Slashdot

Russia's tech workers are looking for safer and more secure professional pastures. By one estimate, up to 70,000 computer specialists, spooked by a sudden frost in the business and political climate, have bolted the country since Russia invaded Ukraine five weeks ago. Many more are expected to follow. From a report: For some countries, Russia's loss is being seen as their potential gain and an opportunity to bring fresh expertise to their own high-tech industries. Russian President Vladimir Putin has noticed the brain drain even in the throes of a war that, according to the U.N. refugee agency, has caused more than 4 million people to flee Ukraine and displaced millions more within the country. This week, Putin reacted to the exodus of tech professionals by approving legislation to eliminate income taxes between now and 2024 for individuals who work for information technology companies. Some people in the vast new pool of high-tech exiles say they are in no rush to return home. An elite crowd furnished with European Union visas has relocated to Poland or the Baltic nations of Latvia and Lithuania. A larger contingent has fallen back on countries where Russians do not need visas: Armenia, Georgia and the former Soviet republics in Central Asia. In normal times, millions of less-skilled laborers emigrate from those economically shaky countries to comparatively more prosperous Russia.Read more of this story at Slashdot.

sciencehabit shares a report from Science.org: Addition and subtraction must be hard for fish, especially because they don't have fingers to count on. But they can do it -- albeit with small numbers -- a new study reveals. By training the animals to use blue and yellow colors as codes for the commands "add one" and "subtract one," respectively, researchers showed fish have the capacity for simple arithmetic. To make the find, researchers at the University of Bonn adopted the design of a similar experiment conducted in bees. They focused on bony cichlids (Pseudotropheus zebra) and cartilaginous stingrays (Potamotrygon motoro), which the lab uses to study fish cognition. In the training phase, the scientists showed a fish in a tank an image of up to five squares, circles, and triangles that were all either blue or yellow. The animals had 5 seconds to memorize the number and color of the shapes; then a gate opened, and the fish had to choose between two doors: one with an additional shape and the other with one fewer shape. The rules were simple: If the shapes in the original image were blue, head for the door with one extra shape; if they were yellow, go for the door with one fewer. Choosing the correct door earned the fish a food reward: pellets for cichlids, and earthworms, shrimp, or mussels for stingrays. Only six of the eight cichlids and four of the eight stingrays successfully completed their training. But those that made it through testing performed well above chance, the researchers report today in Scientific Reports.Read more of this story at Slashdot.

Hundreds of people have lost access to their cryptocurrency, and recovering those lost Bitcoins has become a lucrative business. "Motherboard talks to some of the people trying to get back their crypto, and the people who are making that happen in the newest episode of CRYPTOLAND on YouTube," writes Slashdot reader em1ly. Here's an excerpt from an article accompanying the episode: It's hard to know exactly how much Bitcoin is locked forever in wallets whose owners forgot the password, or in hard drives thrown out. There's plenty of anecdotes of desperate people trying to recover their lost Bitcoin. Chainalysis, a firm that tracks cryptocurrencies to help companies and law enforcement, estimated in 2018 that up to 23% of all Bitcoin is lost forever -- around 3.79 million bitcoins or the equivalent of around $170 billion at today's conversion rate. Naturally, some of the people who own those lost Bitcoin are willing to do anything to get them back. And there's a market for companies or individuals who promise to recover the lost Bitcoin for a fee. There's the mysterious Wallet Recovery Service, run by an anonymous person who goes by DaveBitcoin, or Crypto Asset Recovery, a father and son startup based in New Hampshire. In essence, what these organizations do is try as many password or passphrase combinations as fast as they can -- or as fast as their password cracking software and hardware will allow -- until they get the right one for a specific wallet they're trying to break into. They brute force the password, but they need help from their customers -- some guess, at least, of what their password may have been. Charlie Brooks, the son in the duo that runs Crypto Asset Recovery, told Motherboard that their success rate is 32 percent, without counting those customers that they believe have almost no chance of getting their Bitcoin back (who they decline to take on as clients).Read more of this story at Slashdot.

OneHundredAndTen writes: A recent paper proposes a new way to put together a message for alien intelligent beings. It comes up with an elaborate mechanism to convey information in notably constrained bitmaps, but one can't help but wonder whether it is too elaborate. For example, for 1+1 = 2, the article proposes something far more visually complex than 1+1 = 2, which could also be, with small adjustments, easily coerced to have a representation as a bitmap with the limitations in the article. It is not clear why the representation that the authors are proposing would be easier for aliens to decode and understand than something much closer to 1+1 = 2: either representation would be, well, alien to them. "Calculation of the optimal timing during a given calendar year is specified for potential future transmission from both the Five-hundred-meter Aperture Spherical radio Telescope in China and the SETI Institute's Allen Telescope Array in northern California to a selected region of the Milky Way which has been proposed as the most likely for life to have developed," reads the paper. "These powerful new beacons, the successors to the Arecibo radio telescope which transmitted the 1974 message upon which this expanded communication is in part based, can carry forward Arecibo's legacy into the 21st century with this equally well-constructed communication from Earth's technological civilization."Read more of this story at Slashdot.

An anonymous reader quotes a report from the Guardian: More than two decades after the draft human genome was celebrated as a scientific milestone, scientists have finally finished the job. The first complete, gap-free sequence of a human genome has been published in an advance expected to pave the way for new insights into health and what makes our species unique. Until now, about 8% of the human genome was missing, including large stretches of highly repetitive sequences, sometimes described as "junk DNA." In reality though, these repeated sections were omitted due to technical difficulties in sequencing them, rather than pure lack of interest. Sequencing a genome is something like slicing up a book into snippets of text then trying to reconstruct the book by piecing them together again. Stretches of text that contain a lot of common or repeated words and phrases would be harder to put in their correct place than more unique pieces of text. New "long-read" sequencing techniques that decode big chunks of DNA at once -- enough to capture many repeats -- helped overcome this hurdle. Scientists were able to simplify the puzzle further by using an unusual cell type that only contains DNA inherited from the father (most cells in the body contain two genomes -- one from each parent). Together these two advances allowed them to decode the more than 3 billion letters that comprise the human genome. The science behind the sequencing effort and some initial analysis of the new genome regions are outlined in six papers published in the journal Science.Read more of this story at Slashdot.

slack_justyb writes: After the failure of the Chrome user-tracking system that was called FLoC, Google's latest try at topic tracking to replace the 3rd party cookie (that Chrome is the only browser to still support) is FLEDGE and the most recent drop of Canary has this on full display for users and privacy advocates to dive deeper into. This recent release shows Google's hand that it views user tracking as a mandatory part of internet usage, especially given this system's eye-rolling name of "Privacy Sandbox" and the tightness in the coupling of this new API to the browser directly. The new API will allow the browser itself to build what it believes to be things that you are interested in, based on broad topics that Google creates. New topics and methods for how you are placed into those topics will be added to the browser's database and indexing software via updates from Google. The main point to take away here though is that the topic database is built using your CPU's time. At this time, opting out of the browser building this interest database is possible thus saving you a few cycles from being used for that purpose. In the future there may not be a way to stop the browser from using cycles to build the database; the only means may be to just constantly remove all interest from your personal database. At this time there doesn't seem to be any way to completely turn off the underlying API. A website that expects this API will always succeed in "some sort of response" so long as you are using Chrome. The response may be that you are interested in nothing, but a response none-the-less. Of course, sending a response of "interested in nothing" would more than likely require someone constantly, and timely, clearing out the interest database, especially if at some later time the option to turn off the building of the database is removed. With 82% of Google's empire based on ad revenue, this latest development in Chrome shows that Google is not keen on any moves to threaten their main money maker. Google continues to argue that it is mandatory that it builds a user tracking and advertising system into Chrome, and the company says it won't block third-party cookies until it accomplishes that -- no matter what the final solution may ultimately be. The upshot, if it can be called that, of the FLEDGE API over FLoC, is that abuse of FLEDGE looks to yield less valuable results. And attempting to use the API alone to pick out an individual user via fingerprinting or other methods employed elsewhere seems to be rather difficult to do. But only time will tell if that remains true or just Google idealizing this new API. As for the current timeline, here's what the company had to say in the latest Chromium Blog post: "Starting today, developers can begin testing globally the Topics, FLEDGE, and Attribution Reporting APIs in the Canary version of Chrome. We'll progress to a limited number of Chrome Beta users as soon as possible. Once things are working smoothly in Beta, we'll make API testing available in the stable version of Chrome to expand testing to more Chrome users."Read more of this story at Slashdot.

An anonymous reader quotes a report from Decrypt: When a company like Nike finds someone using its brand without permission, it can ask the courts to order the unauthorized goods to be destroyed. Nike has done this in the past, but its latest trademark lawsuit comes with a twist -- the products it wants to "destroy" are NFTs, which are inscribed permanently on the Ethereum blockchain. The case in question involves Detroit-based StockX, a site that lets people buy and sell used brands, including Nike sneakers. [...] In a complaint filed last month in New York federal court, Nike accused StockX of ripping off its brand in order to cash in on a "gold rush market" for NFTs. As a remedy for StockX's alleged infringement of its trademarks, Nike wants the company to turn over its profits and stop the NFT sneaker sales. It also wants a judge to "order that StockX be required to deliver to Nike for destruction any and all Vault NFTs." According to Alexandra Roberts, a trademark law professor at the University of New Hampshire, it's fairly common for companies to ask to destroy goods that infringe their IP -- there's even a law that entitles them to do that. But whether a court will grant the order is likely to be informed by what the brand owner is looking to destroy. Where do NFTs fit into this? It's an open question since the courts have never had to address it before. And even if the New York court agrees to order the destruction of the StockX NFTs, there's the question of how exactly Nike would go about doing that. Records on the blockchain show that StockX has indeed inscribed the NFTs on Ethereum, which means they are indestructible except in the extremely unlikely event that developers agree to fork the blockchain to get rid of them. According to some, the most practical thing for Nike to do would be to send the NFTs to a so-called burner wallet. This wouldn't destroy them but still achieve the same purpose: "This means that the best outcome for a brand that is seeking to have NFTs destroyed may be to have them sent to a burn address, which still does not actually destroy them but renders them incapable of being transferred anymore," writes the Fashion Law Blog.Read more of this story at Slashdot.

Starting this summer, Samsung says it will sell genuine parts and tools to customers needed to repair its Galaxy S20 and Galaxy S21 smartphones, along with its Galaxy Tab S7+ tablet. Fast Company reports: The company, which is partnering with device repair resource iFixit on the initiative, will also provide access to step-by-step repair guides, and it plans to support more devices and repairs over time. The program is similar to one that Apple announced last fall, allowing users to repair the display, battery, and camera on their iPhones. Samsung says it's launching the program to "promote a circular economy and minimize e-waste," though it's just as likely responding to regulatory pressure. Last year, the Federal Trade Commission (FTC) said it would crack down on illegal repair restrictions, and iFixit expects dozens of states to introduce right-to-repair laws this year. [...] But while phone makers may now feel compelled to supply repair parts and guides to consumers, that doesn't mean the repairs themselves will be any easier. According to iFixit's Galaxy S21 teardown, some repairs involve work that's "unnecessarily sticky and complicated," requiring a heat gun to pry open the display panel and an isopropyl alcohol bath to loosen the "tar pit" around the battery. At least customers brave enough to make those repairs won't have any trouble getting the parts and tools they need.Read more of this story at Slashdot.

According to the Associated Press, Russian troops have left the Chernobyl nuclear power plant after soldiers received "significant doses" of radiation from digging trenches around the closed plant. On February 24, Russians seized control of Chernobyl shortly after declaring their invasion of Ukraine. From the report: Russian forces seized the Chernobyl site in the opening stages of the Feb. 24 invasion, raising fears that they would cause damage or disruption that could spread radiation. The workforce at the site oversees the safe storage of spent fuel rods and the concrete-entombed ruins of the reactor that exploded in 1986. Edwin Lyman, a nuclear expert with the U.S.-based Union of Concerned Scientists, said it "seems unlikely" a large number of troops would develop severe radiation illness, but it was impossible to know for sure without more details. He said contaminated material was probably buried or covered with new topsoil during the cleanup of Chernobyl, and some soldiers may have been exposed to a "hot spot" of radiation while digging. Others may have assumed they were at risk too, he said.Read more of this story at Slashdot.

An anonymous reader quotes a report from 9to5Mac: A major Wyze Cam security flaw easily allowed hackers to access stored video, and it went unfixed for almost three years after the company was alerted to it, says a new report today. Additionally, it appears that Wyze Cam v1 -- which went on sale back in 2017 -- will never be patched, so it will remain vulnerable for as long as it is used. Bleeping Computer reports: "A Wyze Cam internet camera vulnerability allows unauthenticated, remote access to videos and images stored on local memory cards and has remained unfixed for almost three years. The bug, which has not been assigned a CVE ID, allowed remote users to access the contents of the SD card in the camera via a webserver listening on port 80 without requiring authentication. Upon inserting an SD card on the Wyze Cam IoT, a symlink to it is automatically created in the www directory, which is served by the webserver but without any access restrictions." And as if that weren't bad enough, it gets worse. Many people re-use existing SD cards they have laying around, some of which still have private data on them, especially photos. The flaw gave access to all data on the card, not just files created by the camera. Finally, the AES encryption key is also stored on the card, potentially giving an attacker live access to the camera feed. Altogether, Bitdefender security researchers advised the company of three vulnerabilities. It took Wyze six months to fix one, 21 months to fix another, and just under two years to patch the SD card flaw. The v1 camera still hasn't been patched, and as the company announced last year that it has reached end-of-life status, so it appears it never will.Read more of this story at Slashdot.

After previously canceling its in-person E3 2022 event, the ESA has now informed its partners that there will be no digital event equivalent this year either - meaning E3 2022 has fully been canceled. IGN reports: The news broke via a tweet from Razer PR lead Will Powers, who said that an email had been sent out announcing the cancellation of a digital E3 event. IGN has independently verified the contents of the email as well. The ESA had initially planned for an in-person E3 event this year after having no event in 2020 due to COVID-19 and a digital one in 2021. "We will devote all our energy and resources to delivering a revitalized physical and digital E3 experience next summer," said the Entertainment Software Association in an official statement to IGN. "Whether enjoyed from the show floor or your favorite devices, the 2023 showcase will bring the community, media, and industry back together in an all-new format and interactive experience." "We look forward to presenting E3 to fans around the world live from Los Angeles in 2023."Read more of this story at Slashdot.

Blocking access to internet resources requires lots of hardware but due to sanctions, there are fears in Russia that a breakdown in systems operations may be just months away. Andy Maxwell, reporting for TorrentFreak: Russia's invasion of Ukraine has been going on for more than a month. It isn't going to plan. In parallel with the terrible images being shared around the world, Russia is using its infamous site-blocking systems to deny access to websites that dare to challenge the Kremlin's narrative of Putin's 'Special Operation.' Telecoms regulator Roscomnadzor is working harder than ever to maintain its blockades against everything from Google News, Twitter, Facebook, and Instagram, to the thousands of pirate sites and other resources on the country's blacklists. But, like the invasion itself, things aren't going to plan here either. A little over a week ago, local telecoms operators supplying internet access to Russian citizens were ordered to carry out "urgent checks" on their ability to continue blocking sites deemed illegal by the state. ISPs were required to carry out an audit and liaise with telecoms regulator Roscomnadzor. Today is the reporting deadline but according to several sources, problems are apparent in the system. With accurate and critical reporting being all but strangled by the state, it is not absolutely clear who or what ordered the review but the consensus is that prescribed blocking standards aren't being met. As previously reported, local torrent site RuTracker suddenly found itself unblocked earlier this month, reportedly due to issues at an ISP. Problems are also reported with the Roscomnadzor-controlled 'TSPU' Deep Packet Inspection (DPI) system embedded into the networks of around 80 local ISPs and recently used to restrict Tor, VPNs and Twitter traffic.Read more of this story at Slashdot.

The Biden administration is divided over whether to impose sanctions on Kaspersky Lab, a Russian cybersecurity giant that officials warn could be used by the Kremlin as a surveillance tool against its customers, The Wall Street Journal reported Thursday, citing people familiar with the matter. From the report: The White House's National Security Council has pressed the Treasury Department to ready the sanctions as part of the broad Western campaign to punish Russia for its invasion of Ukraine, according to officials familiar with the matter. While Treasury officials have been working to prepare the package, sanctions experts within the department have raised concerns over the size and scope of such a move. The company's software is used by hundreds of millions of customers across the world, making it difficult to enforce the sanctions. In addition, some officials in the U.S. and Europe fear sanctioning Kaspersky Lab will increase the likelihood of triggering a cyberattack against the West by Moscow, even potentially leveraging the software itself. It wasn't clear whether the sanctions would go forward, and one official said the idea had been put on hold for now. The debate reflects how agencies within the Biden administration are weighing in real time options to deliver more economic pain to the Russian economy in response to its invasion of Ukraine.Read more of this story at Slashdot.

European Union lawmakers were set on Thursday to back tougher safeguards for transfers of bitcoin and other cryptocurrencies, in the latest sign that regulators are tightening up on the freewheeling sector. From a report: Two committees in the European Parliament have thrashed out cross-party compromises to be voted on. Crypto exchange Coinbase has warned the rules would usher in a surveillance regime that stifles innovation. The $2.1 trillion crypto sector is still subject to patchy regulation across the world. Concerns that bitcoin and its peers could upset financial stability and be used for crime have accelerated work by policymakers to bring the sector to heel. Under the proposal first put forward last year by the EU's executive European Commission, crypto firms such as exchanges would have to obtain, hold, and submit information on those involved in transfers. That would make is easier to identify and report suspicious transactions, freeze digital assets, and discourage high-risk transactions, said Ernest Urtasun, a Spanish Green Party lawmaker helping to steer the measure through the parliament. The Commission had proposed applying the rule to transfers worth 1,000 euros ($1,116) or more, but under the cross-party agreement this 'de minimis' rule has been scrapped -- meaning all transfers would be in scope.Read more of this story at Slashdot.

Despite the United States and Russia's deteriorating relationship here on Earth, Russia is still considering extending its participation on the International Space Station through 2030, according to NASA. However, it could be a few months before there is a solid update on Russia's official stance. From a report: NASA and Russia's state space corporation, Roscosmos, have been the two largest partners on the International Space Station for the last three decades. The two organizations have agreed to work together on the ISS through 2024, but at the end of last year, the Biden administration announced its intentions to extend the space station program through 2030. Russia has not formally agreed to the extension yet. Roscosmos's participation in the extension started to seem unlikely after Russia invaded Ukraine in February. In response to the war, the United States sanctioned Russia's major industries, which triggered outrage from the head of Roscosmos, Dmitry Rogozin. On Twitter, Rogozin made wild threats about the future of the ISS, insinuating that the station could come crashing down on the United States if Russia withdrew prematurely from the program. He has also hinted at revisiting the partnership with the US in light of the sanctions.Read more of this story at Slashdot.

Texas has started requiring new large-scale cryptocurrency miners to seek permission to connect to the state's power grid in anticipation of a flood of requests expected to drive up electricity demand. From a report: The Electric Reliability Council of Texas is requiring utilities to submit studies on the impact of miners and other large users tapping the grid before they can get "approval to energize," according to a March 25 notice from the state's main grid operator. Ercot members voted Wednesday to form a task force to hash out details of an interim plan that's ultimately meant to protect the grid from being overwhelmed.Read more of this story at Slashdot.

The Hubble Space Telescope has glimpsed the most distant single star it's ever observed, glimmering 28 billion light-years away. And the star could be between 50 to 500 times more massive than our sun, and millions of times brighter. From a report: It's the farthest detection of a star yet, from 900 million years after the big bang. Astronomers have nicknamed the star Earendel, derived from an Old English words that means "morning star" or "rising light." A study detailing the findings published Wednesday in the journal Nature. This observation breaks the record set by Hubble in 2018 when it observed a star that existed when the universe was around four billion years old. Earendel is so distant that the starlight has taken 12.9 billion years to reach us. This observation of Earendel could help astronomers to investigate the early years of the universe. "As we peer into the cosmos, we also look back in time, so these extreme high-resolution observations allow us to understand the building blocks of some of the very first galaxies," said study coauthor Victoria Strait, a postdoctoral research at the Cosmic Dawn Center in Copenhagen, in a statement. "When the light that we see from Earendel was emitted, the Universe was less than a billion years old; only 6% of its current age. At that time it was 4 billion lightyears away from the proto-Milky Way, but during the almost 13 billion years it took the light to reach us, the Universe has expanded so that it is now a staggering 28 billion lightyears away."Read more of this story at Slashdot.

Google is adding a new "highly cited" label to search results frequently sourced by other publications, the company is announcing today. From a report: Anything from local news stories, to interviews, announcements, and even press releases will be eligible for the new label being added to the search result's preview image, so long as other websites are linking to it. More info is also being added to Search's "rapidly evolving topics" and "About this Result" notices. The search giant's hope is that its highly cited label will help highlight original reporting, which can include important context that's stripped out when a story gets picked up more widely. But it should also be helpful to find press releases, where you can get information directly from companies themselves. Google says it hopes the label will help readers find "the most helpful or relevant information for a news story." It'll launch "soon" in the US on mobile for English-speaking users, and will start appearing globally "in the coming weeks."Read more of this story at Slashdot.

As the SEC signals that it wants more oversight of digital asset markets, the industry makes it clear it prefers to be supervised by the smaller CFTC. From a report: It was a classic Washington networking party. Sam Bankman-Fried, the co-founder and chief executive officer of FTX, one of the world's largest crypto trading platforms, held court on a February evening in a private room at the Park Hyatt hotel on the edge of Georgetown. Drinks flowed from an open bar, and hors d'oeuvres were served to the clutch of congressional aides, financial lobbyists, and former regulators. The goal of Bankman-Fried, a 30-year-old billionaire, was to showcase his new lobbying operation -- and to persuade influential Washingtonians that crypto needs more regulation. It may seem strange that a crypto magnate is seeking federal oversight. But as lawmakers and bureaucrats grapple with how to police a fast-growing and risky $2 trillion market, new rules seem inevitable. In March, President Joe Biden signed an executive order calling on federal agencies to work out policies on crypto. Bankman-Fried, whose company last year bought the naming rights to the Miami Heat's basketball arena, is pushing his own ideas of what regulation ought to look like, as well as who his main watchdog should be. He's arguing for a bigger role for the U.S. Commodity Futures Trading Commission. The relatively small agency monitors futures contracts in basic goods such as crude oil, corn, and pork, as well as financial derivatives such as interest-rate swaps. It also oversees U.S. futures and options contracts on the popular cryptocurrencies Bitcoin and Ether. A U.S. affiliate of the Bahamas-based FTX offers such crypto derivatives, so part of its business is already under the CFTC's purview. Bankman-Fried wants Congress to expand the CFTC's authority to cover trading in the coins themselves. Currently, the CFTC only claims jurisdiction over cash token markets in cases of suspected fraud or manipulation that could affect the performance of crypto derivatives. In February testimony to the Senate, he said this lack of clarity is bad for investors and the industry. Other trading platforms are also starting to see the merits of being overseen primarily by the CFTC, say industry leaders who asked not to be named talking about private discussions.Read more of this story at Slashdot.

An anonymous reader quotes a report from ChessBase: The official broadcast of the final rounds of the FIDE Grand Prix Series, an important part of the World Chess Championship cycle, will feature players' heart rate indicator, according to World Chess, the Series organizer. This is the first time when the players' heart rate is measured and displayed in the broadcast of the World Chess Championship cycle event. It will allow spectators to better understand players' emotions and true feelings (as far as they are reflected in the heart rate) -- a rare insight into the psychology of the elite chess players who are trained and especially good at keeping a poker face. By adding a heart rate indicator, World Chess brings a new dimension into chess broadcasting and opens a new page of the way fans follow chess. To accurately measure the heart rate without disturbing the players, World Chess is deploying a bespoke AI technology similar to that used by hospitals to track patients' vitals over video. It's the first time such technology is used in sports broadcasting. AI has been trained to read almost invisible changes in reflections of the skin color that change based on a person's heart rate. The official broadcast of the FIDE Grand Prix is available for free on worldchess.com worldchess.com and on World Chess Youtube and Twitch channels. [...] World Chess will continue developing and using the video heart rate reading technology in future events and broadcasting.Read more of this story at Slashdot.

The Airbus A380 has completed a trial flight powered on cooking oil. CNN reports: The test airplane completed a three-hour flight from Blagnac Airport in Toulouse -- Airbus' French headquarters -- on 25 March. It was powered by Sustainable Aviation Fuel, or SAF -- predominantly made of used cooking oil and waste fats -- and operating on a single Rolls-Royce Trent 900 engine. Airbus then followed up with a second A380 flight, using the same cooking oil fuel, on March 29, flying from Toulouse to Nice. The second flight was to monitor SAF use during take-off and landing. The fuel used was supplied by TotalEnergies, a company based in France's Normandy region. It was made from Hydroprocessed Esters and Fatty Acids (HEFA), which is free of both aromatics and sulfur.Airbus has been testing the use of SAF-powered flights for the last year, with an A350 being tested in March 2021, and an A319neo single-aisle aircraft flying on cooking oil in October. The company hopes to get its aircraft certified to fly on SAF by the end of the decade. Currently, Airbus aircraft can be powered by up to 50% SAF, blended with traditional kerosene. [...] Airbus plans to bring the world's first zero-emission aircraft to market by 2035.Read more of this story at Slashdot.

"Following up on a 2020 submission, more samples and hi-res data have been added to NASA's research-grade Astromaterials 3D site," writes Slashdot reader White Yeti. "I don't see a new/news link, so here's text from the informal release statement." From the release: Astromaterials 3D, the first virtual library of NASA's collections of Apollo Lunar and Antarctic Meteorite samples, is releasing 20 new lunar and meteorite samples to the public this month! This launch also includes the release of an exciting new feature, called NASA Pins, which allows the public to view pre-selected sample characteristics on each rock's surface and within the XCT imagery, in order to share the incredible science these space rocks reveal. Each NASA Pin is curated by NASA Scientists and includes brief explanations about each pinned feature. This launch also includes the highly anticipated public release of the actual high-resolution OBJ files that the Astromaterials 3D team creates for each rock, easily and freely downloadable from every rock's page. Originally launched to the public in December 2020, the Astromaterials 3D Website and Explorer Application continues to grow, offering a dynamic, interactive, and information-rich visualization tool for researchers and the general public. Keep your eye on the site for this exciting forthcoming release: https://ares.jsc.nasa.gov/astromaterials3d/.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: With Russian gamers effectively cut off from purchases on most major gaming platforms due to corporate sanctions against the country, the Russian game developer behind indie darling Loop Hero is encouraging Russian customers to pirate the game. In a Sunday post on Russian social network VK (Google translated version), Loop Hero developer Four Quarters said, "In such difficult times, we can only help everyone to raise the pirate flag (together with vpn)" to get the game. The developer then included a link to a copy of Loop Hero on a popular Russian torrent tracker to aid in that process directly. In a follow-up post the next day (Google translated version), Four Quarters insisted that "we didn't do anything special, there's nothing wrong with torrents." The company also notes that players wanting to offer the developer donations in lieu of buying the game should refrain. "The truth is that everything is fine with us, send this support to your family and friends at this difficult time," they wrote. While players outside of Russia should still be able to purchase Loop Hero on Steam, Valve said earlier this month that banking issues prevented it from sending payments to developers in Russia, Belarus, and Ukraine (ironically enough). Valve recently told PC Gamer that developers in these countries will have to provide "intermediary banking information" in a foreign country to receive the payments they're due. "It's a very frustrating situation, and we hope to find the resolution soon," Valve wrote in a note to affected developers. Russia is reportedly considering legalizing software piracy to combat the sanctions imposed on the country for its invasion of Ukraine.Read more of this story at Slashdot.

Canada is joining the ranks of countries and states planning to ban sales of combustion engine cars. Engadget reports: Canada has outlined an Emissions Reduction Plan that will require all new passenger car sales to be zero-emissions models by 2035. The government will gradually ramp up pressure on automakers, requiring "at least" 20 percent zero-emissions sales by 2026 and 60 percent by 2030. Officials didn't say whether this applied to a make's product mix or simply the volume of cars sold. The strategy is more forgiving for the workplace -- the Canadian government wanted 35 percent of total medium- and heavy-duty vehicle sales to be zero-emissions by 2035, and 100 percent of a "subset" of those machines by 2040. The country is also offering $1.7 billion CAD (about $1.36 billion US) to extend incentives for buying electric cars and other zero-emissions vehicles. The current federal program offers up to a $5,000 CAD ($4,010 US) rebate for EVs, plug-in hybrids and hydrogen fuel cell cars that meet varying price, seat and battery requirements. Some provinces, such as British Columbia and Nova Scotia, offer their own incentives. The broader plan is meant to reduce emissions to 40 to 45 percent below 2005 levels by 2030, and reach net zero by 2050. This includes funds to support renewable energy projects, shrink oil industry emissions and develop "nature-based climate solutions."Read more of this story at Slashdot.

MojoKid writes: Today Intel finally launched its first major foray into discrete GPUs for gamers and creators. Dubbed Intel Arc A-Series and comprised of 5 different chips built on two different Arc Alchemist SoCs, the company announced its entry level Arc 3 Graphics is shipping in market now with laptop OEMs delivering new all-Intel products shortly. The two SoCs set the foundation across three performance tiers, including Arc 3, Arc 5, and Arc 7. For example, Arc A370M arrives today with 8 Xe cores, 8 ray tracing units, 4GB of GDDR6 memory linked to a 64-bit memory bus, and a 1,550MHz graphics clock. Graphics power is rated at 35-50W. However, Arc A770M, Intel's highest-end mobile GPU will come with 32 Xe cores, 32 ray tracing units, 16GB of GDDR 6 memory over a 256-bit interface and with a 1650MHz graphics clock. Doing the math, Arc A770M could be up to 4X more powerful than Arc 370M. In terms of performance, Intel showcased benchmarks from a laptop outfitted with a Core i7-12700H processor and Arc A370M GPU that can top the 60 FPS threshold at 1080p in many games where integrated graphics could come up far short. Examples included Doom Eternal (63 fps) at high quality settings, and Hitman 3 (62 fps), and Destiny 2 (66 fps) at medium settings. Intel is also showcasing new innovations for content creators as well, with its Deep Link, Hyper Encode and AV1 video compression support offering big gains in video upscaling, encoding and streaming. Finally, Intel Arc Control software will offer unique features like Smooth Sync that blends tearing artifacts when V-Synch is turned off, as well as Creator Studio with background blur, frame tracking and broadcast features for direct game streaming services support.Read more of this story at Slashdot.

Russia's omnipresent tech company, which created products ranging from the country's dominant search engine to its biggest ride-hail service, is facing a looming shortage of hardware as U.S. sanctions punish President Vladimir Putin for invading Ukraine. From a report: Yandex NV may run short of the semiconductors needed for the servers it uses to power its business within a year to 18 months because of import restrictions, two people with direct knowledge of the issue said, asking not to be identified in order to speak candidly. Sanctions on dual-use technology, which have both military and commercial uses, have hit its self-driving vehicle unit particularly hard, they said. Yandex has plunged into crisis since Putin began the war Feb. 24, caught between the Kremlin's increasingly harsh internet censorship and a backlash in its key foreign markets. The company's international partnerships are crumbling, two board members resigned, and its number two executive, Tigran Khudaverdyan, was forced to step down after being sanctioned by the European Union. The company's market value has slumped from a record $31 billion in November to $6.8 billion after the invasion began.Read more of this story at Slashdot.

Waymo, Alphabet's self-driving unit, has begun offering its San Francisco employees fully autonomous rides, the company said Wednesday. From a report: Waymo will begin its rider-only operations within its "initial San Francisco service territory," which spans from the Presidio to the farthest corner of Candlestick Point, and gradually ramp up from there. The news comes nearly a month after Waymo said it would soon begin charging Bay Area residents for robotaxi rides with a human operator on board after securing a permit from the California Public Utilities Commission (CPUC). It also follows the kick-off of Waymo's Trusted Tester program back in August, which involved San Franciscans signing up to hail one of Waymo's all-electric Jaguar I-Paces equipped with the Waymo Driver -- again, with a human operator onboard -- for free.Read more of this story at Slashdot.

happy monday writes: Dyson has announced its first wearable product that builds the firm's air purification expertise into a set of Bluetooth noise cancelling headphones aimed at city dwellers wanting to avoid polluted air. Quite unlike anything the company has made before, the Dyson Zone is sure to draw quizzical looks. It is a set of large, plush headphones with a plastic mask-type contraption that connects from ear-to-ear across the wearer's mouth and looks like something out of a sci-fi movie. It delivers purified air to the mouth and nose while simultaneously tackling noise pollution through its active noise cancelling technology. Chief engineer Jake Dyson said: "Air pollution is a global problem -- it affects us everywhere we go. In our homes, at school, at work and as we travel, whether on foot, on a bike or by public or private transport. The Dyson Zone purifies the air you breathe on the move. And unlike face masks, it delivers a plume of fresh air without touching your face." The eyebrow-raising design has a motor, compressor fan and air purifying dual-layer filter in each ear cup. The air is drawn through the filters cleaning it of 99% of particles as small as 0.1 microns, including pollen, bacteria and dust, as well as gas pollutants such as sulphur or nitrogen dioxide. The filtered air is then pushed along the inside of a visor, which sits just in front of the mouth and nose without making contact with the skin, creating a pocket of clean air for the wearer to breathe. The headphones have sensors that detect how fast the wearer is moving, automatically adjusting the airflow between three intensity levels to ensure they deliver up to 5 litres of clean air a second, the equivalent breathing rate of a jog.Read more of this story at Slashdot.

About one-third of U.S. subscribers to Netflix share their login credentials with others, according to new data from Leichtman Research Group. From the report: The research firm's online survey of 4,400 consumers confirms the company's own conclusions in recent years. While 64% of respondents said they pay for and use Netflix only in their own household, 33% indicate some form of sharing. (The remaining 3% are households whose Netflix comes packaged via other subscriptions.) Netflix has about 74 million subscribers in the U.S. and Canada and has penetrated nearly 70% of U.S. broadband homes. With subscription growth flattening in the region of late, Netflix has recently phased in rate increases in order to continue funding its $18 billion in annual programming spending. Earlier this month, Netflix announced a test of monthly fees for password-sharing in three territories outside of the U.S. The rise of password sharing between households, a blog post explained, is âoeimpacting our ability to invest in great new TV and films for our members.âRead more of this story at Slashdot.

A group of attorneys general have asked Snap and TikTok to work more closely with parental control apps and to apply more scrutiny to inappropriate content on their platforms, the latest salvo in a growing fight over child protection between governments and social media companies. From a report: Attorneys general from 43 states and territories said in a letter to executives at the two apps that they were worried the companies were "not taking appropriate steps to allow parents to protect their kids on your platforms." Specifically, the officials said that Snap, which makes the Snapchat app, and TikTok should work more closely with third-party parental control services. Some people have raised concerns that third-party parental controls surveil young people but do little to actually stop them from encountering harmful content. The attorneys general said in the letter, organized by the National Association of Attorneys General, that they were not endorsing a particular parental control product. They also called on the companies to tighten their own parental supervision tools and to do a better job of weeding out content that might be harmful to children. Concerns that popular social media platforms can expose children to posts that are sexualized, hurt their body image or are violent have escalated in recent years. State attorneys general are currently investigating whether Facebook, owned by Meta, and TikTok, part of the Chinese conglomerate ByteDance, have put young people in harm's way. President Biden also called for new online privacy rules for children in his State of the Union speech earlier this month.Read more of this story at Slashdot.

School surveillance companies are not doing enough to determine whether their products unfairly target minority groups, according to a report released by U.S. Senators Elizabeth Warren and Ed Markey. From a report: Democratic senators sent questions to four of the most prominent companies that make education software monitoring students' online activity. The resulting report about their findings said that parents and schools are not fully informed about the extent and risks associated with the tracking software made by GoGuardian, Gaggle.Net, Bark Technologies and Securly. The report also said that because the products could increase students' contact with law enforcement, the software "may be exacerbating the school-to-prison pipeline." Online education during the pandemic led to unprecedented levels of digital surveillance of children, as schools rushed to find ways to keep track of students, Bloomberg Businessweek reported in October. Private equity-backed GoGuardian, officially named Liminex, is one of the most popular makers of education surveillance tools. Its software helps teachers and administrators track what students are doing on school-issued devices, and sometimes personal devices when kids are logged into school accounts. The senators' report says none of the companies has assessed whether their algorithms are biased or track whether they over-target students of color or LGBTQ students. Each of the companies told the senators' offices that they do not study the effects of their products on specific populations due to privacy concerns.Read more of this story at Slashdot.

Several readers have shared this report: Employees with the firm, Targeted Victory, worked to undermine TikTok through a nationwide media and lobbying campaign portraying the fast-growing app, owned by the Beijing-based company ByteDance, as a danger to American children and society, according to internal emails shared with The Washington Post. Targeted Victory needs to "get the message out that while Meta is the current punching bag, TikTok is the real threat especially as a foreign owned app that is #1 in sharing data that young teens are using," a director for the firm wrote in a February email. Campaign operatives were also encouraged to use TikTok's prominence as a way to deflect from Meta's own privacy and antitrust concerns. "Bonus point if we can fit this into a broader message that the current bills/proposals aren't where [state attorneys general] or members of Congress should be focused," a Targeted Victory staffer wrote. The emails, which have not been previously reported, show the extent to which Meta and its partners will use opposition-research tactics on the Chinese-owned, multibillion-dollar rival that has become one of the most downloaded apps in the world, often outranking even Meta's popular Facebook and Instagram apps. In an internal report last year leaked by the whistleblower Frances Haugen, Facebook researchers said teens were spending "2-3X more time" on TikTok than Instagram, and that Facebook's popularity among young people had plummeted. In one email, a Targeted Victory director asked for ideas on local political reporters who could serve as a "back channel" for anti-TikTok messages, saying the firm "would definitely want it to be hands off." In other emails, Targeted Victory urged partners to push stories to local media tying TikTok to dangerous teen trends in an effort to show the app's purported harms. "Any local examples of bad TikTok trends/stories in your markets?" a Targeted Victory staffer asked.Read more of this story at Slashdot.

An anonymous reader quotes a report from NPR: A nearly decade-long scheme to steal millions of dollars of computers and iPads from Yale University's School of Medicine is officially over. Former Yale administrator Jamie Petrone, 42, pleaded guilty Monday in federal court in Hartford, Conn., to two counts of wire fraud and a tax offense for her role in the plot. Petrone's ploy started as far back as 2013 and continued well into 2021 while she worked at the university, according to the U.S. Attorney's Office for the District of Connecticut. Until recently, her role was the director of finance and administration for the Department of Emergency Medicine at Yale. As part of this job, Petrone had the authority to make and authorize certain purchases for the department -- as long as the amount was below $10,000. Starting in 2013, Petrone would order, or have a member of her staff order, computers and other electronics, which totaled to thousands of items over the years, from Yale vendors using the Yale School of Medicine's money. She would then arrange to ship the stolen hardware, whose costs amounted to millions of dollars, to a business in New York, in exchange for money once the electronics were resold. Investigators said Petrone would report on documents to the school that the equipment was for specific needs at the university, like medical studies that ultimately didn't exist. She would break up the fraudulent purchases into orders that were below $10,000 each so that she wouldn't need to get additional approval from school officials. Petrone would ship this equipment out herself to the third-party business that would resell the equipment. It would later pay Petrone by wiring funds into an account of Maziv Entertainment LLC, a company she created. Petrone used the money to live the high life, buy real estate and travel, federal prosecutors say. She bought luxury cars as well. At the time of her guilty pleas, she was in possession of two Mercedes-Benz vehicles, two Cadillac Escalades, a Dodge Charger and a Range Rover. [...] At the time of her guilty plea, she agreed to forfeit the luxury vehicles as well as three homes in Connecticut. A property she owns in Georgia may also be seized. Petrone has also agreed to forfeit more than $560,000 that was seized from the Maziv Entertainment LLC bank account. Federal prosecutors say the loss to Yale totals approximately $40,504,200.Read more of this story at Slashdot.

schwit1 shares a report from EurekAlert: A nitrogen doped carbon-coated nickel anode can catalyze an essential reaction in hydrogen fuel cells at a fraction of the cost of the precious metals currently used, Cornell University researchers have found. The new discovery could accelerate the widespread use of hydrogen fuel cells, which hold great promise as efficient, clean energy sources for vehicles and other applications. It's one of a string of discoveries for the Hector D. Abruna lab in their ongoing search for active, inexpensive, durable catalysts for use in alkaline fuel cells. Recent experiments with nonprecious-metal HOR electrocatalysts needed to overcome two major challenges, the researchers wrote: low intrinsic activity from too strong a hydrogen binding energy, and poor durability due to rapid passivation from metal oxide formation. To overcome these challenges, the researchers designed a nickel-based electrocatalyst with a 2 nanometer shell made of nitrogen-doped carbon. Their hydrogen fuel cell has an anode (where hydrogen is oxidized) catalyst consisting of a solid nickel core surrounded by the carbon shell. When paired with a cobalt-manganese cathode (where oxygen is reduced), the resulting completely precious-metal-free hydrogen fuel cell outputs more than 200 milliwatts per square centimeter. The presence of nickel oxide species on the surface of the nickel electrode slows the hydrogen oxidation reaction dramatically, Abruna said. The nitrogen-doped carbon coating serves as a protection layer and enhances the HOR kinetics, making the reaction quicker and much more efficient. In addition, the presence of the graphene coating on the nickel electrode prevents the formation of nickel oxides -- resulting in electrodes with dramatically enhanced lifetimes. These electrodes are also much more tolerant to carbon monoxide, which rapidly poisons platinum. The study has been published in the journal Proceedings of the National Academy of Sciences.Read more of this story at Slashdot.

InfiniteZero shares a report from Space.com: Last Wednesday (March 23), NASA astronaut Raja Chari and the European Space Agency's Matthias Maurer spent nearly seven hours outside the International Space Station, performing a variety of maintenance work. Amazingly, astrophotographer Sebastian Voltmer managed to capture a snapshot of the spacewalk action from the ground -- and from Maurer's hometown of Sankt Wendel, Germany, no less. "I feel like I just made a once-in-a-lifetime image," Voltmer wrote at SpaceWeather.com, which featured the photo in its online gallery.Read more of this story at Slashdot.

Greenpeace and other environmental groups launched a new campaign today to push the Bitcoin network to slash its growing greenhouse gas emissions. The Verge reports: The goal of the campaign, dubbed "Change the code, not the climate," is to switch up the energy-hungry process of verifying transactions and mining new Bitcoins. [...] In order to validate transactions, Bitcoin miners rely on specialized hardware to solve complex puzzles. Their computers gobble up a lot of energy in the process, and the miners get new tokens in return. It's a process called "proof of work," in which the energy used is sort of the price paid to verify transactions. The process is deliberately energy-intensive as a safety measure. The baked-in inefficiency is meant to discourage bad actors from manipulating the data because it would cost a lot of energy to do so. The new campaign aims to move Bitcoin away from that energy-hungry proof of work process. The most popular alternative is called proof of stake. Cryptocurrencies that use proof of stake use vastly less energy because there are no puzzles to solve. Instead of essentially paying with electricity to participate in the process, you have to offer up some of your own tokens. This is supposed to prove that you have a "stake" in keeping the ledger accurate. If you mess anything up, you lose tokens as a penalty. While proof of stake might make solve a lot of Bitcoin's pollution problems, experts have been skeptical that miners would be willing to make the change. Miners invest a lot in their hardware and would be hard-pressed to abandon it. And some fans of proof of work maintain that it's the most secure way to maintain the ledger. "We know Bitcoin stakeholders are incentivized not to change," the campaign acknowledges on its website. "Changing Bitcoin would render a whole lot of expensive infrastructure worthless, meaning Bitcoin stakeholders will need to walk away from sunk costs -- or find other creative solutions." As the Guardian notes, the campaign is launching a huge digital advertising push via the Wall Street Journal, New York Times, Marketwatch, Politico, Facebook and others. "Organizers are also taking legal action against proposed mining sites and using their large memberships to push bitcoin's biggest investors and influencers to call for a code change." Additionally, the campaign is urging people to tweet at cryptocurrency influencers to support the campaign.Read more of this story at Slashdot.

"The Massachusetts Institute of Technology announced it will once again require applicants to take the SAT or ACT, reversing a Covid-era policy that made the standardized tests optional and rejecting the idea that the tests hurt diversity," reports CNN. An anonymous reader shares an excerpt from a blog post announcing the decision, writing: From the policy announcement, there's an excess of delicacy -- to the point where you might find it funny or terribly disturbing: "Our research can't explain why these tests are so predictive of academic preparedness for MIT, but we believe it is likely related to the centrality of mathematics -- and mathematics examinations -- in our education. All MIT students, regardless of intended major, must pass two semesters of calculus, plus two semesters of calculus-based physics [...]. The substance and pace of these courses are both very demanding, and they culminate in long, challenging final exams that students must pass to proceed with their education. In other words, there is no path through MIT that does not rest on a rigorous foundation in mathematics, and we need to be sure our students are ready for that as soon as they arrive." Did the entire admissions department threaten to quit? Or did the incoming class turn out to be morons? "Our research shows standardized tests help us better assess the academic preparedness of all applicants, and also help us identify socioeconomically disadvantaged students who lack access to advanced coursework or other enrichment opportunities that would otherwise demonstrate their readiness for MIT," Dean of Admissions Stu Schmill wrote in the policy announcement. "We believe a requirement is more equitable and transparent than a test-optional policy." A number of elite schools, including Harvard and University of California, announced plans to stop using the SAT and ACT college admissions exams. Last May, Colorado became the first state to ban "legacy" admissions and signed a bill that removes a requirement that public colleges consider SAT or ACAT scores for freshmen.Read more of this story at Slashdot.

"Ukrainian special forces teamed up with IT professionals on ATV four-wheelers to target the infamous Kiev convoy," writes longtime Slashdot reader darkseid. "Every Help Desk Geek's Walter Mitty fantasy!" The Guardian reports: One week into its invasion of Ukraine, Russia massed a 40-mile mechanized column in order to mount an overwhelming attack on Kyiv from the north. But the convoy of armored vehicles and supply trucks ground to a halt within days, and the offensive failed, in significant part because of a series of night ambushes carried out by a team of 30 Ukrainian special forces and drone operators on quad bikes, according to a Ukrainian commander. The drone operators were drawn from an air reconnaissance unit, Aerorozvidka, which began eight years ago as a group of volunteer IT specialists and hobbyists designing their own machines and has evolved into an essential element in Ukraine's successful David-and-Goliath resistance. [...] The unit's commander, Lt Col Yaroslav Honchar, gave an account of the ambush near the town of Ivankiv that helped stop the vast, lumbering Russian offensive in its tracks. He said the Ukrainian fighters on quad bikes were able to approach the advancing Russian column at night by riding through the forest on either side of the road leading south towards Kyiv from the direction of Chernobyl. The Ukrainian soldiers were equipped with night vision goggles, sniper rifles, remotely detonated mines, drones equipped with thermal imaging cameras and others capable of dropping small 1.5kg bombs. "This one little unit in the night destroyed two or three vehicles at the head of this convoy, and after that it was stuck. They stayed there two more nights, and [destroyed] many vehicles," Honchar said. The Russians broke the column into smaller units to try to make headway towards the Ukrainian capital, but the same assault team was able to mount an attack on its supply depot, he claimed, crippling the Russians' capacity to advance. "The first echelon of the Russian force was stuck without heat, without oil, without bombs and without gas. And it all happened because of the work of 30 people," Honchar said. "The Aerorozvidka unit also claims to have helped defeat a Russian airborne attack on Hostomel airport, just north-west of Kyiv, in the first day of the war," adds the Guardian. Similar to the convoy ambush, they "[used] drones to locate, target and shell about 200 Russian paratroopers concealed at one end of the airfield."Read more of this story at Slashdot.

theodp shares a report from Chicago Sun-Times, written by Frank Main: When the school system [Chicago Public Schools] shifted to having students learn remotely in the spring of 2020 near the beginning of the pandemic, it lent students iPads, MacBooks and Windows computer devices so they could do school work and attend virtual classes from home. CPS then spent about $165 million to buy Chromebook desktop computers so that every student from kindergarten through senior year in high school who needed a computer could have one. Students borrowed 161,100 Chromebooks in September 2020. By June 2021, more than 210,000 of those devices had been given out. Of them, nearly 40,000 Chromebooks have been reported lost -- nearly a fifth of those that were lent. "Schools have made repeated efforts to recover the lost devices from families without success," according to a written statement from CPS officials in response to questions about the missing school property. Also missing are more than 9,600 iPads, 114 televisions, 1,680 printers and 1,127 audiovisual projectors, among many other items. Officials say CPS has bought new computer devices to replace the missing ones. Longtime Slashdot reader theodp notes that "there were 340,658 students enrolled in the Chicago Public Schools (CPS) at the start of the 2020-2021 school year."Read more of this story at Slashdot.

An anonymous reader quotes a report from ZDNet: The Log4Shell vulnerability is being actively exploited to deliver backdoors and cryptocurrency miners to vulnerable VMware Horizon servers. On Tuesday, Sophos cybersecurity researchers said the attacks were first detected in mid-January and are ongoing. Not only are backdoors and cryptocurrency miners being deployed, but in addition, scripts are used to gather and steal device information. Log4Shell is a critical vulnerability in Apache Log4J Java logging library. The unauthenticated remote code execution (RCE) vulnerability was made public in December 2021 and is tracked as CVE-2021-44228 with a CVSS score of 10.0. According to Sophos, the latest Log4Shell attacks target unpatched VMware Horizon servers with three different backdoors and four cryptocurrency miners. The attackers behind the campaign are leveraging the bug to obtain access to vulnerable servers. Once they have infiltrated the system, Atera agent or Splashtop Streamer, two legitimate remote monitoring software packages, may be installed, with their purpose twisted into becoming backdoor surveillance tools. The other backdoor detected by Sophos is Silver, an open source offensive security implant released for use by pen testers and red teams. Sophos says that four miners are linked to this wave of attacks: z0Miner, JavaX miner, Jin, and Mimu, which mine for Monero (XMR). Previously, Trend Micro found z0Miner operators were exploiting the Atlassian Confluence RCE (CVE-2021-26084) for cryptojacking attacks. A PowerShell URL connected to this both campaigns suggests there may also be a link, although that is uncertain. [...] In addition, the researchers uncovered evidence of reverse shell deployment designed to collect device and backup information.Read more of this story at Slashdot.

Apple Stores and Apple Authorized Service Providers will now be alerted if an iPhone has been reported as missing in the GSMA Device Registry when a customer brings in the device to be serviced, according to an internal memo obtained by MacRumors. From the report: If an Apple technician sees a message in their internal MobileGenius or GSX systems indicating that the device has been reported as missing, they are instructed to decline the repair, according to Apple's memo shared on Monday. The new policy should help to reduce the amount of stolen iPhones brought to Apple for repair. The GSMA Device Registry is a global database designed for customers to report their devices as missing in the event of loss or theft. The report notes that Apple Stores and Apple Authorized Service Providers "are already unable to service an iPhone if the customer cannot disable Find My iPhone."Read more of this story at Slashdot.

"I've been teaching college English for more than 30 years," writes Elisabeth Gruner, a professor of English at the University of Richmond. "Four years ago, I stopped putting grades on written work, and it has transformed my teaching and my students' learning. My only regret is that I didn't do it sooner." The practice she's adopted is called "ungrading," where students are given formative rather than summative feedback. "At the end of the semester they submit a portfolio of revised work, along with an essay reflecting on and evaluating their learning," writes Gruner. "Like most people who ungrade, I reserve the right to change the grade that students assign themselves in that evaluation. But I rarely do, and when I do, I raise grades almost as often as I lower them." Here's here reasoning (via The Conversation): I stopped putting grades on written work for three related reasons -- all of which other professors have also cited as concerns. First, I wanted my students to focus on the feedback I provided on their writing. I had a sense, since backed up by research, that when I put a grade on a piece of writing, students focused solely on that. Removing the grade forced students to pay attention to my comments. Second, I was concerned with equity. For almost 10 years I have been studying inclusive pedagogy, which focuses on ensuring that all students have the resources they need to learn. My studies confirmed my sense that sometimes what I was really grading was a student's background. Students with educational privilege came into my classroom already prepared to write A or B papers, while others often had not had the instruction that would enable them to do so. The 14 weeks they spent in my class could not make up for the years of educational privilege their peers had enjoyed. Third, and I admit this is selfish: I hate grading. I love teaching, though, and giving students feedback is teaching. I am happy to do it. Freed from the tyranny of determining a grade, I wrote meaningful comments, suggested improvements, asked questions and entered into a dialogue with my students that felt more productive -- that felt, in short, more like an extension of the classroom.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Some Internet traffic in and out of Twitter on Monday was briefly funneled through Russia after a major ISP in that country misconfigured the Internet's routing table, network monitoring services said. The mishap lasted for about 45 minutes before RTCOMM, a leading ISP in Russia, stopped advertising its network as the official way for other ISPs to connect to the widely used Twitter IP addresses. Even before RTCOMM dropped the announcement, safeguards prevented most large ISPs from abiding by the routing directive. A visualization of what the event looked like is illustrated on this page from BGPStream. Doug Madory, the director of Internet analysis at network analytics company Kentik, said that what little information is known about Monday's BGP event suggests that the event was the result of the Russian government attempting to block people inside the country from accessing Twitter. Likely by accident, one ISP made those changes apply to the Internet as a whole. "There are multiple ways to block traffic to Twitter," Madory explained in an email. "Russian telecoms are on their own to implement the government-directed blocks, and some elect to use BGP to drop traffic to certain IP ranges. Any network that accepted the hijacked route would send their traffic to this range of Twitter IP space into Russia -- where it likely was just dropped. It is also possible that they could do a man-in-the-middle and let the traffic continue on to its proper destination, but I don't think that is what happened in this case."Read more of this story at Slashdot.

Companies are offering interest-free advances to people with poor credit in exchange for detailed personal data. Wired: Tulloch [Editor's note: the anecdote character in the story] is one of a growing number of US workers turning their personal data over to private companies in exchange for paycheck advances, fueling an industry potentially worth up to $12 billion, by some estimates. In 2020, $9.5 billion in wages were accessed early, according to the research firm Aite-Novarica Group, up from $6.3 billion in 2019. These early payouts can be habit-forming; a 2021 report from the Financial Health Network found that more than 70 percent of pay advance users took out consecutive advances. What Tulloch didn't know was that when he signed up for the app, a company called Argyle was retrieving the data that would be used to decide how much money to give him. It builds the technology that allows companies like B9 to extract a wealth of data from payroll accounts -- up to 140 data points. These can include shifts worked, time off, earnings and promotions history, health care and retirement contributions, even reputational markers like on-time rate or a gig worker's star rating and deactivation history. For every worker that uses its product, Argyle charges customers like B9 a fee, plus an additional monthly charge for continuous monitoring. This makes for a valuable data trove; it's further upstream than banking data, providing a fuller picture of a worker's earnings, deductions, and behavior. Some estimate that payroll data could be worth $10 billion. Argyle pegs it at 10 times higher. Argyle is part of an emerging set of payroll data companies founded over the last four years to cash in on workers' personal information. They build secure connections between payroll providers like Paychex and businesses that want to access that data, like B9. Argyle acts like a courier, shuttling data from one account to another, the same way banking data is transmitted to apps like Venmo. Its competitors include Atomic, Pinwheel, Truv, and Plaid (which builds those bank integrations but recently began releasing payroll products). The data that workers provide can be used to underwrite financial products like loans, mortgages, insurance policies, and buy-now-pay-later apps; simplify direct deposit switching; or verify income and employment for apartment and job applications.Read more of this story at Slashdot.

The Federal Trade Commission sued Intuit in federal court on Monday, claiming it has deceived customers for years by marketing its TurboTax software as free and then charging most users when they file their income taxes. From a report: Around 56 million people filed their taxes with TurboTax in 2021, according to an Inuit shareholder presentation in January. Those individuals filed 54 million W-2 and 40 million 1099 tax forms, the company said. The FTC sued Intuit in U.S. District Court for the Northern District of California, asking for an immediate halt to its "bogus" advertising as taxpayers rush to meet the April 18 deadline to file their 2021 income taxes. The agency also issued a parallel administrative complaint on Monday. That proceeding will determine whether Intuit's conduct violated the FTC Act, the lawsuit said. Much of Intuit's advertising tells consumers they can file their income taxes for free online using TurboTax, but that's not true for most users, including independent contractors in the gig economy who get a 1099 tax form, the FTC said.Read more of this story at Slashdot.

The Chrome team: The Chrome team is delighted to announce the promotion of Chrome 100 to the stable channel for Windows, Mac and Linux. Chrome 100 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks. Chrome 100.0.4896.60 contains a number of fixes and improvements -- a list of changes is available in the log.Read more of this story at Slashdot.

Existence of volcanoes makes idea that dwarf planet is inert ball of ice look increasingly improbable. From a report: Strung out in the icy reaches of our solar system, two peaks that tower over the surface of the dwarf planet Pluto have perplexed planetary scientists for years. Some speculated it could be an ice volcano, spewing out not lava but vast quantities of icy slush -- yet no cauldron-like caldera could be seen. Now a full analysis of images and topographical data suggests it is not one ice volcano but a merger of many -- some up to 7,000 metres tall and about 10-150km across. Their discovery has reignited another debate: what could be keeping Pluto warm enough to support volcanic activity? Sitting at the southern edge of a vast heart-shaped ice sheet, these unusual surface features were initially spotted when Nasa's New Horizons spacecraft flew past in July 2015, providing the first close-up images of the icy former planet and its moons. "We were instantly intrigued by this area because it was so different and striking-looking," said Dr Kelsi Singer, a New Horizons co-investigator and deputy project scientist at Southwest Research Institute in Boulder, Colorado. "There are these giant broad mounds, and then this hummocky-like, undulating texture superimposed on top; and even on top of that there's a smaller bouldery kind of texture." At the time, an ice volcano seemed like the least-weird explanation for these features -- there were no impact craters from asteroids or meteors nearby, suggesting these features had been erased by relatively recent geological events; and no evidence of plate tectonics -- a key contributor to mountain formation on Earth.Read more of this story at Slashdot.

Russia's biggest internet company has embedded code into apps found on mobile devices that allows information about millions of users to be sent to servers located in its home country. From a report: The revelation relates to software created by Yandex that permits developers to create apps for devices running Apple's iOS and Google's Android, systems that run the vast majority of the world's smartphones. Yandex collects user data harvested from mobiles, before sending the information to servers in Russia. Researchers have raised concerns the same "metadata" may then be accessed by the Kremlin and used to track people through their mobiles. Researcher Zach Edwards first made the discovery regarding Yandex's code as part of an app auditing campaign for Me2B Alliance, a non-profit. Four independent experts ran tests for the Financial Times to verify his work. Yandex has acknowledged its software collects "device, network and IP address" information that is stored "both in Finland and in Russia," but it called this data "non-personalised and very limited." It added: "Although theoretically possible, in practice it is extremely hard to identify users based solely on such information collected. Yandex definitely cannot do this." The revelations come at a critical time for Yandex, often referred to as "Russia's Google," which has long attempted to chart an independent path without falling foul of Russian president Vladimir Putin's desire for greater control of the internet. The company said it followed "a very strict" internal process when dealing with governments: "Any requests that fail to comply with all relevant procedural and legal requirements are turned down."Read more of this story at Slashdot.

A cryptocurrency affiliated with the popular free-to-play blockchain game Axie Infinity has been hacked in one of the largest crypto heists in history. From a report: The Ronin network is a blockchain launched in February 2021 to make interacting with the Ethereum-based Axie Infinity a little less costly. Whereas doing anything at all on Ethereum costs fees, Ronin allows 100 free transactions per day, per user. Axie Infinity is popular in the Philippines, for example, where users work playing the game in exchange for tokens, often on behalf of individuals or firms that may employ dozens or hundreds of so-called "scholars." In a blog post published on Tuesday, Ronin revealed it had fallen victim to a security breach that has drained half a billion dollars in crypto. Hackers were able to exploit the Ronin bridge and make off with 173,600 ETH (worth about $591,242,019) and $25.5 million worth of the stablecoin USDC in two separate transactions by taking over the blockchain's validator nodes. Validator nodes verify and approve transactions in Ronin's Proof-of-Authority (PoA) model, which differs from the decentralized mining and approval process employed by Bitcoin. Ronin has nine validator nodes, five of which were needed to approve any particular deposit or withdrawal. According to the blog, the hackers "used hacked private keys in order to forge fake withdrawals." The attackers found a backdoor in the gas-free RPC node run by Sky Mavis -- the company that owns Axie Infinity -- allowing them to gain control over a validator node linked to the Axie DAO after it helped Sky Mavis distribute free transactions in November 2021 during an overload of users, according to the Ronin blog post. With Axie DAO's validator node and the four controlled by Sky Mavis, the attackers were able to approve the two transactions.Read more of this story at Slashdot.

Microsoft is finally making it easier to change your default browser in Windows 11. A new update (KB5011563) has started rolling out this week that allows Windows 11 users to change the default browser with a single click. After testing the changes in December, this new one-click method is rolling out to all Windows 11 users. From a report: Originally, Windows 11 shipped without a simple button to switch default browsers that was always available in Windows 10. Instead, Microsoft forced Windows 11 users to change individual file extensions or protocol handlers for HTTP, HTTPS, .HTML, and .HTM, or you had to tick a checkbox that only appeared when you clicked a link from outside a browser. Microsoft defended its decision to make switching defaults harder, but rival browser makers like Mozilla, Brave, and even Google's head of Chrome criticized Microsoft's approach.Read more of this story at Slashdot.