Slashdot

Breached web sites distribute malware to visitors by claiming they need to update their browser. But one group of attackers "have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement," reports security researcher Brian Krebs. "By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain." [W]hen Cloudflare blocked those accounts the attackers began storing their malicious files as cryptocurrency transactions in the Binance Smart Chain (BSC), a technology designed to run decentralized apps and "smart contracts," or coded agreements that execute actions automatically when certain conditions are met. Nati Tal, head of security at Guardio Labs, the research unit at Tel Aviv-based security firm Guardio, said the malicious scripts stitched into hacked WordPress sites will create a new smart contract on the BSC Blockchain, starting with a unique, attacker-controlled blockchain address and a set of instructions that defines the contract's functions and structure. When that contract is queried by a compromised website, it will return an obfuscated and malicious payload. "These contracts offer innovative ways to build applications and processes," Tal wrote along with his Guardio colleague Oleg Zaytsev. "Due to the publicly accessible and unchangeable nature of the blockchain, code can be hosted 'on-chain' without the ability for a takedown." Tal said hosting malicious files on the Binance Smart Chain is ideal for attackers because retrieving the malicious contract is a cost-free operation that was originally designed for the purpose of debugging contract execution issues without any real-world impact. "So you get a free, untracked, and robust way to get your data (the malicious payload) without leaving traces," Tal said. In response to questions from KrebsOnSecurity, the BNB Smart Chain (BSC) said its team is aware of the malware abusing its blockchain, and is actively addressing the issue. The company said all addresses associated with the spread of the malware have been blacklisted, and that its technicians had developed a model to detect future smart contracts that use similar methods to host malicious scripts. "This model is designed to proactively identify and mitigate potential threats before they can cause harm," BNB Smart Chain wrote. "The team is committed to ongoing monitoring of addresses that are involved in spreading malware scripts on the BSC. To enhance their efforts, the tech team is working on linking identified addresses that spread malicious scripts to centralized KYC [Know Your Customer] information, when possible."Read more of this story at Slashdot.

"The major online platforms are breaking up with news," reports the New York Times:Campbell Brown, Facebook's top news executive, said this month that she was leaving the company. Twitter, now known as X, removed headlines from the platform days later. The head of Instagram's Threads app, an X competitor, reiterated that his social network would not amplify news. Even Google - the strongest partner to news organizations over the past 10 years - has become less dependable, making publishers more wary of their reliance on the search giant. The company has laid off news employees in two recent team reorganizations, and some publishers say traffic from Google has tapered off... Some executives of the largest tech companies, like Adam Mosseri at Instagram, have said in no uncertain terms that hosting news on their sites can often be more trouble than it is worth because it generates polarized debates... Publishers seem resigned to the idea that traffic from the big tech companies will not return to what it once was. Even in the long-fractious relationship between publishers and tech platforms, the latest rift stands out - and the consequences for the news industry are stark. Many news companies have struggled to survive after the tech companies threw the industry's business model into upheaval more than a decade ago. One lifeline was the traffic - and, by extension, advertising - that came from sites like Facebook and Twitter. Now that traffic is disappearing. Top news sites got about 11.5% of their web traffic in the United States from social networks in September 2020, according to Similarweb, a data and analytics company. By September this year, it was down to 6.5%... The sharp decline in referral traffic from social media platforms over the past two years has hit all news publishers, including The New York Times. The Wall Street Journal noticed a decline starting about 18 months ago, according to a recording of a September staff meeting obtained by the Times. "We are at the mercy of social algorithms and tech giants for much of our distribution," Emma Tucker, the Journal's editor-in-chief, told the newsroom in the meeting... Google cut some members of its news partnership team in September, and this week it laid off as many as 45 workers from its Google News team, the Alphabet Workers Union said. (The Information, a tech news website, reported the Google News layoffs earlier.) "We've made some internal changes to streamline our organization," Jenn Crider, a Google spokesperson, said in a statement... Jaffer Zaidi [Google's vice president of global news partnerships], wrote in an internal memo reviewed by the Times that the team would be adopting more artificial intelligence. "We had to make some difficult decisions to better position our team for what lies ahead," he wrote... Privately, a number of publishers have discussed what a post-Google traffic future may look like and how to better prepare if Google's AI products become more popular and further bury links to news publications.Read more of this story at Slashdot.

Images from the James Webb Space Telescope "don't match scientists' models of how the universe formed," reports the Washington Post. "But it might not be time to dump the standard model of cosmology yet. "A recent analysis in the Astrophysical Journal Letters suggests an explanation for the surprisingly massive-seeming galaxies: brilliant, extremely bright bursts of newborn stars. The galaxies photographed by the telescope looked far too mature and large to have formed so fully so soon after the universe began, raising questions about scientists' assumptions of galaxy formation. But when researchers ran a variety of computer simulations of the universe's earliest days, they discovered that the galaxies probably are not as large as they seem. Instead, they attribute their brightness to a phenomenon called "bursty star formation." As clouds of dust and debris collapse, they form dense, high-temperature cores and become stars. Bursty galaxies spit out new stars in intermittent, bright bursts instead of creating stars more consistently. Usually, these galaxies are low in mass and take long breaks between starbursts. Because the galaxies in question look so bright in photos produced by the Webb telescope, scientists at first thought they were older and more massive. But bursty systems with the ability to produce extremely bright, abundant light may appear more massive than they really are. "Not only does this finding explain why young galaxies appear deceptively massive, it also fits within the standard model of cosmology," explains the announcement:In the new study, Guochao Sun, who led the study, Northwestern's, Claude-Andre Faucher-Giguere, the study's senior author, and their team used advanced computer simulations to model how galaxies formed right after the Big Bang. The simulations produced cosmic dawn galaxies that were just as bright as those observed by the JWST... Although other astrophysicists have hypothesized that bursty star formation could be responsible for the unusual brightness of galaxies at cosmic dawn, the Northwestern researchers are the first to use detailed computer simulations to prove it is possible. And they were able to do so without adding new factors that are unaligned with our standard model of the universe.Read more of this story at Slashdot.

Nearly two dozen species are being taken off America's endangered species list, reports CBS News, "because they are extinct, the U.S. Fish and Wildlife Service said Monday."Most of the species were listed under the Endangered Species Act in the 1970s or 1980s and were very low in numbers or likely already extinct at the time of listing. In the years since, "rigorous reviews of the best available science" have been conducted to determine whether the animals are extinct. "Federal protection came too late to reverse these species' decline, and it's a wake-up call on the importance of conserving imperiled species before it's too late," Service Director Martha Williams said. Scientists in 2019 warned that worldwide, 1 million species of plants and animals were at risk of extinction. There are more than 1,300 species listed as either endangered or threatened in the United States under the Endangered Species Act. The 21 species being removed include one mammal, 10 types of birds, two species of fish and eight types of mussels. Eight of the 21 species were found in Hawaii. From the agency's announcement:The 21 species extinctions highlight the importance of the Endangered Species Act and efforts to conserve species before declines become irreversible. The circumstances of each also underscore how human activity can drive species decline and extinction by contributing to habitat loss, overuse, and the introduction of invasive species and diseases... The Endangered Species Act has been highly effective and credited with saving 99% of listed species from extinction. Thus far, more than 100 species of plants and animals have been delisted based on recovery or reclassified from endangered to threatened based on improved conservation status, and hundreds more species are stable or improving thanks to the collaborative actions of Tribes, federal agencies, state and local governments, conservation organizations and private citizens. An official from the agency said in the announcement "The ultimate goal is to recover these species, so they no longer need the Act's protection."Read more of this story at Slashdot.

An anonymous reader quotes a report from CNN: China has unveiled plans to restrict exports of graphite -- a mineral crucial to the manufacture of batteries for electric vehicles (EVs) -- on national security grounds, the Ministry of Commerce and the General Administration of Customs said Friday. The announcement comes just days after the United States imposed additional limits on the kinds of semiconductors that American companies can sell to Chinese firms. China, which dominates the world's production and processing of graphite, says export permits will be needed, starting in December, for synthetic graphite material -- including high-purity, high-strength and high-density versions -- as well as for natural flake graphite. [...] According to the US Geological Survey (PDF), the market for graphite used in batteries has grown 250% globally since 2018. China was the world's leading graphite producer last year, accounting for an estimated 65% of global production, it said. Besides EVs, graphite is commonly used in the semiconductor, aerospace, chemical and steel industries. The export curbs were announced as China faces pressure from multiple governments over its commercial and trade practices. For more than a year, it has been embroiled in a tech war with the United States and its allies in Europe and Asia over access to advanced chips and chipmaking equipment. "At the moment both China and Western countries are engaged in a tit for tat, highlighting how protectionist measures often spread. Newton's third law that every action causes a reaction applies here, too," said Stefan Legge, head of tax and trade policy research at the University of St Gallen in Switzerland. "At the same time, both sides of the dispute also realize how costly it is if geopolitics trumps economics," he added.Read more of this story at Slashdot.

Stephen Clark reports via Ars Technica: Earlier this week, SpaceX launched for the 75th time this year, continuing a flight cadence that should see the company come close to 100 missions by the end of December. SpaceX plans to kick its launch rate into a higher gear in 2024. This will be largely driven by launches of upgraded Starlink satellites with the ability to connect directly with consumer cell phones, a service SpaceX calls "Starlink Direct to Cell," a company official told Ars this week. The goal next year is 12 launches per month, for a total of 144 Falcon rocket flights. Like this year, most of those missions will be primarily devoted to launching Starlink broadband satellites. So far in 2023, more than 60 percent of SpaceX's launches have delivered the company's own Starlink satellites into orbit. Here are some numbers. Last year, SpaceX launched 61 missions. In 2021, the number was 31. In the last 12 months, SpaceX has launched 88 Falcon rockets, plus one test flight of the company's much larger Starship rocket. SpaceX's success in recovering and reusing Falcon 9 boosters and payload fairings has been vital to making this possible. SpaceX has gone past the original goal of launching each Falcon 9 booster 10 times before a major overhaul, first to 15 flights, and then recently certifying boosters for up to 20 missions. Technicians can swap out parts like engines, fins, landing legs, and valves that malfunction in flight or show signs of wear. With so many launches planned next year, 20 flights is probably not a stopping point. "We might go a little higher," the SpaceX official said. SpaceX may also see an uptick in missions for external customers, like NASA, the U.S. Space Force, and commercial companies. "External demand for Falcon 9 and Falcon Heavy launches is 'steady,' the official said, but some customers that had launches scheduled for this year encountered delays with their satellites, moving them into 2024."Read more of this story at Slashdot.

Karen K. Ho reports via ARTnews: British Museum has announced plans to digitize its entire collection in order to increase security and public access, as well as ward off calls for the repatriation of items. The project will require 2.4 million records to upload or upgrade and is estimated to take five years to complete. The museum's announcement on October 18 came after the news 2,000 items had been stolen from the institution by a former staff member, identified in news reports as former curator Peter Higgs. About 350 have been recovered so far, and last month the museum launched a public appeal for assistance. [...] On the same day the British Museum announced its digitization initiative, Jones and board chairman George Osborne gave oral evidence to the UK Parliament's Culture, Media and Sport Committee. Their comments included an explanation of how the thefts occurred, policy changes made as a result, and how the museum will handle whistleblower complaints going forward. They also gave more details about the British Museum's strategy for digitizing its collection, estimated at a cost of $12.1 million. "We are not asking the taxpayer or the Government for the money; we hope to raise it privately," Osborne said. The increased digital access to the collection would also be part of the museum's response to requests for items to be returned or repatriated. "Part of our response can be: "They are available to you. Even if you cannot visit the museum, you are able to access them digitally." That is already available -- we have a pretty good website -- but we can use this as a moment to make that a lot better and a lot more accessible," Osborne said.Read more of this story at Slashdot.

An anonymous reader quotes a report from NBC News: The Supreme Court on Friday blocked in full a lower court ruling that would have curbed the Biden administration's ability to communicate with social media companies about contentious content on such issues as Covid-19. The decision in a short unsigned order (PDF) puts on hold a Louisiana-based judge's ruling in July that specific agencies and officials should be barred from meeting with companies to discuss whether certain content should be stifled. The Supreme Court also agreed to immediately take up the government's appeal, meaning it will hear arguments and issue a ruling on the merits in its current term, which runs until the end of June. Three conservative justices noted that they would have denied the application: Samuel Alito, Clarence Thomas and Neil Gorsuch. "At this time in the history of our country, what the court has done, I fear, will be seen by some as giving the government a green light to use heavy-handed tactics to skew the presentation of views on the medium that increasingly dominates the dissemination of news. That is most unfortunate," Alito wrote in a dissenting opinion. GOP attorneys general in Louisiana and Missouri, along with five social media users, filed the underlying lawsuit, alleging that U.S. government officials went too far in what they characterize as coercion of social media companies to address posts, especially those related to Covid-19. The individual plaintiffs include Covid-19 lockdown opponents and Jim Hoft, the owner of the right-wing website Gateway Pundit. They claim that the government's actions violated free speech protections under the Constitution's First Amendment.Read more of this story at Slashdot.

Shakrai writes: Multiple outlets are reporting that Apple TV Plus has cancelled Jon Stewart's popular show The Problem with Jon Stewart, reportedly over editorial disagreements with regards to planned stories on the People's Republic of China and AI. Fans and haters of Apple will both recall that Apple recently made changes to AirDrop, one of the few effective means Chinese dissidents and protesters had for exchanging information off-grid at scale, and will ask why Apple is apparently not only willing, but eager, to carry water for the PRC, overriding both human rights and practical business concerns in the process. "Apple approached Stewart directly and expressed its need for the host and his team to be 'aligned' with the company's views on topics discussed," reports The Verge, citing The Hollywood Reporter. "Rather than falling in line when Apple threatened to cancel the show, Stewart reportedly decided to walk."Read more of this story at Slashdot.

Umar Shakir reports via The Verge: Amazon is fulfilling a small part of its promise to switch from using plastic bubble mailers and air pillows to all recyclable paper packaging for its shipments. The company announced that it has outfitted one facility in Euclid, Ohio, with an upgraded packaging machine that can automatically fold custom-fit boxes to wrap some products, use paper mailers for small items, and slide in paper fillers instead of plastic ones in standard boxes. As Amazon transitions over to curbside recyclable packaging, it will "reduce the company's plastic waste and the amount of plastic pollution that can reach the seas," says Matt Littlejohn, senior vice president of Oceana, a conservation organization. However, Littlejohn questions Amazon's commitment to end plastic use in the US, its largest market, compared to the commitments it made for the UK, Germany, and other markets. Amazon says it'll be a "multiyear effort" to move US warehouses to recyclable paper. "Unfortunately, Amazon, in this announcement, did not make a clear, quantifiable, and time-bound commitment, so it is unclear when, where, and how much real plastic reduction there will be," Littlejohn says.Read more of this story at Slashdot.

echo123 shares a report from the Associated Press: Thousands of information technology workers contracting with U.S. companies have for years secretly sent millions of dollars of their wages to North Korea for use in its ballistic missile program, FBI and Department of Justice officials said. The Justice Department said Wednesday that IT workers dispatched and contracted by North Korea to work remotely with companies in St. Louis and elsewhere in the U.S. have been using false identities to get the jobs. The money they earned was funneled to the North Korean weapons program, FBI leaders said at a news conference in St. Louis. Court documents allege that North Korea's government dispatched thousands of skilled IT workers to live primarily in China and Russia with the goal of deceiving businesses from the U.S. and elsewhere into hiring them as freelance remote employees. The workers used various techniques to make it look like they were working in the U.S., including paying Americans to use their home Wi-Fi connections, said Jay Greenberg, special agent in charge of the St. Louis FBI office. Greenberg said any company that hired freelance IT workers "more than likely" hired someone participating in the scheme. An FBI spokeswoman said Thursday that the North Koreans contracted with companies across the U.S. and in some other countries. "We can tell you that there are thousands of North Korea IT workers that are part of this," spokeswoman Rebecca Wu said. Federal authorities announced the seizure of $1.5 million and 17 domain names as part of the investigation, which is ongoing. FBI officials said the scheme is so prevalent that companies must be extra vigilant in verifying whom they are hiring, including requiring interviewees to at least be seen via video. The IT workers generated millions of dollars a year in their wages to benefit North Korea's weapons programs. In some instances, the North Korean workers also infiltrated computer networks and stole information from the companies that hired them, the Justice Department said. They also maintained access for future hacking and extortion schemes, the agency said. Officials didn't name the companies that unknowingly hired North Korean workers, say when the practice began, or elaborate on how investigators became aware of it. But federal authorities have been aware of the scheme for some time.Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: U.S. measures to limit the export of advanced artificial intelligence (AI) chips to China may create an opening for Huawei to expand in its $7 billion home market as the curbs force Nvidia to retreat, analysts say. While Nvidia has historically been the leading provider of AI chips in China with a market share exceeding 90%, Chinese firms including Huawei have been developing their own versions of Nvidia's best-selling chips, including the A100 and the H100 graphics processing units (GPU). Huawei's Ascend AI chips are comparable to Nvidia's in terms of raw computing power, analysts and some AI firms such as China's iFlyTek say, but they still lag behind in performance. Jiang Yifan, chief market analyst at brokerage Guotai Junan Securities, said another key limiting factor for Chinese firms was the reliance of most projects on Nvidia's chips and software ecosystem, but that could change with the U.S. restrictions. "This U.S. move, in my opinion, is actually giving Huawei's Ascend chips a huge gift," Jiang said in a post on his social media Weibo account. This opportunity, however, comes with several challenges. Many cutting edge AI projects are built with CUDA, a popular programming architecture Nvidia has pioneered, which has in turn given rise to a massive global ecosystem that has become capable of training highly sophisticated AI models such as OpenAI's GPT-4. Huawei own version is called CANN, and analysts say it is much more limited in terms of the AI models it is capable of training, meaning that Huawei's chips are far from a plug-and-play substitute for Nvidia. Woz Ahmed, a former chip design executive turned consultant, said that for Huawei to win Chinese clients from Nvidia, it must replicate the ecosystem Nvidia created, including supporting clients to move their data and models to Huawei's own platform. Intellectual property rights are also a problem, as many U.S. firms already hold key patents for GPUs, Ahmed said. "To get something that's in the ballpark, it is 5 or 10 years," he added.Read more of this story at Slashdot.

Long-time Slashdot reader Noryungi writes: OpenBSD 7.4 has been officially released. The 55th release of this BSD operating system, known for being security oriented, brings a lot of new things, including dynamic tracer, pfsync improvements, loads of security goodies and virtualization improvements. Grab your copy today! As mentioned by Phoronix's Michael Larabel, some of the key highlights include: - Dynamic Tracer (DT) and Utrace support on AMD64 and i386 OpenBSD- Power savings for those running OpenBSD 7.4 on Apple Silicon M1/M2 CPUs by allowing deep idle states when available for the idle loop and suspend- Support for the PCIe controller found on Apple M2 Pro/Max SoCs- Allow updating AMD CPU Microcode updating when a newer patch is available- A workaround for the AMD Zenbleed CPU bug- Various SMP improvements- Updating the Direct Rendering Manager (DRM) graphics driver support against the upstream Linux 6.1.55 state- New drivers for supporting various Qualcomm SoC features- Support for soft RAID disks was improved for the OpenBSD installer- Enabling of Indirect Branch Tracking (IBT) on x86_64 and Branch Target Identifier (BTI) on ARM64 for capable processorsYou can download and view all the new changes via OpenBSD.org.Read more of this story at Slashdot.

An anonymous reader shares a Tom's Hardware report: Unfortunately, a default setting in Windows 11 Pro, having its software BitLocker encryption enabled, robs as much as 45 percent of the speed from your SSD as it forces your processor to encrypt and decrypt everything. According to our tests, random writes and reads -- which affect the overall performance of your PC -- get hurt the most, but even large sequential transfers are affected. While many SSDs come with hardware-based encryption, which does all the processing directly on the drive, Windows 11 Pro force-enables the software version of BitLocker during installation, without providing a clear way to opt out. (You can circumvent this with tools like Rufus, if you want, though that's obviously not an official solution as it allows users to bypass the Microsoft's intent.) If you bought a prebuilt PC with Windows 11 Pro, there's a good chance software BitLocker is enabled on it right now. Windows 11 Home doesn't support BitLocker so you won't have encryption enabled there. To find out just how much software BitLocker impacts performance, we ran a series of tests with three scenarios: unencrypted (no BitLocker), software BitLocker (the Windows 11 Pro default), and with hardware BitLocker (OPAL) enabled. While the software encryption increased latency and decreased transfer rates, hardware encryption and no encryption at all were basically tied. If you have software BitLocker enabled, you may want to change your settings.Read more of this story at Slashdot.

Toyota and BMW are two of the latest automakers to announce they're adopting Tesla's North American Charging System (NACS) plug for their North American EVs, giving drivers access to Tesla's Supercharger network. Ars Technica reports: BMW's announcement applies to all its car brands, which means that in addition to EVs like the BMW i5 or i7, it's also swapping over to NACS for the upcoming Mini EVs as well as the Rolls-Royce Spectre. BMW will start adding native NACS ports to its EVs in 2025, and that same year its customers will gain access to the Tesla Supercharger network. BMW's release doesn't explicitly mention a CCS1-NACS adapter being made available, but it does say that BMW (and Mini and Rolls-Royce) EVs with CCS1 ports will be able to use Superchargers from early 2025. Similarly, the Toyota news applies to its brand as well as Lexus. Toyota says that it will start incorporating NACS ports into "certain Toyota and Lexus BEVs starting in 2025." And customers with Toyota or Lexus EVs that have a CCS1 port will be offered an adapter allowing them to use NACS chargers, also in 2025. And -- you guessed it -- 2025 is when Toyota and Lexus EVs gain access to the Supercharger network. While virtually all the brands that sell EVs in the North American market have announced the switch, there are still a couple holdouts. Stellantis has yet to make the switch, "meaning Alfa Romeo, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram are all sticking with CCS1 for now," reports Ars. "Volkswagen Group has also yet to take the plunge, which means that Audi and Porsche are also staying with CCS1 for now, as well as the soon-to-be-reborn Scout brand." That said, they're expected to announce a switch to the NACS plug any day now.Read more of this story at Slashdot.

An anonymous reader quotes a report from Krebs on Security: Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a "very small number" of customers, however it appears the hackers responsible had access to Okta's support platform for at least two weeks before the company fully contained the intrusion. In an advisory sent to an undisclosed number of customers on Oct. 19, Okta said it "has identified adversarial activity that leveraged access to a stolen credential to access Okta's support case management system. The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases." Okta explained that when it is troubleshooting issues with customers it will often ask for a recording of a Web browser session (a.k.a. an HTTP Archive or HAR file). These are sensitive files because in this case they include the customer's cookies and session tokens, which intruders can then use to impersonate valid users. "Okta has worked with impacted customers to investigate, and has taken measures to protect our customers, including the revocation of embedded session tokens," their notice continued. "In general, Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it." Okta has published a blog post about this incident that includes some "indicators of compromise" that customers can use to see if they were affected. But the company stressed that "all customers who were impacted by this have been notified. If you're an Okta customer and you have not been contacted with another message or method, there is no impact to your Okta environment or your support tickets." The security firm BeyondTrust is among the Okta customers who was involved in the breach. "BeyondTrust Chief Technology Officer Marc Maiffret said that [Okta's] alert came more than two weeks after his company alerted Okta to a potential problem," reports Krebs. They have also published a blog post detailing their findings.Read more of this story at Slashdot.

Can you heat up a pan to 30,000 degrees Fahrenheit? That's the burning question at the center of this proposed class action lawsuit, which claims the advertising for SharkNinja's nonstick cookware violates the laws of physics and thermodynamics. From a report: While SharkNinja is the company best known for its Shark robovacs and Ninja kitchen gadget, this lawsuit takes issue with the Ninja NeverStick Premium Cookware collection, a line of pots and pans it advertises as having superior nonsticking and nonflaking qualities thanks to its manufacturing process. Instead of making its pans at a measly 900-degree temperature that other brands use, SharkNinja says it heats up the cookware to a maximum of 30,000 degrees Fahrenheit. That process, according to SharkNinja, fuses "plasma ceramic particles" to the surface of the pan, "creating a super-hard, textured surface that interlocks with our exclusive coating for a superior bond." But Patricia Brown, the person who filed this lawsuit, isn't buying it. As cited in Brown's lawsuit, NASA recently said the "surface of the Sun is a blisteringly hot 10,340 degrees Fahrenheit," meaning SharkNinja's manufacturing process reaches about three times that temperature.Read more of this story at Slashdot.

Redis, the go-to in-memory database used as a cache and system broker, is looking to include disk as part of a tiered storage architecture to reduce costs and broaden the system's appeal. From a report: Speaking to The Register, CEO Rowan Trollope said he hoped the move would help customers lower costs and simplify their architecture. Redis counts Twitter X, Snapchat, and Craigslist among its customers, and it's popular among developers of modern internet-scale applications owing to its ability to create a cache to prevent the main database from overloading. Trollope said the sub-millisecond distributed system gives devs the performance they need, but admitted other systems built for internet scale, such as MongoDB, might offer price advantages. To address this, the company has already created a tiered approach to memory by offering flash support behind its in-memory system. "We have a half-step between disk and memory. For some specific use cases, in gaming for example, a company might use us for leaderboards and other in-game stats, which they need in real time," he said. However, after an initial flush of the game launch, a large chunk of users would finish the game and their accounts would go dormant until the release of a new episode or some new content, when they might return. Trollope said using flash allowed users to dynamically tier memory. "We can take the lesser-used data that hasn't been touched in a while and shuttle it off to flash where it can sit for a while. When the user comes back eventually, it's very easy for us to seamlessly move it from flash back into memory. And that allows the company to save costs," he said.Read more of this story at Slashdot.

Nvidia Research announced today that it has developed a new AI agent, called Eureka, that is powered by OpenAI's GPT-4 and can autonomously teach robots complex skills. From a report: In a blog post, the company said Eureka, which autonomously writes reward algorithms, has, for the first time, trained a robotic hand to perform rapid pen-spinning tricks as well as a human can. Eureka has also taught robots to open drawers and cabinets, toss and catch balls, and manipulate scissors, among nearly 30 tasks. "Reinforcement learning has enabled impressive wins over the last decade, yet many challenges still exist, such as reward design, which remains a trial-and-error process," Anima Anandkumar, senior director of AI research at Nvidia and an author of the Eureka paper, said in the blog post. "Eureka is a first step toward developing new algorithms that integrate generative and reinforcement learning methods to solve hard tasks."Read more of this story at Slashdot.

An anonymous reader shares a report: A brain-inspired computer chip that could supercharge artificial intelligence by working faster with much less power has been developed by researchers at IBM in San Jose, California. Their massive NorthPole processor chip eliminates the need to frequently access external memory, and so performs tasks such as image recognition faster than existing architectures do -- while consuming vastly less power. "Its energy efficiency is just mind-blowing," says Damien Querlioz, a nanoelectronics researcher at the University of Paris-Saclay in Palaiseau. The work, published in Science, shows that computing and memory can be integrated on a large scale, he says. "I feel the paper will shake the common thinking in computer architecture." NorthPole runs neural networks: multi-layered arrays of simple computational units programmed to recognize patterns in data. A bottom layer takes in data, such as the pixels in an image; each successive layer detects patterns of increasing complexity and passes information on to the next layer. The top layer produces an output that, for example, can express how likely an image is to contain a cat, a car or other objectRead more of this story at Slashdot.

Gaming analytics and esports brand company Gamesquare, which counts Dallas Cowboys owner Jerry Jones as one of its investors, is acquiring the struggling gaming influencer group Faze Clan. From a report: The all-stock deal is worth about $17 million, Bloomberg reports, a steep drop-off from Faze's $725-million valuation at the time of its special purpose acquisition company, SPAC, merger in July of 2022. Since the SPAC made it publicly traded on the Nasdaq exchange, Faze Clan, like much of the esports industry, has struggled, with the company posting a $28.4-million loss "through the first half of 2023," according to Bloomberg. Last month, Faze Clan's troubles reached an inflection point that led to the firing of CEO Lee Trink, who once compared the company to the rise of hip-hop during an interview on The Vergecast.Read more of this story at Slashdot.

Pfizer this week revealed that it raised the list price of a course of Paxlovid -- its lifesaving antiviral drug used to reduce the risk of severe COVID-19 in those most vulnerable -- to nearly $1,400, more than double the roughly $530 the US government has paid for the treatment in the emergency phase of the pandemic. From a report: Pfizer CEO Albert Bourla had noted in an investor call at the beginning of the week that the company would increase the price of Paxlovid as it moves from government distribution to the commercial market at the end of this year. But, he did not announce the new list price then. Instead, the company revealed the more than twofold increase in a letter to pharmacies and clinics dated Wednesday. The Wall Street Journal was the first to report the list price of $1,390 after viewing the letter. A Pfizer spokesperson told the Journal that "pricing for Paxlovid is based on the value it provides to patients, providers, and health care systems due to its important role in helping reduce COVID-19-related hospitalizations and deaths." A cost-effectiveness analysis last year determined the value of Paxlovid at between $563 and $906 per treatment course, according to nonprofit drug-pricing watchdog The Institute for Clinical and Economic Review.Read more of this story at Slashdot.

The popular messaging app Telegram can leak your IP address if you simply add a hacker to your contacts and accept a phone call from them. From a report: Denis Simonov, a security researcher, who is also known as n0a, recently highlighted the issue and wrote a simple tool to exploit it. TechCrunch verified the researcher's findings by adding Simonov to the contacts of a newly created Telegram account. Simonov then called the account, and shortly after provided TechCrunch with the IP address of the computer where the experiment was being carried out. Telegram boasts 700 million users all over the world, and has always marketed itself as a "secure" and "private" messaging app, even though experts have repeatedly warned that Telegram is not as secure as end-to-end encrypted app Signal, for example. The fact that Telegram leaks your IP address to people in your contacts during a voice call has been known for years, but it's likely that new, less technical users may not be aware.Read more of this story at Slashdot.

A critical vulnerability that hackers have exploited since August, which allows them to bypass multifactor authentication in Citrix networking hardware, has received a patch from the manufacturer. Unfortunately, applying it isn't enough to protect affected systems. ArsTechnica: The vulnerability, tracked as CVE-2023-4966 and carrying a severity rating of 9.8 out of a possible 10, resides in the NetScaler Application Delivery Controller and NetScaler Gateway, which provide load balancing and single sign-on in enterprise networks, respectively. Stemming from a flaw in a currently unknown function, the information-disclosure vulnerability can be exploited so hackers can intercept encrypted communications passing between devices. The vulnerability can be exploited remotely and with no human action required, even when attackers have no system privileges on a vulnerable system. Citrix released a patch for the vulnerability last week, along with an advisory that provided few details. On Wednesday, researchers from security firm Mandiant said that the vulnerability has been under active exploitation since August, possibly for espionage against professional services, technology, and government organizations. Mandiant warned that patching the vulnerability wasn't sufficient to lock down affected networks because any sessions hijacked before the security update would persist afterward.Read more of this story at Slashdot.

New submitter flashpoint31415 writes: Amazon is now giving managers leeway to effectively fire employees who fail to meet the company's three-times-a-week, return-to-office mandate.The guidelines tell managers to first hold a private conversation with employees who don't comply with the three-times-a-week requirement. Then, managers have to document the discussion in a follow-up email. If the employee continues to refuse to come in, the manager should hold another meeting, and if needed, take disciplinary action that includes a termination of employment.Giving managers the ability to fire employees for non-compliance is the strongest measure Amazon has taken over its return-to-office policy.Read more of this story at Slashdot.

Acting on information from Microsoft and Amazon, India's Central Bureau of Investigation (CBI) has raided alleged fake tech support operators and other tech-related crims across the country. From a report: The Bureau shared news of a Thursday operation that saw it conduct 76 searches in relation to five cases. The Bureau stated its effort "was conducted in collaboration with national and international agencies, alongside private sector giants," and described two of its targets as international tech support fraud scams that "impersonated a global IT major and a multinational corporation with an online technology-driven trading platform." The alleged scammers operated call centers in five regions of India and "systematically preyed on foreign nationals, masquerading as technical support representatives" for at least five years. The scammers sent users pop-up messages that appeared to come from multinational companies and advised of PC problems -- with a toll-free number at which assistance could be had. Victims who called the fakers had their PCs taken over, and were charged hundreds of dollars for a fix.Read more of this story at Slashdot.

Buckeye, Arizona, is eyeing 'crazy' ideas to keep growing, including piping water hundreds of miles uphill from Mexico. From a report: Arizona, stressed by years of drought, has declared its housebuilding boom will have to be curbed due to a lack of water but one of its fastest-growing cities is refusing to give up its relentless march into the desert -- even if it requires constructing a pipeline that would bring water across the border from Mexico. The population of Buckeye, located 35 miles west of Phoenix, has doubled over the past decade to just under 120,000 and it is now priming itself to eventually become one of the largest cities in the US west. The city's boundaries are vast -- covering an area stretching out into the Sonoran Desert that would encompass two New York Cities -- and so are its ambitions. Buckeye expects to one day contain as many as 1.5 million people, rivaling or even surpassing Phoenix -- the sixth largest city in the US that uses roughly 2bn gallons of water a day -- by sprawling out the tendrils of suburbia, with its neat lawns, snaking roads and large homes, into the baking desert. Arizona's challenging water situation appears a major barrier to such hopes, however. In June, the state announced that new uses of its groundwater have essentially hit a limit, placing restrictions on house building, just a few months after the state lost a fifth of its water allocation from the ailing Colorado River. There isn't enough water beneath Buckeye to support homes not already being built, Arizona's water department has said. But the city is embarking upon an extraordinary scramble to find water from other sources -- by recycling it, purchasing it or importing it -- to maintain the sort of hurtling growth that continues to propel the US west even in an era of climate crisis. "Personally, my view is that we are still full steam ahead," said Eric Orsborn, Buckeye's ebullient mayor. Orsborn said he understands the state has to be "really careful" with water resources but that the city is exploring "options to keep us going and allow us to continue to grow at the rate that we want to grow."Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: The U.S. Securities and Exchange Commission dropped claims against two Ripple Labs executives in its lawsuit alleging the blockchain company violated U.S. securities law, according to a court filing in New York on Thursday. The agency said in court papers it is dropping claims that Ripple Chief Executive Brad Garlinghouse and co-founder Chris Larsen aided and abetted sales of the cryptocurrency XRP which a judge has found amounted to unregistered sales of securities. In its December 2020 lawsuit, the SEC accused Ripple of illegally raising more than $1.3 billion in an unregistered securities offering by selling XRP. U.S. District Judge Analisa Torres in Manhattan granted Ripple a partial win in the case in July, finding that sales of XRP on public exchanges were not unregistered securities offerings. Torres subsequently rejected a request by the SEC to appeal that ruling. She also ruled partly in the SEC's favor, saying the agency had shown the company's $728.9 million of XRP sales to hedge funds and other sophisticated buyers had violated the law. Garlinghouse and Larsen, who have harshly criticized the SEC throughout the case, issued lengthy statements accusing the agency of a political agenda to, in Larsen's words, "suffocate crypto in America." "Instead of looking for the criminals stealing customer funds on offshore exchanges that were courting political favor, the SEC went after the good guys," Garlinghouse said, an apparent reference to Sam Bankman-Fried, founder of crypto exchange FTX. The agency said in its papers that the next step in the case is for both sides to present to the judge on what the appropriate penalty is for Ripple.Read more of this story at Slashdot.

Is Google laying the groundwork for a true challenger to language learning apps like Duolingo, Memrise and Babbel? In a blog post on Thursday, the search giant announced that it's rolling out a new Google Search feature designed to help people improve their English speaking skills. TechCrunch's Kyle Wiggers reports: Rolling out over the next few days for Search on Android devices in Argentina, Colombia, India, Indonesia, Mexico and Venezuela, with more countries and languages to come in the future, the new feature will provide interactive speaking practice for language learners translating to or from English, Google writes in a blog post. "Google Search is already a valuable tool for language learners, providing translations, definitions, and other resources to improve vocabulary," reads the the post, attributed to Google Research director Christian Plagemann and product manager Katya Cox. "Now, learners translating to or from English on their Android phones will find a new English speaking practice experience with personalized feedback." The new experience presents Search users with prompts and asks them to speak the answers using a provided vocabulary word. During each practice session, which last 3 to 5 minutes, Search gives personalized feedback -- and the option to sign up for daily reminders to keep practicing and advance to the next stage of difficulty. How personalized is it, exactly? Well, according to Google, the experience gives semantic feedback -- indicating whether a response was relevant to a given question and comprehensible to a theoretical conversation partner. It also recommends areas where grammar could be improved, and, to give concrete suggestions for alternative ways to respond, provides a set of example answers at varying levels of language complexity. During practice sessions, learners can tap on any word they don't understand to see a translation of that word that considers the word in context. "Designed to be used alongside other learning services and resources, like personal tutoring, mobile apps and classes, the new speaking practice feature on Google Search is another tool to assist learners on their journey," Plagemann and Cox write. [...] "We look forward to expanding to more countries and languages in the future, and to start offering partner practice content soon," Plagemann and Cox continued. "With these latest updates, which will roll out over the next few days, Google Search has become even more helpful."Read more of this story at Slashdot.

Tereza Pultarova reports via Space.com: Light pollution is a growing threat to astronomy, but a new streetlamp technology could restore clear views of the night sky. [...] A study published earlier this year found that stars are disappearing from the sky at an average rate of 10% per year. This trend affects even the world's most remote observatories. Germany-based startup StealthTransit recently tested a solution to this growing issue. "Unfortunately, this problem haunts almost all observatories today," Vlad Pashkovsky, StealthTransit's founder and CEO, told Space.com in an email. "Modern telescopes are highly sensitive and feel the impact of outdoor lighting of cities located at the distance of 50 or even 200 kilometers [30 to 120 miles]. This means that virtually every observatory on Earth either already needs, or will need in the future 10 years, protection from the light of large cities." StealthTransit's solution relies on three components: A simple device that makes LED lights flicker at a very high frequency that is imperceptible to the human eye, a GPS receiver, and a specially designed shutter on the telescope's camera that can blink in sync with the LED lights. The GPS technology guides the telescope's shutter to open only during the fleeting moments when the LED lights are switched off. The experiments, conducted at an observatory in the Caucasus Mountains in Russia, showed that the technology, dubbed the DarkSkyProtector, could reduce unwanted sky glow in astronomical images by 94%. "We can say that the telescope was seeing almost a dark sky at this time," Pashkovsky said. "The important thing about our technology is that it makes all kinds of lights astronomy-friendly, including outdoor advertising and indoor lighting in apartments, offices and stores." The technology could filter out lights from nearby towns and villages as well as those surrounding the observatory itself. It might sound impractical to refit an entire town with devices that allow lamps to blink, but Pashkovsky said that most existing LED lights can operate in the blinking mode and that new lamps designed specifically with sky protection in mind would be no costlier than existing LED technology. The most expensive element of the DarkSkyProtector system is the telescope shutter, which needs to be lightweight and agile enough to blink about 150 times per second. StealthTransit tested the prototype shutter on a 24-inch-wide (60 centimeters) telescope and hopes to make the technology available for larger telescopes. Although StealthTransit's technology is not yet ready for commercial use, Pashkovsky said, the firm hopes to have a product fit for the world's best telescopes in five to seven years.Read more of this story at Slashdot.

Jessica Lyons Hardcastle reports via The Register: Japanese electronics giant Casio said miscreants broke into its ClassPad server and stole a database with personal information belonging to customers in 149 countries. ClassPad is Casio's education web app, and in a Wednesday statement on its website, the firm said an intruder breached a ClassPad server and swiped hundreds of thousands of "items" belonging to individuals and organizations around the globe. As of October 18, the crooks accessed 91,921 items belonging to Japanese customers, including individuals and 1,108 educational institution customers, as well as 35,049 items belonging to customers from 148 other countries. If Casio finds additional customers were compromised, it promises to update this count. The data included customers' names, email addresses, country of residence, purchasing info including order details, payment method and license code, and service usage info including log data and nicknames. Casio noted that it doesn't not retain customers' credit card information, so presumably people's banking info wasn't compromised in the hack. An employee discovered the incident on October 11 while attempting to work in the corporate dev environment and spotted the database failure. "At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management," the official notice said. "Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access." The intruder didn't access the ClassPad.net app, according to Casio, so that is still available for use.Read more of this story at Slashdot.

An anonymous reader quotes a report from VICE News: Canada will legalize medically assisted dying for people who are addicted to drugs next spring, in a move some drug users and activists are calling "eugenics." The country's medical assistance in dying (MAID) law, which first came into effect in 2016, will be expanded next March to give access to people whose sole medical condition is mental illness, which can include substance use disorders. Before the changes take place, however, a special parliamentary committee on MAID will regroup to scrutinize the rollout of the new regulations, according to the Toronto Star. Currently, people are eligible for MAID if they have a "grievous and irremediable medical condition", such as a serious illness or disability, that has put them in an advanced state of irreversible decline and caused enduring physical or psychological suffering -- excluding mental illness. Anyone who receives MAID must also go through two assessments from independent health care providers, among meeting other criteria. [...] As Canada prepares to legalize MAID for people with mental disorders, each province will have to develop its own protocol for how to assess people. Dr. Simon Colgan, lead physician for the Community Allied Mobile Palliative Partnership which provides palliative care to homeless people, said MAID requests "must be understood within the context of a person's lived experience and this takes time and relationship." He said any MAID protocols for people with substance use disorders should be made with the input of people with lived experiences. "I don't think it's fair, and the government doesn't think it's fair, to exclude people from eligibility because their medical disorder or their suffering is related to a mental illness," said Dr. David Martell, physician lead for Addictions Medicine at Nova Scotia Health. "As a subset of that, it's not fair to exclude people from eligibility purely because their mental disorder might either partly or in full be a substance use disorder. It has to do with treating people equally." On the flip side, some drug users and harm reduction advocates say they're upset drug users are being given access to MAID, as they feel other public health measures are lacking. "I just think that MAID when it has entered the area around mental health and substance use is really rooted in eugenics. And there are people who are really struggling around substance use and people do not actually get the kind of support and help they need," said Zoe Dodd, a Toronto-based harm reduction advocate. Karen Ward, a drug user activist in Vancouver, said she considers the expansion of MAID to include people with substance use disorders a "statement in federal law that some people aren't really human." "The government has made death accessible while a better life remains impossible," she said. "Homes for all, guaranteed dignified incomes, access to healthcare, education and employment: these aren't radical demands."Read more of this story at Slashdot.

theodp writes: In July, Seattle-based and tech-backed nonprofit Code.org announced its 10th policy recommendation for all states "to require all students to take computer science (CS) to earn a high school diploma." In August, Washington State Senator Lisa Wellman phoned-in her plans to introduce a bill to make computer science a Washington high school graduation requirement to the state's Board of Education, indicating that the ChatGPT-sparked AI craze and Code.org had helped convince her of the need. Wellman, a former teacher who worked as a Programmer/System Analyst in the 80's before becoming an Apple VP (Publishing) in the '90s, also indicated that exposure to CS given to students in fifth grade could be sufficient to satisfy a HS CS requirement. In 2019, Wellman sponsored Microsoft-supported SB 5088 (Bill details), which required all Washington state public high schools to offer a CS class. Wellman also sponsored SB 5299 in 2021, which allows high school students to take a computer science elective in place of a third year math or science course (that may be required for college admission) to count towards graduation requirements. And in October, Code.org CEO Hadi Partovi appeared before the Washington State Board of Education, driving home points Senator Wellman made in August with a deck containing slides calling for Washington to "require that all students take computer science to earn a high school diploma" and to "require computer science within all teacher certifications." Like Wellman, Partovi suggested the CS high school requirement might be satisfied by middle school work (he alternatively suggested one year of foreign language could be dropped to accommodate a HS CS course). Partovi noted that Washington contained some of the biggest promoters of K-12 CS in Microsoft Philanthropies' TEALS (TEALS founder Kevin Wang is a member of the Washington State Board of Education) and Code.org, as well some of the biggest funders of K-12 CS in Amazon and Microsoft -- both which are $3,000,000+ Platinum Supporters of Code.org and have top execs on Code.org's Board of Directors.Read more of this story at Slashdot.

Slash_Account_Dot shares a report from 404 Media: Hackers are targeting accounts on Kodex, a platform that connects law enforcement agencies and tech companies and which is designed to verify emergency requests for customer data, according to multiple online conversations between hackers viewed by 404 Media. Screenshots from one of the compromised accounts shows a panel where a law enforcement officer, or a hacker, can potentially 'create a new request.' The screenshots show a wide range of companies such as tech giants Meta and Microsoft's LinkedIn; cryptocurrency exchanges Binance and Coinbase; social media platforms Pinterest, Discord, and Snapchat; financial service Fidelity, and gaming platform Roblox. The compromised account appears to belong to a national police force, but the screenshots do not include the agency's full name. There is no evidence that hackers have successfully used compromised Kodex accounts to obtain data from a tech company, and Matt Donahue, the former FBI agent and now CEO of Kodex, said that multiple compromised accounts 404 Media found did not have authorization to make such requests, and that Kodex had shut down those accounts. But the repeated examples of criminal chatter show that Kodex is a target of interest for hackers.Read more of this story at Slashdot.

Ty Roush reports via Forbes: Convoy, a Seattle-based digital freight booker with investors that include billionaires Bill Gates and Jeff Bezos, announced Thursday it would be shutting down, according to Bloomberg, after the company failed to find a buyer amid a "massive freight recession." Convoy's founder and chief executive Dan Lewis notified employees in an internal memo Thursday that "today is your last day at the company," noting the company is "exploring and evaluating strategic options for what might come next," Bloomberg reported. Lewis said the company had evaluated potential suitors to acquire it, though "none of the options ultimately materialized into anything sufficient to keep the company going in its then current form." Convoy was in "the middle of a massive freight recession and a contraction in the capital markets," according to Lewis, who added "this combination ultimately crushed our progress" and likely swayed potential suitors away from acquiring the firm. "Following an exhaustive process, spanning many, many months during which we explored all viable strategic options for the business, the result is where we are today," Lewis wrote. Convoy was founded in 2015 in an effort to prevent trucks from driving "empty miles" without loads. The idea was to use technology to make freight more efficient by connecting truck drivers with freight companies -- reducing shippers' costs, increasing carriers' earnings, and eliminating carbon emissions in the process.Read more of this story at Slashdot.

Jailed WikiLeaks founder Julian Assange will become an honorary citizen of Rome by early next year following a vote this week by its local assembly, the city's former mayor Virginia Raggi said on Thursday. Reuters reports: Assange, 52, has been in London's high-security Belmarsh prison since 2019 and is wanted in the United States over the release of confidential U.S. military records and diplomatic cables in 2010. His supporters see his prosecution as a politically motivated assault on journalism and free speech. Washington says the release of secret documents put lives in danger. The motion to make him a citizen of the Eternal City was spearheaded by Raggi, from the left-leaning Five Star Movement, and won cross-party support. "Assange is a symbol of free speech which is essential for any genuine democracy," Raggi, who ran Rome's city hall between 2016 and 2021, told Reuters. "He has been deprived of his own liberty for years, in awful conditions, for doing his job as a journalist," she said. The motion was approved on Tuesday, kick-starting a process that Raggi said she hoped could be completed by Christmas but may take slightly longer. Other Italian cities have taken similar steps. The northern city of Reggio Emilia granted Assange citizenship last month, while Naples is set to follow shortly. Further reading: Australian MPs To Lobby US To Drop Julian Assange Prosecution or Risk 'Very Dangerous' Precedent for Russia and ChinaRead more of this story at Slashdot.

Chinese multinational Zotac has announced a mini-PC built around two solid-state active cooling chips called the AirJet Pro and AirJet Mini. They're designed by a company called Frore Systems. New Atlas reports: The AirJet tech is described as a self-contained active heat sink featuring membranes inside that vibrate at ultrasonic frequency, generating "a powerful flow of air" that's pushed through vents at the top of the unit. These "high-velocity pulsating jets" remove heat from the processor and push it out through an integrated spout. Back at Computex 2023 in May, Zotac's new Zbox mini-PC was announced as the first recipient of Frore's cooling technology, in the shape of two near-silent AirJet Minis. Now The Zbox PI430AJ has launched to "select regions." Zotac reckons that the active cooling modules can only be heard if the user places an ear against the Zbox's housing. The processor of choice for this "world's first" device is an Intel Core i3-N300 octacore chip that can clock up to 3.8 GHz. This features integrated UHD graphics, and is supported by 8 GB of LPDDR5 RAM. The Windows flavor comes with 512 GB of SSD storage, while users who opt for the barebones version will need to install their own. The 114.8 x 76 x 23.8-mm (4.52 x 2.99 x 0.95-in) mini-PC sports two USB 3.2 Type-A ports plus one USB-C, HDMI and DisplayPort, Ethernet LAN and a combo headphone/microphone jack. Bluetooth 5.2 and Wi-Fi 6 are cooked in for wireless needs.Read more of this story at Slashdot.

An anonymous reader quotes a report from Politico: The Consumer Financial Protection Bureau on Thursday released a landmark proposal restricting how financial institutions handle consumer data. [...] The proposed rule -- which faces months of feedback and lobbying from industry and consumer groups before it's approved -- would bar financial firms from "hoarding" a consumer's data, the agency said. It would require companies to share information, at a customer's request, with other businesses offering competing products and prevent them from charging for it. Banks would be required to make personal financial data available to consumers free of charge, and companies that access a person's data would not be able to use it for targeted advertising. Access to a person's data would have to be reauthorized annually, and consumers would have the right to revoke access at any time. The proposal, which implements Section 1033 of the 2010 Dodd-Frank law, also "seeks to move the market away from risky data collection practices" such as screen scraping, the CFPB said. "It is often really daunting for a consumer to switch banks, in part because it's difficult to take their financial transaction history data to a new bank," White House National Economic Council Director Lael Brainard said on a call with reporters. "Today's rule will help ensure financial companies compete based on service quality and pricing."Read more of this story at Slashdot.

An anonymous reader shares a report: In 2015, researchers reported a surprising discovery that stoked industry-wide security concerns -- an attack called RowHammer that could corrupt, modify, or steal sensitive data when a simple user-level application repeatedly accessed certain regions of DDR memory chips. In the coming years, memory chipmakers scrambled to develop defenses that prevented the attack, mainly by limiting the number of times programs could open and close the targeted chip regions in a given time. Recently, researchers devised a new method for creating the same types of RowHammer-induced bitflips even on a newer generation of chips, known as DDR4, that have the RowHammer mitigations built into them. Known as RowPress, the new attack works not by "hammering" carefully selected regions repeatedly, but instead by leaving them open for longer periods than normal. Bitflips refer to the phenomenon of bits represented as ones change to zeros and vice versa. Further amplifying the vulnerability of DDR4 chips to read-disturbance attacks -- the generic term for inducing bitflips through abnormal accesses to memory chips -- RowPress bitflips can be enhanced by combining them with RowHammer accesses. Curiously, raising the temperature of the chip also intensifies the effect. "We demonstrate a proof of concept RowPress program that can cause bitflips in a real system that already employs protections against RowHammer," Onur Mutlu, a professor at ETH Zurich and a co-author of a recently published paper titled RowPress: Amplifying Read Disturbance in Modern DRAM Chips [PDF], wrote in an email. "Note that this is not in itself an attack. It simply shows that bitflips are possible and plenty, which can easily form the basis of an attack. As many prior works in security have shown, once you can induce a bitflip, you can use that bitflip for various attacks."Read more of this story at Slashdot.

Discord is overhauling the way it moderates its platform with a new warning system and teen safety assist feature. From a report: The new Discord warning system has been totally revamped to be far more transparent, educating Discord users how they've broken rules and are restricted from parts of the service rather than permanently banning them. "The new system gives users more room to learn from their mistakes and correct misjudgments," explains Savannah Badalich, Discord's senior director of policy, in a briefing with The Verge. "We're moving away from permanent bans to one-year temporary bans for many violations, except for violations that are extremely harmful." In the coming weeks, Discord will start to limit features for rule breakers, instead of banning them outright. If a Discord user violates the rules, then they'll be met with a DM from Discord letting them know about the warning or violation and what action Discord is taking. So, if a Discord user uploads an image that breaks the rules, they might temporarily take away the ability to post images.Read more of this story at Slashdot.

The FCC has unanimously approved plans by several tech companies to use the 6GHz band for wireless devices. From a report: FCC Chair Jessica Rosenworcel proposed the new rules, which would authorize very low power (VLP) operations -- meaning their signals won't be able to go very far -- in about 850MHz of the spectrum, on September 27th. The rules will also allow devices to "use higher power levels" so long as they're geofenced to keep from interfering with actual licensed 6GHz usage, and the FCC will be taking comments on other ways it can expand 6GHz spectrum usage by technology devices. A September Bloomberg report pointed to some of the kinds of devices the FCC's affirmative vote could open up, including in-car connections, mobile virtual or augmented reality devices, and more. The FCC originally opened up 1,200MHz of the 6GHz spectrum for unlicensed use by Wi-Fi routers and client devices (think smartphones or laptops), giving home networks far more wireless overhead than existing Wi-Fi standards already had. This new approval expands the spectrum for much more general use.Read more of this story at Slashdot.

New York Attorney General Letitia James is suing three cryptocurrency companies -- Gemini, Genesis, and Digital Currency Group (DCG) -- over claims they misled investors, leading to the loss of over $1 billion. From a report: In a lawsuit filed on Thursday, James says their alleged fraudulent schemes affected over 230,000 investors. The lawsuit targets Gemini, the crypto exchange owned by Cameron and Tyler Winklevoss, and its Earn program. The firm marketed Gemini Earn as a high-yield program that involved customers investing with Genesis Global Capital, which is owned by DCG. However, James alleges that Gemini knew investing with Genesis was risky and misled customers as a result.Read more of this story at Slashdot.

Google has been caught hosting a malicious ad so convincing that there's a decent chance it has managed to trick some of the more security-savvy users who encountered it. From a report: Looking at the ad, which masquerades as a pitch for the open source password manager Keepass, there's no way to know that it's fake. It's on Google, after all, which claims to vet the ads it carries. Making the ruse all the more convincing, clicking on it leads to Aeepass[.]info, which, when viewed in an address bar, appears to be the genuine Keepass site. A closer look at the link, however, shows that the site is not the genuine one. In fact, Aeepass[.]info -- at least when it appears in the address bar -- is just an encoded way of denoting xn--eepass-vbb[.]info, which, it turns out, is pushing a malware family tracked as FakeBat. Combining the ad on Google with a website with an almost identical URL creates a near-perfect storm of deception. "Users are first deceived via the Google ad that looks entirely legitimate and then again via a lookalike domain," Jerome Segura, head of threat intelligence at security provider Malwarebytes, wrote in a post on Wednesday that revealed the scam. Information from Google's Ad Transparency Center shows that the ads have been running since Saturday and last appeared on Wednesday. The ads were paid for by an outfit called Digital Eagle, which the transparency page says is an advertiser whose identity has been verified by Google.Read more of this story at Slashdot.

Netflix said its effort to limit password sharing led to a 10.8% rise in subscriptions in the third quarter, a better-than-expected result that comes as the company plans to increase some prices in the U.S. and other markets. From a report: The streaming giant added 8.8 million subscribers in the third quarter with customer growth in every region, its largest quarterly customer gain since the second quarter of 2020. The company plans to immediately raise prices for its basic plan in the U.S., which is no longer available to new customers, to $11.99 from $9.99 and up the cost of its premium plan to $22.99 from $19.99. It is also increasing some prices in the U.K. and France, though the cost of its ad-supported and standard ad-free plans are unchanged. The price increases are a sign of streamers' efforts to improve profitability and wean consumers off the low monthly subscription fees that drew users away from pricey cable bundles in the early days of streaming.Read more of this story at Slashdot.

Universal Music has filed a copyright infringement lawsuit against artificial intelligence start-up Anthropic, as the world's largest music group battles against chatbots that churn out its artists' lyrics. From a report: Universal and two other music companies allege that Anthropic scrapes their songs without permission and uses them to generate "identical or nearly identical copies of those lyrics" via Claude, its rival to ChatGPT. When Claude is asked for lyrics to the song "I Will Survive" by Gloria Gaynor, for example, it responds with "a nearly word-for-word copy of those lyrics," Universal, Concord, and ABKCO said in a filing with a US court in Nashville, Tennessee. "This copyrighted material is not free for the taking simply because it can be found on the Internet," the music companies said, while claiming that Anthropic had "never even attempted" to license their copyrighted work. The lawsuit comes as the music industry is grappling with the rise of AI technology that can produce "deepfake" songs that mimic the voices, lyrics, or sound of established musicians. The issue drew attention earlier this year after an AI-produced song that mimicked the voices of Drake and The Weeknd spread online.Read more of this story at Slashdot.

The U.S. FCC voted Thursday to advance a proposal to reinstate landmark net neutrality rules and assume new regulatory oversight of broadband internet that was rescinded under former President Donald Trump. From a report: In a 3-2 party-line vote, the FCC approved Chairwoman Jessica Rosenworcel's Notice of Proposed Rulemaking (NPRM), which seeks public comment on the broadband regulation plan. The comment period will officially open after the proposal is published in the Federal Register, but the docket is already active and can be found here. The proposal would reclassify broadband as a telecommunications service, a designation that allows the FCC to regulate ISPs under the common-carrier provisions in Title II of the Communications Act. The plan is essentially the same as what the FCC did in 2015 when it used Title II to prohibit fixed and mobile Internet providers from blocking or throttling traffic or giving priority to Web services in exchange for payment. The Obama-era net neutrality rules were eliminated during Trump's presidency when then-Chairman Ajit Pai led a repeal that reclassified broadband as an information service, returning it to the less strict regulatory regime of Title I. The current FCC likely would have acted much sooner but there was a 2-2 deadlock until last month when the Senate confirmed Biden nominee Anna Gomez to fill the empty spot. After the comment period, the FCC is likely to finalize the rulemaking and put the 2015 rules back in place. The broadband industry will likely then sue the FCC in an attempt to nullify the rulemaking.Read more of this story at Slashdot.

In its antitrust confrontation with the government, the pillar of Google's defense has been that innovation -- not restrictive contracts, backed by billions in payments to industry partners -- explains its success as the giant of internet search. From a report: Its competitive advantage, it says, is brilliant people, working tirelessly to improve its products. Pandu Nayak, Google's first witness in the antitrust trial that began last month, is the face of that defense. Mr. Nayak, a vice president of search, was raised in India and graduated at the top of his class at one of that nation's elite technical schools. He came to America, earned his Ph.D. in computer science at Stanford University and then spent seven years as a research scientist on artificial intelligence projects at NASA's Ames Research Center in Silicon Valley. Nineteen years ago, Mr. Nayak joined Google and found a particularly welcoming workplace, filled with professional friends. "At the end of the day, Google is a technology company -- it really values the skills that I have," Mr. Nayak said in his testimony on Wednesday. The computer scientist's testimony is an attempt to rebut a central argument in the case filed by the Justice Department and 38 states and territories. Their suit claims that scale is essential to competition in search. That is, the more data from user queries a search engine collects, the more it learns to improve its service, which attracts still more users, advertisers and ad revenue. That flywheel, the suit says, is fueled by ever-increasing volumes of user data.Read more of this story at Slashdot.

Finnish telecoms giant Nokia is to axe between 9,000 and 14,000 jobs by the end of 2026 to cut costs. From a report: The announcement was made as the company reported a 20% drop in sales between July and September. The company blamed slowing demand for 5G equipment in markets such as North America. It currently has 86,000 employees around the world, and has axed thousands of jobs since 2015. Nokia wants to cut costs by between $845m and $1.27bn by 2026, it said. Its customers have been cutting spending amid high inflation and interest rates, it said. Advances in cloud computing and AI will need "significant investments in networks that have vastly improved capabilities," said chief executive Pekka Lundmark. "However, given the uncertain timing of the market recovery, we are now taking decisive action," he said. It said it wanted to "act quickly" by cutting costs by $422m in 2024, and $317m in 2025.Read more of this story at Slashdot.

Google plans to begin assembling its Pixel smartphone lineup in India, a company executive said, becoming the latest tech giant to bet on the South Asian market for devices manufacturing. From a report: The company intends to start the local manufacturing with the current lineup -- both the Pixel 8 and Pixel 8 Pro -- in India and expects to ship the India-made batch starting next year, Rick Osterloh, Senior VP of Devices and Services at Google, shared at the company's annual India event Thursday. India is a key overseas market for Google, which identifies the world's most populous nation as its largest for many of its services including Android, Google Search, YouTube by user count. Thursday's announcement follows Google, which has committed to invest over $10 billion in country over the the next few years, recently partnering with HP to manufacture Chromebook laptops in India.Read more of this story at Slashdot.

AMD's powerhouse Threadripper chips are back for desktop PCs. Despite declaring the end of consumer Threadripper chips last generation, AMD announced three new Ryzen Threadripper 7000-series chips on Thursday, with up to 64 cores and 128 threads -- and the option of installing a "Pro"-class Threadripper 700 WX series for a massive 96 cores and 192 threads, too. PCWorld: Take a deep breath, though. The underlying message is the same as when AMD released the Threadripper 3970X back in 2019: these chips are for those who live and breathe video editing and content creation, and are optimized for such. Nevertheless, they almost certainly represent the most powerful CPU you can buy on a desktop, for whatever purpose. The key differences between the older workstation-class Threadripper 5000 series and these new 7000-class processors are simple: AMD has brought forward its Zen 4 architecture into Threadripper alongside a higher core count, faster boost frequencies, and a generational leap ahead to PCI Express 5.0. Consumers will need new motherboards, though, as the new "TRX50" consumer Threadripper platform uses the new AMD TRX50 HEDT (high-end desktop) chipset and sTR5 socket. And did we mention they consume (gulp) 350W of power? In some ways, though, the new Threadripper 7980X, 7970X, and 7960X consumer Threadripper offerings are familiar. They stick with AMD's tried-and-true 64-core configuration, the same as the Threadripper 5000 series, moving down to 24 cores. The 12- and 16-core configurations have been trimmed off from the prior generation.Read more of this story at Slashdot.