Slashdot

The Senate voted 68-31 to confirm Federal Communications Commission Chair Jessica Rosenworcel, the first woman to hold that title, to another five-year term, narrowly avoiding a Republican majority at the agency once her current term was set to expire at the end of the year. From a report: Rosenworcel gained the support of key Republicans, including Senate Commerce Committee Ranking Member Roger Wicker, R-Miss. President Joe Biden waited a historically long period to nominate Rosenworcel as well as former FCC official Gigi Sohn to a commissioner role. That prolonged period threatened to temporarily give the two Republicans on the commission a majority, since Rosenworcel would have had to leave the commission at the New Year if she was not confirmed to another term by then. While the role of acting chair, which sets the agenda for the agency, would go to the remaining Democrat on the commission until a permanent chair could be confirmed, the agency would likely not have been able to push forward anything but the most bipartisan of measures. Even with Rosenworcel's confirmation, the commission is set to remain stalemated on more controversial issues until a fifth commissioner is confirmed. Biden has signaled a desire to return to the net neutrality rules adopted by the FCC during the Obama administration, which were later repealed by the agency under former President Donald Trump. Republicans on the commission have continued to signal opposition to reclassifying broadband providers under Title II of the Communications Act of 1934, which the industry has argued would unfairly open the possibility of price regulation of their services. Companies subject to the reclassification included internet service providers like AT&T, Verizon and Comcast, parent company of CNBC owner NBCUniversal.Read more of this story at Slashdot.

Problems with some of the Amazon Web Services cloud servers are causing slow loading or failures for significant chunks of the internet. From a report: The company's widespread network of data centers powers many of the things you interact with online, so as we've seen in previous AWS outage incidents, any problem can have massive ripple effects. People started noticing problems at around 10:45AM ET. There are reports of outages for Disney Plus streaming, as well as games like PUBG, League of Legends, and Valorant. We've also noticed some problems accessing Amazon.com, as well as other Amazon products like the Alexa AI assistant, Kindle ebooks, Amazon Music, or Ring security cameras. The DownDetector list of services with spikes in their outage reports runs off nearly any recognizable name: Tinder, Roku, Coinbase, both Cash App and Venmo, and the list goes on.Read more of this story at Slashdot.

Interviews and internal Apple documents provide a behind-the-scenes look at how the company made concessions to Beijing and won key legal exemptions. CEO Tim Cook personally lobbied officials over threats that would have hobbled its devices and services. His interventions paved the way for Apple's unparalleled success in the country. The Information: Apple's iPhone recently became the top-selling smartphone in China, its second-biggest market after the U.S., for the first time in six years. But the company owes much of that success to CEO Tim Cook, who laid the foundation years ago by secretly signing an agreement, estimated to be worth more than $275 billion, with Chinese officials promising Apple would do its part to develop China's economy and technological prowess through investments, business deals and worker training. Cook forged the five-year agreement, which hasn't been previously reported, during the first of a series of in-person visits he made to the country in 2016 to quash a sudden burst of regulatory actions against Apple's business, according to internal Apple documents viewed by The Information. Before the meetings, Apple executives were scrambling to salvage the company's relationship with Chinese officials, who believed the company wasn't contributing enough to the local economy, the documents show. Amid the government crackdown and the bad publicity that accompanied it, iPhone sales plummeted.Read more of this story at Slashdot.

An anonymous reader shares a report: The complexities of the real world are starting to bleed into the Metaverse -- the virtual arena where identity functions as both a reflection on and determinant of social capital. Differences in prices for digital avatars based on race, gender and skin color are emerging among a popular collection of NFTs known as CryptoPunks, belying the utopian and egalitarian ideals touted by the closely connected world of crypto, decentralized finance, blockchain and non-fungible tokens. According to both participants in and observers of the space, these price discrepancies are partly explained by the lack of diversity among the investors who favor these status assets. It's a demographic that skews mostly male and White. Female CryptoPunks, and those with darker skin colorings, tend to sell for less than avatars with male traits or fair skin. CryptoPunk investors say the price disparity is not a function of individual prejudice or racism, but of the fact that the people currently willing and able to pay top dollar for digital goods aren't bidding on avatars that don't look like them. "If you look at the blockchain space, it largely tends to be white, it largely tends to be male," said Tony Herrera, an immigrant activist in California who owns 60 CryptoPunks. "One Punk could be dark and one could be light, and the lighter one is going to be the more desirable."Read more of this story at Slashdot.

An anonymous reader quotes a report from The Record: Microsoft said today that its legal team has successfully obtained a court warrant that allowed it to seize 42 domains used by a Chinese cyber-espionage group in recent operations that targeted organizations in the US and 28 other countries. Tracked by Microsoft as Nickel, but also known under other names such as APT15, Mirage, or Vixen Panda, Ke3Chang, and others, the group has been active since 2012 and has conducted numerous operations against a broad set of targets. Tom Burt, Microsoft VP of Customer Security & Trust, said today that the recent domains had been used for "intelligence gathering" from government agencies, think tanks, and human rights organizations. Burt said the seized domains were being used to gather information and data from the hacked organizations. "Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft's secure servers will help us protect existing and future victims while learning more about Nickel's activities," Burt said in a blog post today announcing the company's legal action against Nickel domains. "Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks," he added. According to Burt, the group's victims had been hacked using compromised third-party virtual private network (VPN) suppliers or stolen credentials obtained from spear-phishing campaigns, which is in tune with similar industry reports detailing recent tactics used by Chinese espionage groups, in general.Read more of this story at Slashdot.

European space company ArianeGroup will develop a reusable mini-launcher to compete with the likes of Elon Musk's SpaceX, French Finance Minister Bruno Le Maire said on Monday. Reuters reports: The launcher "must be able to be operational in 2026," Le Maire said during a trip to the ArianeGroup site at Vernon in Normandy, where the engines of Ariane rockets are tested. "For the first time Europe...will have access to a reusable launcher. In other words, we will have our SpaceX, we will have our Falcon 9. We will make up for a bad strategic choice made 10 years ago," Le Maire said.Read more of this story at Slashdot.

Astronomers say they've located six galaxies that appear to have either very little or absolutely no dark matter. The team will present its findings in Monthly Notices of the Royal Astronomical Society. CNET reports: Mentioning that they'd previously been told "measure again, you'll see there will be dark matter around your galaxy," the researchers zeroed in on one seemingly dark-matter-free region dubbed AGC 114905 to strengthen their evidence. Lurking 250 million light-years away from Earth, it's about the size of the Milky Way, with a thousand times fewer stars. So it's rather dim. The researchers used a standard technique to detect the presence of dark matter in AGC 114905 that involves graphing the position and rotation speed of the galaxy's gas. After 40 hours of scrutiny with the high-powered Very Large Array Radio Telescope in New Mexico, they found the movements of the gas were perfectly explainable by normal matter alone. "The problem remains that the theory predicts that there must be dark matter in AGC 114905," Pavel Mancera Piñabut of the Kapteyn Astronomical Institute at the University of Groningenour and an author of the study, said in a statement, referring to classic dark matter hypotheses. "Observations say there isn't -- in fact, the difference between theory and observation is only getting bigger." One caveat, the team says, is that perhaps the angle at which they viewed AGC 114905 affected their observational results. "But that angle has to deviate very much from our estimate before there is room for dark matter again," Tom Oosterloo of Astron at the Netherlands Institute for Radio Astronomy and co-author of the study, said in a statement. And if they're correct? The team offers up a few reasons for why AGC 114905 may not have any dark matter. For instance, what if super large galaxies nearby somehow stripped it of the force? As a rebuttal, though, Mancera Pinabut says there don't seem to be any such galaxies in the vicinity. Further, he says, "in the most reputed galaxy formation framework, the so-called cold dark matter model, we would have to introduce extreme parameter values that are far beyond the usual range. Also with modified Newtonian dynamics, an alternative theory to cold dark matter, we cannot reproduce the motions of the gas within the galaxy."Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Almost exactly a year ago, security researchers uncovered one of the worst data breaches in modern history, if not ever: a Kremlin-backed hacking campaign that compromised the servers of network management provider SolarWinds and, from there, the networks of 100 of its highest-profile customers, including nine US federal agencies. Nobelium -- the name Microsoft gave to the intruders -- was eventually expelled, but the group never gave up and arguably has only become more brazen and adept at hacking large numbers of targets in a single stroke. The latest reminder of the group's proficiency comes from security firm Mandiant, which on Monday published research detailing Nobelium's numerous feats -- and a few mistakes -- as it continued to breach the networks of some of its highest-value targets. Mandiant's report shows that Nobelium's ingenuity hasn't wavered. Since last year, company researchers say the two hacking groups linked to the SolarWinds hack -- one called UNC3004 and the other UNC2652 -- have continued to devise new ways to compromise large numbers of targets in an efficient manner. Instead of poisoning the supply chain of SolarWinds, the groups compromised the networks of cloud solution providers and managed service providers, or CSPs, which are outsourced third-party companies that many large companies rely on for a wide range of IT services. The hackers then found clever ways to use those compromised providers to intrude upon their customers. The advanced tradecraft didn't stop there. According to Mandiant, other advanced tactics and ingenuities included:Use of credentials stolen by financially motivated hackers using malware such as Cryptbot (PDF), an information stealer that harvests system and web browser credentials and cryptocurrency wallets. The assistance from these hackers allowed the UNC3004 and UNC2652 to compromise targets even when they didn't use a hacked service provider.Once the hacker groups were inside a network, they compromised enterprise spam filters or other software with "application impersonation privileges," which have the ability to access email or other types of data from any other account in the compromised network. Hacking this single account saved the hassle of having to break into each account individually.The abuse of legitimate residential proxy services or geo-located cloud providers such as Azure to connect to end targets. When admins of the hacked companies reviewed access logs, they saw connections coming from local ISPs with good reputations or cloud providers that were in the same geography as the companies. This helped disguise the intrusions, since nation-sponsored hackers frequently use dedicated IP addresses that arouse suspicions.Clever ways to bypass security restrictions, such as extracting virtual machines to determine internal routing configurations of the networks they wanted to hack.Gaining access to an active directory stored in a target's Azure account and using this all-powerful administration tool to steal cryptographic keys that would generate tokens that could bypass two-factor authentication protections. This technique gave the intruders what's known as a Golden SAML, which is akin to a skeleton key that unlocks every service that uses the Security Assertion Markup Language, which is the protocol that makes single sign-on, 2FA, and other security mechanisms work.Use of a custom downloader dubbed Ceeloader.Read more of this story at Slashdot.

Chinese weather authorities successfully controlled the weather ahead of a major political celebration earlier this year, according to a Beijing university study. The Guardian reports: On 1 July the Chinese Communist party marked its centenary with major celebrations including tens of thousands of people at a ceremony in Tiananmen Square, and a research paper from Tsinghua University has said an extensive cloud-seeding operation in the hours prior ensured clear skies and low air pollution. [...] On Monday the South China Morning Post reported a recent research paper which found definitive signs that a cloud-seeding operation on the eve of the centenary had produced a marked drop in air pollution. The centenary celebration faced what the paper reportedly termed unprecedented challenges, including an unexpected increase in air pollutants and an overcast sky during one of the wettest summers on record. Factories and other polluting activities had been halted in the days ahead of the event but low airflow meant the pollution hadn't dissipated, it said. The paper, published in the peer-reviewed Environmental Science journal and led by environmental science professor, Wang Can, said a two-hour cloud-seeding operation was launched on the eve of the ceremony, and residents in nearby mountain regions reported seeing rockets shot into the sky on 30 June. The paper said the rockets were carrying silver iodine into the sky to stimulate rainfall. The researchers said the resulting artificial rain reduced the level of PM2.5 air pollutants by more than two-thirds, and shifted the air quality index reading, based on World Health Organization standards, from "moderate" to "good." The team said the artificial rain "was the only disruptive event in this period," so it was unlikely the drop in pollution had a natural cause.Read more of this story at Slashdot.

The artificial intelligence (AI) program DeepMind has gotten closer to proving a math conjecture that's bedeviled mathematicians for decades and revealed another new conjecture that may unravel how mathematicians understand knots. Live Science reports: The two pure math conjectures are the first-ever important advances in pure mathematics (or math not directly linked to any non-math application) generated by artificial intelligence, the researchers reported Dec. 1 in the journal Nature. [...] The first challenge was setting DeepMind onto a useful path. [...] They focused on two fields: knot theory, which is the mathematical study of knots; and representation theory, which is a field that focuses on abstract algebraic structures, such as rings and lattices, and relates those abstract structures to linear algebraic equations, or the familiar equations with Xs, Ys, pluses and minuses that might be found in a high-school math class. In understanding knots, mathematicians rely on something called invariants, which are algebraic, geometric or numerical quantities that are the same. In this case, they looked at invariants that were the same in equivalent knots; equivalence can be defined in several ways, but knots can be considered equivalent if you can distort one into another without breaking the knot. Geometric invariants are essentially measurements of a knot's overall shape, whereas algebraic invariants describe how the knots twist in and around each other. "Up until now, there was no proven connection between those two things," [said Alex Davies, a machine-learning specialist at DeepMind and one of the authors of the new paper], referring to geometric and algebraic invariants. But mathematicians thought there might be some kind of relationship between the two, so the researchers decided to use DeepMind to find it. With the help of the AI program, they were able to identify a new geometric measurement, which they dubbed the "natural slope" of a knot. This measurement was mathematically related to a known algebraic invariant called the signature, which describes certain surfaces on knots. In the second case, DeepMind took a conjecture generated by mathematicians in the late 1970s and helped reveal why that conjecture works. For 40 years, mathematicians have conjectured that it's possible to look at a specific kind of very complex, multidimensional graph and figure out a particular kind of equation to represent it. But they haven't quite worked out how to do it. Now, DeepMind has come closer by linking specific features of the graphs to predictions about these equations, which are called Kazhdan-Lusztig (KL) polynomials, named after the mathematicians who first proposed them. "What we were able to do is train some machine-learning models that were able to predict what the polynomial was, very accurately, from the graph," Davies said. The team also analyzed what features of the graph DeepMind was using to make those predictions, which got them closer to a general rule about how the two map to each other. This means DeepMind has made significant progress on solving this conjecture, known as the combinatorial invariance conjecture.Read more of this story at Slashdot.

In an open letter to Mark Zuckerberg published Monday, a group of academics called for Meta to be more transparent about its research into how Facebook, Instagram, and WhatsApp affect the mental health of children and adolescents. The Verge reports: The letter calls for the company to allow independent reviews of its internal work, contribute data to external research projects, and set up an independent scientific oversight group. "You and your organizations have an ethical and moral obligation to align your internal research on children and adolescents with established standards for evidence in mental health science," the letter, signed by researchers from universities around the world, reads. The open letter comes after leaks from Facebook revealed some data from the company's internal research, which found that Instagram was linked with anxiety and body image issues for some teenage girls. The research released, though, is limited and relied on subjective information collected through interviews. While this strategy can produce useful insights, it can't prove that social media caused any of the mental health outcomes. The information available so far appears to show that the studies Facebook researchers conducted don't meet the standards academic researchers use to conduct trials, the new open letter said. The information available also isn't complete, the authors noted -- Meta hasn't made its research methods or data public, so it can't be scrutinized by independent experts. The authors called for the company to allow independent review of past and future research, which would include releasing research materials and data. The letter also asked Meta to contribute its data to ongoing independent research efforts on the mental health of adolescents. It's a longstanding frustration that big tech companies don't release data, which makes it challenging for external researchers to scrutinize and understand their products. "It will be impossible to identify and promote mental health in the 21st century if we cannot study how young people are interacting online," the authors said. [...] The open letter also called on Meta to establish an independent scientific trust to evaluate any risks to mental health from the use of platforms like Facebook and Instagram and to help implement "truly evidence-based solutions for online risks on a world-wide scale." The trust could be similar to the existing Facebook Oversight Board, which helps the company with content moderation decisions.Read more of this story at Slashdot.

An anonymous reader quotes a report from BleepingComputer: Eurostar is testing a new biometric facial recognition technology on passengers traveling from London's St Pancras International station to continental Europe. The passengers will be given the opportunity to complete their pre-departure ticket and passport checks via the new biometric system, called the "SmartCheck" lane. Those who take this option will be allowed to board the train without going through the typically tedious ID verification procedures. The system will involve two facial scans, one at the ticket gate to verify the ticket check and one at the UK Exit Checkpoint, to confirm that the passport information is valid. The goal, according to Eurostar, is to eliminate queues and expedite the boarding process, not only improving customer satisfaction but also minimizing the chances for viral transmission. The system will be trialed with a limited number of invited passengers and won't involve the UK's or Schengen entry controls. Eurostar announced its intention to introduce a facial recognition system to replace physical tickets and passport checks last year, and facial recognition company iProov helped them build it. iProov is a proponent of what they call "passive authentication", which is facial recognition without the user having to do anything. The user consents to the platform by visiting an online portal to register with their information and takes an image of their face with the smartphone or webcam. When they reach a physical checkpoint, they simply look at the camera, and the system authenticates them effortlessly.Read more of this story at Slashdot.

Verizon might be collecting information about your browsing history, location, apps, and your contacts, all in the name of helping the company "understand your interests," first spotted by Input. The Verge reports: The program, which Verizon appears to automatically opt customers into, is called Verizon Custom Experience and its controls lay buried in the privacy settings on the My Verizon app. The program introduces two different options that appear in the app, Custom Experience and Custom Experience Plus, each of which varies in terms of invasiveness. Verizon provides additional information about both settings within the app, as well as on a FAQ page on its website. It appears that the Custom Experience option is a stripped-down version of Custom Experience Plus, and as Verizon states directly in the app, it helps Verizon "personalize" its "communication with you" and "give you more relevant product and service recommendations" by using "information about websites you visit and apps you use on your mobile device." Meanwhile, Custom Experience Plus has the same stated purpose -- to help Verizon provide you with a more "personalized" experience. However, it not only uses information about the websites and apps you use on your mobile device, but it also says it uses your "device location," along with "phone numbers you call or that call you" to help Verizon "better understand your interests." This also includes your CPNI, which tracks the times and duration of your calls, and because Verizon is your wireless network provider, it can track your location even if you've turned off location services on your phone. As Verizon explains on its site, it might use your information to, say, present you with an offer that includes music content, or give you a music-related option in its Verizon Up reward program if it knows you like music. Verizon explicitly states that for the more invasive Customer Experience Plus tracking, you "must opt-in to participate and you can change your choice at any time." Signing up for those Up Rewards, or other promotions with consequences buried in the fine print may have opted customers in unknowingly. How to opt-out: "[...] open your My Verizon app, and then hit the gear icon in the top-right corner of the screen. Scroll down and select 'Manage privacy settings' beneath the 'Preferences' heading. On the next page, toggle off 'Custom Experience' and 'Custom Experience Plus.' To erase the information that Verizon has already collected about you through the program, tap 'Custom Experience Settings,' and hit 'Reset.'"Read more of this story at Slashdot.

Toyota will open a multi-billion dollar battery plant with at least 1,750 employees about an hour's drive outside the Triangle, after North Carolina approved an incentive package Monday worth $438.7 million for the company -- one of the largest manufacturing investments in the state's history. From the News & Observer: The Japanese auto maker announced in October it would build a $1.29 billion facility in the United States to manufacture hybrid and electric vehicle batteries -- a key component of the company's plans to make 70% of its cars electric by the end of the decade. The plant known as Toyota Battery Manufacturing, North Carolina will be built in Liberty, a small town in Randolph County that is home to the Greensboro-Randolph Megasite, one of the designated areas in North Carolina the state markets to potential large manufacturers. Toyota will launch production in 2025 and expand operations by 2031. The site will produce 1.2 million battery packs per year, said Chris Reynolds, chief administrative officer of corporate resources for Toyota North America. The state's Economic Investment Committee approved the state's incentive for Toyota -- referred to internally as Project Darwin -- at a special meeting in Raleigh on Monday. The state's contribution is just one part of an incentive package from numerous entities that could reach $271.4 million. Reynolds did not have a timeline for when construction of the plant would begin but that it would be operational in 2025. Toyota eventually will create 1,750 jobs into 2029, with the jobs paying a minimum average wage of $62,234, according to the state's Commerce Department.Read more of this story at Slashdot.

An anonymous reader quotes a report from Bloomberg: The Australian computer scientist who claims he invented Bitcoin was told by a U.S. jury to pay $100 million in damages over claims that he cheated a deceased friend over intellectual property for the cryptocurrency. Jurors in Miami federal court took about a week to reach Monday's verdict, following about three weeks of trial. The jury rejected most claims against Craig Wright and the outcome probably won't resolve the debate over whether Wright is the mythical creator of the peer-to-peer currency, Satoshi Nakamoto. The brother of Dave Kleiman, a computer security expert who died in 2013, alleged that the late Florida man worked with Wright to create and mine Bitcoin in its early years. As a result, the plaintiffs claimed the estate was entitled to half of a cache of as many as 1.1 million Bitcoins worth some $70 billion, which are thought to be held by Satoshi. Some cryptocurrency investors see Wright as a fake, and years-long litigation in Florida has done little to quiet the skeptics. Wright has declared many times in court that he invented Bitcoin, as he has previously in news interviews. Had the jury's verdict gone against Wright, that would have forced to him to produce the Satoshi fortune. To some observers, that would have been the true test. "Many years ago, Craig Wright told the Kleiman family that he and Dave Kleiman developed revolutionary Bitcoin based intellectual property," he said in a statement. "Despite those admissions, Wright refused to give the Kleimans their fair share of what Dave helped create." The jury found Wright liable for conversion -- the illegal taking of property -- and awarded damages to W&K Info Defense Research LLC, the entity through which Kleiman and Wright are supposed to have done work together. In closing arguments to the jury, Freedman said Wright schemed and connived to "steal from his dead best friend with forgery and lies." The estate claimed that in addition to the Bitcoin mining the friends did together, Kleiman helped Wright create the intellectual property behind early blockchain technology worth $252 billion. Wright contended that the claims by Dave Kleiman's brother, Ira, were fabricated. He testified that his friend didn't help him launch the cryptocurrency and argued there was no paper trail showing that they had a partnership.Read more of this story at Slashdot.

Life360, a popular family safety app used by 33 million people worldwide, has been marketed as a great way for parents to track their children's movements using their cellphones. The Markup has learned, however, that the app is selling data on kids' and families' whereabouts to approximately a dozen data brokers who have sold data to virtually anyone who wants to buy it. From the report: Through interviews with two former employees of the company, along with two individuals who formerly worked at location data brokers Cuebiq and X-Mode, The Markup discovered that the app acts as a firehose of data for a controversial industry that has operated in the shadows with few safeguards to prevent the misuse of this sensitive information. The former employees spoke with The Markup on the condition that we not use their names, as they are all still employed in the data industry. They said they agreed to talk because of concerns with the location data industry's security and privacy and a desire to shed more light on the opaque location data economy. All of them described Life360 as one of the largest sources of data for the industry.Read more of this story at Slashdot.

Supply chain issues have plagued the United States for months, causing scarcities of everything from cars to running shoes. In Alaska, residents are struggling to acquire winter coats. Now, New York's bagel purveyors are starting to feel the effects in a sudden and surprising development that has left them scrambling to find and hoard as much cream cheese as they can. From a report: Scott Goldshine, the general manager at Zabar's, estimated on Friday that he had enough to last 10 days. "Begging is one of my plans, which I have done, and it's helped," Mr. Goldshine said, adding that he had called about eight distributors in recent days. "If anybody's got it, let them call me." New York bagel sellers go through thousands of pounds of cream cheese every few weeks. The recipe for the beloved spread, which according to the Kraft Heinz Company originated in New York sometime in the 1870s, is fairly simple: lactic acid, pasteurized milk and cream. Many shops start their mixes with Philadelphia cream cheese, a Kraft Heinz brand, which arrives on huge pallets. The pallets are not filled with the Philadelphia cream cheese found on most grocery store shelves: The raw product that comes to bagel shops is unprocessed and unwhipped, said bagel makers, who use it as a base for their own creations. Without that base, they said, the spreads just won't taste or feel the same, and customers will notice. But for about three weeks now, dairy suppliers said, the cream cheese orders they have placed with manufacturers have come up short. "I've never been out of cream cheese for 30 years," said Joseph Yemma, the owner of F&H Dairies in Brooklyn, a dairy product distributor for many of the city's bagel shops. "There's no end in sight." In interviews with owners and workers at about 20 bagel shops and delis across the city, many said they were frazzled, frustrated and rushing to find cream cheese after learning about the shortage in the past few days.Read more of this story at Slashdot.

Since at least 2017, a mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network in what a security researcher has described as an attempt to deanonymize Tor users. The Record: Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to 9,000-10,000. Some of these servers work as entry points (guards), others as middle relays, and others as exit points from the Tor network. Their role is to encrypt and anonymize user traffic as it enters and leaves the Tor network, creating a giant mesh of proxy servers that bounce connections between each other and provide the much-needed privacy that Tor users come for. Servers added to the Tor network typically must have contact information included in their setup, such as an email address, so Tor network administrators and law enforcement can contact server operators in the case of a misconfiguration or file an abuse report. However, despite this rule, servers with no contact information are often added to the Tor network, which is not strictly policed, mainly to ensure there's always a sufficiently large number of nodes to bounce and hide user traffic.Read more of this story at Slashdot.

Non-fungible tokens are one of the hottest things in cryptocurrencies right now, with the prospect of big gains should the latest collection rise in value. But a new study from Chainalysis shows that a small portion of participants reap most of the gains. From a report: Investing frequently in a wide array of collections appears to lead to the highest profits, Chainalysis said in its report. It added that whitelisting -- the practice of allowing a certain set of followers or others to purchase new NFTs at a much lower price than other users during minting events where a digital file is turned into a digital asset on a blockchain -- helps those people significantly. Users who make the whitelist and later sell their newly-minted NFT gain a profit 75.7% of the time, versus just 20.8% for users who do so without being whitelisted, Chainalysis said, citing Opensea data. The data suggests it's nearly impossible to reap outsized returns on minting purchases without being whitelisted, the study said. "A very small group of highly sophisticated investors rake in most of the profits from NFT collecting," the study said. "This is especially true in minting, where the whitelisting process gives early supporters of collection access to lower prices that result in greater profits. We also see possible evidence of the use of bots by investors looking to purchase during minting events, which could shut out less sophisticated users, and even result in failed transactions that cost them in fees."Read more of this story at Slashdot.

The Yutu-2 rover is on a roll. It's been exploring the far side of the moon since early 2019 as part of China's Chang'e-4 lunar lander mission. It now has its eyes set on a strange-looking cube-shaped object it spotted in the distance. From a report: Andrew Jones, a journalist who covers the Chinese space program for SpaceNews and Space.com, highlighted a new rover update in a series of tweets Friday. The nickname for the cube-shaped object translates to "mystery house." The rover team is planning to drive over and get a closer look at the object. As with Yutu-2's intriguing discovery of a "gel-like" substance inside a crater in 2019, don't get too excited for aliens. That substance turned out to be glassy-looking rock. And as far as I know, Stanley Kubrick never planted a monolith on the real moon, and those metal sculptures that were once all the rage on Earth haven't made the trek across space. Yutu-2's view of the cube is fuzzy and far-off, so the object's true nature should become clearer as the rover gets closer. The most likely explanation is a boulder. This part of the moon is pockmarked with impact craters, which can feature quite a bit of chunky debris.Read more of this story at Slashdot.

An indestructible "black box" is set to be built upon a granite plain on the west coast of Tasmania, Australia, in early 2022. Its mission: Record "every step we take" toward climate catastrophe, providing a record for future civilizations to understand what caused our demise, according to the Australian Broadcasting Corporation. From a report: The project, led by marketing communications company Clemenger BBDO in collaboration with University of Tasmania researchers, is currently in beta and has already begun collecting information at its website. The structure is designed to be about the size of a city bus, made of 3-inch-thick steel and topped with solar panels. Its interior will be filled with "storage drives" that gather climate change-related data such as atmospheric carbon dioxide levels and average temperatures. In addition, using an algorithm, it will scour the web for tweets, posts, news and headlines. The developers estimate that storage will run out in 30 to 50 years, according to the ABC. There are plans to increase the storage capacity and provide a more long-term solution, but it's unclear how the structure will be maintained -- how its solar panels might be replaced before the end of civilization, how well those drives hold up after decades and how impervious the vault will be to vandalism or sabotage. Its remote location, around four hours from the closest major city, is one deterrent -- but will that be enough?Read more of this story at Slashdot.

Australians have been named the heaviest drinkers in the world after spending more time drunk in 2020 than any other nation. The Guardian reports: An international survey (PDF) has found Australians drank to the point of drunkenness an average of 27 times a year, almost double the global average of 15. Almost a quarter of Australians reported feeling regret for becoming intoxicated. The Global Drug Survey asked more than 32,000 people from 22 countries what their drug and alcohol consumption was last year. On average, Australians drank alcohol in line with the global average of two nights a week, and became heavily drunk about once every two weeks. The French topped that metric, drinking around three times a week. Australian participants also tripled the global average on seeking emergency care for their drinking (3.9% compared with the global average of 1.2%). "Global Drug Survey researcher Dr Monica Barratt said Australia's high rate of drunkenness might be related to most of the country avoiding Covid lockdowns in 2020," the report adds. "Bar Victoria, most states and territories only went through short and sharp lockdowns, with relatively few cases or deaths, allowing hospitality venues to remain open and events to continue." On the opposite end of the spectrum were New Zealanders, who became intoxicated "fewer times than almost any other country in the survey, getting drunk about 10 times a year," reports the Guardian. "Danes and Finns spent the most time drinking to excess after Australians, tied at 23.8 times a year. Americans came in third place, becoming intoxicated an average of 23 times in 2020, followed by the British (22.5 times)."Read more of this story at Slashdot.

Since at least 2017, a mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network in what a security researcher has described as an attempt to deanonymize Tor users. The Record reports: Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to 9,000-10,000. Some of these servers work as entry points (guards), others as middle relays, and others as exit points from the Tor network. Their role is to encrypt and anonymize user traffic as it enters and leaves the Tor network, creating a giant mesh of proxy servers that bounce connections between each other and provide the much-needed privacy that Tor users come for. Servers added to the Tor network typically must have contact information included in their setup, such as an email address, so Tor network administrators and law enforcement can contact server operators in the case of a misconfiguration or file an abuse report. However, despite this rule, servers with no contact information are often added to the Tor network, which is not strictly policed, mainly to ensure there's always a sufficiently large number of nodes to bounce and hide user traffic. But a security researcher and Tor node operator going by Nusenu told The Record this week that it observed a pattern in some of these Tor relays with no contact information, which he first noticed in 2019 and has eventually traced back as far as 2017. Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds at any given point. The actor's servers are typically located in data centers spread all over the world and are typically configured as entry and middle points primarily, although KAX17 also operates a small number of exit points. Nusenu said this is strange as most threat actors operating malicious Tor relays tend to focus on running exit points, which allows them to modify the user's traffic. KAX17's focus on Tor entry and middle relays led Nusenu to believe that the group, which he described as "non-amateur level and persistent," is trying to collect information on users connecting to the Tor network and attempting to map their routes inside it. In research published this week and shared with The Record, Nusenu said that at one point, there was a 16% chance that a Tor user would connect to the Tor network through one of KAX17's servers, a 35% chance they would pass through one of its middle relays, and up to 5% chance to exit through one. While all signs point to a nation-level and well-resourced threat actor who is behind this group, neither Nusenu nor the Tor Project wanted to speculate.Read more of this story at Slashdot.

Dozens of printers across the internet are printing out a manifesto that encourages workers to discuss their pay with coworkers, and pressure their employers. Motherboard reports: "ARE YOU BEING UNDERPAID?" one of the manifestos read, according to several screenshots posted on Reddit and Twitter. "You have a protected LEGAL RIGHT to discuss your pay with your coworkers. [...] POVERTY WAGES only exist because people are 'willing' to work for them." On Tuesday, a Reddit user wrote in a post that the manifesto was getting randomly printed at his job. "Which one of you is doing this because it's hilarious," the user wrote. "Me and my co-workers need answers." Some people on Reddit have suggested that the messages are fake (i.e. printed by people with access to a receipt printer and posted for Reddit clout) or as part of a conspiracy to make it seem like the r/antiwork subreddit is doing something illegal. But Andrew Morris, the founder of GreyNoise, a cybersecurity firm that monitors the internet, told Motherboard that his firm has seen actual network traffic going to insecure receipt printers, and that it seems someone or multiple people are sending these printing jobs all over the internet indiscriminately, as if spraying or blasting them all over. Morris has a history of catching hackers exploiting insecure printers. "Someone is using a similar technique as 'mass scanning' to massively blast raw TCP data directly to printer services across the internet," Morris told Motherboard in an online chat. "Basically to every single device that has port TCP 9100 open and print a pre-written document that references /r/antiwork with some workers rights/counter capitalist messaging." Whoever is doing this, Morris said, is doing it "in an intelligent way." "The person or people behind this are distributing the mass-print from 25 separate servers so blocking one IP isn't enough," he said. "A technical person is broadcasting print requests for a document containing workers rights messaging to all printers that are misconfigured to be exposed to the internet and we've confirmed that it is printing successfully in some number of places the exact number would be difficult to confirm but Shodan suggests that thousands of printers are exposed," he added, referring to Shodan, a tool that scans the internet for insecure computers, servers, and other devices.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: This week, Canadian police announced that car thieves have been using AirTags to track vehicles they want to steal. York Regional Police (which serves an area north of Toronto) revealed that it has investigated five incidents in the past three months in which thieves have hidden AirTags on vehicles parked in public. Later, the thieves tracked down their targets to steal the cars at their leisure. Other Bluetooth-based trackers have been available for some time now, but the ubiquity of Apple devices (which communicate with AirTags via Apple's Find My app) means it's generally faster and more accurate to track something remotely via an AirTag than a rival device like a Tile. And while they undoubtedly make it easier for users to recover lost stuff, the tags are being exploited by criminals. Apple did build some anti-stalking functions into AirTags -- if your Apple device detects that you're being followed by an unfamiliar device, it will alert you, as long as you're running iOS 14.5 or newer.Read more of this story at Slashdot.

An anonymous reader quotes a report from NPR: New rules approved by the Consumer Financial Protection Bureau that took effect on Tuesday dictate how collection agencies can email and text people as well as message them on social media to seek repayment for unpaid debts. Kathleen L. Kraninger, the former CFPB director who oversaw the rule changes, said last year that they were a necessary update to the Fair Debt Collection Practices Act, which is more than four decades old. "We are finally leaving 1977 behind and developing a debt collection system that works for consumers and industry in the modern world," Kraninger said in a blog post. Under the new rules, debt collectors who contact you on social media have to identify themselves as debt collectors but can attempt to join your network by sending you a friend request. Collectors must give you the option to opt out of being contacted online, and any messages they send have to be private -- collectors can't post on your page if it can be seen by your contacts or the public. Collection agencies can also email and text message debtors, but must still offer the ability to opt out. Industry officials praised the move as a welcome change to the outdated methods currently used by the collections industry. The new rules were devised during the Trump administration, when the bureau became more business-friendly than it had been in the past. The new rules also set a limit for the first time on how often debt collectors can call you. Agencies will be restricted to seven calls per week per account in collection.Read more of this story at Slashdot.

Zoom is rolling out a number of new updates for its video conferencing software and one of them might finally encourage users to ensure they're on time for their next big meeting. TechRadar reports: According to a new blog post from the company, Attendance Status makes it easier for organizations to streamline the start of their Zoom Meetings by allowing meeting hosts and co-hosts using its Google Calendar or Outlook Calendar integrations to view who has accepted or declined a meeting invite. However, this new feature also gives them the ability to see whether everyone invited to a meeting has joined. If you're used to arriving earlier for video calls, you should be fine but for those that try to slink in unnoticed later on in a meeting, your boss or manager will now be aware of your absence, so tread carefully. You'll also no longer be able to use the excuse that you had to update your Zoom client as Zoom recently added a new automatic update feature for Windows and macOS that ensures everyone in a meeting is running the latest version of the company's software. Zoom is also rolling out other new features, such as the ability for users to select multiple people to control the movements of slides in a presentation. They've also "added more options for creating polls including ranked responses, matching, short and long answers and even fill in the blank," adds TechRadar. "Finally, Zoom is adding additional watermark settings to its software to help organizations and individuals get the most out of their recorded content and avoid distracting watermarks."Read more of this story at Slashdot.

The first victory of the 2021 FIDE World Championship happened in game 6 after GM Magnus Carlsen defeated GM Ian Nepomniachtchi in a record 136 moves. Chess.com reports: Carlsen's victory came after the world champion exchanged a queen for two rooks, provoking a long, tense endgame -- a strategy that eventually proved effective. With both players working on increment after move 80, Magnus converted the position into a rook, knight, and two pawns for a queen, which ended up enough to take the match lead. It was the first decisive game in the classical rounds of a world championship in over five years.Read more of this story at Slashdot.

An anonymous reader quotes a report from The Hill: The Chinese rideshare app Didi announced Friday that it will delist from the New York Stock Exchange just months after its initial public offering. The company's brief announcement on the microblog Weibo noted plans to relist on Hong Kong's exchange, but gave few other details. Didi had been valued at nearly $70 billion after its first day of trading in June, but has since seen its shares collapse amid a crackdown from Beijing. [China says the company broke data privacy laws and posed cybersecurity risks.] Chinese authorities announced a probe of the company's data security practices shortly after its listing, but that investigation has not yet been closed. The company, which successfully held Uber out of its domestic market, owns a vast trove of data on Chinese users. The company's market capitalization now sits at roughly $38 billion. Its shares tumbled even further Friday following the news of the delisting. "Didi's repatriation to [Hong Kong] is a significantly worrying indicator for the larger US-Sino economic relationship," Brock Silvers, chief investment officer at Kaiyuan Capital in Hong Kong, told CNN. "Beijing essentially forced Didi's hand. [...] Didi's repatriation looks likely to be the start of a trend, and the market should expect that others will follow. Equity investors may not wait for the other shoe to drop." "Chinese founders previously looked to [New York] for a number of reasons, including looser listing standards, often higher multiples and a domicile beyond Beijing's financial [and] regulatory grasp," Silvers added. "That calculus has rapidly changed, and today's companies -- especially established market leaders or those in certain tech sectors -- will likely face increasing pressure to list on China-controlled exchanges."Read more of this story at Slashdot.

For a measured perspective on how much quantum computing is actually advancing as a field, IEEE Spectrum spoke with John Martinis, a professor of physics at the University of California, Santa Barbara, and the former chief architect of Google's Sycamore. From a report: IEEE Spectrum: So it's been about two years since you unveiled results from Sycamore. In the last few weeks, we've seen announcements of a 127-qubit chip from IBM and a 256-qubit neutral atom quantum computer from QuEra. What kind of progress would you say has actually been made?John Martinis: Well, clearly, everyone's working hard to build a quantum computer. And it's great that there are all these systems people are working on. There's real progress. But if you go back to one of the points of the quantum supremacy experiment -- and something I've been talking about for a few years now -- one of the key requirements is gate errors. I think gate errors are way more important than the number of qubits at this time. It's nice to show that you can make a lot of qubits, but if you don't make them well enough, it's less clear what the advance is. In the long run, if you want to do a complex quantum computation, say with error correction, you need way below 1% gate errors. So it's great that people are building larger systems, but it would be even more important to see data on how well the qubits are working. In this regard, I am impressed with the group in China who reproduced the quantum supremacy results, where they show that they can operate their system well with low errors.Read more of this story at Slashdot.

To better understand the coronavirus's journey from one person to another, a team of 50 scientists has for the first time created an atomic simulation of the coronavirus nestled in a tiny airborne drop of water. From a report: To create the model, the researchers needed one of the world's biggest supercomputers to assemble 1.3 billion atoms and track all their movements down to less than a millionth of a second. This computational tour de force is offering an unprecedented glimpse at how the virus survives in the open air as it spreads to a new host. "Putting a virus in a drop of water has never been done before," said Rommie Amaro, a biologist at the University of California San Diego who led the effort, which was unveiled at the International Conference for High Performance Computing, Networking, Storage and Analysis last month. "People have literally never seen what this looks like." How the coronavirus spreads through the air became the subject of fierce debate early in the pandemic. Many scientists championed the traditional view that most of the virus's transmission was made possible by larger drops, often produced in coughs and sneezes. Those droplets can travel only a few feet before falling to the floor. But epidemiological studies showed that people with Covid-19 could infect others at a much greater distance. Even just talking without masks in a poorly ventilated indoor space like a bar, church or classroom was enough to spread the virus. Those findings pointed to much smaller drops, called aerosols, as important vehicles of infection. Scientists define droplets as having a diameter greater than 100 micrometers, or about 4 thousandths of an inch. Aerosols are smaller -- in some cases so small that only a single virus can fit inside them. And thanks to their minuscule size, aerosols can drift in the air for hours.Read more of this story at Slashdot.

Germany's incoming government is throwing its weight behind a ban on the use of biometric identification technologies such as facial recognition in public places. From a report: According to their coalition deal, the Social Democrats (SPD), Greens and liberal Free Democrats (FDP) want to "exclude" biometric recognition in public spaces as well as automated state scoring systems by AI through European law. "Biometric recognition in public spaces as well as automated state scoring systems by AI are to be excluded under European law," reads the coalition agreement, presented on Wednesday. The EU's Artificial Intelligence Act, proposed in April, creates product safety rules for "high risk" AI that is likely to cause harm to humans. It also bans certain "unacceptable" AI uses, such as social scoring and restricts the use of remote biometric identification in public places from law enforcement, unless it is to fight serious crime, such as terrorism. The AI Act's prohibitions are some of the bill's most contentious articles, and many European countries have yet to decide what they think. Germany's support of a ban could rally other countries to the same view. Belgium and Slovakia have already expressed their support.Read more of this story at Slashdot.

Tesla boss Elon Musk said on Friday the electric-car maker's much-anticipated Cybertruck would come with a high- end four-motor variant. From a report: "Initial production will be 4 motor variant, with independent, ultra fast response torque control of each wheel," Musk said in a tweet. Calling the electric pick-up truck "insane technology bandwagon," Musk said the Cybertruck would have both front and rear-wheel steer that would "not just (turn) like a tank -- it can drive diagonally like a crab." The vehicle would compete with pickup trucks such as GMC's Hummer EV, Ford's F-150 Lightning and Rivian's R1T. Of those, R1T is driven by four individual motors powering all four wheels and GMC's Hummer can drive diagonally.Read more of this story at Slashdot.

The US Federal Bureau of Investigations said today that the operators of the Cuba ransomware have earned at least $43.9 million from ransom payments following attacks carried out this year. From a report: In a flash alert sent out on Friday, the Bureau said the Cuba gang has "compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors." The FBI said it traced attacks with the Cuba ransomware to systems infected with Hancitor, a malware operation that uses phishing emails, Microsoft Exchange vulnerabilities, compromised credentials, or RDP brute-forcing tools to gain access to vulnerable Windows systems. Once systems are added to their botnet, Hancitor operators rent access to these systems to other criminal gangs in a classic Malware-as-a-Service model. While an April 2021 McAfee report on the Cuba ransomware found no connection between the two groups, the FBI report highlights what appears to be a new partnership between MaaS providers and ransomware gangs after other ransomware operations struck similar partnerships throughout 2020.Read more of this story at Slashdot.

Sony Group's PlayStation division is planning a new subscription service to compete with rival Microsoft's popular Xbox Game Pass, according to people familiar with Sony's plans and documents reviewed. Blooomberg: The service, code-named Spartacus, will allow PlayStation owners to pay a monthly fee for access to a catalog of modern and classic games, said the people, who asked not to be identified because they weren't authorized to speak to the press about the plans. The offering will likely be available on the smash hit PlayStation 4, which has sold more than 116 million units, and its elusive successor, the PlayStation 5, which launched more than a year ago but is still difficult to buy due to supply chain issues. When it launches, expected in the spring, the service will merge Sony's two existing subscription plans, PlayStation Plus and PlayStation Now. Currently, PlayStation Plus is required for most online multiplayer games and offers free monthly titles, while PlayStation Now allows users to stream or download older games. Documents reviewed by Bloomberg suggest that Sony plans to retain the PlayStation Plus branding but phase out PlayStation Now.Read more of this story at Slashdot.

Scientists have raised concerns about a proposed overhaul of newborn screening that could lead to the UK becoming the first country to offer whole-genome sequencing for every baby. From a report: Speaking before the publication of plans for an NHS pilot study in which up to 200,000 babies' genomes will be sequenced and analysed, scientists suggested the initiative appeared designed to create a valuable health dataset rather than an effective method of improving the diagnosis of rare diseases. Anneke Lucassen, director of the Centre for Personalised Medicine at the University of Oxford, said that if the primary objective were improving newborn screening, there were alternative, more targeted tests that would be cheaper and potentially more reliable. "If it was really all about [diagnosing more conditions], you could do that through other means," she said. "It's about helping to build the genomics industry in the UK and it's about creating a research resource so we can study people as they grow older." Lucassen said she was not opposed to the pilot, or even necessarily to these objectives, but wanted more transparency,"because otherwise it's sold as something that is not the full picture. The public needs to know that," she added. Sequencing the genomes of all newborns would represent a hugely ambitious upgrade to the routine "heel prick" test that all babies receive at about five days to detect nine serious health conditions including cystic fibrosis, sickle cell disease and various metabolic diseases.Read more of this story at Slashdot.

Apple's iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, Reuters reported Friday, citing people familiar with the matter. From the report: The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning the East African country, two of the sources said. The intrusions, first reported here, represent the widest known hacks of U.S. officials through NSO technology. Previously, a list of numbers with potential targets including some American officials surfaced in reporting on NSO, but it was not clear whether intrusions were always tried or succeeded.Read more of this story at Slashdot.

The massive reach of Amazon's e-commerce platform is appealing for any small business that wants to sell its products online. But a new report suggests that the cost of doing business can become a Faustian bargain for a third-party seller, as the fees that Amazon charges them can quickly eat into profits. From a report: Amazon Toll Road, a report from the nonprofit Institute for Local Self-Reliance (ILSR), found that Amazon charged third-party sellers a total of $121 billion in fees this year alone. According to the report, written by ILSR co-director Stacy Mitchell, those fees -- for things like advertising, referrals, and shipping -- usually mean that small businesses lose money to Amazon; Mitchell said that in 2014, sellers paid Amazon $19 of every $100 in sales, and today, it's more like $34 per $100 in sales. And, Amazon obscures the profit it makes from these small businesses in its financial reports, lumping it in with other less lucrative divisions "because showing that they generate these profits from small businesses is not a good look," Mitchell said in an interview with The Verge. But its Amazon Prime subscription service -- believed to be a money loser for the e-commerce giant -- provides Amazon a loyal base of shoppers who want to get their money's worth of free shipping. The profits Amazon makes from seller fees subsidize the losses from its Prime division, according to the report.Read more of this story at Slashdot.

Wikipedia co-founder Jimmy Wales is selling a non-fungible token (or NFT) based on his first edit of the free encyclopedia. From a report: Auction house Christie's will hold a sale of the token from December 3rd to 15th, auctioning it alongside the Strawberry iMac Wales was using around Wikipedia's launch. The funds will go toward charitable causes and WT.Social, a donation-backed social network that Wales launched in 2019. Wales' NFT is effectively the keys to a very early version of Wikipedia, which debuted in January of 2001. "What you see displayed is what Wikipedia looked like at the moment that I set up the software," he tells The Verge. The single page will be launched publicly on the web, and much like Wikipedia itself, anyone will be able to see and edit it. But all changes will revert after five minutes, returning it to its original state: a single edit reading "Hello, World!" following a long-held tradition of programming. The NFT, which is written to the Ethereum blockchain, encodes a smart contract that grants its buyer control over that website. The buyer can change the window for reverting edits, and if they really want, they can turn off editing or shut down the page. They can also take a completely hands-off approach and let Wales manage the page for them.Read more of this story at Slashdot.

Microsoft is backtracking on changes it made to Windows 11 that made it more difficult to switch default browsers. From a report: A new test build of Windows 11 now allows users of Chrome, Firefox, and other browsers to set a default browser with a single button, which is a far simpler process. Rafael Rivera, developer of the excellent EarTrumpet Windows app, discovered the new Windows 11 changes earlier this week. Instead of having to change individual file extensions or protocol handlers for HTTP, HTTPS, .HTML, and .HTM, Windows 11 now offers a simple button that lets people switch default browsers in a similar way to Windows 10. Microsoft has confirmed the changes are intentional and are currently being tested. "In the Windows 11 Insider Preview Build 22509 released to the Dev Channel on Wednesday, we streamlined the ability for a Windows Insider to set the 'default browser' to apps that register for HTTP:, HTTPS:, .HTM, and .HTML," explains Aaron Woodman, vice president of Windows marketing, in a statement to The Verge. "Through the Windows Insider Program you will continue to see us try new things based on customer feedback and testing."Read more of this story at Slashdot.

Two men have been indicted by a grand jury for running a massive YouTube Content ID scam that netted the pair more than $20m. TorrentFreak: Webster Batista Fernandez and Jose Teran managed to convince a YouTube partner that the pair owned the rights to 50,000+ tracks and then illegally monetized user uploads over a period of four years.Read more of this story at Slashdot.

New technology promising to solve Ethereum's growing pains is gaining traction, increasing bets that some day most of the network's transactions might not actually take place on its own blockchain. From a report: For years slow speeds and high transaction fees have plagued the network underpinning the $550 billion cryptocurrency Ether -- home to the most popular blockchain applications. Its weaknesses have allowed new competitors such as Solana and Avalanche to gain ground. However, help from so-called Layer 2 technologies, or rollups, could be a solution. Digital ledgers like Ethereum are designed to slow down and become more expensive as their popularity increases. But these Layer 2 projects, many of which have only recently debuted, can effectively take transaction data off Ethereum, compress it and post it back onto the original chain for a fraction of the time and cost. So far the the user base is relatively small. But rapid growth is raising expectations that Ethereum will not only be able to ward off competition but that other blockchains might adopt similar scaling solutions. If the technology takes off, networks like Ethereum might only be directly used for very large transactions in the future, with the bulk of activity happening on Layer 2 networks.Read more of this story at Slashdot.

An anonymous reader quotes a report from Motherboard: AVN Stars, a platform where sex workers can sell porn clips, announced on Wednesday that it will no longer allow creators to monetize their content on the site beginning January 1. In a press release, Adult Video News wrote that discrimination from banks forced the decision. "Unfortunately, AVN and GayVN Stars has not been immune to the banking discrimination that so many of our industry friends have also encountered recently," AVN Media Network CEO Tony Rios said in the press release. "We have had numerous corporate accounts shuttered in the past year alone." Throughout December, models can keep selling content as usual. On January 1, however, all content on the site will be free. "We lost probably 16 bank accounts this year. It's just exhausting," Rios told me in a phone call. "The adult industry has always had banking problems. I can think back to losing my first bank account in like, 1996. It's just par for the course. But I think that at this point, the stakes are so much higher, when you're talking 10's of 1000's of creators that really rely on this," he said. "You have these people that sit in these offices that are really disconnected from the banking relationships, that are just looking at patterns of transactions. They see, 'oh you sent $50,000 from here to Europe or whatever, what is this about?' And then they start Googling around and then they figure out it's the adult industry. Depending on that one person's judgment call, [platforms have to] start to tighten things down, and ultimately [banks] shut the account down. And then we just get a letter that says, 'We're sorry, we've made the decision to close your account.'" Some creators who use AVN Stars are angry over how the company went about notifying them of these changes. Nikki Kit, a dominatrix who uses AVN Stars, told Motherboard that the platform sent a direct message to creators on the platform, but only some creators received that message before the announcement was public. Kit said that learning about it this way infuriated her. She said that this is a symptom of a larger problem in the industry. "People outside of the industry don't feel comfortable saying 'hey, what you're doing to these people is wrong,'" she said. "We're hidden away from society because the public is so uncomfortable talking about sex as a whole. Let alone discuss the porn they are viewing, or the health and happiness of the performers they enjoy seeing... I hope that people can get more comfortable discussing sex and sexuality openly, and quickly. Because if people can't even discuss sex or sexuality, how can we discuss the rights of the workers within the sex industry? How many people that watch porn are willing to not only admit that they watch or pay for their porn, but that they believe porn people deserve to be paid for their work?"Read more of this story at Slashdot.

schwit1 shares a report from ScienceAlert: The comet Bernardinelli-Bernstein (BB) -- the largest our telescopes have ever spotted -- is on a journey from the outer reaches of our Solar System that will see it flying relatively close to Saturn's orbit. Now, a new analysis of the data we've collected on BB has revealed something rather surprising. Digging into readings logged by the Transient Exoplanet Survey Satellite (TESS) between 2018 and 2020, researchers have discovered that BB became active much earlier, and much farther out from the Sun, than was previously thought. A comet becomes active when light from the Sun heats its icy surface, turning ice to vapor and releasing trapped dust and grit. The resulting haze, called a coma, can be useful for astronomers in working out exactly what a particular comet is made out of. In the case of BB, it's still too far out for water to sublimate. Based on studies of comets at similar distances, it's likely that the emerging fog is driven instead by a slow release of carbon monoxide. Only one active comet has previously been directly observed at a greater distance from the Sun, and it was much smaller than BB. "These observations are pushing the distances for active comets dramatically farther than we have previously known," says astronomer Tony Farnham, from the University of Maryland (UMD). "We make the assumption that comet BB was probably active even farther out, but we just didn't see it before this. What we don't know yet is if there's some cut-off point where we can start to see these things in cold storage before they become active." The research has been published in the Planetary Science Journal.Read more of this story at Slashdot.

Just two days after officially (and quietly) confirming that it intends to replace the International Space Station with a commercial station by 2030, NASA has awarded over $400 million in agreements to three companies to further develop private station plans. TechCrunch reports: The three companies, which received the awards under the agency's Commercial low Earth orbit (LEO) Destinations program, are: Nanoracks for $160 million; Blue Origin for $130 million; and Northrop Grumman for $125.6 million. NASA received eleven proposals in total, director of commercial spaceflight Phil McAlister said Thursday. He added that of the three chosen proposals, there was a diversity of technical concepts and a variety of logistical and launch vehicle options offered. "This diversity not only enhances the likelihood of success of NASA strategy, but it also leads to a high degree of innovation, which is critical in most commercial space endeavors," he said. The three companies have already released a handful of details about their proposals. Blue Origin is calling its station concept "Orbital Reef," and it is designing it with Boeing, Sierra Space and others. The team said it wants to launch the station in 2027. Meanwhile, Nanoracks is calling its station, which is being developed with its parent company Voyager Space and aerospace prime Lockheed Martin, "Starlab." While Northrop didn't give its station proposal a flashy name, it's working with Dynetics to deliver a modular design based around its Cygnus spacecraft. These substantial awards mark the first phase of a two-phase process as NASA seeks to ensure that there will be no gap between the retirement of the ISS and the introduction of a new station. NASA has repeatedly stressed, both to Congress and more recently in a report by the Office of Inspector General, that the overall success of the development of a thriving economy in LEO is dependent upon avoiding this gap. "If there is no habitable commercial destination in low Earth orbit after the ISS is decommissioned, NASA will be unable to conduct microgravity health research and technology demonstrations needed for long-duration human exploration missions to the Moon and Mars, significantly increasing the risk of -- or delaying -- those missions," the agency said in the report.Read more of this story at Slashdot.

An anonymous reader quotes a report from The Drive: U.S. Space Force's General David Thompson, the service's second in command, said last week that Russia and China are launching "reversible attacks," such as electronic warfare jamming, temporarily blinding optics with lasers, and cyber attacks, on U.S. satellites "every single day." He also disclosed that a small Russian satellite used to conduct an on-orbit anti-satellite weapon test back in 2019 had first gotten so close to an American one that there were concerns an actual attack was imminent. Thompson, who is Vice Chief of Space Operations, disclosed these details to The Washington Post's Josh Rogin in an interview on the sidelines of the Halifax International Security Forum, which ran from Nov. 19 to 21 in Halifax, Nova Scotia, in Canada. The forum opened just four days after a Russian anti-satellite weapon test involving a ground-launched interceptor, which destroyed a defunct Soviet-era electronic intelligence satellite and created a cloud of debris that presents a risk to the International Space Station (ISS). That test drew widespread condemnation, including from the U.S. government, and prompted renewed discussion about potential future conflicts in space. "The threats are really growing and expanding every single day. And it's really an evolution of activity that's been happening for a long time," Thompson, told Rogin. "We're really at a point now where there's a whole host of ways that our space systems can be threatened." "Right now, Space Force is dealing with what Thompson calls 'reversible attacks' on U.S. government satellites (meaning attacks that don't permanently damage the satellites) 'every single day,'" according to Rogin. "Both China and Russia are regularly attacking U.S. satellites with non-kinetic means, including lasers, radio frequency jammers, and cyber attacks, he said." [...] Thompson's assertion that these kinds of attacks are occurring with extreme frequency is new. It underscores the rapid development and fielding by Russia and China, among others, of a wide variety of anti-satellite capabilities, something the U.S. military has called increasing attention to in recent years. "The Chinese are actually well ahead [of Russia]," Thompson told Rogin. "They're fielding operational systems at an incredible rate." "Thompson could not confirm or deny whether any American satellites had actually been damaged in a Russian or Chinese attack," the report adds. "[H]e told Rogin that even if such a thing had occurred, that very fact would be classified." He did, however, provide new details about the incident in 2019 where a small Russian satellite released a projectile in one on-orbit anti-satellite weapon test. According to The Drive, "Russia's satellite had first got in very close to a U.S. 'national security satellite' and that 'the U.S. government didn't know whether it was attacking or not.'" "It maneuvered close, it maneuvered dangerously, it maneuvered threateningly so that they were coming close enough that there was a concern of collision," Thompson said. "So clearly, the Russians were sending us a message."Read more of this story at Slashdot.

Long-time Slashdot reader tinskip shares a report from BleepingComputer: Nickolas Sharp, a former employee of networking device maker Ubiquiti, was arrested and charged today with data theft and attempting to extort his employer while posing as a whistleblower and an anonymous hacker. "As alleged, Nickolas Sharp exploited his access as a trusted insider to steal gigabytes of confidential data from his employer, then, posing as an anonymous hacker, sent the company a nearly $2 million ransom demand," U.S. Attorney Damian Williams said today. "As further alleged, after the FBI searched his home in connection with the theft, Sharp, now posing as an anonymous company whistleblower, planted damaging news stories falsely claiming the theft had been by a hacker enabled by a vulnerability in the company's computer systems." According to the indictment (PDF), Sharp stole gigabytes of confidential data from Ubiquiti's AWS (on December 10, 2020) and GitHub (on December 21 and 22, 2020) infrastructure using his cloud administrator credentials, cloning hundreds of GitHub repositories over SSH. Throughout this process, the defendant tried hiding his home IP address using Surfshark's VPN services. However, his actual location was exposed after a temporary Internet outage. To hide his malicious activity, Sharp also altered log retention policies and other files that would have exposed his identity during the subsequent incident investigation. "Among other things, SHARP applied one-day lifecycle retention policies to certain logs on AWS which would have the effect of deleting certain evidence of the intruder's activity within one day," the court documents read. After Ubiquiti disclosed a security incident in January following Sharp's data theft, while working to assess the scope and remediate the security breach effects he also tried extorting the company (posing as an anonymous hacker). His ransom note demanded almost $2 million in exchange for returning the stolen files and the identification of a remaining vulnerability. The company refused to pay the ransom and, instead, found and removed a second backdoor from its systems, changed all employee credentials, and issued the January 11 security breach notification. After his extortion attempts failed, Sharp shared information with the media while pretending to be a whistleblower and accusing the company of downplaying the incident. This caused Ubiquiti's stock price to fall by roughly 20%, from $349 on March 30 to $290 on April 1, amounting to losses of over $4 billion in market capitalization.Read more of this story at Slashdot.

mrflash818 shares a report from PCMag: To avoid a lawsuit, Donald Trump's social media site is quietly acknowledging the computer code powering the platform comes from Mastodon. Trump's "Truth Social" site now features a dedicated section labeled "open source," which contains a Zip archive to Mastodon's source code. "Our goal is to support the open source community no matter what your political beliefs are. That's why the first place we go to find amazing software is the community and not 'Big Tech,'" the site adds. Truth Social created the section on Nov. 12, two weeks after social networking provider Mastodon threatened to sue Trump's platform for violating its open-source license. Since Mastodon is an open-source software project, anyone can use it for free. But if you do, the software license demands the code and any ensuing modifications to your Mastodon-powered platform be made publicly available, allowing the entire Mastodon community to benefit. (This doesn't include publishing any user data or disclosing admin access, though.) [...] However, it appears the uploaded Zip archive is simply a barebones version of the existing Mastodon source code you can already find on GitHub. The archive itself is only a mere 30MB in size. Nevertheless, Rochko said the Zip archive might "become more interesting" once Truth Social finally launches.Read more of this story at Slashdot.

According to Insider, Google is planning to launch its own in-house smartwatch in 2022. "Two employees said a spring launch was possible if the latest testing round is a success, however all sources stressed that details and timelines were subject to change depending on feedback from employees testing the device," reports Insider. From the report: The device, which is internally codenamed "Rohan," will showcase the latest version of Google's smartwatch software to customers and partners [...]. To date, Google has opted to create software for smartwatches built by partners such as Samsung, but has not made a device of its own. [...] Unlike the Apple Watch, Google's smartwatch is round and has no physical bezel, according to artistic renders viewed by Insider and employees who have seen it. Like Apple's device, it will capture health and fitness metrics. The watch has sometimes been referred to internally as the "Pixel watch" or "Android watch," but executives have used a variety of names to refer to the project and it is unclear what branding Google will land on if and when it launches the device. [...] The Rohan watch has a heart-rate monitor and offers basic health-tracking features such as step counting. In its current form the watch will require daily charging, according to a feedback document seen by Insider. One employee testing the watch lamented the charging was slow. Like the Apple Watch, Google's wearable will also use proprietary watchbands. [...]Read more of this story at Slashdot.

Long-time Slashdot reader Aighearach shares a report from Reuters: President Joe Biden on Thursday laid out his strategy to fight the coronavirus as the highly contagious Omicron spread across the globe with winter coming and hours after the first known U.S. case of community transmission of the variant was reported. [...] In California and Colorado, the patients had recently returned from trips to southern Africa and had not gotten booster doses. The case in Minnesota is the first known community transmission within the United States. The patient in Minnesota had recently travelled to New York City for an anime convention, prompting the city to launch contact tracing to try to contain the spread. "We are aware of a case of the Omicron variant identified in Minnesota that is associated with travel to a conference in New York City, and we should assume there is community spread of the variant in our city," New York City Mayor Bill de Blasio said. The person told state health investigators he attended the Anime NYC 2021 convention at the Javits Center from Nov. 19 to 21 and developed mild symptoms on Nov. 22. How many Slashdot readers were there? Have you had a recent COVID test? As of this writing, CNBC reports a total of five cases of the omicron Covid-19 variant have been confirmed in New York. "Cases were discovered in Suffolk County, two in Queens, one in Brooklyn and one in New York City," the report states, citing Gov. Kathy Hochul.Read more of this story at Slashdot.