Slashdot

NBC reports that America's "Teamsters" labor union was hit by a ransomware attack demanding $2.5 million back in 2019. "But unlike many of the companies hit by high-profile ransomware attacks in recent months, the union declined to pay, despite the FBI's advice to do so, three sources familiar with the previously unreported cyberattack told NBC News."Personal information for the millions of active and retired members was never compromised, according to a Teamsters spokesperson, who also said that only one of the union's two email systems was frozen along with other data. Teamsters officials alerted the FBI and asked for help in identifying the source of the attack. They were told that many similar hacks were happening and that the FBI would not be able to assist in pursuing the culprit. The FBI advised the Teamsters to "just pay it," the first source said. "They said 'this is happening all over D.C. ... and we're not doing anything about it,'" a second source said. Union officials in Washington were divided over whether to pay the ransom — going so far as to bargain the number down to $1.1 million, according to the sources — but eventually sided with their insurance company, which urged them not to pony up... The Teamsters decided to rebuild their systems, and 99 percent of their data has been restored from archival material — some of it from hard copies — according to the union's spokesperson. The FBI's communications office did not reply to repeated requests for comment. The FBI's stance is to discourage ransomware payments. NBC News draws a lesson from the fact that it took nearly two years for this story to emerge. "An unknown number of companies and organizations have been extorted without ever saying a word about it publicly."Read more of this story at Slashdot.

"Within a decade, quantum computers could be powerful enough to break the cryptographic security that protects cell phones, bank accounts, email addresses and — yes — bitcoin wallets," writes CNBC. But fortunately, that would happen only if we do nothing in the meantime, they're told by Thorsten Groetker, former Utimaco CTO "and one of the top experts in the field of quantum computing."Crypto experts told CNBC they aren't all that worried about quantum hacking of bitcoin wallets for a couple of different reasons. Castle Island Ventures founding partner Nic Carter pointed out that quantum breaks would be gradual rather than sudden. "We would have plenty of forewarning if quantum computing was reaching the stage of maturity and sophistication at which it started to threaten our core cryptographic primitives," he said. "It wouldn't be something that happens overnight." There is also the fact that the community knows that it is coming, and researchers are already in the process of building quantum-safe cryptography. "The National Institute of Science and Technology (NIST) has been working on a new standard for encryption for the future that's quantum-proof," said Fred Thiel, CEO of cryptocurrency mining specialist Marathon Digital Holdings. NIST is running that selection process now, picking the best candidates and standardizing them. "It's a technical problem, and there's a technical solution for it," said Groetker. "There are new and secure algorithms for digital signatures. ... You will have years of time to migrate your funds from one account to another." Groetker said he expects the first standard quantum-safe crypto algorithm by 2024, which is still, as he put it, well before we'd see a quantum computer capable of breaking bitcoin's cryptography. Once a newly standardized post-quantum secure cryptography is built, Groetker said, the process of mass migration will begin. "Everyone who owns bitcoin or ethereum will transfer [their] funds from the digital identity that is secured with the old type of key, to a new wallet, or new account, that's secured with a new type of key, which is going to be secure," he said. There will still be the problem of users who forget their password or died without sharing their key. But in those scenarios, CNBC suggests, "an organization could lock down all accounts still using the old type of cryptography and give owners some way to access it."Read more of this story at Slashdot.

The New York Times shares footage from a flying car's test flight in California — "a single-person aircraft for use in rural areas — essentially a private flying car for the rich — that could start selling this year." (You can read the text of the article here.) "It may look like a strange beast, but it will change the way transportation happens," they're told by Marcus Leng, the Canadian inventor who designed the aircraft (which he named BlackFly):BlackFly is what is often called a flying car. Engineers and entrepreneurs like Mr. Leng have spent more than a decade nurturing this new breed of aircraft, electric vehicles that can take off and land without a runway. They believe these vehicles will be cheaper and safer than helicopters, providing practically anyone with the means of speeding above crowded streets. "Our dream is to free the world from traffic," said Sebastian Thrun, another engineer at the heart of this movement. That dream, most experts agree, is a long way from reality. But the idea is gathering steam. Dozens of companies are now building these aircraft, and three recently agreed to go public in deals that value them as high as $6 billion. For years, people like Mr. Leng and Mr. Thrun have kept their prototypes hidden from the rest of the world — few people have seen them, much less flown in them — but they are now beginning to lift the curtain... Others are building larger vehicles they hope to deploy as city air taxis as soon as 2024 — an Uber for the skies. Some are designing vehicles that can fly without a pilot. One of the air taxi companies, Kitty Hawk, is run by Mr. Thrun, the Stanford University computer science professor who founded Google's self-driving car project. He now says that autonomy will be far more powerful in the air than on the ground, and that it will enter our daily lives much sooner. "You can fly in a straight line and you don't have the massive weight or the stop-and-go of a car" on the ground, he said... The next few years will be crucial to the industry as it transitions from what Silicon Valley is known for — building cutting-edge technology — to something much harder: the messy details of actually getting it into the world.Read more of this story at Slashdot.

Slashdot reader Charlotte Web writes: The "Group of Seven" (or G7) nations are some of the world's largest economies — the U.S. and Canada, the U.K., France, Germany, and Italy, and Japan. On Sunday they pledged $2 billion to help developing countries pivot away from fossil fuels and pledged an "overwhelmingly decarbonized" electricity sector by 2030. The New York Times calls these "major steps in what leaders hope will be a global transition to wind, solar and other energy that does not produce planet-warming carbon dioxide emissions." Politico's Ryan Heath argues "The language on a 'green revolution' is quite strong — there's plenty of detail missing, but it gives climate campaigners a lot to hit leaders with if they fail to deliver. And it's a big deal for the G-7 to agree to 'to conserve or protect at least 30 percent of our land and oceans by 2030.'" Other reports from Politico's writers: "Boris Johnson admitted that the world's richest economies had not managed to secure a widely advertised 1 billion vaccine doses to send to developing countries. The final communique says the group will deliver 870 million doses over the next year." "The G-7 nations called for a 'timely, transparent, expert-led, and science-based WHO-convened' investigation into the origins of Covid-19, including in China. WHO's first crack at an investigation — released in March — called a lab leak 'extremely unlikely,' but China didn't grant access to key documents and Secretary of State Antony Blinken called that investigation 'highly deficient' this morning. The U.S. government remains split between two origin theories."Read more of this story at Slashdot.

Bloomberg Businessweek reports on "renewed interest in cables that can power consumers in one country with electricity generated hundreds, even thousands, of miles away in another" and possibly even transcontinental, submarine electricity superhighways:Coal, gas and even nuclear plants can be built close to the markets they serve, but the utility-scale solar and wind farms many believe essential to meet climate targets often can't. They need to be put wherever the wind and sun are strongest, which can be hundreds or thousands of miles from urban centers. Long cables can also connect peak afternoon solar power in one time zone to peak evening demand in another, reducing the price volatility caused by mismatches in supply and demand as well as the need for fossil-fueled back up capacity when the sun or wind fade. As countries phase out carbon to meet climate goals, they'll have to spend at least $14 trillion to strengthen grids by 2050, according to Bloomberg New Energy Finance. That's only a little shy of projected spending on new renewable generation capacity and it's increasingly clear that high- and ultra-high-voltage direct current lines will play a part in the transition. The question is how international will they be...? The article points out that in theory, Mongolia's Gobi desert "has potential to deliver 2.6 terawatts of wind and solar power — more than double the U.S.'s entire installed power generation capacity — to a group of Asian powerhouse economies that together produce well over a third of global carbon emissions..." The same goes for the U.S., where with the right infrastructure, New York could tap into sun- and wind-rich resources from the South and Midwest. An even more ambitious vision would access power from as far afield as Canada or Chile's Atacama Desert, which has the world's highest known levels of solar power potential per square meter. Jeremy Rifkin, a U.S. economist who has become the go-to figure for countries looking to remake their infrastructure for the digital and renewable future, sees potential for a single, 1.1 billion-person electricity market in the Americas that would be almost as big as China's. Rifkin has advised Germany and the EU, as well as China... Persuading countries to rely on each other to keep the lights on is tough, but the universal, yet intermittent nature of solar and wind energy also makes it inevitable, according to Rifkin. "This isn't the geopolitics of fossil fuels," owned by some and bought by others, he says. "It is biosphere politics, based on geography. Wind and sun force sharing...." If these supergrids don't get built, it will be because their time has both come and gone. Not only are they expensive, politically difficult, and unpopular — they have to cross a lot of backyards — their focus on mega-power installations seems outdated to some. Distributed microgeneration as close to home as your rooftop, battery storage, and transportable hydrogen all offer competing solutions to the delivery problems supergrids aim to solve.Read more of this story at Slashdot.

Slashdot reader AmiMoJo shares a report from Reuters:Scientific advances from deep brain stimulation to wearable scanners are making manipulation of the human mind increasingly possible, creating a need for laws and protections to regulate use of the new tools, top neurologists said on Thursday. A set of "neuro-rights" should be added to the Universal Declaration of Human Rights adopted by the United Nations, said Rafael Yuste, a neuroscience professor at New York's Columbia University and organizer of the Morningside Group of scientists and ethicists proposing such standards. Five rights would guard the brain against abuse from new technologies — rights to identity, free will and mental privacy along with the right of equal access to brain augmentation advances and protection from algorithmic bias, the group says. "If you can record and change neurons, you can in principle read and write the minds of people," Yuste said during an online panel at the Web Summit, a global tech conference. "This is not science fiction. We are doing this in lab animals successfully."Read more of this story at Slashdot.

The government in Pakistan's largest province, Punjab, has decided to block SIM cards of unvaccinated citizens, reports the Hindustan Times (one of the largest newspapers in India), citing reports from news agency ANI.Dr. Rashid, the provincial health minister in Pakistan's Punjab, said that there has been a "considerable decrease" in Covid-19 cases in the province due to mass vaccinations. However, a report compiled by the Punjab primary health department shows that the province still failed to achieve its set target for Covid-19 vaccination, reports ARY News, adding that around 300,000 recipients of the first dose of the vaccine never returned for the second dose since the start of Pakistan's mass inoculation drive on February 2.Read more of this story at Slashdot.

Long-time Slashdot reader thegreatbob writes:The old RAD/content authoring system, ToolBook, appears to be entering the final phase of its EOL process. Sumtotal/Skillsoft (the current owner, under which meaningful development effectively ceased) 'may' refuse software activations after the end of 2021, and does not provide a format-compatible replacement. Similarly, they are halting their support services, and will not allow contracts to be renewed. This may have significant ramifications for the education/training sector, and I have reason to believe that the body of the work dependent on this software is significantly larger than one might expect out of a wayward VisualBasic competitor from the 90s. The software, which was offered for sale until relatively recently (I'm unsure of the date of cutoff), has not received an update since 2014, nor a major version update since 2011. As such, I'd like to increase the visibility of this particular EOL, in the hopes that interested parties will take notice and have an opportunity to begin the process of moving their courseware out of this format... If one has never encountered this software before, it is "interesting", to say the least, as is the history of Asymetrix (one of Paul Allen's ventures) and later Sumtotal Systems, through 90s and early 2000s. If one does not care to look into it, it can be thought of as some sort of bizarro-world amalgam of features from Visual Basic and HyperCard.Read more of this story at Slashdot.

Freenode's Linux support channel has an official web page at freenode.linux.community, which now bears this announcement: 22+ year old ##linux on freenode has been seized by freenode staff The community's (multi-platform) site reminds visitors of the alternative channels #linux on Libera and Linux.Chat on Discord. But they're not the only ones making changes. "[T]he FSF and GNU have decided to relocate our IRC channels to Libera.Chat," reads an official announcement on the FSF blog. "Effective immediately, Libera is the official home of our channels, which include but are not limited to all those in the #fsf, #gnu, and #libreplanet namespaces."As we have had nearly twenty years of positive experiences with the Freenode staff, most of whom now comprise the staff of the Libera network, we are confident in their technical and interpersonal expertise, as well as their ability to make the network as long-lasting and integral to the free software community as they made Freenode. We look forward to joining the large number of free software and free culture projects who have already made Libera.Chat their home, and hope to stay there for many years to come. Also making a move: freenode's #Python channel. Software developer Ned Batchelder, one of the channel's operators (and also an architect at edX), shared a recent experience in a new blog post this morning. When they'd decided to move #python to the new Libera.chat network (run by former Freenode staffers), they also stayed in Freenode's channel "to let people know where everyone had gone."Yesterday, after a heated debate in the Freenode channel where I was accused of splitting the community, I got k-lined (banned entirely from Freenode). The reason given was "spamming", because of my recurring message about the move to Libera. Then the entire Freenode #python channel was closed... Was it malice or was it mistake? Does it matter? It's not a good way to run a network. After the channel was closed, people asking staff about what happened were banned from asking. That wasn't a mistake... [T]he new staff seems to be using force to silence people asking questions. It's clear that transparency is not a strong value for them. Setting aside network drama, the big picture here is that the Freenode #python community isn't split: it's alive and well. It's just not on Freenode anymore, it's on Libera. Freenode was a good thing. But the domain name of the server was the least important part of it, just a piece of technical trivia. There's no reason to stick with Freenode just because it is called Freenode. As with any way of bringing people together, the important part is the people. If all of the people go someplace else, follow them there, and continue. See you on Libera.Read more of this story at Slashdot.

"Apple paid a multimillion dollar settlement to a woman after iPhone repair techs posted risque pictures from her phone to Facebook," reports the Washington Post, citing legal documents obtained by the Telegraph. An unnamed Oregon college student "sent her phone to Apple for repairs after it stopped working" in 2016, and the iPhone ended up at Apple-approved repair contractor Pegatron...Two iPhone repair technicians in Sacramento, uploaded "10 photos of her in various stages of undress and a sex video" to her Facebook account, resulting in "severe emotional distress" for the young woman, according to the Telegraph's review of legal records. Pegatron, a major Apple manufacturer with facilities across the globe, had to reimburse Apple for the settlement and face insurers who didn't want to pay for it, according to the news outlet... The settlement isn't the first time Apple has had to handle the misdeeds of employees. In 2019, a California woman alleged that an Apple store employee had texted a private picture on her phone to himself. That employee was no longer working for the company after Apple conducted its investigation. Apple store employees at a Brisbane, Australia, location were fired in 2016 for taking candid pictures of female employees and customers' bodies and stealing photos from consumers' phones to rank their bodies. "Apple keeps a firm grip on the repair of its devices, arguing that allowing only approved retailers and vendors to repair its products ensures the privacy of its customers," the article points out. "The revelation of the lawsuit pokes holes in the company's stance that only authorized retailers can keep customer information secure."Read more of this story at Slashdot.

Slashdot reader SysEngineer shares this report from the BBC:Scientists are reporting what they say is the longest sediment avalanche yet measured in action. It occurred underwater off West Africa, in a deep canyon leading away from the mouth of the Congo River. Something in excess of a cubic kilometre of sand and mud descended into the deep. This colossal flow kept moving for two whole days and ran out for more than 1,100km across the floor of the Atlantic Ocean. The event would have gone unrecorded were it not for the fact that the slide broke two submarine telecommunications cables, slowing the internet and other data traffic between Nigeria and South Africa in the process. And also because of the prescient action of researchers who had lined the length of the Congo Canyon with instruments capable of measuring current and sediment velocities.Read more of this story at Slashdot.

Long-time Slashdot reader UnknowingFool summarizes a report from Polygon:Photographer Judy Jurasek has sued Capcom for copyright infringement of at least 80 of her photographs in their recent game, Resident Evil: Devil May Cry and other games. Jurasek claims the textures in the video game where copied from her 1996 book Surfaces which contained 1,200 images of surfaces and textures. The book was sold with a CD-ROM with digital copies of the images. Jurasek's damages could total $12M from Devil May Cry alone. Jurasek claims that Capcom never licensed the images for use in their video games. The initial filing is over 100 pages with many detailed photographic examples of her claims. Part of her evidence comes from Capcom's 2020 data breach. The data breach leaked among other things files and filenames of images used by Capcom. At least one filename appears to match those found in the CD-ROM from Surfaces. Jurasek is also seeking additional damages of $2,500 to $25,000 for each used photograph for "false copyright management and removal of copyright management," according to Polygon's report, which says she's alleging her photos were used for "everything from marbled textures to ornate sculptural details that are recognizable and abundant in Capcom games," and even the shattered glass texture used in the Resident Evil 4 logo. A Capcom representative told Polygon that the company is "aware of the lawsuit" and has "no further comment."Read more of this story at Slashdot.

Captain Kirk once said "The trouble with immortality is it's boring." But how many people agree with him? Long-time Slashdot reader tinkers shares one answer. University of Texas scientists surveyed more than 900 adults living in the U.S. — and discovered that only 33% of them would be willing to take an immortality pill if one existed. But then they broke down the results into different age groups. From The Independent:One group was younger people, between the ages of 18 and 29, another group of senior citizens whose average age was 72, and a third group made up of individuals whose average age was 88. Each of the groups reached a majority consensus that they would not want to live forever. However, among the youngest group and oldest group there were differences in what age they would prefer to be "frozen" at by a theoretical immortality pill. The younger group chose the age of 23, while the oldest group picked 42... The youngest group had the largest number of individuals saying they would want to live forever, with 34% saying they would take an immortality pill. Another 40% said they would not take one, and 26% said they were unsure. The middle group saw slightly fewer people willing to live forever, with 32% saying they would take the pill, and 43% saying they would not. A quarter of the the respondents said they were unsure. The oldest group saw the fewest number of those interested in eternal life, with only 24% saying they would agree to take the pill. More than half — 59% — said they would not take it, with only 17% saying they were unsure.... Differences in responses emerged along gender lines as well, with more men saying they would take the pill than women.Read more of this story at Slashdot.

The New York Times argues that this week changed Bitcoin's reputation as "secure, decentralized and anonymous" (adding "Criminals, often operating in hidden reaches of the internet, flocked to Bitcoin to do illicit business without revealing their names or locations. The digital currency quickly became as popular with drug dealers and tax evaders as it was with contrarian libertarians.") "But this week's revelation that federal officials had recovered most of the Bitcoin ransom paid in the recent Colonial Pipeline ransomware attack exposed a fundamental misconception about cryptocurrencies: They are not as hard to track as cybercriminals think..."[F]or the growing community of cryptocurrency enthusiasts and investors, the fact that federal investigators had tracked the ransom as it moved through at least 23 different electronic accounts belonging to DarkSide, the hacking collective, before accessing one account showed that law enforcement was growing along with the industry... The Bitcoin ledger can be viewed by anyone who is plugged into the blockchain. "It is digital bread crumbs," said Kathryn Haun, a former federal prosecutor and investor at venture-capital firm Andreessen Horowitz. "There's a trail law enforcement can follow rather nicely." Haun added that the speed with which the Justice Department seized most of the ransom was "groundbreaking" precisely because of the hackers' use of cryptocurrency. In contrast, she said, getting records from banks often requires months or years of navigating paperwork and bureaucracy, especially when those banks are overseas... Tracking down a user's transaction history was a matter of figuring out which public key they controlled, authorities said. Seizing the assets then required obtaining the private key, which is more difficult. It's unclear how federal agents were able to get DarkSide's private key. Justice Department spokesman Marc Raimondi declined to say more about how the F.B.I. seized DarkSide's private key. According to court documents, investigators accessed the password for one of the hackers' Bitcoin wallets, though they did not detail how. The F.B.I. did not appear to rely on any underlying vulnerability in blockchain technology, cryptocurrency experts said. The likelier culprit was good old-fashioned police work. Federal agents could have seized DarkSide's private keys by planting a human spy inside DarkSide's network, hacking the computers where their private keys and passwords were stored, or compelling the service that holds their private wallet to turn them over via search warrant or other means. "If they can get their hands on the keys, it's seizable," said Jesse Proudman, founder of Makara, a cryptocurrency investment site. "Just putting it on a blockchain doesn't absolve that fact...." The F.B.I. has partnered with several companies that specialize in tracking cryptocurrencies across digital accounts, according to officials, court documents and the companies. Start-ups with names like TRM Labs, Elliptic and Chainalysis that trace cryptocurrency payments and flag possible criminal activity have blossomed as law enforcement agencies and banks try to get ahead of financial crime. Their technology traces blockchains looking for patterns that suggest illegal activity... "Cryptocurrency allows us to use these tools to trace funds and financial flows along the blockchain in ways that we could never do with cash," said Ari Redbord, the head of legal affairs at TRM Labs, a blockchain intelligence company that sells its analytic software to law enforcement and banks. He was previously a senior adviser on financial intelligence and terrorism at the Treasury Department. The story includes three intriguing quotes: Justice Department spokesman Marc Raimondi said the Colonial Pipeline ransom seizure was only the latest of "many seizures, in the hundreds of millions of dollars, from unhosted cryptocurrency wallets" used for criminal activity.Hunter Horsley, chief executive of cryptocurrency investment company Bitwise Asset Management, said "The public is slowly being shown, in case after case, that Bitcoin is good for law enforcement and bad for crime — the opposite of what many historically believed."A spokesperson for Chainalysis, a start-up that traces cryptocurrency payments, tells the Times that in the end, "cryptocurrencies are actually more transparent than most other forms of value transfer. Certainly more transparent than cash."Read more of this story at Slashdot.

Slashdot reader ytene writes:The BBC are showing the first set of images of NASA's now-assembled "Space Launch System" (SLS) vehicle, noting that NASA intends to use it to launch a human crew back to the moon later this decade. Testing will take place before astronauts are expected to ride the vehicle to space some time in 2023. It's enormous. From the BBC's report:On Friday, engineers at Florida's Kennedy Space Center finished lowering the 65m (212ft) -tall core stage in-between two smaller booster rockets... Nasa plans to launch the SLS on its maiden flight later this year. During this mission, known as Artemis-1, the SLS will carry Orion — America's next-generation crew vehicle — towards the Moon. However, no astronauts will be aboard... The SLS consists of the giant core stage, which houses propellant tanks and four powerful engines, flanked by two 54m (177ft) -long solid rocket boosters. In early 2020 the BBC reported that "Some in the space community believe it would be better to launch deep space missions on commercial rockets. But supporters of the programme say that NASA needs its own heavy-lift launch capability... "The SLS was designed to re-use technology originally developed for the space shuttle programme, which ran from 1981-2011."Read more of this story at Slashdot.

The BBC reports: China's Zhurong rover has sent back a batch of new images from Mars — including a "selfie". The robot, which landed in May, positioned a wireless camera on the ground and then rolled back a short distance to take the snap. To Zhurong's right is the rocket-powered platform that brought the six-wheeled vehicle to a soft touchdown. Both display prominent Chinese flags... It weighs some 240kg. A tall mast carries cameras to take pictures and aid navigation; five additional instruments will investigate the mineralogy of local rocks and the general nature of the environment, including the weather. Like the current American rovers (Curiosity and Perseverance), Zhurong has a laser tool to zap rocks to assess their chemistry. It also has a radar to look for sub-surface water-ice - a capability it shares with Perseverance. Slashdot reader InfiniteZero writes that the mission's "full resolution images including a 360 panoramic view of the landing site, can be found at the official CNSA website."Read more of this story at Slashdot.

A security camera installation worker for ADT was sentenced Wednesday to a little more than four years in federal prison for illegally accessing the security cameras of more than 200 North Texas customers, reports the Dallas Morning News:Telesforo Aviles, age 35, faced a maximum of five years in prison for computer fraud under the terms of his plea agreement, in which he admitted to accessing customer accounts over 9,600 times since 2015. He was cuffed and taken into custody to begin serving his sentence after the hearing. The quiet and introverted technician, a senior supervisor with 17 years at ADT, was caught last year after the company was alerted by a customer to suspicious activity, said his lawyer, Tom Pappas. Aviles, who is married with five children, turned himself in when he was asked to, Pappas said. "He's mortified by what he did," Pappas said. "He sees what he did as a betrayal of himself, too." Of the nearly 10,000 images Aviles accessed, about 40 were "sexual in nature" and none involved children, Pappas said. An ADT spokesman said the company had no comment. Assistant U.S. Attorney Sid Mody had asked Starr to give Aviles the maximum sentence, saying that while 217 accounts were accessed, the total number of victims is much higher given that each household had multiple family members. That violation, he said, destroyed "in the worst way" their sense of feeling safe and secure at home... Starr said he considered Aviles' cooperation with authorities and lack of a criminal history as well as the fact that the conduct involved a "lengthy period of time." Aviles noted the homes that had "attractive women" and repeatedly logged into their accounts to view the footage, prosecutors said... ADT has since been hit with class-action lawsuits from customers over the breach. The article also notes the story of one woman who filed a federal lawsuit last month against ADT. She'd told the court Aviles persuaded her to install cameras in her bedrooms after she'd specifically questioned whether it was truly necessary. "Aviles told her that it was necessary because a burglar could enter the house through the bedroom windows, and the cameras would monitor that," her lawsuit says. "Of course, Aviles' placement of the cameras had nothing to do with potential burglars." In a statement filed with the court, one female homeowner reportedly wrote that "This deliberate and calculated invasion of privacy is arguably more harmful than if I had installed no security system and my house had been burglarized."Read more of this story at Slashdot.

The auction has ended for a seat with Jeff Bezos and his brother on their first Blue Origin flight into space next month. Slashdot reader ytene writes that a live-streamed auction for the seat "lasted less than 10 minutes after opening at $4.8 million." The Hill reports:That came after nearly 7,600 people from 159 countries had registered to bid on a seat for the July 20 space flight by the time registration closed Thursday, according to ABC News... Blue Origin said the $28 million would be donated to Club for the Future, Blue Origin's 501(c)(3) nonprofit with a mission to "inspire future generations to pursue careers in STEM and to help invent the future of life in space," according to its website...Blue Origin said the fourth and final crew member of the mission will also be announced when the identity of the auction winner is revealed. Today CNN ran a story headlined "Jeff Bezos is going to space for 11 minutes. Here's how risky that is." (Or how safe?)They'll be going up and coming right back down, and they'll be doing it in less time — about 11 minutes — than it takes most people to get to work. Suborbital flights differ greatly from orbital flights of the type most of us think of when we think of spaceflight. Blue Origin's New Shepard flights will be brief, up-and-down trips, though they will go more than 62 miles above Earth, which is widely considered to be the edge of outer space. Orbital rockets need to drum up enough power to hit at least 17,000 miles per hour, or what's known as orbital velocity, essentially giving a spacecraft enough energy to continue whipping around the Earth rather than being dragged immediately back down by gravity. Suborbital flights require far less power and speed. That means less time the rocket is required to burn, lower temperatures scorching the outside of the spacecraft, less force and compression ripping at the spacecraft, and generally fewer opportunities for something to go very wrong. New Shepard's suborbital fights hit about about three times the speed of sound — roughly 2,300 miles per hour — and fly directly upward until the rocket expends most of its fuel. The crew capsule will then separate from the rocket at the top of the trajectory and briefly continue upward before the capsule almost hovers at the top of its flight path, giving the passengers a few minutes of weightlessness. It works sort of like an extended version of the weightlessness you experience when you reach the peak of a roller coaster hill, just before gravity brings your cart — or, in Bezos' case, your space capsule — screaming back down toward the ground. The New Shepard capsule then deploys a large plume of parachutes to slow its descent to less than 20 miles per hour before it hits the ground... Blue Origin's New Shepard capsule, which is fully autonomous and does not require a pilot, has never had an explosive mishap in 15 test flights. And the nature of Bezos' flight means it comes with some inherently lower risks than more ambitious space travel attempts. But that doesn't mean the risk is zero, either.Read more of this story at Slashdot.

Linus Torvalds was "clearly unamused" by a "humanoid conspiracy theory, and also on its discussion in a Linux kernel topic thread," reports Neowin. They add that Torvalds "weighed in quite heavily with some very strong language, mixed with some biology lessons..." Here's an excerpt from Torvalds' response (as shared by Slashdot reader Hmmmmmm): Please keep your insane and technically incorrect anti-vax comments to yourself. You don't know what you are talking about, you don't know what mRNA is, and you're spreading idiotic lies. Maybe you do so unwittingly, because of bad education. Maybe you do so because you've talked to "experts" or watched youtube videos by charlatans that don't know what they are talking about. But dammit, regardless of where you have gotten your mis-information from, any Linux kernel discussion list isn't going to have your idiotic drivel pass uncontested from me. Vaccines have saved the lives of literally tens of millions of people. Just for your edification in case you are actually willing to be educated: mRNA doesn't change your genetic sequence in any way. It is the exact same intermediate - and temporary - kind of material that your cells generate internally all the time as part of your normal cell processes, and all that the mRNA vaccines do is to add a dose their own specialized sequence that then makes your normal cell machinery generate that spike protein so that your body learns how to recognize it. The half-life of mRNA is a few hours. Any injected mRNA will be all gone from your body in a day or two. It doesn't change anything long-term, except for that natural "your body now knows how to recognize and fight off a new foreign protein" (which then tends to fade over time too, but lasts a lot longer than a few days). And yes, while your body learns to fight off that foreign material, you may feel like shit for a while. That's normal, and it's your natural response to your cells spending resources on learning how to deal with the new threat. And of the vaccines, the mRNA ones are the most modern, and the most targeted - exactly because they do *not* need to have any of the other genetic material that you traditionally have in a vaccine (ie no need for basically the whole - if weakened - bacterial or virus genetic material). So the mRNA vaccines actually have *less* of that foreign material in them than traditional vaccines do. And a *lot* less than the very real and actual COVID-19 virus that is spreading in your neighborhood. Honestly, anybody who has told you differently, and who has told you that it changes your genetic material, is simply uneducated. You need to stop believing the anti-vax lies, and you need to start protecting your family and the people around you. Get vaccinated... Get vaccinated. Stop believing the anti-vax lies. And if you insist on believing in the crazy conspiracy theories, at least SHUT THE HELL UP about it on Linux kernel discussion lists.Read more of this story at Slashdot.

Dartmouth's Geisel medical school is dropping its investigation into alleged online cheating, the New York Times reports:In March, Dartmouth charged 17 students with cheating based on a review of certain online-activity data on Canvas — a popular learning-management system where professors post assignments and students submit their work — during remote exams. The school quickly dropped seven of the cases after at least two students argued that administrators had mistaken automated Canvas activity for human cheating. Now Dartmouth is also dropping allegations against the remaining 10 students, some of whom faced expulsion, suspension, course failures and misconduct marks on their academic records that could have derailed their medical careers. "I have decided to dismiss all the honor code charges," Duane Compton, dean of the medical school, said in an email to the Geisel community Wednesday evening, adding that the students' academic records would not be affected. "I have apologized to the students for what they have been through." Dartmouth's decision to dismiss the charges followed a software review by The New York Times, which found that students' devices could automatically generate Canvas activity data even when no one was using them. Dartmouth's practices were condemned by some alumni along with some faculty at other medical schools. A Dartmouth spokesman said the school could not comment further on the dropping of the charges for privacy reasons. "The moral of the current story is clear," argued the Times reporter on Twitter. "Colleges that use surveillance tech can end up erroneously accusing some of their best students."Read more of this story at Slashdot.

Long-time Slashdot reader wildstoo writes: In a blog post on Thursday, GitHub security researcher Kevin Backhouse announced that Polkit, a Linux system service included in several modern Linux distros that provides an organized way for non-privileged processes to communicate with privileged ones, has been harbouring a major security bug for seven years. The bug, assigned (CVE-2021-3560) allows a non-privileged user to gain administrative shell access with a handful of standard command line tools. The bug was fixed on June 3, 2021 in a coordinated disclosure. "It's used by systemd," GitHub's blog post points out, "so any Linux distribution that uses systemd also uses polkit..." "It's very simple and quick to exploit, so it's important that you update your Linux installations as soon as possible. Any system that has polkit version 0.113 (or later) installed is vulnerable. That includes popular distributions such as RHEL 8 and Ubuntu 20.04."Read more of this story at Slashdot.

From today's edition of Mike Melanson's "This Week in Programming" column:This week, Docker announced some changes to Docker Hub Autobuilds — the primary one of interest being that autobuilds would no longer be available to free tier users — and much of the internet let out a collective groan to the tune of "this is why we can't have nice things...!" "As many of you are aware, it has been a difficult period for companies offering free cloud compute," wrote Shaun Mulligan, principal product manager at Docker in the company's blog post, citing an article that explores how crypto-mining gangs are running amok on free cloud computing platforms. Mulligan goes on to explain that Docker has "seen a massive growth in the number of bad actors," noting that it not only costs them money, but also degrades performance for their paying customers. And so, after seven years of free access to their autobuild feature, wherein even all of you non-paying Docker users could set up continuous integration for your containerized projects, gratis, the end is nigh. Like, really, really nigh, as in next week — June 18. While Docker offered that they already tried to correct the issue by removing around 10,000 accounts, they say that the miners returned the next week in droves, and so they "made the hard choice to remove Autobuilds...."For its part, Docker has tried to again stave off the criticism, offering users a discount on subscriptions, and offering members of its open source program the ability to continue to use autobuilds for free... Docker says they've also changed Autobuild "to take advantage of BuildKit by default for improved build performance," increased the number of parallel builds for subscribers, and increased the build instance types, "so you get a beefier machine to build on!" While the changes were apparently inspired by their struggles with cryptocurrency miners, "All of these improvements should see a faster and more stable build experience with lower queue times..." "We really appreciate your support and the community's understanding as the whole industry battles against these abusive few."Read more of this story at Slashdot.

Back in 2009, then-governor of California Arnold Schwarzenegger requested $4.7 billion in federal stimulus money to help build an 800-mile bullet train system from San Diego to San Francisco. "We're traveling on our trains at the same speed as 100 years ago," the governor said. "That is inexcusable. America must catch up." Nearly 12 years later, "a $929-million federal grant for the California bullet train project was restored Thursday," reports the Los Angeles Times, "reversing a decision by the Trump administration to terminate the funding." But their story (shared by Slashdot reader schwit1) notes this grant has a very long history:The grant was originally made in 2010 after other states backed out of high-speed rail projects and declined to take the federal support. The California project already had won another $2.5-billion grant from the Obama administration's stimulus program, known as the American Recovery and Reinvestment Act. The Trump action to take back the money was highly controversial, and federal grant experts said such terminations were rare in cases that did not involve fraud but were merely behind schedule. Ronald Batory, then chief of the Federal Railroad Administration, cited California's multiple failures to forecast accurate schedules, among other problems, in taking the action. Along with House Republicans from California, Trump officials were highly critical of the California project, with former Transportation Secretary Elaine Chao calling it a "bait and switch" on promises made to taxpayers. Chao and Trump had issued an even bigger threat, to claw back the much larger $2.5-billion grant that had already been spent. Despite such rhetoric, the Trump administration never made an attempt to get back the funds. The $929 million is part of a planned $22.8-billion effort aimed at building a 171-mile partial operating system between Bakersfield and Merced [part of the route between San Francisco and Los Angeles], as well as completing environmental planning and making some high-speed rail investments in Southern California and the Bay Area. In a statement, America's Federal Rail Agency said the settlement "reflects the federal government's ongoing partnership in the development of high-speed rail." And they called their restoration of funding "an important step in advancing an economically transformational project in California." The Times adds that "Some bullet train advocates believe $10 billion or more from the state and federal government could be added to the project, allowing an expansion of the current construction. But even that much money would not close a roughly $80-billion shortfall needed to connect Los Angeles to San Francisco."Read more of this story at Slashdot.

A new extension for Microsoft's code-editing tool, Visual Studio Code, "allows you to open, edit, and commit back to source-control repos without having to clone them on your local machine," explains a new video. A Microsoft blog post calls it "a new experience that we've been building in partnership with our friends at GitHub to enable working with source code repositories quickly and safely inside VS Code."In VS Code, we've offered integrated support for Git from the very beginning, and we've been supporting many other source control management (SCM) providers through extensions. This has allowed developers to clone and work with repositories directly within VS Code. However, a large part of what developers do every day involves reading other people's code: reviewing pull requests, browsing open-source repositories, experimenting with new technologies or projects, inspecting upstream dependencies to debug applications, etc. What all of these have in common is that as a first step, you usually clone the repository locally and then open the code in your favorite code editor (which we hope is VS Code!). Yet, cloning a repository takes time, may lead you to review an outdated version of the repo if you forget to pull, and can sometimes be a security risk if you're unfamiliar with the code. The new Remote Repositories extension, published by GitHub, makes the experience of opening source code repositories in VS Code instant and safe. With this, you can quickly browse, search, edit, and commit to any remote GitHub repository (and soon, Azure Repos) directly from within VS Code, no clone necessary! You can work on as many repos as you like without having to save any source code on your machine. Remote Repositories saves you time and local disk space and empowers you to stay entirely within VS Code for all your source control tasks.Read more of this story at Slashdot.

McDonald's equiped 10 of its restaurants in Chicago with automated speech-recognition for their drive-through windows. Now they're facing a potential class-action lawsuit. Long-time Slashdot reader KindMind shares this report from the Register:McDonald's has been accused of illegally collecting and processing customers' voice recordings without their consent in the U.S. state of Illinois... The state has some of the strictest data privacy laws; its Biometric Information Privacy Act (BIPA) states: "No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information." unless it receives written consent. Shannon Carpenter, a resident of Illinois, sued [PDF] McDonald's in April on behalf of himself and all other affected state residents. He claimed the fast-chow biz has broken BIPA by not obtaining written consent from its customers to collect and process their voice data, nor has it explained in its privacy policy how or if the data is stored or deleted. His lawsuit also stated that McDonald's has been experimenting with AI software taking orders at its drive thrus since last year. "Plaintiff, like the other class members, to this day does not know the whereabouts of his voiceprint biometrics which defendant obtained," Carpenter's lawsuit stated. Under the BIPA, people can receive up to $5,000 in damages from private entities for each violation committed "intentionally or recklessly," or $1,000 if each violation was from negligence instead. The suit also claimed the machine-learning software built by McD Tech Labs doesn't just transcribe speech into text, it processes audio samples to glean all sorts of personal information to predict a customer's "age, gender, accent, nationality, and national origin."Read more of this story at Slashdot.

Today is Record Store Day, an annual event celebrating the culture of independently-owned record stores. And music industry players have said they actually got more money from the sale of vinyl records than they do from YouTube. But is that changing? The New York Times reports those figures are from a time when YouTube was only selling ads on (or beside) music videos and then sharing that cash with the record labels and performs:Fast forward to last week, when YouTube disclosed that it paid music companies, musicians and songwriters more than $4 billion in the prior year. That came from advertising money and something that the industry has wanted forever and is now getting — a cut of YouTube's surprisingly large subscription business. (YouTube subscriptions include an ad-free version of the site and a Spotify-like service to watch music videos without any ads.) The significance of YouTube's dollar figure is that it's not far from the $5 billion that the streaming king Spotify pays to music industry participants from a portion of its subscriptions. (A reminder: The industry mostly loves Spotify's money, but some musicians ïsay that they're shortchanged by the payouts.) Subscriptions will always be a hobby for YouTube, but the numbers show that even a side gig for the company can be huge. And it has bought peace by raining some of those riches on those behind the music. Record labels and other industry powers "still don't looooove YouTube," Lucas Shaw, a Bloomberg News reporter, wrote this week. "But they don't hate it anymore." The YouTube turnabout may also show that complaining works. The music industry has a fairly successful track record of picking a public enemy No. 1 — Pandora for awhile, Spotify, YouTube, and more recently apps like TikTok and Twitch — and publicly browbeating it or playing one rich company against another to get more money or something else they wanted. While the article cites concerns that YouTube is still paying too little (and failing to stop piracy), "just maybe, YouTube has shown that it's possible for digital companies to both upend an industry and make it stronger."Read more of this story at Slashdot.

An anonymous reader quotes a report from The Wall Street Journal: The Biden administration launched an initiative Thursday aiming to make more government data available to artificial intelligence researchers, part of a broader push to keep the U.S. on the cutting edge of the crucial new technology. The National Artificial Intelligence Research Resource Task Force, a group of 12 members from academia, government, and industry led by officials from the White House Office of Science and Technology Policy and the National Science Foundation, will draft a strategy for potentially giving researchers access to stores of data about Americans, from demographics to health and driving habits. They would also look to make available computing power to analyze the data, with the goal of allowing access to researchers across the country. The task force, which Congress mandated in the National Artificial Intelligence Initiative Act of 2020, is part of an effort across the government to ensure the U.S. remains at the vanguard of technological advancements. Many researchers, particularly in academia, simply don't have access to these computational resources and data, and this is hampering innovation. One example: The Transportation Department has access to a set of data gathered from vehicle sensors about how people drive, said Erwin Gianchandani, senior adviser at the National Science Foundation and co-chairman of the new AI task force. "Because you have very sensitive data about individuals, there are challenges in being able to make that data available to the broader research community," he said. On the other hand, if researchers could get access, they could develop innovations designed to make driving safer. Census data, medical records, and other data sets could also potentially be made available for research by both private companies and academic institutions, officials said. They said the task force will evaluate how to make such data available while protecting Americans' privacy and addressing other ethical concerns.Read more of this story at Slashdot.

An anonymous reader quotes a report from VICE News: California has unleashed an army of goats to munch away at overgrown brush and grass throughout the state in hopes of reducing the risk of wildfires this summer. State agencies have deployed the animals to roam, eat, and wipe out highly flammable vegetation. Recently, in an area near Lake Oroville in Northern California, between 350 and 400 goats cleared nearly five acres of land. And on Sunday, 1,500 goats are scheduled to begin clearing 34 more acres in the area -- by eating everything from invasive species to poison oak to thistle. The animals have also been contracted out to different cities around the state concerned about wildfires, including Anaheim, Oakland, and Los Angeles. The initiative is part of the state's "Fuel Load Management Plan," started in 2012, which is aimed at reducing large patches of overgrowth throughout the state -- a major source of fuel to wildfire spread. Originally, the state used boots-on-the-ground crews of people armed with chainsaws and wood chippers to clear brush. But California has decided that in some areas, it's goats, not humans, that can help the most. "They eat everything," Kryssy Mache, an environmental scientist at the California Department of Water Resources, told VICE News. And they can also reach up to five feet in the air to nibble tree branches. "It's just another cool concept that we're using. It's not just humans going out and making the difference -- we can also use goats." But the goats are usually just Phase One. In the fall, human crews will come in and trim up area that goats cleared to ensure it remains less vulnerable to fire, according to the DWR.Read more of this story at Slashdot.

In the longest biological experiment on the International Space Station yet, freeze-dried mouse sperm remained viable after nearly six years in space. Exposure to space radiation didn't seem to harm the sperm's DNA or the cells' ability to produce healthy "space pups," researchers report in Science Advances. Science News reports: That may be good news for future spacefarers. Scientists have worried that chronic exposure to space radiation might not only put astronauts at risk for cancer and other diseases, but also create mutations in their DNA that could be passed down to future generations. The new results hint that deep-space travelers could safely bear children. Studying how space radiation affects reproduction is tricky. Instruments on Earth can't perfectly mimic space radiation, and the ISS lacks freezers for long-term cell storage. So biologist Teruhiko Wakayama of the University of Yamanashi in Kofu, Japan and colleagues freeze-dried sperm, allowing it to be stored at room temperature. The team then sent sperm from 12 mice to the space station, while keeping other sperm from the same mice on the ground. After returning the sperm cells to Earth, rehydrating them and injecting them into fresh mouse eggs, the team transferred those embryos to female mice. About 240 healthy space pups were born from sperm kept on the ISS for nearly three years; about 170 others were born from sperm kept on the space station for nearly six years. Genetic analyses revealed no differences between these space pups and mice born from sperm stored on the ground. Space pups that mated as adults had healthy children and grandchildren.Read more of this story at Slashdot.

A total of 15 potential sites are in the running to host the UK's first prototype fusion power plant. The BBC reports: Fusion is seen as a potential source of almost limitless clean energy but is currently only used in experiments. An open call for sites was made last year and nominations closed at the end of March this year. Following checks for compliance with key entry criteria the UK Atomic Energy Agency (UKAEA) has published a long list of possible locations. The sites, from north to south, with nominating body, are: Dounreay, East Airdrie, Poneil, Ardeer, Chapelcross, Moorside, Bay Fusion, Goole, West Burton, Ratcliffe on Soar, Pembroke, Severn Edge, Aberthaw, Bridgwater Bay, and Bradwell (Essex). The UKAEA said that acceptance of the sites did not indicate that they were "preferred or desired" or that it believed they were "in all cases, possible." It stressed it was simply that the procedural entry criteria had been met and assessment had now begun. It said a shortlisting process would take place in the autumn with a final site decision likely by the end of next year. UKAEA is hoping to have such a plant operating in the early 2040s, with an initial concept design ready by 2024."Read more of this story at Slashdot.

A federal judge granted a preliminary order blocking New York state from enforcing a law that requires internet service providers to offer high-speed broadband service to low-income customers at a discount. From a report: U.S. District Judge Denis Hurley in Central Islip, New York, sided with telecom industry groups representing AT&T and Verizon, which sued to block the law. The legislation was enacted in April as part of the state's 2022 budget.Read more of this story at Slashdot.

Florida's fired Department of Health data manager Rebekah Jones has been "permanently suspended" from Twitter, "for violations of the Twitter Rules on spam and platform manipulation," a Twitter spokesperson tells Slashdot. Florida's Sun-Sentinel reports:Jones, a former Department of Health data manager fired for alleged insubordination, emerged as a political lightning rod as COVID-19 cases spiked in Florida last year. Supporters see her as a whistleblower speaking truth to power and exposing an effort by the state to paint a rosier picture of the pandemic. Her detractors say she has peddled disinformation for her own financial benefit, unfairly casting doubt on the reliability of Florida's COVID-19 statistics... Jones helped to build the state's online coronavirus dashboard in the early days of the pandemic. In May 2020, she was fired from her post at the Florida Department of Health, where she was manager of Geographic Information Systems. Jones said her bosses pressured her to manipulate statistics to justify reopening the state amid lockdown. In an article Monday Forbes investigated "the curious case of Rebekah Jones' suspension," citing a researcher who specializes in Twitter fraud:There was clearly a concentrated surge in new follower activity... What is not known is whether Rebekah Jones purchased the followers herself, or whether it was a false-flag campaign meant to discredit her (someone else purchased the followers and directed them at her account to make it appear she broke Twitter's rules). Nearly 21,000 followers were added in a short amount of time... Following up with Twitter's spokesperson, Slashdot asked them about Forbes' theory, and whether they had evidence that Jones herself (and not one of her detractors) had perpetrated the surge in follower activity. Twitter's response? "We have nothing further to add beyond what I shared." Jones had already attained more than 400,000 followers, reports the Washington Post. But they also note that her suspension is now being celebrated on Twitter by Florida governor DeSantis's press secretary, "who was hired after she wrote an article calling Jones's claims 'a big lie.'"DeSantis's office also pointed to an April Twitter thread from a prominent disinformation researcher alleging that an app has surreptitiously directed thousands of users to follow a number of accounts, including Jones's. Jones responded to the researcher, according to a screenshot, with a tweet saying: "This is insane." "I've never heard of this app," she wrote. Jones has since opened a new account on Instagram named "insubordinatescientist".Read more of this story at Slashdot.

The number of active phishing sites hit a record number earlier this year in January, according to an industry report published this week by the Anti-Phishing Working Group (APWG). The Record reports: A total of 245,771 phishing sites were detected in January. The number represents the unique base URLs of phishing sites found and reported by APWG members. The APWG is an industry coalition made up of more than 2,200 organizations from the cyber-security industry, government, law enforcement, and NGOs sector, which includes some big names such as Microsoft, Facebook, PayPal, ICANN, AT&T, Comcast, Digicert, Cloudflare, Cisco, Salesforce, RSA, Verisign, ESET, McAfee, Avast, Symantec, Trend Micro, PhishLabs, Agari, Cofense, and many others. APWG experts noted that while the number of phishing sites declined in February, the next month, in March, the number of phishing sites jumped above 200,000 again, amounting to the fourth-worst month in APWG's reporting history. The industry vertical most targeted in phishing attacks in Q1 remained the financial sector, which saw almost a quarter of all phishing attempts. Second was social media, with cybercrime groups attempting to hijack social media accounts to resell online on specialized marketplaces, according to the APWG report (PDF). Furthermore, around 83% of all phishing sites seen in Q1 2020 were also hosted on an HTTP-based connection. This finding reinforces a piece of well-known cybersecurity advice that if a website is loaded via HTTPS, it doesn't mean it's secure, but merely that its traffic can't be easily intercepted.Read more of this story at Slashdot.

In a blog post this morning, Google announced plans to increase its update cadence for Chromebooks. Like Chrome, its operating system will now also follow a four-week Stable channel before moving to the next major milestone release. Android Police reports: Google will deliver fresh features more rapidly to Chromebooks starting with Chrome OS 96 -- all while keeping it stable, secure, and speedy. To adapt to the rigorous update release schedule, Google will skip Chrome OS 95, which will help it bridge the gap between M94 and Chrome's new four-week rollout strategy. Enterprise and education folks can opt enroll in an Extended Stable option for Chromebooks, which will update every 6 months. In light of the new rollout strategy, Google updated its documentation and pushed an update to its release calendar. The company will share plans about the choices Chrome OS administrators will have for milestone updates "in the coming months."Read more of this story at Slashdot.

During the Epic v. Apple trial, an email chain surfaced that reveals Apple seemingly admitted "it manually boosted the ranking of its own Files app ahead of the competition for 11 entire months," reports The Verge. This comes after two monstrous reports by The Wall Street Journal and The New York Times showed Apple's App Store clearly and consistently ranking its own apps ahead of competitors. Apple claimed it had done nothing wrong. The Verge reports: "We are removing the manual boost and the search results should be more relevant now," wrote Apple app search lead Debankur Naskar, after the company was confronted by Epic Games CEO Tim Sweeney over Apple's Files app showing up first when searching for Dropbox. "Dropbox wasn't even visible on the first page [of search results]," Sweeney wrote. As you'll see, Naskar suggested that Files had been intentionally boosted for that exact search result during the "last WWDC." That would have been WWDC 2017, nearly a year earlier, when the Files apps first debuted. The email chain actually reflects fairly well on Apple overall. Apple's Matt Fischer (VP of the App Store) clearly objects to the idea at first. "[W]ho green lit putting the Files app above Dropbox in organic search results? I didn't know we did that, and I don't think we should," he says. But he does end the conversation with "In the future, I want any similar requests to come to me for review/approval," suggesting that he's not entirely ruling out manual overrides. But Apple tells The Verge that what we think we're seeing in these emails isn't quite accurate. While Apple didn't challenge the idea that Files was unfairly ranked over Dropbox, the company says the reality was a simple mistake: the Files app had a Dropbox integration, so Apple put "Dropbox" into the app's metadata, and it was automatically ranked higher for "Dropbox" searches as a result. I'm slightly skeptical of that explanation -- partially because it doesn't line up with what Naskar suggests in the email, partially because Apple also told me it immediately fixed the error (despite it apparently continuing to exist for 11 months, hardly immediate), and partially because the company repeatedly ignored my questions about whether this has ever happened with other apps before. The most Apple would tell me is that it didn't manually boost Files over competitors, and that "we do not advantage our apps over those of any developer or competitor" as a general rule.Read more of this story at Slashdot.

A third member of a panel of outside advisers to the U.S. Food and Drug Administration has resigned in protest over the agency's decision to approve Biogen's Alzheimer's disease treatment despite the committee's recommendation against doing so. Reuters reports: Aaron Kesselheim, a Professor of Medicine at Harvard Medical School who had served on the FDA's advisory committee for nervous system drugs since 2015, told Reuters on Thursday he was stepping down from the panel. "My rationale was that the FDA needs to re-evaluate how it solicits and uses the advisory committees ... because I didn't think that the firm recommendations from the committee in this case ... were appropriately integrated into the decision-making process," Kesselheim said in an email. He cited FDA's decision to approve Sarepta Therapeutic's drug, eteplirsen, for Duchenne muscular dystrophy in 2016 as another example of the regulator approving a drug against the recommendations of its advisory committee. On Tuesday, a member of the advisory group who voted against the approval, Washington University neurologist Dr. Joel Perlmutter, resigned from the committee, citing the FDA's approval of Aduhelm. Mayo Clinic neurologist Dr. David Knopman said he resigned on Wednesday. The 11-member committee voted nearly unanimously in November that Biogen's drug should not be approved, citing inconclusive evidence that the drug was effective.Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Global regulators have said cryptocurrencies such as bitcoin should come with the toughest bank capital rules to avoid putting the wider financial system at risk should their value collapse suddenly. The Basel Committee on Banking Supervision, which consists of regulators from the world's leading financial centers, is proposing a "new conservative prudential treatment" for crypto-assets that would force banks to put aside enough capital to cover 100% of potential losses. That would be the highest capital requirement of any asset, illustrating that cryptocurrencies and related investments are seen as far more risky and volatile than conventional stocks or bonds. The world's most powerful banking standards setter warned on Thursday that certain crypto-assets had proved to be highly volatile, meaning they could "present risks for banks as exposures increase, including liquidity risk; credit risk; market risk; operational risk (including fraud and cyber risks); money laundering/terrorist financing risk; and legal and reputation risks." However, it said looser rules could apply to stablecoins -- a new form of digital asset usually pegged to the value of a traditional currency -- that may require only a level of capital rules applied to traditional assets such as bonds, loans, deposits, equities or commodities. The committee's proposals, which will now go out for consultation, are meant to help protect the global financial system in case cryptocurrency prices plummet.Read more of this story at Slashdot.

A cross-party group of 24 British members of Parliament wrote to President Joe Biden on Friday asking him to drop all charges against WikiLeaks founder Julian Assange. CNET News adds: Dropping the charges would be "an act that would be a clarion call for freedom that would echo around the globe," they said. Together, the lawmakers pointed out that while Biden was vice president, he played an important role in choosing not to prosecute Assange over WikiLeaks' publication of classified documents relating to the wars in Afghanistan and Iraq, as well as the conditions in Guantanamo Bay. In spite of this, they added, Biden -- who is in the UK attending the G7 summit -- has not chosen to drop the charges brought against Assange during Donald Trump's presidency.Read more of this story at Slashdot.

A Right to Repair bill that would give everyone the information, parts, and tools they need to fix their electronic devices passed in the New York State Senate, the first such bill to pass in the country. Kevin Purdy writes via iFixit: At a virtual session, the Senate approved S4104 by a margin of 51 to 12. Normally the next step would be a vote on an identical bill in the state's Assembly. But Thursday is the last day of session for the NY legislature, and the bill has not yet escaped committee, making a vote by the full Assembly unlikely. The battle for fair repair in New York will continue into next year's session, with a strong record of success. But don't get the wrong idea -- this is big. This shows that Right to Repair has real support when the issue gets an actual vote, despite the efforts of tech manufacturers' lobbyists. Sen. Philip Boyle, a Republican from Bay Shore on Long Island and the bill's original sponsor, said at Thursday's session that the Digital Fair Repair Act both protected consumers from monopolistic companies and curtailed e-waste. Customers can fix their own "smartphones, tablets, and farm equipment," Boyle said. Or, if they have "no technical skills at all, like me," they can turn to local repair shops and reuse programs to avoid simply tossing things out, Boyle said. While time is likely to run out on the Assembly bill, New Yorkers can still tell their representatives to move next year's bill to a vote, and to vote yes. A U.S. PIRG survey found that New Yorkers would save a collective $2.4 billion per year by fixing electronics instead of replacing them. The average family stands to save $330 per year, and help curtail the 655,000 tons of e-waste generated in New York each year.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Amazon and a who's who of online-only retailers are trying to kill proposed federal and state legislation that would make the companies disclose contact information for third-party sellers. The bills would force Amazon and others to verify the identities of third-party sellers and provide consumers with ways to contact the stores. The proposed legislation is pitting brick-and-mortar retailers -- including Home Depot, Walgreens, and JC Penney, which support the bills -- against online retailers like Amazon, Etsy, eBay, Poshmark, and others, which argue that the legislation would harm small sellers. [...] The online retailers argue that the bills would compromise the privacy of third-party sellers. On some platforms, the majority of merchants run their businesses out of their homes. Etsy, for example, says 97 percent of its sellers do. A survey of Amazon sellers found that 70 percent have work outside of their Amazon businesses, suggesting that they, too, run the business from their homes. That anonymity, though, provides cover for fraudsters. It's not uncommon to find counterfeit and potentially harmful items on marketplace sites. In 2018, the Government Accountability Office ordered 47 items, including shoes, travel mugs, cosmetics, and phone chargers, from third-party sellers on "popular consumer websites" and determined that 20 of them were counterfeit. Even non-counterfeit items bought from third-party sellers have been implicated in consumer harm. In April 2018, a 19-month-old in Texas was injured after ingesting a battery that fell out of a loose battery compartment in a third-party Apple TV remote. The parents asked Amazon to stop selling the defective product and requested contact information for Hu Xi Jie, who ran the Amazon store "USA Shopping 7693" that sold the remote. Hu Xi Jie never responded, and Amazon was not able to locate the individual. The parents sued Amazon in Texas state court, arguing that the retailer is liable for the defective product. Amazon, on the other hand, says it serves as a middleman and bears no liability. It's that argument, among others, that has brick-and-mortar retailers pushing for changes. Consumer product laws hold businesses like Target and Home Depot liable for injuries if the stores do not take sufficient measures to keep defective products from reaching consumers. Online marketplaces haven't been subject to those rules since they don't control third-party sellers.Read more of this story at Slashdot.

Prosecutors in the Trump administration Justice Department subpoenaed Apple for data from the accounts of House Intelligence Committee Democrats -- including Chairman Adam Schiff -- along with their staff and family members as part of a leak investigation, an Intelligence Committee official and a source familiar with the matter confirmed to CNN. From a report: Rep. Eric Swalwell of California, another Democrat on the committee, told CNN's Don Lemon on Thursday evening that he was notified that his data had been seized as part of the probe as well. The prosecutors, the New York Times first reported, were looking for the sources behind news stories about contacts between Russia and Trump associates. The leak hunt began with the FBI sending a subpoena to Apple in February 2018, which included a gag order, seeking metadata on more than 100 accounts as part of an investigation into the disclosure of classified information, the person familiar with the matter said. The gag order was renewed three times before it expired this year and Apple notified the customers. The House Intelligence Committee determined that along with members of the panel and staff, the dragnet collected the records of family members, including at least one minor, the person said. Records seized included those from staff members who had nothing to do with issues related to Russia or former FBI Director James Comey, including Schiff's personal office staff, a House Intelligence Committee source told CNN. Democratic committee leadership is relying on self-reporting to know who has been impacted at this point -- both members and staff, the source said. Swalwell confirmed to CNN that records of family members and a minor had been obtained.Read more of this story at Slashdot.

Apple is finally adding support for Windows Precision Touchpad drivers in its latest Boot Camp update. The new 6.1.15 update includes support for Windows Precision Touchpad, including single tap to click, lower-right corner to right-click, down motion to scroll up, and three or four finger gestures. From a report: Various Reddit users noticed the surprise update went live yesterday, and it apparently works better than third-party solutions like Trackpad++ and mac-precision-touchpad that people have had to use for years. "Works way better than both of them with better palm and thumb detection too," says one Reddit user. Microsoft first started introducing Windows Precision Touchpad with Intel in 2013, in an effort to fix what were notorious PC trackpad issues at the time. It has taken Apple a long time to enable Windows Precision Touchpad in Boot Camp, but not every MacBook is supported. An Apple support document notes that only Mac computers with a T2 chip will be able to access Windows Precision Touchpad, which is most MacBook Air and MacBook Pro models from 2018 onward.Read more of this story at Slashdot.

Apple has begun testing passkeys, a new authentication technology it says are as easy to use as passwords but vastly more secure. Part of iCloud Keychains, a test version of the technology will come with iPhones, iPads and Macs later this year. From a report: To set up an account on a website or app using a passkey, you first choose a username for the new account, then use FaceID or Touch ID to confirm that it's really you who's using the device. You don't ever pick a password. Your device handles generation and storage of the passkey, which iCloud Keychain synchronizes across all your Apple devices. To use the passkey for authentication later, you'll be prompted to confirm your username and verify yourself with FaceID or Touch ID. Developers must update their login procedures to support passkeys, but it's an adaptation of the existing WebAuthn technology. "Because it's just a single tap to sign in, it's simultaneously easier, faster and more secure than almost all common forms of authentication today," Garrett Davidson, an Apple authentication experience engineer, said Wednesday at the company's annual WWDC developer conference.Read more of this story at Slashdot.

Amazon will pay almost $62 million to settle allegations by the U.S. Federal Trade Commission that it avoided handing over the full pay and tips it promised to delivery drivers, according to the agency. From a report: The company is giving back the amount it kept, according to a complaint released earlier this year by the agency, after it told Amazon Flex drivers and customers in 2015 it would pay $18 to $25 hourly plus tips. Instead, beginning the following year, it used tips to supplement lower base pay rates, and tried to hide the changes, according to the FTC.Read more of this story at Slashdot.

Flying taxis moved a step closer to becoming a fixture buzzing across urban skyscapes, as a closely watched effort was unveiled in Los Angeles and startups in the U.K. and Brazil made commercial breakthroughs. From a report: Vertical Aerospace Group, based in Bristol, England, won conditional orders for as many as 1,000 electric aircraft that could total $4 billion from buyers including American Airlines Group and Virgin Atlantic Airways, it said late Thursday. Meanwhile, Brazil's Embraer SA said it's in talks to merge its unit developing electric vertical takeoff and landing aircraft into a public company, sending the stock surging. And in California, startup Archer Aviation showcased its future eVTOL after nabbing a $20 million investment from United Airlines Holdings. The carrier plans to buy as many as 200 of the aircraft, dubbed Maker. While none are certified for commercial use, approvals for electric flying taxis could come as early as 2024, according to Europe's top aviation regulator. Airlines are placing orders because they see the potential to develop a new business tied to local transport, as their main activity shuttling people on longer trips comes under pressure over carbon emissions and the impact of the Covid-19 pandemic.Read more of this story at Slashdot.

Google's experiment to hide parts of a site's URL in the Chrome address bar (the Omnibox) has failed and has been removed from the browser earlier this week. From a report: The experiment ran from June 2020 to June 2021. It consisted of a series of options that Google added to the chrome://flags options page that, when enabled, only showed the main domain name of a site (therecord.media) instead of the full page URL (therecord.media/category/article/title).Read more of this story at Slashdot.

McDonald's said hackers stole some data from its systems in markets including the U.S., South Korea and Taiwan, in another example of cybercriminals infiltrating high-profile global companies. From a report: The burger chain said Friday that it recently hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which the unauthorized access was cut off a week after it was identified, McDonald's said. The investigators discovered that company data had been breached in markets including the U.S., South Korea and Taiwan, the company said. In a message to U.S. employees, McDonald's said the breach disclosed some business contact information for U.S. employees and franchisees, along with some information about restaurants such as seating capacity and the square footage of play areas. The company said no customer data was breached in the U.S., and that the employee data exposed wasn't sensitive or personal. The company advised employees and franchisees to watch for phishing emails and to use discretion when asked for information. McDonald's said attackers stole customer emails, phone numbers and addresses for delivery customers in South Korea and Taiwan. In Taiwan, hackers also stole employee information including names and contact information, McDonald's said. The company said the number of files exposed was small without disclosing the number of people affected. The breach didn't include customer payment information, McDonald's said.Read more of this story at Slashdot.

The group of hackers that stole a wealth of data from game publishing giant Electronic Arts broke into the company in part by tricking an employee over Slack to provide a login token, Motherboard reported Friday. From the report: The group stole the source code for FIFA 21 and related matchmaking tools, as well as the source code for the Frostbite engine that powers games like Battlefield and other internal game development tools. In all, the hackers claim they have 780GB of data, and are advertising it for sale on various underground forums. EA previously confirmed the data impacted in the breach to Motherboard. A representative for the hackers told Motherboard in an online chat that the process started by purchasing stolen cookies being sold online for $10, and using those to gain access to a Slack channel used by EA. In this case, the hackers were able to get into EA's Slack using the stolen cookie. "Once inside the chat we messaged a IT Support members we explain to them we lost our phone at a party last night," the representative said.Read more of this story at Slashdot.

Volkswagen says more than 3.3 million customers had their information exposed after one of its vendors left a cache of customer data unsecured on the internet. From a report: The car maker said in a letter that the vendor, used by Volkswagen, its subsidiary Audi, and authorized dealers in the U.S. and Canada, left the customer data spanning 2014 to 2019 unprotected over a two-year window between August 2019 and May 2021. The data, which Volkswagen said was gathered for sales and marketing, contained personal information about customers and prospective buyers, including their name, postal and email addresses, and phone number. But more than 90,000 customers across the U.S. and Canada also had more sensitive data exposed, including information relating to loan eligibility. The letter said most of the sensitive data was driver's license numbers, but that a "small" number of records also included a customer's date of birth and Social Security numbers.Read more of this story at Slashdot.

An anonymous reader quotes a report from CBS News: The majority of online recruitment in active sex trafficking cases in the U.S. last year took place on Facebook, according to the Human Trafficking Institute's 2020 Federal Human Trafficking Report. "The internet has become the dominant tool that traffickers use to recruit victims, and they often recruit them on a number of very common social networking websites," Human Trafficking Institute CEO Victor Boutros said on CBSN Wednesday. "Facebook overwhelmingly is used by traffickers to recruit victims in active sex trafficking cases." In 2020 in the U.S., 59% of online recruitment of identified victims in active cases took place on Facebook alone. The report also states that 65% of identified child sex trafficking victims recruited on social media were recruited through Facebook. The tech giant responded to the report's findings in a statement to CBS News: "Sex trafficking and child exploitation are abhorrent and we don't allow them on Facebook. We have policies and technology to prevent these types of abuses and take down any content that violates our rules."Read more of this story at Slashdot.