Slashdot

A new article from Wired calls Rust "the 'viral' secure programming language that's taking over tech." "Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can't come soon enough...."[A] growing movement to write software in a language called Rust is gaining momentum because the code is goof-proof in an important way. By design, developers can't accidentally create the most common types of exploitable security vulnerabilities when they're coding in Rust, a distinction that could make a huge difference in the daily patch parade and ultimately the world's baseline cybersecurity.... [B]ecause Rust produces more secure code [than C] and, crucially, doesn't worsen performance to do it, the language has been steadily gaining adherents and now is at a turning point. Microsoft, Google, and Amazon Web Services have all been utilizing Rust since 2019, and the three companies formed the nonprofit Rust Foundation with Mozilla and Huawei in 2020 to sustain and grow the language. And after a couple of years of intensive work, the Linux kernel took its first steps last month to implement Rust support. "It's going viral as a language," says Dave Kleidermacher, vice president of engineering for Android security and privacy. "We've been investing in Rust on Android and across Google, and so many engineers are like, 'How do I start doing this? This is great'...." By writing new software in Rust instead, even amateur programmers can be confident that they haven't introduced any memory-safety bugs into their code.... These types of vulnerabilities aren't just esoteric software bugs. Research and auditing have repeatedly found that they make up the majority of all software vulnerabilities. So while you can still make mistakes and create security flaws while programming in Rust, the opportunity to eliminate memory-safety vulnerabilities is significant.... "Yes, it's a lot of work, it will be a lot of work, but the tech industry has how many trillions of dollars, plus how many talented programmers? We have the resources," says Josh Aas, executive director of the Internet Security Research Group, which runs the memory-safety initiative Prossimo as well as the free certificate authority Let's Encrypt. "Problems that are merely a lot of work are great." Here's how Dan Lorenc, CEO of the software supply-chain security company Chainguard, explains it to Wired. "Over the decades that people have been writing code in memory-unsafe languages, we've tried to improve and build better tooling and teach people how to not make these mistakes, but there are just limits to how much telling people to try harder can actually work. "So you need a new technology that just makes that entire class of vulnerabilities impossible, and that's what Rust is finally bringing to the table."Read more of this story at Slashdot.

Scientists say tht measured over a 20-year period, methane "packs about 80 times the climate-warming power of carbon dioxide," according to the Associated Press. "And according to the International Energy Agency, methane is to blame for roughly 30% of the global warming that has occurred since the Industrial Revolution." And yet...Aerial surveys have documented huge amounts of methane wafting from oil and gas fields in the United States and beyond. It's a problem the Biden administration has sought to attack in its recently enacted Inflation Reduction Act. One of the law's provisions threatens fines of up to $1,500 per ton of methane released, to be imposed against the worst polluters. Perhaps most crucially, the law provides $1.55 billion in funding for companies to upgrade equipment to more effectively contain emissions — equipment that could, in theory, help the operators avoid fines. Yet some of the best equipment for reducing emissions is already installed on oil and gas infrastructure.... And critics say such equipment is failing to capture much of the methane and casting doubt on whether the Biden plan would go far to correct the problem.... "Energy companies have made pledges, but I've got to tell you, I haven't seen anything from a practical standpoint that makes me believe there's any reality to reductions on the ground," said Tim Doty, an environmental scientist and former air quality inspector for the Texas Commission on Environmental Quality. "Maybe they're making progress, but are they making enough progress to slow down climate change? I don't think so...." Sometimes, methane escapes because the equipment designed to contain it hasn't been properly calibrated or maintained. Emissions aren't immediately stopped once new equipment is installed. Companies must still invest in properly designing the system and continuously monitoring and maintaining the equipment. This requires money and staff, which experts say many companies neglect.... And hydrocarbons like methane, because they are corrosive, inevitably degrade the tanks, pipes and equipment that are supposed to contain them. "All this stuff is going to be prone to leak — that's just the way it is," said Coyne Gibson, who spent about two decades as an engineer inspecting oil and gas equipment. "That's mechanics. And there's there's not really any way to avoid it...." The staffing it would take to continuously survey the nation's 3 million miles of natural gas pipelines would likely be prohibitively expensive. "Emissions keep going up. We're moving in the wrong direction..." Antoine Halff, chief analyst at energy analytics company Kayrros, tells the Associated Press. But he adds that "the potential, the conditions, to change course seem to be here." The article points out that America's Environmental Protection Agency "is writing rules on methane reduction that will further detail what would be required of companies starting in 2024."Read more of this story at Slashdot.

"We serve about 100 million monthly visitors worldwide," says the CEO of Stack Overflow, "making us one of the most popular websites in the world. I think we are in the top 50 of all websites in the world by traffic." In a new interview, he says the site's been accessed about 50 billion times over the past 14 years — and then shares his thoughts on the notion that programmers could be replaced by no-code, low-code, or AI-driven pair programming: A: Over the years, there have many, many tools, trying to democratize software development. That's a very positive thing. I actually love the fact that programming is becoming easier to do with these onramps. I was speaking at Salesforce recently, and they've got people in sales organizations writing workflows, and that's low code. You've got all these folks who are not software engineers that are creating their own automations and applications. However, there is this trade-off. If you're making software easier to build, you're sacrificing things like customizability and a deeper understanding of how this code actually works. Back in the day, you might remember Microsoft FrontPage [an early HTML web page editor] as an example of that. You were limited to certain basic things, but you could get web work done. So similarly, these tools will work for general use cases. But, if they do that, without learning the fundamental principles of code, they will inevitably have some sort of a limit. For example, having to fix something that broke, I think they're going to be really dumbfounded. Still, I think it's important, and I'm a believer. It's a great way to get people engaged, excited, and started. But you got to know what you're building. Access to sites like Stack Overflow help, but with more people learning as they're building, it's essential to make learning resources accessible at every stage of their journey.... Q: Is Stack Overflow considering any kind of certification? Particularly, as you just mentioned, since it's so easy now for people to step in and start programming. But then there's that big step from "Yes, I got it to work," but now "I have to maintain it for users using it in ways I never dreamed of." A: "It's very much part of our vision for our company. We see Stack Overflow going from collective knowledge to collective learning. Having all the information is fine and dandy, but are you learning? Now, that we're part of Prosus's edtech division, we're very much looking forward to offering educational opportunities. Just as today, we can get knowledge to developers at the right place and time, we think we can deliver learning at just the right place and time. We believe we can make a huge impact with education and by potentially getting into the certification game. Q: Some of the open-source nonprofits are moving into education as well. The Linux Foundation, in particular, has been moving here with the LF Training and Certification programs. Are you exploring that? A: This is very much part of our vision.... Stack Overflow's CEO adds that the site's hot topics now include blockchain, machine learning, but especially technical cloud questions, "rising probably about 50% year over year over the past 10 years.... Related to this is an increase in interest in containerization and cloud-native services."Read more of this story at Slashdot.

Long-time Slashdot reader shanen has a question: What makes a decent social web site?If you don't like the original form of the subjective question, how about something like "What is the best social site you know of?" or "What criteria would you use to recognize a good social site?" or even "How could a good social media website even survive...?" Their original submission lists their own criteria for a good social site:Efficient to use (without wasting your time)Has educational value, "perhaps measured by questions like 'How frequently has this website justified changing my mind about something?'"The size and permeability of filter bubbles formed by people using the siteBut if you have different priorities for a social site -- what are they? Share your own best thoughts in the comments. What makes a good social media site?Read more of this story at Slashdot.

In March the U.S. Senate passed a measure making Daylight Saving Time permanent. Unfortunately, the U.S. House of Representatives has failed to do the same, reports the Washington Post:Key senators who backed permanent daylight saving time say they're mystified that their effort appears doomed, and frustrated that they will probably have to start over in the next Congress. At least 19 states in recent years have enacted laws or passed resolutions that would allow them to impose year-round daylight saving time — but only if Congress approves legislation to stop the nation's twice-per-year time changes, according to the National Conference of State Legislatures.... "We know that the majority of Americans do not want to keep switching the clocks back and forth," Rep. Jan Schakowsky (D-Ill.) said in a statement to The Post, adding that she had received calls arguing in favor of both sides. Permanent standard time advocates don't want children to wait in dark winter mornings for a school bus; permanent daylight saving time proponents want to help businesses enjoy more sunshine during operating hours, she said. A congressional aide who has been working on the issue put it more bluntly: "We'd be pissing off half the country no matter what," said the aide, who spoke on the condition of anonymity because they were not authorized to publicly discuss internal deliberations.... Rep. Frank Pallone Jr. (D-N.J.) and other lawmakers have said they're waiting on the Transportation Department, which helps govern enforcement of time zones, to review the effects of permanently changing the clocks. While the transportation agency in September agreed to conduct a study, the due date for that analysis — Dec. 31, 2023 — suggests that the issue may not get serious consideration in Congress again until 2024 at the earliest.Read more of this story at Slashdot.

By Tuesday morning Mastodon had gained 123,562 new users since October 27 (the site told TechCrunch) and had 528,607 active users. But by Saturday the number of new users had nearly doubled, to 230,000, reports CNN — with 655,000 active users. In fact, for every 363 active users on Twitter, there's now one on Mastodon, CNN's figures suggest (since Twitter has nearly "238 million daily active monetizable users"). Exploring the recent spike, they note that Mastodon "has a similar look to Twitter, with a timeline of short updates sorted chronologically rather than algorithmically. It lets users join a slew of different servers run by various groups and individuals, rather than one central platform controlled by a single company like Twitter, Instagram, or Facebook."Unlike larger social networks, Mastodon is both free to use and free of ads. It's operated by a nonprofit run by Mastodon creator Eugen Rochko, and is supported via crowdfunding... "It is not as large as Twitter, obviously, but it is the biggest that this network has ever been," said Rochko, who originally created Mastodon as more of a project than a consumer product (and, yes, its name was inspired by the heavy metal band Mastodon).... A lot of Mastodon's features and layout (particularly in its iOS app) will look and feel familiar to current Twitter users, though with some slightly different verbiage; you can follow others, create short posts (there's a 500 character limit, and you can upload images and videos), favorite or repost other users' posts, and so on.... There are some key differences, particularly in how the network is set up. Because Mastodon users' accounts are hosted on a slew of different servers, the costs of hosting users is spread among many different people and groups. But that also means users are spread out all over the place, and people you know can be hard to find. CNN also notes the problem with signing up for a Mastodon server: "some of which are open to anyone, some of which require an invitation (you can also run your own server). There is a server operated by the nonprofit behind Mastodon, Mastodon.social, but it's not accepting more users." Although trending on the server I found today: #Caturday photos.Read more of this story at Slashdot.

An anonymous reader shared this report from long-time tech pundit Robert X. Cringley. "A Distributed Autonomous Organization (DAO) called OrangeDAO is cooperating with a small seed venture fund called Press Start Capital to establish the OrangeDAO X Press Start Cap Fellowship Program for new Web3 entrepreneurs. "Successful applicants get $25,000 each plus 10 weeks of structured mentorship plus continued access to the more than 1200-member OrangeDAO network. In exchange, OrangeDAO and Press Start get to invest in the resulting companies, if any, produced by the class." Cringley likens it to the American tech startup accelerator Y Combinator — but on steroids. Cringley also explains why he thinks this "middle class VC" model "will replicate and grow unconstrained," ultimately exporting itself from Silicon Valley to cities around the world.There are many DAOs around and hardly anybody understands them or knows what they are good for. Mainly they have seemed to be involved in the NFT market. But OrangeDAO is different. It has 1200+ members and every one of those members is a graduate of the Y Combinator startup accelerator. They are verified Y Combinator company founders, so they've all had similar entrepreneurial experiences and see business much the same way as a result. OrangeDAO seems to have big plans and to make those plans happen in August the DAO, itself, raised $80 million in venture capital, with their first use of that capital being these Fellowships. I think this will change forever venture capital and the world economy. It represents a new stage in the evolution of venture capital. In many senses it is the democratization of VC.... The DAO members all have similar backgrounds, similar values, and similar risk tolerances. THERE ARE MORE OF THEM, so they can do bigger deals. And — here's the important bit — THEY ARE ALL Y COMBINATOR-EDUCATED and connected globally through the blockchain. They not only know many of the same things, they have a sense of where this knowledge comes from and why it is useful.... In the YC-based DAO we have people who want the next generation of entrepreneurs to be even better-educated. It's not some egalitarian goal, either: they see it as key to success for the whole thing. Smart people with good ideas will self-identify, be funded at a subsistence level to allow them to develop those ideas and prove their worth, then they can participate on a truly level playing field for the first time.... Gone is the Tycoon, gone is the professional VC who doesn't understand his tech, gone soon will be the angels (subsumed into the DAO model), and gone for the most part are the asshole VCs whom entrepreneurs grow to hate (not all of them, but a lot). Done correctly, this model is essentially Meritocratic VC. If the idea is good, the market is ready, and the people know what they are doing, the capital will be there.Read more of this story at Slashdot.

The newest stable version of Rust, 1.65.0 includes generic associated types (GATs) — the ability to declare lifetime, type, and const generics on associated types. "It's hard to put into few words just how useful these can be," writes the official Rust blog. An earlier post pointed out that "There have been a good amount of changes that have had to have been made to the compiler to get GATs to work," noting that the request-for-comments for this feature was first opened in 2016. And Rust's types team also created a blog post with more detail:Note that this is really just rounding out the places where you can put generics: for example, you can already have generics on freestanding type aliases and on functions in traits. Now you can just have generics on type aliases in traits (which we just call associated types).... In general, GATs provide a foundational basis for a vast range of patterns and APIs. If you really want to get a feel for how many projects have been blocked on GATs being stable, go scroll through either the tracking issue: you will find numerous issues from other projects linking to those threads over the years saying something along the lines of "we want the API to look like X, but for that we need GATs" (or see this comment that has some of these put together already). If you're interested in how GATs enable a library to do zero-copy parsing, resulting in nearly a ten-fold performance increase, you might be interested in checking out a blog post on it by Niko Matsakis. All in all, even if you won't need to use GATs directly, it's very possible that the libraries you use will use GATs either internally or publically for ergonomics, performance, or just because that's the only way the implementation works.... [A]ll the various people involved in getting this stabilization to happen deserve the utmost thanks. As said before, it's been 6.5 years coming and it couldn't have happened without everyone's support and dedication. Rust 1.65.0 also contains let-else statements — a new kind of let statement "with a refutable pattern and a diverging else block that executes when that pattern doesn't match," according to the release announcement. And it highlights another new feature:Plain block expressions can now be labeled as a break target, terminating that block early. This may sound a little like a goto statement, but it's not an arbitrary jump, only from within a block to its end. This was already possible with loop blocks, and you may have seen people write loops that always execute only once, just to get a labeled break. Now there's a language feature specifically for that! Labeled break may also include an expression value, just as with loops, letting a multi-statement block have an early "return" value.Read more of this story at Slashdot.

"An Apple archivist has had his YouTube account disabled after Apple filed multiple takedown requests against his account," reports the blog Apple Insider:Brendan Shanks, owner of the Apple WWDC Videos channel on YouTube, tweeted that Apple had filed a series of copyright removal requests against his channel. The videos in question were decades-old recordings of WWDC events. "I still have all the original files (and descriptions, which were a lot of work!), and I'll be moving things over to the Internet Archive," Shanks posted on Twitter. "It'll take time though, and unfortunately videos get a lot less visibility when you're not on YouTube. "I wasn't super surprised this happened (there were a few takedowns a couple years ago)," Shanks mused in an earlier tweet. "I'm honestly more annoyed that it wiped out my personal YoutTube account and even YouTube TV, which I was just billed real money for. "A cease and desist in the mail would be much friendlier."Read more of this story at Slashdot.

America's federal government "is planning a post-midterms push for antitrust legislation that would rein in the power of the world's largest tech companies," reports Bloomberg, "a last-ditch effort to get a stalled pair of bills through Congress before a predicted Republican takeover in January."The lame-duck period after Tuesday's U.S. election may be the last shot to pass the landmark legislation, the American Innovation and Choice Online Act and Open App Markets Act. The bills, which would prevent the tech companies from using their platforms to thwart competitors, would be the most significant expansion of antitrust law in over a century.... Republicans have made it clear that they won't support the bills if they retake control of either chamber of Congress. That has supporters urging the White House to mount a push in the final weeks before a new Congress is seated early next year. Advocates have criticized the White House for failing to prioritize the legislation, which major tech companies have spent more than $100 million to defeat. Alphabet's Google, Amazon, Apple and Meta all oppose the bill. "There is bipartisan support for antitrust bills, and no reason why Congress can't act before the end of the year," said White House spokesperson Emilie Simons. "We are planning on stepping up engagement during the lame duck on the president's agenda across the board, antitrust included." Versions of both bills have made it through committees but await action by the full House and Senate. If Congress doesn't act before the end of the year, it will likely be years before U.S. lawmakers pass any legislation to crack down on the power of the tech giants.Read more of this story at Slashdot.

Slashdot reader thedarklaser writes:A chemical engineering professor at Utah's BYU hascreated a nuclear reactor design that could produce enough energy for 1000 homes in the space of 4 feet by 7 feet. And there's a bonus: potentially no nuclear waste or risk of melt down. They use molten salt that bonds with the dissolved fuel. Then, very valuable Molybdenum-99 (as in $30 million per gram) can be extracted from that salt and sold for use in medical imaging. Additionally, this system is very inexpensive, at a cost of around 3 cents per kilowatt hour. The professor (who led a larger team on the project) tells a local TV station it's important because nuclear energy is "the only baseload or controllable, 100% on-power that has no emissions at all." And since all the radioactive byproducts are dissolved into molten salt with this technique, he believes it's "a system that's impossible to melt down. There's nothing to melt, and it's not likely to cause any release problems because there's no pressure and there's nothing to push it out."Read more of this story at Slashdot.

The Associated Press reports that Pfizer's updated COVID-19 booster "significantly revved up adults' virus-fighting antibodies, the company said Friday, releasing early findings from a rigorous study of the new shots."Booster doses tweaked to target the most common omicron strain rolled out in early September, and the Food and Drug Administration said the latest data should spur more Americans to get one — especially before another expected wave of cases as people travel for Thanksgiving. Pfizer said people 55 and older who got the omicron-targeting booster had four-fold higher antibody levels than those given an extra dose of the original vaccine.... A month after receiving the new booster, antibody levels in people 55 and older had jumped 13 times higher than before the extra dose. Younger adults saw a 9.5-fold jump, Pfizer and its partner BioNTech said. It had been about 11 months since the study participants' last vaccination.... The new data "reassures us that this was a good decision to move to this bivalent vaccine," FDA vaccine chief Dr. Peter Marks told The Associated Press. "Right now is the time for people to consider going out and get the updated" booster.... The updated doses are combination shots, tailored to offer a boost of protection against both the original coronavirus strain and the dominant BA.5 strain.Read more of this story at Slashdot.

Linux magazine explores how to breath fresh life into old Android devices:Every mobile device needs its own Android build because of numerous drivers that are not available in the source code. The need to maintain every version of Android for every mobile device means that many manufacturers eventually stop supporting updates. Often, smartphones or tablets that still work perfectly can no longer be used without worry because the manufacturer has simply ceased to offer bug fixes and security updates.... The LineageOS project, the successor to the CyanogenMod project, which was discontinued in 2016, proves that it is not impossible to keep these devices up-to-date. Unpaid volunteers at LineageOS do the work that many manufacturers do not want to do: They combine current Android releases with the required device-specific drivers. The LineageOS project (Figure 1) provides Android systems with a fresh patch status every month for around 300 devices. The builds are released weekly, unless there is a problem during the build. The Devices page on the LineageOS Wiki provides the details of whether a LineageOS build is available for your smartphone or tablet.... I recommend the LineageOS project as the first port of call for anyone who wants to protect an older smartphone or tablet that is no longer maintained and doesn't receive Google security patches. The LineageOS derivatives LineageOS for MicroG and /e/OS make it even easier to enjoy a Google-free smartphone without too many restrictions. The article also describes how to use TWRP to flash a manufacturer-independent recovery system (while also creating a restoreable backup of the existing system) as an alternative to LineageOS's own recovery tools. And it even explains how to unlock the bootloader — although there may be other locks set up separately by the manufacturer. "Some manufacturers require you to register the device to unlock it, and then — after telling you that the warranty is now void — they hand over a code. Others refuse to unlock the device altogether." Thanks to Slashdot reader DevNull127 for submitting the article.Read more of this story at Slashdot.

The Intercept reports that protesters in Iran "have often been left wondering how the government was able to track down their locations or gain access to their private communications — tactics that are frighteningly pervasive but whose mechanisms are virtually unknown." But The Intercept now has evidence of a new possibility:While disconnecting broad swaths of the population from the web remains a favored blunt instrument of Iranian state censorship, the government has far more precise, sophisticated tools available as well. Part of Iran's data clampdown may be explained through the use of a system called "SIAM," a web program for remotely manipulating cellular connections made available to the Iranian Communications Regulatory Authority. The existence of SIAM and details of how the system works, reported here for the first time, are laid out in a series of internal documents from an Iranian cellular carrier that were obtained by The Intercept. According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where. Such a system could help the government invisibly quash the ongoing protests — or those of tomorrow — an expert who reviewed the SIAM documents told The Intercept. "SIAM can control if, where, when, and how users can communicate," explained Gary Miller, a mobile security researcher and fellow at the University of Toronto's Citizen Lab. "In this respect, this is not a surveillance system but rather a repression and control system to limit the capability of users to dissent or protest." Thanks to long-time Slashdot reader mspohr for submitting the article.Read more of this story at Slashdot.

"Microsoft's GitHub Copilot is being sued in a class action lawsuit that claims the AI product is committing software piracy on an unprecedented scale," reports IT Pro. Programmer/designer Matthew Butterick filed the case Thursday in San Francisco, saying it was on behalf of millions of GitHub users potentially affected by the $10-a-month Copilot service:The lawsuit seeks to challenge the legality of GitHub Copilot, as well as OpenAI Codex which powers the AI tool, and has been filed against GitHub, its owner Microsoft, and OpenAI.... "By training their AI systems on public GitHub repositories (though based on their public statements, possibly much more), we contend that the defendants have violated the legal rights of a vast number of creators who posted code or other work under certain open-source licences on GitHub," said Butterick. These licences include a set of 11 popular open source licences that all require attribution of the author's name and copyright. This includes the MIT licence, the GNU General Public Licence, and the Apache licence. The case claimed that Copilot violates and removes these licences offered by thousands, possibly millions, of software developers, and is therefore committing software piracy on an unprecedented scale. Copilot, which is entirely run on Microsoft Azure, often simply reproduces code that can be traced back to open-source repositories or licensees, according to the lawsuit. The code never contains attributions to the underlying authors, which is in violation of the licences. "It is not fair, permitted, or justified. On the contrary, Copilot's goal is to replace a huge swath of open source by taking it and keeping it inside a GitHub-controlled paywall...." Moreover, the case stated that the defendants have also violated GitHub's own terms of service and privacy policies, the DMCA code 1202 which forbids the removal of copyright-management information, and the California Consumer Privacy Act. The lawsuit also accuses GitHub of monetizing code from open source programmers, "despite GitHub's pledge never to do so." And Butterick argued to IT Pro that "AI systems are not exempt from the law... If companies like Microsoft, GitHub, and OpenAI choose to disregard the law, they should not expect that we the public will sit still." Butterick believes AI can only elevate humanity if it's "fair and ethical for everyone. If it's not... it will just become another way for the privileged few to profit from the work of the many." Reached for comment, GitHub pointed IT Pro to their announcement Monday that next year, suggested code fragments will come with the ability to identify when it matches other publicly-available code — or code that it's similar to. The article adds that this lawsuit "comes at a time when Microsoft is looking at developing Copilot technology for use in similar programmes for other job categories, like office work, cyber security, or video game design, according to a Bloomberg report."Read more of this story at Slashdot.

An anonymous reader quotes a report from BleepingComputer: The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads the country's cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities. The goal is to assess UK's vulnerability to cyber-attacks and to help the owners of Internet-connected systems understand their security posture. "These activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact," the agency said. "The NCSC uses the data we have collected to create an overview of the UK's exposure to vulnerabilities following their disclosure, and track their remediation over time." NCSC's scans are performed using tools hosted in a dedicated cloud-hosted environment from scanner.scanning.service.ncsc.gov.uk and two IP addresses (18.171.7.246 and 35.177.10.231). The agency says that all vulnerability probes are tested within its own environment to detect any issues before scanning the UK Internet. "We're not trying to find vulnerabilities in the UK for some other, nefarious purpose," NCSC technical director Ian Levy explained. "We're beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we're doing (and why we're doing it)." The NCSC says it will "take steps to remove [any sensitive or personal data] and prevent it from being captured again in the future." British organizations can opt out of having their servers scanned by emailing a list of IP addresses they want to be excluded at scanning@ncsc.gov.uk.Read more of this story at Slashdot.

Google has announced an ambitious new project to develop a single AI language model that supports the world's "1,000 most spoken languages." The Verge reports: As a first step towards this goal, the company is unveiling an AI model trained on over 400 languages, which it describes as "the largest language coverage seen in a speech model today." [...] Google's "1,000 Languages Initiative" is not focusing on any particular functionality, but instead on creating a single system with huge breadth of knowledge across the world's languages. Speaking to The Verge, Zoubin Ghahramani, vice president of research at Google AI, said the company believes that creating a model of this size will make it easier to bring various AI functionalities to languages that are poorly represented in online spaces and AI training datasets (also known as "low-resource languages"). "By having a single model that is exposed to and trained on many different languages, we get much better performance on our low resource languages," says Ghahramani. "The way we get to 1,000 languages is not by building 1,000 different models. Languages are like organisms, they've evolved from one another and they have certain similarities. And we can find some pretty spectacular advances in what we call zero-shot learning when we incorporate data from a new language into our 1,000 language model and get the ability to translate [what it's learned] from a high-resource language to a low-resource language." Access to data is a problem when training across so many languages, though, and Google says that in order to support work on the 1,000-language model it will be funding the collection of data for low-resource languages, including audio recordings and written texts. The company says it has no direct plans on where to apply the functionality of this model -- only that it expects it will have a range of uses across Google's products, from Google Translate to YouTube captions and more. "One of the really interesting things about large language models and language research in general is that they can do lots and lots of different tasks," says Ghahramani. "The same language model can turn commands for a robot into code; it can solve maths problems; it can do translation. The really interesting things about language models is they're becoming repositories of a lot of knowledge, and by probing them in different ways you can get to different bits of useful functionality."Read more of this story at Slashdot.

The first crewed launch of Boeing's Starliner has been delayed again, this time being pushed back to April 2023 from an earlier planned launch date of February. The Register reports: The change came with little announcement from NASA, which tweeted out the new date as a scheduling update without any additional details. In an accompanying blog post, NASA said the change was being made to eliminate conflicts between "visiting spacecraft traffic at the space station," but the agency didn't elaborate much beyond that. Starliner has been a drag on Boeing since the company unveiled the capsule in 2010. According to Boeing's Q3 2022 filing, Starliner has lost the company $883 million since 2019. That was the year Starliner made its first attempt at an uncrewed launch and docking with the International Space Station, which failed due to a pair of software errors that left it unable to dock and saw it returned to Earth early under less-than-ideal circumstances. Attempts at a second launch in 2021 also failed when 13 of the Calamity Capsule's propulsion system valves failed pre-flight checks. Starliner only made it to the ISS for the first time this past May, but even that launch wasn't without issues as two of the craft's 12 thrusters failed once in orbit.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: In late October, a Swedish software engineer named Linus Akesson unveiled a playable accordion -- called "The Commodordion" -- he crafted out of two vintage Commodore 64 computers connected with a bellows made of floppy disks taped together. A demo of the hack debuted in an 11-minute YouTube video where Akesson plays a Scott Joplin ragtime song and details the instrument's creation. A fair amount of custom software engineering and hardware hackery went into making the Commodordion possible, as Akesson lays out in a post on his website. It builds off of earlier projects (that he says were intentionally leading up to this one), such as the Sixtyforgan (a C64 with spring reverb and a chromatic accordion key layout) and Qwertuoso, a program that allows live playing of the C64's famous SID sound chip. So how does the Commodordion work? Akesson wired up a custom power supply, and when he flips the unit on, both Commodore 64 machines boot (no display necessary). Next, he loads custom music software he wrote from a Commodore Datasette emulator board into each machine. A custom mixer circuit board brings together the audio signals from the two units and measures input from the bellows to control the volume level of the sound output. The bellows, composed of many 5.25-inch floppy disks cut and taped into shape, emit air through a hole when squeezed. A microphone mounted just outside that hole translates the noise it hears into an audio envelope that manipulates the sound output to match. The Commodordion itself does not have speakers but instead outputs its electronic audio through a jack.Read more of this story at Slashdot.

Web3 gaming studio Mythical Games has let go of 10% of its roughly 320 employees. CoinDesk reports: The firm cited the economic downturn, likely exacerbated by the harsh crypto winter, as the reason for the layoffs."[We] have had to reevaluate and restructure some areas in our business accordingly," a spokesperson from Mythical told CoinDesk. "Unfortunately, as a result, we had to make the painful decision to let some of the members of our team go." Further reading: A Host of Tech Companies, Including Coinbase, Robinhood, Lyft, and Stripe, Announce Hiring Freezes and Job CutsRead more of this story at Slashdot.

LinkedIn is rolling out new features to combat a surge in AI-generated bot accounts, writes Brian Krebs. "Many LinkedIn profiles now display a creation date, and the company is expanding its domain validation offering, which allows users to publicly confirm that they can reply to emails at the domain of their stated current employer." From the report: LinkedIn's new "About This Profile" section -- which is visible by clicking the "More" button at the top of a profile -- includes the year the account was created, the last time the profile information was updated, and an indication of how and whether an account has been verified. LinkedIn also said it is adding a warning to some LinkedIn messages that include high-risk content, or that try to entice the user into taking the conversation to another platform (like WeChat). "We may warn you about messages that ask you to take the conversation to another platform because that can be a sign of a scam," the company said in a blog post. "These warnings will also give you the choice to report the content without letting the sender know."Read more of this story at Slashdot.

The Indian government wants to develop a home-grown industry that can design and assemble drones and make the components that go into their manufacture. The BBC reports: "Drones can be significant creators of employment and economic growth due to their versatility, and ease of use, especially in India's remote areas," says Amber Dubey, former joint secretary at the Ministry of Civil Aviation. "Given its traditional strengths in innovation, information technology, frugal engineering and its huge domestic demand, India has the potential of becoming a global drone hub by 2030," he tells the BBC. Over the next three years Mr Dubey sees as much as 50 billion rupees $630 million invested in the sector. [...] However, despite the excitement and investment around India's drone industry, even those in the sector advise caution. "India has set a goal of being a hub of drones by 2030, but I think we should be cautious because we at present don't not have an ecosystem and technology initiatives in place," says Rajiv Kumar Narang, from the Drone Federation of India. He says the industry needs a robust regulator that can oversee safety and help develop an air traffic control system for drones. That will be particularly important as the aircraft become larger, says Mr Narang. "Initiatives have to come from the government. A single entity or a nodal ministry has to take this forward if we want to reach a goal of being the hub by 2030," he says. India also lacks the network of firms needed to make all the components that go into making a drone. At the moment many parts, including batteries, motors and flight controllers are imported. But the government is confident an incentive scheme will help boost domestic firms. "The components industry will take two to three years to build, since it traditionally works on low margin and high volumes," says Mr Dubey. Despite those reservations, firms are confident there will be demand for drones and people to fly them. Chirag Shara is the chief executive of Drone Destination, which has trained more than 800 pilots and instructors since the rules on drone use were first relaxed in August 2021. He estimates that India will need up to 500,000 certified pilots over the next five years.Read more of this story at Slashdot.

Tim Berners-Lee, the British computer scientist credited with inventing the World Wide Web in 1989, said Friday that he doesn't view blockchain as a viable solution for building the next iteration of the internet. From a report: He has his own web decentralization project called Solid. "It's important to clarify in order to discuss the impacts of new technology," said Berners-Lee, speaking onstage at the Web Summit event in Lisbon. "You have to understand what the terms mean that we're discussing actually mean, beyond the buzzwords. It's a real shame in fact that the actual Web3 name was taken by Ethereum folks for the stuff that they're doing with blockchain. In fact, Web3 is not the web at all," he said.Read more of this story at Slashdot.

Mitch Lowe and Ted Farnsworth already settled with the FTC over fraudulent activity affecting MoviePass customers, but now the former heads of MoviePass and its parent company, Helios and Matheson Analytics (HMNY), are facing criminal allegations of securities fraud and wire fraud. The Verge reports: The Department of Justice announced the charges today, saying false statements made by both men defrauded investors in HMNY when the execs pretended like the company's money-losing $9.95 "unlimited" moviegoing plan had any hope of profitability. HMNY's own auditor cast doubt on the company's viability in a report in 2018, but at the time, Farnsworth downplayed the advisory, telling Insider that "pretty much most" companies running at a loss would have a similar warning. But the big problem is his claims that HMNY's analytics prowess could somehow monetize data generated from MoviePass simply didn't hold up: prosecutors now allege "Farnsworth and Lowe knew HMNY did not possess these technologies or capabilities to monetize MoviePass's subscriber data or incorporate these technologies into the MoviePass application." [...] The DOJ says each man is facing one count of securities fraud and three counts of wire fraud over the lies they allegedly told in "press releases, SEC filings, interviews on podcasts and on television, and in print and online media."Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Pharmaceutical giant AstraZeneca has blamed "user error" for leaving a list of credentials online for more than a year that exposed access to sensitive patient data. Mossab Hussein, chief security officer at cybersecurity startup SpiderSilk, told TechCrunch that a developer left the credentials for an AstraZeneca internal server on code sharing site GitHub in 2021. The credentials allowed access to a test Salesforce cloud environment, often used by businesses to manage their customers, but the test environment contained some patient data, Hussein said. Some of the data related to AZ&ME applications, which offers discounts to patients who need medications. TechCrunch provided details of the exposed credentials to AstraZeneca, and the GitHub repository containing the credentials was inaccessible hours later. In a statement, AstraZeneca spokesperson Patrick Barth told TechCrunch: "The protection of personal data is extremely important to us and we strive for the highest standards and compliance with all applicable rules and laws. Due to an [sic] user error, some data records were temporarily available on a developer platform. We stopped access to this data immediately after we have been [sic] informed. We are investigating the root cause as well as assessing our regulatory obligations." It's unclear if anyone was able to access the data, or if any data was exfiltrated.Read more of this story at Slashdot.

Cherry, the original mechanical switch maker, is continuing to tap the mechanical keyboard community for new product ideas. From a report: Its new mechanical switch, the Cherry MX Black Clear-Top, is a nod to enthusiasts who would love to turn in their modern-day clacker for an old-school terminal keyboard with extra-smooth typing. Before Cherry's Thursday announcement of plans to release the MX Black Clear-Top, the switch was known to hobbyists as the Nixie switch. Cherry made the switch in the 1980s for German office machine-maker Nixdorf Computer AG. The German switch maker was tasked with creating a version of its linear MX Black switch with "milky" upper housing, a 63.5 g actuation force rather than 60 g, and "the relatively rare solution at the time of having a diode integrated into the switch for n-key rollover," Cherry's announcement explained.The linear switch ended up being used primarily in Nixdorf's CT06-CT07/2 M Softkeys keyboards targeted at terminals, servers, and minicomputers.Read more of this story at Slashdot.

According to the Hollywood Reporter, HBO has "switched off Westworld" after its recent fourth season. From the report: It's an unexpected fate for a series that was once considered one of HBO's biggest tentpoles -- an acclaimed mystery-box drama that racked up 54 Emmy award nominations (including a supporting actress win for Thandiwe Newton). Last month, co-creator Jonathan Nolan said in an interview that he hoped HBO would give the series a fifth season to wrap up the show's ambitious story, which has chronicled a robot uprising that changed the fate of humanity. "We always planned for a fifth and final season," Nolan said. "We are still in conversations with the network. We very much hope to make them." Co-creator Lisa Joy likewise said the series has always been working toward a specific ending: "Jonah and I have always had an ending in mind that we hope to reach. We have not quite reached it yet." Yet linear ratings for the pricey series fell off sharply for its third season, and then dropped even further for season four. Westworld's critic average on Rotten Tomatoes likewise declined from the mid-80s for its first two seasons to the mid-70s for the latter two. Fans increasingly griped that the show became confusing and tangled in its mythology and lacked characters to root for. Looming over all of this is the fact Warner Bros. Discovery CEO David Zaslav has pledged aggressive cost cutting mandate, though network insiders maintain that saving money was not a factor in the show's cancelation. HBO said in a statement: "Over the past four seasons, Lisa and Jonah have taken viewers on a mind-bending odyssey, raising the bar at every step. We are tremendously grateful to them, along with their immensely talented cast, producers and crew, and all of our partners at Kilter Films, Bad Robot and Warner Bros. Television. It's been a thrill to join them on this journey."Read more of this story at Slashdot.

The US Supreme Court will debate the worldwide reach of federal trademark law, agreeing to consider the extent to which a foreign-based company can be forced to pay damages for infringing sales that take place overseas. From a report: The justices said they will review a $90 million jury award won by a Methode Electronics subsidiary in a lawsuit that accused an Austrian company and three of its units of selling copycat versions of proprietary remote controls used in heavy machinery. The Austrian company, ABI Holding, contends that $87 million of that sum covered devices that were sold overseas and weren't intended to be used in the US. The company says a federal appeals court ruling upholding the award threatens the business models of global retailers including Amazon and EBay. "That sweeping theory allows US courts to assess damages on a foreign defendant's worldwide sales any time a U.S. plaintiff claims lost sales abroad," ABI argued in court papers.Read more of this story at Slashdot.

Apple has paused hiring for many jobs outside of research and development, an escalation of an existing plan to reduce budgets heading into next year, Bloomberg News reported this week, citing people with knowledge of the matter. From a report: The company took the step last month, ahead of a quarterly earnings report where it said that growth would slow in the holiday period. The pause generally doesn't apply to teams working on future devices and long-term initiatives, but it affects some corporate functions and standard hardware and software engineering roles, said the people, who asked not to be identified because the move isn't public. Apple joins other tech giants in tapping the brakes on hiring, a response to sluggish consumer spending and higher interest rates. The iPhone maker has fared better than many tech peers this year, but it's still facing an industrywide slowdown for smartphones and computers.Read more of this story at Slashdot.

An anonymous reader shares a report: Yesterday, a company called Rewind AI announced a self-titled software product for Macs with Apple Silicon that reportedly keeps a highly compressed, searchable record of everything you do locally on your Mac and lets you "rewind" time to see it later. If you forget something you've "seen, said, or heard," Rewind wants to help you find it easily. Rewind AI claims its product stores all recording data locally on your machine and does not require cloud integration. Among its promises, Rewind will reportedly let you rewind Zoom meetings and pull information from them in a searchable form. In a video demo on Rewind.AI's site, the app opens when a user presses Command+Shift+Space. The search bar suggests typing "anything you've seen, said, or heard." It also shows a timeline at the bottom of the screen that represents previous actions in apps. After searching for "tps reports," the video depicts a grid view of every time Rewind has encountered the phrase "tps reports" as audio or text in any app, including Zoom chats, text messages, emails, Slack conversations, and Word documents. It describes filtering the results by app -- and the ability to copy and paste from these past instances if necessary. Founded by Dan Siroker and Brett Bejcek, Rewind AI is composed of a small remote team located in various cities around the US. Portions of the company previously created Scribe, a precursor to Rewind that received some press attention in 2021. In an introductory blog post, Rewind AI co-founder Dan Siroker writes, "What if we could use technology to augment our memory the same way a hearing aid can augment our hearing?" Rewind AI provides few details about the app's back-end technology but describes "mind-boggling compression" that can reportedly compress recording data up to 3,750 times "without a major loss of quality," giving an example of 10.5GB of data squeezed down to just 2.8MB.Read more of this story at Slashdot.

According to a new report, almost half of Android-based mobile phones used by U.S. state and local government employees are running outdated versions of the operating system, exposing them to hundreds of vulnerabilities that can be leveraged for attacks. From a report: These statistics come from a report by cybersecurity firm Lookout, based on an analysis of 200 million devices and 175 million applications from 2021 to H2 2022. The report additionally warns of a rise in all threat metrics, including attempted phishing attacks against government employees, reliance on unmanaged mobile devices, and liability points in mission-critical networks. Outdated versions of mobile operating systems allow attackers to exploit vulnerabilities that can be used to breach targets, run code on the device, plant spyware, steal credentials, and more. For example, last week, Apple released iOS 16.1, fixing an actively exploited zero-day memory corruption flaw used by hackers against iPhone users to achieve arbitrary code execution with kernel privileges. Lookout reports that ten months after iOS 15 had been made available to users, 5% of federal government employees and 30% of state and local government devices were running older versions of the operating system. The situation is much worse for Android, as ten months after the release of version 12, approximately 30% of federal devices and almost 50% of state and local government devices still needed to upgrade to the latest versions, thus remaining vulnerable to bugs that can be exploited in attacks. It should be noted that Android 13 is the latest version of the operating system, but it was released after the first half of 2022, from which this data was collected.Read more of this story at Slashdot.

Stadiums around the world, including at the 2022 World Cup in Qatar, are subjecting spectators to invasive biometric surveillance tech. From a report: This fall, more than 15,000 cameras will monitor soccer fans across eight stadiums and on the streets of Doha during the 2022 World Cup, an event expected to attract more than 1 million football fans from around the globe. "What you see here is the future of stadium operations," the organizers' chief technology officer, Niyas Abdulrahiman, proudly told AFP in August. "A new standard, a new trend in venue operations, this is our contribution from Qatar to the world of sport." Qatar's World Cup organizers are not alone in deploying biometric technology to monitor soccer fan activity. In recent years, soccer clubs and stadiums across Europe have been introducing these security and surveillance technologies. In Denmark, Brondby Stadium has been using facial recognition for ticketing verification since 2019. In the Netherlands, NEC Nijmegen has used biometric technology to grant access to Goffert Stadium. France's FC Metz briefly experimented with a facial recognition device to identify fans banned from Saint-Symphorien Stadium. And the UK's Manchester City reportedly hired Texas-based firm Blink Identity in 2019 to deploy facial recognition systems at Etihad Stadium. In Spain, Atletico Osasuna uses facial recognition to monitor and control access to El Sadar Stadium, while Valencia CF signed a deal in June 2021 with biometrics company FacePhi to design and deploy facial-recognition technology at Mestalla Stadium in the upcoming season. The sport club then became a global ambassador for the company's technology. FacePhi's biometric onboarding technology was already used for a pilot project to enroll Valencia CF fans in an automated access control system that allowed them to get into the stadium using a QR code via the football club's mobile app. (A FacePhi spokesperson declined to provide details about the project but said "that we are not yet in the implementation phase with Valencia CF.")Read more of this story at Slashdot.

Vietnam's information minister said on Friday authorities had tightened regulations to deal with "false" content on social media platforms so that it must be taken down within 24 hours instead of 48 hours previously. From a report: The new rules will enshrine Vietnam's position as one of the world's most stringently controlled regimes for social media firms and will strengthen the ruling Communist Party's hand as it cracks down on "anti-state" activity. Minister of Information and Communications Nguyen Manh Hung told parliament there was risk that "false news, if it is handled in a slow manner, will spread very widely." Reuters had previously reported government plans to bring in the new regulations, as well rules so that very sensitive information has to be taken down within three hours. Most governments do not have laws imposing the taking down of content on social media firms, but Vietnam's move comes amid intensifying crackdowns in some parts of the world on online content.Read more of this story at Slashdot.

An anonymous reader shares a report: Space tourism company Virgin Galactic released its third-quarter financial results on Thursday. As one might imagine of a spaceflight company that has not flown since June 2021, the financials are pretty disastrous. The company reported revenue of less than $1 million against losses of more than $146 million. After a long period of downtime, Virgin Galactic officials said the company is close to completing "modifications" of its VMS Eve carrier aircraft and VSS Unity spacecraft. The company expects to complete a glide flight of Unity, which is released from Eve at altitude, in early 2023. After that point, the company will conduct a powered test flight, likely with its own employees on board, before a research flight for the Italian Air Force. And after that, Virgin Galactic CEO Michael Colglazier said, the company remains on track to begin flying commercial passengers -- people who bought their seats, some more than a decade ago -- in the second quarter of 2023. As with most schedules in spaceflight, that timeline seems pretty optimistic. This is all well and good, but the return of VSS Unity will not bring Virgin Galactic close to profitability. At an optimal cadence, the company believes it can fly Eve and Unity once a month. This would still leave the company hundreds of millions of dollars in the red on an annual basis. For this reason, the company has always been betting its future on iterations of its spaceship capable of higher flight rates. The ultimate goal is a "Delta" class of spaceship with a turnaround time of one week. With a fleet of Delta ships, Colglazier has told investors, the company can meet a profitable flight rate of 400 missions a year. But the Delta ships are unlikely to be ready for test flights before at least 2025, and commercial service would not begin until a year after that.Read more of this story at Slashdot.

The UK parliament started an inquiry into nonfungible tokens, the digital collectibles for which Prime Minister Rishi Sunak has been a champion. From a report: The Digital, Culture, Media & Sport committee in the House of Commons announced the initiative in a statement on Friday, adding that it will also study the wider blockchain technology that underpins NFTs. "MPs are expected to consider whether NFT investors, especially vulnerable speculators, are put at risk by the market," the DCMS committee said in the statement. "The inquiry may also look into the wider benefits that NFTs and the blockchain could provide the UK economy." NFTs rose into public consciousness in 2021, driven by the success of the Bored Ape Yacht Club collection that became a hit with celebrities. But interest in NFTs has dried up this year as crypto assets crashed, with trading tumbling more than 95% between January and September by one estimate.Read more of this story at Slashdot.

A declassified version of the latest U.S. defense-intelligence report on UFOs -- rebranded in official government parlance as "unidentified aerial phenomena" -- is expected to be made public in the coming days. From a report: But UFO enthusiasts hoping for the government to judge any of the hundreds of U.S. military sightings under scrutiny as visits by extraterrestrial spacecraft are likely to be disappointed. The most recent incidents under review are attributed to a mix of foreign surveillance, including relatively ordinary drone flights, and airborne clutter such as weather balloons, The New York Times reported last week, citing U.S. officials familiar with a classified analysis that was due for delivery to Congress on Monday, Oct. 31. Many of an older set of unexplained aerial phenomena, or UAPs, are still officially categorized as unexplained, with too little data analysis to draw conclusions, the Times said. "There is no single explanation that addresses the majority of UAP reports," U.S. Defense Department spokesperson Sue Gough said in a statement this week. "We are collecting as much data as we can, following the data where it leads, and will share our findings whenever possible."Read more of this story at Slashdot.

TorrentFreak reports: Several domains related to popular ebook repository Z-Library became inaccessible a few hours ago. DNS records and other information suggest that the shadow library was targeted by the Postal Inspection Service, in collaboration with the U.S. Department of Justice. Confusingly, Z-Library says that the downtime is linked to a hosting issue.Read more of this story at Slashdot.

An anonymous reader quotes a report from Space.com: The European continent is bearing the brunt of climate change, warming at a rate that is twice as fast as the global average, a new report by the World Meteorological Organization (WMO) found. The report analyzed 30 years' worth of data from 1991 onwards, revealing a disconcerting trend of speedy warming across Europe that is faster than the warming experienced by any other continent. Average temperatures in Europe were rising at a rate of 0.5 degrees Celsius (0.9 degrees Fahrenheit) per decade over the studied period, reaching an overall average of 2.2 degrees C (4 degrees F) above pre-industrial levels. That is way above the 1.5 degree C (2.7 degrees F) limit set by the international climatology community with the goal of minimizing devastating environmental effects of climate change. The report, which was compiled in cooperation with the European Earth-observation program Copernicus, stated that Europeans are already feeling the pinch of this warming. According to estimates, the summer of 2022 was the driest in 500 years, with widespread water shortage and wildfires affecting even those nations that are usually accustomed to wetter summers. Alpine glaciers lost about one hundred feet (30 meters) in ice thickness from 1997 to 2021 as a result of the warming, according to the report. In 2021 alone, weather related disasters, mostly related to floods and storms, caused damages worth $50 billion across all European countries. Scientists don't know exactly why Europe is warming so fast, Samantha Burgess, deputy director for climate change services at Copernicus told Space.com in a previous interview. The fast-paced warming may have something to do with the proximity of the Arctic, which is by far the world's fastest warming region. "We know that the Arctic is warming about three times faster than the global average rate," Burgess told Space.com last year. "It's already 3 degrees C [5.4 degrees F] warmer than in the pre-industrial times. It is quite complicated to unpick the scientific reasons behind why the warming is happening so much faster there." [...] The new WMO report states that regardless of emission reduction efforts, temperatures in all regions of Europe will continue to rise at a rate higher than the global average.Read more of this story at Slashdot.

Anne Trafton writes via MIT News: Neural networks, a type of computing system loosely modeled on the organization of the human brain, form the basis of many artificial intelligence systems for applications such speech recognition, computer vision, and medical image analysis. In the field of neuroscience, researchers often use neural networks to try to model the same kind of tasks that the brain performs, in hopes that the models could suggest new hypotheses regarding how the brain itself performs those tasks. However, a group of researchers at MIT is urging that more caution should be taken when interpreting these models. In an analysis of more than 11,000 neural networks that were trained to simulate the function of grid cells -- key components of the brain's navigation system -- the researchers found that neural networks only produced grid-cell-like activity when they were given very specific constraints that are not found in biological systems. "What this suggests is that in order to obtain a result with grid cells, the researchers training the models needed to bake in those results with specific, biologically implausible implementation choices," says Rylan Schaeffer, a former senior research associate at MIT. Without those constraints, the MIT team found that very few neural networks generated grid-cell-like activity, suggesting that these models do not necessarily generate useful predictions of how the brain works. Mikail Khona, an MIT graduate student in physics, is also an author. "When you use deep learning models, they can be a powerful tool, but one has to be very circumspect in interpreting them and in determining whether they are truly making de novo predictions, or even shedding light on what it is that the brain is optimizing," says Ila Fiete, the senior author of the paper and professor of brain and cognitive sciences at MIT. "Deep learning models will give us insight about the brain, but only after you inject a lot of biological knowledge into the model," adds Mikail Khona, an MIT graduate student in physics who is also an author. "If you use the correct constraints, then the models can give you a brain-like solution."Read more of this story at Slashdot.

Scientists have discovered a huge "extragalactic structure" hidden behind the Milky Way in a mysterious area of the sky known as the "zone of avoidance" because it is obscured by our own galaxy's opaque bulge, according to a new preprint study. Motherboard reports: The discovery of the structure, which appears to be a large galaxy cluster, helps to fill in this shadowy part of our cosmic map, which may as well be labeled "here be space dragons" because it is so unclear what exists there. The star stuff that makes up our galaxy, the Milky Way, is distributed inside a thin plane that orbits around a central bulge that contains a supermassive black hole. The galactic plane and bulge are packed with stars, dust, and gas that block our view of whatever is on the other side. Though scientists have been able to use different wavelengths to peer through the zone of avoidance (ZoA), a region that obscures 10 to 20 percent of the sky, most of this region still remains out of view. Now, a team led by Daniela Galdeano, an astronomer at the National University of San Juan in Argentina, report the discovery of "a new galaxy cluster, VVVGCl-B J181435-381432, behind the Milky Way bulge," which helps to complete "the picture of the large scale structure in this still little explored area of the sky," according to a study posted this week on the preprint server arxiv. [...] Galdeano and her colleagues were able to spot this cluster within the ZoA using the VVV Survey, a project that scans the Milky Way bulge at infrared wavelengths using the European Southern Observatory's Visible and Infrared Survey Telescope for Astronomy (VISTA) in Paranal, Chile. Whereas the galactic plane blocks out almost all visible light in the zone, longer wavelengths of light, including in the infrared band, are able to travel through the Milky Way's haze to reach telescopes on Earth. To zoom in on the tantalizing region, the researchers used a near-infrared instrument called FLAMINGOS-2, which is on the Gemini South telescope in Chile, to identify measurements called "redshifts" that can be used to estimate the distance and velocities of its objects in space. The results exposed new details about five galaxies some three billion light years away, which the researchers think are part of a much bigger cluster. The team estimated that the cluster contains about 58 galaxies, but it will take more observations to be sure of its mass and contents.Read more of this story at Slashdot.

An anonymous reader quotes a report from the Associated Press: The International Committee of the Red Cross said Thursday it is seeking support to create a "digital red cross/red crescent emblem" that would make clear to military and other hackers that they have entered the computer systems of medical facilities or Red Cross offices. The Geneva-based humanitarian organization said it was calling on governments, Red Cross and Red Crescent societies, and IT experts to join forces in developing "concrete ways to protect medical and humanitarian services from digital harm during armed conflict." For over 150 years, symbols such as the red cross have been used to make clear that "in times of armed conflict, those who wear the red cross or facilities and objects marked with them must be protected from harm," the ICRC said. That same obligation should apply online, the organization said, noting that hacking operations in conflicts were likely to increase as more militaries develop cyber capabilities. The organization said that for the proposed "digital emblem" to become reality, nations worldwide would have to agree on its use and make it part of international humanitarian law alongside existing humanitarian insignia. It hopes the emblem would identify the computer systems of protected facilities much as a red cross or crescent on a hospital roof does in the real world. "The International Committee of the Red Cross said that it has identified three technical possibilities: a DNS-based emblem that would use a special label to link it to a domain name; an IP-based emblem; and an ADEM, or authenticated digital emblem, system that would use certificate chains to signal protection," adds the report.Read more of this story at Slashdot.

Slashdot readers MojoKid and williamyf share the news of AMD's two new high-end graphics cards, the Radeon RX 7900 XTX and 7900 XT. "Priced at $999 and $899 respectively and available in December this year, the new Radeon cards are expected to go toe-to-toe with NVIDIA's GeForce RTX 4080 and 4090," writes MojoKid. HotHardware reports: AMD states that its goals for RDNA 3 are to accelerate performance-per-watt leadership and to raise the bar for high resolution and high framerate gaming. AMD has turned to a chiplet architecture to accomplish these goals, a first for gaming GPUs. The chiplet complexes consist of a 5nm graphics compute die (GCD), which is flanked top and bottom by up to six 6nm memory and cache dice (MCD). The RX 7900 XTX uses the full complement of 6 MCDs which aggregates as a 384-bit memory bus (64-bit per die) with GDDR6 memory offering 20Gbps of throughput. The RX 7900 XT uses 5 MCDs with a corresponding 320-bit bus. All of this increased bandwidth and resources translates to what AMD claims is up to a 1.7X uplift in performance for the Radeon RX 7900 XTX versus its previous gen Radeon RX 6950 XT card in high resolution gaming. This could put the card within striking distance of NVIDIA's GeForce RTX 4090 possibly, but it's hard to say until cards ship to independent reviewers for testing. Regardless, gamers will appreciate the RX 7900 XTX's price point versus NVIDIA's $1600 top-end beast.Read more of this story at Slashdot.

According to The Record, New Hampshire will pilot a new kind of voting machine that will use open-source software to tally the votes. The Record reports: The software that runs voting machines is typically distributed in a kind of black box -- like a car with its hood sealed shut. Because the election industry in the U.S. is dominated by three companies -- Dominion, Election Systems & Software and Hart InterCivic -- the software that runs their machines is private. The companies consider it their intellectual property and that has given rise to a roster of unfounded conspiracy theories about elections and their fairness. New Hampshire's experiment with open-source software is meant to address exactly that. The software by its very design allows you to pop the hood, modify the code, make suggestions for how to make it better, and work with other people to make it run more smoothly. The thinking is, if voting machines run on software anyone can audit and run, it is less likely to give rise to allegations of vote rigging. The effort to make voting machines more transparent is the work of a group called VotingWorks. [...] On November 8, VotingWorks machines will be used in a real election in real time. New Hampshire is the second state to use the open-source machines after Mississippi first did so in 2019. Some 3,000 voters will run their paper ballots through the new machines, and then, to ensure nothing went awry, those same votes will be hand counted in a public session in Concord, N.H. Anyone who cares to will be able to see if the new machines recorded the votes correctly. The idea is to make clear there is nothing to hide. If someone is worried that a voting machine is programmed to flip a vote to their opponent, they can simply hire a computer expert to examine it and see, in real time.Read more of this story at Slashdot.

Meta's Instagram will soon allow artists to create and sell their own NFTs both right on the social media platform and off it. Axios reports: IG's feature will roll out to a small group of select creators in the U.S. to start, according to Meta. The first creators tapped to test the feature include photographer Isaac âoeDriftâ Wright, known as DrifterShoots, and artist Amber Vittoria. Meta won't charge fees for posting or sharing an NFT on IG, though, app store fees still apply. Separately, there will be a "professional mode" for Facebook profiles for creators to build a social media presence separate from their personal one. Artist royalties appear to be a part of the plan. Minting or the creating of NFTs on IG will start on Polygon, a boon for the layer-2 blockchain (a separate blockchain built on top of Ethereum) given the potential onboarding of IG's billion active users. The price of Polygon's token MATIC jumped 17% from Wednesday evening to Thursday morning, boosted by IG news but also, because JPMorgan conducted its first live DeFi trade using that blockchain. The platform is adding support for Solana blockchain and Phantom wallet with the latest feature update, adding them to the list of already-supported wallets such as MetaMask, Coinbase Wallet, Dapper Wallet, Rainbow and Trust Wallet. Ethereum and Flow blockchains are already supported. Info for selected collections with OpenSea metadata, like collection name and description, will show up on IG.Read more of this story at Slashdot.

The New York Police Department has joined Ring Neighbors, the neighborhood surveillance network built around Amazon's Ring security cameras. The Verge reports: The partnership, announced yesterday, means the NYPD will view people's posts on Neighbors and be able to post directly to it, including requests for public help on "active police matters." Neighbors is a Nextdoor-like extension of Ring's security camera business, allowing residents of a neighborhood to discuss crime and safety as well as post footage from their cameras. While many law enforcement departments have joined Neighbors in recent years, this marks its adoption by America's largest police force. (Police could separately request Ring footage for criminal investigations without the app.) It's part of an increasingly tight integration between Amazon and police -- one that's raised both concerns about privacy and questions about its crime-solving value.Read more of this story at Slashdot.

An anonymous reader quotes a report from Reason Magazine: The Babylon Bee this week joined The Onion in urging the Supreme Court to defend the First Amendment against an Ohio law that makes parody a felony. The case, which the Institute for Justice is asking the Court to take up, involves Parma resident Anthony Novak, who in 2016 was prosecuted for violating a state law against using a computer to "disrupt, interrupt, or impair the functions of any police, fire, educational, commercial, or governmental operations." Novak supposedly did that by creating a parody of the Parma Police Department's Facebook page. [...] For obvious reasons, the right-leaning Bee, like the left-leaning Onion, is alarmed by the implication that people have no recourse against cops who arrest them for making fun of government agencies. "The Bee is serving a brutal life sentence in Twitter jail as we speak," says its amicus brief (PDF) in Novak v. City of Parma. "Its writers would very much like to avoid a consecutive sentence in a government-run facility." The premise of Novak's prosecution was that he had disrupted police operations by prompting calls about his parody to the department's nonemergency line. "Left in the hands of the Sixth Circuit and the Parma PD (and other like-minded law enforcement), the speech-stifling Ohio statute used to go after Mr. Novak empowers state officials to search, arrest, jail, and prosecute parodists without fear of ever being held accountable," the Bee says. "The upshot for The Bee is that, in Ohio at least, its writers could be jailed for many, if not most, of the articles The Bee publishes, provided that someone contacted law enforcement -- or another entity 'protected' by [Ohio's law] -- to tell them that the articles exist." Consider the March 3 Bee story headlined "Donut Sales Surge as Police Departments Re-Funded." If someone "had called the Parma Police Department to let them know that The Bee had published the article," the brief suggests, the publication "could have been charged with a felony, its offices searched, and its writers arrested and jailed for days, all without consequence for the parties doing the charging, arresting, jailing, and searching." Likewise if an officer's "passive-aggressive brother-in-law had forwarded the article" to the cop's official email address, thereby "interrupt[ing]" his work. Given the broad wording of Ohio's law, which refers to "governmental operations" generally, Bee articles about federal agencies, such as its August 12 report on the FBI's search of Mar-a-Lago, also could be treated as grounds for arrest. "Had a caller contacted the FBI field office in Cleveland or Cincinnati" to "express outrage over the suspicious timing of the FBI's raid on Melania Trump's Mar-a-Lago closet and Attorney General Garland's acquisition of a haute couture wardrobe," the Bee notes, that could be the basis for a felony charge in Ohio. On the First Amendment issues raised by this case, both The Onion and The Babylon Bee see eye to eye. "The Onion may be staffed by socialist wackos, but in their brief defending parody to this Court, they hit it out of the park," the Bee says. "Parody has a unique capacity to speak truth to power and to cut its subjects down to size. Its continued protection under the First Amendment is crucial to preserving the right of citizens to effectively criticize the government."Read more of this story at Slashdot.

Saudi Arabia's sovereign wealth said on Thursday it will make electric cars in the kingdom under a joint venture with Apple supplier Foxconn as part of a push to build new industries and lessen dependence on oil. Reuters reports: Ceer "is the first Saudi automotive brand to produce electric vehicles in Saudi Arabia, and will design, manufacture and sell a range of vehicles for consumers in Saudi Arabia and the MENA (Middle East and North Africa) region, including sedans and sports utility vehicles," PIF said in a statement. PIF said its cars would be available in 2025, adding Ceer would draw more than $150 million in foreign direct investment, create up to 30,000 direct and indirect jobs and is projected to contribute $8 billion to the kingdom's GDP by 2034. The joint venture "will license component technology from BMW for use in the vehicle development process," PIF said in a statement. "Foxconn will develop the electrical architecture of the vehicles, resulting in a portfolio of products that will lead in the areas of infotainment, connectivity and autonomous driving technologies," it added.Read more of this story at Slashdot.

The macro story unfolding today is all the layoffs taking place in the tech industry. "Tech giants including Meta and Amazon have been slowing down their hiring for months, while smaller tech companies such as Robinhood and Coinbase have announced layoffs," reports the New York Times. "But rarely have so many job cuts and hiring freezes in the industry been disclosed on the same day." From the report: The technology industry's slowdown came into even sharper relief on Thursday as Amazon publicly said it had paused hiring for its corporate work force and several other technology companies announced job cuts. [...] At the same time, Lyft said it would cut 13 percent of its employees, or about 650 of its 5,000 workers. Stripe, a payment processing platform, said it would cut 14 percent of its employees, roughly 1,100 jobs. [...] Tech companies have led the way for the U.S. economy over the past decade, lifting the stock market during the worst days of the coronavirus pandemic. But in recent weeks, many of the largest firms reported financial results that suggested they were feeling the impact of global economic jitters, soaring inflation and rising interest rates. Social media companies in particular have been grappling with a pullback in digital advertising over the last few months. Meta, which owns Facebook and Instagram, said last week that its head count would remain "roughly flat" through the end of next year. The company plans to shrink some teams and hire only for high-priority areas. Snap, Snapchat's parent company, laid off 20 percent of its employees in August, blaming challenging macroeconomic conditions. Last week, Microsoft told investors that new hires in this quarter "should be minimal." Alphabet, which owns Google and YouTube, also said that in this quarter it would hire fewer than half the number of people it added in the third quarter. More layoffs at tech companies are in the works. Elon Musk, who bought Twitter for $44 billion last week, has ordered cuts across the company, which employs about 7,500 people. Workers at Twitter have started circulating a "Layoff Guide" with tips on how to handle being laid off. On Thursday, Lyft said it had decided on layoffs in the face of "a probable recession sometime in the next year." All teams will be affected, said Logan Green and John Zimmer, the company's founders, in an email to employees. Over the summer, Lyft cut 2 percent of its employees, mostly as a result of shutting down its car rental business, and froze hiring. But the company still has "to become leaner," its founders said. It is "not immune to the realities of inflation and a slowing economy," which have led to increasing ride-share insurance costs. Lyft also said it planned to sell its first-party vehicle service business and expected employees on that team to be offered jobs at the acquiring company.Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: OpenAI, the San Francisco-based lab behind AI systems like GPT-3 and DALL-E 2, today launched a new program to provide early-stage AI startups with capital and access to OpenAI tech and resources. Called Converge, the cohort will be financed by the OpenAI Startup Fund, OpenAI says. The $100 million entrepreneurial tranche was announced last May and was backed by Microsoft and other partners. The 10 or so founders chosen for Converge will receive $1 million each and admission to five weeks of office hours, workshops and events with OpenAI staff, as well as early access to OpenAI models and "programming tailored to AI companies." The deadline to apply is November 25, but OpenAI notes that it'll continue to evaluate applications after that date for future cohorts. With Converge, OpenAI is no doubt looking to cash in on the increasingly lucrative industry that is AI. The Information reports that OpenAI -- which itself is reportedly in talks to raise cash from Microsoft at a nearly $20 billion valuation -- has agreed to lead financing of Descript, an AI-powered audio and video editing app, at a valuation of around $550 million. AI startup Cohere is said to be negotiating a $200 million round led by Google, while Stability AI, the company supporting the development of generative AI systems, including Stable Diffusion, recently raised $101 million. The size of the largest AI startup financing rounds doesn't necessarily correlate with revenue, given the enormous expenses (personnel, compute, etc.) involved in developing state-of-the-art AI systems. (Training Stable Diffusion alone cost around $600,000, according to Stability AI.) But the continued willingness of investors to cut these startups massive checks -- see Inflection AI's $225 million raise, Anthropic's $580 million in new funding and so on -- suggests that they have confidence in an eventual return on investment. "We're excited to meet groups across all phases of the seed stage, from pre-idea solo founders to co-founding teams already working on a product," OpenAI writes in a blog post. "Engineers, designers, researchers, and product builders ... from all backgrounds, disciplines, and experience levels are encouraged to apply, and prior experience working with AI systems is not required."Read more of this story at Slashdot.

It has been almost three years since Chromebook users got word that Steam support is coming to ChromeOS. We're still not totally there yet, but today Google announced that it's ready to enter beta testing. From a report: In a blog post, Zach Alcorn, Google product manager, announced that Steam on Chromebooks is available as a beta with ChromeOS 108.0.5359.24 and later. Steam on ChromeOS entered alpha in March, and Alcorn said the updates announced today are based on "thousands of gameplay reports." The Steam on ChromeOS alpha required not just an Intel CPU, but also an Intel 11th-gen Core i5 chip with Intel's Iris Xe graphics. The beta supports Intel's latest 12th-gen chips and extends support to Team Red. Alcorn said the beta supports AMD's Ryzen 5000 C-Series CPUs.Read more of this story at Slashdot.