Slashdot

An anonymous reader quotes a report from Ars Technica: Intel on Tuesday pushed microcode updates to fix a high-severity CPU bug that has the potential to be maliciously exploited against cloud-based hosts. The flaw, affecting virtually all modern Intel CPUs, causes them to "enter a glitch state where the normal rules don't apply," Tavis Ormandy, one of several security researchers inside Google who discovered the bug, reported. Once triggered, the glitch state results in unexpected and potentially serious behavior, most notably system crashes that occur even when untrusted code is executed within a guest account of a virtual machine, which, under most cloud security models, is assumed to be safe from such faults. Escalation of privileges is also a possibility. The bug, tracked under the common name Reptar and the designation CVE-2023-23583, is related to how affected CPUs manage prefixes, which change the behavior of instructions sent by running software. Intel x64 decoding generally allows redundant prefixes -- meaning those that don't make sense in a given context -- to be ignored without consequence. During testing in August, Ormandy noticed that the REX prefix was generating "unexpected results" when running on Intel CPUs that support a newer feature known as fast short repeat move, which was introduced in the Ice Lake architecture to fix microcoding bottlenecks. The unexpected behavior occurred when adding the redundant rex.r prefixes to the FSRM-optimized rep mov operation. [...] Intel's official bulletin lists two classes of affected products: those that were already fixed and those that are fixed using microcode updates released Tuesday. An exhaustive list of affected CPUs is available here. As usual, the microcode updates will be available from device or motherboard manufacturers. While individuals aren't likely to face any immediate threat from this vulnerability, they should check with the manufacturer for a fix. People with expertise in x86 instruction and decoding should read Ormandy's post in its entirety. For everyone else, the most important takeaway is this: "However, we simply don't know if we can control the corruption precisely enough to achieve privilege escalation." That means it's not possible for people outside of Intel to know the true extent of the vulnerability severity. That said, anytime code running inside a virtual machine can crash the hypervisor the VM runs on, cloud providers like Google, Microsoft, Amazon, and others are going to immediately take notice.Read more of this story at Slashdot.

A bloc of 48 nations have developed the Crypto-Asset Reporting Framework (CARF), aimed at standardizing reporting requirements for crypto assets to address concerns related to money laundering and tax evasion. It's set to be implemented by 2027. The Register reports: Developed by the Organisation for Economic Co-operation and Development (OECD), the CARF was developed under the 168-member Global Forum on Transparency and Exchange of Information for Tax Purposes, with the G20 and the Organisation for Economic Co-operation and Development looking on approvingly and lending a hand. As the name implies, that Forum is all about sharing data so that each nation's tax authorities have the information they need to understand money movements and make sure they can see what they're allowed to tax. The Forum and the legislative instruments it has fostered include reporting requirements that ensure relevant information is collected by those who facilitate transactions and will be shared. CARF brings similar reporting requirements to crypto assets. Note the term "crypto assets." That's important, because cryptocurrency is not the only blockchain-based instrument that worries authorities. Some, like non-fungible tokens, rely on the same "greater fool" theory that pumped up cryptocurrency prices, and can attract - ahem - interesting investors. But others are far less contentious or speculative, and instead aim to speed transaction processing. Stablecoins, for example, are often suggested as a means for faster and cheaper cross-border transactions than is possible with dominant transaction processing services. Tokenized assets can also be more easily integrated into applications to ease automated money movements. That speed and flexibility is increasingly appreciated. But unless transactions made with those instruments can be observed, the potential for their use to evade tax authorities is high. CARF's use of the term "crypto assets" therefore signals an effort to cover the weird world of cryptocurrencies and the emerging classes of classier tokenized assets. The Framework was signed off in March 2023, and in the time since OECD members and other interested nations have been dotting the Is and crossing the Ts to prepare for its implementation. The Framework can be found here.Read more of this story at Slashdot.

Sarah Perez reports via TechCrunch: YouTube today announced how it will approach handling AI-created content on its platform with a range of new policies surrounding responsible disclosure as well as new tools for requesting the removal of deepfakes, among other things. The company says that, although it already has policies that prohibit manipulated media, AI necessitated the creation of new policies because of its potential to mislead viewers if they don't know the video has been "altered or synthetically created." One of the changes that will roll out involves the creation of new disclosure requirements for YouTube creators. Now, they'll have to disclose when they've created altered or synthetic content that appears realistic, including videos made with AI tools. For instance, this disclosure would be used if a creator uploads a video that appears to depict a real-world event that never happened, or shows someone saying something they never said or doing something they never did. It's worth pointing out that this disclosure is limited to content that "appears realistic," and is not a blanket disclosure requirement on all synthetic video made via AI. "We want viewers to have context when they're viewing realistic content, including when AI tools or other synthetic alterations have been used to generate it," YouTube spokesperson Jack Malon told TechCrunch. "This is especially important when content discusses sensitive topics, like elections or ongoing conflicts," he noted. [...] The company also warns that creators who don't properly disclose their use of AI consistently will be subject to "content removal, suspension from the YouTube Partner Program, or other penalties." YouTube says it will work with creators to make sure they understand the requirements before they go live. But it notes that some AI content, even if labeled, may be removed if it's used to show "realistic violence" if the goal is to shock or disgust viewers. [...] Other changes include the ability for any YouTube user to request the removal of AI-generated or other synthetic or altered content that simulates an identifiable individual -- aka a deepfake -- including their face or voice. But, the company clarifies that not all flagged content will be removed, making room for parody or satire. It also says that it will consider whether or not the person requesting the removal can be uniquely identified or whether the video features a public official or other well-known individual, in which case "there may be a higher bar," YouTube says. Alongside the deepfake request removal tool, the company is introducing a new ability that will allow music partners to request the removal of AI-generated music that mimics an artist's singing or rapping voice.Read more of this story at Slashdot.

An anonymous reader quotes a report from Electrek: On Monday, Rivian released an incremental software update 2023.42, which bricked the infotainment system in R1Ses and R1Ts. The company is frantically working on a fix, but it might not be an OTA. [...] The vehicles are drivable, but software and displays go black. It appears that the 2023.42 software update hangs at 90% on the vehicle screen or 50% on the app screen, and then the vehicle screens black out. All systems appear to still work except for the displays. At the moment, it appears that Amazon vans are not impacted. Update: The company has acknowledged the issue with affected customers but has yet to issue a fix or plan to fix. Rivian's vice president of software engineering, Wassim Bensaid, took to Reddit to update users on the situation, writing: "Hi All, We made an error with the 2023.42 OTA update -- a fat finger where the wrong build with the wrong security certificates was sent out. We cancelled the campaign and we will restart it with the proper software that went through the different campaigns of beta testing. Service will be contacting impacted customers and will go through the resolution options. That may require physical repair in some cases. This is on us -- we messed up. Thanks for your support and your patience as we go through this. *Update 1 (11/13, 10:45 PM PT): The issue impacts the infotainment system. In most cases, the rest of the vehicle systems are still operational. A vehicle reset or sleep cycle will not solve the issue. We are validating the best options to address the issue for the impacted vehicles. Our customer support team is prioritizing support for our customers related to this issue. Thank you."Read more of this story at Slashdot.

India's capital, New Delhi, is preparing a new weapon in the fight against deadly air pollution: cloud seeding. From a report: The experiment, which could take place as early as next week, would introduce chemicals like silver iodide into a cloudy sky to create rain and, it's hoped, wash away the fine particulate matter hovering over one of the world's largest cities. The need is desperate. Delhi has already tried traffic restriction measures, multimillion-dollar air filtration towers, and the use of fleets of water-spraying trucks to dissolve the particulate matter in the air -- but to no avail. The use of cloud seeding, if it goes ahead, would be controversial. "It's not at all a good use of resources because it's not a solution, it's like a temporary relief," says Avikal Somvanshi, a researcher at the Center for Science and Environment in New Delhi. Environmentalists and scientists worry that most of the government's response is focused on mitigating the pollution rather than trying to cut off its source. "There is just no political intent to solve this, that is one of the biggest problems," says Bhavreen Kandhari, an activist and cofounder of Warrior Moms, a network of mothers demanding clean air. [...] Now, Delhi officials are seeking permission from federal agencies in India to try cloud seeding. The technique involves flying an aircraft to spray clouds with salts like silver or potassium iodide or solid carbon dioxide, also known as dry ice, to induce precipitation. The chemical molecules attach to moisture already in the clouds to form bigger droplets that then fall as rain. China has used artificial rain to tackle air pollution in the past -- but for cloud seeding to work properly, you need significant cloud cover with reasonable moisture content, which Delhi generally lacks during the winter. If weather conditions are favorable, scientists leading the project at the Indian Institute of Technology in Kanpur plan to carry out cloud seeding around November 20.Read more of this story at Slashdot.

Some of the United States' largest civil liberties groups are urging Senate majority leader Chuck Schumer not to pursue a short-term extension of the Section 702 surveillance program slated to sunset on December 31. From a report: The more than 20 groups -- Demand Progress, the Brennan Center for Justice, American Civil Liberties Union, and Asian Americans Advancing Justice among them -- oppose plans that would allow the program to continue temporarily by amending "must-pass" legislation, such as the bill needed now to avert a government shutdown by Friday, or the National Defense Authorization Act, annual legislation set to dictate $886 billion in national security spending across the Pentagon and US Department of Energy in 2024. "In its current form, [Section 702] is dangerous to our liberties and our democracy, and it should not be renewed for any length of time without robust debate, an opportunity for amendment, and -- ultimately -- far-reaching reforms," a letter from the groups to Schumer says. It adds that any attempt to prolong the program by rushed amendment "would demonstrate blatant disregard for the civil liberties and civil rights of the American people."Read more of this story at Slashdot.

The Top500 organization released its semi-annual list of the fastest supercomputers in the world, with the AMD-powered Frontier supercomputer retaining its spot at the top of the list with 1.194 Exaflop/s (EFlop/s) of performance, fending off a half-scale 585.34 Petaflop/s (PFlop/s) submission from the Argonne National Laboratory's Intel-powered Aurora supercomputer. From a report: Argonne's submission, which only employs half of the Aurora system, lands at the second spot on the Top500, unseating Japan's Fugaku as the second-fastest supercomputer in the world. Intel also made inroads with 20 new supercomputers based on its Sapphire Rapids CPUs entering the list, but AMD's EPYC continues to take over the Top500 as it now powers 140 systems on the list -- a 39% year-over-year increase. Intel and Argonne are currently still working to bring Arora fully online for users in 2024. As such, the Aurora submission represented 10,624 Intel CPUs and 31,874 Intel GPUs working in concert to deliver 585.34 PFlop/s at a total of 24.69 megawatts (MW) of energy. In contrast, AMD's Frontier holds the performance title at 1.194 EFlop/s, which is more than twice the performance of Aurora, while consuming a comparably miserly 22.70 MW of energy (yes, that's less power for the full Frontier supercomputer than half of the Aurora system). Aurora did not land on the Green500, a list of the most power-efficient supercomputers, with this submission, but Frontier continues to hold eighth place on that list. However, Aurora is expected to eventually reach up to 2 EFlop/s of performance when it comes fully online. When complete, Auroroa will have 21,248 Xeon Max CPUs and 63,744 Max Series 'Ponte Vecchio' GPUs spread across 166 racks and 10,624 compute blades, making it the largest known single deployment of GPUs in the world. The system leverages HPE Cray EX a" Intel Exascale Compute Blades and uses HPE's Slingshot-11 networking interconnect.Read more of this story at Slashdot.

After a tech entrepreneur and investor lost his password for retrieving $100,000 in bitcoin and hired experts to break open the wallet where he kept it, they failed to help him. But in the process, they discovered a way to crack enough other software wallets to steal $1 billion or more. From a report: On Tuesday, the team is releasing information about how they did it. They hope it's enough data that the owners of millions of wallets will realize they are at risk and move their money, but not so much data that criminals can figure out how to pull off what would be one of the largest heists of all time. Their start-up, Unciphered, has worked for months to alert more than a million people that their wallets are at risk. Millions more haven't been told, often because their wallets were created at cryptocurrency websites that have gone out of business. The story of those wallets' vulnerabilities underscores the enormous risk in experimental currencies, beyond their wild fluctuations in value and fast-changing regulations. Many wallets were created with code containing profound flaws, and the companies that used that code can disappear. Beyond that, it is a sobering reminder that underneath software infrastructure of all kinds, even ones explicitly dedicated to securing funds, are open-source programs that few or no people oversee. "Open-source ages like milk. It will eventually go bad," said Chris Wysopal, a co-founder of security company Veracode who advised Unciphered as it sorted through the problem.Read more of this story at Slashdot.

In research published in Science today, Google DeepMind's model, GraphCast, was able to predict weather conditions up to 10 days in advance, more accurately and much faster than the current gold standard. From a report: GraphCast outperformed the model from the European Centre for Medium-Range Weather Forecasts (ECMWF) in more than 90% of over 1,300 test areas. And on predictions for Earth's troposphere -- the lowest part of the atmosphere, where most weather happens -- GraphCast outperformed the ECMWF's model on more than 99% of weather variables, such as rain and air temperature. Crucially, GraphCast can also offer meteorologists accurate warnings, much earlier than standard models, of conditions such as extreme temperatures and the paths of cyclones. In September, GraphCast accurately predicted that Hurricane Lee would make landfall in Nova Scotia nine days in advance, says Remi Lam, a staff research scientist at Google DeepMind. Traditional weather forecasting models pinpointed the hurricane to Nova Scotia only six days in advance. [...] Traditionally, meteorologists use massive computer simulations to make weather predictions. They are very energy intensive and time consuming to run, because the simulations take into account many physics-based equations and different weather variables such as temperature, precipitation, pressure, wind, humidity, and cloudiness, one by one. GraphCast uses machine learning to do these calculations in under a minute. Instead of using the physics-based equations, it bases its predictions on four decades of historical weather data. GraphCast uses graph neural networks, which map Earth's surface into more than a million grid points. At each grid point, the model predicts the temperature, wind speed and direction, and mean sea-level pressure, as well as other conditions like humidity. The neural network is then able to find patterns and draw conclusions about what will happen next for each of these data points.Read more of this story at Slashdot.

Nothing Phone 2 owners get blue bubbles now. The company shared it has added iMessage to its newest phone through a new "Nothing Chats" app powered by the messaging platform Sunbird. From a report: The feature will be available to users in North America, the EU, and other European countries starting this Friday, November 17th. Nothing writes on its page that it's doing this because "messaging services are dividing phone users," and it wants "to break those barriers down." But doing so here requires you to trust Sunbird. Nothing's FAQ says Sunbird's "architecture provides a system to deliver a message from one user to another without ever storing it at any point in its journey," and that messages aren't stored on its servers. Marques Brownlee has also had a preview of Nothing Chats. He confirmed with Nothing that, similar to how other iMessage-to-Android bridge services have worked before, "...it's literally signing in on some Mac Mini in a server farm somewhere, and that Mac Mini will then do all of the routing for you to make this happen." Nothing's US head of PR, Jane Nho, told The Verge in an email that Sunbird stores user iCloud credentials as a token "in an encrypted database" and associated with one of its Mac Minis in the US or Europe, depending on the user's location, that then act as a relay for iMessages sent via the app. She added that, after two weeks of inactivity, Sunbird deletes the account information.Read more of this story at Slashdot.

An anonymous reader writes: Videos collected by 404 Media over months give a peek into the world of spoofing numbers, automated call scripts, and a specific seller of the phones. From the report: "Alright lads," a man sitting in the passenger seat of a moving car says in a heavy British accent. In his left hand he holds a special phone he is showing off to his clients, while with the other he films his demonstration which was later uploaded to Telegram. "I'm only going to say it once, yeah. You swipe, and it's gone," he continues, demonstrating one app installed that can instantly destroy data stored on the device. The phone in question is one from "Russiancoms," an underground outfit that sells the devices for just under $2,000 each. For that price, customers get a laundry list of features: the ability to spoof phone numbers, play hold music, and have a computerized voice read pre-determined scripts. While Russiancoms does not acknowledge in its Telegram channel what the phones might really be for, those are features well suited to committing fraud. The Russiancoms Telegram channel periodically deletes its videos and other messages, but 404 Media has been archiving many of them for months. They provide insight into a little known industry of fraud phones, ones that make it easy for anyone to enter the world of robocalling or other scams. While much of the underground phone industry has been focused on providing secure communications to criminals -- companies like Phantom Secure, Encrochat, and Sky for example -- Russiancoms and similar companies appear to cater to a different use case: enabling people to make calls that fraudulently appear to come from someone else. A common tool in the underground is also so-called Russian SIMs, which can spoof numbers in some cases. Russiancoms' phones, however, are more fully featured.Read more of this story at Slashdot.

The U.S. Federal Bureau of Investigation (FBI) has struggled to stop a hyper-aggressive cybercrime gang that's been tormenting corporate America over the last two years, according to nine cybersecurity responders, digital crime experts and victims. Reuters: For more than six months, the FBI has known the identities of at least a dozen members tied to the hacking group responsible for the devastating September break-ins at casino operators MGM Resorts International and Caesars Entertainment, according to four people familiar with the investigation. Industry executives have told Reuters they were baffled by an apparent lack of arrests despite many of the hackers being based in America. "I would love for somebody to explain it to me," said Michael Sentonas, president of CrowdStrike, one of the firms leading the response effort to the hacks. "For such a small group, they are absolutely causing havoc," Sentonas told Reuters in an interview last month. Sentonas said the hackers were "known" but didn't provide specifics. He did say, "I think there is a failure here." Asked who was responsible for the failure, Sentonas said, "law enforcement." [...] Dubbed by some security professionals as "Scattered Spider," the hacking group has been active since 2021 but it grabbed headlines following a series of intrusions at several high profile American companies.Read more of this story at Slashdot.

AI could be used to predict if a person is at risk of having a heart attack up to 10 years in the future, a study has found. From a report: The technology could save thousands of lives while improving treatment for almost half of patients, researchers at the University of Oxford said. The study, funded by the British Heart Foundation (BHF), looked at how AI might improve the accuracy of cardiac CT scans, which are used to detect blockages or narrowing in the arteries. Prof Charalambos Antoniades, chair of cardiovascular medicine at the BHF and director of the acute multidisciplinary imaging and interventional centre at Oxford, said: "Our study found that some patients presenting in hospital with chest pain -- who are often reassured and sent back home -- are at high risk of having a heart attack in the next decade, even in the absence of any sign of disease in their heart arteries. Here we demonstrated that providing an accurate picture of risk to clinicians can alter, and potentially improve, the course of treatment for many heart patients." About 350,000 people in the UK have a CT scan each year but, according to the BHF, many patients later die of heart attacks due to their failure in picking up small, undetectable narrowings. Researchers analysed the data of more than 40,000 patients undergoing routine cardiac CT scans at eight UK hospitals, with a median follow-up time of 2.7 years. The AI tool was tested on a further 3,393 patients over almost eight years and was able to accurately predict the risk of a heart attack. AI-generated risk scores were then presented to medics for 744 patients, with 45% having their treatment plans altered by medics as a result.Read more of this story at Slashdot.

An anonymous reader writes: Two men who allegedly used 65 Google accounts to bombard Google with fraudulent DMCA takedown notices targeting up to 620,000 URLs, have been named in a Google lawsuit filed in California on Monday. Google says the men weaponized copyright law's notice-and-takedown system to sabotage competitors' trade, while damaging the search engine's business and those of its customers.Read more of this story at Slashdot.

A person linked to a scam that tricked an elderly victim into transferring more than $100,000 formally requested the FBI give back his seized cryptocurrency, claiming in a petition to the agency that he is a part-time crypto investor and not doing anything illegal, according to a recently filed court record. From a report: 404 Media also reached the person by email and they largely repeated the same story. The request is an unusual sight, and, to be frank, probably not going to work. In the court record, authorities allege that the frozen funds are linked to a scam of a victim in the U.S. The document says authorities seized just under 18,500 Tether, valued at around $18,500, in July with a federal search warrant. "Hello Sir/Ma'am, My name is Vishal Gautam," the request starts. "The funds which you have on hold that is a very big amount of money for me and my family, I request you to please release it from your custody. Thank You & Regards." The message says that Gautam lives in India and as well as investing in cryptocurrency, he is a "full-time Health Insurance" worker. "In the month of July 2023 suddenly my crypto from Binance got disappeared, I don't know how it happened but then I got to know that the FBI has put hold on my assets," the message continues. "I am not into something illegal and never will be, I will not do any such thing that can harm your country or your people in any manner." U.S. authorities, meanwhile, allege that the seized cash is connected to a fraud scheme that targeted a senior citizen in Knoxville, Iowa. In February, this victim opened an email on her iPad that claimed it had been compromised, and that she needed to contact the sender for assistance, according to the court record.Read more of this story at Slashdot.

US inflation fell to 3.2 per cent in October, lower than economists had expected and the first decline for four months. From a report: Consumer prices rose 3.2 per cent year on year in October, down from an annual rate of 3.7 per cent in September. The annual rise was slightly less than economists had forecast, and prices were flat month on month. The central bank held its benchmark interest rate steady at a 22-year high earlier this month, and investors have become increasingly confident that rates have peaked. Futures markets on Monday afternoon were pricing in a 13 per cent chance of a further rate rise at the Fed's next rate-setting meeting in mid-December. Core inflation -- which strips out volatile food and energy prices -- was also slightly weaker than economists had predicted, dipping from 4.1 per cent to 4.0 per cent on a year on year basis. Core inflation rose by 0.2 per cent month on month. Fed chair Jay Powell stressed last week that policymakers would not be "misled by a few good months of data," and that the central bank could tighten monetary policy further if necessary, although officials have shown little intention of immediately raising rates beyond the current range of 5.25-5.5 per cent. Stronger-than-expected gross domestic product growth has fanned fears that the slowdown in inflation could stall, but Powell said last week that he and his colleagues expected the pace of economic expansion to slow. Instead of another rate rise, the Fed is increasingly expected to push back the timing of rate cuts deeper into 2024 if consumer prices remain stubbornly high.Read more of this story at Slashdot.

An anonymous reader writes: Joby Aviation and Volocopter gave the public a vivid glimpse of what the future of aviation might look like this weekend, with both companies performing brief demonstration flights of their electric aircraft in New York City. The demonstration flights were conducted during a press conference on Sunday, during which New York City Mayor Eric Adams announced that the city would electrify two of the three heliports located in Manhattan -- Downtown Manhattan Heliport and East 34th Street. (The third heliport is privately owned.) Beta Technologies, which is also developing an electric aircraft, showed off its interoperable aircraft charging technology at the event. You can watch a demo of the Joby Aviation flight here. Additional assets are available via Joby's press release.Read more of this story at Slashdot.

Press2ToContinue writes: "An undergraduate student used an Nvidia GeForce GTX 1070 and AI to decipher a word in one of the Herculaneum scrolls to win a $40,000 prize (via Nvidia)," reports Tom's Hardware. "Herculaneum was covered in ash by the eruption of Mount Vesuvius, and the over 1,800 Herculaneum scrolls are one of the site's most famous artifacts." The scrolls have been notoriously hard to decipher because they cannot be unwrapped because they're basically like a stick of charcoal. Instead they must be virtually unwrapped, using a 3D scan dataset of it in its wrapped state. So, the task is to find the tiny bits of ink, assemble them into letters, and try to decipher what they say. Machine learning is now becoming the key that picks the lock. A student deciphered one of the words using a GTX 1070, which doesn't even have any tensor cores. Imagine what he could do with a RTX 4090!Read more of this story at Slashdot.

Japan plans to establish a new 1 trillion yen ($6.6 billion) fund to develop the country's outer space industry. "We believe it is a necessary fund to speed up our country's space development so we don't lag behind the increasingly intensifying international competition," Sanae Takaichi, minister in charge of space development, said in a news conference last week. The Japan Times reports: The fund will be allocated over a 10-year period for the Japan Aerospace Exploration Agency (JAXA), an Education, Culture, Sports, Science and Technology Ministry spokesperson said. Some 300 billion yen has been set aside for the fund in the latest supplementary budget approved by the Cabinet on Friday. The funding, which will support JAXA and the development of Japan's space industry, was a response to increased public and private sector focus on space activities. Back in June, Tokyo unveiled a Space Basic Plan, detailing budgetary support for innovation in the private sector as an area of business growth. At the same time, it also unveiled a Space Security Initiative, which labeled space "a major arena for geopolitical competition for national power over diplomacy, defense, economic, and intelligence, as well as the science and technology and innovation that support these national powers."Read more of this story at Slashdot.

An anonymous reader quotes a report from the Washington Post: For decades, scientists have tried to figure out ways to reverse climate change by pulling carbon dioxide out of the atmosphere and storing it underground. They've tried using trees, giant machines that suck CO2 out of the sky, complicated ocean methods that involve growing and burying huge quantities of kelp. Companies, researchers and the U.S. government have spent billions of dollars on the research and development of these approaches and yet they remain too expensive to make a substantial dent in carbon emissions. Now, a start-up says it has discovered a deceptively simple way to take CO2 from the atmosphere and store it for thousands of years. It involves making bricks out of smushed pieces of plants. And it could be a game changer for the growing industry working to pull carbon from the air. Graphyte, a new company incubated by Bill Gates's investment group Breakthrough Energy Ventures, announced Monday that it has created a method for turning bits of wood chips and rice hulls into low-cost, dehydrated chunks of plant matter. Those blocks of carbon-laden plant matter -- which look a bit like shoe-box sized Lego blocks -- can then be buried deep underground for hundreds of years. The approach, the company claims, could store a ton of CO2 for around $100 a ton, a number long considered a milestone for affordably removing carbon dioxide from the air. [...] Graphyte's approach uses the power of plants and trees to photosynthesize and pull carbon dioxide from the air. While trees and plants are excellent at carbon capture, they don't store that carbon for very long -- when a plant burns or decays, its stored carbon comes spilling back out into the air and soil. Graphyte plans to avoid that decomposition by taking plant waste from timber harvesters and farmers and drying it thoroughly, removing all the microbes that could cause it to decompose and release greenhouse gases. Then, in a process that they call "carbon casting," it will compress the waste and wrap it into Lego-like bricks, for easier storage about 10 feet underground. The company says that with the right monitoring systems, the blocks can stay there for a thousand years. [...] Graphyte is planning to build its first project in Pine Bluff, Ark., and the company hopes to sequester its first carbon for a customer in 2024. It remains to be seen whether Graphyte will be able to scale up its operation to removing millions of tons of CO2 from the atmosphere. The company will need to secure many sources of plant waste and build many small processing centers around the country to be successful. "The simplicity of the Graphyte approach is so exciting," said Daniel Sanchez, who runs the Carbon Removal Lab at the University of California at Berkeley, and serves as a science adviser for Graphyte. "You don't need very expensive equipment or processes. And it locks up a lot of the carbon in the wood -- nearly all of it." "People that are academics probably thought about this before and were like, 'That's way too simple,'" Sanchez said, laughing. "'No one's ever going to do that.'"Read more of this story at Slashdot.

Rick Lane reports via PC Gamer: KeeperFX has been in the process of rescuing Dungeon Keeper for a decade and a half. The project originally started in 2008, and experienced something of a bumpy road up until 2016. Since then, though, it has gradually added support for Windows 7, 10, and 11, support for hi-res and 4k screens, modernized controls, and even additional campaigns. With this latest version, KeeperFX's developers say "all original Dungeon Keeper code has been rewritten, establishing KeeperFX as a true open-source standalone game." 1.0 also introduces some new features, such as higher framerates, AI that is better at digging and less likely to "instantly" throw its entire army at you, and "higher quality landview speeches" for the additional campaigns. That refers to the introductions and epilogues to missions which, in the game's original campaign, were voiced by Richard Ridings, aka Daddy Pig. Perhaps most intriguing of all, KeeperFX's 1.0 adds a couple of new units to play with. First up is the Druid, a sort-of color-flipped version of the Warlock who uses ice spells rather than fire. The other unit is the excitingly named Time Mage, a recolor of the Wizard who can cast teleport and speed spells, and also turn enemy units into chickens (presumably through rapid devolution). You won't find these units in the original campaign, but you will encounter them in the custom campaigns bundled with the 1.0 version. You can download KeeperFX here, although it still requires you to own Dungeon Keeper "for copyright reasons."Read more of this story at Slashdot.

According to the Korea Herald, Apple is expected to begin production of OLED displays for its next-gen iPad Pro in February 2024. MacRumors reports: Sources familiar with the matter speaking to the Korea Herald claim that LG Display is set to initiate OLED production for the new iPad Pro as early as February next year at their facility in Paju, Gyeonggi Province -- a time frame around three months sooner than previously expected. The displays are expected to be three times the price of those used in iPhones, which could translate to higher prices for customers. [...] Apple is reportedly seeking around 10 million OLED panels for the iPad in 2024. LG is expected to supply around 60% of the OLED panels, with the remaining portion supplied by Samsung, which is expected to focus on the 11-inch model only. Production of the panels for the next-generation iPad Pro is expected to help LG Displays' financial recovery next year. LG and Samsung are said to be currently finalizing price negotiations with Apple.Read more of this story at Slashdot.

According to Reuters, banks on the payment app Zelle have begun refunding victims of imposter scams to address consumer protection concerns raised by U.S. lawmakers and the federal consumer watchdog. From the report: The 2,100 financial firms on Zelle, a peer-to-peer network owned by seven banks including JPMorgan Chase and Bank of America, began reversing transfers as of June 30 for customers duped into sending money to scammers claiming to be from a government agency, bank or existing service provider, said Early Warning Services (EWS), the banks' company that owns Zelle. That's "well above existing legal and regulatory requirements," Ben Chance, chief fraud risk officer at EWS, told Reuters. Federal rules require banks to reimburse customers for payments made without their authorization, such as by hackers, but not when customers themselves make the transfer. While Zelle disclosed Aug. 30 that it had introduced a new reimbursement benefit for "specific scam types," it has not previously provided details on its new imposter scam refund policy due to worries doing so might encourage criminals to make false scam claims, a spokesperson said. The new policy marks a major shift from last year when bankers, including JPMorgan CEO Jamie Dimon, told lawmakers worried about rising scams that it was unreasonable to require banks to refund transfers that customers were tricked into approving.Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Michigan-based McLaren Health Care has confirmed that the sensitive personal and health information of 2.2 million patients was compromised during a cyberattack earlier this year. A ransomware gang later took credit for the cyberattack. In a new data breach notice filed with Maine's attorney general, McLaren said hackers were in its systems for three weeks during July 28 through August 23 before the healthcare company noticed a week later on August 31. McLaren said the hackers accessed patient names, their date of birth and Social Security number, and a wealth of medical information, including billing, claims and diagnosis information, prescription and medication details, and information relating to diagnostic results and treatments. Medicare and Medicaid patient information was also taken. McLaren is a healthcare provider with 13 hospitals across Michigan and about 28,000 total employees. McLaren, whose website touts its cost efficiency measures, made over $6 billion in revenue in 2022. News of the incident broke in October when the Alphv ransomware gang (also known as BlackCat) claimed responsibility for the cyberattack, claiming it took millions of patients' personal information. Days after the cyberattack was disclosed, Michigan attorney general Dana Nessel warned state residents that the breach "could affect large numbers of patients." TechCrunch has seen several screenshots posted by the ransomware gang on its dark web leak site showing access to the company's password manager, internal financial statements, some employee information, and spreadsheets of patient-related personal and health information, including names, addresses, phone numbers, Social Security numbers, and diagnostic information. Alphv/BlackCat claimed in its post that the gang had been in contact with a McLaren representative, without providing evidence of the claim.Read more of this story at Slashdot.

Anton Shilov reports via Tom's Hardware: A new report from a data recovery company now points the finger at design and manufacturing flaws as the underlying issue with the recent flood of SanDisk Extreme Pro failures that eventually spurred a class action lawsuit. It became clear in May that some of Western Digital's SanDisk Extreme Pro 4TB SSDs suffered from sudden data loss; at this point, the company promised a firmware update to owners of the 4TB models. However, the 2TB and 3TB models also suffer from the same issue, and Western Digital did not promise any firmware updates for these drives. Markus Hafele, Managing Director of Attingo, a data recovery company, told FutureZone that the problem lies in hardware, not firmware, which could explain the lack of corrective firmware updates for those models and SanDisk's continued silence about the source of the issues. Attingo, which has been in the data recovery business for over 25 years, normally sees these failed SanDisk Extreme Pro SSDs at least once a week. The problem appears to be rather complex. According to HAfele, the components used in these SSDs are too big for the circuit board, causing weak connections (i.e., high impendence and high temperatures) and making them prone to breaking. He also says that the soldering material used to attach these components is prone to forming bubbles and breaking easily. It remains unknown whether the cause is cheap solder, the componentry, or both contribute to the issues observed. However, newer revisions of these SanDisk Extreme Pro SSDs seem to have been modified with extra epoxy resin to secure the oversized components. This suggests that Western Digital might know about the hardware problems. Nevertheless, these newer models are still failing, thus sending data recovery service customers to firms like Attingo. According to the head of Attingo, the issue seems to be affecting multiple product lineups, including both SanDisk Extreme Portable SSD as well as the SanDisk Extreme Pro Portable SSD.Read more of this story at Slashdot.

Jay Peters reports via The Verge: Amazon is cutting "just over" 180 jobs in its games division and making some changes to its games initiatives, according to a memo sent to employees by VP of Amazon Games Christoph Hartmann. The changes include shutting down its Crown channel that streams on Twitch, closing its Game Growth effort that helps game makers market their products, and "refocusing" the work it does with its free games offered through Prime Gaming. "We are proud of the work the teams have been doing, pushing into new areas with weekly content on Crown Channel, and finding more ways to help publishers reach new audiences with Game Growth," Hartmann wrote. "But after further evaluation of our businesses, it became clear that we need focus our resources and efforts to deliver great games to players now and in the future." Reuters reported on the memo earlier on Monday, and you can read the full email, which Amazon shared with The Verge, at the end of this story. As for Prime Gaming's free games, which you can access if you are an Amazon Prime subscriber, "we've listened to our customers and we know delivering free games every month is what they want most, so we are refining our Prime benefit to increase our focus there," Hartmann wrote. Amazon spokesperson Brittney Hefner declined to share more specifics about what's changing.Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media: Civitai, an online marketplace for sharing AI models that enables the creation of nonconsensual sexual images of real people, has introduced a new feature that allows users to post "bounties." These bounties allow users to ask the Civitai community to create AI models that generate images of specific styles, compositions, or specific real people, and reward the best AI model that does so with a virtual currency users can buy with real money. As is common on the site, many of the bounties posted to Civitai since the feature was launched are focused on recreating the likeness of celebrities and social media influencers, almost exclusively women. But 404 Media has seen at least one bounty for a private person who has no significant public online presence. "I am very afraid of what this can become, for years I have been facing problems with the misuse of my image and this has certainly never crossed my mind," Michele Alves, an Instagram influencer who has a bounty on Civitai, told 404 Media. "I don't know what measures I could take, since the internet seems like a place out of control. The only thing I think about is how it could affect me mentally because this is beyond hurtful." The news shows how increasingly easy to use text-to-image AI tools, the ability to easily create AI models of specific people, and a platform that monetizes the production of nonconsensual sexual images is making it possible to generate nonconsensual images of anyone, not just celebrities. The bounty of a real person that 404 Media saw on Civitai did not include a name, and included a handful of images that were taken from her social media accounts. 404 Media was able to find this person's online accounts and confirm they were not a celebrity or social media influencer, but just a regular person with personal social media accounts with few followers. The person who posted the bounty claimed that the woman he wanted an AI model of was his wife, though her Facebook account said she was single. Other Civitai users also weren't buying that explanation. Despite suspicions from these users, someone did complete the bounty and created an AI model of the woman that now any Civiai user can download. Several non-sexual AI generated images of her have been posted to the site.Read more of this story at Slashdot.

Google pays Apple 36% of the revenue it earns from search advertising made through the Safari browser, the main economics expert for the Alphabet unit said Monday. From a report: Kevin Murphy, a University of Chicago professor, disclosed the number during his testimony in Google's defense at the Justice Department's antitrust trial in Washington. John Schmidtlein, Google's main litigator, visibly cringed when Murphy said the number, which was supposed to remain confidential. Both Google and Apple had objected to revealing details publicly about their agreement. In a court filing last week, Google argued that revealing additional information about the deal "would unreasonably undermine Google's competitive standing in relation to both competitors and other counterparties."Read more of this story at Slashdot.

ExxonMobil is venturing into lithium production, targeting a significant market share by initiating its first operation in southern Arkansas. With lithium's rising demand in the tech and electric vehicle sectors, ExxonMobil aims to begin production by 2027. By 2030, the company anticipates producing enough lithium to power over 1 million electric vehicles annually. From a report: Earlier this year, ExxonMobil purchased 120,000 acres of lithium-rich land spanning a geologic formation -- called the Smackover Formation -- in Arkansas. To access the lithium, the company will first drill 10,000 feet below the surface using gas and oil machinery. From there, it will then use direct lithium extraction (DLE) to separate the lithium from the saltwater it's mixed with. Once that's done, ExxonMobil will inject the saltwater back into the ground. ExxonMobil says the DLE process "produces fewer carbon emissions than hard rock mining and requires significantly less land." The company will produce the battery-grade lithium on-site, which it will call Mobil Lithium. This technically isn't the first time ExxonMobil is getting involved in the battery business, as the company manufactured the first lithium-ion battery in the 1970s.Read more of this story at Slashdot.

New York regulators Monday plan to issue cybersecurity regulations for hospitals, after a series of attacks crippled operations at medical facilities. From a report: Under draft rules reviewed by The Wall Street Journal, New York will require general hospitals to develop and test incident response plans, assess their cybersecurity risks and install security technologies such as multifactor authentication. Hospitals must also develop secure software design practices for in-house applications, and processes for testing the security of software from vendors. Hacking "is a threat to every hospital, and my firm belief is if we protect the hospital, we're protecting the patients," said James McDonald, health commissioner for New York state. Healthcare facilities are popular targets for cybercriminals, particularly ransomware operators hoping for quick ransom payments from administrators worried about risks to patients if technology goes down. Hospitals also hold large amounts of sensitive personal information on their staff and patients, including health and financial data. In August, the largest healthcare accreditation body in the U.S. issued cybersecurity guidelines calling for hospitals to prepare for cyberattacks that could take down critical systems for a month or longer -- measures that will require significant investment. Hospitals need to put in place tools and processes that anticipate technology critical for life and safety could be down, and find alternative ways to work without those systems, the nonprofit Joint Commission said.Read more of this story at Slashdot.

Government delegations will gather in Nairobi, Kenya, to hammer out details of what could be the first global treaty to tackle the plastic pollution crisis. From a report: A key focus for the discussions on Monday will be whether targets to restrict plastic production should be decided unilaterally or whether states should choose their own targets; this is, say environmentalists, the "centre of gravity" for the treaty's ambition. At the last round of negotiations in Paris in May run by the international negotiating committee (INC) the US, Saudi Arabia, India and China favoured a "Paris-style" agreement where states would have the freedom to determine their own commitments, while others, including Africa and many developing countries, preferred strong global commitments. But there are signs, some observers say, of a shift in the US's position on this key issue, though details have yet to emerge. "The main takeaway for many environmental groups, after INC2 [the negotiations in Paris], was how bad the US position was, in terms of Paris-style voluntary commitments," said Graham Forbes, the global plastics campaign lead for Greenpeace USA. He said there had been signals of a shift. "We are going to be watching very closely to see how that plays out. We need to be speaking about rules and putting in place regulations." Last month, a "zero draft" version of the text published by the INC as the basis of negotiations over what the head of the United Nations Environment Programme has described as the most important multilateral treaty since the Paris accord in 2015. The goal is to have a formal treaty in place by the end of 2024. This third round of talks, in Kenya from 13-17 November, will mark the halfway point.Read more of this story at Slashdot.

The Biden administration on Monday told US agencies to work toward giving up use of some telecommunications airwaves in order to make room for commercial providers facing surging demand for fast 5G services. From a report: The plan, called the National Spectrum Strategy, called for "detailed studies" to be concluded within two years. The document provides for "more transparent, more coordinated" efforts at airwaves management, Lael Brainard, director of the National Economic Council, said. "We have to make better use of the airwaves we have," said Alan Davidson, an assistant secretary of commerce who will help lead further steps to fulfill the strategy. Commercial providers have long sought more access to airwaves occupied by US agencies, saying that government uses at times aren't efficient and they should share space with new commercial technologies. Spectrum refers to the array of airwaves that carry everything from voice calls to satellite transmissions to signals for industrial machinery.Read more of this story at Slashdot.

OpenAI plans to secure further financial backing from its biggest investor Microsoft as the ChatGPT maker's chief executive Sam Altman pushes ahead with his vision to create artificial general intelligence (AGI) -- computer software as intelligent as humans. From a report: In an interview with the Financial Times, Altman said his company's partnership with Microsoft's chief executive Satya Nadella was "working really well" and that he expected "to raise a lot more over time" from the tech giant among other investors, to keep up with the punishing costs of building more sophisticated AI models. Microsoft earlier this year invested $10bn in OpenAI as part of a "multiyear" agreement that valued the San Francisco-based company at $29bn, according to people familiar with the talks. Asked if Microsoft would keep investing further, Altman said: "I'd hope so." He added: "There's a long way to go, and a lot of compute to build out between here and AGI... training expenses are just huge." Altman said "revenue growth had been good this year," without providing financial details, and that the company remained unprofitable due to training costs. But he said the Microsoft partnership would ensure "that we both make money on each other's success, and everybody is happy."Read more of this story at Slashdot.

Rovers and orbiters will continue collecting limited data during a two-week communications pause due to the position of Earth, the Sun, and the Red Planet. From a report: NASA will hold off sending commands to its Mars fleet for two weeks, from Nov. 11 to 25, while Earth and the Red Planet are on opposite sides of the Sun. Called Mars solar conjunction, this phenomenon happens every two years. The missions pause because hot, ionized gas expelled from the Sun's corona could potentially corrupt radio signals sent from Earth to NASA's Mars spacecraft, leading to unexpected behaviors. That's not to say those robotic explorers are on holiday. NASA's Perseverance and Curiosity rovers will monitor changes in surface conditions, weather, and radiation as they stay parked. Although momentarily grounded, the Ingenuity Mars Helicopter will use its color camera to study the movement of sand, which poses an ever-present challenge to Mars missions. The Mars Reconnaissance Orbiter and the Odyssey orbiter will continue imaging the surface. And MAVEN will continue collecting data on interactions between the atmosphere and the Sun.Read more of this story at Slashdot.

The Nepal government has decided to impose a ban on TikTok. From a report on the local newspaper Kathmandu Post: A Cabinet meeting on Monday took the decision to ban the Chinese-owned app, citing its negative effects on social harmony. However, when the decision will be brought into force is yet to be ascertained. Although freedom of expression is a basic right, a large section of society has criticised TikTok for encouraging a tendency of hate speech, the government said. In the past four years, 1,647 cases of cyber crime have been reported on the video sharing app. The Cyber Bureau of the Nepal Police, Ministry of Home Affairs, and representatives of TikTok discussed the issue earlier last week. Monday's decision is expected to be enforced following the completion of technical preparations. The latest decision has come within days after the government introduced the 'Directives on the Operation of Social Networking 2023.' As per the new rule, social media platforms operating in Nepal required to set up their offices in the country.Read more of this story at Slashdot.

Australian telecoms provider Optus said on Monday that a massive outage which effectively cut off 40% of the country's population and triggered a political firestorm was caused by "changes to routing information" after a "routine software upgrade." From a report: More than 10 million Australians were hit by the 12-hour network blackout at the Singapore Telecommunications-owned telco on Nov. 8, triggering fury and frustration among customers and raising wider concerns about the telecommunications infrastructure. Optus said in a statement that an initial investigation found the company's network was affected by "changes to routing information from an international peering network" early that morning, "following a routine software upgrade." It added: "These routing information changes propagated through multiple layers in our network and exceeded preset safety levels on key routers which could not handle these. This resulted in those routers disconnecting from the Optus IP Core network to protect themselves." The project to reconnect the routers was so large that "in some cases (it) required Optus to reconnect or reboot routers physically, requiring the dispatch of people across a number of sites in Australia", it added.Read more of this story at Slashdot.

For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. ArsTechnica: Underscoring the importance of their discovery, the researchers used their findings to calculate the private portion of almost 200 unique SSH keys they observed in public Internet scans taken over the past seven years. The researchers suspect keys used in IPsec connections could suffer the same fate. SSH is the cryptographic protocol used in secure shell connections that allows computers to remotely access servers, usually in security-sensitive enterprise environments. IPsec is a protocol used by virtual private networks that route traffic through an encrypted tunnel. The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host. While the percentage is infinitesimally small, the finding is nonetheless surprising for several reasons -- most notably because most SSH software in use has deployed a countermeasure for decades that checks for signature faults before sending a signature over the Internet. Another reason for the surprise is that until now, researchers believed that signature faults exposed only RSA keys used in the TLS -- or Transport Layer Security -- protocol encrypting Web and email connections. They believed SSH traffic was immune from such attacks because passive attackers -- meaning adversaries simply observing traffic as it goes by -- couldn't see some of the necessary information when the errors happened.Read more of this story at Slashdot.

Press2ToContinue writes: Starting next year, Meta will play the role of a strict schoolteacher for political ads, making them fess up if they've used AI to tweak images or sounds. This new 'honesty policy' will kick in worldwide on Facebook and Instagram, aiming to prevent voters from being duped by digitally doctored candidates or made-up events. Meanwhile, Microsoft is jumping on the integrity bandwagon, rolling out anti-tampering tech and a support squad to shield elections from AI mischief.Read more of this story at Slashdot.

Nvidia, the world's most valuable chipmaker, is updating its H100 artificial intelligence processor, adding more capabilities to a product that has fueled its dominance in the AI computing market. From a report: The new model, called the H200, will get the ability to use high-bandwidth memory, or HBM3e, allowing it to better cope with the large data sets needed for developing and implementing AI, Nvidia said Monday. Amazon's AWS, Alphabet's Google Cloud and Oracle's Cloud Infrastructure have all committed to using the new chip starting next year. The current version of the Nvidia processor -- known as an AI accelerator -- is already in famously high demand. It's a prized commodity among technology heavyweights like Larry Ellison and Elon Musk, who boast about their ability to get their hands on the chip. But the product is facing more competition: AMD is bringing its rival MI300 chip to market in the fourth quarter, and Intel claims that its Gaudi 2 model is faster than the H100. With the new product, Nvidia is trying to keep up with the size of data sets used to create AI models and services, it said. Adding the enhanced memory capability will make the H200 much faster at bombarding software with data -- a process that trains AI to perform tasks such as recognizing images and speech.Read more of this story at Slashdot.

Google is suing scammers who are trying to use the hype around generative AI to trick people into downloading malware, the company has announced. From a report: In a lawsuit filed today in California, the company says individuals believed to be based in Vietnam are setting up social media pages and running ads encouraging users to "download" its generative AI service Bard. The download actually delivers malware to the victims, which steals social media credentials for the scammers to use. "Defendants are three individuals whose identities are unknown who claim to provide, among other things, 'the latest version' of Google Bard for download," the lawsuit reads. "Defendants are not affiliated with Google in any way, though they pretend to be. They have used Google trademarks, including Google, Google AI, and Bard to lure unsuspecting victims into downloading malware onto their computers." The lawsuit notes that scammers have specifically used promoted Facebook posts in an attempt to distribute malware. Similar to crypto scams, the lawsuit highlights how interest in an emerging technology can be weaponized against people who may not fully understanding how it operates.Read more of this story at Slashdot.

Netflix's annual virtual event "Geeked Week" pre-announces its biggest upcoming shows. This year Netflix released a trailer for its upcoming adaptation of The Three-Body Problem, and for its new live-action Avatar: The Last Airbender series. (And there's also going to be some kind of live-action Stranger Things stage show opening in London in December.) Variety noted the "explosive" new trailer for Zach Snyder's new "action-packed space opera" Rebel Moon. The film - which will also have a one-week theatrical run in December - takes place in the same universe as Snyder's Army of the Dead. But instead of being set in Las Vegas, "The story centers on a young woman living on the outskirts of a galaxy who must find a group of warriors to save the galaxy from an invasion from a tyrant." The Verge pulled together a good rundown of all the other announcements - one of which involves Neil Gaiman:Following last year's The Sandman, Netflix is bringing even more beloved Neil Gaiman characters to the small screen. This time it's Dead Boy Detectives - which was originally slated to stream on Max - based on a crime-solving duo who made their debut in a Sandman comic in the '90s. The news was paired with the first trailer for the series, which shows off a pretty fun-looking supernatural whodunit... Netflix says the new eight-episode series is part of its growing "Sandman universe"... with Gaiman serving as one of the executive producers. [Coming sometime in 2024] They're also launching several animated series. Netflix released a short teaser for Terminator: the Anime Series.An animated new take on Ultraman.An animated He-Man reboot, Masters of the Universe: Revolution (with Mark Hamill providing the voice of Skeletor).An adult animated comedy series based on the card game Exploding Kittens. (The Verge writes that its trailer "features god in the body of a cat and a very confounding garage door" - and that there will also be an accompanying mobile game.)Netflix also has a new Chicken Run movie coming in December with its own tie-in game called Eggstraction.Read more of this story at Slashdot.

There's already a powerful immunotherapy that "involves engineering a patient's T cells so they recognize and attack cancer cells," writes one of America's top cancer hospitals. The Memorial Sloan Kettering Cancer Center notes that CAR T cell therapy has already begun to revolutionize cancer treatment," with these "chimeric" T cells "multiplied in a lab and given back to the patient to be a continual fighting force against the cancer." But now "New research from the lab of physician-scientist Michel Sadelain, MD, PhD, shows that disrupting a single gene in the CAR T cells can make them more potent and able to fight tumors longer." In a paper published in Cancer Discovery, the team demonstrated that disrupting the gene SUV39H1 causes a ripple effect: It restores the expression of multiple genes that help sustain the T cells' longevity. The researchers showed that this approach improved CAR T cell effectiveness against multiple cancers in mice... The researchers used the gene-editing tool CRISPR/Cas9 to alter SUV39H1 in human CAR T cells. They placed these modified CAR T cells into mice that had been implanted with either human leukemia cells or prostate cancer cells. For both cancers, the CAR T cells were able to sustain their function without becoming exhausted, leading to tumor elimination. By contrast, mice with unedited CAR T cells did not survive the cancer. "The edited CAR T cells can maintain their anti-cancer effects, even when we challenged them repeatedly by exposing them to new tumors over time," Dr. Zhao says. "These results suggest that SUV39H1-edited CAR T cells may reduce tumor relapse in patients." There did not appear to be serious side effects in the mice, although researchers will need to confirm the safety of this approach in humans. The biotechnology company Mnemo Therapeutics is exploring the possibility of conducting clinical trials based on this research.Read more of this story at Slashdot.

Cells have a protein receptor that will cause that cell to die - in theory. Unfortunately, "Previous efforts to target this receptor have been unsuccessful," says Jogender Tushir-Singh, an associate professor in the Department of Medical Microbiology and Immunology at the University of California, Davis. But he's now led a team of researchers at the university's Comprehensive Cancer Center that's identified a receptor-activating protein section. And more importantly, "now that we've identified this epitope, there could be a therapeutic path forward" for targeting that receptor... in tumors.The findings were published Oct. 14 in the Nature journal Cell Death & Differentiation... Death receptors do precisely what their name implies - when targeted, they trigger programmed cell death of tumor cells. They offer a potential workaround that could simultaneously kill tumor cells and pave the way for more effective immunotherapies and CAR T-cell therapy... Tushir-Singh and his colleagues knew they might be able to target cancer cells selectively if they found the right epitope. Having identified this specific epitope, he and other researchers can now design a new class of antibodies to selectively bind to and activate Fas to potentially destroy tumor cells specifically. Singh says their research "sets the stage" to develop antibodies that selectively kill tumor cells.Read more of this story at Slashdot.

Around 40% of goods entering and leaving Australia are managed by a single ports operator. But from Friday to Monday morning, they were suffering from a cyberattack that had "crippled" their facilities in Melbourne, Sydney, Brisbane and Perth, reports the BBC:The outage has not affected the supply of goods to major Australian supermarkets, the BBC understands. DP World Australia, a unit of the Dubai state-owned DP World, said its ports resumed operations at 9am local time "following successful tests of key systems overnight". It added "The company expects that approximately 5,000 containers will move out of the four Australian terminals today...." DP World said it halted internet connectivity at its ports on Friday to prevent "any ongoing unauthorised access" to its network. Going offline meant trucks had been unable to transport containers in and out of the affected sites. The resumption of service on Monday is the first step towards tackling the attack on its network. DP World said it was still in the process of investigating the disruption and guarding its systems against cyber attacks.Read more of this story at Slashdot.

MacRumors writes that the second beta of iOS 17.2 "adds a new feature that allows an iPhone 15 Pro or iPhone 15 Pro Max to record Spatial Video" - that is, in the immersive 3D format for the yet-to-be-released Apple Vision Pro (where it can be viewed in the "Photos" app):Spatial Video recording can be enabled by going to the Settings app, tapping into the Camera section, selecting Formats, and toggling on "Spatial Video for aOEApple Vision ProaOE..." Spatial Videos taken with an aOEiPhone 15 ProaOE can be viewed on the aOEiPhoneaOE as well, but the video appears to be a normal video and not a Spatial Video. Tech blogger John Gruber got to test the technology, watching the videos on a (still yet-to-be-released) Vision Pro headset. "I'm blown away once again," he wrote, calling the experience "astonishing." "Before my demo, I provided Apple with my eyeglasses prescription, and the Vision Pro headset I used had appropriate corrective lenses in place. As with my demo back in June, everything I saw through the headset looked incredibly sharp..."The Vision Pro experience is highly dependent upon foveated rendering, which Wikipedia succinctly describes as "a rendering technique which uses an eye tracker integrated with a virtual reality headset to reduce the rendering workload by greatly reducing the image quality in the peripheral vision (outside of the zone gazed by the fovea)..." It's just incredible, though, how detailed and high resolution the overall effect is... Plain old still photos look amazing. You can resize the virtual window in which you're viewing photos to as large as you can practically desire. It's not merely like having a 20-foot displaya - aa size far more akin to that of a movie theater screen than a television. It's like having a 20-foot display with retina quality resolution, and the best brightness and clarity of any display you've ever used... And then there are panoramic photos... Panoramic photos viewed using Vision Pro are breathtaking. There is no optical distortion at all, no fish-eye look. It just looks like you're standing at the place where the panoramic photo was takena - aand the wider the panoramic view at capture, the more compelling the playback experience is. It's incredible... As a basic rule, going forward, I plan to capture spatial videos of people, especially my family and dearest friends, and panoramic photos of places I visit. It's like teleportation... When you watch regular (non-spatial) videos using Vision Pro, or view regular still photography, the image appears in a crisply defined window in front of you. Spatial videos don't appear like that at all. I can't describe it any better today than I did in June: it's like watchinga - aand listening toa - aa dream, through a hazy-bordered portal opened into another world... Nothing you've ever viewed on a screen, however, can prepare you for the experience of watching these spatial videos, especially the ones you will have shot yourself, of your own family and friends. They truly are more like memories than videos... [T]he ones I shot myself were more compelling, and took my breath away... Prepare to be moved, emotionally, when you experience this.Read more of this story at Slashdot.

"In an open-air warehouse in California's Central Valley, 40-foot-tall racks hold hundreds of trays filled with a white powder that turns crusty as it absorbs carbon dioxide from the sky," reports the New York Times. "The start-up that built the facility, Heirloom Carbon Technologies, calls it the first commercial plant in the United States to use direct air capture, which involves vacuuming greenhouse gases from the atmosphere."Another plant is operating in Iceland, and some scientists say the technique could be crucial for fighting climate change. Heirloom will take the carbon dioxide it pulls from the air and have the gas sealed permanently in concrete, where it can't heat the planet. To earn revenue, the company is selling carbon removal credits to companies paying a premium to offset their own emissions. Microsoft has already signed a deal with Heirloom to remove 315,000 tons of carbon dioxide from the atmosphere. The company's first facility in Tracy, California, which opens Thursday, is fairly small. The plant can absorb a maximum of 1,000 tons of carbon dioxide per year, equal to the exhaust from about 200 cars. But Heirloom hopes to expand quickly. "We want to get to millions of tons per year," said Shashank Samala, the company's chief executive. "That means copying and pasting this basic design over and over." Heirloom's technology hinges on a simple bit of chemistry: Limestone, one of the most abundant rocks on the planet, forms when calcium oxide binds with carbon dioxide. In nature, that process takes years. Heirloom speeds it up. At the California plant, workers heat limestone to 1,650 degrees Fahrenheit in a kiln powered by renewable electricity. Carbon dioxide is released from the limestone and pumped into a storage tank. The leftover calcium oxide, which looks like flour, is then doused with water and spread onto large trays, which are carried by robots onto tower-high racks and exposed to open air. Over three days, the white powder absorbs carbon dioxide and turns into limestone again. Then it's back to the kiln and the cycle repeats. "That's the beauty of this, it's just rocks on trays," Mr. Samala, who co-founded Heirloom in 2020, said. The hard part, he added, was years of tweaking variables like particle size, tray spacing and moisture to speed up absorption... In future projects, Heirloom also plans to pump carbon dioxide into underground storage wells, burying it. The company received funding from Microsoft's Climate Innovation Fund and Bill Gates' Breakthrough Energy Ventures, according to Bloomberg, which adds that Heirloom's technology will later "be deployed at a major hub in Louisiana the government expects will remove 1 million tons of CO2 a year by the end of the decade." The New York Times notes there was also federal funding, something that's been fueling the ambitions of hundreds of carbon-capture startups. "The science is clear," says America's Energy Secretary. "Cutting back carbon emissions through renewable energy alone won't stop the damage from climate change. Direct air capture technology is a game-changing tool that gives us a shot at removing the carbon pollution that has been building in the atmosphere since the Industrial Revolution."Read more of this story at Slashdot.

Greek economist/politician Yanis Varoufakis "was briefly Greek finance minister in 2015," remembers the Conversation. Now his new book asks the question, "What killed capitalism," with the title's first word providing an answer. "Techno-feudalism."Varoufakis argues that we no longer live in a capitalist society... "Today, capitalist relations remain intact, but techno-feudalist relations have begun to overtake them," writes Varoufakis. Traditional capitalists, he proposes, have become "vassal capitalists". They are subordinate and dependent on a new breed of "lords" - the Big Tech companies - who generate enormous wealth via new digital platforms. A new form of algorithmic capital has evolved - what Varoufakis calls "cloud capital" - and it has displaced "capitalism's two pillars: markets and profits". Markets have been "replaced by digital trading platforms which look like, but are not, markets". The moment you enter amazon.com "you exit capitalism" and enter something that resembles a "feudal fief": a digital world belonging to one man and his algorithm, which determines what products you will see and what products you won't see. If you are a seller, the platform will determine how you can sell and which customers you can approach. The terms in which you interact, share information and trade are dictated by an "algo" that "works for [Jeff Bezos'] bottom line"... Access to the "digital fief" comes at the cost of exorbitant rents. Varoufakis notes that many third-party developers on the Apple store, for example, pay 30% "on all their revenues", while Amazon charges its sellers "35% of revenues". This, he argues, is like a medieval feudal lord sending round the sheriff to collect a large chunk of his serfs' produce because he owns the estate and everything within it. There is "no disinterested invisible hand of the market" here. The Big Tech platforms are exempted from free-market competition. And in the meantime, users are unknowingly training their algorithms for them - so "In this interaction, we are all high-tech 'cloud serfs'... [T]he 'cloud capital' we are generating for them all the time increases their capacity to generate yet more wealth, and thus increases their power - something we have only begun to realise."Approximately 80% of the income of traditional capitalist conglomerates go to salaries and wages, according to Varoufakis, while Big Tech's workers, in contrast, collect "less than 1% of their firms' revenues"... For Varoufakis, we are not just living through a tech revolution, but a tech-driven economic revolution. He challenges us to come to terms with just what has happened to our economies - and our societies - in the era of Big Tech and Big Finance. Thanks to Slashdot reader ZipNada for sharing the article.Read more of this story at Slashdot.

Images and information from social media (and other online sources) are being used by AI to create "create convincing and personalized scam calls, texts and emails," writes the Palm Beach Post, citing a warning from Florida's consumer watchdog agency.In an older version of the scam, a caller would greet "Grandma" or "Grandpa" before saying, "It's me - I know I sound funny because I have a cold," and then make an urgent plea for money to get out of a scrap... Using audio and video clips found online, the con artist can clone the voice of a family member to make the call more compelling... Listen for clues to a con like incorrect or mispronounced names or unfamiliar terms of endearment. The pressure to act quickly and to keep the call a secret are all timeless hallmarks of a scam, the agency notes. Detailed instructions on how to deliver funds in a form that is hard to recover - wired funds, a gift card or pay app - are also indications of a ripoff in the making. The consumer watchdog agency suggests this precaution. "Encourage family members to set their social media pages to private." Thanks to long-time Slashdot reader SonicSpike for sharing the article.Read more of this story at Slashdot.

Despite a six-episode Ms. Marvel miniseries on Disney+, audiences aren't turning out now to see the 16-year-old superhero's team-up with Captain Marvel on the big screen. The Marvels earned $47 million in its opening weekend, reports Deadline, "the lowest ever for Disney's Marvel Cinematic Universe," and $110 million worldwide, "which is also a bottom rung for the MCU and below the $140M we were forecasting."In regards to U.S. admissions, The Marvels came in per EntTelligence at 3.3M compared to other superhero bombs, The Flash's 3.9M and Eternals' 5.5M. By all accounts and by all sources, it's a disastrous result for a $200 million Marvel Studios movie... Months ago, who would have thought that Universal/Blumhouse's Five Nights at Freddys two weeks ago in a day-and-date debut on Peacock would post a higher opening at the box office ($80M) than The Marvels...? The Marvels meltdown isn't about superhero fatigue. It's about Disney's overexposure of the Marvel Cinematic Universe brand on Disney+, and those moth holes are beginning to show: Keep what's meant for the cinema in cinemas, and keep what's meant for in-homes in the home. Meaning, this whole crossover streaming-into-film master plan isn't working, nor is it really connected in a jaw-dropping way.. The Marvels - with its crossover streaming series blah-blah - looks like it was built to be seen in homes, not to get audiences off the couch.Read more of this story at Slashdot.

SysAid's system management software has "a vulnerability actively being exploited to deploy Clop ransomware," according to SiliconAngle:The warning came from Microsoft Corp.'s Threat Intelligence team, which wrote on X that it had discovered the exploitation of a zero-day vulnerability in SysAid's IT support software that's being exploited by the Lace Tempest ransomware gang. Lace Tempest first emerged earlier this year from its attacks involving the MOVEit Transfer and GoAnywhere MFT. This group has been characterized by its sophisticated attack methods, often exploiting zero-day vulnerabilities to infiltrate organizations' systems to deploy ransomware and exfiltrate sensitive data... In a blog post, SysAid said that the vulnerability, tracked as CVE-2023-47246, was first discovered on Novembers 2 and is a path traversal vulnerability leading to code execution within the SysAid on-prem software... "Given the scale and impact of the MOVEit breach, which was considered one of the largest in recent history, the potential for the SysAid vulnerability to reach similar levels of disruption is not inconceivable, though several factors would influence this outcome," Craig Jones, vice president of security operations at managed detection and response provider Ontinue Inc., told SiliconANGLE. "The MOVEit breach, exploited by the Clop ransomware group, impacted over 1,000 organizations and more than 60 million individuals," Jones explained. "Comparatively, SysAid claims more than 5,000 customers across various industries globally. The potential damage from the SysAid vulnerability would depend on factors such as how widespread the exploitation is, how quickly the patch is applied and the sensitivity of the accessed data." SysAid's blog post confirms the zero-day vulnerability, and says they've begun "proactively communicating with our on-premise customers to ensure they could implement a mitigation solution we had identified..." "We urge all customers with SysAid on-prem server installations to ensure that your SysAid systems are updated to version 23.3.36, which remediates the identified vulnerability, and conduct a comprehensive compromise assessment of your network..."The attacker uploaded a WAR archive containing a WebShell and other payloads into the webroot of the SysAid Tomcat web service [which] provided the attacker with unauthorized access and control over the affected system.Subsequently, the attacker utilized a PowerShell script, deployed through the WebShell, to execute a malware loader named user.exe on the compromised host, which was used to load the GraceWire trojan... After this initial access and the deployment of the malware, the attacker utilized a second PowerShell script to erase evidence associated with the attacker's actions from the disk and the SysAid on-prem server web logs... Given the severity of the threat posed, we strongly recommend taking immediate steps according to your incident response playbook and install any patches as they become available.Read more of this story at Slashdot.