scientific papers in a series published this week in Cell and Cell Genomics detailing the work]. With the system that reshuffles the genome and effectively mimics evolution, scientists can make many variants of yeast and pick the ones "that are really good at growing in the presence of what you're trying to make." Then, they're able to look at what's happened to their genomes to enable that particular strain to grow and make the desired product, and use that genetic information to develop strains of yeast suited for an industrial process. The chromosomes still have to be combined in one cell that can survive, which means they have to be "basically indiscernible" from natural chromosomes in terms of the cell's fitness, Blount says. That required a lot of debugging of the genome, similar to what's done for computer code. One team was able to combine multiple chromosomes in one cell and it survived and reproduced, demonstrating a mechanism for bringing them together. Building the genomes -- and seeing when the cell doesn't work as expected as the result of one change or another -- has revealed fundamental information about genome biology, Blount says. For example, the team identified sequences in genes that interrupted a key process in the cell and led to mitochondria dysfunction, which is involved in some human diseases.Read more of this story at Slashdot.
Long-time Slashdot reader HanzoSpam shares a report from Ars Technica: Frank Borman, an Air Force test pilot, astronaut, and accomplished businessman who led the first crew to fly to the Moon in 1968, died Tuesday in Montana, NASA said Thursday. He was 95 years old. Borman, joined by crewmates Jim Lovell and Bill Anders, orbited the Moon 10 times over the course of about 20 hours. They were the first people to see the Earth from another world, a memory of "wonderment" Borman recalled decades later. Apollo 8 produced one of the most famous photos ever taken, the iconic "Earthrise" showing a blue orb -- the setting for all of human history until then -- suspended in the blackness of space over the charcoal gray of the Moon's cratered surface. Borman was born in Gary, Indiana, on March 14, 1928, and raised in Tucson, Arizona. He learned to fly airplanes as a teenager, then attended the US Military Academy at West Point before earning his commission in the Air Force to start training as a fighter pilot. Following a similar career path as other early astronauts, Borman became an experimental test pilot, receiving a master's degree in aeronautical engineering from Caltech, and served a stint as an assistant professor at West Point. NASA accepted applications for a second class of astronauts in 1962 to follow the original Mercury Seven. Borman was one of the "New Nine" astronauts, and he reported for training in Houston. "Today we remember one of NASA's best," NASA Administrator Bill Nelson said in a statement. "Astronaut Frank Borman was a true American hero. Among his many accomplishments, he served as the commander of the Apollo 8 mission, humanity's first mission around the Moon in 1968."Read more of this story at Slashdot.
An anonymous reader quotes a report from Scientific American: This week doctors announced they had completed the first successful transplant of a partial face and an entire eye. In May at NYU Langone Health in New York City, the surgery was performed on a 46-year-old man who had suffered severe electrical burns to his face, left eye and left arm. He does not yet have vision in the transplanted eye and may never regain it there, but early evidence suggests the eye itself is healthy and may be capable of transmitting neurological signals to the brain. The feat opens up the possibility of restoring the appearance -- and maybe even sight -- of people who have been disfigured or blinded by injuries. Researchers caution there are many technical hurdles before such a procedure can effectively treat vision loss, however. "I think it's an important proof of principle," says Jeffrey Goldberg, a professor and chair of ophthalmology at the Byers Eye Institute at Stanford University, who was not involved in the surgery but has been part of a team working toward whole-eye transplants in humans. "I think it points to the opportunity and importance that we really stand on the verge of being able to [achieve] eye transplants and vision restoration for blind patients more broadly."But he cautions that the main obstacle is achieving regeneration of the optic nerve, which carries visual signals from the retina to the brain; this step has not yet been successfully demonstrated in humans. Scientists have been working toward whole-eye transplantation for many years. "This has been, I would say, science fiction for a long time," says Jose-Alain Sahel, a professor and chair of the department of ophthalmology at the University of Pittsburgh School of Medicine, who has been working toward such transplants with Goldberg and others. Progress in surgical techniques and nerve regeneration have made this goal seem more attainable. [...] "The fact that this surgery was successful is wonderful news," Sahel says. He cautions that surgery is only a small part of the issues that need to be addressed in order to restore eye function, however. These include making sure the immune system doesn't reject the donor eye, which is a challenge with any type of transplant. Then the corneal nerve -- which carries sensory signals from the transparent part of the eye -- must be reconnected. Yet the most complex part is regenerating the optic nerve. In order to do so, surgeons have to coax the nerve fibers to grow to the right place, which Sahel says could take months or even years. And complete optic nerve regeneration has not yet been successfully achieved in humans or other mammals.Read more of this story at Slashdot.
According to Nikkei Asia (paywalled), Indonesia has officially launched Southeast Asia's largest floating solar plant. It covers an area of over 250 hectares (2.5 km^2) and should be able to produce enough renewable energy to power 50,000 homes. Interesting Engineering reports: "Today is a historical day because our big dream of building a large-scale renewable energy plant is finally achieved. We managed to build the largest floating solar plant in Southeast Asia, and the third biggest in the world," Widodo is reported to have said at the opening ceremony. "The Cirata floating solar panel is the largest floating solar panel in Southeast Asia, and also the third largest in the world," he added. China's PowerChina Huadong Engineering Corporation Limited constructed the power plant with Indonesia's state electricity corporation PLN and the United Arab Emirates energy company Masdar. The project had an investment of $145 million. More than 340,000 solar panels cover the reservoir surface, generating 192 MW of electricity annually, complementing existing hydropower at the site. The project had experienced significant delays before construction finally commenced in December 2020. [...] PLN and Masdar are discussing plans to expand the facility and increase its power generation capacity to 500 MW. The plant occupies only 4% of the dam's reservoir surface, and according to the Indonesian government, solar panels can occupy up to 20% of the surface of a lake or dam, making it an efficient use of space.Read more of this story at Slashdot.
schwit1 shares a report from CNBC: Apple will pay $25 million in back pay and civil penalties to settle a matter over the company's hiring practices under the Immigration and Nationality Act, the Department of Justice announced Thursday. Apple has agreed to pay $6.75 million in civil penalties and establish an $18.25 million fund for back pay to eligible discrimination victims, the DOJ said in a release. Apple was accused of not advertising positions that it wanted to fill through a federal program called Permanent Labor Certification Program or PERM, which allows U.S. companies to recruit workers who can become permanent U.S. residents after completing a number of requirements. The DOJ said that it believed that Apple followed procedures that were designed to favor current Apple employees holding temporary visas who wanted to become permanent employees. In particular, Apple was accused of not advertising positions on its external website and erecting hurdles such as requiring mailed paper applications, which the DOJ alleges means that some applicants to Apple jobs were not properly considered under federal law. "These less effective recruitment procedures deterred U.S. applicants from applying and nearly always resulted in zero or very few mailed applications that Apple considered for PERM-related job positions, which allowed Apple to fill the positions with temporary visa holders," according to the settlement agreement between Apple and DOJ. Apple contests the accusation, according to the agreement, and says that it believes it was following the appropriate Department of Labor regulations. Apple also contests that any failures were the result of inadvertent errors and not discrimination, according to the agreement.Read more of this story at Slashdot.
9to5Mac has found evidence in the iOS 17.2 beta code that hints the company is moving towards enabling sideloading on iOS devices. From the report: iOS 17.2 has a new public framework called "Managed App Distribution." While our first thought was that this API would be related to MDM solutions for installing enterprise apps (which is already possible on iOS), it seems that Apple has been working on something more significant than that. By analyzing the new API, we've learned that it has an extension endpoint declared in the system, which means that other apps can create extensions of this type. Digging even further, we found a new, unused entitlement that will give third-party apps permission to install other apps. In other words, this would allow developers to create their own app stores. The API has basic controls for downloading, installing, and even updating apps from external sources. It can also check whether an app is compatible with a specific device or iOS version, which the App Store already does. Again, this could easily be used to modernize MDM solutions, but here's another thing. We also found references to a region lock in this API, which suggests that Apple could restrict it to specific countries. This wouldn't make sense for MDM solutions, but it does make sense for enabling sideloading in particular countries only when required by authorities -- such as in the European Union. Under the European Union's Digital Markets Act, or DMA, big tech companies will be required to, among other things, allow users to install any apps they want from third-party sources. "In theory, Apple is required to comply with DMA legislation by March 2024," reports 9to5Mac. "The company has even admitted in a Form 10-K filing that it expects to make changes that will impact the App Store's business model."Read more of this story at Slashdot.
An anonymous reader quotes a report from the BBC: The star of long-running videogame review series Zero Punctuation has quit after 16 years. Ben Croshaw, known as Yahtzee, was famous for his very fast, very rude, quickfire opinions on the latest games. His five-minute videos featuring crude cartoon characters were a weekly feature on gaming site The Escapist. But Yahtzee announced he was quitting the site with several colleagues after their editor-in-chief Nick Calandra was fired. He said he wouldn't be taking the Zero Punctuation name with him, but fans would hear his voice again 'soon, in a new place'. Zero Punctuation, launched in 2007, is The Escapist's most popular feature, with videos from the series comfortably outranking others on its YouTube channel. [...] Yahtzee's departure followed Calandra's, who said he was fired by The Escapist's parent company Gamurs for "not achieving goals that were never properly set out for us." The pair were followed out of the door by a number of colleagues, most of them from the site's video team.Read more of this story at Slashdot.
Long-time Slashdot reader cusco writes: Forty years ago today Microsoft introduced its new Graphical User Interface for MS-DOS. Inspired by the Xerox PARC project Alto, as was the Apple Mac, it was their first attempt to address the user unfriendliness of the standard computer interface. Named Windows 1.0 after the "windows" it created to view individual running programs, it generated quite a bit of interest at the initial reveal. Unfortunately, difficulty in ironing out bugs (especially in memory management) delayed release for two years, to November 1985.Read more of this story at Slashdot.
Press2ToContinue writes: 01.AI, a Chinese AI startup, has stockpiled enough Nvidia AI and HPC GPUs to last 18 months, in anticipation of a U.S. export ban. Looks like 01.AI is taking "goo big or go home" to a new level with their GPU shopping spree. They're basically the dragon from "The Hobbit," but instead of gold, they're hoarding Nvidia chips. Maybe they're planning the ultimate LAN party or just really into extreme Minecraft graphics. Either way, it's like they say: "In the land of tech embargoes, the one with the secret GPU stash is king." Or in this case, playing 4D chess while the rest of us are stuck figuring out which port the HDMI cable goes into. "We have stockpiled a lot of Nvidia chips," said 01.AI founder Kai-Fu Lee in an interview with Bloomberg. "The jury is out on whether China in 1.5 years can make equivalent or nearly as good chips." "We will have two parallel universes. Americans will supply their products and technologies to the U.S. and other countries and Chinese companies will build for China and whoever else uses Chinese products. The reality is that they will not compete very much in the same marketplace."Read more of this story at Slashdot.
An anonymous reader quotes a report from Ars Technica: Modern versions of Windows have become more annoying as time has gone on, pushing additional Microsoft products and services on users who are just trying to turn on their computers and get something done. Often, as we've covered, these notifications and reminders ignore or actively push back against user intent -- prompting you to sign up for Microsoft 365 if you already said no, or trying to make you use Edge or Bing after you've already installed Chrome. Microsoft took another step down this path this week when it began testing a new addition to the Windows OneDrive app that would force users to explain themselves when quitting the app. Initially spotted by NeoWin, the survey took the form of a drop-down menu, not unlike the ones you sometimes see when you try to unsubscribe from marketing or fundraising mailing lists. Until you chose an answer from the drop-down, the "quit" button would be grayed out, preventing you from actually closing OneDrive. This was an escalation from the previous behavior, which would ask you if you were sure before allowing you to quit but allowing you to actually click the "quit" button without interacting with any other menus. The old prompt was an explanation; the newer one was an imposition. For its part, Microsoft told The Verge that the new prompt was a test that was only rolled out to a subset of OneDrive users and that the change has been reverted as of a couple of days ago. "Between Nov. 1 and 8, a small subset of consumer OneDrive users were presented with a dialog box when closing the OneDrive sync client, asking for feedback on the reason they chose to close the application," reads Microsoft's statement. "This type of user feedback helps inform our ongoing efforts to enhance the quality of our products."Read more of this story at Slashdot.
The Canadian federal government hired KPMG consultants at a cost of hundreds of thousands of dollars for advice on how to save money on consultants, documents show. From a report: New spending details tabled in Parliament show the department of Natural Resources, led by minister Jonathan Wilkinson, approved $669,650 for KPMG, a global professional services company, to provide managing consulting advice. The department said this work involved developing "recommendations that could be considered as options to ensure that Canadians' tax dollars are being used efficiently and being invested in the priorities that matter most to them." Treasury Board President Anita Anand is currently leading a federal effort to save about $15-billion over five years from existing spending plans. She has promised to release the first wave of details this month. The Natural Resources contract work was part of that department's contribution to the spending reduction effort. The Globe and Mail has reported that federal spending on outsourcing has grown sharply from when the Liberals promised in 2015 to cut back on the use of external consultants. The government has since singled out spending on outsourcing and consultants as an area of focus to find cuts. All federal departments were given a target of Oct. 2 to submit their proposed cuts to Ms. Anand's department for review.Read more of this story at Slashdot.
Despite having a population of just 1,400, until recently, Tokelau's .tk domain had more users than any other country. Here's why: Tokelau, a necklace of three isolated atolls strung out across the Pacific, is so remote that it was the last place on Earth to be connected to the telephone-- only in 1997. Just three years later, the islands received a fax with an unlikely business proposal that would change everything. It was from an early internet entrepreneur from Amsterdam, named Joost Zuurbier. He wanted to manage Tokelau's country-code top-level domain, or ccTLD -- the short string of characters that is tacked onto the end of a URL. Up until that moment, Tokelau, formally a territory of New Zealand, didn't even know it had been assigned a ccTLD. "We discovered the .tk," remembered Aukusitino Vitale, who at the time was general manager of Teletok, Tokelau's sole telecom operator. Zuurbier said "that he would pay Tokelau a certain amount of money and that Tokelau would allow the domain for his use," remembers Vitale. It was all a bit of a surprise -- but striking a deal with Zuurbier felt like a win-win for Tokelau, which lacked the resources to run its own domain. In the model pioneered by Zuurbier and his company, now named Freenom, users could register a free domain name for a year, in exchange for having advertisements hosted on their websites. If they wanted to get rid of ads, or to keep their website active in the long term, they could pay a fee. In the succeeding years, tiny Tokelau became an unlikely internet giant -- but not in the way it may have hoped. Until recently, its .tk domain had more users than any other country's: a staggering 25 million. But there has been and still is only one website actually from Tokelau that is registered with the domain: the page for Teletok. Nearly all the others that have used .tk have been spammers, phishers, and cybercriminals. Everyone online has come across a .tk -- even if they didn't realize it. Because .tk addresses were offered for free, unlike most others, Tokelau quickly became the unwitting host to the dark underworld by providing a never-ending supply of domain names that could be weaponized against internet users. Scammers began using .tk websites to do everything from harvesting passwords and payment information to displaying pop-up ads or delivering malware.Read more of this story at Slashdot.
Slashdot