Slashdot

Ars Technica reports on a dangerously "wormable" Windows vulnerability that allowed attackers to execute malicious code with no authentication required — a vulnerability that was present "in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability."Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes. At the time, however, Microsoft researchers believed the vulnerability allowed only the disclosure of potentially sensitive information. As such, Microsoft gave the vulnerability a designation of "important." In the routine course of analyzing vulnerabilities after they're patched, IBM security researcher Valentina Palmiotti discovered it allowed for remote code execution in much the way EternalBlue did [the flaw used to detonate WannaCry]. Last week, Microsoft revised the designation to critical and gave it a severity rating of 8.1, the same given to EternalBlue.... One potentially mitigating factor is that a patch for CVE-2022-37958 has been available for three months. EternalBlue, by contrast, was initially exploited by the NSA as a zero-day. The NSA's highly weaponized exploit was then released into the wild by a mysterious group calling itself Shadow Brokers. The leak, one of the worst in the history of the NSA, gave hackers around the world access to a potent nation-state-grade exploit. Palmiotti said there's reason for optimism but also for risk: "While EternalBlue was an 0-Day, luckily this is an N-Day with a 3 month patching lead time," said Palmiotti. There's still some risk, Palmiotti tells Ars Technica. "As we've seen with other major vulnerabilities over the years, such as MS17-010 which was exploited with EternalBlue, some organizations have been slow deploying patches for several months or lack an accurate inventory of systems exposed to the internet and miss patching systems altogether." Thanks to Slashdot reader joshuark for sharing the article.Read more of this story at Slashdot.

Meanwhile, over in the Microsoft ecosystem, CNET reports:You can ditch the subscription (with recurring charges) and snag a lifetime license of access to Microsoft's Word, Excel, PowerPoint, Outlook, Teams, OneNote, Publisher and Access for just $30... That's back at the lowest price we've ever seen, and a whopping 91% off the usual price of $349. However, this deal expires in just a few days, so be sure to get your order in soon.The offer, from StackSocial, applies to both the Windows and Mac version of the software. Now, you can always opt to use the free online version of Microsoft Office (which has far fewer features). But compared to the online Microsoft 365 subscription suite that costs $10 per month or $100 per year, this downloadable version is a phenomenal bargain. The Mac deal ends today, but the Windows deal extends through December 28th, according to CNET's article. "The two big caveats: You get a single key — which only works on a single computer — and there's no Microsoft OneDrive Cloud Storage included."Read more of this story at Slashdot.

Friday America's Federal Trade Commission issued an announcement on what it called "illegal business tactics that Mastercard has been using to force merchants to route debit card payments through its payment network," saying the FTC is now requiring Mastercard "to stop blocking the use of competing debit payment networks."The popularity of debit cards has been growing especially quickly for purchases consumers make using their personal devices equipped with ewallet applications such as Apple Pay, Google Pay, and Samsung Wallet. Payment card networks play a critical role in those debit card transactions.... Payment card networks compete for the business of banks that issue cards and for the business of merchants that accept card payments. Mastercard, along with Visa, is one of the two leading payment card networks in the United States. The processing fees charged by networks total billions of dollars every year, affecting every purchase made with a debit card, according to the FTC. Most of these fees are paid by the merchants to the card-issuing banks and the payment card networks.... Mastercard was flouting the law by setting policies to block merchants from routing ecommerce transactions using Mastercard-branded debit cards saved in ewallets to alternative payment card networks, including networks that may charge lower fees than Mastercard, the FTC alleged. Specifically, Mastercard used its control over a process called "tokenization" to block the use of competing payment card networks, the agency alleged. Transactions commonly are "tokenized" by replacing the cardholder's primary account number with a different number to protect the account number during some stages of a debit transaction. Tokens are stored in ewallets such as Apple Pay, Google Pay, and Samsung Wallet and serve as a substitute credential to provide additional protection for a cardholder's account number.... According to the FTC, Mastercard refuses to provide conversion services to competing networks for remote ewallet debit transactions...thereby making it impossible for merchants to route their ewallet transactions on a network other than Mastercard.Read more of this story at Slashdot.

Justin Garrison works at Amazon Web Services on the Kubernetes team (and was senior systems engineer on several animated films). This week he spotted a new milestone for Linux in the 2022 StackOverflow developer survey:[Among the developers surveyed] Linux as a primary operating system had been steadily climbing for the past 5 years. 2018 through 2021 saw steady growth with 23.2%, 25.6%, 26.6%, 25.3%, and finally in 2022 the usage was 40.23%. Linux usage was more than macOS in 2021, but only by a small margin. 2022 it is now 9% more than macOS. Their final stats for "professional use" operating system:Windows: 48.82%Linux-based: 39.89%MacOs: 32.97%But Garrison's blog post notes that that doesn't include the million-plus people all the Linux-based cloud development environments (like GitHub Workspaces) — not to mention the 15% of WSL users on Windows and all the users of Docker (which uses a Linux VM). "It's safe to say more people use Linux as part of their development workflow than any other operating system."Read more of this story at Slashdot.

Like a visit from an old friend, it's Donald Knuth's annual Christmas tree lecture for 2022. "Because of the pandemic, it's been three years since Knuth has been able to honor this tradition," notes The New Stack:2022 marks the 60th anniversary of that fateful day in 1962 when a 24-year-old Donald Knuth started writing " The Art of Computer Programming." Now approaching his 85th birthday, Knuth has become almost a legend in the world of computer programming — and he's still writing additional volumes for his massive analysis of algorithms. But every year, right around Christmas time, there's another tradition. Knuth gives a special lecture "pitched at non-specialists" for a small audience at Stanford University (where Knuth is a professor emeritus) and a larger audience online... Hunched over a notepad (which was projected onto a screen behind him), Knuth began the 26th annual Christmas lecture by pointing out that the evening's topic had been hiding in plain sight for two decades. For the first 20 years, they'd called them the "Christmas tree" lectures, since "trees are one of the most important things to a computer scientist. And every year I learned at least two new cool things about trees..." About five years ago they'd changed the name to just "Christmas lectures" — but the problem wasn't that trees stopped being interesting. "I still learn cool things about trees every year. But they're getting harder and harder to explain to a general audience!" So this year's triumphant "homecoming" lecture would indeed include trees — specifically a phenomenon Knuth describes as "twintrees," along with Baxter permutations, and Floorplans. Knuth noted they're all topics touched on in the latest volume of The Art of Computer Programming, before jokingly reminding the audience that his book makes an excellent Christmas present. By the end of the lecture, Knuth had written algorithms for all three mathematical concepts — then connected all three algorithms with Linux pipes to show what happens when you convert one kind of sequence into the other and then into the other. "I get back, of course, the one I started with!"Read more of this story at Slashdot.

CNN shares the historic close-up snowflake photos of Wilson Bentley, the first person to capture the details of the individual "snow crystal" ice that makes up snowflakes. It was 1885, just 69 years after the invention of the camera, and after years of trial and error, "He went on to photograph more than 5,000 of these "ice flowers" during his lifetime — never finding any duplicates — and the images still mesmerize to this day."Every snow crystal shares a common six-sided or six-pointed structure — it's how frozen water molecules arrange themselves — but they will always vary from one another because each falls from the sky in its own unique way and experiences slightly different atmospheric conditions on its travel down to earth. Some of their arms may look long and skinny. Others may appear short and flat or somewhere in between. The possibilities are endless and fascinating.... "He had the mind of a scientist and the soul of a poet, and you can see that in his writings," said Sue Richardson, Bentley's great-grandniece who is vice president of the board for the Jericho Historical Society. "He wrote many, many articles over the years for scientific publications and for other magazines like Harper's Bazaar and National Geographic. "He also kept very detailed weather records and very detailed journals of every photograph that he took of a snow crystal — the temperature, the humidity, what part of the storm it came from. He kept very detailed information, and then these weather records that he kept and the theories that he developed about how snow crystals formed in the atmosphere, those were proven true...." It wasn't easy, however, to get those snow crystals on camera. It took almost three years, Richardson said, for Bentley to figure out how to successfully photograph one — which he did just a month shy of his 20th birthday. The first obstacle was figuring out how to attach the microscope to the camera. And then there was the challenge of getting each crystal photographed before it could melt away. "He worked in an unheated woodshed at the back of the house. He had to," Richardson said. "And the microscope slides, everything, had to be an ambient temperature or they'd melt" the crystal.... A children's book about him won the Caldecott Medal in 1999. Bentley never had formal education, according to his grandniece (who grew up hearing stories about this famous ancestor). One says that when Wilson Bentley was given an old microscope at age 15, "The first time he looked at a snow crystal under it, he was hooked. Just the beauty, the intricate detail. He was totally hooked."Read more of this story at Slashdot.

®Yahoo co-founder Jerry Yang (through his AME Cloud Ventures) contributed to $6 million in seed funding in November for startup Caden, which plans to pay users to share their personal data -- including what they buy or watch on mobile apps. The Wall Street Journal reports:The startup, Caden Inc., operates an app by the same name that helps users download their data from apps and servicesâ"whether thatâ(TM)s Amazon.com Inc. or Airbnb Inc. â"into a personal âoevault.â Users who consent to share that data for advertising purposes can earn a cut of the revenue that the app generates from it. They also can access personal analytics based on that data.... Caden, which has been testing with a limited group of users, plans to begin a public beta test of 10,000 users early next year.... One option in the public beta test will anonymize and pool the data before sharing it with outside parties in exchange for $5 to $20 a month, according to Caden founder and Chief Executive John Roa. The amount of compensation will be determined by a âoedata scoreâ reflecting factors such as whether consumers answer demographic survey questions and which apps and servicesâ(TM) data consumers are sharing. Consumers will eventually be given the option to share more specific information for more tailored advertising. A marketer could then form audience segments and tailor their ad targeting and messaging to those groups. For instance, a user could consent to sharing his ride-share history so advertisers could create segments of people who ride a certain amount. That would eventually pay consumers up to $50 a month, Caden said. A third option would let advertisers take a direct action based on the data that Caden understands about a specific user. If a consumer were part of a department storeâ(TM)s loyalty program, for example, the store might reward her for sharing her individual Amazon shopping history and use it to provide more personalized offers.ÂThat could generate thousands of dollars a year for participating users, the company said. ÂCaden also hopes that the data it can aggregate will be compelling for consumers. Users could search for restaurants theyâ(TM)ve eaten at in a certain city, for instance, or how much they spent in certain categories across different apps, executives said. âoeItâ(TM)s like Spotify Wrapped for your whole life,â said Amarachi Miller, Cadenâ(TM)s head of product, referring to the streaming music serviceâ(TM)s year-end distillation of each userâ(TM)s listening.... Caden said it will initially sell only anonymized and aggregated data that doesnâ(TM)t tie back to individuals. As it starts to let brands do more personal promotions for users, it said it will let users see which brands and partners itâ(TM)s working with, and will let users control which brands can access their information. The digital ad industry has been seeking new marketing-guiding data, the article points out, especially since Apple began require apps to ask for permission before tracking users. Thanks to Slashdot reader guest reader for sharing the article.Read more of this story at Slashdot.

Neal Stephenson coined the phrase "metaverse" in his 1992 book Snow Crash. 30 years later, Stephenson is part of a blockchain startup "optimized for the Open Metaverse" called Lamina1. This week they announced their "first-of-its-kind fund" for investing in early stage Layer 1 blockchain projects ("largely focused" on the Open Metaverse).. The goal is "to provide broad economic access to global accredited investors looking to support the next era of the internet," according to the announcement — and to also provide Web3 builders "a vehicle for raising capital for their Open Metaverse ventures." The fund will be led by Lamina1's co-founder Peter Vessenes (who, among other things, was the first Chairman of the Bitcoin foundation), "offering investors a chance to join him at the forefront of the emerging Open Metaverse economy..." "Investors and builders can both apply to participate immediately."The fund launch will be closely followed by the much-anticipated launch of Lamina1's testnet.... The L1EF fund works by allowing accredited investors to access and co-invest in companies and entrepreneurs through quarterly subscriptions. Investments will be largely focused on the technology and experiences users can access in the Open Metaverse, ranging from immersive computing to open AI at scale. To support the rapid advancement and expansion of the Open Metaverse, L1EF is simultaneously focused on investing in builders and creators who will foster the quality tech and infrastructure necessary to support the protocol, and create immersive experiences that bring Lamina1's vision of an Open Metaverse to life. Some of these early stage projects include layer 2 protocols, DeFi, GameFi, marketplaces, bridges, and many more. "We're thrilled to introduce L1EF to serve both creators and investors who are actively promoting the development of an Open Metaverse," said Rebecca Barkin, President of Lamina1. "Peter has a deep understanding and demonstrated success of growing economies around a chain, and his approach to grant builders early access to capital — right as we're preparing to place testnet in their hands — is in perfect alignment with our mission to build the open infrastructure that brings together the most powerful creative community on the planet...." In addition to capital, projects that are part of L1EF will receive early access and support for Lamina1 developer tooling through the forthcoming Lamina1 Early Access Program. "The team has a front row seat to all happening in the ecosystem," Vessenes said this week, "and essentially gets a 'first look' at what many of the most compelling creators and storytellers of our time are doing, building, making, and producing around the world. "We want to share that front row seat with as many people as possible." In 2004 Neal Stephenson answered questions from Slashdot's readers.Read more of this story at Slashdot.

The North American Aerospace Defense Command is a US/Canada organization protecting the air sovereignty of the two nations. But every year on December 24th, they also tell you where Santa is. From NORADSanta.org:The modern tradition of tracking Santa began in 1955 when a young child accidentally dialed the unlisted phone number of the Continental Air Defense Command Operations Center upon seeing an newspaper advertisement telling kids to call Santa. The Director of Operations, Colonel Harry Shoup, answered the phone and instructed his staff to check the radar for indications of Santa making his way south from the North Pole.... Each year since, NORAD has dutifully reported Santa's location on Dec. 24 to millions of children and families across the globe. NORAD receives calls from around the world on Dec. 24 asking for Santa's location. Children, families and fans also keep track of Santa's location on the NORAD Tracks Santa® website and our social media platforms. The page lists the NORAD technologies involved in tracking Santa — including 47 radar installations and geo-synchronous satellites with infrared heat sensors. ("Rudolph's nose gives off an infrared signature similar to a missile launch...") And this year NORAD also produced a special video highlighting the various military fleets protecting Santa. ("He may know when you're sleeping, he may know when you're awake... " it tells viewers. "But for 67 years now, when he takes flight, we'll know.") More from NORADSanta.org:Canadian NORAD fighter pilots, flying the CF-18, take off out of Newfoundland and welcome Santa to North America. Then at numerous locations in Canada other CF-18 fighter pilots escort Santa. While in the United States, American NORAD fighter pilots in either the F-15s, F16s or F-22s get the thrill of flying with Santa and the famous Reindeer... Q: How can Santa travel the world within 24 hours? A: NORAD intelligence reports indicate that Santa does not experience time the way we do. His trip seems to take 24 hours to us, but to Santa it might last days, weeks or even months. Santa would not want to rush the important job of delivering presents to children and spreading joy to everyone, so the only logical conclusion is that Santa somehow functions within his own time-space continuum.... How does Santa get down chimneys? Although NORAD has different hypotheses and theories as to how Santa actually gets down the chimneys, we don't have definitive information to explain the magical phenomenon. Do your planes ever intercept Santa? Over the past 65 years, our fighter jets (F-16s, F-15s, F-22s and CF-18s) have intercepted Santa many, many times. When the jets intercept Santa, they tip their wings to say, "Hello Santa! NORAD is tracking you again this year!" Santa always waves. He loves to see the pilots...! How many people support this effort, and are they active duty military personnel? More than 1,250 Canadian and American uniformed personnel and DOD civilians volunteer their time on December 24th to answer the thousands of phone calls and emails that flood in from around the world. In addition to the support provided by our corporate contributors to make this program possible, NORAD has two lead project officers who manage the program. How much money is spent on this project? The NORAD Tracks Santa program is made possible by volunteers and through the generous support of corporate licensees who bear virtually all of the costs. Corporate contributors include Microsoft (with separate contributions from Microsoft's search engine Bing and from Microsoft Azure), AWS (and Amazon's Alexa), Verizon, and HP. NORADSanta.org also boasts extra features like an "arcade" of online games, a jukebox of Christmas tunes, and a library of online books about Santa. And the site even provides some technical data on the weight of Santa's sleigh — although the unit of measurement used is gumdrops.Read more of this story at Slashdot.

ByteDance confirmed it used TikTok to monitor three journalists' physical location using their IP addresses, reports Forbes, "to unearth the source of leaks inside the company following a drumbeat of stories exposing the company's ongoing links to China."As a result of the investigation into the surveillance tactics, ByteDance fired Chris Lepitak, its chief internal auditor who led the team responsible for them. The China-based executive Song Ye, who Lepitak reported to and who reports directly to ByteDance CEO Rubo Liang, resigned.... "It is standard practice for companies to have an internal audit group authorized to investigate code of conduct violations," TikTok General Counsel Erich Andersen wrote in a second internal email shared with Forbes. "However, in this case individuals misused their authority to obtain access to TikTok user data...." "This new development reinforces serious concerns that the social media platform has permitted TikTok engineers and executives in the People's Republic of China to repeatedly access private data of U.S. users despite repeated claims to lawmakers and users that this data was protected," Senator Mark Warner told Forbes.... ByteDance is not the first tech giant to use an app to monitor specific users. In 2017, the New York Times reported that Uber had identified various local politicians and regulators and served them a separate, misleading version of the Uber app to avoid regulatory penalties.... Both Uber and Facebook also reportedly tracked the location of journalists reporting on their apps. Ironically, TikTok's journalist-tracking project involved the company's Chief Security and Privacy Office, according to Forbes, and targeted three Forbes journalists who had formerly worked at BuzzFeed News. It was back in October that Forbes first reported ByteDance had discussed tracking journallists. ByteDance had immediately denied the charges on Twitter, saying "TikTok has never been used to 'target' any members of the U.S. government, activists, public figures or journalists," and that "TikTok could not monitor U.S. users in the way the article suggested." Forbes also notes that in 2021, TikTok became the most visited website in the world. Thanks to long-time Slashdot reader newbie_fantod for submitting the story!Read more of this story at Slashdot.

Reason.com notes NASA's successful completion of its Artemis I mission, calling it "part of NASA's ambitious program to bring American astronauts back to the moon for the first time in half a century. And then on to Mars." But then they ask if the project is worth the money, with the transportation policy director at the libertarian "Reason Foundation" think tank, Robert W. Poole, arguing instead that NASA "isn't particularly interested in cost savings, and its decision making is overly driven by politics."NASA would have been better off replacing the costly and dated Space Launch System used in the Artemis program. But it didn't. This probably has a lot to do with the fact that it was largely constructed and engineered in Alabama, the home state of Senate Appropriations Committee Chair Richard Shelby, who has a history of strong-arming NASA to preserve jobs for his constituents. Long-time Slashdot reader SonicSpike shared the article, which ultimately asks whether it'd be faster and cheaper to just rely on private companies:In 2009, the private sector saw one of its biggest champions ascend to become the number two person at NASA. Lori Garver pushed to scrap the Constellation program as a way to entice the private sector to fill in the gaps. She also spearheaded the Commercial Crew Program, which continues to employ commercial contractors to ferry astronauts to the International Space Station. Today, companies like Elon Musk's SpaceX are launching rockets at a faster pace and for a fraction of what NASA spends. In 2022, the company successfully launched 61 rockets, each with a price tag between $100 million and 150 million. Private companies already design and lease NASA much of its hardware. Poole says there's no reason NASA can't take it a step further and just use the SpaceX starship to cover the entire journey from Earth to the moon and eventually to Mars. "If the current NASA plan goes ahead to have the SpaceX Starship actually deliver the astronauts from the lunar outpost orbit to the surface of the moon and bring them back, that would be an even more dramatic refutation of the idea that only NASA should be doing space transportation," he says. Poole says that instead of flying its own missions, NASA should play a more limited and supportive role. "The future NASA role that makes the most sense is research and development to advance science," he says. But for a contrary opinion, Slashdot reader youn counters that "You can bash NASA all you want but a big reason the private sector is where it is at is because it funded research 12 years ago." They share a CNET article noting the $6 billion NASA budgeted over five years "to kick-start development of a new commercial manned spaceflight capability." And Slashdot reader sg_oneill argues that "Its gonna be a century before we're really colonizing the moon and/or Mars... because we have a lot of science to do first. How do you do a civilization with zero energy inputs from the rest of humanity? How do we deal with radiation? How do bodies work in low G? (Mars is about 1/3 the gravbity of earth). This needs science, and to get science we need NASA, even if private enterprise is building the rockets."Read more of this story at Slashdot.

For the last thirteen years the Free Software Foundation has published its Ethical Tech Giving Guide. But what's interesting is this year's guide also tags companies and products with negative recommendations to "stay away from."Stay away from: iPhones It's not just Siri that's creepy: all Apple devices contain software that's hostile to users. Although they claim to be concerned about user privacy, they don't hesitate to put their users under surveillance. Apple prevents you from installing third-party free software on your own phone, and they use this control to censor apps that compete with or subvert Apple's profits. Apple has a history of exploiting their absolute control over their users to silence political activists and help governments spy on millions of users. Stay away from: M1 MacBook and MacBook Pro macOS is proprietary software that restricts its users' freedoms. In November 2020, macOS was caught alerting Apple each time a user opens an app. Even though Apple is making changes to the service, it just goes to show how bad they try to be until there is an outcry. Comes crawling with spyware that rats you out to advertisers. Stay away from: Amazon Amazon is one of the most notorious DRM offenders. They use this Orwellian control over their devices and services to spy on users and keep them trapped in their walled garden. Be aware that Amazon isn't the peddler of ebook DRM. Disturbingly, it's enthusiastically supported by most of the big publishing houses. Read more about the dangers of DRM through our Defective by Design campaign. Stay away from: Spotify, Apple Music, and all other major streaming servicesIn addition to streaming music encumbered by DRM, people who want to use Spotify are required to install additional proprietary software. Even Spotify's client for GNU/Linux relies on proprietary software. Apple Music is no better, and places heavy restrictions on the music streamed through the platform. Stay away from: Netflix Netflix is continuing its disturbing trend of making onerous DRM the norm for streaming media. That's why they were a target for last year's International Day Against DRM (IDAD). They're also leveraging their place in the Motion Picture Association of America (MPAA) to advocate for tighter restrictions on users, and drove the effort to embed DRM into the fabric of the Web. "In your gift giving this year, put freedom first," their guide begins. And for a freedom-respecting last-minute gift idea, they suggest giving the gift of a FSF membership (which comes with a code and a printable page "so that you can present your gift as a physical object, if you like.") The membership is valid for one year, and includes the many benefits that come with an FSF associate membership, including a USB member card, email forwarding, access to our Jitsi Meet videoconferencing server and member forum, discounts in the FSF shop and on ThinkPenguin hardware, and more. If you are in the United States, your gift would also be fully tax-deductible in the USA.Read more of this story at Slashdot.

While "this proposal will only be implemented if approved by the Fedora Engineering Steering Committee," Phoronix reports:Red Hat and Fedora engineers are plotting a path to supporting Unified Kernel Images (UKI) with Fedora Linux and for the Fedora 38 release in the spring they are aiming to get their initial enablement in place. Unified Kernel Images have been championed by the systemd folks for better securing and trusting Linux distributions. Unified kernel images are a combination of the kernel image, initrd, and UEFI stub program all distributed as one.... The initial phase would focus on shipping a UKI as an optional sub-RPM that users can opt into initially, updating kernel install scripts so unified kernels are installed and properly updated, and bootloader support for unified kernel images. Adding systemd-boot support to the installers, better measurement and remote attestation support, and switching Fedora Cloud images to using unified kernels are among the additional goals but of lower priority. Fedora's wiki includes a detailed description of the change proposal:The goal is to move away from initrd images being generated on the installed machine. They are generated while building the kernel package instead, then shipped as part of a unified kernel image. A unified kernel image is an all-in-one efi binary containing kernel, initrd, cmdline and signature.... Main motivation for this move is to make the distro more robust and more secure.Read more of this story at Slashdot.

Meta, Microsoft and Apple, and Google all want carbon-free power. But Google "says its goals for carbon-free power are impeded by state-regulated utilities," reports the New York Times, especially those in America's Southeastern states which aren't facing a competitive market.Google's battle in the region, where it has a major concentration of data centers, raises a question that applies to the energy transition everywhere: Is what's good for a few companies good for all? At the heart of their campaign, Google and its tech giant allies want to dismantle a decades-old regulatory system in the Southeast that allows a handful of utilities to generate and sell the region's electricity — and replace it with a market in which many companies can compete to do so. Such markets exist in some form in much of the country, but the Southeastern utilities are staunchly defending the status quo. Senior utility executives contend that their system better insulates consumers from spikes in prices of commodities like natural gas, promotes reliability and supports the long-term investments needed to develop clean-power technologies.... Most electricity in the United States was long generated and distributed by heavily regulated monopoly utilities in each state. But just before the start of this century, lawmakers and regulators, arguing that competition would bring efficiencies, made it possible to set up power markets and end the dominance of the utilities — a revolution that bypassed the Southeast. Google and others contend that the markets have brought cost savings, innovation and the capital needed to increase clean power generation from wind and solar. The most recent move toward a form of power market, in a group of Western states, has saved nearly $3 billion since 2014, according to the market operator. Self-interest also plays a role: In power markets, large companies can strike deals with independent producers that give them more leeway to bargain on price and secure more clean energy. Google entered a landmark deal last year to provide clean power to its data centers in Virginia, which is in a sprawling market called PJM.... The big utilities in the Southeast are now building more solar projects, but those pushing for a market in the region say it's not enough. In the region, the proposed solar projects' generating capacity is equivalent to just over a fourth of total capacity, which is far below the 80 percent for PJM, according to an analysis by Tyler Norris, a senior executive at Cypress Creek Renewables, a solar company, and a special adviser in the Energy Department during the Obama administration. "Project developers are attracted to open wholesale electricity markets with price transparency, independent oversight and the ability to trade with multiple potential customers," Mr. Norris said.Read more of this story at Slashdot.

A Valero gas station sells approximately 5,000 gallons of gas a day, one employee estimates. But local police arrested six men who, in a series of robberies, tricked the pumps out of 30,000 gallons of gasoline, reports the Mercury News, "a haul authorities estimated was worth at least $180,000."Upon further inspection of surveillance video, authorities said, police saw one of the suspects activate a gas-pump computer, allowing another suspect to pump fuel into his vehicle.... An employee from the Valero station, who declined to give their name, called the process the gas thieves used "nearly untraceable." "You must have a deep understanding of how the pump system works," the person said. "There is a time frame anywhere from 75 seconds to two minutes for the authorization to go through the network [after sliding a credit card into a gas pump]. In this (time period), there's an opportunity to manipulate the pump ... You're able to manipulate the pump and confuse the programming to an extent that the pump starts dispensing gas...." In a Facebook post, authorities said the three suspects had been "conspiring together in a sophisticated operation to thwart security devices and pump electronics to steal large amounts of gasoline from the business...." Authorities say $20,000 of damage was done to gas pumps. Thanks to Slashdot reader k6mfw for submitting the story.Read more of this story at Slashdot.

For three years Stockholm-based games studio Embark has been working on the Rust-gpu project to make Rust "a first class language and ecosystem for GPU programming." The project's latest announcement? rust-gpu now supports ray-tracing. Their original announcement explained the rationale for this years-long dvelopment effort:Historically in games GPU programming has been done through writing either HLSL, or to a lesser extent GLSL. These are simple programming languages that have evolved along with rendering APIs over the years. However, as game engines have evolved, these languages have failed to provide mechanisms for dealing with large codebases, and have generally stayed behind the curve compared to other programming languages. In part this is because it's a niche language for a niche market, and in part this has been because the industry as a whole has sunk quite a lot of time and effort into the status quo. While over-all better alternatives to both languages exist, none of them are in a place to replace HLSL or GLSL. Either because they are vendor locked, or because they don't support the traditional graphics pipeline. Examples of this include CUDA and OpenCL. And while attempts have been made to create language in this space, none of them have gained any notable traction in the gamedev community. Our hope with this project is that we push the industry forward by bringing an existing, low-level, safe, and high performance language to the GPU; namely Rust. And with it come some additional benefits that can't be overlooked: a package/module system that's one of the industry's best, built in safety against race-conditions or out of bounds memory access, a wide range of tools and utilities to improve programmer workflows, and many others! Along with ray-tracing, this week they announced plans to keep rust-gpu on the same schedule as the stable Rust release, "so you can use your favorite new language features as new stable versions of Rust are being released, by just updating your rust-gpu version." Thanks to Slashdot reader guest reader for sharing the news!Read more of this story at Slashdot.

The nonprofit Linux Foundation not only pays the salary of Linus Torvalds and Greg Kroah-Hartman. It also runs the AgStack Foundation, which seeks more efficient agriculture through "free, re-usable, open and specialized digital infrastructure for data and applications." And this week that Foundation announced a new open source code base for creating and maintaining a global dataset that's a kind of registry for the boundaries of agricultural fields to enable field-level analytics like carbon tracking, food traceability, and crop production.AgStack's Asset Registry dataset, the first of its kind in the world, is built and continuously updated using data from satellites and actual field registrations that contain information on boundaries, not ownership, which will then train machine learning models to ascertain more boundaries. Precise knowledge of field boundaries can help farmers, agricultural companies, and the public sector to monitor and manage crop production, study management practices (crop rotations, cover cropping, tillage, irrigation), determinants of productivity, pest and disease spread, and species diversity. By sharing reusable agricultural data, new insights can also be gleaned for global food security research and innovation. Crop field boundaries are the fundamental unit of addressing such datasets.... By leveraging computer science and artificial intelligence, members will create, curate, and maintain global field boundaries as an open source digital public good available for anyone to use. The project has the potential to unlock the next revolution of digital agri-services in public and private sectors, especially for smallholder farmers.... "We think that a public field boundary dataset can help turbocharge a lot of smart people and businesses focused on improving agriculture and food security around the world," said Professor David Lobell at The Center on Food Security and the Environment at Stanford University, who hosted the original research as the Gloria and Richard Kushel Director of the Center on Food Security and the Environment at Stanford University and the Benjamin Page Professor of Earth System Science. "We're excited to help bring this dataset to life." All code will be contributed under an open source license and will be governed by the AgStack community within the Linux Foundation, using open source and permissively licensed tools and processes. It's using code funded in part by the NASA Harvest Consortium.Read more of this story at Slashdot.

Long-time Slashdot reader theodp writes: In recognition of the innovation and unique nature of 1-Click, the U.S. Patent Office awarded Patent No. 5960411 to Amazon.com for 1-Click on September 28, 1999," boasted an Oct. 1999 Amazon press release. "First made available to Amazon.com customers in September 1997, 1-Click combines with Gift-Click and Wish List to make Amazon.com the most convenient, easiest-to-use shopping destination this holiday season." The following day, Amazon weaponized its new patent, filing a lawsuit on Oct. 20th saying defendant and competitor Barnes and Noble had illegally copied Amazon's patented 1-Click ordering technology. "We're pleased that Judge Pechman recognized the innovation underlying our 1-Click feature," said Amazon CEO and 1-Click co-inventor Jeff Bezos in a Dec. 1999 Amazon press release celebrating a preliminary injunction that barred barnesandnoble.com from using its 'copycat version of 1-Click technology' while the lawsuit was pending (Amazon and B&N settled in 2002). "The patent system is designed to encourage innovation on behalf of customers," Amazon had written in its 1999 press release, arguing that in 1997 its 1-Click technology "was a significant step forward for online shoppers that required thousands of hours of effort." It's been noted that B&N first threw down the litigation gauntlet, slapping Amazon with a lawsuit over its marketing claim as "World's Largest Bookstore" just days before Amazon's IPO in May 1997. USPTO continuity records show a 'child' patent of the original Method and System for Placing a Purchase Order Via a Communications Network patent finally expired due to non-payment of maintenance fees on 10/10/2022, more than 25 years after Amazon applied for its 1-Click patent on 9/22/1997.Read more of this story at Slashdot.

An anonymous reader shares a report: This holiday season at the Garden City Hotel on Long Island, Merle Ayers is feeling especially grateful for the Whiz. At two feet tall and 66 pounds, the powerful robot vacuum doesn't mind working late into the night after the parties are over. The Whiz doesn't care that it's the holidays. It doesn't even need a day off. "It just needs to be cared for. We have to change the vacuum bags periodically and keep the batteries charged," says Ayers, the hotel's director of banquets. Amid ongoing staffing shortages, the two robot vacuums the hotel purchased late last year for about $30,000 each are proving their worth many times over, filling gaps in both the catering department and housekeeping. "If we vacuum every floor with a robot, that saves one whole shift," says Garden City Hotel managing director Grady Colin. "That's one whole person per day that can be redeployed to do something else." These days, he'll take all the help he can get. Travelers have returned from the pandemic, but hotel workers have not, creating unprecedented staffing challenges for the hospitality industry. According to the Labor Department, there are 350,000 fewer people working in hotels today than there were in February 2020, before the pandemic. It's not for lack of trying. Hotels have raised hourly wages by 25% since early 2020, and employers are offering greater flexibility in scheduling. Still, workers are nowhere to be seen. "I've been in the hotel business for a long time," says Colin. "I've never seen anything like this."Read more of this story at Slashdot.

Under the bipartisan spending bill that passed both chambers of Congress as of Friday, TikTok will be banned from government devices, underscoring the growing concern about the popular video-sharing app owned by China's ByteDance. From a report: The bill, which still has to be signed into law by President Joe Biden, also calls on e-commerce platforms to do more vetting to help deter counterfeit goods from being sold online, and forces companies pursuing large mergers to pay more to file with federal antitrust agencies. Congress failed to pass many of the most aggressive bills targeting tech, including antitrust legislation that would require app stores developed by Apple and Google to give developers more payment options, and a measure mandating new guardrails to protect kids online. And though Congress made more headway this year than in the past toward a compromise bill on national privacy standards, there remains only a patchwork of state laws determining how consumer data is protected. Center-left tech industry group Chamber of Progress cheered the exclusion of several antitrust bills that would have targeted its backers, which include Apple, Amazon, Google and Meta.Read more of this story at Slashdot.

An anonymous reader shares a report: The Food and Drug Administration (FDA) considers aging to be a natural process. This makes it difficult to get FDA approval for drugs that seek to slow or reverse the biological process of aging. Instead, drugs intended to target aging must target a disease that often results from the aging process in order to demonstrate efficacy and gain approval. But there is growing consensus and effort among scientists to convince the FDA that aging itself should be classified as a disease and an appropriate target for drug development. This could be a major milestone for not just industry, but society. If the FDA is swayed, the resulting regulatory shift could mean approval of drugs or treatments that slow or reverse the aging process generally, before a patient develops disease. Researchers who view aging as a medical condition aren't referring only to the inevitable passage of time. Instead, they view aging as a process of deterioration of our structure and function at the cellular level; the hallmark characteristics of which are genomic instability and damage to our DNA. And the World Health Organization (WHO) supports this view -- WHO describes the process of aging as "... the impact of the accumulation of a wide variety of molecular and cellular damage over time."Read more of this story at Slashdot.

Israeli researchers say they have developed gene-edited hens that lay eggs from which only female chicks hatch. From a report: The breakthrough could prevent the slaughter of billions of male chickens each year, which are culled because they don't lay eggs. The female chicks, and the eggs they lay when they mature, have no trace of the original genetic alteration Animal welfare group, Compassion in World Farming, has backed the research. Dr Yuval Cinnamon from the Volcani institute near Tel Aviv, who is the project's chief scientist, told BBC News that the development of what he calls the ''Golda hen'' will have a huge impact on animal welfare in the poultry industry. "I am very happy that we have developed a system that I think can truly revolutionise the industry, first of all for the benefit of the chickens but also for all of us, because this is an issue that affects every person on the planet," he said. The scientists have gene edited DNA into the Golda hens that can stop the development of any male embryos in eggs that they lay. The DNA is activated when the eggs are exposed to blue light for several hours. Female chick embryos are unaffected by the blue light and develop normally. The chicks have no additional genetic material inside them nor do the eggs they lay, according to Dr Cinnamon. "Farmers will get the same chicks they get today and consumers will get exactly the same eggs they get today," he said. "The only minor difference in the production process is that the eggs will be exposed to blue light."Read more of this story at Slashdot.

An anonymous reader shares a report: While AMD provided upstream open-source driver support for the Radeon RX 7900 series launch, the initial user experience can be less than desirable if running a new Radeon GPU but initially running an out-of-date kernel or lacking the necessary firmware support. With a new patch series posted AMD is looking to improve the experience by being able to more easily fallback to the firmware frame-buffer when their AMDGPU kernel graphics driver fails to properly load. With the new IP-based discovery "block by block" approach to how the open-source AMD Radeon Linux graphics driver is managing the hardware initialization with RDNA3 and moving forward, the AMDGPU driver will try to probe all Radeon GPUs even if it might not end up being fully supported. In turn that ends up destroying the system firmware frame-buffer. But right now in the case of booting an RDNA3 GPU with a slightly out of date kernel (pre-6.0) or lacking the necessary RDNA3 firmware for hardware initialization, it can mean the screen freezing or system appearing unresponsive.Read more of this story at Slashdot.

The founder of Chinese tech giant Tencent told employees many "corruption" issues had been discovered within the company and mismanagement was draining its vitality, Reuters reported Friday, citing employees familiar with the matter. From the report: In a rare show of frustration, Pony Ma said at a year-end meeting with staff on Dec. 15 that internal reviews this year had exposed unspecified corruption within Asia's biggest social media and gaming company, the sources said. He also lambasted senior managers after one of the toughest years for Tencent since its founding in 1998, with revenue battered by a regulatory crackdown and headwinds from measures to stop the spread of COVID-19. "Your projects can't even survive as a business -- they are living on life support, but still you just cheerily play ball on the weekend," Ma said during the call, according to one employee who heard the comments and another who was briefed on them.Read more of this story at Slashdot.

The Internal Revenue Service on Friday gave millions of Americans a one-year reprieve on new tax-reporting requirements, delaying implementation of a law that requires e-commerce platforms such as eBay, Etsy and Airbnb to give the tax agency information on users with more than $600 in revenue. From a report: The delay means the platforms won't have to send sellers and the IRS a blizzard of 1099-K tax forms early in 2023, and it gives opponents of the $600 threshold more time to push for a change in the law next year. "The additional time will help reduce confusion during the coming 2023 tax filing season and provide more time for taxpayers to prepare and understand the new reporting requirements," said Acting IRS Commissioner Doug O'Donnell. Congress passed the $600 threshold for Form 1099-K reports as part of the American Rescue Plan Act in March 2021, scheduling it to take effect for tax year 2022. Until the change, platforms had to report users' income to the IRS if they had more than 200 transactions and $20,000 of revenue. Lawmakers lowered the threshold to boost tax compliance in an area where it is often lacking -- unreported business income.Read more of this story at Slashdot.

The Biden administration has strengthened limits on smog-forming pollution from buses, delivery vans, tractor-trailers and other trucks, the first time in more than 20 years that tailpipe standards have been tightened for heavy-duty vehicles. From a report: The new rule from the Environmental Protection Agency is designed to cut nitrogen oxide from the vehicles by 48 percent by 2045. Nitrogen dioxide is a poisonous gas that has been linked to cardiovascular problems and respiratory ailments like asthma. The rule will require manufacturers to cut the pollutant from their vehicles starting with the model year 2027. But the new rule is not as stringent as one proposed by the E.P.A. in March, which would have cut the pollutant as much as 60 percent by 2045. And the agency stopped short of âârequiring that truck manufacturers also cut greenhouse gas emissions associated with burning diesel fuel or convert their fleets to electric models.Read more of this story at Slashdot.

Nearly 37 million people in China may have been infected with Covid-19 on a single day this week, according to estimates from the government's top health authority, making the country's outbreak by far the world's largest. From a report: As many as 248 million people, or nearly 18% of the population, likely contracted the virus in the first 20 days of December, according to minutes from an internal meeting of China's National Health Commission held on Wednesday, confirmed with people involved in the discussions. If accurate, the infection rate would dwarf the previous daily record of about 4 million, set in January 2022.Read more of this story at Slashdot.

North Korean hackers have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five years, more than half of it this year alone, South Korea's spy agency said Thursday. From a report: Experts and officials say North Korea has turned to crypto hacking and other illicit cyber activities as a source of badly needed foreign currency to support its fragile economy and fund its nuclear program following harsh U.N. sanctions and the COVID-19 pandemic. South Korea's main spy agency, the National Intelligence Service, said North Korea's capacity to steal digital assets is considered among the best in the world because of the country's focus on cybercrimes since U.N. economic sanctions were toughened in 2017 in response to its nuclear and missile tests. The U.N. sanctions imposed in 2016-17 ban key North Korean exports such as coal, textiles and seafood and also led member states to repatriate North Korean overseas workers. Its economy suffered further setbacks after it imposed some of the world's most draconian restrictions against the pandemic. The NIS said state-sponsored North Korean hackers are estimated to have stolen 1.5 trillion won ($1.2 billion) in virtual assets around the world since 2017, including about 800 billion won ($626 million) this year alone. It said more than 100 billion won ($78 million) of the total came from South Korea.Read more of this story at Slashdot.

U.S. lawmakers have left a proposal to make the federal judiciary's PACER online court records system free out of a sprawling, $1.66 trillion spending measure unveiled on Tuesday, a setback for advocates as the current Congress nears its end. From a report: Supporters of the Open Courts Act had been pushing to get the stalled, bipartisan legislation attached to the omnibus spending measure, which boosts overall spending on the judiciary by nearly 6% to $8.461 billion in fiscal year 2023. Currently, users of PACER, which stands for Public Access to Court Electronic Records, are charged $0.10 per page to download documents up to a $3 cap, which does not cover transcripts. The Open Courts Act would make electronic court records freely available and mandate the judiciary to develop a new website to access them. It had already advanced out of the Senate Judiciary Committee on a bipartisan vote in December 2021.Read more of this story at Slashdot.

Winter weather continues to disrupt holiday travel across the United States on Friday, leaving travelers facing delays and cancellations during one of the busiest times of the year. From a report: More than 3,500 Friday flights have already been canceled as of 10 a.m. ET, after nearly 2,700 cancellations on Thursday, according to flight tracking site FlightAware. Cancellations are highest at Seattle-Tacoma International Airport, New York's LaGuardia and in Chicago and Detroit, according to FlightAware data. The FAA noted early Friday it may have to halt or restrict traffic at airports in the Boston, New York, Philadelphia and Washington areas. Airports in Chicago and Denver saw the bulk of cancellations and delays on Thursday. Chicago O'Hare International Airport was logging average delays Thursday of almost three hours due to snow and ice. An arctic blast and a rapidly intensifying winter storm have come at an unfortunate time for travelers trying to join family and friends for the holidays. Airlines have issued winter weather waivers allowing passengers to rebook at no cost within a limited time period. Find links to the airline waivers and more air travel strategies here. The growing cancellations make it harder for passengers racing against the clock and weather to rebook and arrive in time for Christmas. Flights this year were already more crowded than they've been previously -- even before the storm disrupted travel schedules. "We hear about how travel volume is still down, five or ten percent, but what many folks might not have realized is that the number of flights in the sky is actually down more like 15 or 20 percent," Scott Keyes of Scott's Cheap Flights told CNN. "The planes that are actually flying are more full today than they were pre-pandemic. That's why there's not as many empty seats to switch onto if you do find your flight gets canceled or delayed," Keyes said. Further reading: Intensifying winter storm's icy cold and wind knocks out power to over a million customers.Read more of this story at Slashdot.

Hong Kong Free Press: A total of 53 VPN applications have become unavailable in Apple's Hong Kong App Store since Beijing imposed a national security law (NSL) on the city in June 2020, a report by AppleCensorship has revealed. The digital freedom watchdog urged the US tech giant to clearly state how it would respond if Hong Kong or Beijing requested that apps be taken down. In a report released on Thursday entitled "Apps at Risk: Apple's censorship and compromises in Hong Kong," AppleCensorship found that more apps were unavailable in Hong Kong's than in most of the 173 App Stores it monitored. According to AppleCensorship's latest statistics from last month, 2,370 or 16 per cent of the 14,782 apps it tested were unavailable in Hong Kong's App Store. The watchdog said only stores in Russia and China had more unavailable apps than their Hong Kong counterpart -- Russia had 2,754 and China had 10,837.Read more of this story at Slashdot.

Facebook owner Meta Platforms has agreed to pay $725 million to resolve a class-action lawsuit accusing the social media giant of allowing third parties, including Cambridge Analytica, to access users' personal information. From a report: The proposed settlement, which was disclosed in a court filing late on Thursday, would resolve a long-running lawsuit prompted by revelations in 2018 that Facebook had allowed the British political consulting firm Cambridge Analytica to access data of as many as 87 million users. Lawyers for the plaintiffs called the proposed settlement the largest to ever be achieved in a U.S. data privacy class action and the most that Meta has ever paid to resolve a class action lawsuit. "This historic settlement will provide meaningful relief to the class in this complex and novel privacy case," the lead lawyers for the plaintiffs, Derek Loeser and Lesley Weaver, said in a joint statement. Meta did not admit wrongdoing as part of the settlement, which is subject to the approval of a federal judge in San Francisco. The company said in a statement settling was "in the best interest of our community and shareholders." "Over the last three years we revamped our approach to privacy and implemented a comprehensive privacy program," Meta said.Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Microsoft was hit on Tuesday in U.S. court with a private consumer lawsuit claiming the technology company's $69 billion bid to purchase "Call of Duty" maker Activision Blizzard will unlawfully squelch competition in the video game industry. The complaint filed in federal court in California comes about two weeks after the U.S. Federal Trade Commission filed a case with an administrative law judge seeking to stop Microsoft, owner of the Xbox console, from completing the largest-ever acquisition in the video-gaming market. The private lawsuit also seeks an order blocking Microsoft from acquiring Activision. It was filed on behalf of 10 video game players in California, New Mexico and New Jersey. The proposed acquisition would give Microsoft "far-outsized market power in the video game industry," the complaint alleged, "with the ability to foreclose rivals, limit output, reduce consumer choice, raise prices, and further inhibit competition." A Microsoft representative on Tuesday defended the deal, saying in a statement that it "will expand competition and create more opportunities for gamers and game developers." After the FTC sued, Microsoft President Brad Smith said, "We have complete confidence in our case and welcome the opportunity to present our case in court."Read more of this story at Slashdot.

Zimbabwe has prohibited the export of raw lithium from its mines so it can cash in on value addition and stop losing billions of dollars in mineral proceeds to foreign companies. Quartz reports: The ministry of Mines and Mining Development on Dec. 20 published a circular under the Base Minerals Export Control Act that seeks to "ensure that the vision of the president to see the country becoming an upper-middle income economy has been realized." The government says it is losing $1.8 billion in mineral revenues due to smuggling and externalization to South Africa and the United Arab Emirates. Gold is the most smuggled mineral. With continued high international demand, Zimbabwe is projected to become one of the world's largest lithium exporters, with the government hoping to meet 20% of the world's total demand for lithium when it fully exploits its known lithium resources. Mineral exports account for about 60% (pdf) of Zimbabwe's export earnings while the mining sector contributes 16% to its GDP, according to a 2021 mining report by the London School of Economics. "No lithium-bearing ores, or unbeneficiated lithium whatsoever, shall be exported from Zimbabwe to another country except under the written permit of the minister," mining minister Winston Chitando says in the circular. However, according to deputy mining minister Polite Kambamura, mining companies that are building processing plants will be excluded from the directive. "If we continue exporting raw lithium we will go nowhere. We want to see lithium batteries being developed in the country," he said. "We have done this in good faith for the growth of industry."Read more of this story at Slashdot.

The Russian space agency is deciding whether it needs to send a rescue spacecraft to the International Space Station to bring home two cosmonauts and a NASA astronaut after the Soyuz capsule that brought them there suffered a massive coolant leak. The Washington Post reports: Working with their counterparts at NASA, officials at Roscosmos, the Russian space agency, are trying to determine if the vehicle is sound enough to bring the crew home, Sergei Krikalev, the executive director of Roscosmos's human spaceflight programs, said during a briefing Thursday. If not, the Russian agency would send up another Soyuz spacecraft that was to be used for another crewed mission to retrieve the crew. That spacecraft could be ready to fly up without any people on board sometime in February, a few weeks before the crew is set to return in March, officials said. The crew that would fly home on the rescue craft would include NASA astronaut Frank Rubio and a pair of cosmonauts, Sergey Prokopyev and Dmitri Petelin, who arrived at the station in September. Wayne Hale, a former NASA flight director and SpaceShuttle program manger, said he could recall of no other time when NASA or Roscosmos had been forced to consider sending up another spacecraft as a lifeboat to bring back a crew.Read more of this story at Slashdot.

An anonymous reader quotes a report from MIT News: What if the U.S. placed a tax on robots? The concept has been publicly discussed by policy analysts, scholars, and Bill Gates (who favors the notion). Because robots can replace jobs, the idea goes, a stiff tax on them would give firms incentive to help retain workers, while also compensating for a dropoff in payroll taxes when robots are used. Thus far, South Korea has reduced incentives for firms to deploy robots; European Union policymakers, on the other hand, considered a robot tax but did not enact it. Now a study by MIT economists scrutinizes the existing evidence and suggests the optimal policy in this situation would indeed include a tax on robots, but only a modest one. The same applies to taxes on foreign trade that would also reduce U.S. jobs, the research finds. "Our finding suggests that taxes on either robots or imported goods should be pretty small," says Arnaud Costinot, an MIT economist, and co-author of a published paper detailing the findings. "Although robots have an effect on income inequality ... they still lead to optimal taxes that are modest." Specifically, the study finds that a tax on robots should range from 1 percent to 3.7 percent of their value, while trade taxes would be from 0.03 percent to 0.11 percent, given current U.S. income taxes. "We came in to this not knowing what would happen," says Ivan Werning, an MIT economist and the other co-author of the study. "We had all the potential ingredients for this to be a big tax, so that by stopping technology or trade you would have less inequality, but ... for now, we find a tax in the one-digit range, and for trade, even smaller taxes." [...] Apart from its bottom-line tax numbers, the study contains some additional conclusions about technology and income trends. Perhaps counterintuitively, the research concludes that after many more robots are added to the economy, the impact that each additional robot has on wages may actually decline. At a future point, robot taxes could then be reduced even further. "You could have a situation where we deeply care about redistribution, we have more robots, we have more trade, but taxes are actually going down," Costinot says. If the economy is relatively saturated with robots, he adds, "That marginal robot you are getting in the economy matters less and less for inequality." The paper, "Robots, Trade, and Luddism: A Sufficient Statistic Approach to Optimal Technology Regulation," appears in advance online form in The Review of Economic Studies.Read more of this story at Slashdot.

b0s0z0ku writes: The European Union is proposing a law requiring easily replaceable batteries in new appliances and portable electronic devices. The law also sets targets for collection and recycling of those batteries, requiring 73% compliance by 2030. "Companies would get plenty of notice, however, as the requirement would only come into force 3.5 years after the legislation takes effect," adds 9to5Mac. "Companies will also be legally required to accept and recycle old batteries." Additionally, the European Commission is "expected to consider outlawing the use of non-rechargeable portable batteries," though this would likely come with many exceptions and wouldn't happen before the end of the decade. Further reading: EU Sets December 28, 2024, Deadline For All New Phones To Use USB-C for Wired ChargingRead more of this story at Slashdot.

LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. BleepingComputer reports: This follows a previous update issued last month when the company's CEO, Karim Toubba, only said that the threat actor gained access to "certain elements" of customer information. Today, Toubba added that the cloud storage service is used by LastPass to store archived backups of production data. The attacker gained access to Lastpass' cloud storage using "cloud storage access key and dual storage container decryption keys" stolen from its developer environment. "The threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service," Toubba said today. "The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data." Fortunately, the encrypted data is secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user's master password. According to Toubba, the master password is never known to LastPass, it is not stored on Lastpass' systems, and LastPass does not maintain it. Customers were also warned that the attackers might try to brute force their master passwords to gain access to the stolen encrypted vault data. However, this would be very difficult and time-consuming if you've been following password best practices recommended by LastPass. If you do, "it would take millions of years to guess your master password using generally-available password-cracking technology," Toubba added. "Your sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass' Zero Knowledge architecture."Read more of this story at Slashdot.

FTX sought a U.S. bankruptcy court's help amid a battle over ownership of about $450 million worth of stock in Robinhood Markets (HOOD), according to a filing (PDF) Thursday. CoinDesk reports: At issue are about 56 million shares of the brokerage owned by Emergent Fidelity Technologies Ltd., a corporate entity organized in Antigua and Barbuda and 90% controlled by former FTX CEO Sam Bankman-Fried, according to the filing. Three parties, the filing says, have tried to get control of those shares: BlockFi (a lender that FTX had helped prop up earlier this year), Yonathan Ben Shimon (an FTX creditor appointed as a receiver in Antigua and granted permission to sell the shares under supervision of a court there) and Bankman-Fried himself (who has legal bills). FTX's bankruptcy estate told ED&F Man Capital Markets, the brokerage where the shares are parked, to freeze the stock around the time the Chapter 11 case began on Nov. 11. FTX has determined that Emergent only "nominally" owns the shares and that they truly belong to FTX. "Emergent is a special-purpose holding company that appears to have no other business," the crypto exchange said in the filing. The judge overseeing the bankruptcy case should force the shares to remain frozen while FTX tries to figure out how to repay all its creditors, FTX argued in the filing.Read more of this story at Slashdot.

An anonymous reader quotes a report from Bloomberg: Micron Technology Inc., the largest US maker of memory chips, said the worst industry glut in more than a decade will make it difficult to return to profitability in 2023. The company on Wednesday announced a host of cost-cutting measures, including a 10% workforce reduction, aimed at helping it weather a rapid drop in revenue. Micron also projected a steep sales decline and a wider loss than analysts had estimated for the current quarter. The industry is experiencing its worst imbalance between supply and demand in 13 years, according to Micron Chief Executive Officer Sanjay Mehrotra. Inventory should peak in the current period, then decline, he said. Customers will move to more healthy inventory levels by about the middle of 2023, and the chipmaker's revenue will improve in the second half of the year, Mehrotra said. "Profitability will be challenged throughout 2023 because of the oversupply that exists in the industry," he said in an interview. "The rate and pace of the recovery in terms of profitability depends on how fast supply is brought into line." Micron, which had already announced factory output reductions, is cutting its budget for new plants and equipment, and now expects to spend from $7 billion to $7.5 billion for the fiscal year, a decline from an earlier target of as much as $12 billion. The company is slowing the introduction of more advanced manufacturing techniques and predicts that spending on new production will fall throughout the industry. [...] In addition to its planned workforce reductions, the company has suspended share repurchases, is cutting executive salaries and will skip companywide bonus payments, executives said on a conference call after its results were released. Micron said sales will be about $3.8 billion in the fiscal second quarter. That compares with analysts' average estimate of $3.88 billion, according to data compiled by Bloomberg. In the three months ended Dec. 1, Micron's revenue declined 47% to $4.09 billion.Read more of this story at Slashdot.

Former Alameda Research CEO Caroline Ellison and FTX co-founder Gary Wang pleaded guilty to charges tied to FTX's collapse, U.S. Attorney Damian Williams announced Wednesday night. CoinDesk reports: The U.S. Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) also announced (PDF) charges against the two, saying Ellison manipulated the price of FTT, an exchange token issued by FTX, at exchange founder Sam Bankman-Fried's direction. The duo are cooperating with investigators, Williams announced. The U.S. Attorney for the Southern District of New York (SDNY) did not specify what they were being charged with. In a statement, SEC Deputy Enforcement Director Sanjay Wadhwa said the three "were active participants in a scheme to conceal material information from FTX investors, including through the efforts of Mr. Bankman-Fried and Ms. Ellison to artificially prop up the value of FTT, which served as collateral for undisclosed loans that Alameda took out from FTX pursuant to its undisclosed, and virtually unlimited, line of credit." Highlighted in the complaint are multiple times when Bankman-Fried made public statements, and provided investors with documentation via audited financial statements, that Alameda received no preferential treatment from FTX. Ellison was a close confidant of Bankman-Fried's, and has been targeted by prosecutors for her role in manipulating FTX's exchange token FTT, which Alameda had used as collateral for investments. In early December Ellison, who is thought to reside in Hong Kong or Nassau, was spotted in Manhattan at a coffee shop leading many to suspect she was working with authorities. Shortly after, Ellison retained the law firm WilmerHale to represent herself. WilmerHale counts Stephanie Avakian, a former director of the SEC's Division of Enforcement, as one of its top attorneys. Further reading: FTX Founder Bankman-Fried To Be Released on a $250 Million Bond Package While He Awaits TrialRead more of this story at Slashdot.

The FBI is recommending the use of ad blockers, warning in an alert this week that cybercriminals are using online ads in search results to steal or extort money from victims. TechCrunch reports: In a pre-holiday public service announcement, the FBI said that cybercriminals are buying ads to impersonate legitimate brands, like cryptocurrency exchanges. Ads are often placed at the top of search results but with "minimum distinction" between the ads and the search results, the feds say, which can look identical to the brands that the cybercriminals are impersonating. Malicious ads are also used to trick victims into installing malware disguised as genuine apps, which can steal passwords and deploy file-encrypting ransomware. One of the FBI's recommendations for consumers is to install an ad blocker. As the name suggests, ad blockers are web browser extensions that broadly block online ads from loading in your browser, including in search results. By blocking ads, would-be victims are not shown any ads at all, making it easier to find and access the websites of legitimate brands. Ad blockers don't just remove the enormous bloat from websites, like auto-playing video and splashy ads that take up half the page, which make your computer fans run like jet engines. Ad blockers are also good for privacy, because they prevent the tracking code within ads from loading. That means the ad companies, like Google and Facebook, cannot track you as you browse the web, or learn which websites you visit, or infer what things you might be interested in based on your web history. "Of course, you can switch your ad blocker off any time you want, and even allow or deny ads for entire websites," adds the report. "Ads are still an important part of what keeps the internet largely free and accessible, including TechCrunch (and Slashdot!), even as subscriptions and paywalls are increasingly becoming the norm."Read more of this story at Slashdot.

An anonymous reader quotes a report from Gizmodo: DuckDuckGo, the internet's favorite private search engine, is rolling out a new feature across its service Wednesday called Google Sign-in Pop-up Protection, It's on by default, saving your eyes and your time from Google's nagging. You can still sign in with Google whenever you want, you just don't have to deal with Google's prompts. "They popups are invasive, annoying and they undermine user privacy," said Peter Dolanjski, director of product for DuckDuckGo. "Google is employing a dark pattern by pushing you to sign in when you might not have otherwise. When you do, Google is is tracking what you do on those websites and linking it to your identity." Google Sign In is nothing new, but the popups are a subtle but pervasive change to the web. You can find them on Booking.com, Pinterest, Reddit, Trulio, Zillo and countless more. "We believe google is pitching the popups to these websites as a win-win," Dolanjski said. "If they can get more users to sign in, it opens up more data collection both for Google and publishers, and it lets Google better target users with ads." That means more money for everyone involved, except you.Read more of this story at Slashdot.

slack_justyb writes: A rather exotic feature in Xorg and Xwayland is being proposed to have the default value turned off going forward in Fedora 38 due to its use in attacks (CVE-2014-8095, CVE-2014-8099, CVE-2014-8103. . . to name a few). The feature allows servers running on one endianess to byte-swap to allow clients of a different endianess to connect to it. This was more common in the 1980s when X servers ran on big-endian and clients would connect who were little-endian. The Xorg and Xwayland implementation of this feature has gone largely untested, the number of Fedora users that use it are virtually zero, and considering the number of attack vectors this has presented historically, setting the default to deny clients that require this seems the better way to do. This change will be to the xorg-x11-server and xorg-x11-server-Xwayland packages and those needing the feature turned back will need to add "AllowSwappedClients" "on" to their xorg.conf.d file in the "ServerFlags" section. Xwayland users will need to pass the +byteswappedclients flag, however, the compositor will need to be able to handle this flag which at this time GNOME does not.Read more of this story at Slashdot.

A small but growing number of universities are now blocking access to TikTok on school-owned devices or WiFi networks, in the latest sign of a widening crackdown on the popular short-form video app. From a report: The University of Oklahoma and Auburn University in Alabama have each said they will restrict student and faculty access to TikTok, in order to comply with recent moves from the governors in their respective states to ban TikTok on government-issued devices. The 26 universities and colleges in the University System of Georgia are also reportedly taking a similar step. "In compliance with the Governor's Executive Order 2022-33, effective immediately, no university employee or student shall access the TikTok application or website on University-owned or operated devices, including OU wired and wireless networks," the University of Oklahoma said in an email this week. According to the email, the school will also require that university-administered TikTok accounts be deleted and "alternate social media platforms utilized in their place." Further reading: TikTok steps up efforts to clinch U.S. security deal.Read more of this story at Slashdot.

A proposal to force cellphone companies to block certain spam texts is gaining momentum. From a report: California Attorney General Rob Bonta has expressed his support for a proposal by the Federal Communications Commission (FCC) to put an end to illegal and malicious texts.ÂBy doing so, he joined attorneys general from the other 49 states and Washington D.C., who had all previously expressed their support of the proposal. In a letter signed by all 51 attorneys general to the FCC, supporting them in their hopes to require cellular providers to block illegal text messages from invalid or unused numbers, as well as blocking any phone numbers found on a "do not originate" list, numbers which have previously been proved to have been used for fraudulent activity.Read more of this story at Slashdot.

A new wave of chat bots like ChatGPT use artificial intelligence that could reinvent or even replace the traditional internet search engine. From a report: Over the past three decades, a handful of products like Netscape's web browser, Google's search engine and Apple's iPhone have truly upended the tech industry and made what came before them look like lumbering dinosaurs. Three weeks ago, an experimental chat bot called ChatGPT made its case to be the industry's next big disrupter. [...] Although ChatGPT still has plenty of room for improvement, its release led Google's management to declare a "code red." For Google, this was akin to pulling the fire alarm. Some fear the company may be approaching a moment that the biggest Silicon Valley outfits dread -- the arrival of an enormous technological change that could upend the business. For more than 20 years, the Google search engine has served as the world's primary gateway to the internet. But with a new kind of chat bot technology poised to reinvent or even replace traditional search engines, Google could face the first serious threat to its main search business. One Google executive described the efforts as make or break for Google's future. ChatGPT was released by an aggressive research lab called OpenAI, and Google is among the many other companies, labs and researchers that have helped build this technology. But experts believe the tech giant could struggle to compete with the newer, smaller companies developing these chat bots, because of the many ways the technology could damage its business.Read more of this story at Slashdot.

Sam Bankman-Fried will be released on a $250 million bond package while he awaits trial on fraud charges related to the collapse of the FTX crypto exchange, a federal magistrate judge said on Thursday. From a report: Prosecutors have accused him of stealing billions of dollars in FTX customer funds to plug losses at his hedge fund, Alameda Research. Nicolas Roos, a prosecutor, told U.S. Magistrate Judge Gabriel Gorenstein that the bail package included home detention and location monitoring. Bankman-Fried will also have to surrender his passport. Bankman-Fried's defense counsel said he agreed with these conditions.Read more of this story at Slashdot.

Japan adopted a plan on Thursday to extend the lifespan of nuclear reactors, replace the old and even build new ones, a major shift in a country scarred by the Fukushima disaster that once planned to phase out atomic power. From a report: In the face of global fuel shortages, rising prices and pressure to reduce carbon emissions, Japan's leaders have begun to turn back toward nuclear energy, but the announcement was their clearest commitment yet after keeping mum on delicate topics like the possibility of building new reactors. Under the new policy, Japan will maximize the use of existing reactors by restarting as many of them as possible and prolonging the operating life of aging ones beyond a 60-year limit. The government also pledged to develop next-generation reactors. In 2011, a powerful earthquake and the ensuing tsunami caused multiple meltdowns at the Fukushima Daiichi plant -- a disaster that supercharged anti-nuclear sentiment in Japan and at one point led the government to promise to phase out the energy by around 2030. But since then, the government has recommitted to the technology, including setting a target for nuclear to make up 20-22% of the country's energy mix by the end of the decade.Read more of this story at Slashdot.

Google has announced that two of its latest privacy-enhancing technologies (PETs), including one that blurs objects in a video, will be provided to anyone for free via open source. From a report: The new tools are part of Google's Protected Computing initiative designed to transform "how, when and where data is processed to technically ensure its privacy and safety," the company said. The first is an internal project called Magritte, now out on Github, which uses machine learning to detect objects and apply a blur as soon as they appear on screen. It can disguise arbitrary objects like license plates, tattoos and more. The other with the unwieldy name "Fully Homomorphic Encryption (FHE) Transpiler, allows developers to perform computations on encrypted data without being able to access personally identifiable information. Google says it can help industries like financial services, healthcare and government, "where a robust security guarantee around the processing of sensitive data is of highest importance." Google notes that PETs are starting to enter the mainstream after being mostly an academic exercise. The White House recently touted the technology, saying "it will allow researchers, physicians, and others permitted access to gain insights from sensitive data without ever having access to the data itself."Read more of this story at Slashdot.