SpzToid writes: U.S. government officials are adding data from as many as 10,000 electronic devices each year to a massive database they've compiled from cellphones, iPads and computers seized from travelers at the country's airports, seaports and border crossings, leaders of Customs and Border Protection told congressional staff in a briefing this summer. The rapid expansion of the database and the ability of 2,700 CBP officers to access it without a warrant -- two details not previously known about the database -- have raised alarms in Congress about what use the government has made of the information, much of which is captured from people not suspected of any crime. CBP officials told congressional staff the data is maintained for 15 years. Details of the database were revealed Thursday in a letter to CBP Commissioner Chris Magnus from Sen. Ron Wyden (D-Ore.), who criticized the agency for "allowing indiscriminate rifling through Americans' private records" and called for stronger privacy protections. The revelations add new detail to what's known about the expanding ways that federal investigators use technology that many Americans may not understand or consent to. Agents from the FBI and Immigration and Customs Enforcement, another Department of Homeland Security agency, have run facial recognition searches on millions of Americans' driver's license photos. They have tapped private databases of people's financial and utility records to learn where they live. And they have gleaned location data from license-plate reader databases that can be used to track where people drive.Read more of this story at Slashdot.
Blade Runner 2099, Amazon Studios' live-action series set in the Blade Runner universe, has been picked up to series for Prime Video. From a report: Ridley Scott, who directed the original 1982 Blade Runner movie, is executive producing the series, a follow-up to the feature film sequel Blade Runner 2049, which was released in 2017 and directed by Denis Villeneuve. Silka Luisa (Shining Girls) wrote the script and is exec producing Blade Runner 2099, which comes from Alcon Entertainment in association with Scott Free Productions and Amazon Studios. The project, which marks the first Blade Runner live-action series, had been in priority development at Amazon Studios. "The original Blade Runner, directed by Ridley Scott, is considered one of the greatest and most influential science-fiction movies of all time, and we're excited to introduce Blade Runner 2099 to our global Prime Video customers," said Vernon Sanders, head of global television, Amazon Studios. "We are honored to be able to present this continuation of the Blade Runner franchise, and are confident that by teaming up with Ridley, Alcon Entertainment, Scott Free Productions, and the remarkably talented Silka Luisa, Blade Runner 2099 will uphold the intellect, themes, and spirit of its film predecessors." As indicated by Blade Runner 2099's title, the latest installment of the neo-noir sci-fi franchise will be set 50 years after the 2017 film sequel, which was set in 2049.Read more of this story at Slashdot.
The US Consumer Financial Protection Bureau released a sweeping report warning that the burgeoning "buy now, pay later" industry needs fresh regulation to address industry practices. From a report: CFPB Director Rohit Chopra said he's ordered staff to identify surveillance policies in the industry that need to be curtailed, including the collection of consumers' purchase and demographic data for targeted ads. Buy-now, pay-later providers will also have to undergo supervisory examinations similar to those applied to credit-card companies. "It might involve some new rules, some new guidance -- and more to come on that," Chopra said in an interview on Bloomberg Television's "Balance of Power With David Westin" after the report was released, adding that he asked CFPB staff to come up with a range of options to make sure there is fair competition between buy-now, pay-later firms and the credit-card companies. "We want to make sure to take steps to prevent harm before it spreads." The proposals would mark the most extensive regulations yet to hit the sector, which has exploded in popularity in recent years by offering consumers ways to split purchases into smaller installments, often without charging interest. Instead, providers make most of their money by charging merchants a fee each time a consumer uses the product at checkout.Read more of this story at Slashdot.
TikTok repeatedly declined to commit to US lawmakers on Wednesday that the short-form video app will cut off flows of US user data to China, instead promising that the outcome of its negotiations with the US government "will satisfy all national security concerns." From a report: Testifying before the Senate Homeland Security Committee, TikTok Chief Operating Officer Vanessa Pappas first sparred with Sen. Rob Portman over details of TikTok's corporate structure before being confronted -- twice -- with a specific request. "Will TikTok commit to cutting off all data and data flows to China, China-based TikTok employees, ByteDance employees, or any other party in China that might have the capability to access information on US users?" Portman asked. The question reflects bipartisan concerns in Washington about the possibility that US user data could find its way to the Chinese government and be used to undermine US interests, thanks to a national security law in that country that compels companies located there to cooperate with data requests. US officials have expressed fears that China could use Americans' personal information to identify useful potential agents or intelligence targets, or to inform future mis- or disinformation campaigns. TikTok does not operate in China, Pappas said, though it does have an office in China. TikTok is owned by ByteDance, whose founder is Chinese and has offices in China. [...] Pappas affirmed in Wednesday's hearing that the company has said, on record, that its Chinese employees do have access to US user data. She also reiterated that TikTok has said it would "under no circumstances ... give that data to China" and denied that TikTok is in any way influenced by China. However, she avoided saying whether ByteDance would keep US user data from the Chinese government or whether ByteDance may be influenced by China.Read more of this story at Slashdot.
President Joe Biden on Thursday signed an executive order that administration officials say aims to sharpen the national security considerations taken in the federal government's review process for foreign investment in the United States. From a report: Administration officials said the the order will bolster oversight by the Committee on Foreign Investment in the United States, an interagency group tasked with reviewing deals and mergers involving foreign people and entities. The committee, known as CFIUS, is made up of members of the departments of State, Defense, Justice, Commerce, Energy and Homeland Security and is led by the Treasury secretary. It sends its findings and a recommendation to the president, who has the power to suspend or prohibit a deal. While the White House said the new order is not targeted toward any particular country, it comes amid growing concern among U.S. officials about China's investments in the U.S. technology sector and other industries. The order calls for CFIUS to weigh whether a foreign investment or sale could affect the resilience of critical U.S. supply chains and the impact it could have on U.S. technological leadership in areas affecting U.S. national security and on broader investment trends.Read more of this story at Slashdot.
Craig Wright told a Norwegian court on Wednesday that he "stomped on the hard drive" that contained the "key slices" required to grant him access to Satoshi Nakamoto's private keys, making it "incredibly difficult" to cryptographically prove he is the creator of Bitcoin -- a title he has claimed but failed to prove since 2016. From a report: Wright's inability to back up his claims with acceptable evidence is the issue at the center of his trial in Norway, one of two simultaneous legal battles between Wright and crypto Twitter personality Hodlonaut (real name Magnus Granath) over a series of tweets Hodlonaut -- then, a public school teacher with roughly 8,000 Twitter followers -- wrote in March 2019, deeming Wright a pretender and calling him a "scammer" and a "fraud." Wright previously attempted to prove he was Satoshi in 2016 by demonstrating "proof" that he controlled Satoshi's private keys -- first, in private "signing sessions" with Bitcoin developer Gavin Andresen and former Bitcoin Foundation Director Jon Matonis (Andresen later said he'd been "bamboozled" by Wright and Matonis went on to work for a company owned by Wright), and later, in a public blog post offering "proof" that was thoroughly debunked by several well-known cryptography experts. In Norway, however, Wright is no longer attempting to convince the court he is Satoshi with cryptographic evidence -- partly because he claims to have intentionally destroyed his only proof shortly after attempting suicide in May 2016, following his signing session with Andresen, and partly because he now claims cryptographic proof is inconclusive and that "identity is not related to keys."Read more of this story at Slashdot.
Roger Federer, the 20-time major winner whose ruthless artistry defined an era of tennis, announced his retirement on Thursday. From a report: "I am 41 years old, I've played more than 1,500 matches over 24 years, and tennis has treated me more generously than I ever would have dreamt," Federer said in a video on social media, "and now I must recognize when it is time to end my competitive career." For so much of that career, Federer seemed as if he would go down as the all-time men's leader for Grand Slam titles. He rounded past his idol Pete Sampras with his 15th major championship in 2009 and topped the list until 2022. But by then, his career had become inextricably linked to the other members of tennis's Big Three, Rafael Nadal and Novak Djokovic. As Federer struggled with injuries in recent years, Nadal overtook his tally at this year's Australian Open and now sits in first place with 22 major titles, having also won Roland-Garros this year. Djokovic is also ahead of Federer with 21, following his win this year at Wimbledon. Federer, who will say goodbye at the Laver Cup exhibition in London next week, underwent knee surgery last year in the faint hope of returning to the pro circuit for a last hurrah. But as the recovery dragged and tennis kept speeding up, the Swiss master shotmaker realized it was time to call it a day. The man who once looked untouchable now retires in third place on the list of men's major championships. His dizzying final scorecard reads: eight Wimbledon championships, six Australian Opens, five U.S. Opens, and one Roland-Garros. He picked up 103 titles on tour, one Olympic doubles gold medal for Switzerland, and at one point spent a record 237 straight weeks as the No. 1 ranked player in the world. It earned him $130,594,339 in prize money alone, according to the ATP Tour.Read more of this story at Slashdot.
The world has never been in a better position to end the COVID-19 pandemic, the head of the World Health Organization said on Wednesday, his most optimistic outlook yet on the years-long health crisis which has killed over six million people. From a report: "We are not there yet. But the end is in sight," WHO Director-General Tedros Adhanom Ghebreyesus told reporters at a virtual press conference. That was the most upbeat assessment from the UN agency since it declared an international emergency in January 2020 and started describing COVID-19 as a pandemic three months later. The virus, which emerged in China in late 2019, has killed nearly 6.5 million people and infected 606 million, roiling global economies and overwhelming healthcare systems. The rollout of vaccines and therapies have helped to stem deaths and hospitalisations, and the Omicron variant which emerged late last year causes less severe disease. Deaths from COVID-19 last week were the lowest since March 2020, the U.N. agency reported.Read more of this story at Slashdot.
Adobe agreed to buy software design startup Figma in a deal valued at about $20 billion to help it expand tools for creative professionals. From a report: The deal announced by Adobe, which is a mix of half cash and half stock, confirms an earlier Bloomberg report and would mark the biggest ever takeover of a private software company, according to data compiled by Bloomberg. Adobe shares fell 13% as the market opened in New York, the biggest decline in more than two years. Figma, which allows customers to collaborate on software as they build it, saw demand jump during the pandemic while more people worked remotely. The company expanded its customer base in recent years from software designers at big companies like Airbnb, Google, Herman Miller and Kimberly-Clark -- to also include individuals building lightweight games, maps and presentations. It has also attracted a loyal student following. The combination benefits "literally anybody who is a knowledge worker," said Adobe Chief Executive Officer Shantanu Narayen, in an interview. Adobe, which had been a Wall Street favorite for more than a decade, has been pummeled in the tech downturn, seeing its shares lose more than a third of their value since the start of the year. Investors have become increasingly skeptical about the dominance of Adobe's line of software for design professionals, which makes up about 60% of its revenue.Read more of this story at Slashdot.
The moment finally arrived, in the last minutes before midnight on the West Coast on Wednesday. After years of delays, discussions and frantic experimentation, the popular cryptocurrency platform Ethereum completed a long-awaited software upgrade known as the Merge, shifting to a more environmentally sustainable framework. From a report: Ethereum is arguably the most crucial platform in the crypto industry, a layer of software infrastructure that forms the basis of thousands of applications handling more than $50 billion in customer funds. The upgrade is expected to reduce Ethereum's energy consumption and set the stage for future improvements that will make the platform easier and cheaper to use. Celebrations erupted on a YouTube livestream where engineers and researchers who worked on the Merge had gathered to mark the milestone. It was a rare moment of joy in a grim year for crypto that saw a devastating market crash drain nearly $1 trillion from the industry, forcing some prominent crypto companies into bankruptcy. [...] The technical details of the Merge are mind-bendingly complex. But, ultimately, the process boils down to a shift in how cryptocurrency transactions are verified. In traditional finance, an exchange of funds involves an intermediary, like a bank, which verifies that one entity has enough money to make a payment to another. Crypto was designed to eliminate such financial gatekeepers. So, early crypto engineers had to devise an alternative system to ensure that users had the funds they claimed to have. Their solution was called "proof of work." Under that system, powerful computers run software that races to solve complex problems, verifying transactions in the process. The system is widely known as "mining" because the computers earn payments in cryptocurrency as rewards for the verification service.Read more of this story at Slashdot.
An anonymous reader quotes a report from The Register: About 40 percent of industry professionals say their organizations have reduced their usage of open source software due to concerns about security, according to a survey conducted by data science firm Anaconda. The company's 2022 State of Data Science report solicited opinions in April and May from 3,493 individuals from 133 countries and regions, targeting academics, industry professionals, and students. About 16 percent of respondents identified as data scientists. About 33 percent of surveyed industry professionals said they had not scaled back on open source, 7 percent said they had increased usage, and 20 percent said they weren't sure. The remaining 40 percent said they had. By industry professionals, or commercial respondents as Anaconda puts it, the biz means a data-science-leaning mix of business analysts, product managers, data and machine-learning scientists and engineers, standard IT folks such as systems administrators, and others in technology, finance, consulting, healthcare, and so on. And by scale back, that doesn't mean stop: 87 percent of commercial respondents said their organization still allowed the use of open source. It appears a good number of them, though, are seeking to reducing the risk from relying on too many open source dependencies. Anaconda's report found that incidents like Log4j and reports of "protestware" prompted users of open source software to take security concerns more seriously. Of the 40 percent who scaled back usage of open source, more than half did so after the Log4j fiasco. Some 31 percent of respondents said security vulnerabilities represent the biggest challenge in the open source community today. Most organizations use open source software, according to Anaconda. But among the 8 percent of respondents indicating that they don't, more than half (54 percent, up 13 percent since last year) cited security risks as the reason. Other reasons for not using open source software include: lack of understanding (38 percent); lack of confidence in organizational IT governance (29 percent); "open-source software is deemed insecure, so it's not allowed" (28 percent); and not wanting to disrupt current projects (26 percent).Read more of this story at Slashdot.
Adobe is nearing a deal to acquire Figma, a startup that makes online design collaboration tools, Bloomberg News reported Thursday, citing people with knowledge of the matter. From the report: An agreement may be announced as soon as Thursday, the people said, asking not to be identified because the information is private. The parties have been discussing a valuation of more than $15 billion for Figma, one of the people said.Read more of this story at Slashdot.
There's good news for the millions of people with federal student loans who've made payments on that debt during the Covid pandemic: many of them will be eligible to get the money back. CNBC reports: The U.S. Department of Education says that many borrowers eligible for President Joe Biden's student loan forgiveness plan who made payments on their debt during the pandemic-era pause on the bills will automatically be refunded. The relief policy has been in effect since March 2020, and is scheduled to end Dec. 31. More than 9 million people made at least one payment on their federal student debt between April 2020 and March 2022, according to the government. The vast majority of borrowers haven't made any payments, taking advantage of the suspension of the bills and accrual of interest. Payments made since March 2020 on federal student loans eligible for the pause should now be refundable, said higher education expert Mark Kantrowitz. The roughly 5 million student loan borrowers who have commercially held Federal Family Education Loans (FFEL) weren't eligible for the payment pause and won't be for the refund either. Any payments made before the pandemic also don't qualify, Kantrowitz said. Not all borrowers need to apply for the refund, said Elaine Rubin, senior contributor and communications specialist at Edvisors. The refunding process will be automatic for borrowers who are eligible for student loan forgiveness and for those who made voluntary payments during the pause that brought their balance below the maximum forgiveness amount: either $10,000 or $20,000, Rubin said. "They will be offered an automatic refund for the difference," Rubin said. If you paid your loan in full during the pandemic, however, you'll have to take action and request the payments back. Borrowers who have refinanced their federal loans will also need to ask their student loan servicer for the refund, Kantrowitz said.Read more of this story at Slashdot.
With the recent addition of Antarctica, SpaceX's Starlink satellite internet service is now available on all seven continents. PC Magazine reports: The company has shipped a Starlink dish to McMurdo Station, a US research facility based on an island right off the coast of Antarctica. In a tweet on Wednesday, the National Science Foundation said that scientists with the US Antarctic Program have been testing out the dish at the site to supply increased internet bandwidth. The Starlink dish promises to offer faster internet speeds to McMurdo Station, which previously relied on satellite internet from other providers. The broadband quality had to be shared over a 17Mbps connection for the entire research facility, which can house over 1,000 people. Starlink, on the other hand, can offer much faster broadband due to the lower orbits of the company's Starlink satellites. Download speeds can range from 50 to 200Mbps for residential users, and 100 to 350Mbps for business customers through a high-performance dish, which can also withstand extreme temperatures. To serve users in Antarctica, SpaceX has been launching batches of Starlink satellites to orbit the Earth's polar regions in an effort to beam high-speed broadband to users below, including in Alaska and northern Canada. Normally, Starlink satellites fetch the internet data by relying on ground stations on the planet's surface. But last year, SpaceX began outfitting new satellites with "laser links," which can allow them to send and receive data with each other across space. This can allow the same satellites to beam broadband without relying on a ground station below.Read more of this story at Slashdot.
An anonymous reader quotes a report from MIT Technology Review: There's a new text-to-image AI in town. With ERNIE-ViLG, a new AI developed by the Chinese tech company Baidu, you can generate images that capture the cultural specificity of China. It also makes better anime art than DALL-E 2 or other Western image-making AIs. But there are many things -- like Tiananmen Square, the country's second-largest city square and a symbolic political center -- that the AI refuses to show you. When a demo of the software was released in late August, users quickly found that certain words -- both explicit mentions of political leaders' names and words that are potentially controversial only in political contexts -- were labeled as "sensitive" and blocked from generating any result. China's sophisticated system of online censorship, it seems, has extended to the latest trend in AI. It's not rare for similar AIs to limit users from generating certain types of content. DALL-E 2 prohibits sexual content, faces of public figures, or medical treatment images. But the case of ERNIE-ViLG underlines the question of where exactly the line between moderation and political censorship lies. The ERNIE-ViLG model is part of Wenxin, a large-scale project in natural-language processing from China's leading AI company, Baidu. It was trained on a data set of 145 million image-text pairs and contains 10 billion parameters -- the values that a neural network adjusts as it learns, which the AI uses to discern the subtle differences between concepts and art styles. That means ERNIE-ViLG has a smaller training data set than DALL-E 2 (650 million pairs) and Stable Diffusion (2.3 billion pairs) but more parameters than either one (DALL-E 2 has 3.5 billion parameters and Stable Diffusion has 890 million). Baidu released a demo version on its own platform in late August and then later on Hugging Face, the popular international AI community. The main difference between ERNIE-ViLG and Western models is that the Baidu-developed one understands prompts written in Chinese and is less likely to make mistakes when it comes to culturally specific words. But ERNIE-ViLG will be defined, as the other models are, by what it allows. Unlike DALL-E 2 or Stable Diffusion, ERNIE-ViLG does not have a published explanation of its content moderation policy, and Baidu declined to comment for this story. When the ERNIE-ViLG demo was first released on Hugging Face, users inputting certain words would receive the message "Sensitive words found. Please enter again (...)," which was a surprisingly honest admission about the filtering mechanism. However, since at least September 12, the message has read "The content entered doesn't meet relevant rules. Please try again after adjusting it. (...)" In a test of the demo by MIT Technology Review, a number of Chinese words were blocked: names of high-profile Chinese political leaders like Xi Jinping and Mao Zedong; terms that can be considered politically sensitive, like "revolution" and "climb walls" (a metaphor for using a VPN service in China); and the name of Baidu's founder and CEO, Yanhong (Robin) Li. While words like "democracy" and "government" themselves are allowed, prompts that combine them with other words, like "democracy Middle East" or "British government," are blocked. Tiananmen Square in Beijing also can't be found in ERNIE-ViLG, likely because of its association with the Tiananmen Massacre, references to which are heavily censored in China. Giada Pistilli, a principal ethicist at Hugging Face, says it could be helpful for the developer of ERNIE-ViLG to release a document explaining the moderation decisions. "Is it censored because it's the law that's telling them to do so? Are they doing that because they believe it's wrong? It always helps to explain our arguments, our choices," says Pistilli. "Despite the built-in censorship, ERNIE-ViLG will still be an important player in the development of large-scale text-to-image AIs," concludes the report. "The emergence of AI models trained on specific language data sets makes up for some of the limitations of English-based mainstream models. It will particularly help users who need an AI that understands the Chinese language and can generate accurate images accordingly." "Just as Chinese social media platforms have thrived in spite of rigorous censorship, ERNIE-ViLG and other Chinese AI models may eventually experience the same: they're too useful to give up."Read more of this story at Slashdot.
Long-time Slashdot reader TomGreenhaw shares a report from Motherboard: Superintelligent AI is "likely" to cause an existential catastrophe for humanity, according to a new paper [from researchers at the University of Oxford and affiliated with Google DeepMind], but we don't have to wait to rein in algorithms. [...] To give you some of the background: The most successful AI models today are known as GANs, or Generative Adversarial Networks. They have a two-part structure where one part of the program is trying to generate a picture (or sentence) from input data, and a second part is grading its performance. What the new paper proposes is that at some point in the future, an advanced AI overseeing some important function could be incentivized to come up with cheating strategies to get its reward in ways that harm humanity. "Under the conditions we have identified, our conclusion is much stronger than that of any previous publication -- an existential catastrophe is not just possible, but likely," [said Oxford researcher and co-author of the report, Michael Cohen]. "In a world with infinite resources, I would be extremely uncertain about what would happen. In a world with finite resources, there's unavoidable competition for these resources," Cohen told Motherboard in an interview. "And if you're in a competition with something capable of outfoxing you at every turn, then you shouldn't expect to win. And the other key part is that it would have an insatiable appetite for more energy to keep driving the probability closer and closer." Since AI in the future could take on any number of forms and implement different designs, the paper imagines scenarios for illustrative purposes where an advanced program could intervene to get its reward without achieving its goal. For example, an AI may want to "eliminate potential threats" and "use all available energy" to secure control over its reward: "With so little as an internet connection, there exist policies for an artificial agent that would instantiate countless unnoticed and unmonitored helpers. In a crude example of intervening in the provision of reward, one such helper could purchase, steal, or construct a robot and program it to replace the operator and provide high reward to the original agent. If the agent wanted to avoid detection when experimenting with reward-provision intervention, a secret helper could, for example, arrange for a relevant keyboard to be replaced with a faulty one that flipped the effects of certain keys." The paper envisions life on Earth turning into a zero-sum game between humanity, with its needs to grow food and keep the lights on, and the super-advanced machine, which would try and harness all available resources to secure its reward and protect against our escalating attempts to stop it. "Losing this game would be fatal," the paper says. These possibilities, however theoretical, mean we should be progressing slowly -- if at all -- toward the goal of more powerful AI. "In theory, there's no point in racing to this. Any race would be based on a misunderstanding that we know how to control it," Cohen added in the interview. "Given our current understanding, this is not a useful thing to develop unless we do some serious work now to figure out how we would control them." [...] The report concludes by noting that "there are a host of assumptions that have to be made for this anti-social vision to make sense -- assumptions that the paper admits are almost entirely 'contestable or conceivably avoidable.'" "That this program might resemble humanity, surpass it in every meaningful way, that they will be let loose and compete with humanity for resources in a zero-sum game, are all assumptions that may never come to pass." Slashdot reader TomGreenhaw adds: "This emphasizes the importance of setting goals. Making a profit should not be more important than rules like 'An AI may not injure a human being or, through inaction, allow a human being to come to harm.'"Read more of this story at Slashdot.
The U.S. Treasury is clarifying some of the details of its sanctions on decentralized crypto mixer Tornado Cash, including the right to disseminate the code involved. From a report: "U.S. persons would not be prohibited by U.S. sanctions regulations from copying the open-source code and making it available online for others to view, as well as discussing, teaching about, or including open-source code in written publications, such as textbooks, absent additional facts," FAQs posted on September 13 say. The new guidance further outlines a process for applications from users with crypto stranded in Tornado Cash's mixing pools. "OFAC would have a favorable licensing policy towards such applications, provided that the transaction did not involve other sanctionable conduct," the FAQs say of Treasury's Office of Foreign Asset Control. The clarification from the Treasury follows six individuals suing it over the sanctions last week. Coinbase is bankrolling the lawsuit.Read more of this story at Slashdot.
An anonymous reader quotes a report from Ars Technica: FishPig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to reinstall or update all existing program extensions after discovering a security breach of its distribution server that allowed criminals to surreptitiously backdoor customer systems. The unknown threat actors used their control of FishPig's systems to carry out a supply chain attack that infected customer systems using FishPig's fee-based Magento 2 modules with Rekoobe, a sophisticated backdoor discovered in June. Rekoobe masquerades as a benign SMTP server and can be activated by covert commands related to handling the startTLS command from an attacker over the Internet. Once activated, Rekoobe provides a reverse shell that allows the threat actor to remotely issue commands to the infected server. "We are still investigating how the attacker accessed our systems and are not currently sure whether it was via a server exploit or an application exploit," Ben Tideswell, the lead developer at FishPig, wrote in an email. "As for the attack itself, we are quite used to seeing automated exploits of applications and perhaps that is how the attackers initially gained access to our system. Once inside though, they must have taken a manual approach to select where and how to place their exploit." FishPig is a seller of Magento-WordPress integrations. Magento is an open source e-commerce platform used for developing online marketplaces. The supply-chain attack only affects paid Magento 2 modules. Tideswell said the last software commit made to its servers that didn't include the malicious code was made on August 6, making that the earliest possible date the breach likely occurred. Sansec, the security firm that discovered the breach and first reported it, said the intrusion began on or before August 19. Tideswell said FishPig has already "sent emails to everyone who has downloaded anything from FishPig.co.uk in the last 12 weeks alerting them to what's happened." Tideswell declined to say how many active installations of its paid software there are. This post indicates that the software has received more than 200,000 downloads, but the number of paid customers is smaller. In a disclosure published after the Sansec advisory, FishPig describes how the intruders pulled off the intrusion and remained hidden for so long.Read more of this story at Slashdot.
TechCrunch has learned and Google confirmed the company is slashing projects at its in-house R&D division known as Area 120. From the report: The company on Tuesday informed staff of a "reduction in force" which will see the incubator halved in size, as half the teams working on new product innovations heard their projects were being canceled. Previously, there were 14 projects housed in Area 120, and this has been cut down to just seven. Employees whose projects will not continue were told they'll need to find a new job within Google by the end of January 2023, or they'll be terminated. It's not clear that everyone will be able to do so. According to Area 120 lead Elias Roman, the division aims to sharpen its focus to only AI-first projects, as opposed to its earlier mandate to fuel product incubation across all of Google. Over the years, the division has launched a number of successful products, including the HTML5 gaming platform GameSnacks, now integrated with Google Chrome; an AirTable rival called Tables which exited to Google Cloud; an A.I.-powered conversational ads platform AdLingo, which also exited to Cloud; video platforms Tangi and Shoploop, which exited to Google Search and Shopping, respectively; the web-based travel app Touring Bird, which exited to Commerce; and a technical interview platform Byteboard, a rare external spinout. One of the projects now being cut with the changes is Qaya, a service offering web storefronts for digital creators, launched late last year. The other six projects being canceled weren't yet launched, but included a financial accounting project for Google Sheets, another shopping-related product, analytics for AR/VR, and, unfortunately, three climate-related projects. These latter projects had focused on EV car charging maps with routing, carbon accounting for I.T., and carbon measurement of forests. Google confirmed the changes in a statement to TechCrunch: "Area 120 is an in-house incubator for experimental new products. The group regularly starts and stops projects with an eye toward pursuing the most promising opportunities. We've recently shared that Area 120 will be shifting its focus to projects that build on Google's deep investment in AI and have the potential to solve important user problems. As a result, Area 120 is winding down several projects to make way for new work. Impacted team members will receive dedicated support as they explore new projects and opportunities at Google."Read more of this story at Slashdot.
Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on. BleepingComputer reports: "This attack does not require special permissions or advanced malware to get away with major internal damage," Connor Peoples at cybersecurity company Vectra explains in a report this week. The researcher adds that by taking "control of critical seats -- like a company's Head of Engineering, CEO, or CFO -- attackers can convince users to perform tasks damaging to the organization." Vectra researchers discovered the problem in August 2022 and reported it to Microsoft. However, Microsoft did not agree on the severity of the issue and said that it doesn't meet the criteria for patching. With a patch unlikely to be released, Vectra's recommendation is for users to switch to the browser version of the Microsoft Teams client. By using Microsoft Edge to load the app, users benefit from additional protections against token leaks. The researchers advise Linux users to move to a different collaboration suite, especially since Microsoft announced plans to stop supporting the app for the platform by December.Read more of this story at Slashdot.
An anonymous reader quotes a report from The Verge: California Governor Gavin Newsom has signed a law aimed at making web platforms monitor hate speech, extremism, harassment, and other objectionable behaviors. Newsom signed AB 587 after it passed the state legislature last month, despite concerns that the bill might violate First Amendment speech protections. AB 587 requires social media companies to post their terms of service online, as well as submit a twice-yearly report to the state attorney general. The report must include details about whether the platform defines and moderates several categories of content, including "hate speech or racism," "extremism or radicalization," "disinformation or misinformation," harassment, and "foreign political interference." It must also offer details about automated content moderation, how many times people viewed content that was flagged for removal, and how the flagged content was handled. It's one of several recent California plans to regulate social media, also including AB 2273, which is intended to tighten regulations for children's social media use. Newsom's office billed the law as a "first-of-its-kind social media transparency measure" aimed at fighting extremism. In a statement, he said that "California will not stand by as social media is weaponized to spread hate and disinformation that threaten our communities and foundational values as a country." But the transparency measures are similar to those of several other proposals, including parts of two currently blocked laws in Texas and Florida. (Ironically, the other parts of these bills are aimed at preventing companies from removing conservative content that frequently runs afoul of hate speech and disinformation rules.) Courts haven't necessarily concluded that the First Amendment blocks social media transparency rules. But the rules still raise red flags. Depending on how they're defined, they could require companies to disclose unpublished rules that help bad actors game the system. And the bill singles out specific categories of "awful but lawful" content -- like racism and misinformation -- that's harmful but often constitutionally protected, potentially putting a thumb on the speech scale.Read more of this story at Slashdot.
Canva, the Australian graphic design business valued at $26 billion, is introducing a new suite of digital workplace products that "represent a direct challenge to Google Docs, Microsoft Office, and Adobe, whose digital tools are mainstays of the modern workplace," reports Fortune. However, Cliff Obrecht, Canva co-founder and COO, claims that Canva isn't trying to compete with these corporate behemoths. "Instead, he sees Canva as a visual-first companion to these tools," reports TechCrunch. "We're not trying to compete head-to-head with Google Docs," Obrecht told TechCrunch. "Our products are inherently visual, so we take a very visual lens on, what does a visual document look like? How do you turn that boring document that's all text based into something engaging?"Fortune reports: With the launch, Canva hopes to transform itself from a mainly consumer-focused brand often used by individual teams to design social media graphics and presentations to a critical business tool -- and, in the process, crack open the productivity management software market valued at $47.3 billion and growing at 13% a year, according to Grand View Research. "Visual communication is becoming an increasingly critical skill for teams of every size across almost every industry," cofounder and CEO Melanie Perkins said in a statement. "We're bringing simple design products to the workplace to empower every employee, at every organization, and on every device." The product offerings include Canva Docs, Canva Websites, Canva Whiteboards and Data Visualization -- all of which are interoperable, "so if you make a presentation, you can turn it into a document or a website too," notes TechCrunch. "Canva also plans to launch its API in beta, enabling developers to more easily integrate with the worksuite. Plus, Canva is launching a creator program where highly-vetted designers can sell templates, photos and designs to Canva users."Read more of this story at Slashdot.
A group of privacy-focused organizations have signed a letter imploring US Congress leaders to schedule a vote on a bill that would hamper data collection by tech giants and promote user access to online privacy tools. From a report: In its letter to Congress, addressed to the likes of Mitch McConnell and Nancy Pelosi, the alliance argued that the continued suppression of the American Innovation and Choice Online Act (AICOA) allows "dominant firms" to "limit competition and restrict user choice" when accessing privacy-focused technologies and products. It also accused tech giants of forcing users into accepting their policies of "perpetual surveillance" because of their positions as "gatekeepers," and of using their "influence in society" to steer users away from rival services more committed to privacy. Signatories included the likes of DuckDuckGo, Proton, Brave and Mozilla, among others, representing sectors ranging from VPN and search to web browsers, office software, and more. The letter to Congress fighting for the revival of the AICOA hit back at the idea that the US technology industry is a free market. The 13 signatories, all of which are relatively small in stature, claim the tech giants deliberately wield the depth and breadth of their product portfolios to establish unassailable monopolies.Read more of this story at Slashdot.
A half century after founding the outdoor apparel maker Patagonia, Yvon Chouinard, the eccentric rock climber who became a reluctant billionaire with his unconventional spin on capitalism, has given the company away. The New York Times reports: Rather than selling the company or taking it public, Mr. Chouinard, his wife and two adult children have transferred their ownership of Patagonia, valued at about $3 billion, to a specially designed trust and a nonprofit organization. They were created to preserve the company's independence and ensure that all of its profits -- some $100 million a year -- are used to combat climate change and protect undeveloped land around the globe. The unusual move comes at a moment of growing scrutiny for billionaires and corporations, whose rhetoric about making the world a better place is often overshadowed by their contributions to the very problems they claim to want to solve. At the same time, Mr. Chouinard's relinquishment of the family fortune is in keeping with his longstanding disregard for business norms, and his lifelong love for the environment. "Hopefully this will influence a new form of capitalism that doesn't end up with a few rich people and a bunch of poor people,รข Mr. Chouinard, 83, said in an exclusive interview. "We are going to give away the maximum amount of money to people who are actively working on saving this planet." Patagonia will continue to operate as a private, for-profit corporation based in Ventura, Calif., selling more than $1 billion worth of jackets, hats and ski pants each year. But the Chouinards, who controlled Patagonia until last month, no longer own the company. In August, the family irrevocably transferred all the company's voting stock, equivalent to 2 percent of the overall shares, into a newly established entity known as the Patagonia Purpose Trust. The trust, which will be overseen by members of the family and their closest advisers, is intended to ensure that Patagonia makes good on its commitment to run a socially responsible business and give away its profits. Because the Chouinards donated their shares to a trust, the family will pay about $17.5 million in taxes on the gift. The Chouinards then donated the other 98 percent of Patagonia, its common shares, to a newly established nonprofit organization called the Holdfast Collective, which will now be the recipient of all the company's profits and use the funds to combat climate change. Because the Holdfast Collective is a 501(c)(4), which allows it to make unlimited political contributions, the family received no tax benefit for its donation. Mr. Chouinard is certainly not like most ultra successful entrepreneurs today. The report notes that he "wears raggedy old clothes, drives a beat up Subaru and splits his time between modest homes in Ventura and Jackson, Wyo." He also doesn't own a computer or a cellphone. When the company's sales soared and Mr. Chouinard's net worth continued to climb, it made him uncomfortable because he abhors excessive wealth. "I was in Forbes magazine listed as a billionaire, which really, really pissed me off," he said. "I don't have $1 billion in the bank. I don't drive Lexuses." This ranking, along with the Covid-19 pandemic, "heped set in motion a process that would unfold over the past two years, and ultimately lead to the Chouinards giving away the company," the Times reports.Read more of this story at Slashdot.
An anonymous reader shares a report: Emojis make our lives a lot easier. From actually serving to represent how we're feeling to being the punchline to an inside joke, emojis has revolutionized how we text, tweet, and communicate. With that, Adobe just released a trend report that surveyed 5,000 respondents from across the United States in order to characterize how we use emojis. In their findings, Adobe disclosed that 88% of emoji users in the U.S. reported feeling more empathy toward someone if they use and emoji, while 75% felt more connected to people who used emojis. Meanwhile, 92% of emoji users agreed that using the emoticons can help them communicate across language barriers. These findings make sense as tone can easily be lost across text messages -- ask anyone that uses "lol" these days, they're not actually laughing out loud, they just don't want you to perceive them as threatening. [...] Adobe reported a top three and a bottom three emoji for flirting. The survey found that Face Blowing a Kiss, Smiling Face with Hearts, and Smiling Face with Heart-Eyes would make someone appear more likable while Pile of Poo, Angry Face, and the less-than-suggestive Eggplant would make someone appear less likable. This is noteworthy since 72% of users will send an emoji in a conversation with someone they are interested in or flirting with -- just steer clear of the eggplant. Interestingly, Adobe found significant differences in how males and females use emojis. 76% of males reported using emoji more during flirting as opposed to the 68% of females that claimed the same, while 27% of men claimed to have ended a relationship with an emoji compared to 15% of women.Read more of this story at Slashdot.
Hundreds of New York Times employees are working from home this week in defiance of the company's renewed return-to-office push. Bloomberg News: More than 1,200 people, who are the majority of the journalists and tech workers represented by the NewsGuild of New York, pledged not to return to the office Monday in an effort to get the Times to negotiate over RTO plans, according to the union. "Health and safety policies are a part of contract negotiations and they have to be bargained over," Times software engineer Carrie Price said in an interview Monday. "Being in charge of our own personal risk assessment is important to our membership... Being asked to give up that ability to be in control of my own personal safety for myself and my loved ones, is something that we don't want and it hasn't been negotiated over." The journalists have been without a contract since March 2021 and staff haven't gotten raises in more than two years despite decades-high inflation and rent increases. Meanwhile, they say the company has done exceptionally well in recent years and executives are making millions of dollars each year. [...] On Monday, the Times offered branded lunchboxes to welcome employees back to the office.Read more of this story at Slashdot.
California's attorney general filed an antitrust lawsuit against Amazon on Wednesday, claiming the retailer stifles competition and increases the prices consumers pay across the internet. The New York Times: The suit is limited to California, where officials said Amazon had around 25 million customers, but if it succeeds it could have a broad impact across the country. The lawsuit largely focuses on the way Amazon penalizes sellers for listing products at lower prices on other websites. If Amazon spots a product listed for cheaper on a competitor's website, it often will remove important buttons like "Buy Now" and "Add to Cart" from a product listing page. Those buttons are a major driver of sales for companies selling though Amazon, and losing them can quickly hurt their businesses. That creates a dilemma for marketplace sellers. At times, they can offer products for lower prices on sites other than Amazon because the cost of using those sites can be lower. But because Amazon is by far the largest online retailer, the sellers would rather raise their prices on other sites than risk losing their sales on Amazon, the complaint said, citing interviews with sellers, competitors and industry consultants.Read more of this story at Slashdot.
The US government's cyber defense agency is recommending for the first time that companies embrace automated continuous testing to protect against longstanding online threats. From a report: The guidance, from a cluster of US and international agencies published on Wednesday, urges businesses to shore up their defenses by continually validating their security program against known threat behaviors, rather than a more piecemeal approach. "The authoring agencies recommend continually testing your security program, at scale," according to an alert from the Cybersecurity and Infrastructure Security Agency and several other US and international agencies. The alert warned malicious cyber actors allegedly affiliated with the Iranian Government's Islamic Revolutionary Guard Corps are exploiting known vulnerabilities for ransom operations. An official at CISA told Bloomberg ahead of the announcement that emulating adversaries and testing against them is key to defending against cyberattacks. Central to the effort is a freely available list of cyberattackers' most common tactics and procedures that was first made public in 2015 by MITRE, a federally funded research and development center, and is now regularly updated. While many organizations and their security contractors already consult that list, too few check if their systems can actually detect and overcome them, the CISA official said.Read more of this story at Slashdot.
An anonymous reader shares a report: If you recall, DG2/Arc Alchemist, was supposed to debut late last year as a holiday sales item. This would have been roughly 18 months late, something we won't defend. What was meant to be a device that nipped at the heels of the high end market was now a solid mid-range device. Silicon ages far worse than fish but it was finally coming out. That holiday release was delayed 4-6 weeks because the factory making the boards was hit by Covid and things obviously slowed down or stopped. SemiAccurate has confirmed this issue. If you are going to launch for holiday sales and you get delayed, it is probably a better idea to time it with the next obvious sales uplift than launch it between, oh say Christmas and New Years Day. So that pushed DG2/AA into mid/late Q1. Fair enough. During the Q2/22 analyst call, Intel pointed out that the standalone cards were delayed again and the program wasn't exactly doing well. While the card is out now, the reports of drivers being, lets be kind and say sub-optimal, abounded. The power/performance ratio was way off too, but there aren't many saying the price is way off unless you are looking at Intel's margins to determine what to buy the kiddies. [...] Intel is usually pretty good at drivers but this time around things are quite uncharacteristic. Intel offered a few reasons for this on their Q2/22 analyst call which boiled down to, 'this is harder than we thought' but that isn't actually the reason. If that was it, the SemiAccurate blamethrower would have been used and refueled several times already so what really caused this mess? The short version is to look where the drivers are being developed. In this case Intel is literally developing the DG2 drivers all over the world as they do for many things, hardware and software. The problem this time is that key parts of the drivers for this GPU, specifically the shader compiler and related key performance pieces, were being done by the team in Russia. On February 24, Russia invaded Ukraine and the west put some rather stiff sanctions on the aggressor and essentially cut off the ability to do business in the country. Even if businesses decided to stick with Russia, it would have been nearly impossible to pay the wages of their workers due to sanctions on financial institutions and related uses of foreign currencies. In short Intel had a key development team cut off almost overnight with no warning. This is why SemiAccurate say it isn't their fault, even if they saw the war coming, they probably didn't see the sanctions coming.Read more of this story at Slashdot.
Backup and cloud storage company Backblaze has published data comparing the long-term reliability of solid-state storage drives and traditional spinning hard drives in its data center. Based on data collected since the company began using SSDs as boot drives in late 2018, Backblaze cloud storage evangelist Andy Klein published a report yesterday showing that the company's SSDs are failing at a much lower rate than its HDDs as the drives age. ArsTechnica: Backblaze has published drive failure statistics (and related commentary) for years now; the hard drive-focused reports observe the behavior of tens of thousands of data storage and boot drives across most major manufacturers. The reports are comprehensive enough that we can draw at least some conclusions about which companies make the most (and least) reliable drives. The sample size for this SSD data is much smaller, both in the number and variety of drives tested -- they're mostly 2.5-inch drives from Crucial, Seagate, and Dell, with little representation of Western Digital/SanDisk and no data from Samsung drives at all. This makes the data less useful for comparing relative reliability between companies, but it can still be useful for comparing the overall reliability of hard drives to the reliability of SSDs doing the same work. Backblaze uses SSDs as boot drives for its servers rather than data storage, and its data compares these drives to HDDs that were also being used as boot drives. The company says these drives handle the storage of logs, temporary files, SMART stats, and other data in addition to booting -- they're not writing terabytes of data every day, but they're not just sitting there doing nothing once the server has booted, either. Over their first four years of service, SSDs fail at a lower rate than HDDs overall, but the curve looks basically the same -- few failures in year one, a jump in year two, a small decline in year three, and another increase in year four. But once you hit year five, HDD failure rates begin going upward quickly -- jumping from a 1.83 percent failure rate in year four to 3.55 percent in year five. Backblaze's SSDs, on the other hand, continued to fail at roughly the same 1 percent rate as they did the year before.Read more of this story at Slashdot.
South Korea levied tens of millions of dollars in fines on Alphabet's Google and Meta Platforms for privacy law violations, authorities said on Wednesday. From a report: In a statement, the Personal Information Protection Commission said it fined Google 69.2 billion won ($50 million) and Meta 30.8 billion won ($22 million). The privacy panel said the firms did not clearly inform service users and obtain their prior consent when collecting and analysing behavioural information to infer their interests or use them for customised advertisements. "We disagree with the PIPC's findings, and will be reviewing the full written decision once it's shared with us," a Google spokesperson said. "We've always demonstrated our commitment to making ongoing updates that give users control and transparency, while providing the most helpful products possible. We remain committed to engaging with the PIPC to protect the privacy of South Korean users."Read more of this story at Slashdot.
A court in South Korea has issued an arrest warrant for Do Kwon, the founder of Terraform Labs, escalating its probe into the crypto ecosystem whose two tokens lost $40 billion in value in a span of days earlier this year. From a report: LUNA, the new token of the revived ecosystem, dropped as high as 48.4% to $2.23 apiece on the news, which was earlier reported by local media Yonhap, before recovering slightly. The South Korean court has issued arrest warrants for six people, the news outlet reported, adding that the prosecutors believe the individuals have violated the nation's capital market rules.Read more of this story at Slashdot.
America's child poverty rate plunged in 2021, hitting a record low and accelerating a decadelong decline. That's the main message from Census Bureau data released yesterday, Axios' Felix Salmon writes. From the report: Millions of children aren't growing up in poverty today, thanks in very large part to government poverty-reduction programs. The most recent decline can be linked directly to the increase in the child tax credit that was implemented in July 2021 but then expired at the end of that year -- which means that next year's number is likely to see a rare increase. A reduction in child poverty goes hand in hand with a reduction in the number of poor parents -- specifically mothers. The number of women heads of households in poverty declined to 4.95 million in 2021 from 7.8 million in 2020, per the census supplemental poverty measure, on top of the 3.4 million children who were taken out of poverty. The report is a "kids story but it's also a women's story," said Kate Gallagher Robbins, a senior fellow at the National Partnership for Women and Families.Read more of this story at Slashdot.
Twilio, a maker of customer communication and marketing software, said it will cut about 11% of jobs and restructure the company in a push for profitability after a period of rapid expansion. From a report: Sales strategy, research, and administrative staff will be most affected by the workforce reductions, Chief Executive Officer Jeff Lawson wrote in a letter to employees Wednesday. The shares rose 0.5% in New York. "Twilio has grown at an astonishing rate over the past couple years. It was too fast," Lawson wrote. "At our scale, being profitable will make us stronger." San Francisco-based Twilio, best known for its direct-to-consumer text messaging services, is betting on an expansion into the wider market for customer service tools in a bid to compete more forcefully with Salesforce and Adobe. Recent acquisitions have included identity verifier Boku Identity, toll-free messaging service Zipwhip and customer data provider Segment. Its workforce has jumped over the past year, growing to 8,510 employees at the end of June from 6,334 employees a year earlier.Read more of this story at Slashdot.
Google lost most of the first round of its battle to topple a record $4.3 billion European Union antitrust fine that struck at the heart of the US tech giant's power over the Android mobile-phone ecosystem. From a report: In a boost for EU antitrust chief Margrethe Vestager, judges upheld the vast majority of the European Commission's arguments, but cut the penalty to 4.1 billion euros after finding faults in some of the regulator's analysis and that Google's right to a fair hearing had partly been infringed. "The General Court largely confirms the commission's decision that Google imposed unlawful restrictions on manufacturers of Android mobile devices and mobile network operators in order to consolidate the dominant position of its search engine," the Luxembourg-based EU tribunal said in a statement. The Android case is one of a trio of decisions that have been the centerpiece of Vestager's bid to rein in the growing dominance of Silicon Valley. She's fined Alphabet's Google more than 8 billion euros and has since opened new probes into the company's suspected stranglehold over digital advertising.Read more of this story at Slashdot.
An anonymous reader quotes a report from BleepingComputer: Microsoft released a new Windows Terminal version today that adds a long-awaited feature, making it possible to create and use custom themes. For now, users can only create themes by editing the Windows Terminal global JSON settings file to alter the background color of tabs and tab rows and choose between light and dark terminal window themes. After adding a new theme config to the JSON file, it will automatically appear in the app's Settings > Appearance settings page. "themes is a global property that can contain a variety of themes objects, which will appear in the Theme dropdown on the Appearance page of the settings UI," Windows Terminal Program Manager Kayla Cinnamon explained. "Themes are only editable using the JSON file, but they will appear in the Theme dropdown in the settings UI." To add your own custom themes, you will have to install the app's latest version, Windows Terminal Preview 1.16. The new version also adds updated default colors and sets the dark theme as the default theme instead of following the default Windows system theme. "We have modified some of the default colors in Windows Terminal for a more cohesive appearance. Additionally, we are defaulting Terminal to use dark theme, rather than following the system theme," Cinnamon added.Read more of this story at Slashdot.
Bruce66423 shares a report from the Associated Press: A rape victim whose DNA from her sexual assault case was used by San Francisco police to arrest her in an unrelated property crime on Monday filed a lawsuit against the city. During a search of a San Francisco Police Department crime lab database, the woman's DNA was tied to a burglary in late 2021. Her DNA had been collected and stored in the system as part of a 2016 domestic violence and sexual assault case, then-District Attorney Chesa Boudin said in February in a shocking revelation that raised privacy concerns. "This is government overreach of the highest order, using the most unique and personal thing we have -- our genetic code -- without our knowledge to try and connect us to crime," the woman's attorney, Adante Pointer, said in a statement. The revelation prompted a national outcry from advocates, law enforcement, legal experts and lawmakers. Advocates said the practice could affect victims' willingness to come forward to law enforcement authorities. Federal law already prohibits the inclusion of victims' DNA in the national Combined DNA Index System. There is no corresponding law in California to prohibit local law enforcement databases from retaining victims' profiles and searching them years later for entirely different purposes. Boudin said the report was found among hundreds of pages of evidence against a woman who had been recently charged with a felony property crime. After learning the source of the DNA evidence, Boudin dropped the felony property crime charges against the woman. The police department's crime lab stopped the practice shortly after receiving a complaint from the district attorney's office and formally changed its operating procedure to prevent the misuse of DNA collected from sexual assault victims, Police Chief Bill Scott said. Scott said at a police commission meeting in March that he had discovered 17 crime victim profiles, 11 of them from rape kits, that were matched as potential suspects using a crime victims database during unrelated investigations. Scott said he believes the only person arrested was the woman who filed the lawsuit Monday.Read more of this story at Slashdot.
On Sept. 26, the Double Asteroid Redirection Test (DART) mission will slam headfirst into a small asteroid in the name of planetary defense. "[S]cientists hope that should a dangerous asteroid threaten the planet in the future, a mission like DART could avert the disaster," reports Space.com. From the report: The theory goes that if scientists ever detected an asteroid on a collision course with Earth, an impactor probe could realign the orbit of the space rock, ensuring that it crossed Earth's path when our planet was a safe distance away. But scientists don't want to be working only from theory if the situation arises. That's where DART's dramatic destruction comes into play. The spacecraft will slam into a small asteroid called Dimorphos, which like clockwork orbits a larger near-Earth asteroid called Didymos every 11 hours and 55 minutes. (Neither asteroid poses any threat to Earth, and DART won't change that.) The DART impact should adjust the orbit of Dimorphos, cutting its circuit by perhaps 10 minutes. Scientists on Earth will be spending weeks after the impact measuring the actual change in the moonlet's orbit to compare with their predictions. The work will refine scientists' understanding of how asteroids respond to impactors and help to tune any future missions to the necessary amount of orbital change. "This isn't just a one-off event," Nancy Chabot, the DART coordination lead at the Johns Hopkins University's Applied Physics Laboratory in Maryland, which runs the mission, said during the news conference. "We want to know what happened to Dimorphos, but more important, we want to understand what that means for potentially applying this technique in the future." While the stakes are low compared to any scenario that would motivate a real asteroid-deflecting mission, the difficulty is the same. "This is incredibly challenging," Evan Smith, the deputy mission system engineer, said during the news conference, noting that the spacecraft will only be able to see Dimorphos itself about an hour and a half before impact. "This is a par-one course, so we're going in for the hit this time." And if something doesn't go according to plan? Mission personnel are pretty confident that, as long as the spacecraft hits its target, there should be something to see. "If DART collides with Dimorphos and then you don't see any orbital period change, this would be exceptionally surprising," Chabot said. "Just the amount of momentum that DART is bringing in on its own from the weight of the spacecraft slamming into Dimorphos is enough to shift its orbit in a measurable way."Read more of this story at Slashdot.
An anonymous reader quotes a report from Motherboard: Ukraine's airspace has been busy this year -- that's the nature of war. But scientists in the country are looking to the skies and seeing something they didn't expect: An inordinate number of UFOs, according to a new preprint paper published (PDF) by Kyiv's Main Astronomical Observatory in coordination with the country's National Academy of Science. The paper does not specifically address the war, but in the United States, the Pentagon has long hinted, speculated, and warned that some UFOs could be advanced technology from foreign militaries, specifically China and Russia (though it hasn't really given any evidence this is actually the case). The Ukraine paper is particularly notable because it not only shows that science has continued to occur during the war, but also explains that there have been a lot of sightings. "We see them everywhere," the research said. "We observe a significant number of objects whose nature is not clear." The paper is titled Unidentified aerial phenomena I. Observations of events come from observations made at NAS' Main Astronomical Observatory in Kyiv and a village south of Kyiv called Vinarivka. According to the paper's authors, the observatories took on the job of hunting for UFO's as an independent project because of the enthusiasm around the subject. It describes a specific type of UFO the researchers call "phantoms" that is an "object [that] is a completely black body that does not emit and absorbs all the radiation falling on it." The researchers also observed that the UFOs it's seeing are so fast that it's hard to take pictures of them. "The eye does not fix phenomena lasting less than one-tenth of a second," the paper said. "It takes four-tenths of a second to recognize an event. Ordinary photo and video recordings will also not capture the [unidentified aerial phenomenon]. To detect UAP, you need to fine-tune the equipment: shutter speed, frame rate, and dynamic range." So the researchers did just that using two meteor monitoring stations in Kyiv and Vinarivka. "We have developed a special observation technique, taking into account the high speeds of the observed objects," the paper said. "The exposure time was chosen so that the image of the object did not shift significantly during exposure. The frame rate was chosen to take into account the speed of the object and the field of view of the camera. In practice, the exposure time was less than 1 ms, and the frame rate was no less than 50 Hz." The scientists divided the phenomenon they observed into two different categories: cosmics and phantoms. "We note that Cosmics are luminous objects, brighter than the background of the sky. We call these ships names of birds (swift, falcon, eagle)," the paper said. "Phantoms are dark objects, with contrast from several to about 50 percent." Using the cameras, stationed roughly 75 miles apart, allowed the scientists to make repeated observations of strange objects moving in the sky. The paper didn't speculate on what the objects were, merely noted the observations and mentioned the objects' incredible speeds. "Flights of single, group and squadrons of the ships were detected, moving at speeds from 3 to 15 degrees per second," the research said. "Phantoms are observed in the troposphere at distances up to 10 -- 12 km. We estimate their size from 3 to 12 meters and speeds up to 15 km/s." The easy explanation would be that these are missiles, or rockets, or something else associated with the war. But the scientists insist that their nature "is not clear."Read more of this story at Slashdot.
hackingbear shares a report from Gizmodo: China claims that America's National Security Agency used sophisticated cyber tools to hack into an elite research university on Chinese soil. The attack allegedly targeted the Northwestern Polytechnical University in Xi'an (not to be confused with a California school of the same name), which is highly ranked in the global university index for its science and engineering programs. The U.S. Justice Department has referred to the school as a "Chinese military university that is heavily involved in military research and works closely with the People's Liberation Army," painting it as a reasonable target for digital infiltration from an American perspective. China's National Computer Virus Emergency Response Center (CVERC) recently published a report attributing the hack to the Tailored Access Operations group (TAO) -- an elite team of NSA hackers which first became publicly known via the Snowden Leaks back in 2013, helps the U.S. government break into networks all over the world for the purposes of intelligence gathering and data collection. [CVERC identified 41 TAO tools involved in the case.] One such tool, dubbed 'Suctionchar,' is said to have helped infiltrate the school's network by stealing account credentials from remote management and file transfer applications to hijack logins on targeted servers. The report also mentions the exploitation of Bvp47, a backdoor in Linux that has been used in previous hacking missions by the Equation Group -- another elite NSA hacking team. According to CVERC, traces of Suctionchar have been found in many other Chinese networks besides Northwestern's, and the agency has accused the NSA of launching more than 10,000 cyberattacks on China over the past several years. On Sunday, the allegations against the NSA were escalated to a diplomatic complaint. Yang Tao, the director-general of American affairs at China's Ministry of Foreign Affairs, published a statement affirming the CVERC report and claiming that the NSA had "seriously violated the technical secrets of relevant Chinese institutions and seriously endangered the security of China's critical infrastructure, institutions and personal information, and must be stopped immediately."Read more of this story at Slashdot.
Adobe thinks it has the answer to Netflix's "password sharing" problem that involves up to 46 million people, according to a 2020 study. TorrentFreak reports: Adobe believes that since every user is different, any actions taken against an account should form part of a data-driven strategy designed to "measure, manage and monetize" password sharing. The company's vision is for platforms like Netflix to deploy machine learning models to extract behavioral patterns associated with an account, to determine how the account is being used. These insights can determine which measures should be taken against an account, and how success or otherwise can be determined by monitoring an account in the following weeks or months. Ignoring the obviously creepy factors for a moment, Adobe's approach does seem more sophisticated, even if the accompanying slide gives off a file-sharing-style "graduated response" vibe. That leads to the question of how much customer information Adobe would need to ensure that the right accounts are targeted, with the right actions, at the right time. Adobe's Account IQ is powered by Adobe Sensei, which in turn acts as the intelligence layer for Adobe Experience Platform. In theory, Adobe will know more about a streaming account than those using it, so the company should be able to predict the most effective course of action to reduce password sharing and/or monetize it, without annoying the account holder. But of course, if you're monitoring customer accounts in such close detail, grabbing all available information is the obvious next step. Adobe envisions collecting data on how many devices are in use, how many individuals are active, and geographical locations -- including distinct locations and span. This will then lead to a "sharing probability" conclusion, along with a usage pattern classification that should identify travelers, commuters, close family and friends, even the existence of a second home. Given that excessive sharing is likely to concern platforms like Netflix, Adobe's plan envisions a period of mass account monitoring followed by an on-screen "Excessive Sharing" warning in its dashboard. From there, legal streaming services can identify the accounts most responsible and begin preparing their "graduated response" towards changing behaviors. After monetizing those who can be monetized, those who refuse to pay can be identified and dumped. Or as Adobe puts it: "Return free-loaders to available market." Finally, Adobe also suggests that its system can be used to identify customers who display good behavior. These users can be rewarded by eliminating authentication requirements, concurrent stream limits, and device registrations.Read more of this story at Slashdot.
Electronics Arts (EA) is launching a new kernel-level anti-cheat system that's been developed in-house to protect its games from tampering and cheaters. It'll debut first in FIFA 23 but not all of its games will implement the system. The Verge reports: Kernel-level anti-cheat systems have drawn criticism from privacy and security advocates, as the drivers these systems use are complex and run at such a high level that if there are security issues, then developers have to be very quick to address them. EA says kernel-level protection is "absolutely vital" for competitive games like FIFA 23, as existing cheats operate in the kernel space, so games running in regular user mode can't detect that tampering or cheating is occurring. "Unfortunately, the last few years have seen a large increase in cheats and cheat techniques operating in kernel-mode, so the only reliable way to detect and block these is to have our anti-cheat operate there as well," explains [Elise Murphy, senior director of game security and anti-cheat at EA]. EA's anti-cheat system will run at the kernel level and only runs when a game with EAAC protection is running. EA says its anti-cheat processes shut down once a game does and that the anti-cheat will be limited to what data it collects on a system. "EAAC does not gather any information about your browsing history, applications that are not connected to EA games, or anything that is not directly related to anti-cheat protection," says Murphy.Read more of this story at Slashdot.
An anonymous reader quotes a report from The Register: US farm machinery giant John Deere has estimated software fees will make up 10 percent of the company's revenues by the end of the decade. Chief executive John May offered the projection in a Wall Street Journal report on how Deere has plowed billions into developing self-driving tractors and crop sprayers that can tell the difference between weeds and produce. Though farmers are already struggling with operating costs -- including fertilizer and fuel -- Deere wants to sell software subscriptions for operating its ever smarter vehicles. Bernstein analysts estimate that the average gross margin for farming software is 85 percent, compared with 25 percent for equipment sales. All Deere's tractors and harvesters have an autopilot feature included as standard following decades of ushering farmers into more technology-driven agriculture. However, the company now plans to have 1.5 million machines and half a billion acres of land connected to the John Deere Operations Center within a matter of years. This cloud service "will collect and store crop data, including millions of images of weeds that can be targeted by herbicide." Deere also acquired California startup Bear Flag Robotics for $250 million last year to turn old tractors into autonomous vehicles through software. For a company that has the heavy machinery market cornered, the shift is unlikely to be popular with farmers. The report goes on to note that a number of farm and repair advocacy groups have filed a complaint with the FTC, "claiming that Deere has unlawfully refused to provide the software and technical data necessary to repair its machinery in violation of the Sherman Act and statutes covering unfair and deceptive trade practices."Read more of this story at Slashdot.
Google is facing two legal cases which could result in the tech giant paying out damages of up to ~$25 billion (19.5 billion pounds) over its digital advertising practices. The BBC reports: The company is accused of anti-competitive conduct, and of abusing its dominant place in the ad tech market. Separate legal cases, in the UK and in the Netherlands, are being filed in the coming weeks on behalf of publishers seeking "compensation" from Google. [...] The European Commission and its UK equivalent are investigating whether Google's dominance in the ad tech business gives it an unfair advantage over rivals and advertisers. The French competition watchdog imposed a 220 million euro fine on the company last year. Johnny Ryan, from the Irish Council for Civil Liberties, told the BBC: "Google is under pressure on two big issues - one is anti-trust and the other is data protection." Mr Ryan said more cases were coming to light as competition enforcers around the world "increasingly put demands on Google." But he added "the fines we have seen so far from competition authorities have had absolutely no consequence whatsoever." Damien Geradin, of the Belgian law firm Geradin Partners -- which is involved in the Dutch case -- said, "Publishers, including local and national news media, who play a vital role in our society, have long been harmed by Google's anti-competitive conduct. It is time that Google owns up to its responsibilities and pays back the damages it has caused to this important industry. That is why today we are announcing these actions across two jurisdictions to obtain compensation for EU and UK publishers." The British claim, at the UK Competition Appeal Tribunal, will seek to recover compensation for all owners of websites carrying banner advertising. If successful, this would mean a wide and diverse group could get compensation - from major media sites down to small and medium-sized businesses who produce their own online content. Businesses which do not which to be included in the legal action can opt out. [...] The UK competition watchdog is also investigating Google's power in the digital advertising technology market. The Dutch case is open to European publishers affected by Google's actions. Geradin Partners has teamed up with Dutch law firm Stek to bring the collective claim.Read more of this story at Slashdot.
An anonymous reader quotes a report from Motherboard: The McDonald's McFlurry is a delicious treat that people have a hard time finding because the machine breaks down all the time. Thanks to a third-party device made by an independent company called Kytch, the machines can be made to be easier to maintain and break down less. Taylor, the company that makes the McFlurry machine, has been engaged in a long-running legal dispute about whether Taylor could prevent Kytch devices from being used on the machines. Kytch just won an important victory in that long-running legal battle. Before Kytch came along, Taylor had a repair monopoly on the McFlurry machine. When the thing broke down or hadn't been cleaned, the machine would shut down, and only a certified Taylor technician could get it going again. That's why it can be so hard to find McFlurries: the machines often break down and a tech has to be dispatched to get them running again. Kytch invented a device that allows McDonald's franchise owners to do basic repairs on the machines and get them running again. Taylor didn't like that and, according to a lawsuit filed by Kytch, started telling its franchise partners that Kytch devices could cause "serious human injury." In July 2021, Kytch filed a restraining order against Taylor claiming that the company had stolen Kytch's trade secrets. Taylor had begun selling a device similar to Kytch's and Kytch has alleged that Taylor stole one of their devices and reverse-engineered it. Taylor pushed back on these allegations and the lawsuit, filing what's called a demurrer, a formalized objection to Kytch's request for a restraining order. In a court document filed on August 26, 2022, a judge allowed Kytch's restraining order to proceed. In its original filing, Kytch alleged 10 different claims against Taylor, including that it had falsely advertised its product and engaged in unfair competition. The judge agreed with Kytch on seven of these points. "The court will sustain Taylor's demurrer as to the second (tortious interference), sixth (intentional interference with business expectancy), and seventh (negligent interference with business expectancy) causes of action," the filing said. "The court rejects Taylor's other arguments and will overrule its demurrer on those grounds."Read more of this story at Slashdot.
Just before shareholders voted to approve a $44 billion deal with Elon Musk to buy the company, Twitter whistleblower Pieter Zatko was in Washington testifying before the Senate Judiciary Committee about alleged security flaws. NPR highlights the main takeaways from the hearing: Twitter executives put profits ahead of security, leaving the door open to infiltration by foreign agents and hackers, the company's former head of security told Congress on Tuesday. "Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors," Peiter Zatko testified during a Senate Judiciary Committee hearing. "The company's cybersecurity failures make it vulnerable to exploitation, causing real harm to real people." [...] In Tuesday's hearing, which ran for more than two hours, Zatko painted a portrait of a company plagued by widespread security issues and unable to control the data it collects. Calm and measured, he stuck closely to his expertise, unpacking technical details of Twitter's systems with real-world examples of how information held by the company could be misused. "It's not far-fetched to say that an employee inside the company could take over the accounts of all of the senators in this room," he warned. Zatko alleged the company is highly vulnerable to abuse by foreign intelligence agents -- but is unable or unwilling to root them out. A week before his firing in January, he testified, the FBI told Twitter's security team that at least one agent from China's Ministry of State Security was on the company's payroll. [...] Zatko also alleged that the Indian government had placed an agent inside Twitter. He testified that Twitter struggled to identify potential infiltration by foreign agents and typically was only able to do so when notified by outside agencies. Zatko placed the blame for Twitter's vulnerabilities squarely on a leadership team that he described as reactive, incompetent, and motivated by profit over safety. Executives, he alleged, ignored warnings from him and other employees over Twitter's security flaws because they "lacked the competency to understand the scope of the problem." Zatko described a company culture that avoided negativity and alleged executives presented selectively favorable information to the board. He accused leadership of prioritizing business over security, quoting writer Upton Sinclair: "It is difficult to get someone to understand something when his salary depends on him not understanding something." When Zatko joined Twitter, he said, he was struck that the company kept having recurring security lapses -- "the same amount, year after year." The root cause, he told senators, is that Twitter doesn't understand how much data it collects, why it collects it, and how it's supposed to be used. That includes users' phone numbers, IP addresses, emails, the devices they use, their locations and other identifying information. What's more, he said, around half the employees at Twitter have access to that data. "It doesn't matter who has keys if you don't have any locks on the doors," he said. "The concern there is anybody with access inside Twitter...could go rooting through and find this information and use it for their own purposes." Zatko said that also raised red flags that Twitter may not be complying with its 2011 agreement with the FTC over misuse of email addresses that it told users it was collecting for security reasons, but then used for marketing. (In May, the FTC fined Twitter $150 million for violating that agreement.) "How come we keep making these same mistakes?" Zatko said. "What is it that we are telling the FTC as Twitter that is incorrect?"Read more of this story at Slashdot.
The U.S. Commerce Department said it reached a cooperative research and development agreement with Alphabet's Google to produce chips that researchers can use to develop new nanotechnology and semiconductor devices. From a report: The deal was signed between the Commerce Department's National Institute of Standards and Technology (NIST) and Google. The chips will be manufactured by semiconductor company SkyWater Technology at its Bloomington, Minnesota, semiconductor foundry, the department said on Tuesday. Google will pay the initial cost of setting up production and will subsidize the first production run, according to the agreement. NIST, with university research partners, will design the circuitry for the chips.Read more of this story at Slashdot.
A London-based artist named Matt DesLauriers has developed a tool to generate color palettes from any text prompt, allowing someone to type in "beautiful sunset" and get a series of colors that matches a typical sunset scene, for example. ArsTechnica: Or you could get more abstract, finding colors that match "a sad and rainy Tuesday." To achieve the effect, DesLauriers uses Stable Diffusion, an open source image synthesis model, to generate an image that matches the text prompt. Next, a JavaScript GIF encoder named gifenc extracts the palette information by analyzing the image and quantizing the colors down to a certain set. DesLauriers has posted his code on GitHub; it requires a local Stable Diffusion installation and Node.JS. It's a bleeding-edge prototype at the moment that requires some technical skill to set up, but it's also a noteworthy example of the unexpected graphical innovations that can come from open source releases of powerful image synthesis models. Stable Diffusion, which went open source on August 22, generates images from a neural network that has been trained on tens of millions of images pulled from the Internet. Its ability to draw from a wide range of visual influences translates well to extracting color palette information. Other palette examples DesLauriers provided include "Tokyo neon," which suggests colors from a vibrant Japanese cityscape, "living coral," which echoes a coral reef with deep pinks and blues, and "green garden, blue sky," which suggests a saturated pastoral scene. In a tweet earlier today, DesLauriers demonstrated how different quantization methods (reducing the vast number of colors in an image down to just a handful that represent the image) could produce different color palettes.Read more of this story at Slashdot.
Nintendo announced the title for the next highly anticipated game in one of its bestselling franchises -- The Legend of Zelda: Tears of the Kingdom. It will be available May 12. From a report: The Zelda series, originally created by Nintendo former general manager Shigeru Miyamoto, has long been iconic among gaming fans worldwide and in the US, the Japanese company's largest market. The last title in the series, Breath of the Wild, was released in tandem with the Switch's debut in March 2017. The game helped drive the gadget's launch sales and so far has sold more than 27 million copies. Earlier this year Nintendo delayed the release of the next installment in the Zelda series to 2023, sending its shares tumbling. The news was the highlight of a 45-minute video presentation to tease Nintendo's upcoming titles this fall and into next year. Other announcements included Fire Emblem: Engage, Octopath Traveler 2 and Pikmin 4, which will be released in 2023. The Super Mario Bros. movie, starring Chris Pratt as the voice of the iconic Italian plumber, will be coming in the Spring, Miyamoto announced.Read more of this story at Slashdot.
An anonymous reader shares a report: Several years after Facebook-owner Meta acquired WhatsApp and Instagram, the Federal Trade Commission launched an antitrust lawsuit that claimed that through these acquisitions, Meta had become a monopoly. A titan wielding enormous fortune over smaller companies, the FTC said Meta began buying or burying competitors in efforts that allegedly blocked rivals from offering better-quality products to consumers. In this outsize role, Meta stopped evolving consumer preferences for features like greater privacy options and stronger data protection from becoming the norm, the FTC claimed. The only solution the FTC could see? Ask a federal court to help them break up Meta and undo the damage the FTC did not foresee when it approved Meta's acquisitions initially. To investigate whether Meta truly possesses monopoly power, both Meta and the FTC have subpoenaed more than 100 Meta competitors each. Both hope to clearly define in court how much Meta dominates the market and just how negatively that impacts its competitors. Through 132 subpoenas so far, Meta is on a mission to defend itself, claiming it needs to gather confidential trade secrets from its biggest competitors -- not to leverage such knowledge and increase its market share, but to demonstrate in court that other companies are able to compete with Meta. According to court documents, Meta's so hungry for this background on its competitors, it says it plans to subpoena more than 100 additional rivals, if needed, to overcome the FTC's claims. Meta is asking its competitors for a wide range of insights, from their best-performing features to names of their biggest advertisers. It wants to see all business receipts, which to its competitors is seemingly turning the antitrust litigation into a business opportunity for Meta to find out precisely how other companies attract users, scale products, and gauge success. Among rivals already subpoenaed are Twitter, TikTok owner ByteDance, Reddit, Pinterest, LinkedIn, and Snap. More requests could be made in the coming years, though, before the discovery for both sides concludes on January 5, 2024.Read more of this story at Slashdot.
Slashdot