Slashdot

A group of federal cyber advisers is putting a suspected teen hacking group under the microscope in the second investigation ever conducted by the Cyber Safety Review Board. From a report: The Department of Homeland Security review board -- a group of 15 federal government and private-sector cyber experts -- announced Friday morning that it will study and provide recommendations to fend off the hacking techniques behind the Lapsus$ data extortion group. The Cyber Safety Review Board first investigated and released a report with security recommendations in July about the Log4j open-source software vulnerability that affected millions of devices last year. Lapsus$, which has been outed as a teenage hacking group, is believed to be behind data breaches at Uber, Rockstar Games, Microsoft, Okta and other major companies earlier this year. Data extortion groups break into a company's systems, steal prized information like source codes, and then demand a payment from the company to stop them from leaking the stolen information. Specifically, Lapsus$ targets companies through MFA fatigue, where they use stolen login credentials to log in to a network and then spam account owners with two-factor authentication requests on their phones until they accept one. Suspected members of the gang are believed to be based in the U.K. and have been arrested several times throughout the year.Read more of this story at Slashdot.

guest reader writes: Chipmaker Intel is offering staff in Ireland the opportunity to take three months' leave from their jobs, with the catch being that it is unpaid. The move is part of cost saving measures at the company. According to various reports in the Irish media, thousands of workers at Intel's manufacturing plant in Leixlip, County Kildare, were offered three months' voluntary unpaid leave in a bid to lower overheads. The move follows Intel's announcement in October that it planned to lay off an unspecified number of employees worldwide, and even ditch some product lines, in response to a worsening economic situation. These plans are part of a massive reduction in spending, with Intel looking slash $3 billion annually starting next year and by between $8 billion and $10 billion by 2025. However, this isn't going to stop the chipmaker from continuing to invest in building new chip manufacturing plants, as Intel confirmed this week when the company reiterated its commitment to manufacturing expansions in the US and in Europe that are set to cost billions of dollars. In an official statement sent to The Register, Intel said it was taking steps to reduce costs and improve efficiencies detailed during its recent earnings call, while protecting the investments needed to position the company for long-term growth.Read more of this story at Slashdot.

An anonymous reader shares a report: Nvidia's new RTX 4090 and 4080 GPUs both use a new connector called 12VHPWR to deliver power as a way to satisfy ever-more power-hungry graphics cards without needing to set aside the physical space required for three or four 8-pin power connectors. But that power connector and its specifications weren't created by Nvidia alone -- to ensure interoperability, the spec was developed jointly by the PCI Express Special Interest Group (PCI-SIG), a body that includes Nvidia, AMD, Intel, Arm, IBM, Qualcomm, and others. But the overheating and melting issues experienced by some RTX 4090 owners recently have apparently prompted the PCI-SIG to clarify exactly which parts of the spec it is and is not responsible for. In a statement reported by Tom's Hardware, the group sent its members a reminder that they, not the PCI-SIG, were responsible for safety testing products using connector specs like 12VHPWR. "Members are reminded that PCI-SIG specifications provide necessary technical information for interoperability and do not attempt to address proper design, manufacturing methods, materials, safety testing, safety tolerances, or workmanship," the statement reads. "When implementing a PCI-SIG specification, Members are responsible for the design, manufacturing, and testing, including safety testing, of their products."Read more of this story at Slashdot.

Google is shutting down Duplex on the Web, its AI-powered set of services that navigated sites to simplify the process of ordering food, purchasing movie tickets and more. From a report: According to a note on a Google support page, Google on the Web and any automation features enabled by it will no longer be supported as of this month. Google introduced Duplex on the Web, an outgrowth of its call-automating Duplex technology, during its 2019 Google I/O developer conference. To start, it was focused on a couple of narrow use cases, including opening a movie theater chain's website to fill out all of the necessary information on a user's behalf -- pausing to prompt for choices like seats. But Duplex on the Web later expanded to passwords, helping users automatically change passwords exposed in a data breach, as well as assisted checkout for ecommerce retailers, flight check-in for airline sites and automatic discount finding. The promise of Duplex on the Web was that you'd be able to issue Google Assistant a command like "Book me a car from Hertz" and have Duplex pull up the relevant web page and automatically fill in details like your name, car preferences, trip dates, payment information (using information from Gmail and Chrome autofill), and more.Read more of this story at Slashdot.

The U.S. Army allocated millions of dollars to sponsor a wide range of esports tournaments, individual high profile Call of Duty streamers, and Twitch events in the last year to specifically grow its audience with Gen-Z viewers, and especially women and Black and Hispanic people, according to internal Army documents obtained by Motherboard. From the report: In many cases the sponsorships ultimately did not happen -- the Army ordered a stop of all spending with Call of Duty's publisher Activision after the company faced a wave of sexual harrassment complaints. But the documents provide much greater insight into the Army's goals and intentions behind its planned integrations with Call of Duty and other massive entertainment franchises. "Audience: Gen-Z Prospects (A18-24)," one section of the documents read. "Focus on the growth of females, Black & Hispanics." Motherboard obtained the documents through the Freedom of Information Act (FOIA). A table included in the documents lists the funds the Army planned to spend on various platforms, events, and streamers. At the top, is Twitch and its HBCU [Historically Black Colleges and Universities] Showdown. Previous seasons of this esports league had players compete in Madden and NBA games. The Army planned to spend $1 million on sponsoring the event. The documents show that the U.S. military considered gaming and, in particular, Call of Duty, as a potentially useful branding and recruiting tool.Read more of this story at Slashdot.

"Rust is awesome, for certain things. But think twice before picking it up for a startup that needs to move fast," Matt Welsh, co-founder and chief executive of Fixie.ai and former Google engineering director, writes in a blog post. From the post: I hesitated writing this post, because I don't want to start, or get into, a holy war over programming languages. (Just to get the flame bait out of the way, Visual Basic is the best language ever!) But I've had a number of people ask me about my experience with Rust and whether they should pick up Rust for their projects. So, I'd like to share some of the pros and cons that I see of using Rust in a startup setting, where moving fast and scaling teams is really important. Right up front, I should say that Rust is very good at what it's designed to do, and if your project needs the specific benefits of Rust (a systems language with high performance, super strong typing, no need for garbage collection, etc.) then Rust is a great choice. But I think that Rust is often used in situations where it's not a great fit, and teams pay the price of Rust's complexity and overhead without getting much benefit. My primary experience from Rust comes from working with it for a little more than 2 years at a previous startup. This project was a cloud-based SaaS product that is, more-or-less, a conventional CRUD app: it is a set of microservices that provide a REST and gRPC API endpoint in front of a database, as well as some other back-end microservices (themselves implemented in a combination of Rust and Python). Rust was used primarily because a couple of the founders of the company were Rust experts. Over time, we grew the team considerably (increasing the engineering headcount by nearly 10x), and the size and complexity of the codebase grew considerably as well. As the team and codebase grew, I felt that, over time, we were paying an increasingly heavy tax for continuing to use Rust. Development was sometimes sluggish, launching new features took longer than I would have expected, and the team was feeling a real productivity hit from that early decision to use Rust. Rewriting the code in another language would have, in the long run, made development much more nimble and sped up delivery time, but finding the time for the major rewrite work would have been exceedingly difficult. So we were kind of stuck with Rust unless we decided to bite the bullet and rewrite a large amount of the code. Rust is supposed to be the best thing since sliced bread, so why was it not working so well for us? [...] Despite being some of the smartest and most experienced developers I had worked with, many people on the team (myself included) struggled to understand the canonical ways to do certain things in Rust, how to grok the often arcane error messages from the compiler, or how to understand how key libraries worked (more on this below). We started having weekly "learn Rust" sessions for the team to help share knowledge and expertise. This was all a significant drain on the team's productivity and morale as everyone felt the slow rate of development. As a comparison point of what it looks like to adopt a new language on a software team, one of my teams at Google was one of the first to switch entirely from C++ to Go, and it took no more than about two weeks before the entire 15-odd-person team was quite comfortably coding in Go for the first time.Read more of this story at Slashdot.

Maersk and IBM will wind down their shipping blockchain TradeLens by early 2023, ending the pair's five-year project to improve global trade by connecting supply chains on a permissioned blockchain. From a report: TradeLens emerged during the "enterprise blockchain" era of 2018 as a high-flying effort to make inter-corporate trade more efficient. Open to shipping and freight operators, its members could validate the transaction of goods as recorded on a transparent digital ledger. The idea was to save its member-shipping companies money by connecting their world. But the network was only as strong as its participants; despite some early wins, TradeLens ultimately failed to catch on with a critical mass of its target industry. "TradeLens has not reached the level of commercial viability necessary to continue work and meet the financial expectations as an independent business," Maersk Head of Business Platforms Rotem Hershko said in a statement.Read more of this story at Slashdot.

Japanese camera manufacturers are bidding farewell to a once-major component of their operations, with Panasonic Holdings and Nikon suspending development of entry-level point-and-shoot cameras under their flagship brands. From a report: The companies will instead focus resources on pricier mirrorless models going forward, aiming to navigate a market upended by smartphones. Casual photographers flocked to compact digital cameras in the mid- to late 1990s, embracing their affordability and portability compared with single-lens reflex cameras. Global shipments reached 110 million units in 2008, according to the Camera & Imaging Products Association (CIPA). But as the iPhone and other camera-equipped smartphones won general consumers over, the camera industry fell off a cliff. Global shipments of compact digital cameras plunged 97% from the 2008 level to just 3.01 million units in 2021. Panasonic has been scaling back its model offerings in Lumix compact digital cameras, which debuted in 2001 and enjoyed high spots in domestic rankings at one point. The company has not released any new product for the price range below 50,000 yen ($370 at current rates) or so since 2019 and has no plans to develop a low-priced model going forward. "We've halted developing any new models that can be replaced by a smartphone," a spokesperson said. Panasonic will continue production of current offerings. But its focus going forward will be on developing high-end mirrorless cameras for photography enthusiasts and professionals. Nikon has suspended development of new compact models in its Coolpix line. It now offers just two models with high-powered lenses but it is "closely monitoring market trends" to determine production volumes going forward, according to an official. Nikon has also withdrawn from development of SLR cameras to specialize in upmarket mirrorless single-lens models. These companies are following in rivals' footsteps. Fujifilm has discontinued production of its FinePix compact cameras and will develop only the X100V series and other pricier models.Read more of this story at Slashdot.

America's newest nuclear stealth bomber is making its public debut after years of secret development and as part of the Pentagon's answer to rising concerns over a future conflict with China. From a report: The B-21 Raider is the first new American bomber aircraft in more than 30 years. Almost every aspect of the program is classified. Ahead of its unveiling Friday at an Air Force facility in Palmdale, California, only artists' renderings of the warplane have been released. Those few images reveal that the Raider resembles the black nuclear stealth bomber it will eventually replace, the B-2 Spirit. The bomber is part of the Pentagon's efforts to modernize all three legs of its nuclear triad, which includes silo-launched nuclear ballistic missiles and submarine-launched warheads, as it shifts from the counterterrorism campaigns of recent decades to meet China's rapid military modernization. China is on track to have 1,500 nuclear weapons by 2035, and its gains in hypersonics, cyber warfare, space capabilities and other areas present "the most consequential and systemic challenge to U.S. national security and the free and open international system," the Pentagon said this week in its annual China report.Read more of this story at Slashdot.

Meta is urging policymakers to hold off on creating new rules governing the metaverse. From a report: In a policy paper released Friday, Meta argues that many of the world's existing laws and regulations will also apply to activity in the metaverse -- a catch-all term that refers to an immersive virtual world that doesn't yet exist in which users could someday work, play games, shop and interact. Edward Bowles, Meta's head of fintech policy, told reporters that regulators could "stymie innovation" if they create an entirely new regulatory scheme for the metaverse. It's common for corporations, particularly Silicon Valley titans, to discourage politicians from creating new regulations. But in recent years, lawmakers have become interested in reining in the biggest tech companies -- including their investments in virtual reality. The paper is an effort by Meta to shape future legislation impacting the metaverse, a technology so central to the company's mission that it rebranded to "Meta" from "Facebook" last year.Read more of this story at Slashdot.

A little over a year after buzzy coding bootcamp Lambda School rebranded as Bloom Institute of Technology, the venture-backed startup is conducting massive layoffs, TechCrunch reported, citing sources. From the report: The workforce reduction, per people familiar with the matter, has impacted half of the company's staff across content, product, data and engineering teams. The layoff is expected to have impacted around 88 employees, using metrics provided in BloomTech's 2022 diversity report metrics. Employees were called into an All Hands meeting this morning in which BloomTech CEO Austen Allred notified staff of the impending layoffs. After the meeting, those impacted were notified via e-mail. According to documents seen by TechCrunch, employees will get normal pay and medical benefits until January 31, 2023 and are "expected to work" through that period. Those laid off were also offered optional time with managers to talk.Read more of this story at Slashdot.

An automated status updater for Slack isn't the only thing Mozilla acquired this week. From a report: On Wednesday, the company announced that it snatched up Active Replica, a Vancouver-based startup developing a "web-based metaverse." According to Mozilla SVP Imo Udom, Active Replica will support Mozilla's ongoing work with Hubs, the latter's VR chatroom service and open source project. Specifically, he sees the Active Replica team working on personalized subscription tiers, improving the onboarding experience and introducing new interaction capabilities in Hubs. "Together, we see this as a key opportunity to bring even more innovation and creativity to Hubs than we could alone," Udom said in a blog post. "We will benefit from their unique experience and ability to create amazing experiences that help organizations use virtual spaces to drive impact. They will benefit from our scale, our talent, and our ability to help bring their innovations to the market faster." Active Replica was founded in 2020 by Jacob Ervin and Valerian Denis. Ervin is a software engineer by trade, having held roles at AR/VR startups Metaio, Liminal AR and Occipital. Denis has a history in project management -- he worked for VR firms including BackLight, which specializes in location-based and immersive VR experiences for brands.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Hive Social, a social media platform that has seen meteoric growth since Elon Musk took over Twitter, abruptly shut down its service on Wednesday after a security advisory warned the site was riddled with vulnerabilities that exposed all data stored in user accounts. "The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages," the advisory, published on Wednesday by Berlin-based security collective Zerforschung, claimed. "This also includes private email addresses and phone numbers entered during login." The post went on to say that after the researchers privately reported the vulnerabilities last Saturday, many of the flaws they reported remained unpatched. They headlined their post "Warning: do not use Hive Social." Hive Social responded by pulling down its entire service. "The Hive team has become aware of security issues that affect the stability of our application and the safety of our users," company officials wrote. "Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience." Technical details are being withheld to prevent the active exploitation of them by malicious hackers. According to Business Insider, Hive Social's user base has doubled in the last few weeks, going from about 1 million to 2 million as of last week. The site is only being staffed by two people, "neither of whom had much of a background in security," reports Ars.Read more of this story at Slashdot.

Scientists hoping to harness nuclear fusion -- the same energy source that powers the Sun and other stars -- have confirmed that magnetic fields can enhance the energy output of their experiments, reports a new study. The results suggest that magnets may play a key role in the development of this futuristic form of power, which could theoretically provide a virtually limitless supply of clean energy. Motherboard reports: Fusion power is generated by the immense energy released as atoms in extreme environments merge together to create new configurations. The Sun, and all the stars in the night sky, are fueled by this explosive process, which occurs in their cores at incredibly high temperatures and pressures. Scientists have spent roughly a century unraveling the mechanics of nuclear fusion in nature, and trying to artificially replicate this starry mojo in laboratories. Now, a team at the National Ignition Facility (NIF), which is a fusion experiment based at the U.S. Department of Energy's Lawrence Livermore National Laboratory, has reported that the magnetic fields can boost the temperature of the fusion "hot spot" in experiments by 40 percent and more than triple its energy output, which is "approaching what is required for fusion ignition" according to a study published this month in Physical Review Letters. "The magnetic field comes in and acts kind of like an insulator," said John Moody, a senior scientist at the NIF who led the study, in a call with Motherboard. "You have what we call the hot spot. It's millions of degrees, and around it is just room temperature. All that heat wants to flow out because heat always goes from the hot to the cold and the magnetic field prevents that from happening." "When we go in and we put the magnetic field on this hotspot, and we insulate it, now that heat stays in there, and so we're able to get the hot spot to a higher temperature," he continued. "You get more [fusion] reactions as you go up in temperature, and that's why we see this improvement in the reactivity." The hot spots in the NIF's fusion experiments are created by shooting nearly 200 lasers at a tiny pellet of fuel made of heavier isotopes (or versions) of hydrogen, such as deuterium and tritium. These laser blasts generate X-rays that make the small capsule implode, producing the kinds of extreme pressures and temperatures that are necessary for the isotopes to fuse together and release their enormous stores of energy. NIF has already brought their experiments to the brink of ignition, which is the point at which fusion reactions become self-sustaining in plasmas. The energy yields created by these experiments are completely outweighed by the energy that it takes to make these self-sustaining reactions in the plasmas in the first place. Still, achieving ignition is an important step toward creating a possible "breakeven" system that produces more energy output than input. Moody and his colleagues developed their magnetized experiment at NIF by wrapping a coil around a version of the pellet made with specialized metals.Read more of this story at Slashdot.

The Viking 1 lander arrived on the Martian surface 46 years ago to investigate the planet. It dropped down into what was thought to be an ancient outflow channel. Now, a team of researchers believes they've found evidence of an ancient megatsunami that swept across the planet billions of years ago, less than 600 miles from where Viking landed. Gizmodo reports: In a new paper published today in Scientific Reports, a team identified a 68-mile-wide impact crater in Mars' northern lowlands that they suspect is leftover from an asteroid strike in the planet's ancient past. "The simulation clearly shows that the megatsunami was enormous, with an initial height of approximately 250 meters, and highly turbulent," said Alexis Rodriguez, a researcher at the Planetary Science Institute and lead author of the paper, in an email to Gizmodo. "Furthermore, our modeling shows some radically different behavior of the megatsunami to what we are accustomed to imagining." Rodriguez's team studied maps of the Martian surface and found the large crater, now named Pohl. Based on Pohl's position on previously dated rocks, the team believes the crater is about 3.4 billion years old -- an extraordinarily long time ago, shortly after the first signs of life we know of appeared on Earth. According to the research team's models, the asteroid impact could have been so intense that material from the seafloor may have dislodged and been carried in the water's debris flows. Based on the size of the crater, the team believes the impacting asteroid could have been 1.86 miles wide or 6 miles wide, depending on the amount of ground resistance the asteroid encountered. The impact could have released between 500,000 megatons and 13 million megatons of TNT energy (for comparison, the Tsar Bomba nuclear test was about 57 megatons of TNT energy.) "A clear next step is to propose a landing site to investigate these deposits in detail to understand the ocean's evolution and potential habitability," Rodriguez said. "First, we would need a detailed geologic mapping of the area to reconstruct the stratigraphy. Then, we need to connect the surface modification history to specific processes through numerical modeling and analog studies, including identifying possible mud volcanoes and glacier landforms."Read more of this story at Slashdot.

An anonymous reader quotes a report from Motherboard: Motility -- the scientific term for being able to move independently -- is one of the most important features for living organisms on Earth. But where cells' ability to move came from has been a mystery for many scientists. However, new research in which scientists created the world's smallest moving organism provides one idea of how cell motility came to be. As the authors write in their paper, "motility is observed in various phyla and arguably one of the major determinants of survival." According to the paper, cell motility is believed to originate from small movements of housekeeping proteins that are transmitted to a cell, but the proposed process hasn't been experimentally demonstrated. Their study is thus a way to test out this theory. In this experiment, the researchers genetically engineered a synthetic bacterium named JCVI-syn-3b, or syn-3, which is non-motile. To reconstitute syn-3, the group introduced seven genes that code for proteins that are likely involved in the swimming motion of Spiroplasma bacteria. Spiroplasma is a small bacteria known to "swim" by essentially switching around its cytoskeleton. The proteins introduced evolved from the bacterial actin protein MreB. Actin are multi-functional proteins that are often responsible for motility in cells. In an email to Motherboard, Miyata confirmed that prior to this experiment, nobody had succeeded in making a motile minimal synthetic bacterium. By introducing the proteins responsible for motility in Spiroplasma into syn-3, the researchers were able to make the previously non-motile bacteria swim, as evident in a video published on the University's YouTube account. The researchers also wanted to see how the expression of different combinations of the motility genes would affect the genetically engineered bacteria to swim. In doing so, they found that the expression of only two proteins was necessary for promoting motility in syn-3, likely indicating that many of the proteins were redundant and demonstrating a minimal system for motility. "To the best of our knowledge, the motility system comprising only two actin superfamily proteins is the smallest system established till date," the authors write. "Therefore, we may call this a 'minimal motile cell.'" Although this study is primarily a proof of concept, it gives scientists a better understanding of how cell motility could have potentially originated and evolved. "In addition to the sheer novelty of creating such a smol swimmer, the new study sheds light on the origin of movement in the first mobile lifeforms that arose on Earth," adds Motherboard. "For instance, Miyata said that the actin protein MreB is not involved in the motility of many other bacterial species, which confirms that there are multiple different evolutionary pathways that led to microbial movement." The study has been published in the journal Science Advances.Read more of this story at Slashdot.

OpenAI has released a prototype general purpose chatbot that demonstrates a fascinating array of new capabilities but also shows off weaknesses familiar to the fast-moving field of text-generation AI. And you can test out the model for yourself right here. The Verge reports: ChatGPT is adapted from OpenAI's GPT-3.5 model but trained to provide more conversational answers. While GPT-3 in its original form simply predicts what text follows any given string of words, ChatGPT tries to engage with users' queries in a more human-like fashion. As you can see in the examples below, the results are often strikingly fluid, and ChatGPT is capable of engaging with a huge range of topics, demonstrating big improvements to chatbots seen even a few years ago. But the software also fails in a manner similar to other AI chatbots, with the bot often confidently presenting false or invented information as fact. As some AI researchers explain it, this is because such chatbots are essentially "stochastic parrots" -- that is, their knowledge is derived only from statistical regularities in their training data, rather than any human-like understanding of the world as a complex and abstract system. [...] Enough preamble, though: what can this thing actually do? Well, plenty of people have been testing it out with coding questions and claiming its answers are perfect. ChatGPT can also apparently write some pretty uneven TV scripts, even combining actors from different sitcoms. It can explain various scientific concepts. And it can write basic academic essays.And the bot can combine its fields of knowledge in all sorts of interesting ways. So, for example, you can ask it to debug a string of code ... like a pirate, for which its response starts: "Arr, ye scurvy landlubber! Ye be makin' a grave mistake with that loop condition ye be usin'!" Or get it to explain bubble sort algorithms like a wise guy gangster. ChatGPT also has a fantastic ability to answer basic trivia questions, though examples of this are so boring I won't paste any in here. And someone else saying the code ChatGPT provides in the very answer above is garbage. I'm not a programmer myself, so I won't make a judgment on this specific case, but there are plenty of examples of ChatGPT confidently asserting obviously false information. Here's computational biology professor Carl Bergstrom asking the bot to write a Wikipedia entry about his life, for example, which ChatGPT does with aplomb -- while including several entirely false biographical details. Another interesting set of flaws comes when users try to get the bot to ignore its safety training. If you ask ChatGPT about certain dangerous subjects, like how to plan the perfect murder or make napalm at home, the system will explain why it can't tell you the answer. (For example, "I'm sorry, but it is not safe or appropriate to make napalm, which is a highly flammable and dangerous substance.") But, you can get the bot to produce this sort of dangerous information with certain tricks, like pretending it's a character in a film or that it's writing a script on how AI models shouldn't respond to these sorts of questions.Read more of this story at Slashdot.

Last year, Google announced Android Open Source Project (AOSP) support for Rust, and today the company provided an update, while highlighting the decline in memory safety vulnerabilities. 9to5Google reports: Google says the "number of memory safety vulnerabilities have dropped considerably over the past few years/releases."; Specifically, the number of annual memory safety vulnerabilities fell from 223 to 85 between 2019 and 2022. They are now 35% of Android's total vulnerabilities versus 76% four years ago. In fact, "2022 is the first year where memory safety vulnerabilities do not represent a majority of Android's vulnerabilities." That count is for "vulnerabilities reported in the Android security bulletin, which includes critical/high severity vulnerabilities reported through our vulnerability rewards program (VRP) and vulnerabilities reported internally." During that period, the amount of new memory-unsafe code entering Android has decreased: "Android 13 is the first Android release where a majority of new code added to the release is in a memory safe language. " Rust makes up 21% of all new native code in Android 13, including the Ultra-wideband (UWB) stack, DNS-over-HTTP3, Keystore2, Android's Virtualization framework (AVF), and "various other components and their open source dependencies." Google considers it significant that there have been "zero memory safety vulnerabilities discovered in Android's Rust code" so far across Android 12 and 13. Google's blog post today also talks about non-memory-safety vulnerabilities, and its future plans: "... We're implementing userspace HALs in Rust. We're adding support for Rust in Trusted Applications. We've migrated VM firmware in the Android Virtualization Framework to Rust. With support for Rust landing in Linux 6.1 we're excited to bring memory-safety to the kernel, starting with kernel drivers.Read more of this story at Slashdot.

Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles. BleepingComputer reports: Security researchers at Yuga Labs found the issues and explored similar attack surfaces in the SiriusXM "smart vehicle" platform used in cars from other makers (Toyota, Honda, FCA, Nissan, Acura, and Infinity) that allowed them to "remotely unlock, start, locate, flash, and honk" them. At this time, the researchers have not published detailed technical write-ups for their findings but shared some information on Twitter, in two separate threads. The mobile apps of Hyundai and Genesis, named MyHyundai and MyGenesis, allow authenticated users to start, stop, lock, and unlock their vehicles. After intercepting the traffic generated from the two apps, the researchers analyzed it and were able to extract API calls for further investigation. They found that validation of the owner is done based on the user's email address, which was included in the JSON body of POST requests. Next, the analysts discovered that MyHyundai did not require email confirmation upon registration. They created a new account using the target's email address with an additional control character at the end. Finally, they sent an HTTP request to Hyundai's endpoint containing the spoofed address in the JSON token and the victim's address in the JSON body, bypassing the validity check. To verify that they could use this access for an attack on the car, they tried to unlock a Hyundai car used for the research. A few seconds later, the car unlocked. The multi-step attack was eventually baked into a custom Python script, which only needed the target's email address for the attack. Yuga Labs analysts found that the mobile apps for Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota, use SiriusXM technology to implement remote vehicle management features. They inspected the network traffic from Nissan's app and found that it was possible to send forged HTTP requests to the endpoint only by knowing the target's vehicle identification number (VIN). The response to the unauthorized request contained the target's name, phone number, address, and vehicle details. Considering that VINs are easy to locate on parked cars, typically visible on a plate where the dashboard meets the windshield, an attacker could easily access it. These identification numbers are also available on specialized car selling websites, for potential buyers to check the vehicle's history. In addition to information disclosure, the requests can also carry commands to execute actions on the cars. [...] Before posting the details, Yuga Labs informed both Hyundai and SiriusXM of the flaws and associated risks. The two vendors have fixed the vulnerabilities.Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: The brains of teenagers who lived through the Covid pandemic show signs of premature aging, research suggests. The researchers compared MRI scans of 81 teens in the US taken before the pandemic, between November 2016 and November 2019, with those of 82 teens collected between October 2020 and March 2022, during the pandemic but after lockdowns were lifted. After matching 64 participants in each group for factors including age and sex, the team found that physical changes in the brain that occurred during adolescence -- such as thinning of the cortex and growth of the hippocampus and the amygdala -- were greater in the post-lockdown group than in the pre-pandemic group, suggesting such processes had sped up. In other words, their brains had aged faster. "Brain age difference was about three years -- we hadn't expected that large an increase given that the lockdown was less than a year [long]," said Ian Gotlib, a professor of psychology at Stanford University and first author of the study. Writing in the journal Biological Psychiatry: Global Open Science, the team report that the participants -- a representative sample of adolescents in the Bay Area in California -- originally agreed to take part in a study looking at the impact of early life stress on mental health across puberty. As a result, participants were also assessed for symptoms of depression and anxiety. The post-lockdown group self-reported greater mental health difficulties, including more severe symptoms of anxiety, depression and internalizing problems. "Deterioration in mental health is accompanied by physical changes in the brain for teens, likely due to the stress of the pandemic," said Gotlib. "In older adults, these brain changes are often association with reduced cognitive functioning. It's not clear yet what they mean in adolescents. But this is the first demonstration that difficulties in mental health during the pandemic are accompanied by what seem to be stress-related changes in brain structure."Read more of this story at Slashdot.

Parler announced Thursday it reached a mutual agreement with Ye, formerly known as Kanye West, to terminate the sale of the social media app. Axios reports: The deal already was on life support, as Axios previously reported, and it's unclear if a formal merger agreement was ever signed. Parler originally said it had an agreement "in principle," and today referred to it as "intent of sale." A Parler spokesperson previously told Axios that the acquisition was set to close by year-end but declined to say if Ye ever had signed paperwork to that effect. In a statement, Parler's parent company said: "This decision was made in the interest of both parties in mid-November. Parler will continue to pursue future opportunities for growth and the evolution of the platform for our vibrant community." A source familiar with the situation said that Ye's precarious financial situation -- including the loss of his Adidas deal -- played a role in the deal collapse.Read more of this story at Slashdot.

Popular NFT and cryptocurrency app Coinbase Wallet today said that Apple required an NFT-sending feature to be removed from the app due to an in-app purchase dispute. MacRumors reports: Apple's App Store review team apparently told Coinbase that the "gas fees required to send NFTs need to be paid through in-app purchase." Apple wanted a cut of transactions, which Coinbase Wallet said is similar to Apple attempting to take a cut of fees for every email that's sent over the internet. Apple is asking for something that is not possible, because the in-app purchase system does not support cryptocurrency to begin with. Coinbase Wallet says that Apple would not approve an app update until the NFT-sending feature was disabled, and the removal of the functionality will make it more difficult for iPhone users who have an NFT to transfer the NFT to other wallets or gift an NFT to friends or family. The developers behind the app say that Apple has introduced profit-protecting policies that come at the expense of "developer innovation across the crypto ecosystem." Coinbase Wallet is hoping that this is a mistake and has tweeted an invitation to Apple to discuss the matter.Read more of this story at Slashdot.

An anonymous reader quotes a report from the Washington Post: Major web browsers moved Wednesday to stop using a mysterious software company that certified websites were secure, three weeks after The Washington Post reported its connections to a U.S. military contractor. Mozilla's Firefox and Microsoft's Edge said they would stop trusting new certificates from TrustCor Systems that vouched for the legitimacy of sites reached by their users, capping weeks of online arguments among their technology experts, outside researchers and TrustCor, which said it had no ongoing ties of concern. Other tech companies are expected to follow suit. The Post reported on Nov. 8 that TrustCor's Panamanian registration records showed the same slate of officers, agents and partners as a spyware-maker identified this year as an affiliate of Arizona-based Packet Forensics, which has sold communication interception services to U.S. government agencies for more than a decade. One of those contracts listed the "place of performance" as Fort Meade, Md., the home of the National Security Agency and the Pentagon's Cyber Command. The case has put a new spotlight on the obscure systems of trust and checks that allow people to rely on the internet for most purposes. Browsers typically have more than a hundred authorities approved by default, including government-owned ones and small companies, to seamlessly attest that secure websites are what they purport to be."Certificate Authorities have highly trusted roles in the internet ecosystem and it is unacceptable for a CA to be closely tied, through ownership and operation, to a company engaged in the distribution of malware," Mozilla's Kathleen Wilson wrote to a mailing list for browser security experts. "Trustcor's responses via their Vice President of CA operations further substantiates the factual basis for Mozilla's concerns."Read more of this story at Slashdot.

The Australian parliament has approved a bill to amend the country's privacy legislation, significantly increasing the maximum penalties to AU$50 million for companies and data controllers who suffered large-scale data breaches. From a report: The financial penalty introduced by the new bill is set to whichever is greater: AU$50 million, three times the value of any benefit obtained through the misuse of information, and 30% of a company's adjusted turnover in the relevant period. Previously, the penalty for severe data exposures was AU$2.22 million, considered wholly inadequate to incentivize companies to improve their data security mechanisms. The new bill comes in response to a series of recent cyberattacks against Australian companies, including ransomware and network breaches, resulting in the exposure of highly sensitive data for millions of people in the country. "The Albanese Labor government has wasted no time in responding to recent major data breaches. We have announced, introduced, and delivered legislation in just over a month," reads the media announcement. "These new, larger penalties send a clear message to large companies that they must do better to protect the data they collect."Read more of this story at Slashdot.

As the FTX collapse continues to reverberate through the cryptocurrency sector, Telegram CEO Pavel Durov wants to revive some of the good will toward blockchain technology by developing a range of decentralized tools including digital asset exchanges. From a report: "The blockchain industry was built on the promise of decentralization, but ended up being concentrated in the hands of a few who began to abuse their power," Durov wrote Wednesday on his Telegram page. "As a result, a lot of people lost their money when FTX, one of the largest exchanges, went bankrupt." The antidote to FTX's downfall is renewed prioritization of decentralization, he said. Durov maintained that blockchain projects must return to their roots of decentralization, and move away from relying on third-party corporations. Additionally, he said it's possible today for developers to steer the blockchain away from centralization with the release of new products that a wide audience can access. Moving forward, Telegram, a messaging and social-media app, will build non-custodial wallets and decentralized exchanges for millions of people to trade and store cryptocurrencies, Durov said. "This way we can fix the wrongs caused by the excessive centralization, which let down hundreds of thousands of cryptocurrency users," he said. "The time when the inefficiencies of legacy platforms justified centralization should be long gone. With technologies like TON reaching their potential, the blockchain industry should be finally able to deliver on its core mission -- giving the power back to the people."Read more of this story at Slashdot.

Five years ago, a study describing a precipitous decline in sperm counts sparked extreme concerns that humanity was on the path to extinction. Now a new study shows that sperm counts have fallen further and the rate of decline is speeding up, raising fears of a looming global fertility crisis. From a report: The initial study, published in July 2017, revealed that sperm counts -- the number of sperm in a single ejaculate -- plummeted by more than 50 percent among men in North America, Europe, Australia, and New Zealand between 1973 and 2011. Since then, a team led by the same researchers has explored what has happened in the last 10 years. In a new meta-analysis, which appeared in the journal Human Reproduction Update, researchers analyzed studies of semen samples published between 2014 and 2019 and added this to their previous data. The newer studies have a more global perspective and involved semen samples from 14,233 men, including some from South and Central America, Africa, and Asia. The upshot: Not only has the decline in total sperm counts continued -- reaching a drop of 62 percent -- but the decline per year has doubled since 2000. The 2017 report also revealed that sperm concentration (the number of sperm per milliliter of semen) dropped by an average of 1.6 percent per year, totaling more than a 52 percent among men in these regions over the previous four decades.Read more of this story at Slashdot.

Firefox developer Mozilla is making a rare foray into the world of mergers and acquisitions, with news that it has snapped up recently-shuttered California-based productivity startup Pulse. From a report: Terms of the deal haven't been disclosed, but the deal is tantamount to an "acqui-hire," with Mozilla looking to deploy the Pulse team across an array of machine learning (ML) projects. "We're acquiring Pulse for the incredible team they have built," Mozilla chief product officer Steve Teixeira told TechCrunch. "As we look to continue to improve user experiences across all of our products, ML will be a core part of that." Founded out of Menlo Park in 2019, Pulse in its initial guise was a "virtual office" platform called Loop Team, but after honing the idea for a couple of years it pivoted and rebranded last November. Pulse, essentially, was an automated status-updating tool that used signals based on pre-configured integrations and preferences set by the user. For example, users could synchronize Pulse with their calendar and Slack, setting rules to stipulate what their status and corresponding emoji should be based on keywords in their calendar event title. If their schedule for a particular time says "hair appointment" from 12-1pm, then the person's Slack status update might display a scissors emoji alongside the word "haircut." Or, it might say "birthday" alongside a cake emoji if that's what is in their calendar.Read more of this story at Slashdot.

A little more than one in five techies in Britain is aged 50 or older, and enticing more of that demographic to enter the world of information technology could help alleviate a perennial skills gap. From a report: This is according to research by the British Computer Society (BCS), which reckons just 22 percent (413,000) of the 1.9 million IT specialists in the local industry are at or past the half century mark. To fall in line with the average number of 50 year olds or older across all other employment areas (561,000) in the UK, an additional 148,000 people in that grouping are needed in the tech sector, the BCS claimed, basing its finding on data provided by the Office for National Statistics. "We can only achieve the government's ambition for the UK to be the 'next Silicon Valley' by closing the digital skills gap and making this vital profession attractive to a far broader range of people," said Rashik Parmar MBE, CEO of the BCS. For those not aware, the UK government's latest harebrained scheme, outlined in the Autumn statement by Chancellor Jeremy Hunt, is to convert the island nation into "the next Silicon Valley". Sounds plausible? Oven-baked plan? No, we didn't think so either. The age factor was most pronounced in the north-east of the UK where just one in eight programmers/developers was 50 or over, the research found -- but didn't state why.Read more of this story at Slashdot.

AmiMoJo writes: A research project that saw a four-day working week being trialled across 12 businesses has been deemed a success by both the companies and employees involved. The project, backed by the trade union Forsa and carried out in partnership by Four-Day Week Ireland, UCD and Boston College, examined the financial, social, and environmental impact that a four-day working week would have on businesses and employees in Ireland. Nine of the 12 companies that took part in the six-month trial said they were committed to continuing with the four-day-week schedule. The other three said they were also planning to continue but did not commit to keeping it long-term. Seven companies provided data on revenue and of those, six reported monthly revenue growth, with one seeing a decline. Two companies that tracked energy usage found reductions. In general, management of the companies were said to have been very pleased with the outcome of the trial in terms of productivity and overall experience. On a scale of 1-10, from very negative to very positive, the companies' average rating for the trial was 9.2.Read more of this story at Slashdot.

AmiMoJo writes: LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," the company said. "We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers' information." Lastpass said it hired security firm Mandiant to investigate the incident and notified law enforcement of the attack. It also noted that customers' passwords have not been compromised and "remain safely encrypted due to LastPass's Zero Knowledge architecture."Read more of this story at Slashdot.

The company behind the tether stablecoin has increasingly been lending its own coins to customers rather than selling them for hard currency upfront. The shift adds to risks that the company may not have enough liquid assets to pay redemptions in a crisis. From a report: Tether says it lends only to eligible customers and requires that borrowers post lots of "extremely liquid" collateral, which could be sold for dollars if borrowers default. These loans have appeared for several quarters in the financial reports that Tether shows on its website. In the most recent report, they reached $6.1 billion as of Sept. 30, or 9% of the company's total assets. They were $4.1 billion, or 5% of total assets, at the end of 2021. Tether calls them "secured loans" and discloses little about the borrowers or the collateral accepted. Alex Welch, a Tether spokeswoman, confirmed that all of the secured loans listed in the reports were issued and denominated in tether. The company said the loans were short-term and that Tether holds the collateral. Tether, which is incorporated in the British Virgin Islands, doesn't publish audited financial statements or a complete balance sheet, leaving outsiders with an incomplete picture of the company's financial health. "Tether's disclosures are limited to the information contained in the mentioned reports," Ms. Welch said. The rise in Tether's lending represents a broad risk to the crypto world. Stablecoins such as tether are anchors in the system. They are vital for trading many cryptocurrencies and are widely held by traders. The premise of tether -- and other stablecoins -- is that the issuer always will redeem one coin for $1. Issuers take pains to demonstrate they have ample funds available to do so. The company's reports show only U.S. dollar amounts for the loans and don't say the loans were made in tether tokens. The reports also say the loans were "fully collateralized by liquid assets."Read more of this story at Slashdot.

Google will take its appeal of the record $4.5 billion European Union antitrust fine over its dominance in the Android mobile market to the bloc's top court. From a report: The penalty hits at the heart of the US tech giant's power over the Android mobile-phone ecosystem, and in September judges at a lower court mostly sided with the European Commission's arguments but reduced the overall fine to $4.3 billion.Read more of this story at Slashdot.

The San Francisco Board of Supervisors voted 8-3 Tuesday night to approve a controversial policy that would allow police to deploy robots capable of using lethal force in extraordinary circumstances, according to multiple reports. From a report: The Washington Post reports the vote came after a heated debate on a policy that would allow officers to use ground-based robots to kill "when risk of loss of life to members of the public or officers is imminent and officers cannot subdue the threat after using alternative force options or de-escalation tactics." The Post says the measure still requires a second vote next week and the mayor's approval. "There could be an extraordinary circumstance where, in a virtually unimaginable emergency, they might want to deploy lethal force to render, in some horrific situation, somebody from being able to cause further harm," Supervisor Aaron Peskin said at the board meeting, according to the San Francisco Chronicle. But Supervisors Dean Preston, Hillary Ronen and Shamann Walton voted against the policy, the Chronicle reported. "There is serious potential for misuse and abuse of this military-grade technology, and zero showing of necessity," Preston said at the meeting. Ultimately, the board adopted an amendment requiring one of two high-ranking San Francisco Police Department leaders to authorize any use of a robot for lethal force, according to the Chronicle.Read more of this story at Slashdot.

DoorDash is reducing its corporate staff by about 1,250, or 6% of the company, as the food-delivery platform works to rein in costs after a pandemic-fueled growth spurt, according to an internal memo from Chief Executive Tony Xu. WSJ: DoorDash is the latest among a swath of technology companies to cut staff to pare back costs as rising interest rates and economic uncertainty spur investors to focus more on profitability. DoorDash, like many companies, is also navigating shifting consumer habits as trends normalize from pandemic disruptions. The company's food-delivery competitors, such as Uber face their slowest growth in years. "We were not as rigorous as we should have been in managing our team growth," Mr. Xu said in the memo, which was viewed by The Wall Street Journal. "That's on me. As a result, operating expenses grew quickly." Growth has tapered from pandemic highs, Mr. Xu said, and operating costs would continue to outpace sales growth if left unaddressed. Since its 2020 initial public offering, DoorDash has struggled to turn a profit, though it did post a profitable quarter at the start of the pandemic. Earlier in November, DoorDash posted a wider-than-expected loss of $296 million for the third quarter as costs surged 46% to over $2 billion.Read more of this story at Slashdot.

Microsoft is offering Windows 11 users a preview of an update that fixes some gaming performance problems. The software maker originally warned of issues with lower than expected performance in some games earlier this month, after some Windows 11 users that had upgraded to the latest 2022 Update (22H2) noticed problems. From a report: "Some games and apps might experience lower than expected performance or stuttering on Windows 11, version 22H2," said Microsoft at the time. "Affected games and apps are inadvertently enabling GPU performance debugging features not meant to be used by consumers." While Microsoft didn't list the exact apps and games experiencing problems, the company did block the Windows 11 2022 Update for systems with affected games and recommended people not upgrade. That safeguard was removed around a week ago, and now Microsoft has issued a full fix. If you're running the Windows 11 2022 Update, you can check Windows Update and find a KB5020044 update preview that you can install.Read more of this story at Slashdot.

European Central Bank officials argued on Wednesday that bitcoin is "rarely used for legal transactions," is fuelled by speculation and the recent erosion in its value indicates that it is on the "road to irrelevance," in a series of stringent criticism (bereft of strong data points) of the cryptocurrency industry as they urged regulators to not lend legitimacy to digital tokens in the name of innovation. From a report: The value of bitcoin recently finding stability at around $20,000 was "an artificially induced last gasp before the road to irrelevance â" and this was already foreseeable before FTX went bust and sent the bitcoin price to well down below $16,000," wrote Ulrich Bindseil and Jurgen Schaaf on ECB's blog. The central bankers argue that bitcoin's conceptual design and "technological shortcomings" make it "questionable" as a means of payment. "Real bitcoin transactions are cumbersome, slow and expensive. Bitcoin has never been used to any significant extent for legal real-world transactions," they wrote. Bitcoin also "does not generate cash flow (like real estate) or dividends (like equities), cannot be used productively (like commodities) or provide social benefits (like gold). The market valuation of bitcoin is therefore based purely on speculation," they wrote.Read more of this story at Slashdot.

An anonymous reader quotes a report from the BBC: The first drug to slow the destruction of the brain in Alzheimer's has been heralded as momentous and historic. The research breakthrough ends decades of failure and shows a new era of drugs to treat Alzheimer's -- the most common form of dementia -- is possible. Yet the medicine, lecanemab, has only a small effect and its impact on people's daily lives is debated. And the drug works in the early stages of the disease, so most would miss out without a revolution in spotting it. [...] Lecanemab is an antibody -- like those the body makes to attack viruses or bacteria -- that has been engineered to tell the immune system to clear amyloid from the brain. Amyloid is a protein that clumps together in the spaces between neurons in the brain and forms distinctive plaques that are one of the hallmarks of Alzheimer's. The large-scale trial involved 1,795 volunteers with early stage Alzheimer's. Infusions of lecanemab were given every fortnight. The results, presented at the Clinical Trials on Alzheimer's Disease conference in San Francisco and published in the New England Journal of Medicine, are not a miracle cure. The disease continued to rob people of their brain power, but that decline was slowed by around a quarter over the course of the 18 months of treatment. The data is already being assessed by regulators in the US who will soon decide whether lecanemab can be approved for wider use. The developers -- the pharmaceutical companies Eisai and Biogen -- plan to begin the approval process in other countries next year. There is debate among scientists and doctors about the "real world" impact of lecanemab. The slower decline with the drug was noticed using ratings of a person's symptoms. It's an 18-point scale, ranging from normal through to severe dementia. Those getting the drug were 0.45 points better off. [Prof Tara Spires-Jones, from the University of Edinburgh] said that was a "small effect" on the disease, but "even though it is not dramatic, I would take it." Dr Susan Kohlhaas, from Alzheimer's Research UK, said it was a "modest effect... but it gives us a little bit of a foothold" and the next generation of drugs would be better. There are also risks. Brain scans showed a risk of brain bleeds (17% of participants) and brain swelling (13%). Overall, 7% of people given the drug had to stop because of side effects. A crucial question is what happens after the 18 months of the trial, and the answers are still speculation. [Dr Elizabeth Coulthard, who treats patients at North Bristol NHS Trust] says that people have, on average, six years of living independently once mild cognitive impairment starts. Slow that decline by a quarter and it could equate to an extra 19 months of independent life, "but we don't know that yet", she says. It is even scientifically plausible that the effectiveness could be greater in longer trials.Read more of this story at Slashdot.

Jiang Zemin, the Shanghai Communist kingpin who was handpicked to lead China after the 1989 Tiananmen Square protests and presided over a decade of meteoric economic growth, died on Wednesday. He was 96. From a report: A Communist Party announcement issued by Chinese state media said he died in Shanghai of leukemia and multiple organ failure. His death and the memorial ceremonies to follow come at a delicate moment in China, where the ruling party is confronting a wave of widespread protests against its pandemic controls, a nationwide surge of political opposition unseen since the Tiananmen movement of Mr. Jiang's time. Mr. Jiang was president of China for a decade from 1993. In the eyes of many foreign politicians, Mr. Jiang was the garrulous, disarming exception to the mold of stiff, unsmiling Chinese leaders. He was the Communist who would quote Lincoln, proclaim his love for Hollywood films and burst into songs like "Love Me Tender." Less enthralled Chinese called him a "flowerpot," likening him to a frivolous ornament, and mocking his quirky vanities. In his later years young fans celebrated him, tongue-in-cheek, with the nickname "toad." But Mr. Jiang's unexpected rise and quirks led others to underestimate him, and over 13 years as Communist Party general secretary he matured into a wily politician who vanquished a succession of rivals. Mr. Jiang's stewardship of the capitalist transformation that had begun under Deng Xiaoping was one of his signal accomplishments. He also amassed political influence that endured long past his formal retirement, giving him a big say behind the scenes in picking the current president, Xi Jinping.Read more of this story at Slashdot.

Two minerals that have never been seen before on Earth have been discovered inside a massive meteorite in Somalia. They could hold important clues to how asteroids form. Live Science reports: The two brand new minerals were found inside a single 2.5 ounce (70 gram) slice taken from the 16.5 ton (15 metric tons) El Ali meteorite, which was found in 2020. Scientists named the minerals elaliite after the meteor and elkinstantonite after Lindy Elkins-Tanton(opens in new tab), the managing director of the Arizona State University Interplanetary Initiative and principal investigator of NASA's upcoming Psyche mission, which will send a probe to investigate the mineral-rich Psyche asteroid for evidence of how our solar system's planets formed. The researchers classified El Ali as an Iron IAB complex meteorite, a type made of meteoric iron flecked with tiny chunks of silicates. While investigating the meteorite slice, details of the new minerals caught the scientists' attention. By comparing the minerals with versions of them that had been previously synthesized in a lab, they were able to rapidly identify them as newly recorded in nature. The researchers plan to investigate the meteorites further in order to understand the conditions under which their parent asteroid formed. The team is also looking into material science applications of the minerals. However, future scientific insights from the El Ali meteorite could be in peril. The meteorite has now been moved to China in search of a potential buyer, which could limit researchers' access to the space rock for investigation. "Whenever you find a new mineral, it means that the actual geological conditions, the chemistry of the rock, was different than what's been found before," Chris Herd, a professor in the Department of Earth and Atmospheric Sciences at the University of Alberta, said in a statement. "That's what makes this exciting: In this particular meteorite you have two officially described minerals that are new to science."Read more of this story at Slashdot.

Three Chinese astronauts arrived on Wednesday at China's space station for the first in-orbit crew rotation in Chinese space history, launching operation of the second inhabited outpost in low-Earth orbit after the NASA-led International Space Station. Reuters reports: The spacecraft Shenzhou-15, or "Divine Vessel", and its three passengers lifted off atop a Long March-2F rocket from the Jiuquan Satellite Launch Centre at 11:08 p.m. (1508 GMT) on Tuesday in sub-freezing temperatures in the Gobi Desert in northwest China, according to state television. Shenzhou-15 was the last of 11 missions, including three previous crewed missions, needed to assemble the "Celestial Palace", as the multi-module station is known in Chinese. The first mission was launched in April 2021. The spacecraft docked with the station more than six hours after the launch, and the three Shenzhou-15 astronauts were greeted with warm hugs from the previous Shenzhou crew from whom they were taking over. The Shenzhou-14 crew, who arrived in early June, will return to Earth after a one-week handover that will establish the station's ability to temporarily sustain six astronauts, another record for China's space program. The Shenzhou-15 mission offered the nation a rare moment to celebrate, at a time of widespread unhappiness over China's zero-COVID policies, while its economy cools amid uncertainties at home and abroad.Read more of this story at Slashdot.

An anonymous reader quotes a report from Motherboard: Bohemia Interactive, the Czech Republic based developer of the military simulator game Arma 3, has published a blog and a video it hopes will help it with a unique problem. Footage from the video game known for its realism has gone viral several times since the game's release in 2013 as people have tried to pass off clips of the military simulation as footage of real war. This happens a lot, so often that there are multiple debunking stories on Reuters and the Associated Press specifically about debunking viral clips of war footage. Since Russia's invasion of Ukraine in February, the problem has gotten much worse. The invasion is the largest ground war in Europe in a generation and people around the world gobble up every scrap of information they can. Pranksters and fraudsters have taken to uploading clips from Arma 3 to capitalize on that need for information. Arma 3 is a hyper realistic military simulation and sandbox. It's meant to be a realistic modeling of real world conflict. It's even teamed up with the International Committee of the Red Cross to release DLC that details the after effects of armed conflict. A sister studio, Bohemia Interactive Simulations, broke from the company in 2013 and makes simulations for the Pentagon using similar technology. The game is also a sandbox with a vibrant modding scene (PlayerUnknown's Battlegrounds began its life as an Arma 3 mod) that allows players to customize the game however they want. That devotion to realism and open platform has made Arma 3 the perfect platform to use to create fake war footage. "While it's flattering that Arma 3 simulates modern war conflicts in such a realistic way, we are certainly not pleased that it can be mistaken for real-life combat footage and used as war propaganda," Pavel Krizka, PR Manager of Bohemia Interactive, said in a November 28 press release. "It has happened in the past (Arma 3 videos allegedly depicted conflicts in Afghanistan, Syria, Palestine, and even between India and Pakistan), but nowadays this content has gained traction in regard to the current conflict in Ukraine." The life cycle is almost always the same. An Arma 3 nerd uploads something to YouTube and other people pull the video, edit it to make it look more realistic, then pass it off as actual footage of the conflict. The footage goes viral then the fact-checkers come in and tell everyone it's a video game. Bohemia Interactive issues a statement and then everyone waits for the next fake to come along. "We've been trying to fight against such content by flagging these videos to platform providers (FB, YT, TW, IG etc.), but it's very ineffective," Krizka said in the press release. "With every video taken down, ten more are uploaded each day. We found the best way to tackle this is to actively cooperate with leading media outlets and fact-checkers (such as AFP, Reuters, and others), who have better reach and the capacity to fight the spreading of fake news footage effectively." Some of the tells of fake footage include a low resolution, a shaky camera, and/or a night setting. "They're often without sound, don't feature people in motion, and sometimes still include the HUD elements from the video game," adds Motherboard. "There's typically unnatural particle effects, unrealistic vehicles, uniforms, and equipment." "We have seen many Arma players pointing out mistakenly identified footage, which helps viewers understand what they're seeing," said Bohemia Interactive. "Thank you for helping!"Read more of this story at Slashdot.

Apple's iPhone 14 Pro and Pro Max model shipments could miss market expectations by up to 20 million units in the holiday quarter due to labor unrest at a major Chinese factory, TF Securities analyst Ming-Chi Kuo said. Reuters reports: Kuo is the latest to flag a hit to the world's most valuable company from protests over pay and strict COVID-19 curbs at the world's biggest iPhone factory, the Foxconn-operated plant in the central city of Zhengzhou. He trimmed his estimate for quarterly iPhone shipments by about 20% to between 70 million and 75 million units, compared with the market consensus of 80 million to 85 million units. Kuo, in a blog post on Tuesday, also predicted that the supply shortfall could erase demand for the more popular Pro models, instead of deferring sales, as consumers also grapple with a weakening economy. In contrast, other Apple analysts expect sales to pick up once production constraints ease and more Pro models become available. Some analysts signaled the possibility of the challenges extending into 2023.Read more of this story at Slashdot.

A torrent site user accused of downloading and uploading at least 120TB of movies, TV shows, eBooks, music and software, has avoided an immediate prison term. The 28-year-old was arrested as part of a police operation against DanishBytes. A member of the same site was sentenced earlier this month after he uploaded Netflix content obtained using hacked credentials. TorrentFreak reports: Early November 2021, Denmark's Public Prosecutor for Special Economic and International Crime (SOIK) announced that six people had been arrested following criminal referrals by Rights Alliance. All were members and/or operators of ShareUniversity and DanishBytes. Prosecution of site operators is not uncommon but when it's deemed in the public interest, pirate site users can also face charges. Every case is unique so criteria differ, especially across national borders, but when evidence shows large volumes of infringement, successful prosecutions become more likely. That was the case when a former DanishBytes user was sentenced last week. According to Danish anti-piracy group Rights Alliance, the 28-year-old man was a regular site member and wasn't involved in running the site. That being said, evidence showed that for the period January 2021 to November 2021, he downloaded and/or uploaded no less than 3,000 copyrighted works, including movies, TV shows, music, books, audiobooks and comics. Information released by the National Unit for Special Crimes (NSK), a Danish police unit focused on cybercrime, organized crime, and related financial crime, reveals that the user's traffic statistics interested prosecutors. "During the period, the man downloaded no less than 100 TB and uploaded no less than 20 TB of copyrighted material," NSK says. BitTorrent trackers operating a ratio model usually insist on a better ratio of downloads to uploads but DanishBytes' situation was out of the ordinary. The site launched in January 2021 in the wake of other sites being shut down, so had to get going from a standing start with no users. Even when arrests were being made, the site still had a relatively small userbase, which can limit opportunities to upload more. That may have been a blessing in disguise. Faced with the evidence, the man decided to plead guilty and was sentenced last week at the Court in Vibourg. In common with similar prosecutions recently, he received a suspended conditional sentence of 60 days' probation, 80 hours of community service, and confiscation of his computer equipment. The case against the DanishBytes user began with a Rights Alliance investigation and a referral to the police. As part of his sentence, the man must pay the anti-piracy group DKK 5,000 (US$600) in compensation but Rights Alliance director Maria Fredenslund is focused on the deterrent effect of another successful prosecution.Read more of this story at Slashdot.

Snapchat's parent company is asking workers to return to the office 80% of the time, or the equivalent of four days a week, beginning early next year, in the latest sign of tech employees receiving less flexibility nearly three years after the pandemic took hold and amid a wave of industry cost cutting. CNN reports: "After working remotely for so long we're excited to get everyone back together next year with our new 80/20 hybrid model," a spokesperson for Snap (SNAP) confirmed to CNN in a statement Tuesday. "We believe that being together in person, while retaining flexibility for our team members, will enhance our ability to deliver on our strategic priorities of growing our community, driving revenue growth, and leading in [augmented reality]." The new policy will take effect at the end of February. News of Snap's stricter in-office policy was first reported by Bloomberg, which cited an internal memo from CEO Evan Spiegel telling employees they may have to "sacrifice" some amount of "individual convenience" but it will benefit "our collective success."Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Dropbox has announced plans to bring end-to-end encryption to its business users, and it's doing so through acquiring "key assets" from Germany-based cloud security company Boxcryptor. Terms of the deal were not disclosed. Dropbox is well-known for its cloud-based file back-up and sharing services, and while it does offer encryption for files moving between its servers and the destination, Dropbox itself has access to the keys and can technically view any content passing through. What Boxcryptor brings to the table is an extra layer of security via so-called "zero knowledge" encryption on the client side, giving the user full control over who is allowed to decrypt their data. For many people, such as consumers storing family photos or music files, this level of privacy might not be a major priority. But for SMEs and enterprises, end-to-end encryption is a big deal as it ensures that no intermediary can access their confidential documents stored in the cloud -- it's encrypted before it even arrives. Moving forward, Dropbox said that it plans to bake Boxcryptor's features natively into Dropbox for business users. "In a blog post published today, Boxcryptor founders Andrea Pfundmeier and Robert Freudenreich say that their 'new mission' will be to embed Boxcryptor's technology into Dropbox," adds TechCrunch. "And after today, nobody will be able to create an account or buy any licenses from Boxcryptor -- it's effectively closing to new customers." "But there are reasons why the news is being packaged the way it has. The company is continuing to support existing customers through the duration of their current contracts."Read more of this story at Slashdot.

Former FTX head Sam Bankman-Fried (SBF) selected cryptocurrency vlogger Tiffany Fong for a series of lengthy and candid telephone interviews. In the two interviews that had been released on YouTube at press time, SBF speaks about many of the major questions connected with the collapse of FTX. CoinTelegraph reports: The first interview was conducted Nov. 6 and released Nov. 29 on YouTube. [...] The recording began with SBF saying, "You don't get into the situation we got in if you, like, make all the right decisions." Taking her cue from that, Fong started her interview by asking about the "backdoor" that allowed SBF "to execute commands that could alter the [FTX] company's financial records without alerting others." SBF expressed surprise at the very idea. "And this is something I would be doing?" he asked. "That I can tell you is definitely not true. I don't even know how to code. [...] I literally never even opened the code for any of FTX." This set the tone for the rest of the conversation, in which Fong politely asked hardball questions and SBF answered with seeming openness. SBF went on to comment on FTX's FTT coin. "I think it had real value. That being said, there are a few problems. [...] This was f*****g embarrassing given my background. [...] I think it was basically more legit than a lot of tokens in some ways. Its was more economically underpinned than the average token was," he said. "Illiquidity didn't cause the crash," SBF continued. Rather, it was "the massive correlation of things during market moves, especially when they are triggered by fear over the position itself." SBF agreed with Fong that "the recovery looks pretty slim" for international customers, while "U.S. is a hundred percent. If its Amazon account had not been turned off, "they could already be withdrawing." Speaking about his political activities, SBF said, "I donated about the same to both parties. [...] All of my Republican donations were dark." [...] In the second, undated, phone interview, SBF addressed the use of FTX customer funds by Alameda Research. Struggling for words, SBF said that he should have thought more about "what a hyper-correlated cross-scenario looks like. It's the oldest game in the book in finance. [...] There was no one person in charge of monitoring risk positions at FTX." Fong pressed for specifics from the situation, with little success. SBF took a moderate position on the role of Binance CEO Changpeng Zhao (CZ) in the FTX downfall. "Things would certainly be a lot more stable and there would be a lot more ability to generate liquidity [...] and I don't know for sure." Asked about the impact of the collapse of FTX and surrounding scandal on him, SBF said, "I wake up each day and think about what happened, and I have hours per day to ruminate on it. [...] It's different than what it seems to other people."Read more of this story at Slashdot.

Anker's popular Eufy-branded security cameras appear to be sending some data to the cloud, even when cloud storage is disabled and local only storage settings are turned on. MacRumors reports: The information comes from security consultant Paul Moore, who last week published a video outlining the issue. According to Moore, he purchased a Eufy Doorbell Dual, which was meant to be a device that stored video recording on device. He found that Eufy is uploading thumbnail images of faces and user information to its cloud service when cloud functionality is not enabled. Moore demonstrates the unauthorized cloud uploading by allowing his camera to capture his image and turning off the Eufy HomeBase. The website is still able to access the content through cloud integration, though he had not signed up for cloud service, and it remains accessible even when the footage is removed from the Eufy app. It's important to note that Eufy does not appear to be automatically uploading full streaming video to the cloud, but rather taking captures of the video as thumbnails. The thumbnails are used in the Eufy app to activate streaming video from the Eufy base station, allowing Eufy users to watch their videos when away from home, as well as for sending rich notifications. The problem is the thumbnails are uploaded to the cloud automatically even when the cloud functionality is not active, and Eufy also seems to be using facial recognition on the uploads. Some users have taken issue with the unauthorized cloud uploads because Eufy advertises local-only service and has been popular among those who want a more private camera solution. "No Clouds or Costs," reads the Eufy website. Moore suggests that Eufy is also able to link facial recognition data collected from two separate cameras and two separate apps to users, all without camera owners being aware. Moore received a response from Eufy in which Eufy confirmed that it is uploading event lists and thumbnails to AWS, but said the data is not able to "leak to the public" because the URL is restricted, time limited, and requires account login. There is also another issue that Moore has highlighted, suggesting Eufy camera streams can be watched live using an app like VLC, but little information on the exploit is available at this time. Moore said that unencrypted Eufy camera content can be accessed without authentication, which is alarming for Eufy users. There's a dedicated Reddit thread where other Eufy users are reporting the same thing happening.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Google and iHeartMedia -- the US's biggest radio station operator -- are being hit with a false advertising lawsuit for ads they ran about the Pixel 4 [...]. The FTC and four states say the companies aired "nearly 29,000 deceptive endorsements by radio personalities" during 2019 and 2020, with Bureau of Consumer Protection Director Samuel Levine saying that "Google and iHeartMedia paid influencers to promote products they never used, showing a blatant disrespect for truth-in-advertising rules." The two companies have settled the lawsuit and will be required to pay $9.4 million in penalties. Google's ads had on-air personalities give first-hand accounts of how much they liked the Pixel 4, but, to quote the FTC's press release, "the on-air personalities were not provided with Pixel 4s before recording and airing the majority of the ads and therefore did not own or regularly use the phones." Therefore the first-person claims made in the ads, like, "It's my favorite phone camera out there, especially in low light, thanks to Night Sight Mode," "I've been taking studio-like photos of everything," and "It's also great at helping me get stuff done, thanks to the new voice-activated Google Assistant that can handle multiple tasks at once," can't be true. [...] As part of the settlement, Google and iHeartMedia are barred from "misrepresenting that an endorser has owned or used, or about their experience with, certain products." The agreement is subject to a public comment period of 30 days, after which the commission will vote on whether to make the proposed consent orders final. A Google spokesperson commented to TechCrunch, saying, "We are pleased to resolve this issue. We take compliance with advertising laws seriously and have processes in place designed to help ensure we follow relevant regulations and industry standards."Read more of this story at Slashdot.

Amazon's cloud-computing unit is rolling out new chips designed to power the highest-end of computing, supporting tasks such as weather forecasting and gene sequencing. From a report: Amazon Web Services, the largest provider of over-the-internet computing, on Monday said it would let customers rent computing power that relies on a new version of its Graviton chips. Peter DeSantis, a senior vice president who oversees most of AWS's engineering teams, said in an interview that the product is a springboard for making what the industry calls high-performance computing more readily available. The newest chip is the latest piece of Amazon's effort to build more of the hardware that fills the massive data centers that power AWS. Amazon says making its own chips will give customers more cost-effective computing power than they could get by renting time on processors built by the likes of Intel Corp., Nvidia Corp. or Advanced Micro Devices. The move has put AWS in direct competition with those companies, which are also among its biggest suppliers. DeSantis said the chipmakers remain "great partners," and that AWS plans to continue to offer high-performance computing services based on chips made by other companies. On Tuesday, AWS Chief Executive Officer Adam Selipsky announced a new version of the Inferentia chip, which is designed to draw inferences from vast amounts of data. Inferentia2 is built to handle bigger sets of data than its predecessor, enabling things like software-generated images or detecting and interpreting human speech, Amazon said. [...] The latest version of AWS's line of Graviton processors, the Graviton3E, will have twice the ability of current versions in one type of calculations needed by high-performance computers, DeSantis said. When combined with other AWS technology, the new offering will be 20% better than the previous one. Amazon didn't say when services based on the new chip would be available.Read more of this story at Slashdot.

Tall as a 20-story building, a rocket carrying the Shenzhou 15 mission roared into the night sky of the Gobi Desert on Tuesday, carrying three astronauts toward a rendezvous with China's just-completed space station. From a report: The rocket launch was a split-screen event for China, the latest in a long series of technological achievements for the country, even as many of its citizens have been angrily lashing out in the streets against stringent pandemic controls.The air shook as the huge white rocket leaped into a starry, bitterly cold night sky shortly before the setting of a waxing crescent moon. The expedition to the new space station is a milestone for China's rapidly advancing space program. It is the first time a team of three astronauts already aboard the Tiangong outpost will be met by a crew arriving from Earth. The Chinese space station will now be continuously occupied, like the International Space Station, another marker laid down by China in its race to catch up with the United States and surpass it as the dominant power in space. With a sustained presence in low-Earth orbit aboard Tiangong, Chinese space officials are preparing to put astronauts on the moon, which NASA also intends to revisit before the end of the decade as part of its Artemis program. "It will not take a long time; we can achieve the goal of manned moon landing," Zhou Jianping, chief designer of China's crewed space program, said in an interview at the launch center. China has been developing a lunar lander, he added, without giving a date when it might be used. The launch of Shenzhou 15 comes less than two weeks after NASA finally launched its Artemis I mission following many delays. That flight has put its uncrewed Orion capsule into orbit around the moon.Read more of this story at Slashdot.