Slashdot

Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data. BleepingComputer reports: Bing allegedly performed the act in June 2018, when he used his administrative privileges and "root" account to access the company's financial system and delete all stored data from two database servers and two application servers. This has resulted in the immediate crippling of large portions of Lianjia's operations, leaving tens of thousands of its employees without salaries for an extended period and forcing a data restoration effort that cost roughly $30,000. The indirect damages from the disruption of the firm's business, though, were far more damaging, as Lianjia operates thousands of offices, employs over 120,000 brokers, owns 51 subsidiaries, and its market value is estimated to be $6 billion.Read more of this story at Slashdot.

Russia is not planning to block Alphabet's YouTube, the minister for digital development said on Tuesday, acknowledging that such a move would likely see Russian users suffer and should therefore be avoided. From a report: Russia has blocked other foreign social media platforms, but despite months of fines and threats against YouTube for failing to delete content Moscow deems illegal and for restricting access to some Russian media, it has stopped short of delivering a killer blow to the video-hosting service.Read more of this story at Slashdot.

An anonymous reader quotes a report from ZDNet: The Software Freedom Conservancy (SFC), a non-profit organization that promotes open-source software and defends the free software General Public License (GPL), recently sued major TV vendor Vizio for abusing the GPL with its Linux-based SmartCast OS. Vizio replied that the SFC had no right to ask for the source code. On May 13, however, the SFC succeeded in federal court with its motion to have its lawsuit against Vizio remanded back to Superior Court in Orange County, CA. Doesn't sound like that big a deal? Think again. The important part of the decision by U.S. District Court Judge Josephine L. Staton stated that SFC's claim "that the [GPLv2] enforcement of 'an additional contractual promise separate and distinct from any rights provided by the copyright laws' amounts to an 'extra element,' and therefore, SFC's claims are not preempted." Karen M. Sandler, SFC's executive director, explained, "The ruling is a watershed moment in the history of copyleft licensing. This ruling shows that the GPL agreements function both as copyright licenses and as a contractual agreement." Sandler added that even in the Free and Open Source Software (FOSS) legal community people argue incorrectly that the GPL and other copyleft licenses only function as copyright licenses. This decision clearly states that the GPL also acts as a contract. Further, this decision makes it the first case to show individual consumers have rights to the source code as third-party beneficiaries of the GPL.Read more of this story at Slashdot.

A ransomware gang that infiltrated some Costa Rican government computer systems has upped its threat, saying its goal isnow to overthrow the government. From a report: Perhaps seizing on the fact that President Rodrigo Chaves had only been in office for a week, the Russian-speaking Conti gang tried to increase the pressure to pay a ransom by raising its demand to $20 million. Chaves suggested Monday in a news conference that the attack was coming from inside as well as outside Costa Rica. "We are at war and that's not an exaggeration," Chaves said. He said officials were battling a national terrorist group that had collaborators inside Costa Rica. Chaves also said the impact was broader than previously known, with 27 government institutions, including municipalities and state-run utilities, affected. He blamed his predecessor Carlos Alvarado for not investing in cybersecurity and for not more aggressively dealing with the attacks in the waning days of his government. In a message Monday, Conti warned that it was working with people inside the government.Read more of this story at Slashdot.

Microsoft blog: The steep rise in cryptocurrency market capitalization, not surprisingly, mirrors a marked increase in threats and attacks that target or leverage cryptocurrencies. But Microsoft researchers are observing an even more interesting trend: the evolution of related malware and their techniques, and the emergence of a threat type we're referring to as cryware. Cryware are information stealers that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets. Because hot wallets, unlike custodial wallets, are stored locally on a device and provide easier access to cryptographic keys needed to perform transactions, more and more threats are targeting them.Read more of this story at Slashdot.

Federal Reserve Chair Jerome H. Powell acknowledged in an interview with Marketplace on Thursday that the central bank could have moved faster to raise interest rates and cut inflation, as the central bank comes under increasing scrutiny over whether it waited too long to act on prices. From a report: "If you had perfect hindsight you'd go back, and it probably would have been better for us to have raised rates a little sooner," Powell said in an interview released Thursday with Marketplace's Kai Ryssdal. "I'm not sure how much difference it would have made, but we have to make decisions in real time, based on what we know then, and we did the best we could." Powell's comments mark a sharper sentiment of regret than his past remarks when it comes to whether the Fed should have stepped in sooner. The Fed has faced criticism, primarily from Republicans and some prominent economists, such as Lawrence H. Summers, for delaying interest rate hikes and ending stimulus-era financial supports, which work together to cool off the economy and bring inflation down. Powell, who was confirmed by the Senate for a second term as Fed chair earlier Thursday, lost a handful of votes from lawmakers who said their constituents were suffering too much from high prices on his watch. For much of the last year, the Fed stuck to its message that rising inflation would be "transitory," or temporary, and more limited to pockets of the economy hit hard by the coronavirus pandemic and related shutdowns and supply chain disruptions. At WSJ conference on Tuesday, Powell emphasized his resolve to get inflation down, saying he won't hesitate to back interest rate increases until prices start falling back toward a healthy level. "We'll go to that point. There won't be any hesitation about that," he added.Read more of this story at Slashdot.

Two senior U.S. defense intelligence officials said on Tuesday the Pentagon is committed to determining the origins of what it calls "unidentified aerial phenomena" -- commonly termed UFOs -- but acknowledged many remain beyond the government's ability to explain. From a report: The two officials, Ronald Moultrie and Scott Bray, appeared before a House of Representatives intelligence subcommittee for the first public U.S. congressional hearing on the subject in a half century. It came 11 months after a government report documented more than 140 cases of unidentified aerial phenomena, or UAPs, that U.S. military pilots had observed since 2004. Bray, deputy director of naval intelligence, said the number of UAPs officially cataloged by a newly formed Pentagon task force has grown to 400 cases. Both officials chose their words carefully in describing the task force's work, including the question of possible extraterrestrial origins, which Bray said defense and intelligence analysts had not ruled out. Bray did say that "we have no material, we have detected no emanations, within the UAP task force that would suggest it is anything non-terrestrial in origin."Read more of this story at Slashdot.

Google announced a new initiative Tuesday aimed at securing the open-source software supply chain by curating and distributing a security-vetted collection of open-source packages to Google Cloud customers. From a report: The new service, branded Assured Open Source Software, was introduced in a blog post from the company. In the post, Andy Chang, group product manager for security and privacy at Google Cloud, pointed to some of the challenges of securing open-source software and stressed Google's commitment to open source. "There has been an increasing awareness in the developer community, enterprises, and governments of software supply chain risks," Chang wrote, citing last year's major log4j vulnerability as an example. "Google continues to be one of the largest maintainers, contributors, and users of open source and is deeply involved in helping make the open source software ecosystem more secure." Per Google's announcement, the Assured Open Source Software service will extend the benefits of Google's own extensive software auditing experience to Cloud customers. All open-source packages made available through the service are also used internally by Google, the company said, and are regularly scanned and analyzed for vulnerabilities.Read more of this story at Slashdot.

Apple delayed a plan to require workers to come back to the office three days a week, citing a resurgence in Covid-19 cases, marking the latest setback in its efforts to return to normal. From a report: The company informed employees Tuesday that it's delaying the requirement, which had been slated to go into effect on May 23, according to a memo seen by Bloomberg. However, the company is still expecting workers to come to the office two days per week. The company said the requirement is being delayed for "the time being" and didn't provide a new date. Apple was set to require employees to work from the office on Mondays, Tuesdays and Thursdays beginning next week -- a policy that had been controversial among some staff. Already, employees have been coming in two days a week as part of a ramp-up effort that began in April. For now, that mandate isn't changing.Read more of this story at Slashdot.

Mental health startup Cerebral will no longer prescribe most controlled substances, The Wall Street Journal reported. From a report: The embattled company is facing investigations from the US Department of Justice and the Drug Enforcement Administration over its prescribing practices, which, until this week, included offering prescriptions for stimulants like Adderall. Company co-founder Kyle Robertson wrote in an email reviewed by The Wall Street Journal that it would stop prescribing most controlled substances to new customers on Friday and transition existing patients off of the drug or out of its care by October. Cerebral will still offer drugs that treat opioid-use disorder, like Suboxone. Robertson said in the email that the company only started prescribing controlled substances to customers in 2020 because people weren't able to get in-person care. It's stopping that program, he said, because of "the ability for patients to return to an in-person or hybrid care model for this treatment."Read more of this story at Slashdot.

The White House slammed Amazon founder Jeff Bezos on Monday after the billionaire accused President Biden of "misdirection" in his comments on inflation and corporate taxes. From a report: Biden tweeted Friday that the wealthiest corporations must "pay their fair share" to help bring down record-high inflation. Biden also recently met with Amazon labor organizers after their union victory. Bezos responded to Biden claiming inflation and corporate taxes aren't related. "Raising corp taxes is fine to discuss. Taming inflation is critical to discuss. Mushing them together is just misdirection," he tweeted. "It doesn't require a huge leap to figure out why one of the wealthiest individuals on Earth opposes an economic agenda for the middle class that cuts some of the biggest costs families face, fights inflation for the long haul, and adds to the historic deficit reduction the President is achieving by asking the richest taxpayers and corporations to pay their fair share," deputy White House press secretary Andrew Bates said in a statement per the Washington Post. "It's also unsurprising that this tweet comes after the President met with labor organizers, including Amazon employees." Bezos fired back shortly after, saying the White House is trying to "muddy the topic." "They know inflation hurts the neediest the most. But unions aren't causing inflation and neither are wealthy people. Remember the Administration tried their best to add another $3.5 TRILLION to federal spending," he tweeted. "They failed, but if they had succeeded, inflation would be even higher than it is today, and inflation today is at a 40 year high."Read more of this story at Slashdot.

Cryptocurrency exchange Coinbase has reined in a plan to triple its headcount this year in response to turbulent market conditions. From a report: Emilie Choi, Coinbase's president and chief operating officer, said in a blog post on Tuesday that the firm would be slowing hiring to "reprioritize our hiring needs against our highest-priority business goals." The note had been circulated among staff earlier. "Heading into this year, we planned to triple the size of the company. Given current market conditions, we feel it's prudent to slow hiring and reassess our headcount needs against our highest-priority business goals," she said. "Headcount growth is a key input to our financial model, and this is an important action to ensure we manage our business to the scenarios we planned for, specifically the potential adjusted Ebitda we are aiming to manage to."Read more of this story at Slashdot.

Mastercard is launching a "controversial" biometric payments programme in stores, as the card company tries to keep pace with nimble fintechs and bigger competitors such as Amazon. From a report: Retailers that sign up to its pilot scheme can allow customers to pay in-store with a gesture such as a smile or a wave. The system, which requires customers to enrol first, could also be connected to loyalty programmes and purchase history. "Payments is a wide space, and we are trying to offer what customers want," Ajay Bhalla, Mastercard's president of cyber and intelligence, told the Financial Times. He said that Mastercard could act as the "enabler of the ecosystem," setting unified privacy and security standards for a technology that has raised the hackles of privacy and data protection campaigners. "It's important that we make sure that data is handled properly and the transaction is safe," said Bhalla. "Everything is done with consumer consent." The facial recognition software itself will come from companies including Japan's NEC, Brazil's Payface and California-based PopID. The first pilots are launching this week at five supermarkets run by the St Marche chain in Brazil. The ambition is to eventually allow consumers to use a single enrolment to pay across different stores, says Bhalla, with further pilots planned across regions including Asia, the Middle East and Europe.Read more of this story at Slashdot.

An anonymous reader quotes a report from Quartz: On Feb. 2, the city of Miami cashed out its cryptocurrency MiamiCoin for the first time, depositing $5.25 million into city coffers. Miami mayor Francis Suarez hailed it as a "historic moment" and predicted the cryptocurrency could one day even replace municipal taxes as the government's primary source of funding. MiamiCoin's creator, an organization called CityCoins, has been no less enthusiastic, portraying the coin as a financial experiment that will empower citizens with a "community-driven revenue stream" while spurring new digital city services. Miami is not the only city with big cryptocurrency dreams. CityCoins announced a similar cryptocurrency for New York in November 2021, and plans to release a coin for Austin, Texas, soon. Other cities have launched their own crypto ventures: Forth Worth, Texas, for example, will soon be running bitcoin mining rigs in city hall. But only Miami's mayor has thrown his full endorsement behind a CityCoin-branded cryptocurrency so far. After promoting MiamiCoin to residents and investors since its launch in August, the city of Miami received millions of dollars through its agreement with CityCoins. Over the last nine months, however, MiamiCoin has lost nearly all of its value, falling about 95% from its September peak to just $0.0032 as of May 13. Its rapid descent has burned investors on the way down, muting the dreams of Miami's city leaders, and possibly raising red flags for regulators now investigating cryptocurrency transactions.Read more of this story at Slashdot.

Researchers have linked spending more time playing video games with a boost in intelligence in children, which goes some way to contradicting the narrative that gaming is bad for young minds. ScienceAlert reports: While the difference in cognitive abilities was a small one and isn't enough to show a causal relationship, it is enough to be notable -- and the study was careful to factor in variables including differences in genetics and the child's socio-economic background. Meanwhile, watching TV and using social media didn't seem to have a positive or negative effect on intelligence. The research should prove useful in the debate over how much screen time is suitable for young minds. The researchers looked at screen time records for 9,855 kids in the ABCD Study, all in the US and aged 9 or 10. On average, the youngsters reported spending 2.5 hours a day watching TV or online videos, 1 hour playing video games, and half an hour socializing over the internet. Researchers then accessed data for more than 5,000 of those children two years later. Over the intervening period, those in the study who reported spending more time than the norm on video games saw an increase of 2.5 IQ points above the average rise. The IQ point increase was based on the kids' performance on tasks that included reading comprehension, visual-spatial processing, and a task focused on memory, flexible thinking, and self-control. The report notes that the study "only looked at children in the US and did not differentiate between video game types (mobile versus console games)." The research has been published in the journal Scientific Reports.Read more of this story at Slashdot.

An anonymous reader quotes a report from Phys.Org: Last summer, a deadly wave of heat struck the Pacific Northwest, causing temperatures to soar more than 30 degrees Fahrenheit above normal and killing more than a thousand people. A new study has uncovered the sequence of events that precipitated the disaster, providing information that could further our understanding of heat formation on the North American continent. By reviewing large-scale weather conditions and formations before the heat wave, University of Chicago scientists discovered that a cyclone spawned an "anticyclone," which combined to produce and then trap heat near the surface of the region. [...] Using data collected from satellites and on the ground, UChicago scientists set out to re-create the sequence of events. They found that in the week prior, a cyclone had formed over the Gulf of Alaska. Cyclones are large, spiral-shaped systems that form around a center of low pressure. (Think of the spiral clouds you see during hurricanes.) When clouds form out of water vapor, the process actually releases heat, which accumulated in the atmosphere. Then, as the cyclone moved slowly away, it triggered the formation of an anticyclone to the east -- a system that rotates slowly around a center of high pressure instead of low. These are known as "blocking" systems because they disrupt the normal eastward movement of weather systems. A blocking anticyclone acts like a blanket, trapping heat in a region. The result was a warm, stagnant column of air that made it difficult for surface heat to escape to the upper atmosphere as it normally does. The study has been published in the journal Geophysical Research Letters.Read more of this story at Slashdot.

All-in summit -- a conference hosted by Chamath Palihapitiya, Jason Calacanis, David Sacks and David Friedberg, who also operate a popular weekly podcast by the same name -- interviewed Elon Musk on Monday. In the wide-ranging interview, Musk talked about Twitter's bot problem, governments, immigration, and among other things, gave more insight into the scale and ambitions of Tesla and SpaceX.Read more of this story at Slashdot.

A Los Angeles judge has ruled that California's landmark law requiring women on corporate boards is unconstitutional. CBS News reports: Superior Court Judge Maureen Duffy-Lewis said the law that would have required boards have up to three female directors by this year violated the right to equal treatment. The ruling was dated Friday. The conservative legal group Judicial Watch had challenged the law, claiming it was illegal to use taxpayer funds to enforce a law that violates the equal protection clause of the California Constitution by mandating a gender-based quota. The state defended the law as constitutional saying it was necessary to reverse a culture of discrimination that favored men and was put in place only after other measures failed. The state also said the law didn't create a quota because boards could add seats for female directors without stripping men of their positions. Although the law carried potential hefty penalties for failing to file an annual report or comply with the law, a chief in the secretary of state's office acknowledged during the trial that it was toothless. The law required publicly held companies headquartered in California to have one member who identifies as a woman on their boards of directors by the end of 2019. By January 2022, boards with five directors were required to have two women and boards with six or more members were required to have three women. The Women on Boards law, also known by its bill number, SB826, called for penalties ranging from $100,000 fines for failing to report board compositions to the California secretary of state's office to $300,000 for multiple failures to have the required number of women board members. Fewer than half the nearly 650 applicable corporations in the state reported last year that they had complied. More than half didn't file the required disclosure statement, according to the most recent report.Read more of this story at Slashdot.

According to Variety, a new series of "Black Mirror" is in the works at Netflix. From the report: It's been almost three years since Season 5 of the dystopian drama premiered on the streaming service in June 2019, but sources indicate that a new anthology series of "Black Mirror" is shaping up, and casting is now underway. While details about specific stories are being kept under lock and key, Variety understands that Season 6 will have more episodes than Season 5, which comprised of just three instalments and starred Andrew Scott, Anthony Mackie, Yahya Abdul-Mateen II, Topher Grace and Miley Cyrus. A source close to the production tells Variety that the latest season is even more cinematic in scope, with each installment being treated as an individual film. This is, of course, in line with recent seasons of "Black Mirror," for which episodes usually exceeded 60 minutes and had incredibly high production values.Read more of this story at Slashdot.

Back in April, Google delayed when G Suite legacy free-edition users had to start paying for Workspace. The company will now let you stay on a "Free Legacy Edition of G Suite for personal use" as the "no-cost" alternative in a rather notable policy change. 9to5Google reports: This "no-cost" option is for people that aren't interested in paying for Workspace but want to retain access to their data and not just export via Google Takeout. For the past few months, people have been waiting to join a waitlist for this alternative. In a change of plans, there's no longer a waiting list, and these old users can sign-up for no-cost Legacy G Suite now. Head to your account's Google Admin Console as there are many reports of it going live this afternoon. You have until June 27 to pick a transition path. Most notably, you can "continue using your custom domain with Gmail." [...] Besides the custom Gmail domain, you will "retain access to no-cost Google services" and "keep your purchases and data." [...] However, you must confirm to Google that your usage is for non-commercial personal use: "Google may remove business functionality from this offering and transition businesses to Google Workspace. Additionally, this option will not include support."Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: When you turn off an iPhone, it doesn't fully power down. Chips inside the device continue to run in a low-power mode that makes it possible to locate lost or stolen devices using the Find My feature or use credit cards and car keys after the battery dies. Now researchers have devised a way to abuse this always-on mechanism to run malware that remains active even when an iPhone appears to be powered down. It turns out that the iPhone's Bluetooth chip -- which is key to making features like Find My work -- has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany's Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone's location or run new features when the device is turned off. This video provides a high overview of some of the ways an attack can work. The findings (PDF) have limited real-world value since infections required a jailbroken iPhone, which in itself is a difficult task, particularly in an adversarial setting. Still, targeting the always-on feature in iOS could prove handy in post-exploit scenarios by malware such as Pegasus, the sophisticated smartphone exploit tool from Israel-based NSO Group, which governments worldwide routinely employ to spy on adversaries. Besides allowing malware to run while the iPhone is turned off, exploits targeting LPM could also allow malware to operate with much more stealth since LPM allows firmware to conserve battery power. And of course, firmware infections are already extremely difficult to detect since it requires significant expertise and expensive equipment.Read more of this story at Slashdot.

The recent collapse of a popular stablecoin shows that the tokens aren't ready to be used by consumers to make payments, according to a key US watchdog. From a report: "People wonder: Is it going to be one day used for consumer payments?" Rohit Chopra, director of the Consumer Financial Protection Bureau, said in a Bloomberg TV interview Monday. "Many are thinking it's not ready yet." [...] Chopra said there may be "movement" on crypto regulation this year. Regulators are studying a range of issues, including rules for stablecoins, following an executive order from President Joe Biden. "A lot of people thought that a stablecoin was just going to be as good as a dollar," Chopra said. "But they're learning that it's not."Read more of this story at Slashdot.

Tracking, marketing, and analytics firms have been exfiltrating the email addresses of internet users from web forms prior to submission and without user consent, according to security researchers. Some of these firms are said to have also inadvertently grabbed passwords from these forms. The Register reports: In a research paper scheduled to appear at the Usenix '22 security conference later this year, authors Asuman Senol (imec-COSIC, KU Leuven), Gunes Acar (Radboud University), Mathias Humbert (University of Lausanne) and Frederik Zuiderveen Borgesius, (Radboud University) describe how they measured data handling in web forms on the top 100,000 websites, as ranked by research site Tranco. The boffins created their own software to measure email and password data gathering from web forms -- structured web input boxes through which site visitors can enter data and submit it to a local or remote application. Providing information through a web form by pressing the submit button generally indicates the user has consented to provide that information for a specific purpose. But web pages, because they run JavaScript code, can be programmed to respond to events prior to a user pressing a form's submit button. And many companies involved in data gathering and advertising appear to believe that they're entitled to grab the information website visitors enter into forms with scripts before the submit button has been pressed. "Our analyses show that users' email addresses are exfiltrated to tracking, marketing and analytics domains before form submission and without giving consent on 1,844 websites in the EU crawl and 2,950 websites in the US crawl," the researchers state in their paper, noting that the addresses may be unencoded, encoded, compressed, or hashed depending on the vendor involved. Most of the email addresses grabbed were sent to known tracking domains, though the boffins say they identified 41 tracking domains that are not found on any of the popular blocklists. "Furthermore, we find incidental password collection on 52 websites by third-party session replay scripts," the researchers say.Read more of this story at Slashdot.

Apple has released iOS 15.5, macOS 12.4, and more today with updates like new features for Apple Cash, the Podcasts app, and the Studio Display webcam fix. However, a bigger reason to update your devices is the security patches with today's releases. iOS 15.5 includes almost 30 security fixes while macOS 12.4 features over 50. 9to5Mac reports: Apple shared all the details for the security fixes in its latest software for iPhone, iPad, Mac, and more on its support page. For both iOS and Mac, many of the flaws could allow malicious apps to execute arbitrary code with kernel privileges. Another for iOS says "A remote attacker may be able to cause unexpected application termination or arbitrary code execution." Specifically on Mac, one of the 50+ flaws fixed was that "Photo location information may persist after it is removed with Preview Inspector." Important security updates are also available for macOS Big Sur with 11.6.6, macOS Catalina, Xcode 13.4, and watchOS 8.6.Read more of this story at Slashdot.

An anonymous reader quotes a report originally published at Bloomberg: Microsoft plans to "nearly double" its budget for employee salaries and boost the range of stock compensation it gives some workers by at least 25%, an effort to retain staff and help people cope with inflation. The move will mainly affect "early to mid-career employees," the software giant said in a statement Monday. "As we approach our annual total rewards process, we are making a significant additional investment this year to compensate our employees globally," the Redmond-based company said. "While we have factored in the impact of inflation and rising cost of living, these changes also recognize our appreciation to our world-class talent who support our mission, culture and customers, and partners." In addition to contending with cost-of-living increases and a tight Seattle housing market, Microsoft is locked in a fierce battle for talent with companies like Amazon, Google and Facebook owner Meta Platforms, as well as startups. [...] Microsoft's salary package is composed of base salary, bonus and stock. The changes will apply to a substantial part of the company's workforce, which stood at 181,000 as of June 30, 2021. The company didn't discuss pay figures, so it's hard to tell what the new compensation levels will translate to in dollar figures. But the Glassdoor website estimates that a new graduate working as a software engineer at Microsoft makes about $163,000.Read more of this story at Slashdot.

Terraform Labs co-founder Do Kwon offered another proposal to revive its troubled Terra blockchain by getting rid of the failed TerraUSD stablecoin and revamping the project into a new network. From a report: Kwon wants to copy the blockchain's code to create a new network, called Terra, and to distribute new tokens to former Terra supporters like key app developers, those whose computers order transactions on the network, and those who still hold TerraUSD, Kwon wrote in a post on a research forum. This is Kwon's second proposal to revive the network. Many stakeholders who lost money when TerraUSD collapsed are hoping for a way out of the crisis. But many long-time crypto experts aren't hopeful. Zhao Changpeng, chief executive officer of the world's biggest crypto exchange and an early Terra investor, Binance, said in a tweet that forks -- the copying of the blockchain that Kwon is proposing -- "don't create value." The Luna Foundation Guard, the entity set up by Terraform Labs to maintain TerraUSD's peg to the dollar, used up roughly $2.9 billion in crypto reserves since May 7 trying to stabilize the token, data compiled by Bloomberg based on figures released Monday on LFG's unverified Twitter account show. The reserves stood at almost $3.2 billion before, according to the data.Read more of this story at Slashdot.

A doctor can't tell if somebody is Black, Asian, or white, just by looking at their X-rays. But a computer can, according to a surprising new paper by an international team of scientists, including researchers at the Massachusetts Institute of Technology and Harvard Medical School. From a report: The study found that an artificial intelligence program trained to read X-rays and CT scans could predict a person's race with 90 percent accuracy. But the scientists who conducted the study say they have no idea how the computer figures it out. "When my graduate students showed me some of the results that were in this paper, I actually thought it must be a mistake," said Marzyeh Ghassemi, an MIT assistant professor of electrical engineering and computer science, and coauthor of the paper, which was published Wednesday in the medical journal The Lancet Digital Health. "I honestly thought my students were crazy when they told me." At a time when AI software is increasingly used to help doctors make diagnostic decisions, the research raises the unsettling prospect that AI-based diagnostic systems could unintentionally generate racially biased results. For example, an AI (with access to X-rays) could automatically recommend a particular course of treatment for all Black patients, whether or not it's best for a specific person. Meanwhile, the patient's human physician wouldn't know that the AI based its diagnosis on racial data.Read more of this story at Slashdot.

Netflix is going live for the first time. From a report: Deadline understands that the streamer is exploring the launch of live streaming. It plans to roll out the capability, which Netflix confirmed was in the early stages of development, for its swathe of unscripted shows and stand-up specials. It would mean that Netflix would be able to use it for live voting for competition series and talent contests such as its upcoming dance competition series Dance 100 from The Circle producer Studio Lambert. Similarly, it could use it if it decides to bring back its Netflix Is A Joke festival. The live comedy event featured around 300 stand-up performances across LA including Dave Chappelle, Larry David and Pete Davidson. Many of the shows were being filmed with plans to air around 12 of them on the service. In future, it could potentially air shows live, albeit with a few seconds delay in case things get saucy.Read more of this story at Slashdot.

From carbon to uranium, oxygen to iron, chemical elements are the building blocks of the world around us and the wider universe. Now, physicists are hoping to gain an unprecedented glimpse into their origins, with the opening of a new facility that will create thousands of peculiar and unstable versions of atoms never before recorded on Earth. From a report: By studying these versions, known as isotopes, they hope to gain new insights into the reactions that created the elements within exploding stars, as well as testing theories about the "strong force" -- one of the four fundamental forces in nature, which binds protons and neutrons together in an atom's nucleus. The facility could also yield new isotopes for medical use. Atoms are composed of protons, neutrons and electrons. The number of protons dictates an atom's chemical behaviour and which element it is -- eg carbon always has six protons, and gold 79 -- whereas atoms of the same element containing different numbers of neutrons are called isotopes. Because many isotopes are unstable and decay quickly -- sometimes within fractions of a second -- scientists have only studied a small proportion of those thought to exist.Read more of this story at Slashdot.

Sony has announced the initial lineup of games for its revamped, multi-tier PlayStation Plus subscription service, and firmed up its launch dates over the next five weeks. From a report: The service will launch in Asia on May 24, Japan on June 2, North and South America on June 13, and Europe, Australia, and New Zealand on June 23. Games coming to the subscription service include Assassin's Creed: Valhalla, the Demon's Souls remake, Insomniac's Spider-Man games, and Red Dead Redemption 2. But the structure of the deal is confusing, there's nothing more recent than the director's cut editions of Ghosts of Tsushima and Death Stranding (both released in mid-2021), and the classic games offering for the service's top tier appears extremely thin at present -- even lacking any PlayStation 2 games under emulation. The number of titles from third-party developers and publishers is dwarfed by the offering from internal studios. It's important to note, however, that Sony characterized this list as "an early look at some of the games that will be included during the launch time frame." So there is room for the offering to improve in the coming weeks. The lowest-priced Essential tier remains the same as the current PlayStation Plus, offering a handful of free PS4 and PS5 games every month alongside access to multiplayer online gaming. Sony has yet to announce the Essential tier games for the service's relaunch in June.Read more of this story at Slashdot.

Uber on Monday said it launched pilot food delivery services with autonomous vehicles in two California cities, and said it was adding electric vehicle charging stations into its global driver app. From a report: The announcements are part of Uber's annual product event where the ride-hail and food delivery company showcases the latest updates to its app. Uber announced one food delivery service using autonomous cars, and a separate pilot using sidewalk robots. Both services are available to Uber Eats users in Santa Monica and West Hollywood in California, and consumers will have the ability to opt out of the programs. The autonomous car pilot is in collaboration with Motional, the self-driving joint venture of Hyundai and Aptiv, and was initially announced in December. read more It launched on Monday, Uber and Motional said. Uber said the sidewalk robots are provided by Serve Robotics, a spin-off of delivery company Postmates, which Uber acquired in 2020.Read more of this story at Slashdot.

Spotify is testing a way for artists to display their non-fungible token (NFT) collections. From a report: The music streaming platform has rolled out the test for some users on Android in the US and currently includes NFT previews for artists like Steve Aoki and The Wombats. "Spotify is running a test in which it will help a small group of artists promote their existing third-party NFT offerings via their artist profiles," a Spotify spokesperson said in a statement to Music Ally. "We routinely conduct a number of tests in an effort to improve artist and fan experiences. Some of those tests end up paving the way for a broader experience and others serve only as an important learning." More companies are trying to catch the NFT wave, but it looks like that initial surge could be petering out (at least for the time being). According to The Wall Street Journal, daily NFT sales have dipped 92 percent from 225,000 in September of last year to just 19,000 as of May 3rd. The number of active NFT wallets is also on the decline, from about 119,000 in November to 14,000 toward the end of April.Read more of this story at Slashdot.

JetBlue launched a hostile takeover of Spirit Airlines after its earlier acquisition offer was rejected. The New York-based airline said in a release that its tender offer for $30-per-share was "all-cash" and "fully financed." From a report: Earlier this month, Spirit's board of directors rejected JetBlue's $32-a-share bid to acquire the airline in favor of an existing merger agreement with Frontier, one of its ultra-low-cost competitors. The board cited antitrust issues and "an unacceptable level of closing risk" to its shareholders as its reasons for rejecting the JetBlue bid. But JetBlue is still intent on acquiring Spirit, whether it wants to go ahead with the deal or not. The airline has said that absorbing Spirit would allow it to better compete with the "Big Four" carriers by increasing the size of its fleet and roster of trained pilots.Read more of this story at Slashdot.

Binance CEO Changpeng Zhao said the crypto exchange made large paper gains on its investment in Luna but has now lost practically all of them. From a report: The exchange invested $3 million into the Terra ecosystem in 2018, receiving 15 million Luna tokens. At Luna's peak price, that investment was worth $1.6 billion, according to Zhao. Yet due to last week's collapse of Luna -- and its related stablecoin TerraUSD (UST) -- that investment has now plummeted in value to just $3,400. Or, in Zhao's words, "not much." Yet it's not all bad news. The exchange received around $10.3 million worth of UST in staking rewards (likely through Anchor, which offered up to 20% yield).Read more of this story at Slashdot.

For evidence of just how tight Shanghai's lockdown has been, consider this: not a single car was sold in the city last month. From a report: The majority of the city's 25 million residents were mostly confined to their homes or residential compounds in April as part of a sweeping lockdown to stamp out the nation's worst Covid outbreak since the virus emerged in Wuhan more than two years ago. Almost all dealerships in the city were closed during the month, the Shanghai Automobile Sales Association said in a statement Monday, when it highlighted the zero sales figure. In April last year, 26,311 vehicles were sold in the city, according to the association, which represents about 300 companies.Read more of this story at Slashdot.

Twitter's potential new owner just made this announcement to his 93.1 million followers. "Very important to fix your Twitter feed," the annoncement began:1. Tap home button.2. Tap stars on upper right of screen.3. Select "Latest tweets". You are being manipulated by the algorithm in ways you don't realize. Easy to switch back & forth to see the difference. Currently it's been pinned to the top of Elon Musk's Twitter feed. And minutes later, he added this reply to his own tweet. "This message brought to you by the Illuminaughty." Musk's motivation isn't clear — but just minutes earlier he'd tweeted a reply to own tweet from Friday that had suggested Twitter users check a sample of 100 Twitter accounts for the percentage of fake/spam/duplicate accounts. "I picked 100 as the sample size number," Musk had added as a reply Friday, "because that is what Twitter uses to calculate less than 5% fake/spam/duplicate." Musk's follow-up tweet today? "Twitter legal just called to complain that I violated their NDA by revealing the bot check sample size is 100! This actually happened." The tweets follow three more from the last 24 hours which all apparently comment wryly on Musk's planned acquisition of Twitter. "Whoever thought owning the libs would be cheap never tried to acquire a social media company!" Musk tweeted earlier this afternoon. "At least, that's what the lib hivemind thinks haha." And an earlier tweet appeared to allude to his recently-expressed interest in the number of fake/spam accounts on Twitter. Friday night, Elon Musk tweeted: "The bots are angry at being counted."Read more of this story at Slashdot.

"We do not need to plunge headlong into a nuclear future," argues Serhii Plokhy, author of the book Atoms and Ashes: From Bikini Atoll to Fukushima. He notes Belgium's adding a 10-year extension to the life of two of its nuclear reactors, France's program to build 14 new reactors, and Boris Johnson's pledge to create supply 25% of the UKs power needs with nuclear energy by 2050.On the surface, the switch to nuclear makes sense. It would not only enable European countries to meet their ambitious net zero targets, since it produces no CO2. It would also make them less vulnerable to Russian threats, and allow them to stop financing the Russian war machine.... What the Russian takeover of [Ukraine] nuclear facilities exposed is a hazard inherent in all nuclear power. In order for this method of producing electricity to be safe, everything else in society has to be functioning perfectly. Warfare, economic collapse, climate change itself — all of these increasingly real risks make nuclear sites potentially perilous places. Even without them, the dangers of atomic fission remain, and we must ask ourselves: are they really worth the cost...? Technological developments, growing international cooperation and rising safety standards did indeed do a great deal to ensure that no major nuclear accident occurred for 25 years after Chernobyl. But the Fukushima explosions demonstrated that such improvements have not eradicated the dangers surrounding nuclear power plants.... Can anything be done to make reactors safer? A new generation of smaller modular reactors, designed from scratch to produce energy, not to facilitate warfare, has been proposed by Bill Gates, and embraced, among others, by Macron. The reactors promised by Gates's TerraPower company are still at the computer-simulation stage and years away from construction. But his claim that in such reactors "accidents would literally be prevented by the laws of physics" must be taken with a pinch of salt, as there are no laws of war protecting either old or new reactors from attack. There is also serious concern that the rapid expansion in the number of plants, advocated as a way of dealing with climate change, will increase the probability of accidents. While new technology will help to avoid some of the old pitfalls, it will also bring new risks associated with untried reactors and systems. Responsibility for dealing with such risks is currently being passed on to future generations. This is the second great risk from nuclear power: even if a reactor runs for its lifetime without incident, you still have a lot of dangerous material left at the end of it. Fuel from nuclear power plants will present a threat to human life and the environment for generations to come, with the half-life of some radioactive particles measured in tens of thousands of years.... Nuclear power plants generally have no alternative to storing their high-level radioactive waste on site....If what we bury today in the New Mexico desert — the waste created by our nuclear ambitions — is so repulsive to us, why do we pass it on to others to deal with? The author's counter-proposal: expanding the use of renewable energy:New research should be encouraged, grid infrastructure should be built up, and storage capacity increased. Billions that would otherwise go to new nuclear infrastructure, with all the attendant costs of cleanup that continue for decades and beyond, should be pumped instead into clean energy. In the meantime, we obviously have an existing nuclear industry, and the solution is not to run away in panic, but to take good care of the facilities that already dot our countryside. We must not abandon the industry to its current state of economic hardship, as that would only mean inviting the next accident sooner rather than later.Read more of this story at Slashdot.

Flying cars — or even electric flying taxis — are the dream of several well-funded manufacturers building "electric vertical-takeoff and landing aircraft" (or eVTOLs). But will they face stricter government regulations than anticipated? Long-time Slashdot readerwired_parrot reports that America's Federal Aviation Administration has shifted gears — "revising it certification requirements for eVTOLS from small aircraft to a powered-lift category." (The original submission cites a "growing number" of issues for the industry to resolve — and asks whether this raises concerns about the viability of the whole potential eVTOL market.) Meanwhile, AVWeb reports:According to a Reuters report, the impetus for the shift came from an ongoing audit by the U.S. Department of Transportation's Office of the Inspector General. The IG said so-called Urban Air Mobility vehicles present the FAA with "new and complex safety challenges...." In a written response to a request for clarification, an FAA spokesperson told AVweb: "The FAA's top priority is to make sure the flying public is safe. This obligation includes our oversight of the emerging generation of eVTOL vehicles. The agency is pursuing a predictable framework that will better accommodate the need to train and certify the pilots who will operate these novel aircraft. "Our process for certifying the aircraft themselves remains unchanged. All of the development work done by current applicants remains valid and the changes in our regulatory approach should not delay their projects. As this segment of the industry continues to grow, we look forward to certifying innovative new technologies that meet the safety standards that the public expects and deserves."Read more of this story at Slashdot.

The Washington Post reports on the "My Friends My Data" coalition, a group of start-up founders "working to push tech giants to adopt a new industry-wide standard that would allow users to transfer their followings from one app to another, thereby creating more competition between platforms.""Large social media companies are intentionally holding our personal contact information hostage," said Daniel Liss, founder and CEO of Dispo, a photography-based social network. "This limits consumer choice, stymies competition and inhibits free speech. We are committed to giving our community members control of their friend data...." MFMD's founding members include a who's who of buzzy social apps like Dispo, Itsme, Clash App, Muze, Spam app and Collage, which together have received more than $100 million in venture funding and amassed tens of millions of downloads. The group has issued letters to Meta, TikTok, Snap, Twitter and other large social platforms calling on them to join their crusade. As the start-ups have found, competing with tech giants like Meta or YouTube is difficult when the top talent on the Internet is essentially locked in to specific platforms because of their inability to take followers elsewhere. Many creators are already on board with MFMD's initiative. Some learned lessons about ownership the hard way after the fall of Vine. Many top Vine stars were overleveraged, investing all their energy in building out their following on the short-form video platform. When the app shuttered in 2016 those who hadn't used Vine to springboard to other apps like YouTube were left without access to the massive fandoms they had built.... [Liss] said that in addition to putting public pressure on the tech giants he hopes the MFMD can be a political force as well. "I'm very comfortable engaging in the political process on behalf of what we think is right," Liss said. "Not just for our companies but also for the next generation of consumer start-ups." Eugene Park, a gaming Twitch streamer in Los Angeles with 300,000 followers, likes the idea of making followers transferrable to other services, telling the Post it "would be taking power from the tech companies and putting it in the hands of creators who really make up these giant platforms." In the meantime, the article points out, TikTok users "have taken to referring to other apps like Instagram and YouTube using 'algospeak' pseudonyms, because they say even uttering the name of a competitor can downrank your content."Read more of this story at Slashdot.

"CIQ has landed $26 million in funding to support its plans to expand the use of Rocky Linux in the enterprise space," reports ZDNet.Last year, Red Hat decided to stop supporting CentOS 8 and shifted focus to CentOS Stream. CentOS had some huge enterprise users, among them Disney, GoDaddy, RackSpace, Toyota, and Verizon. In response, Greg Kurtzer, one of CentOS's founders, kicked off Rocky Linux in December 2020.... Kurtzer says Rocky Linux adoption has been "massive", with monthly downloads of OS images typically 250,000, reaching 750,000 in a bumper month. "Within two months we had 10,000 developer and contributors trying to be part of this project...." The project has gained the support of Greg Kroah-Hartman, the maintainer of the main-line stable Linux kernel, to meet community demands for Rocky Linux to run on a more modern, optimized kernel, Kurtzer said. Kroah-Hartman is leading Rocky Linux special interest group (SIG) for the kernel to create an optional enhanced kernel for Rocky Linux. "He's working closely with us to make sure the kernel we use is blessed by him. He's in the loop as bugs come up and help us manage that kernel in Rocky Linux," says Kurtzer. "Moreover, today's news follows shortly after CIQ inked a major deal with Google to help support companies looking to deploy Rocky Linux on Google's cloud infrastructure," reports VentureBeat. Kurtzer tells the site that Rocky Linux "has been a rocket ship in terms of uptake across the enterprise and cloud."Read more of this story at Slashdot.

"If you've visited a website in recent days and been randomly redirected to the same pages with sketchy "resources" or unwanted ads, it's likely the site in question was 1) built with WordPress tools and 2) hacked," reports Gizmodo.Details come from this blog post by researchers at Sucuri (a security provider owned by GoDaddy):As outlined in our latest hacked website report, we've been tracking a long-lasting campaign responsible for injecting malicious scripts into compromised WordPress websites. This campaign leverages known vulnerabilities in WordPress themes and plugins and has impacted an enormous number of websites over the year — for example, according to PublicWWW, the April wave for this campaign was responsible for nearly 6,000 infected websites alone. Since these PublicWWW results only show detections for simple script injections, we can assume that the scope is significantly larger. We recently investigated a number of WordPress websites complaining about unwanted redirects. Interestingly enough, they were found to be related to a new wave of this massive campaign and were sending website visitors through a series of website redirects to serve them unwanted ads. The websites all shared a common issue — malicious JavaScript had been injected within their website's files and the database, including legitimate core WordPress files... This JavaScript was appended under the current script or under the head of the page where it was fired on every page load, redirecting site visitors to the attacker's destination.... Domains at the end of the redirect chain may be used to load advertisements, phishing pages, malware, or even more redirects.... At the time of writing, PublicWWW has reported 322 websites impacted by this new wave... Considering that this count doesn't include obfuscated malware or sites that have not yet been scanned by PublicWWW, the actual number of impacted websites is likely much higher. Our team has seen an influx in complaints for this specific wave of the massive campaign targeting WordPress sites beginning May 9th, 2022, which has impacted hundreds of websites already at the time of writing.... We expect the hackers will continue registering new domains for this ongoing campaign as soon as existing ones become blacklisted. "It's important to note that these hacks are related to themes and plugins built by thousands of third-party developers using the open source WordPress software, not WordPress.com, which offers hosting and tools to build websites," Gizmodo points out.But this also cite this warning from Sucuri malware analyst Krasimir Konov:"This page tricks unsuspecting users into subscribing to push notifications from the malicious site. If they click on the fake CAPTCHA, they'll be opted in to receive unwanted ads even when the site isn't open — and ads will look like they come from the operating system, not from a browser," Konov wrote.Read more of this story at Slashdot.

ZDNet reports news from PyCon 2022 ("the first in-person meet-up for Python contributors since 2019 due to the pandemic") "Developers revisited the idea of running Python code in the browser...."CPython developer Christian Heimes and fellow contributor Ethan Smith detailed how they enabled the CPython main branch to compile to WebAssembly. CPython, short for Core Python, is the reference implementation that other Python distributions are derived from. CPython now cross-compiles to Wasm using Emscripten, a toolchain that compiles projects written in C or C++ to Node.js or Wasm runtimes. The Python Software Foundation highlighted the work in a blog post: "Python can be run on many platforms: Linux, Windows, Apple Macs, microcomputers, and even Android devices. But it's a widely known fact that, if you want code to run in a browser, Python is simply no good — you'll just have to turn to JavaScript," it notes. "Now, however, that may be about to change." While the Foundation notes cross-compiling to WebAssembly is still "highly experimental" due to missing modules in the Python standard library, nonetheless, PyCon 2022 demonstrated growing community interest in making Python a better language for the browser. The article notes additional news from Anaconda (makers of the a Python distribution for data science): the announcement of PyScript, "a system for interleaving Python in HTML (like PHP)."It allows developers to write and run Python code in HTML, and call Javascript libraries in PyScript. This system allows a website to be written entirely in Python. PyScript is built on Pyodide, a port of CPython, or a Python distribution for the browser and Node.js that's based on WebAssembly and Emscripten.... "Pyodide makes it possible to install and run Python packages in the browser with micropip. Any pure Python package with a wheel available on PyPI is supported," the Pyodide project states. Essentially, it compiles Python code and scientific libraries to WebAssembly using Emscripten.Read more of this story at Slashdot.

After traveling 300 miles on the underbelly of the Perseverance rover, the "Ingenuity" helicopter has made 28 different flights over the surface of Mars, reports the Washington Post, staying aloft for a total of nearly one hour, flying 4.3 miles with a maximum speed of 12.3 miles per hour and a top altitude of 39 feet. "It's traversed craters, taken photos of regions that would be hard to reach on the ground, and served as a surprisingly resilient scout that has adapted to the changing Martian atmosphere and survived its harsh dust storms and frigid nights. "Now the engineers and scientists at NASA's Jet Propulsion Laboratory are worried that their four-pound, solar-powered drone on Mars, may be nearing the end of its life."Winter is setting in on Mars. The dust is kicking up, coating Ingenuity's solar panels and preventing it from fully charging its six lithium-ion batteries. This month, for the first time since it landed on Mars more than a year ago, Ingenuity missed a planned communications session with Perseverance, the Mars rover that it relies on to send data and receive commands from Earth. Will a dust-coated Ingenuity survive a Martian winter where temperatures routinely plunge below minus-100 degrees Fahrenheit? And if it doesn't, how should the world remember the little helicopter that cost $80 million to develop and more than five years to design and build? Those closest to the project say that as time winds down for Ingenuity, it's hard to overstate its achievements.... "We built it as an experiment," Lori Glaze, the director of NASA's planetary science division, told The Washington Post. "So it didn't necessarily have the flight-qualified parts that we use on the big missions like Perseverance." Some, such as components from smartphones, were even bought off-the-shelf, so "there were chances that they might not perform in the environment as we expected. And so there was a risk that it wasn't going to work.... What happened was, and this is really key, after Ingenuity performed so well on those first five flights, the science team from Perseverance came to us and said, 'You know what, we want this helicopter to keep operating to help us in our exploration and achieving our science goals,' " Glaze said. So NASA decided to keep flying.... On April 29, it took its last flight to date, No. 28, a quarter-of-a-mile jaunt that lasted two-and-a-half minutes. Now NASA wonders if that will be the last one. The space agency thinks the helicopter's inability to fully charge its batteries caused the helicopter to enter a low-power state. When it went dormant, the helicopter's onboard clock reset, the way household clocks do after a power outage. So the next day, as the sun rose and began to charge the batteries, the helicopter was out of sync with the rover: "Essentially, when Ingenuity thought it was time to contact Perseverance, the rover's base station wasn't listening," NASA wrote. Then NASA did something extraordinary: Mission controllers commanded Perseverance to spend almost all of May 5 listening for the helicopter. Finally, little Ingenuity phoned home. The radio link, NASA said, "was stable," the helicopter was healthy, and the battery was charging at 41 percent. But, as NASA warned, "one radio communications session does not mean Ingenuity is out of the woods. The increased (light-reducing) dust in the air means charging the helicopter's batteries to a level that would allow important components (like the clock and heaters) to remain energized through the night presents a significant challenge." Maybe Ingenuity will fly again. Maybe not. "At this point, I can't tell you what's going to happen next," Glaze said. "We're still working on trying to find a way to fly it again. But Perseverance is the primary mission, so that we need to start setting our expectations appropriately." For Ingenuity's "Wright Brothers moment" — when it flew for the first time on another planet — it was actually carrying a postage-sized bit of fabric from the Wright Brothers original 1903 aircraft.Read more of this story at Slashdot.

Whatever happened to those two pilots who attempted to swap planes in mid-air — skydiving from one to the other while the planes slowly tumbled toward the desert 65 miles southeast of Phoenix? One pilot successfully reached the other plane — but the other pilot didn't, parachuting safely to the ground instead. "All of our safety protocols worked," the first pilot said triumphantly in a documentary streamed on Hulu. Er, but what about that second plane, slowly tumbling toward the ground without a pilot? It fell 14,000 feet, landing "nose first" (according to footage from a local newscast) — though its descent was also slowed by a parchute. (Both planes also had a specially-engineered braking system to slow their fall so the skydiving pilots could overtake them.) The stunt was sponsored by Red Bull. Both pilots had previously conducted more than 20,000 skydives — "but there's a problem," that local newscast pointed out. "The FAA says it had denied Red Bull permission to attempt the plane swap because it would not be in the public's interest." So now both pilots — who'd had "commercial pilot certificates" from America's Federal Aviation Administration — have had their certificates revoked. The Associated Press reports:In a May 10 emergency order, the FAA cites the two pilots, Luke Aikins and Andrew Farrington, and describes their actions as "careless and reckless." Aikins also faces a proposed $4,932 fine from the agency.... Aikins had petitioned for an exemption from the rule that pilots must be at the helm with safety belts fastened at all times. He argued the stunt would "be in the public interest because it would promote aviation in science, technology, engineering and math." While both pilots must surrender their certificates immediately, there is an appeal process. Aikins had shared a statement on Instagram after the stunt, saying he made the "personal decision to move forward with the plane swap" despite the lack of the FAA exemption. "I regret not sharing this information with my team and those who supported me." "I am now turning my attention to cooperatively working transparently with the regulatory authorities as we review the planning and execution."Read more of this story at Slashdot.

"Security consultant Lance Vick recently acquired the expired domain used by the maintainer of a widely used NPM package," reports the Register, "to remind the JavaScript community that the NPM Registry still hasn't implemented adequate security.""I just noticed 'foreach' on NPM is controlled by a single maintainer," wrote Vick in a Twitter post on Monday. "I also noticed they let their domain expire, so I bought it before someone else did. I now control 'foreach' on npm, and the 36,826 projects that depend on it." That's not quite the full story — he probably could have taken control but didn't. Vick acquired the lapsed domain that had been used by the maintainer to create an NPM account and is associated with the "foreach" package on NPM. But he said he didn't follow through with resetting the password on the email account tied to the "foreach" package, which is fetched nearly six million times a week. In an email to the Register, Vick explained... "I did not log into the account, as again, that crosses a line. I just sent a password reset email and bailed. "Regardless of how much control I have over this particular package, which is unclear, NPM admits this particular expired domain problem is a known issue, citing this 2021 [research paper] which says, 'We also found 2,818 maintainer email addresses associated with expired domains, allowing an attacker to hijack 8,494 packages by taking over the NPM accounts.' In other words, anyone poking around is going to find accounts easy to take over in this way. I was not lucky or special." His point, which he has been trying for several years to communicate to those overseeing NPM — a part of GitHub since March 2020 — is that taking over the NPM account of a popular project to conduct a software supply chain attack continues to be too easy. Part of the problem is that JavaScript developers often use packages that implement simple functions that are either already built into the language, like forEach, or ought to be crafted manually to avoid yet another dependency, like left-pad (now built-in as padStart). These trivial packages get incorporated into other packages, which may in turn become dependencies in different packages, thereby making the compromise of something like "foreach" a potentially far-reaching security incident. But Vick argues that with so many upstream attack vectors, "We are all just trusting strangers on the internet to give us good candy from their truck," according to the Register. Their article points out that on Tuesday GitHub launched a beta test of improved 2FA security for all its NPM accounts — which Vick calls "a huge win... [T]hat is the best way to protect accounts. We in the security community have been demanding this for years." But he's still worried about the possibility of email addresses with weak two-factor authentication or compromised NPM employees, and would like to see NPM implement cryptographic signatures for code. "I am talking with a member of their team tomorrow and we will see where this goes."Read more of this story at Slashdot.

An anonymous reader quotes a report from ZDNet: Securing the open-source software supply chain is a huge deal. Last year, the Biden administration issued an executive order to improve software supply chain security. This came after the Colonial Pipeline ransomware attack shut down gas and oil deliveries throughout the southeast and the SolarWinds software supply chain attack. Securing software became a top priority. In response, The Open Source Security Foundation (OpenSSF) and Linux Foundation rose to this security challenge. Now, they're calling for $150 million in funding over two years to fix ten major open-source security problems. The government will not be paying the freight for these changes. $30 million has already been pledged by Amazon, Ericsson, Google, Intel, Microsoft, and VMWare. More is already on the way. Amazon Web Services (AWS) has already pledged an additional $10 million. At the White House press conference, OpenSSF general manager Brian Behlendorf said, "I want to be clear: We're not here to fundraise from the government. We did not anticipate needing to go directly to the government to get funding for anyone to be successful." Here are the ten goals the open-source industry is committed to meeting: 1. Security Education: Deliver baseline secure software development education and certification to all.2. Risk Assessment: Establish a public, vendor-neutral, objective-metrics-based risk assessment dashboard for the top 10,000 (or more) OSS components.3. Digital Signatures: Accelerate the adoption of digital signatures on software releases.4. Memory Safety: Eliminate root causes of many vulnerabilities through the replacement of non-memory-safe languages.5. Incident Response: Establish the OpenSSF Open Source Security Incident Response Team, security experts who can step in to assist open source projects during critical times when responding to a vulnerability.6. Better Scanning: Accelerate the discovery of new vulnerabilities by maintainers and experts through advanced security tools and expert guidance.7. Code Audits: Conduct third-party code reviews (and any necessary remediation work) of up to 200 of the most-critical OSS components once per year.8. Data Sharing: Coordinate industry-wide data sharing to improve the research that helps determine the most critical OSS components.9. Software Bill of Materials (SBOMs): Everywhere Improve SBOM tooling and training to drive adoption.10. Improved Supply Chains: Enhance the 10 most critical open-source software build systems, package managers, and distribution systems with better supply chain security tools and best practices.Read more of this story at Slashdot.

Onkyo, one of the best-known Japanese manufacturers of home theater equipment, has "filed for bankruptcy at Osaka District Court on Friday, with total liabilities of around 3.1 billion yen ($24 million)," reports Nikkei Asia. The report is sparse on details but attributes the bankruptcy to a "market shift to streaming and smartphones." In mid-2020, Onkyo USA Corporation ended a 45-year run as Onkyo's exclusive sales, marketing and distribution division for the Americas, according to Audioholics. Onkyo has appeared in a few stories on Slashdot over the years. Our personal favorite was a story in 2003 about a new use of embedded Linux in Onkyo's home music server.Read more of this story at Slashdot.

schwit1 shares a report: The House of Representatives [...] will provide taxpayer-funded Peloton memberships to all of its staff, costing taxpayers roughly $100,000 per month. The move comes one year after the fitness company set up a lobbying shop in Washington. Memberships to the exercise service, which offers workout classes, will be available to House staff in Washington, D.C., and in district offices, as well as to Capitol police officers, Fox Business reported. The number of people eligible for the fully taxpayer-funded memberships totals roughly 12,300. Under the contract with Peloton, which takes effect May 18, the government will pay the company $10,000 up front and $10 per month for each staffer who chooses to enroll, according to Fox Business. With high participation among House staffers, the monthly cost of the contract for taxpayers could exceed $100,000 per month. [...] In March 2021, Peloton hired an in-house lobbyist and two lobbying firms to influence Congress on issues including "government programming to support health and wellness of Americans."Read more of this story at Slashdot.

An anonymous reader quotes a report from VentureBeat: Today, researchers at security service edge provider, Netskope, published the Netskope Cloud and Threat Report: Global Cloud and Malware Trends, which found that phishing downloads rose 450% over the past 12 months, and highlighted that attackers are using search engine optimization (SEO) to rank malicious PDF files on search engines. The report's findings show that phishing attempts are constantly evolving, and attackers aren't just targeting employees through their email inboxes; they're also using popular search engines like Google and Bing. The increase in phishing attacks and the growing popularity of SEO techniques among cybercriminals highlights the need for enterprises to provide their employees with security awareness training so they're prepared to spot threats and not at risk of handing over sensitive information. When it comes to defending against these SEO-driven attacks, [Ray Canzanese, director of Netskope's Threat Labs] highlights several methods that security teams can use to protect employees. One of the most effective is to use a solution that can decrypt and scan web traffic for malicious content. At the same time, security teams should encourage users to inspect all links they click on, and to exercise caution if the link takes them to an unfamiliar website. In the event an employee does click on a malicious PDF, they can expect to see a fake captcha at the top of the first page, followed by text on other pages. In these scenarios, users should close the file, delete it from the device and report it to the security team ASAP. Canzanese also notes that it's important for users to report malicious URLs that feature on popular search engines to help the provider unlist them from the site and prevent other users from falling victim to a scam.Read more of this story at Slashdot.

BeerFartMoron shares a report from Motherboard: For the last five years, driverless car companies have been testing their vehicles on public roads. These vehicles constantly roam neighborhoods while laden with a variety of sensors including video cameras capturing everything going on around them in order to operate safely and analyze instances where they don't. While the companies themselves, such as Alphabet's Waymo and General Motors' Cruise, tout the potential transportation benefits their services may one day offer, they don't publicize another use case, one that is far less hypothetical: Mobile surveillance cameras for police departments. "Autonomous vehicles are recording their surroundings continuously and have the potential to help with investigative leads," says a San Francisco Police department training document obtained by Motherboard via a public records request. "Investigations has already done this several times." Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. "This is very concerning," Electronic Frontier Foundation (EFF) senior staff attorney Adam Schwartz told Motherboard. He said cars in general are troves of personal consumer data, but autonomous vehicles will have even more of that data from capturing the details of the world around them. "So when we see any police department identify AVs as a new source of evidence, that's very concerning." As companies continue to make public roadways their testing grounds for these vehicles, everyone should understand them for what they are -- rolling surveillance devices that expand existing widespread spying technologies," said Chris Gilliard, Visiting Research Fellow at Harvard Kennedy School Shorenstein Center. "Law enforcement agencies already have access to automated license plate readers, geofence warrants, Ring Doorbell footage, as well as the ability to purchase location data. This practice will extend the reach of an already pervasive web of surveillance."Read more of this story at Slashdot.