Slashdot

America's Transportation Security Administration "has been quietly testing controversial facial recognition technology for passenger screening at 16 major domestic airports — from Washington to Los Angeles," reports the Washington Post. Their article adds that the agency "hopes to expand it across the United States as soon as next year."Kiosks with cameras are doing a job that used to be completed by humans: checking the photos on travelers' IDs to make sure they're not impostors.... You step up to the travel document checker kiosk and stick your ID into a machine. Then you look into a camera for up to five seconds and the machine compares your live photo to the one it sees on your ID. They call this a "one to one" verification system, comparing one face to one ID. Even though the software is judging if you're an impostor, there's still a human agent there to make the final call (at least for now). So how accurate is it? The TSA says it's been better at verifying IDs than the manual process. "This technology is definitely a security enhancement," said [TSA program manager Jason] Lim. "We are so far very satisfied with the performance of the machine's ability to conduct facial recognition accurately...." But the TSA hasn't actually released hard data about how often its system falsely identifies people, through incorrect positive or negative matches. Some of that might come to light next year when the TSA has to make its case to the Department of Homeland Security to convert airports all over the United States into facial recognition systems.... The TSA says it doesn't use facial recognition for law-enforcement purposes. It also says it minimizes holding on to our face data, so it isn't using the scans to build out a new national database of face IDs. "The scanning and match is made and immediately overwritten at the Travel Document Checker podium. We keep neither the live photo nor the photo of the ID," said Lim. But the TSA did acknowledge there are cases in which it holds on to the data for up to 24 months so its science and technology office can evaluate the system's effectiveness.... "None of this facial recognition technology is mandated," said Lim. "Those who do not feel comfortable will still have to present their ID — but they can tell the officer that they do not want their photo taken, and the officer will turn off the live camera." There are also supposed to be signs around informing you of your rights. Here's the TSA's web page about the program. Thanks to long-time Slashdot reader SonicSpike for sharing the article.Read more of this story at Slashdot.

"FTX Japan is looking to restart withdrawals," reports CoinDesk, "after a plan to return deposits was approved by its parent, the failed FTX exchange." "If the plan works out, the collapsed crypto exchange's users in Japan might be some of the first customers to get their money back...."In a notice posted on its website, FTX Japan said it was able to confirm with the company's bankruptcy lawyers in the U.S. that Japanese customers' funds "should not be part of FTX Japan's estate given how these assets are held and property interests under Japanese law." FTX Japan had been working on the plan to restart withdrawals for the last two weeks, and says it was approved by the FTX Trading management team.... "As part of the plan, we are incorporating controls, security audit, reconciliations and reviews to put in place a robust and secure process," the notice said. Meanwhile, America's Department of Justice "has requested that an independent examiner be appointed to review 'substantial and serious allegations of fraud, dishonesty' and 'incompetence'," reports CNBC: FTX's bankruptcy case demands an independent review, the Department of Justice said, because of allegations of fraud and dishonesty which could damage the entire crypto industry. Andrew Vara, the U.S. bankruptcy trustee for FTX's case, said Sam Bankman-Fried and his team mismanaged the company or potentially engaged in fraudulent conduct. The DOJ is seeking an independent examiner to investigate what happened... Former federal prosecutor Renato Mariotti told CNBC that the move "shows a level of interest and attention that they're paying to this that should be troubling to Mr. Bankman-Fried."Read more of this story at Slashdot.

"Childhood friends in Oman who figured out how to turn carbon dioxide into rock are among five winners chosen for the Prince of Wales's prestigious Earthshot Prize," reports the BBC:The annual awards were created by Prince William to fund projects that aim to save the planet. Each winner will receive £1m ($1.2m) to develop their innovation.... "I believe that the Earthshot solutions you have seen this evening prove we can overcome our planet's greatest challenges," Prince William said during the ceremony. "By supporting and scaling them we can change our future," he said. 1,500 projects were nominated, according to the event's web site. Here's the five winners: A Kenya-based company producing stoves powered by processed biomass (made from charcoal, wood and sugarcane) that "burns cleaner, creating 90% less pollution than an open fire," while cutting fuel costs in half.The Indian startup behind Greenhouse-in-a-box. "Plants in the greenhouse require 98% less water than those outdoors and yields are seven-times higher," explains the site, while the greenhouses themselves are 90% cheaper than a standard greenhouse, "more than doubling farmers' incomes [while] using less water and fewer pesticides."A Queensland-based program to expand the network of rangers using drones to monitor reefs and wildfires while sharing information and innovative ideas.London-based start-up Notpla, which created a plastic alternative made from seaweed and plants that's entirely biodegradable. (The seaweed used in its production also captures carbon twenty-times faster than trees.)The company 44.01 removes CO2 permanently by mineralising it in peridotite, accelerating the natural process by pumping carbonated water into peridotite underground. (Unlike carbon storage, "mineralizing" CO2 removes it forever, making the process safer, cost-effective, and scalable.)Five prizes will be awarded each year until 2030.Read more of this story at Slashdot.

CNN reports on the aftermath of last weekend's protests against the Chinese government:A protester told CNN they received a phone call Wednesday from a police officer, who revealed they were tracked because their cellphone signal was recorded in the vicinity of the protest site.... When they denied being there, the caller asked: "Then why did your cellphone number show up there?" In China, all mobile phone users are required by law to register their real name and national identification number with telecom providers. The protester was also told to report to a police station for questioning and to sign a written record.... In Shanghai, where some of the boldest protests took place with crowds calling for Xi's removal on two consecutive nights, police searched residents' cellphones in the streets and in the subway for VPNs that can be used to circumvent China's internet firewall, or apps such as Twitter and Telegram, which though banned in the country have been used by protesters. Police also confiscated the cellphones of protesters under arrest, according to two protesters who spoke to CNN. A protester who was arrested over the weekend said they were told to hand over their phone and password to the police as "evidence." They said they feared police would export the data on their phone after it was confiscated by officers, who told them they could pick it up a week later. Another protester said police returned their phone upon their release, but officers had deleted the photo album and removed the WeChat social media app. One protester told CNN they successfully avoided being contacted by the police as of Thursady afternoon. During the demonstration, they'd kept their phone in airplane mode.Read more of this story at Slashdot.

An anonymous reader quotes a report from BleepingComputer: A previously undocumented data wiper named CryWiper is masquerading as ransomware, but in reality, destroys data beyond recovery in attacks against Russian mayor's offices and courts. CryWiper was first discovered by Kaspersky this fall, where they say the malware was used in an attack against a Russian organization. [...] CryWiper is a 64-bit Windows executable named 'browserupdate.exe' written in C++, configured to abuse many WinAPI function calls. Upon execution, it creates scheduled tasks to run every five minutes on the compromised machine. Next, it contacts a command and control server (C2) with the name of the victim's machine. The C2 responds with either a "run" or "do not run" command, determining whether the wiper will activate or stay dormant. Kaspersky reports seeing execution delays of 4 days (345,600 seconds) in some cases, likely added in the code to help confuse the victim as to what caused the infection. CryWiper will stop critical processes related to MySQL, MS SQL database servers, MS Exchange email servers, and MS Active Directory web services to free locked data for destruction. Next, the malware deletes shadow copies on the compromised machine to prevent the easy restoration of the wiped files. CryWiper also modifies the Windows Registry to prevent RDP connections, likely to hinder intervention and incident response from remote IT specialists. Finally, the wiper will corrupt all enumerated files except for ".exe", ".dll", "lnk", ".sys", ".msi", and its own ".CRY", while also skipping System, Windows, and Boot directories to prevent rendering the computer completely unusable. After this step, CryWiper will generate ransom notes named 'README.txt,' asking for 0.5 Bitcoin (approximately $8,000) in exchange for a decrypter. Unfortunately, this is a false promise, as the corrupted data cannot be restored.Read more of this story at Slashdot.

Apple has decided to call the software that will run on its upcoming AR/VR headset "xrOS," an update from the original "RealityOS or "rOS" naming the company was planning on, according to Bloomberg. MacRumors reports: The name change comes as Apple begins to prepare for the launch of the headset, which is expected at some point in 2023. The headset will feature its own operating system, much like the Apple TV and the Apple Watch, and it will have a dedicated App Store. "XR" is meant to stand for extended reality, which pertains to both augmented and virtual reality. Rumors indicate that the headset Apple is working on will be "mixed reality" like the Microsoft HoloLens, supporting both augmented and virtual reality capabilities. Augmented reality augments what the user is seeing in the real world, while virtual reality is an entirely digital experience. Apple internally referred to the headset's operating system as "rOS" during the development process, but Bloomberg suggests that xrOS is a less generic name that will allow the headset to stand out more. In addition to confirming the name change with unnamed Apple sources, Bloomberg also discovered that a shell company named Deep Dive LLC has been registering the xrOS name across several countries, and Apple could potentially be behind these filings. Apple often uses shell companies to try to secretly register for trademarks for upcoming products.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Last month, a Texas-based company announced that it had successfully deployed the largest-ever commercial communications satellite in low-Earth orbit. This BlueWalker 3 demonstration satellite measures nearly 65 square meters, or about one-third the size of a tennis court. Designed and developed by AST SpaceMobile, the expansive BlueWalker 3 satellite is intended to demonstrate the ability of standard mobile phones to directly connect to the Internet via satellite. Large satellites are necessary to connect to mobile devices without a ground-based antenna. [...] Since BlueWalker3's launch in September, astronomers have been tracking the satellite, and their alarm was heightened following its antenna deployment last month. According to the International Astronomical Union, post-deployment measurements showed that BlueWalker 3 had an apparent visual magnitude of around 1 at its brightest, which is nearly as bright as Antares and Spica, the 15th and 16th brightest stars in the night sky. For a few years, astronomers have been expressing concerns about megaconstellations, such as SpaceX's Starlink satellites. While these are more numerous -- there are more than 3,000 Starlink satellites in orbit -- they are much smaller and far less bright than the kinds of satellites AST plans to launch. Eventually, AST plans to launch a constellation of 168 large satellites to provide "substantial" global coverage, a company spokesperson said. Even one is enough for astronomers, however. "BlueWalker 3 is a big shift in the constellation satellite issue and should give us all reason to pause," said Piero Benvenuti, a director at the International Astronomical Union. The organization of astronomers is also concerned about the potential for radio interference from these "cell phone towers in space." They will transmit strong radio waves at frequencies currently reserved for terrestrial cell phone communications but are not subject to the same radio quiet zone restrictions that ground-based cellular networks are. This could severely impact radio astronomy research -- which was used to discover cosmic microwave background radiation, for example -- as well as work in related fields. Astronomers currently build their radio astronomy observatories in remote areas, far from cell tower interference. They are worried that these large, radio-wave transmitting satellites will interfere in unpopulated areas. "We are eager to use the newest technologies and strategies to mitigate possible impacts to astronomy," AST said in a statement to Ars. "We are actively working with industry experts on the latest innovations, including next-generation anti-reflective materials. We are also engaged with NASA and certain working groups within the astronomy community to participate in advanced industry solutions, including potential operational interventions." AST is "committed to avoiding broadcasts inside or adjacent to the National Radio Quiet Zone in the United States [...] as well as additional radioastronomy locations," adds Ars.Read more of this story at Slashdot.

An anonymous reader quotes a report from Forbes: Lawyers representing Norwegian World Chess Champion Magnus Carlsen and online chess platform Chess.com asked a federal judge Friday to toss a $100 million lawsuit filed by chess grandmaster Hans Niemann in October, which marked a dramatic escalation of tensions over cheating allegations levied against the 19-year-old American. The motion to dismiss argued the teenager spent years "trying to curate a reputation as the bad boy of chess" and "now wants to cash in by blaming others" after the allegations derailed his chess career. Niemann acknowledged he cheated during a handful of matches as a young teen but an October report from Chess.com determined he "likely cheated" more than 100 times in online chess matches, after Carlsen released a statement in September saying Niemann "has cheated more -- and more recently -- than he has publicly admitted." Niemann stated in his defamation lawsuit the claims are a conspiracy from the chess community's establishment to smear him after he defeated Carlsen -- the five-time defending world champion -- during a tournament in St. Louis on September 4. The teen claimed the alleged conspiracy was an attempt to save Carlsen, 32, from reputational damage after Chess.com agreed to purchase his "Play Magnus" app for $83 million in August. Friday's motion stated all of Niemann's claims are without merit, arguing he has not disproved the cheating allegations or offered evidence to back up his conspiracy assertion. The lawsuit, filed in the Eastern District of Missouri, also named Chess.com executive Daniel Rensch and a website streaming partner, Hikaru Nakamura, as defendants. "Niemann now seeks to shift blame to reigning World Chess Champion Magnus Carlsen and others, claiming a wholly implausible conspiracy to defame and boycott Niemann that somehow damaged his already dubious reputation to the tune of $100 million," the motion to dismiss states.Read more of this story at Slashdot.

Prime Video has supplanted Netflix as the No. 1 subscription streaming outlet in the U.S. in an annual ranking compiled by research firm Parks Associates. Deadline reports: The company didn't disclose its methodology for how it isolates the number of Prime Video subscribers, a metric long cloaked in secrecy due to Amazon's general reluctance to disclose statistics about its Prime business. Still, Parks has been a reputable tracker of the streaming space for more than a decade. For many years in the 2010s, its rankings looked consistent, with the former "Big 3" of Netflix, Prime Video and Hulu sharing the top three spots, always with Netflix at the top. Today, the rankings are much more fragmented given how many new players have entered the scene. The list reflects total subscribers through September 2022, via the OTT Video Market Tracker, a Parks offering described by the firm as "an exhaustive analysis of market trends and profiles of the nearly 100 over-the-top video service providers in the U.S. and Canada." Amazon said last year it has more than 200 million Prime members, with Prime Video among the program's benefits. Several weeks ago, the company also recently said The Lord of the Rings: The Rings of Power has been viewed by more than 100 million Prime subscribers worldwide. [...] Netflix, meanwhile, has hit a plateau in the U.S., even shedding a small amount of subscribers over recent quarters. The company reported 73.4 million subscribers in the U.S. and Canada as of September 30, up 100,000 from the previous quarter but below levels in 2021 and earlier this year. On a global basis, of course, Netflix continues to lead the field with a bit more than 223 million subscribers. Disney has been hot on its heels, with Disney+ now at 164.2 million and the company overall reaching 235.7 million across Disney+, Hulu and ESPN+. The rest of the 2022 chart looks relatively similar to the 2021 edition, though NBCUniversal's Peacock broke through to take the No. 10 spot as Showtime dropped out of the picture.Read more of this story at Slashdot.

Apple's iPhone 14 Emergency SOS via Satellite Feature was put to the test in Alaska yesterday, when a man became stranded in a rural area. MacRumors reports: In the early hours of the morning on December 1, Alaska State Troopers received an alert that a man traveling by snow machine from Noorvik to Kotzebue had become stranded. The man was in a cold, remote location with no connectivity, and he activated the Emergency SOS via satellite feature on his iPhone 14 to alert authorities to his predicament. Apple's Emergency Response Center worked with local search and rescue teams and the Northwest Arctic Borough Search and Rescue Coordinator to send out volunteer searchers directly to the GPS coordinates that were relayed to Apple using the emergency function. The man was rescued successfully and there were no injuries. The area where he was located is remote and on the fringes of where satellite connectivity is available. Apple says that satellite connectivity might not work in places above 62 degrees latitude, such as northern parts of Canada and Alaska, and Noorvik and Kotzebue are close to 69 degrees latitude. Troopers who helped with the rescue were "impressed with the accuracy and completeness of information included in the initial alert," with the Emergency SOS via Satellite feature designed to ask several questions ahead of when an alert is sent out to expedite rescue missions.Read more of this story at Slashdot.

Electrek recaps yesterday's Tesla's Semi Delivery Event in Nevada: As expected, Tesla delivered the first electric trucks to PepsiCo, a long-time reservation holder, and held a presentation to reveal more details about the production version of the Tesla Semi. There wasn't any big surprise during the presentation. Tesla basically delivered on its original promises made in 2017 when it first unveiled the prototypes of the Tesla Semi. Despite the lack of major changes, it's still a big moment since the electric truck has the potential to change the trucking industry for good by eliminating emissions and significantly reducing costs. In terms of the technology powering the truck, things have changed since the original prototypes, but not in any major ways. Tesla is now using a tri-motor drivetrain that is basically the same as in the Model S and Model X Plaid. Dan Priestley, Tesla Semi Program manager, explained that Tesla is using one of the motors for cruising speed geared toward peak efficiency at highway speeds and the two other motors are used for torque when accelerating in order to create a smooth driving experience never seen in a class 8 truck before. To prove the capacity, Tesla shared a very impressive video of a Tesla Semi loaded at 82,000 lb. passing a diesel truck at 6% incline on the Donner Pass as if it's nothing: Tesla promised a range of 500 miles with a full load five years ago, and it delivered on the promise. Tesla shared data on a 500-mile trip with a full load of just under 82,000 lb. total with the tractor. It started out in the Bay Area with a 97% state of charge and ended up in San Diego with still 4% charge. Tesla reiterated that it can achieve a less-than-2 kWh-per-mile efficiency, which means that trucking companies can achieve up to $70,000 in fuel savings per year depending on their cost of electricity. Once the battery pack is depleted after 500 miles or so, you can expect blazing-fast charging thanks to the new 1-megawatt charging technology developed by Tesla. The automaker also said it will make it to the Cybertruck. In an updated article, Electrek's Fred Lambert says Musk confirmed Tesla Semi's efficiency at 1.7 kWh per mile, "which means it has a roughly 900 kWh battery pack." Tesla didn't reveal the weight of the actual truck or the price. "In 2017, Tesla said the trucks would be $150,000, $180,000, and $200,000, depending on the model, but those prices are expected to have changed over the last five years," reports Lambert.Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: An Australian law giving the government power to make internet giants Facebook owner Meta and Alphabet's Google negotiate content supply deals with media outlets has largely worked, a government report said. But the law, which took effect in March 2021 after talks with the big tech firms led to a brief shutdown of Facebook news feeds in the country, may need to be extended to other online platforms, the review said. Since the News Media Bargaining Code (PDF) took effect, the tech firms had inked more than 30 deals with media outlets compensating them for content which generated clicks and advertising dollars, said the Treasury department report, published late Thursday. "At least some of these agreements have enabled news businesses to, in particular, employ additional journalists and make other valuable investments to assist their operations," said the report. "While views on the success or otherwise of the Code will invariably differ, we consider it is reasonable to conclude that the Code has been a success to date." The report mostly recommended that the government consider new methods of assessing the administration and effectiveness of the law, and did not suggest changing the law itself. But it did note the law lacked "a formal mechanism to extend the Code to other platforms", and suggested the government order the competition regulator, which led the design of the law, to "prepare reports on this question." Google director of government affairs and public policy in Australia Lucinda Longcroft said the company had "furthered our significant contribution to the Australian news industry" by signing deals representing 200 mastheads across the country and "the majority of these outlets are regional or local."Read more of this story at Slashdot.

Beerismydad shares a report from the Associated Press: Former U.S. intelligence contractor Edward Snowden, who fled prosecution after revealing highly classified surveillance programs, has received a Russian passport and taken the citizenship oath, Russian news agencies quoted his lawyer as saying Friday. Lawyer Anatoly Kucherena was reported as saying that Snowden got the passport and took the oath on Thursday, about three months after Russian President Vladimir Putin granted him citizenship. The reports did not specify whether Snowden has renounced his U.S. citizenship. The United States revoked his passport in 2013, leading to Snowden being stranded in a Moscow airport for weeks after arriving from Hong Kong, aiming to reach Ecuador. Russia eventually granted him permanent residency. He married American Lindsay Mills in 2017 and the couple has two children. Further reading: Should the U.S. Pardon Edward Snowden?Read more of this story at Slashdot.

Huawei has confirmed the existence of a smartwatch it's working on featuring a pair of built-in wireless earbuds. "Huawei's account on Chinese Twitter-like site Weibo announced the existence of the device on Wednesday and promised all would be revealed on December 2," reports The Register. "But Huawei has since postponed its Winter 2022 consumer kit launch for unexplained reasons." You can view a teaser video on YouTube. The Verge adds: As the name suggests, the Huawei Watch Buds are a pair of earbuds concealed within a smartwatch that looks similar to the Huawei Watch 3. Details are a little sparse so there's no word yet on what kind of performance or battery life you can expect from either of the products, but the watch itself does appear to be running HarmonyOS. The earbuds don't seem to resemble any previous Huawei products, sporting a bare-bones black and silver design. While the concept feels more than a little gimmicky, it could be a neat solution for runners and other sporty folks who don't want to carry a separate earbud case during a workout. (If they don't mind the extra bulk on their wrists.) [...] Addressing the elephant in the room, it's unlikely that you'll be able to buy this wacky gadget in the US anyway, regardless of its legitimacy. Huawei products have been effectively banned in the country since the company was placed on the Commerce Department's Bureau of Industry and Security Entity list in 2019.Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: The Cuba ransomware gang extorted more than $60 million in ransom payments from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned. The latest advisory is a follow-up to a flash alert (PDF) released by the FBI in December 2021, which revealed that the gang had earned close to $44 million in ransom payments after attacks on more than 49 entities in five critical infrastructure sectors in the United States. Since, the Cuba ransomware gang has brought in an additional $60 million from attacks against 100 organizations globally, almost half of the $145 million it demanded in ransom payments from these victims. "Since the release of the December 2021 FBI Flash, the number of U.S. entities compromised by Cuba ransomware has doubled, with ransoms demanded and paid on the increase," the two federal agencies said on Thursday. Cuba ransomware actors, which have been active since 2019, continue to target U.S. entities in critical infrastructure, including financial services, government facilities, healthcare and public health, critical manufacturing and information technology. [...] FBI and CISA added that the ransomware gang has modified its tactics, techniques and procedures since the start of the year and has been linked to the RomCom malware, a custom remote access trojan for command and control, and the Industrial Spy ransomware. The advisory notes that the group -- which cybersecurity company Profero previously linked to Russian-speaking hackers -- typically extorts victims by threatening to leak stolen data. While this data was typically leaked on Cuba's dark web leak site, it began selling stolen data on Industrial Spy's online market in May this year. CISA and the FBI are urging at-risk organizations to prioritize patching known exploited vulnerabilities, to train employees to spot and report phishing attacks and to enable and enforce phishing-resistant multi-factor authentication.Read more of this story at Slashdot.

A security flaw on the Florida Department of Revenue website exposed at least hundreds of taxpayers' Social Security numbers and bank account numbers, a security researcher found. From a report: Kamran Mohsin said the security flaw -- now fixed -- allowed him, or anyone else who was logged in to the state's business tax registration website, to access, modify and delete the personal data of business owners whose information is on file with the state's tax authority by modifying the part of the web address that contains the taxpayers' application number. Mohsin said that application numbers are sequential, allowing anyone to enumerate taxpayers' information by incrementing the application number by a single digit. Mohsin said there were more than 713,000 applications in the system, which the department did not dispute when reached for comment.Read more of this story at Slashdot.

A group of federal cyber advisers is putting a suspected teen hacking group under the microscope in the second investigation ever conducted by the Cyber Safety Review Board. From a report: The Department of Homeland Security review board -- a group of 15 federal government and private-sector cyber experts -- announced Friday morning that it will study and provide recommendations to fend off the hacking techniques behind the Lapsus$ data extortion group. The Cyber Safety Review Board first investigated and released a report with security recommendations in July about the Log4j open-source software vulnerability that affected millions of devices last year. Lapsus$, which has been outed as a teenage hacking group, is believed to be behind data breaches at Uber, Rockstar Games, Microsoft, Okta and other major companies earlier this year. Data extortion groups break into a company's systems, steal prized information like source codes, and then demand a payment from the company to stop them from leaking the stolen information. Specifically, Lapsus$ targets companies through MFA fatigue, where they use stolen login credentials to log in to a network and then spam account owners with two-factor authentication requests on their phones until they accept one. Suspected members of the gang are believed to be based in the U.K. and have been arrested several times throughout the year.Read more of this story at Slashdot.

guest reader writes: Chipmaker Intel is offering staff in Ireland the opportunity to take three months' leave from their jobs, with the catch being that it is unpaid. The move is part of cost saving measures at the company. According to various reports in the Irish media, thousands of workers at Intel's manufacturing plant in Leixlip, County Kildare, were offered three months' voluntary unpaid leave in a bid to lower overheads. The move follows Intel's announcement in October that it planned to lay off an unspecified number of employees worldwide, and even ditch some product lines, in response to a worsening economic situation. These plans are part of a massive reduction in spending, with Intel looking slash $3 billion annually starting next year and by between $8 billion and $10 billion by 2025. However, this isn't going to stop the chipmaker from continuing to invest in building new chip manufacturing plants, as Intel confirmed this week when the company reiterated its commitment to manufacturing expansions in the US and in Europe that are set to cost billions of dollars. In an official statement sent to The Register, Intel said it was taking steps to reduce costs and improve efficiencies detailed during its recent earnings call, while protecting the investments needed to position the company for long-term growth.Read more of this story at Slashdot.

An anonymous reader shares a report: Nvidia's new RTX 4090 and 4080 GPUs both use a new connector called 12VHPWR to deliver power as a way to satisfy ever-more power-hungry graphics cards without needing to set aside the physical space required for three or four 8-pin power connectors. But that power connector and its specifications weren't created by Nvidia alone -- to ensure interoperability, the spec was developed jointly by the PCI Express Special Interest Group (PCI-SIG), a body that includes Nvidia, AMD, Intel, Arm, IBM, Qualcomm, and others. But the overheating and melting issues experienced by some RTX 4090 owners recently have apparently prompted the PCI-SIG to clarify exactly which parts of the spec it is and is not responsible for. In a statement reported by Tom's Hardware, the group sent its members a reminder that they, not the PCI-SIG, were responsible for safety testing products using connector specs like 12VHPWR. "Members are reminded that PCI-SIG specifications provide necessary technical information for interoperability and do not attempt to address proper design, manufacturing methods, materials, safety testing, safety tolerances, or workmanship," the statement reads. "When implementing a PCI-SIG specification, Members are responsible for the design, manufacturing, and testing, including safety testing, of their products."Read more of this story at Slashdot.

Google is shutting down Duplex on the Web, its AI-powered set of services that navigated sites to simplify the process of ordering food, purchasing movie tickets and more. From a report: According to a note on a Google support page, Google on the Web and any automation features enabled by it will no longer be supported as of this month. Google introduced Duplex on the Web, an outgrowth of its call-automating Duplex technology, during its 2019 Google I/O developer conference. To start, it was focused on a couple of narrow use cases, including opening a movie theater chain's website to fill out all of the necessary information on a user's behalf -- pausing to prompt for choices like seats. But Duplex on the Web later expanded to passwords, helping users automatically change passwords exposed in a data breach, as well as assisted checkout for ecommerce retailers, flight check-in for airline sites and automatic discount finding. The promise of Duplex on the Web was that you'd be able to issue Google Assistant a command like "Book me a car from Hertz" and have Duplex pull up the relevant web page and automatically fill in details like your name, car preferences, trip dates, payment information (using information from Gmail and Chrome autofill), and more.Read more of this story at Slashdot.

The U.S. Army allocated millions of dollars to sponsor a wide range of esports tournaments, individual high profile Call of Duty streamers, and Twitch events in the last year to specifically grow its audience with Gen-Z viewers, and especially women and Black and Hispanic people, according to internal Army documents obtained by Motherboard. From the report: In many cases the sponsorships ultimately did not happen -- the Army ordered a stop of all spending with Call of Duty's publisher Activision after the company faced a wave of sexual harrassment complaints. But the documents provide much greater insight into the Army's goals and intentions behind its planned integrations with Call of Duty and other massive entertainment franchises. "Audience: Gen-Z Prospects (A18-24)," one section of the documents read. "Focus on the growth of females, Black & Hispanics." Motherboard obtained the documents through the Freedom of Information Act (FOIA). A table included in the documents lists the funds the Army planned to spend on various platforms, events, and streamers. At the top, is Twitch and its HBCU [Historically Black Colleges and Universities] Showdown. Previous seasons of this esports league had players compete in Madden and NBA games. The Army planned to spend $1 million on sponsoring the event. The documents show that the U.S. military considered gaming and, in particular, Call of Duty, as a potentially useful branding and recruiting tool.Read more of this story at Slashdot.

"Rust is awesome, for certain things. But think twice before picking it up for a startup that needs to move fast," Matt Welsh, co-founder and chief executive of Fixie.ai and former Google engineering director, writes in a blog post. From the post: I hesitated writing this post, because I don't want to start, or get into, a holy war over programming languages. (Just to get the flame bait out of the way, Visual Basic is the best language ever!) But I've had a number of people ask me about my experience with Rust and whether they should pick up Rust for their projects. So, I'd like to share some of the pros and cons that I see of using Rust in a startup setting, where moving fast and scaling teams is really important. Right up front, I should say that Rust is very good at what it's designed to do, and if your project needs the specific benefits of Rust (a systems language with high performance, super strong typing, no need for garbage collection, etc.) then Rust is a great choice. But I think that Rust is often used in situations where it's not a great fit, and teams pay the price of Rust's complexity and overhead without getting much benefit. My primary experience from Rust comes from working with it for a little more than 2 years at a previous startup. This project was a cloud-based SaaS product that is, more-or-less, a conventional CRUD app: it is a set of microservices that provide a REST and gRPC API endpoint in front of a database, as well as some other back-end microservices (themselves implemented in a combination of Rust and Python). Rust was used primarily because a couple of the founders of the company were Rust experts. Over time, we grew the team considerably (increasing the engineering headcount by nearly 10x), and the size and complexity of the codebase grew considerably as well. As the team and codebase grew, I felt that, over time, we were paying an increasingly heavy tax for continuing to use Rust. Development was sometimes sluggish, launching new features took longer than I would have expected, and the team was feeling a real productivity hit from that early decision to use Rust. Rewriting the code in another language would have, in the long run, made development much more nimble and sped up delivery time, but finding the time for the major rewrite work would have been exceedingly difficult. So we were kind of stuck with Rust unless we decided to bite the bullet and rewrite a large amount of the code. Rust is supposed to be the best thing since sliced bread, so why was it not working so well for us? [...] Despite being some of the smartest and most experienced developers I had worked with, many people on the team (myself included) struggled to understand the canonical ways to do certain things in Rust, how to grok the often arcane error messages from the compiler, or how to understand how key libraries worked (more on this below). We started having weekly "learn Rust" sessions for the team to help share knowledge and expertise. This was all a significant drain on the team's productivity and morale as everyone felt the slow rate of development. As a comparison point of what it looks like to adopt a new language on a software team, one of my teams at Google was one of the first to switch entirely from C++ to Go, and it took no more than about two weeks before the entire 15-odd-person team was quite comfortably coding in Go for the first time.Read more of this story at Slashdot.

Maersk and IBM will wind down their shipping blockchain TradeLens by early 2023, ending the pair's five-year project to improve global trade by connecting supply chains on a permissioned blockchain. From a report: TradeLens emerged during the "enterprise blockchain" era of 2018 as a high-flying effort to make inter-corporate trade more efficient. Open to shipping and freight operators, its members could validate the transaction of goods as recorded on a transparent digital ledger. The idea was to save its member-shipping companies money by connecting their world. But the network was only as strong as its participants; despite some early wins, TradeLens ultimately failed to catch on with a critical mass of its target industry. "TradeLens has not reached the level of commercial viability necessary to continue work and meet the financial expectations as an independent business," Maersk Head of Business Platforms Rotem Hershko said in a statement.Read more of this story at Slashdot.

Japanese camera manufacturers are bidding farewell to a once-major component of their operations, with Panasonic Holdings and Nikon suspending development of entry-level point-and-shoot cameras under their flagship brands. From a report: The companies will instead focus resources on pricier mirrorless models going forward, aiming to navigate a market upended by smartphones. Casual photographers flocked to compact digital cameras in the mid- to late 1990s, embracing their affordability and portability compared with single-lens reflex cameras. Global shipments reached 110 million units in 2008, according to the Camera & Imaging Products Association (CIPA). But as the iPhone and other camera-equipped smartphones won general consumers over, the camera industry fell off a cliff. Global shipments of compact digital cameras plunged 97% from the 2008 level to just 3.01 million units in 2021. Panasonic has been scaling back its model offerings in Lumix compact digital cameras, which debuted in 2001 and enjoyed high spots in domestic rankings at one point. The company has not released any new product for the price range below 50,000 yen ($370 at current rates) or so since 2019 and has no plans to develop a low-priced model going forward. "We've halted developing any new models that can be replaced by a smartphone," a spokesperson said. Panasonic will continue production of current offerings. But its focus going forward will be on developing high-end mirrorless cameras for photography enthusiasts and professionals. Nikon has suspended development of new compact models in its Coolpix line. It now offers just two models with high-powered lenses but it is "closely monitoring market trends" to determine production volumes going forward, according to an official. Nikon has also withdrawn from development of SLR cameras to specialize in upmarket mirrorless single-lens models. These companies are following in rivals' footsteps. Fujifilm has discontinued production of its FinePix compact cameras and will develop only the X100V series and other pricier models.Read more of this story at Slashdot.

America's newest nuclear stealth bomber is making its public debut after years of secret development and as part of the Pentagon's answer to rising concerns over a future conflict with China. From a report: The B-21 Raider is the first new American bomber aircraft in more than 30 years. Almost every aspect of the program is classified. Ahead of its unveiling Friday at an Air Force facility in Palmdale, California, only artists' renderings of the warplane have been released. Those few images reveal that the Raider resembles the black nuclear stealth bomber it will eventually replace, the B-2 Spirit. The bomber is part of the Pentagon's efforts to modernize all three legs of its nuclear triad, which includes silo-launched nuclear ballistic missiles and submarine-launched warheads, as it shifts from the counterterrorism campaigns of recent decades to meet China's rapid military modernization. China is on track to have 1,500 nuclear weapons by 2035, and its gains in hypersonics, cyber warfare, space capabilities and other areas present "the most consequential and systemic challenge to U.S. national security and the free and open international system," the Pentagon said this week in its annual China report.Read more of this story at Slashdot.

Meta is urging policymakers to hold off on creating new rules governing the metaverse. From a report: In a policy paper released Friday, Meta argues that many of the world's existing laws and regulations will also apply to activity in the metaverse -- a catch-all term that refers to an immersive virtual world that doesn't yet exist in which users could someday work, play games, shop and interact. Edward Bowles, Meta's head of fintech policy, told reporters that regulators could "stymie innovation" if they create an entirely new regulatory scheme for the metaverse. It's common for corporations, particularly Silicon Valley titans, to discourage politicians from creating new regulations. But in recent years, lawmakers have become interested in reining in the biggest tech companies -- including their investments in virtual reality. The paper is an effort by Meta to shape future legislation impacting the metaverse, a technology so central to the company's mission that it rebranded to "Meta" from "Facebook" last year.Read more of this story at Slashdot.

A little over a year after buzzy coding bootcamp Lambda School rebranded as Bloom Institute of Technology, the venture-backed startup is conducting massive layoffs, TechCrunch reported, citing sources. From the report: The workforce reduction, per people familiar with the matter, has impacted half of the company's staff across content, product, data and engineering teams. The layoff is expected to have impacted around 88 employees, using metrics provided in BloomTech's 2022 diversity report metrics. Employees were called into an All Hands meeting this morning in which BloomTech CEO Austen Allred notified staff of the impending layoffs. After the meeting, those impacted were notified via e-mail. According to documents seen by TechCrunch, employees will get normal pay and medical benefits until January 31, 2023 and are "expected to work" through that period. Those laid off were also offered optional time with managers to talk.Read more of this story at Slashdot.

An automated status updater for Slack isn't the only thing Mozilla acquired this week. From a report: On Wednesday, the company announced that it snatched up Active Replica, a Vancouver-based startup developing a "web-based metaverse." According to Mozilla SVP Imo Udom, Active Replica will support Mozilla's ongoing work with Hubs, the latter's VR chatroom service and open source project. Specifically, he sees the Active Replica team working on personalized subscription tiers, improving the onboarding experience and introducing new interaction capabilities in Hubs. "Together, we see this as a key opportunity to bring even more innovation and creativity to Hubs than we could alone," Udom said in a blog post. "We will benefit from their unique experience and ability to create amazing experiences that help organizations use virtual spaces to drive impact. They will benefit from our scale, our talent, and our ability to help bring their innovations to the market faster." Active Replica was founded in 2020 by Jacob Ervin and Valerian Denis. Ervin is a software engineer by trade, having held roles at AR/VR startups Metaio, Liminal AR and Occipital. Denis has a history in project management -- he worked for VR firms including BackLight, which specializes in location-based and immersive VR experiences for brands.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Hive Social, a social media platform that has seen meteoric growth since Elon Musk took over Twitter, abruptly shut down its service on Wednesday after a security advisory warned the site was riddled with vulnerabilities that exposed all data stored in user accounts. "The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages," the advisory, published on Wednesday by Berlin-based security collective Zerforschung, claimed. "This also includes private email addresses and phone numbers entered during login." The post went on to say that after the researchers privately reported the vulnerabilities last Saturday, many of the flaws they reported remained unpatched. They headlined their post "Warning: do not use Hive Social." Hive Social responded by pulling down its entire service. "The Hive team has become aware of security issues that affect the stability of our application and the safety of our users," company officials wrote. "Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience." Technical details are being withheld to prevent the active exploitation of them by malicious hackers. According to Business Insider, Hive Social's user base has doubled in the last few weeks, going from about 1 million to 2 million as of last week. The site is only being staffed by two people, "neither of whom had much of a background in security," reports Ars.Read more of this story at Slashdot.

Scientists hoping to harness nuclear fusion -- the same energy source that powers the Sun and other stars -- have confirmed that magnetic fields can enhance the energy output of their experiments, reports a new study. The results suggest that magnets may play a key role in the development of this futuristic form of power, which could theoretically provide a virtually limitless supply of clean energy. Motherboard reports: Fusion power is generated by the immense energy released as atoms in extreme environments merge together to create new configurations. The Sun, and all the stars in the night sky, are fueled by this explosive process, which occurs in their cores at incredibly high temperatures and pressures. Scientists have spent roughly a century unraveling the mechanics of nuclear fusion in nature, and trying to artificially replicate this starry mojo in laboratories. Now, a team at the National Ignition Facility (NIF), which is a fusion experiment based at the U.S. Department of Energy's Lawrence Livermore National Laboratory, has reported that the magnetic fields can boost the temperature of the fusion "hot spot" in experiments by 40 percent and more than triple its energy output, which is "approaching what is required for fusion ignition" according to a study published this month in Physical Review Letters. "The magnetic field comes in and acts kind of like an insulator," said John Moody, a senior scientist at the NIF who led the study, in a call with Motherboard. "You have what we call the hot spot. It's millions of degrees, and around it is just room temperature. All that heat wants to flow out because heat always goes from the hot to the cold and the magnetic field prevents that from happening." "When we go in and we put the magnetic field on this hotspot, and we insulate it, now that heat stays in there, and so we're able to get the hot spot to a higher temperature," he continued. "You get more [fusion] reactions as you go up in temperature, and that's why we see this improvement in the reactivity." The hot spots in the NIF's fusion experiments are created by shooting nearly 200 lasers at a tiny pellet of fuel made of heavier isotopes (or versions) of hydrogen, such as deuterium and tritium. These laser blasts generate X-rays that make the small capsule implode, producing the kinds of extreme pressures and temperatures that are necessary for the isotopes to fuse together and release their enormous stores of energy. NIF has already brought their experiments to the brink of ignition, which is the point at which fusion reactions become self-sustaining in plasmas. The energy yields created by these experiments are completely outweighed by the energy that it takes to make these self-sustaining reactions in the plasmas in the first place. Still, achieving ignition is an important step toward creating a possible "breakeven" system that produces more energy output than input. Moody and his colleagues developed their magnetized experiment at NIF by wrapping a coil around a version of the pellet made with specialized metals.Read more of this story at Slashdot.

The Viking 1 lander arrived on the Martian surface 46 years ago to investigate the planet. It dropped down into what was thought to be an ancient outflow channel. Now, a team of researchers believes they've found evidence of an ancient megatsunami that swept across the planet billions of years ago, less than 600 miles from where Viking landed. Gizmodo reports: In a new paper published today in Scientific Reports, a team identified a 68-mile-wide impact crater in Mars' northern lowlands that they suspect is leftover from an asteroid strike in the planet's ancient past. "The simulation clearly shows that the megatsunami was enormous, with an initial height of approximately 250 meters, and highly turbulent," said Alexis Rodriguez, a researcher at the Planetary Science Institute and lead author of the paper, in an email to Gizmodo. "Furthermore, our modeling shows some radically different behavior of the megatsunami to what we are accustomed to imagining." Rodriguez's team studied maps of the Martian surface and found the large crater, now named Pohl. Based on Pohl's position on previously dated rocks, the team believes the crater is about 3.4 billion years old -- an extraordinarily long time ago, shortly after the first signs of life we know of appeared on Earth. According to the research team's models, the asteroid impact could have been so intense that material from the seafloor may have dislodged and been carried in the water's debris flows. Based on the size of the crater, the team believes the impacting asteroid could have been 1.86 miles wide or 6 miles wide, depending on the amount of ground resistance the asteroid encountered. The impact could have released between 500,000 megatons and 13 million megatons of TNT energy (for comparison, the Tsar Bomba nuclear test was about 57 megatons of TNT energy.) "A clear next step is to propose a landing site to investigate these deposits in detail to understand the ocean's evolution and potential habitability," Rodriguez said. "First, we would need a detailed geologic mapping of the area to reconstruct the stratigraphy. Then, we need to connect the surface modification history to specific processes through numerical modeling and analog studies, including identifying possible mud volcanoes and glacier landforms."Read more of this story at Slashdot.

An anonymous reader quotes a report from Motherboard: Motility -- the scientific term for being able to move independently -- is one of the most important features for living organisms on Earth. But where cells' ability to move came from has been a mystery for many scientists. However, new research in which scientists created the world's smallest moving organism provides one idea of how cell motility came to be. As the authors write in their paper, "motility is observed in various phyla and arguably one of the major determinants of survival." According to the paper, cell motility is believed to originate from small movements of housekeeping proteins that are transmitted to a cell, but the proposed process hasn't been experimentally demonstrated. Their study is thus a way to test out this theory. In this experiment, the researchers genetically engineered a synthetic bacterium named JCVI-syn-3b, or syn-3, which is non-motile. To reconstitute syn-3, the group introduced seven genes that code for proteins that are likely involved in the swimming motion of Spiroplasma bacteria. Spiroplasma is a small bacteria known to "swim" by essentially switching around its cytoskeleton. The proteins introduced evolved from the bacterial actin protein MreB. Actin are multi-functional proteins that are often responsible for motility in cells. In an email to Motherboard, Miyata confirmed that prior to this experiment, nobody had succeeded in making a motile minimal synthetic bacterium. By introducing the proteins responsible for motility in Spiroplasma into syn-3, the researchers were able to make the previously non-motile bacteria swim, as evident in a video published on the University's YouTube account. The researchers also wanted to see how the expression of different combinations of the motility genes would affect the genetically engineered bacteria to swim. In doing so, they found that the expression of only two proteins was necessary for promoting motility in syn-3, likely indicating that many of the proteins were redundant and demonstrating a minimal system for motility. "To the best of our knowledge, the motility system comprising only two actin superfamily proteins is the smallest system established till date," the authors write. "Therefore, we may call this a 'minimal motile cell.'" Although this study is primarily a proof of concept, it gives scientists a better understanding of how cell motility could have potentially originated and evolved. "In addition to the sheer novelty of creating such a smol swimmer, the new study sheds light on the origin of movement in the first mobile lifeforms that arose on Earth," adds Motherboard. "For instance, Miyata said that the actin protein MreB is not involved in the motility of many other bacterial species, which confirms that there are multiple different evolutionary pathways that led to microbial movement." The study has been published in the journal Science Advances.Read more of this story at Slashdot.

OpenAI has released a prototype general purpose chatbot that demonstrates a fascinating array of new capabilities but also shows off weaknesses familiar to the fast-moving field of text-generation AI. And you can test out the model for yourself right here. The Verge reports: ChatGPT is adapted from OpenAI's GPT-3.5 model but trained to provide more conversational answers. While GPT-3 in its original form simply predicts what text follows any given string of words, ChatGPT tries to engage with users' queries in a more human-like fashion. As you can see in the examples below, the results are often strikingly fluid, and ChatGPT is capable of engaging with a huge range of topics, demonstrating big improvements to chatbots seen even a few years ago. But the software also fails in a manner similar to other AI chatbots, with the bot often confidently presenting false or invented information as fact. As some AI researchers explain it, this is because such chatbots are essentially "stochastic parrots" -- that is, their knowledge is derived only from statistical regularities in their training data, rather than any human-like understanding of the world as a complex and abstract system. [...] Enough preamble, though: what can this thing actually do? Well, plenty of people have been testing it out with coding questions and claiming its answers are perfect. ChatGPT can also apparently write some pretty uneven TV scripts, even combining actors from different sitcoms. It can explain various scientific concepts. And it can write basic academic essays.And the bot can combine its fields of knowledge in all sorts of interesting ways. So, for example, you can ask it to debug a string of code ... like a pirate, for which its response starts: "Arr, ye scurvy landlubber! Ye be makin' a grave mistake with that loop condition ye be usin'!" Or get it to explain bubble sort algorithms like a wise guy gangster. ChatGPT also has a fantastic ability to answer basic trivia questions, though examples of this are so boring I won't paste any in here. And someone else saying the code ChatGPT provides in the very answer above is garbage. I'm not a programmer myself, so I won't make a judgment on this specific case, but there are plenty of examples of ChatGPT confidently asserting obviously false information. Here's computational biology professor Carl Bergstrom asking the bot to write a Wikipedia entry about his life, for example, which ChatGPT does with aplomb -- while including several entirely false biographical details. Another interesting set of flaws comes when users try to get the bot to ignore its safety training. If you ask ChatGPT about certain dangerous subjects, like how to plan the perfect murder or make napalm at home, the system will explain why it can't tell you the answer. (For example, "I'm sorry, but it is not safe or appropriate to make napalm, which is a highly flammable and dangerous substance.") But, you can get the bot to produce this sort of dangerous information with certain tricks, like pretending it's a character in a film or that it's writing a script on how AI models shouldn't respond to these sorts of questions.Read more of this story at Slashdot.

Last year, Google announced Android Open Source Project (AOSP) support for Rust, and today the company provided an update, while highlighting the decline in memory safety vulnerabilities. 9to5Google reports: Google says the "number of memory safety vulnerabilities have dropped considerably over the past few years/releases."; Specifically, the number of annual memory safety vulnerabilities fell from 223 to 85 between 2019 and 2022. They are now 35% of Android's total vulnerabilities versus 76% four years ago. In fact, "2022 is the first year where memory safety vulnerabilities do not represent a majority of Android's vulnerabilities." That count is for "vulnerabilities reported in the Android security bulletin, which includes critical/high severity vulnerabilities reported through our vulnerability rewards program (VRP) and vulnerabilities reported internally." During that period, the amount of new memory-unsafe code entering Android has decreased: "Android 13 is the first Android release where a majority of new code added to the release is in a memory safe language. " Rust makes up 21% of all new native code in Android 13, including the Ultra-wideband (UWB) stack, DNS-over-HTTP3, Keystore2, Android's Virtualization framework (AVF), and "various other components and their open source dependencies." Google considers it significant that there have been "zero memory safety vulnerabilities discovered in Android's Rust code" so far across Android 12 and 13. Google's blog post today also talks about non-memory-safety vulnerabilities, and its future plans: "... We're implementing userspace HALs in Rust. We're adding support for Rust in Trusted Applications. We've migrated VM firmware in the Android Virtualization Framework to Rust. With support for Rust landing in Linux 6.1 we're excited to bring memory-safety to the kernel, starting with kernel drivers.Read more of this story at Slashdot.

Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles. BleepingComputer reports: Security researchers at Yuga Labs found the issues and explored similar attack surfaces in the SiriusXM "smart vehicle" platform used in cars from other makers (Toyota, Honda, FCA, Nissan, Acura, and Infinity) that allowed them to "remotely unlock, start, locate, flash, and honk" them. At this time, the researchers have not published detailed technical write-ups for their findings but shared some information on Twitter, in two separate threads. The mobile apps of Hyundai and Genesis, named MyHyundai and MyGenesis, allow authenticated users to start, stop, lock, and unlock their vehicles. After intercepting the traffic generated from the two apps, the researchers analyzed it and were able to extract API calls for further investigation. They found that validation of the owner is done based on the user's email address, which was included in the JSON body of POST requests. Next, the analysts discovered that MyHyundai did not require email confirmation upon registration. They created a new account using the target's email address with an additional control character at the end. Finally, they sent an HTTP request to Hyundai's endpoint containing the spoofed address in the JSON token and the victim's address in the JSON body, bypassing the validity check. To verify that they could use this access for an attack on the car, they tried to unlock a Hyundai car used for the research. A few seconds later, the car unlocked. The multi-step attack was eventually baked into a custom Python script, which only needed the target's email address for the attack. Yuga Labs analysts found that the mobile apps for Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota, use SiriusXM technology to implement remote vehicle management features. They inspected the network traffic from Nissan's app and found that it was possible to send forged HTTP requests to the endpoint only by knowing the target's vehicle identification number (VIN). The response to the unauthorized request contained the target's name, phone number, address, and vehicle details. Considering that VINs are easy to locate on parked cars, typically visible on a plate where the dashboard meets the windshield, an attacker could easily access it. These identification numbers are also available on specialized car selling websites, for potential buyers to check the vehicle's history. In addition to information disclosure, the requests can also carry commands to execute actions on the cars. [...] Before posting the details, Yuga Labs informed both Hyundai and SiriusXM of the flaws and associated risks. The two vendors have fixed the vulnerabilities.Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: The brains of teenagers who lived through the Covid pandemic show signs of premature aging, research suggests. The researchers compared MRI scans of 81 teens in the US taken before the pandemic, between November 2016 and November 2019, with those of 82 teens collected between October 2020 and March 2022, during the pandemic but after lockdowns were lifted. After matching 64 participants in each group for factors including age and sex, the team found that physical changes in the brain that occurred during adolescence -- such as thinning of the cortex and growth of the hippocampus and the amygdala -- were greater in the post-lockdown group than in the pre-pandemic group, suggesting such processes had sped up. In other words, their brains had aged faster. "Brain age difference was about three years -- we hadn't expected that large an increase given that the lockdown was less than a year [long]," said Ian Gotlib, a professor of psychology at Stanford University and first author of the study. Writing in the journal Biological Psychiatry: Global Open Science, the team report that the participants -- a representative sample of adolescents in the Bay Area in California -- originally agreed to take part in a study looking at the impact of early life stress on mental health across puberty. As a result, participants were also assessed for symptoms of depression and anxiety. The post-lockdown group self-reported greater mental health difficulties, including more severe symptoms of anxiety, depression and internalizing problems. "Deterioration in mental health is accompanied by physical changes in the brain for teens, likely due to the stress of the pandemic," said Gotlib. "In older adults, these brain changes are often association with reduced cognitive functioning. It's not clear yet what they mean in adolescents. But this is the first demonstration that difficulties in mental health during the pandemic are accompanied by what seem to be stress-related changes in brain structure."Read more of this story at Slashdot.

Parler announced Thursday it reached a mutual agreement with Ye, formerly known as Kanye West, to terminate the sale of the social media app. Axios reports: The deal already was on life support, as Axios previously reported, and it's unclear if a formal merger agreement was ever signed. Parler originally said it had an agreement "in principle," and today referred to it as "intent of sale." A Parler spokesperson previously told Axios that the acquisition was set to close by year-end but declined to say if Ye ever had signed paperwork to that effect. In a statement, Parler's parent company said: "This decision was made in the interest of both parties in mid-November. Parler will continue to pursue future opportunities for growth and the evolution of the platform for our vibrant community." A source familiar with the situation said that Ye's precarious financial situation -- including the loss of his Adidas deal -- played a role in the deal collapse.Read more of this story at Slashdot.

Popular NFT and cryptocurrency app Coinbase Wallet today said that Apple required an NFT-sending feature to be removed from the app due to an in-app purchase dispute. MacRumors reports: Apple's App Store review team apparently told Coinbase that the "gas fees required to send NFTs need to be paid through in-app purchase." Apple wanted a cut of transactions, which Coinbase Wallet said is similar to Apple attempting to take a cut of fees for every email that's sent over the internet. Apple is asking for something that is not possible, because the in-app purchase system does not support cryptocurrency to begin with. Coinbase Wallet says that Apple would not approve an app update until the NFT-sending feature was disabled, and the removal of the functionality will make it more difficult for iPhone users who have an NFT to transfer the NFT to other wallets or gift an NFT to friends or family. The developers behind the app say that Apple has introduced profit-protecting policies that come at the expense of "developer innovation across the crypto ecosystem." Coinbase Wallet is hoping that this is a mistake and has tweeted an invitation to Apple to discuss the matter.Read more of this story at Slashdot.

An anonymous reader quotes a report from the Washington Post: Major web browsers moved Wednesday to stop using a mysterious software company that certified websites were secure, three weeks after The Washington Post reported its connections to a U.S. military contractor. Mozilla's Firefox and Microsoft's Edge said they would stop trusting new certificates from TrustCor Systems that vouched for the legitimacy of sites reached by their users, capping weeks of online arguments among their technology experts, outside researchers and TrustCor, which said it had no ongoing ties of concern. Other tech companies are expected to follow suit. The Post reported on Nov. 8 that TrustCor's Panamanian registration records showed the same slate of officers, agents and partners as a spyware-maker identified this year as an affiliate of Arizona-based Packet Forensics, which has sold communication interception services to U.S. government agencies for more than a decade. One of those contracts listed the "place of performance" as Fort Meade, Md., the home of the National Security Agency and the Pentagon's Cyber Command. The case has put a new spotlight on the obscure systems of trust and checks that allow people to rely on the internet for most purposes. Browsers typically have more than a hundred authorities approved by default, including government-owned ones and small companies, to seamlessly attest that secure websites are what they purport to be."Certificate Authorities have highly trusted roles in the internet ecosystem and it is unacceptable for a CA to be closely tied, through ownership and operation, to a company engaged in the distribution of malware," Mozilla's Kathleen Wilson wrote to a mailing list for browser security experts. "Trustcor's responses via their Vice President of CA operations further substantiates the factual basis for Mozilla's concerns."Read more of this story at Slashdot.

The Australian parliament has approved a bill to amend the country's privacy legislation, significantly increasing the maximum penalties to AU$50 million for companies and data controllers who suffered large-scale data breaches. From a report: The financial penalty introduced by the new bill is set to whichever is greater: AU$50 million, three times the value of any benefit obtained through the misuse of information, and 30% of a company's adjusted turnover in the relevant period. Previously, the penalty for severe data exposures was AU$2.22 million, considered wholly inadequate to incentivize companies to improve their data security mechanisms. The new bill comes in response to a series of recent cyberattacks against Australian companies, including ransomware and network breaches, resulting in the exposure of highly sensitive data for millions of people in the country. "The Albanese Labor government has wasted no time in responding to recent major data breaches. We have announced, introduced, and delivered legislation in just over a month," reads the media announcement. "These new, larger penalties send a clear message to large companies that they must do better to protect the data they collect."Read more of this story at Slashdot.

As the FTX collapse continues to reverberate through the cryptocurrency sector, Telegram CEO Pavel Durov wants to revive some of the good will toward blockchain technology by developing a range of decentralized tools including digital asset exchanges. From a report: "The blockchain industry was built on the promise of decentralization, but ended up being concentrated in the hands of a few who began to abuse their power," Durov wrote Wednesday on his Telegram page. "As a result, a lot of people lost their money when FTX, one of the largest exchanges, went bankrupt." The antidote to FTX's downfall is renewed prioritization of decentralization, he said. Durov maintained that blockchain projects must return to their roots of decentralization, and move away from relying on third-party corporations. Additionally, he said it's possible today for developers to steer the blockchain away from centralization with the release of new products that a wide audience can access. Moving forward, Telegram, a messaging and social-media app, will build non-custodial wallets and decentralized exchanges for millions of people to trade and store cryptocurrencies, Durov said. "This way we can fix the wrongs caused by the excessive centralization, which let down hundreds of thousands of cryptocurrency users," he said. "The time when the inefficiencies of legacy platforms justified centralization should be long gone. With technologies like TON reaching their potential, the blockchain industry should be finally able to deliver on its core mission -- giving the power back to the people."Read more of this story at Slashdot.

Five years ago, a study describing a precipitous decline in sperm counts sparked extreme concerns that humanity was on the path to extinction. Now a new study shows that sperm counts have fallen further and the rate of decline is speeding up, raising fears of a looming global fertility crisis. From a report: The initial study, published in July 2017, revealed that sperm counts -- the number of sperm in a single ejaculate -- plummeted by more than 50 percent among men in North America, Europe, Australia, and New Zealand between 1973 and 2011. Since then, a team led by the same researchers has explored what has happened in the last 10 years. In a new meta-analysis, which appeared in the journal Human Reproduction Update, researchers analyzed studies of semen samples published between 2014 and 2019 and added this to their previous data. The newer studies have a more global perspective and involved semen samples from 14,233 men, including some from South and Central America, Africa, and Asia. The upshot: Not only has the decline in total sperm counts continued -- reaching a drop of 62 percent -- but the decline per year has doubled since 2000. The 2017 report also revealed that sperm concentration (the number of sperm per milliliter of semen) dropped by an average of 1.6 percent per year, totaling more than a 52 percent among men in these regions over the previous four decades.Read more of this story at Slashdot.

Firefox developer Mozilla is making a rare foray into the world of mergers and acquisitions, with news that it has snapped up recently-shuttered California-based productivity startup Pulse. From a report: Terms of the deal haven't been disclosed, but the deal is tantamount to an "acqui-hire," with Mozilla looking to deploy the Pulse team across an array of machine learning (ML) projects. "We're acquiring Pulse for the incredible team they have built," Mozilla chief product officer Steve Teixeira told TechCrunch. "As we look to continue to improve user experiences across all of our products, ML will be a core part of that." Founded out of Menlo Park in 2019, Pulse in its initial guise was a "virtual office" platform called Loop Team, but after honing the idea for a couple of years it pivoted and rebranded last November. Pulse, essentially, was an automated status-updating tool that used signals based on pre-configured integrations and preferences set by the user. For example, users could synchronize Pulse with their calendar and Slack, setting rules to stipulate what their status and corresponding emoji should be based on keywords in their calendar event title. If their schedule for a particular time says "hair appointment" from 12-1pm, then the person's Slack status update might display a scissors emoji alongside the word "haircut." Or, it might say "birthday" alongside a cake emoji if that's what is in their calendar.Read more of this story at Slashdot.

A little more than one in five techies in Britain is aged 50 or older, and enticing more of that demographic to enter the world of information technology could help alleviate a perennial skills gap. From a report: This is according to research by the British Computer Society (BCS), which reckons just 22 percent (413,000) of the 1.9 million IT specialists in the local industry are at or past the half century mark. To fall in line with the average number of 50 year olds or older across all other employment areas (561,000) in the UK, an additional 148,000 people in that grouping are needed in the tech sector, the BCS claimed, basing its finding on data provided by the Office for National Statistics. "We can only achieve the government's ambition for the UK to be the 'next Silicon Valley' by closing the digital skills gap and making this vital profession attractive to a far broader range of people," said Rashik Parmar MBE, CEO of the BCS. For those not aware, the UK government's latest harebrained scheme, outlined in the Autumn statement by Chancellor Jeremy Hunt, is to convert the island nation into "the next Silicon Valley". Sounds plausible? Oven-baked plan? No, we didn't think so either. The age factor was most pronounced in the north-east of the UK where just one in eight programmers/developers was 50 or over, the research found -- but didn't state why.Read more of this story at Slashdot.

AmiMoJo writes: A research project that saw a four-day working week being trialled across 12 businesses has been deemed a success by both the companies and employees involved. The project, backed by the trade union Forsa and carried out in partnership by Four-Day Week Ireland, UCD and Boston College, examined the financial, social, and environmental impact that a four-day working week would have on businesses and employees in Ireland. Nine of the 12 companies that took part in the six-month trial said they were committed to continuing with the four-day-week schedule. The other three said they were also planning to continue but did not commit to keeping it long-term. Seven companies provided data on revenue and of those, six reported monthly revenue growth, with one seeing a decline. Two companies that tracked energy usage found reductions. In general, management of the companies were said to have been very pleased with the outcome of the trial in terms of productivity and overall experience. On a scale of 1-10, from very negative to very positive, the companies' average rating for the trial was 9.2.Read more of this story at Slashdot.

AmiMoJo writes: LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," the company said. "We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers' information." Lastpass said it hired security firm Mandiant to investigate the incident and notified law enforcement of the attack. It also noted that customers' passwords have not been compromised and "remain safely encrypted due to LastPass's Zero Knowledge architecture."Read more of this story at Slashdot.

The company behind the tether stablecoin has increasingly been lending its own coins to customers rather than selling them for hard currency upfront. The shift adds to risks that the company may not have enough liquid assets to pay redemptions in a crisis. From a report: Tether says it lends only to eligible customers and requires that borrowers post lots of "extremely liquid" collateral, which could be sold for dollars if borrowers default. These loans have appeared for several quarters in the financial reports that Tether shows on its website. In the most recent report, they reached $6.1 billion as of Sept. 30, or 9% of the company's total assets. They were $4.1 billion, or 5% of total assets, at the end of 2021. Tether calls them "secured loans" and discloses little about the borrowers or the collateral accepted. Alex Welch, a Tether spokeswoman, confirmed that all of the secured loans listed in the reports were issued and denominated in tether. The company said the loans were short-term and that Tether holds the collateral. Tether, which is incorporated in the British Virgin Islands, doesn't publish audited financial statements or a complete balance sheet, leaving outsiders with an incomplete picture of the company's financial health. "Tether's disclosures are limited to the information contained in the mentioned reports," Ms. Welch said. The rise in Tether's lending represents a broad risk to the crypto world. Stablecoins such as tether are anchors in the system. They are vital for trading many cryptocurrencies and are widely held by traders. The premise of tether -- and other stablecoins -- is that the issuer always will redeem one coin for $1. Issuers take pains to demonstrate they have ample funds available to do so. The company's reports show only U.S. dollar amounts for the loans and don't say the loans were made in tether tokens. The reports also say the loans were "fully collateralized by liquid assets."Read more of this story at Slashdot.

Google will take its appeal of the record $4.5 billion European Union antitrust fine over its dominance in the Android mobile market to the bloc's top court. From a report: The penalty hits at the heart of the US tech giant's power over the Android mobile-phone ecosystem, and in September judges at a lower court mostly sided with the European Commission's arguments but reduced the overall fine to $4.3 billion.Read more of this story at Slashdot.

The San Francisco Board of Supervisors voted 8-3 Tuesday night to approve a controversial policy that would allow police to deploy robots capable of using lethal force in extraordinary circumstances, according to multiple reports. From a report: The Washington Post reports the vote came after a heated debate on a policy that would allow officers to use ground-based robots to kill "when risk of loss of life to members of the public or officers is imminent and officers cannot subdue the threat after using alternative force options or de-escalation tactics." The Post says the measure still requires a second vote next week and the mayor's approval. "There could be an extraordinary circumstance where, in a virtually unimaginable emergency, they might want to deploy lethal force to render, in some horrific situation, somebody from being able to cause further harm," Supervisor Aaron Peskin said at the board meeting, according to the San Francisco Chronicle. But Supervisors Dean Preston, Hillary Ronen and Shamann Walton voted against the policy, the Chronicle reported. "There is serious potential for misuse and abuse of this military-grade technology, and zero showing of necessity," Preston said at the meeting. Ultimately, the board adopted an amendment requiring one of two high-ranking San Francisco Police Department leaders to authorize any use of a robot for lethal force, according to the Chronicle.Read more of this story at Slashdot.

DoorDash is reducing its corporate staff by about 1,250, or 6% of the company, as the food-delivery platform works to rein in costs after a pandemic-fueled growth spurt, according to an internal memo from Chief Executive Tony Xu. WSJ: DoorDash is the latest among a swath of technology companies to cut staff to pare back costs as rising interest rates and economic uncertainty spur investors to focus more on profitability. DoorDash, like many companies, is also navigating shifting consumer habits as trends normalize from pandemic disruptions. The company's food-delivery competitors, such as Uber face their slowest growth in years. "We were not as rigorous as we should have been in managing our team growth," Mr. Xu said in the memo, which was viewed by The Wall Street Journal. "That's on me. As a result, operating expenses grew quickly." Growth has tapered from pandemic highs, Mr. Xu said, and operating costs would continue to outpace sales growth if left unaddressed. Since its 2020 initial public offering, DoorDash has struggled to turn a profit, though it did post a profitable quarter at the start of the pandemic. Earlier in November, DoorDash posted a wider-than-expected loss of $296 million for the third quarter as costs surged 46% to over $2 billion.Read more of this story at Slashdot.