Slashdot

This week ZDNet dedicated an article to "the most popular Fedora Linux in years."Red Hat's community Linux distribution Fedora has always been popular with open-source and Linux developers, but this latest release, Fedora 34 seems to be something special. As Matthew Miller, Fedora Project Leader, tweeted, "The beta for F34 was one of the most popular ever, with twice as many systems showing up in my stats as typical." Why? Nick Gerace, a Rancher software engineer, thinks it's because "I've never seen the project in a better state, and I think GNOME 40 is a large motivator as well. Probably a combination of each, from anecdotal evidence." He's onto something. When Canonical released Ubuntu 21.04 a few days earlier, their developers opted to stay with the tried and true GNOME 39 desktop. Fedora's people decided to go with GNOME 40 for their default desktop even though it's a radical update to the GNOME interface. Besides boasting a new look, GNOME 40 is based on the new GTK 4.0 graphical toolkit. Under the pretty new exterior, this update also fixed numerous issues and smoothed out many rough spots. If you'd rather have another desktop, you can also get Fedora 34 with the newest KDE Plasma Desktop, Xfce 4.16, Cinnamon, etc. You name your favorite Linux desktop interface, Fedora will almost certainly deliver it to you... Another feature I like is that, since Fedora 33, the default file system is Btrfs. I find it faster and more responsive than ext4, perhaps the most popular Linux desktop file system. What's different this time around is that it now defaults to using Btrfs transparent compression. Besides saving significant storage space — typically from 20 to 40% — Red Hat also claims this increases the lifespan of SSDs and other flash media. Although the article does point out that most users will never reach the end of that SSD lifespan (approximately ten years of normal use), it suggests that "developers, who might for example compile Linux kernels every day, might reach that point before a PC's usual end of useful life." In a possibly related note, Linus Torvalds said this week in a new interview that "I use Fedora on all my machines, not because it's necessarily 'preferred', but because it's what I'm used to. I don't care deeply about the distribution — to me it's mainly a way to get Linux installed on a machine and get all my tools set up, so that I can then replace the kernel and work on just that."Read more of this story at Slashdot.

Long-time Slashdot reader theodp writes: The announcement Monday that Apple Inc. would locate its new high-tech campus in Research Triangle Park," reports The News&Observer's Tyler Dukes, "was heralded as a coup for the state, which has pursued the company and the promise of its high-paying jobs for at least three years. But that victory comes at a cost. State and local incentives for the deal could be worth nearly $1 billion to the company over the next four decades. That award, by far the largest in the state's history, will mostly come from new Apple employees' state income tax payments — the vast majority of which will flow right back to Apple.... "The JDIG award approved by the state's Economic Investment Committee Monday morning would mean $845.8 million in payments to Apple through 2061 — provided the company meets its hiring, worker-retention and investment targets. These payments are recouped from the income taxes Apple's new employees would normally pay to the state. Starting in 2023, the state will start issuing payments to Apple worth a little more than half of those employees' annual tax payments. In 2032, if all goes as planned, that percentage increases to 90%." Apple, whose market cap on Monday was $2.26 trillion, isn't exactly hurting for money...Read more of this story at Slashdot.

The Boston Globe published some thoughts from a professor of political science at Fordham University:A bipartisan group of senators, including Elizabeth Warren of Massachusetts and Sheldon Whitehouse of Rhode Island, are backing a bill called the College Transparency Act. It would require public and private colleges around the country to report how many students enroll, transfer, drop out, and complete various programs. Then that information would be combined with inputs from other federal agencies, including the Internal Revenue Service, so that the "labor market outcomes" of former students could be tracked. In other words, the act would create a system that publicizes how much money students make, on average, after going through particular colleges, programs, and majors. According to Senator Whitehouse, "Choosing a college is a big decision, and yet too often families can't get the information to make apples-to-apples comparisons of the costs and benefits of attending different schools." The purpose of the College Transparency Act is to allow people to make these comparisons. Its other sponsors are Republicans Bill Cassidy of Louisiana and Tim Scott of South Carolina. Unfortunately, the College Transparency Act could reshape how students, families, policymakers, and the public view the purposes of higher education. To be sure, privileged students will still be able to pursue their academic passions, but many students will be channeled into paths with a higher payoff upon graduation. Many students who might want to explore geography, philosophy, or the fine arts will be advised to stay away from such majors that do not appear lucrative... The system would publicize only some outputs of college — especially how much money students make — and not, for instance, surveys of graduates' satisfaction. This would have the effect of nudging students and families into viewing college as being primarily about making money... If students learn to read complex texts and write research papers, practice public speaking, find a mentor, and make friends, then they often do well after college regardless of major.Read more of this story at Slashdot.

Newsweek writes:Elon Musk has hit back at a critic who claimed he pumped and dumped Bitcoin to "make a fortune" after Tesla reported first quarter earnings that surpassed market expectations... The company appears to have sold 10 percent of its Bitcoin portfolio in the first quarter, which it said had a "positive impact" of $101 million on revenues. On Monday, Dave Portnoy, founder of Barstool Sports, called out Musk, CEO of Tesla, on the Bitcoin sale. He tweeted: "So am I understanding this correctly? Elon Musk buys Bitcoin. Then he pumps it. It goes up. Then he dumps it and makes a fortune." Musk replied: "No, you do not. I have not sold any of my Bitcoin. Tesla sold 10 percent of its holdings essentially to prove liquidity of Bitcoin as an alternative to holding cash on balance sheet." In a transcript of the Q1 2021 earnings call posted by the Motley Fool, Tesla CFO Zachary Kirkhorn said the company intends to hold its Bitcoin investment long-term and called it "a good place to place some of our cash that's not immediately being used for daily operations". Bitcoin was worth roughly $40,000 in early February at the time Tesla's $1.5 billion investment was reported.Read more of this story at Slashdot.

"Always the innovator, Elon Musk is crowdsourcing ideas for his upcoming Saturday Night Live appearance," writes USA Today. SFGate reports:Both Musk fans and critics weighed in, with the tweet drawing over 4,500 quote tweets at time of publication (and 113,000-plus likes from his devotees). One of the top responses skewered his recent move to Texas. "How about a skit where a selfish billionaire has a tantrum and makes a showy to-do about moving his factory to another state, but that new state is so dysfunctional it has a third-world power grid and runs out of electricity to run his factories and cars? That would be hilarious...." As a result of his controversial image, "SNL" announced that cast members will not be required to act alongside him if it makes them uncomfortable. No cast member has publicly decline to perform yet, but cast member Chris Redd did jump into the Twitter fray to correct Musk on his use of the word "skit." Page Six describes more of the suggestions from Twitter:Some commenters suggested ideas, including, "Extraterrestrials found your Tesla Roadster sent to space in 2018 & are trying to figure out what it is," "You play Chris Hansen on "To Catch a PP loan" with Ross Gerber," and, "Something about how it is all a simulation," while many of the responses to Musk's tweets were real zingers. "You meeting with SNL writers using the same motivational techniques you use with $TSLA engineers. Elon: I need this done tomorrow or you're fired. SNL Writer: In your dreams a-hole," one user responded.Read more of this story at Slashdot.

This week the New York Times published their online investigation into the seamy world of the professional slander industry. (Alternate URL.) At first glance, the websites appear amateurish. They have names like BadGirlReports.date, BustedCheaters.com and WorstHomeWrecker.com. Photos are badly cropped. Grammar and spelling are afterthoughts. They are clunky and text-heavy, as if they're intended to be read by machines, not humans. But do not underestimate their power... One woman in Ohio was the subject of so many negative posts that Bing declared in bold at the top of her search results that she "is a liar and a cheater" — the same way it states that Barack Obama was the 44th president of the United States. For roughly 500 of the 6,000 people we searched for, Google suggested adding the phrase "cheater" to a search of their names. The unverified claims are on obscure, ridiculous-looking sites, but search engines give them a veneer of credibility. Posts from Cheaterboard.com appear in Google results alongside Facebook pages and LinkedIn profiles.... That would be bad enough for people whose reputations have been savaged. But the problem is all the worse because it's so hard to fix. And that is largely because of the secret, symbiotic relationship between those facilitating slander and those getting paid to remove it. Who, exactly? The Times spoke to: Cyrus Sullivan, the Portland-based owner of one site who also runs a reputation-management service "to help people get 'undesirable information' about themselves removed from their search engine results. The 'gold package' cost $699.99. For those customers, Mr. Sullivan would alter the computer code underlying the offending posts, instructing search engines to ignore them...." 247Removal's owner Heidi Glosser, who "charges $750 or more per post removal, which adds up to thousands of dollars for most of her clients. To get posts removed, she said, she often pays an 'administrative fee' to the gripe site's webmaster. We asked her whether this was extortion. 'I can't really give you a direct answer,' she said." She appeared to have links to...Web developer Vikram Parmar, who seemed to be running several sites that produced slander while also simultaneously running sites that made money by removing that slander.But finally, the Times reminded their readers that "in certain circumstances, Google will remove harmful content from individuals' search results, including links to 'sites with exploitative removal practices.' If a site charges to remove posts, you can ask Google not to list it. "Google didn't advertise this policy widely, and few victims of online slander seem aware that it's an option. That's in part because when you Google ways to clean up your search results, Google's solution is buried under ads for reputation-management services..."Read more of this story at Slashdot.

An anonymous reader quotes Inside.com's developer newsletter:GitHub is blocking Google's new third-party cookie tracking alternative, Federated Learning of Cohorts (FLoC), across all of GitHub Pages. Those GitHub Pages served from the github.io domain will now come with a Permissions-Policy: interest-cohort=() header set, although Pages sites with custom domains will not. Several big names have also spoken out against the new alternative and implemented similar moves. WordPress is proposing automatically blocking FLoC by default on its websites, dubbing it a security risk. However, WordPress says it may add a setting that will enable admins to control whether FLoC is allowed. Firefox, Brave, and Vivaldi have also issued similar moves... One web developer recently published a guide showing others how to opt their site out of Google's FLoC Network. Developer Paramdeo Singh shows you how to ensure your web server doesn't participate in the network by adding a custom HTTP response header to web and proxy server configurations.Read more of this story at Slashdot.

Analyst firm SlashData surveyed over 19,000 respondents from 155 countries for its "State of the Developer Nation" survey — and now estimates that there's 24.3 million active developers worldwide. TechRadar reports:The report pegs JavaScript as the most popular language that, together with variants including TypeScript and CoffeeScript, is used by almost 14 million developers around the world. Based on SlashData's observations over the past several years, more than 4.5 million JavaScript developers have joined the ranks between Q4 2017 and Q1 2021. This is the highest growth in terms of absolute numbers across all programming languages... Next up is Python with just over 10 million users, followed by Java with 9.4 million, and C/C++ with 7.3 million. The report notes that Python added 1.6 million new developers in the past year, recording a growth rate of 20%. From ZDNet:SlashData estimates the next three largest developer communities are using C/C++ (7.3 million), Microsoft's C# (6.5 million), and PHP (6.3 million). Other large groups of developers are fans of Kotlin, Swift, Go, Ruby, Objective C, Rust and Lua... SlashData, however, notes that Rust and Lua were the two fastest growing programming language communities in the past 12 months, albeit from a lower base than Python. And Visual Studio magazine couldn't resist emphasizing that C# "has ticked up a notch in popularity, overtaking PHP for No. 5 on that ranking...""C# lost three places in the rankings of language communities between Q3 2019 and Q3 2020, but it regained its lead over PHP in the past six months after adding half a million developers," the report states... "C# is traditionally popular within the desktop developer community, but it's also the most broadly used language among AR/VR and game developers, largely due to the widespread adoption of the Unity game engine in these areas..." It was a different story one year ago, when the 18th edition of the report said: "C# lost about 1M developers during 2019... [I]t seems to be losing its edge in desktop development — possibly due to the emergence of cross-platform tools based on web technologies." The language might see more desktop development inroads as new initiatives from Microsoft such as Blazor Desktop (one of those "cross-platform tools based on web technologies") and .NET MAUI provide a wide array of desktop approaches.Read more of this story at Slashdot.

Four astronauts in a SpaceX Dragon capsule successfully splashed down into the Gulf of Mexico this morning at 2:57 a.m. ET — returning from the International Space Station in the first U.S. crew splashdown in darkness since the Apollo 8 moonshot in 1968. Phys.org reports:It was an express trip home, lasting just 6 1/2 hours... "We welcome you back to planet Earth and thanks for flying SpaceX," SpaceX's Mission Control radioed moments after splashdown. "For those of you enrolled in our frequent flyer program, you've earned 68 million miles on this voyage...." The 167-day mission was the longest for a crew capsule launching from the U.S. The previous record of 84 days was set by NASA's final Skylab station astronauts in 1974. Saturday night's undocking left seven people at the space station, four of whom arrived a week ago via SpaceX... Once finished with their medical checks on the ship, the astronauts planned to hop on a helicopter for the short flight to shore, then catch a plane straight to Houston for a reunion with their families. "It's not very often you get to wake up on the space station and go to sleep in Houston," chief flight director Holly Ridings told reporters. The astronauts' capsule, Resilience, will head back to Cape Canaveral for refurbishment for SpaceX's first private crew mission in September... A tech billionaire has purchased the entire three-day flight, which will orbit 75 miles (120 kilometers) above the space station. He'll fly with a pair of contest winners and a physician assistant from St. Jude Children's Research Hospital, his designated charity for the mission. SpaceX's next astronaut launch for NASA will follow in October.Read more of this story at Slashdot.

Friday the Free Software Foundation awarded their coveted "Respects Your Freedom" (RYF) certification to another new product: the Free Software Wireless-N Mini Router v3 (TPE-R1300) from ThinkPenguin, Inc. Just 45 products currently hold the FSF's certification "that these products meet the FSF's standards in regard to users' freedom, control over the product, and privacy." (That is to say, they run on 100% free software, allow the installation of modified software, and are free from DRM, spyware and tracking.) The FSF writes:As with previous routers from ThinkPenguin, the Free Software Wireless-N Mini Router v3 ships with an FSF-endorsed fully free embedded GNU/Linux distribution called libreCMC. It also comes with a custom flavor of the U-Boot boot loader, assembled by Robert Call, who is the maintainer of libreCMC and a former FSF intern. The router enables users to run multiple devices on a network through a VPN service, helping to simplify the process of keeping their communications secure and private. While ThinkPenguin offers a VPN service, users are not required to purchase a subscription to their service in order to use the router, and the device comes with detailed instructions on how to use the router with a wide variety of VPN providers... "ThinkPenguin once again demonstrates a long-standing commitment to protecting the rights of their users. With the latest iteration of the Wireless-N Mini Router, users know that they'll have up to date hardware they can trust for years to come," said the FSF's licensing and compliance manager, Donald Robertson, III. Phoronix points its readers to the device's page at ThinkPenguin.com "should you be looking to build out your wireless network using the decade old 802.11n standard."Read more of this story at Slashdot.

Linus Torvalds gave a long new email interview to Jeremy Andrews, founding partner/CEO of Tag1 (a global technology consulting firm and the second all-time leading contributor to Drupal). Torvalds discusses everything from the creation of Git, licenses, Apple's ARM64 chips, and Rust drivers, to his own Fedora-based home work environment — and how proud he is of the pathname lookup in Linux's virtual filesystem. ("Nothing else out there comes even close.") But with all that, early on Torvalds also reflects that Linux began as a personal project at the age of 21, "not out of some big dream to create a new operating system." Instead it "literally grew kind of haphazardly from me initially just trying to learn the in-and-outs of my new PC hardware. "So when I released the very first version, it was really more of a 'look at what I did', and sure, I was hoping that others would find it interesting, but it wasn't a real serious and usable OS. It was more of a proof of concept, and just a personal project I had worked on for several months at that time..." This year, in August, Linux will celebrate its 30th anniversary! That's amazing, congratulations! At what point during this journey did you realize what you'd done, that Linux was so much more than "just a hobby"? Linus Torvalds: This may sound a bit ridiculous, but that actually happened very early. Already by late '91 (and certainly by early '92) Linux had already become much bigger than I had expected. And yeah, considering that by that point, there were probably just a few hundred users (and even "users" may be too strong — people were tinkering with it), it probably sounds odd considering how Linux then later ended up growing much bigger. But in many ways for me personally, the big inflection point was when I realized that other people are actually using it, and interested in it, and it started to have a life of its own. People started sending patches, and the system was actually starting to do much more than I had initially really envisioned.... That "anybody can maintain their own version" worried some people about the GPLv2, but I really think it's a strength, not a weakness. Somewhat unintuitively, I think it's actually what has caused Linux to avoid fragmenting: everybody can make their own fork of the project, and that's OK. In fact, that was one of the core design principles of "Git" — every clone of the repository is its own little fork, and people (and companies) forking off their own version is how all development really gets done. So forking isn't a problem, as long as you can then merge back the good parts. And that's where the GPLv2 comes in. The right to fork and do your own thing is important, but the other side of the coin is equally important — the right to then always join back together when a fork was shown to be successful... I very much don't regret the choice of license, because I really do think the GPLv2 is a huge part of why Linux has been successful. Money really isn't that great of a motivator. It doesn't pull people together. Having a common project, and really feeling that you really can be a full partner in that project, that motivates people, I think.Read more of this story at Slashdot.

Last week came the news that Dan Kaminsky, security researcher (and popular speaker at security conferences), had passed away at the age of 42. In a half hour the DEF CON security convention will hold a special online memorial for Dan Kaminsky on Discord. But interestingly, Kaminsky was also one of ICANN's "Trusted Community Representatives," part of a small community involved in a ceremonial root key generation, backup and signing process. (Since 2010 Kaminsky was one of the seven "Recovery Key Share Holders" entrusted with a fragment of a cryptographic key and reporting in for its annual inventory.) So who will take Dan's place? Slashdot contacted ICANN's vice president of IANA Services, Kim Davies. His response? We maintain an open invitation for volunteers who believe they are qualified, and review those volunteers when a vacancy arises. The selection process is documented, but in essence means we try to maintain a balance of skills and geographic location so that in the aggregate the TCRs are diverse. The selection is not in chronological order, and will not necessarily result in selecting someone who most matches Dan's attributes. Ultimately the replacement will be a volunteer that the evaluation panel feels best contrasts and complements the attributes of the remaining TCRs. Davies also shared this remembrance of Dan Kaminsky:He played a critical role in the evolution of the DNS by bringing attention to the practical cache poisoning vulnerability he discovered. He was a greater collaborator who worked closely with us to rapidly address the issue in critical infrastructure, and then worked to promote technologies like DNSSEC that can mitigate it effectively in the long term. He really provided a significant catalyst that resulted in DNSSEC being put into widespread production in 2010. His service as a Trusted Community Representative was just a part of his commitment to these issues, and while his work on the DNS is perhaps his most famous contribution, he has an amazing resume of accomplishments throughout his career. Personally I found him a delight to work with and we are deeply mourning the loss. Of course, there's another way to follow in Dan's footsteps. Long-time Slashdot reader destinyland writes:Jeff Moss, founder of DEF CON and Black Hat, has proposed nominating Kaminsky for the Internet Hall of Fame, or even creating a Kaminsky award to honor "the core ideals" of the security researcher. But there's another complementary direction to go in... Black Hat board member Matt Devost tweeted last weekend that, "No one that knew Dan Kaminsky well is talking about DNS today. They are talking about kindness, boundless energy and positivity, spontaneous adventures, and how hard he worked to lift others up. Want to emulate one of the greatest hackers of all time? Let that be your guide." And last week a self-described hacker named Dr. Russ even tweeted, "In an effort to honor Dan Kaminsky's character and legacy, we should all make a random act of Kaminsky weekly. Make it a point to be kind and helpful to someone, friend or stranger. Legit helpful and kind, take it over the finish line. Be the persistent guide he was. Then do it again." I propose we call that "pulling a Kaminsky." Presumably in the way later generations in William Gibson's Count Zero talked of "pulling a Wilson...."Read more of this story at Slashdot.

There was a big announcement this week from Mozilla. They've joined Fastly, Intel, and Microsoft "in announcing the incorporation and expansion of the Bytecode Alliance, a cross-industry partnership to advance a vision for fast, secure, and simplified software development based on WebAssembly."Building software today means grappling with a set of vexing trade-offs. If you want to build something big, it's not realistic to build each component from scratch. But relying on a complex supply chain of components from other parties allows a defect anywhere in that chain to compromise the security and stability of the entire program. Tools like containers can provide some degree of isolation, but they add substantial overhead and are impractical to use at per-supplier granularity. And all of these dynamics entrench the advantages of big companies with the resources to carefully manage and audit their supply chains. Mozilla helped create WebAssembly to allow the Web to grow beyond JavaScript and run more kinds of software at faster speeds. But as it matured, it became clear that WebAssembly's technical properties — particularly memory isolation — also had the potential to transform software development beyond the browser by resolving the tension described above. Several other organizations shared this view, and we came together to launch the Bytecode Alliance as an informal industry partnership in late 2019. As part of this launch, we articulated our shared vision and called for others to join us in bringing it to life... [W]e asked prospective members to be patient and, in parallel with ongoing technical efforts, worked to incorporate the Alliance as a formal 501(c)(6) organization. That process is now complete, and we're thrilled to welcome Arm, DFINITY Foundation, Embark Studios, Google, Shopify, and University of California at San Diego as official members of the Bytecode Alliance. We have a real opportunity to change how software is built, and in doing so, enable small teams to build big things that are both secure and fast. Achieving the elusive trifecta — easy composition, defect isolation, and high performance — requires both the right technology and a coordinated effort across the ecosystem to deploy it in the right way. Mozilla believes that WebAssembly has the right technical ingredients to build a better, more secure Internet, and that the Bytecode Alliance has the vision and momentum to make it happen.Read more of this story at Slashdot.

The Austin-American Statesman reports that Samsung "lost at least $268 million due to damaged products after its semiconductor fabrication plant in Austin was shutdown during the February's Texas freeze, according to the company."Samsung executives said the company's semiconductor business saw profits fall in the first quarter, mainly due to disruptions and product losses caused by the shutdown. Samsung's Austin fab was offline for more than a month after it was shut down due to power outages during the freeze... About 71,000 wafers were affected by production disruptions, said Han Jinman, executive vice-president of Samsung's memory chip business. He estimated the wafer loss is equivalent to $268 million to $357 million. Semiconductor fabs are typically operational 24 hours a day for years on end. Each batch of wafers — a thin slice of semiconductor used for the fabrication of integrated circuits — can take 45 to 60 days to make, so a shutdown of any length can mean a loss of weeks of work. Restoring a fab is also a complicated process, and even in the best of circumstances can take a week... NXP Semiconductors was also among the facilities that were shut down in February, as its two Austin fabrication facilities were offline for nearly a month. In March, the company estimated the shutdown would result in a $100 million loss in revenue and a month of wafer production... Jinman said Samsung is working with the state, municipal government and local utility companies to find solutions to prevent similar shutdowns in the future.Read more of this story at Slashdot.

Something remarkable happened last weekend, according to a climate change newsletter by the Los Angeles Times. California, the world's fifth-largest economy, hit nearly 95% renewable energy. Sort of...There are several caveats. For one thing, Saturday's 94.5% figure — a record, as confirmed to me by the California Independent System Operator — was fleeting, lasting just four seconds. It was specific to the state's main power grid, which covers four-fifths of California but doesn't include Los Angeles, Sacramento and several other regions. It came at a time of year defined by abundant sunshine and relatively cool weather, meaning it's easier for renewable power to do the job traditionally done by fossil fuels. And fossil fuels actually were doing part of the job — more than the 94.5% figure might suggest. California was producing enough clean power to supply nearly 95% of its in-state needs, but it was also burning a bunch of natural gas and exporting electricity to its Western neighbors. It's impossible to say exactly how much of the Golden State's own supply was coming from renewables. That said, what happened on Saturday is definitely a big deal.... The 94.5% record may have been fleeting, but it wasn't some isolated spike. Most of Saturday afternoon, the renewables number topped 90%, with solar and wind farms doing the bulk of the work and geothermal, biomass and hydropower facilities making smaller contributions. Add in the Diablo Canyon nuclear plant — which isn't counted toward California's renewables mandate — and there was enough climate-friendly power at times Saturday to account for more than 100% of the state's electricity needs... The important thing now is making sure the puzzle pieces of the grid fit together on hot summer evenings, like the ones last August when insufficient supplies after sundown led to rolling blackouts.Read more of this story at Slashdot.

"Despite early claims by #Tesla #ElonMusk, Autopilot WAS engaged in tragic crash in The Woodlands," tweeted U.S. Congressman Kevin Brady on Wednesday. (Adding "We need answers.") But maybe it depends on how you define Autopilot. CNN reports:Tesla said Monday that one of Autopilot's features was active during the April 17 crash that killed two men in Spring, Texas.... Lars Moravy, Tesla's vice president of vehicle engineering, said on the company's earnings call Monday that Tesla's adaptive cruise control was engaged and accelerated to 30 mph before the car crashed. Autopilot is a suite of driver assistance features, including traffic-aware cruise control and Autosteer, according to Tesla's website... The North American owner's manuals for the Model 3, Model S and Model X, all describe traffic-aware cruise control as an Autopilot feature. Tesla's revelation may be at odds with the initial description of the crash from its CEO Elon Musk, who said two days after the crash that "data logs recovered so far show Autopilot was not enabled." Alternately, Forbes suggests there may just be some confusion, noting that earnings call included descriptions of tests Tesla performed on one of their own cars after the accident. So when they said adaptive cruise control "only accelerated the car to 30mph [over] the distance before the car crashed," they could just have been referring to their own experiments. (Tesla also points out adaptive cruise control only engages when the driver is buckled — and disengages slowly if they're unbuckled — and after the Texas crash all seat belts were unbuckled.) Why so much confusion? Part of the problem may be, as CNN points out, that Tesla "generally does not engage with the professional news media." But The Drive shares another theory about the crash:A relative of the deceased told a local news station that the owner allegedly "may have hopped in the back seat after backing the car out of the driveway." Moments later, the car crashed when it failed to negotiate a turn at high speed. CNN adds: Bryan Reimer, the associate director of the New England University Transportation Center at MIT, who studies driver assistance systems like Autopilot, said one of the plausible explanations for the crash is that the driver was confused and thought they had activated Autosteer, when only traffic-aware cruise control had been turned on. "The general understanding of Autopilot is that it's one feature, but in reality it is two things bolted together," said Reimer, referring to traffic-aware cruise control and Autosteer. But according to the Washington Post, Tesla also disputes that theory:Tesla executives on Monday claimed a driver was behind the wheel at the time of a fatal crash that killed two in suburban Houston this month, contradicting local authorities who have previously said they were certain no one was in that seat. Tesla made the statement on its earnings call Monday... Lars Moravy, the company's vice president of vehicle engineering, said the steering wheel was "deformed," indicating a driver's presence at the time of the crash... Mark Herman, constable for Harris County Precinct 4, told the station KHOU that police were "100 percent certain that no one was in the driver's seat."Read more of this story at Slashdot.

"There are simply too many points of uncertainty for us to move forward with confidence right now," explains a FAQ addressing this year's cancellation for the annual Burning Man festival. "The physical, psychic, and emotional impacts of this pandemic are real and the recovery from this experience will happen at different rates of speed," organizers said in an announcement. "This is the time to gather with our friends, crews, families and communities..." They also argued that in an abstract sense, "Burning Man is happening right NOW, all around you," urging people to create experiences, opportunities and connection at the local level. (Their suggestions include planning to join a mass "Burn Night" livestreaming event on September 4, or preparing for "Virtual Burning Man" from August 21 to September 5, 2021.) Last year's virtual event drew 165,000 participants, reports NPR, adding that this year's cancellation of a mass real-world gathering "has put many people in the event's host community at ease."Wary of a trend of rising coronavirus cases in some parts of the region, Washoe County's district health officer Kevin Dick said "the right call was made," in order to lower the risk of spreading infection. And SFist also notes the festival's "Invitation to the Future" program "where $2,500 buys you a reservation to buy tickets whenever they do announce the event — but that $2,500 does not get you a ticket.""This is a reservation that will guarantee someone the ability to purchase a regular priced ticket for the next two editions of Black Rock City," the Burning Man Project communications team says in an email to SFist... Per the fine print of this arrangement, there will be only 1,000 of these $2,500 reservations that are essentially tickets to buy tickets... "It's going very well!," Burning Man's communications team tells us. "We're so grateful for our generous community. As of this writing, we have only a few hundred left...." Burning Man has to get creative, and maybe perks for big spenders is an acceptable one-time trade-off to ensure its ongoing solvency. The project has gone nearly two years since its last infusion of direct ticket revenue, and the permits and attorney fees necessary to pull off this event on federal land have not gotten any cheaper despite the pandemic.Read more of this story at Slashdot.

Vice reports:The AI-powered story generator AI Dungeon has come under fire from fans recently for changes to how the development team moderates content. Notably, the player base is worried that the AI Dungeon developers will be reading their porn stories in the game. Separately, a hacker recently revealed vulnerabilities in the game that show that roughly half of the game's content is porn. AI Dungeon is a text based adventure game where, instead of playing through a scenario entirely designed by someone else, the responses to the prompts you type are generated by an AI... This week, AI Dungeon players noticed that more of their stories were being flagged by the content moderation system, and flagged more frequently. Latitude, the developers of AI Dungeon, released a blog post explaining that it had implemented a new algorithm for content moderation specifically to look for content that involves "sexual content involving minors... We did not communicate this test to the Community in advance, which created an environment where users and other members of our larger community, including platform moderators, were caught off guard... Latitude reviews content flagged by the model for the purposes of improving the model, to enforce our policies, and to comply with law." Latitude later clarified in its Discord at what point a human moderator would read private stories on AI Dungeon. It said that if a story appears to be incorrectly flagged, human moderators would stop reading the inputs, but that if a story appeared to be correctly flagged then they "may look at the user's other stories for signs that the user may be using AI Dungeon for prohibited purposes." Latitude CEO Nick Walton told Motherboard that human moderators only look at stories in the "very few cases" that they violate the terms of service... All of this has been compounded by the fact that a security researcher named AetherDevSecOpsjust published a lengthy report on security issues with AI Dungeon on GitHub, which included one that allowed them to look at all the user input data stored in AI Dungeon. About a solid third of stories on AI Dungeon are sexually explicit, and about half are marked as NSFW, AetherDevSecOpsjust estimated.Read more of this story at Slashdot.

According to Bloomberg, Verizon is considering selling AOL and Yahoo -- two once high-flying dot-com brands it purchased in 2015 and 2017, respectively. Bloomberg reports: Verizon Media could fetch as much as $5 billion [...]. The company is talking to Apollo Global Management about a deal, they said. It couldn't immediately be learned how a deal would be structured or if other suitors may emerge. No final decision has been made and Verizon could opt to keep the unit. The move comes as Verizon divests tertiary media assets while ramping up its focus on its wireless business and the the rollout of its 5G service. Last year, it agreed to sell the HuffPost online news service to BuzzFeed Inc. and it unloaded the blogging platform Tumblr in 2019. This divestiture would mark Verizon's final retreat from an expensive foray into online advertising, a strategy that never really took off.Read more of this story at Slashdot.

schwit1 shares a report from Threatpost: Quick-response (QR) codes used by a COVID-19 contact-tracing program were hijacked by a man who simply slapped up scam QR codes on top to redirect users to an anti-vaccination website, according to local police. He now faces two counts of "obstructing operations carried out relative to COVID-19 under the Emergency Management Act," the South Australia Police said in a statement announcing the arrest. His arrest may just be a drop in the bucket: Reports of other anti-vax campaigners doing the same thing abound. Law enforcement added an additional warning to would-be QR code scammers: "Any person found to be tampering or obstructing with business QR codes will likely face arrest and court penalty of up to $10,000." The police said no personal data was breached, but the incident highlights that truly all an attacker needs is a printer and a pack of Avery labels to do real damage. In this case, the QR codes were being used by the South Australian government's official CovidSafe app to access a device's camera, scan the code and collect real-time location data to be used for contact tracing in case of a COVID-19 outbreak, ABC News Australia reported. That's a lot of personal data linked to a single QR code just waiting to be stolen. "In this instance, people who scanned the illegitimate QR code were redirected to a website distributing misinformation from the anti-vaxxer community," Bill Harrod, vice president of public sector at Ivanti, told Threatpost. "While this is concerning, the outcome could have been far more perilous."Read more of this story at Slashdot.

syn3rg shares a report from ZDNet: A Linux backdoor recently discovered by researchers has avoided VirusTotal detection since 2018. Dubbed RotaJakiro, the Linux malware has been described by the Qihoo 360 Netlab team as a backdoor targeting Linux 64-bit systems. RotaJakiro was first detected on March 25 when a Netlab distributed denial-of-service (DDoS) botnet C2 command tracking system, BotMon, flagged a suspicious file. At the time of discovery, there were no malware detections on VirusTotal for the file, despite four samples having been uploaded -- two in 2018, one in 2020, and another in 2021. Netlab researchers say the Linux malware changes its use of encryption to fly under the radar, including ZLIB compression and combinations of AES, XOR, and key rotation during its activities, such as the obfuscation of command-and-control (C2) server communication. At present, the team says that they do not know the malware's "true purpose" beyond a focus on compromising Linux systems. There are 12 functions in total including exfiltrating and stealing data, file and plugin management -- including query/download/delete -- and reporting device information. However, the team cites a "lack of visibility" into the plugins that is preventing a more thorough examination of the malware's overall capabilities. In addition, RotaJakiro will treat root and non-root users on compromised systems differently and will change its persistence methods depending on which accounts exist.Read more of this story at Slashdot.

An anonymous reader quotes a report from PC Gamer: The Oculus Quest 2 is a hell of a lot of hardware for $299. In fact, we're convinced that Facebook is making a loss on each unit sold. Even so, that pricing is one of the main reasons it's the most popular headset on Steam and our pick as the best VR headset. Well, that and the ease of use. [...] The thing is, that price seems too good to be true, with no other manufacturer's VR headset close to the specs list of the Quest 2 -- in either tethered or standalone form -- hitting the same low, low price. That money gets you a robust virtual reality headset with 6GB of RAM, a Qualcomm Snapdragon XR2 CPU, 64GB of storage, 1832x1920 per eye display and a pair of controllers. [...] But there's one factor that could potentially offset that price -- Facebook has access to a whole lot of your data. This is something the Oculus Quest 2 is upfront about: You absolutely need a Facebook account in order to use the device and it does have its data collection policies in black and white. Although what isn't quite so obvious is how much your data is worth to Facebook. At least it isn't without a tiny bit of digging. There is another version of the Quest 2 that isn't as discounted as the consumer version, and that's the one aimed at businesses. The actual hardware is identical, but the difference is you don't need to login in with a Facebook account in order to use it. The price for this model? $799. There's also an annual fee of $180 that kicks in a year after purchase, which covers Oculus' business services and support, but that just muddies the waters a little. The point being, the Quest 2 for business, the headset from which Facebook can't access your data directly, costs $500 more. So that's looking essentially like the value the social media giant attributes to your data, which either seems like a lot or barely anything at all, depending on your stance. The Supplemental Oculus Data Policy outlines what sort of data is actually being collected when you use the Quest 2. Such things as your physical dimension, including your hand size, how big your play area is using the Oculus Guardian system, data on any content you create using the Quest 2, as well as more obvious stuff like your device ID and IP address.Read more of this story at Slashdot.

For at least the third time since the beginning of this year, the U.S. government is investigating a hack against federal agencies that began during the Trump administration but was only recently discovered, according to senior U.S. officials and private sector cyber defenders. Reuters reports: The new government breaches involve a popular virtual private network (VPN) known as Pulse Connect Secure, which hackers were able to break into as customers used it. More than a dozen federal agencies run Pulse Secure on their networks, according to public contract records. An emergency cybersecurity directive last week demanded that agencies scan their systems for related compromises and report back. The results, collected on Friday and analyzed this week, show evidence of potential breaches in at least five federal civilian agencies, said Matt Hartman, a senior official with the U.S. Cybersecurity Infrastructure Security Agency. "This is a combination of traditional espionage with some element of economic theft," said one cybersecurity consultant familiar with the matter. "We've already confirmed data exfiltration across numerous environments." The maker of Pulse Secure, Utah-based software company Ivanti, said it expected to provide a patch to fix the problem by this Monday, two weeks after it was first publicized. Only a "very limited number of customer systems" had been penetrated, it added. Over the last two months, CISA and the FBI have been working with Pulse Secure and victims of the hack to kick out the intruders and uncover other evidence, said another senior U.S. official who declined to be named but is responding to the hacks. The FBI, Justice Department and National Security Agency declined to comment. The U.S. government's investigation into the Pulse Secure activity is still in its early stages, said the senior U.S. official, who added the scope, impact and attribution remain unclear. Security researchers at U.S. cybersecurity firm FireEye and another firm, which declined to be named, say they've watched multiple hacking groups, including an elite team they associate with China, exploiting the new flaw and several others like it since 2019.Read more of this story at Slashdot.

Zoe Roth, the centerpiece of the "Disaster Girl" meme, has made nearly half a million dollars after selling the original copy as a non-fungible token (NFT), the New York Times reports. From a report: The market for ownership rights to digital art and media as NFTs has recently soared in popularity. Roth's photo was taken in 2005 when she was 4 years old. Her family went to go see a controlled fire in their Mebane, North Carolina, neighborhood. Her father entered the picture in a photo contest in 2007 and won, and for the past decade the "image [has been] endlessly repurposed as a vital part of meme canon," the Times writes. Most Americans are not at all familiar with NFTs, though they have become major buzzwords among asset managers and market participants. All NFTs contain a unique segment of digital code as an identifier of authenticity and are stored on the blockchain, a public digital ledger.Read more of this story at Slashdot.

Today, Blue Origin revealed that it will be selling the first tickets for rides on its space tourism rocket called New Shepard. According to CNBC, the first ticket (or tickets?) will go on sale starting next week, on Wednesday, May 5. From the report: Blue Origin did not reveal how much tickets will cost, only saying that more details will come on May 5 to those who submit their name and email on a form on the company's website. "Sign up to learn how you can buy the very first seat on New Shepard," according to the company's website. The announcement's video features Bezos going out to the capsule of New Shepard after the company's test flight earlier this month. It shows him driving across the Texas desert, the remote location of the New Shepard launch facility -- notably at the wheel of a Rivian R1T electric truck, which is emblazoned with Blue Origin's signature feather. New Shepard is designed to carrying as many as six people at a time on a ride past the edge of space, with the capsules on previous test flights reaching an altitude of more than 340,000 feet (or more than 100 km). The capsule, which has massive windows to give passengers a view, spends as much as 10 minutes in zero gravity before returning to Earth. The rocket launches vertically, with the booster detaching and returning to land at a concrete pad nearby. The capsule's return is slowed down by a set of parachutes, before softly landing in the desert.Read more of this story at Slashdot.

An anonymous reader quotes a report from Motherboard: The IRS is looking for help to break into cryptocurrency hardware wallets, according to a document posted on the agency website in March of this year. Many cryptocurrency investors store their cryptographic keys, which confer ownership of their funds, with the exchange they use to transact or on a personal device. Some folks, however, want a little more security and use hardware wallets -- small physical drives which store a user's keys securely, unconnected to the internet. The law enforcement arm of the tax agency, IRS Criminal Investigation, and more specifically its Digital Forensic Unit, is now asking contractors to come up with solutions to hack into cryptowallets that could be of interest in investigations, the document states. "The decentralization and anonymity provided by cryptocurrencies has fostered an environment for the storage and exchange of something of value, outside of the traditional purview of law enforcement and regulatory organizations," the document reads. "There is a portion of this cryptographic puzzle that continues to elude organizations -- millions, perhaps even billions of dollars, exist within cryptowallets." The security of hardware wallets presents a problem for investigators. The document states that agencies may be in possession of a hardware wallet as part of a case, but may not be able to access it if the suspect does not comply. This means that authorities cannot effectively "investigate the movement of currencies" and it may "prevent the forfeiture and recovery" of the funds. "The explicit outcome of this contract is to tame the cybersecurity research into measured, repeatable, consistent digital forensics processes that can be trained and followed in a digital forensics' laboratory," the document says.Read more of this story at Slashdot.

Facebook has joined the Rust Foundation, the organization driving the Rust programming language, alongside Amazon Web Services, Google, Huawei, Microsoft, and Mozilla. From a report: Facebook is the latest tech giant to ramp up its adoption of Rust, a language initially developed by Mozilla that's become popular for systems programming because of its memory safety guarantees compared to fast languages C and C++. Rust is appealing for writing components like drivers and compilers. The Rust Foundation was established in February with initial backing from Amazon Web Services, Google, Huawei, Microsoft, and Mozilla. Microsoft is exploring Rust for some components of Windows and Azure while Google is using Rust to build new parts of the Android operating system and supporting an effort to bring Rust to the Linux kernel. Facebook's engineering team has now detailed its use of Rust beginning in 2016, a year after Rust reached its 1.0 milestone. "For developers, Rust offers the performance of older languages like C++ with a heavier focus on code safety. Today, there are hundreds of developers at Facebook writing millions of lines of Rust code," Facebook's software engineering team said.Read more of this story at Slashdot.

The European Parliament approved a new law on terrorist content takedowns yesterday, paving the way for one-hour removals to become the legal standard across the EU. From a report: The regulation "addressing the dissemination of terrorist content online" will come into force shortly after publication in the EU's Official Journal -- and start applying 12 months after that. The incoming regime means providers serving users in the region must act on terrorist content removal notices from Member State authorities within one hour of receipt, or else provide an explanation why they have been unable to do so. There are exceptions for educational, research, artistic and journalistic work -- with lawmakers aiming to target terrorism propaganda being spread on online platforms like social media sites. The types of content they want speedily removed under this regime includes material that incites, solicits or contributes to terrorist offences; provides instructions for such offences; or solicits people to participate in a terrorist group. Material posted online that provides guidance on how to make and use explosives, firearms or other weapons for terrorist purposes is also in scope. However concerns have been raised over the impact on online freedom of expression -- including if platforms use content filters to shrink their risk, given the tight turnaround times required for removals.Read more of this story at Slashdot.

tsu doh nimh writes: Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau. Bill Demirkapi, an independent security researcher who's currently a sophomore at the Rochester Institute of Technology, said he discovered the data exposure while shopping around for student loan vendors online. Demirkapi encountered one lender's site that offered to check his loan eligibility by entering his name, address and date of birth. Peering at the code behind this lookup page, he was able to see it invoked an Experian Application Programming Interface or API -- a capability that allows lenders to automate queries for FICO credit scores from the credit bureau. "No one should be able to perform an Experian credit check with only publicly available information," Demirkapi said. "Experian should mandate non-public information for promotional inquiries, otherwise an attacker who found a single vulnerability in a vendor could easily abuse Experian's system." Demirkapi found the Experian API could be accessed directly without any sort of authentication, and that entering all zeros in the "date of birth" field let him then pull a person's credit score. He even built a handy command-line tool to automate the lookups, which he dubbed "Bill's Cool Credit Score Lookup Utility."Read more of this story at Slashdot.

President Joe Biden's top labor official said Thursday that most gig workers in the United States should be classified as "employees" deserving of related benefits, in what could be a policy shift that is likely to raise costs for companies that depend on contractors such as Uber and Lyft and impact millions of workers. From a report: Shares of Uber fell as much as 8 percent while Lyft dived as much as 12 percent. Doordash fell nearly 9 percent and Grubhub was down 3.3 percent. Labor Secretary Marty Walsh, a son of Irish immigrants and a former union member, has been expected to boost President Biden's efforts to expand workers' protections and deliver a win for the country's organized labor movement. "We are looking at it but in a lot of cases gig workers should be classified as employees... in some cases they are treated respectfully and in some cases they are not and I think it has to be consistent across the board," Walsh told Reuters in an interview, expressing his view on the topic for the first time. "These companies are making profits and revenue and I'm not (going to) begrudge anyone for that because that's what we are about in America... but we also want to make sure that success trickles down to the worker," he said.Read more of this story at Slashdot.

China is poised to report its first population decline in five decades following a once-in-a-decade census, the Financial Times newspaper said, citing sources familiar with the matter. Reuters: A population drop will add pressure on Beijing to roll out measures to encourage couples to have more children and avert an irreversible decline. The National Bureau of Statistics (NBS), which is due to release the results of the census conducted late last year in early April, did not immediately respond to a Reuters request for comment. The population figure is very sensitive and will not be published until government departments have a consensus on the data and its implications, the Financial Times added on Tuesday, citing its sources. "If China confirms such a decline, it would be a big deal," said Zhiwei Zhang, the Shenzhen-based chief economist at Pinpoint Asset Management. "The consensus expects China's population to peak at 2027, based on the projection made by the United Nations. This would be much earlier than the market and policy makers expected."Read more of this story at Slashdot.

destinyland writes: LWN has a terrific update what's happened since the discovery of University of Minnesota researchers intentionally submitting buggy code to the Linux kernel: The writing of a paper on this research [PDF] was not the immediate cause of the recent events; instead, it was the posting of a buggy patch originating from an experimental static-analysis tool run by another developer at UMN. That led developers in the kernel community to suspect that the effort to submit intentionally malicious patches was still ongoing. Since then, it has become apparent that this is not the case, but by the time the full story became clear, the discussion was already running at full speed. The old saying still holds true: one should not attribute to malice that which can be adequately explained by incompetence. On April 22, a brief statement was issued by the Linux Foundation technical advisory board (TAB) stating that, among other things, the recent patches appeared to have been submitted in good faith. Meanwhile, the Linux Foundation and the TAB sent a letter to the UMN researchers outlining how the situation should be addressed; that letter has not been publicly posted, but ZDNet apparently got a copy from somewhere. Among other things, the letter asked for a complete disclosure of the buggy patches sent as part of the UMN project and the withdrawal of the paper resulting from this work. In response, the UMN researchers posted an open letter apologizing to the community, followed a few days later by a summary of the work they did [PDF] as part of the "hypocrite commits" project. Five patches were submitted overall from two sock-puppet accounts, but one of those was an ordinary bug fix that was sent from the wrong account by mistake. Of the remaining four, one of them was an attempt to insert a bug that was, itself, buggy, so the patch was actually valid; the other three (1, 2, 3) contained real bugs. None of those three were accepted by maintainers, though the reasons for rejection were not always the bugs in question. The paper itself has been withdrawn and will not be presented in May as was planned... One of the first things that happened when this whole affair exploded was the posting by Greg Kroah-Hartman of a 190-part patch series reverting as many patches from UMN as he could find... As it happens, these "easy reverts" also needed manual review; once the initial anger passed there was little desire to revert patches that were not actually buggy. That review process has been ongoing over the course of the last week and has involved the efforts of a number of developers. Most of the suspect patches have turned out to be acceptable, if not great, and have been removed from the revert list; if your editor's count is correct, 42 patches are still set to be pulled out of the kernel... A look at the full set of UMN patches reinforces some early impressions, though. First is that almost all of them do address some sort of real (if obscure and hard to hit) problem...Read more of this story at Slashdot.

Plans for 3D-printed, self-assembled "ghost guns" can be posted online without U.S. State Department approval, a federal appeals court ruled Tuesday. From a report: A divided panel of the 9th U.S. Circuit Court of Appeals in San Francisco reinstated a Trump administration order that permitted removal of the guns from the State Department's Munitions List. Listed weapons need State Department approval for export. In 2015, federal courts applied the requirement to weapons posted online and intended for production on 3D printers, the San Francisco Chronicle reported. However, three years later the State Department under then-President Donald Trump settled a lawsuit by a 3D gun company and ordered their removal. California, 21 other states and the District of Columbia sued and a federal judge in Seattle issued an injunction last year, saying that posting the designs without restrictions could put unregistered weapons into the hands of terrorists. In overturning the injunction, the appellate panel found 2-1 that a 1989 federal law prohibits courts from overruling the State Department's decision to add or remove a weapon from the Munitions List, the Chronicle reported.Read more of this story at Slashdot.

Instacart is increasing the number of stores where it accepts online payments for Supplemental Nutrition Assistance Program participants, moving the online grocery delivery giant into competition with Amazon.com and Walmart for a growing pool of consumers using federal assistance to buy food online. From a report: The San Francisco-based startup is partnering with three retailers, Publix Super Markets, The Save Mart Companies and Golub's Price Chopper/Market 32, to allow Electronic Benefits Transfer (EBT) payments in more than 1,500 additional U.S. stores. The expansion is about a 60% increase in availability for SNAP online purchasing through Instacart, which began in October with a partnership with ALDI. Food-stamp recipients will be able to order same-day delivery or pickup through the Instacart website and mobile app in more than 4,000 stores across 38 states and Washington D.C.Read more of this story at Slashdot.

Microsoft is shaking up the world of PC gaming today with a big cut to the amount of revenue it takes from games on Windows. From a report: The software giant is reducing its cut from 30 percent to just 12 percent from August 1st, in a clear bid to compete with Steam and entice developers and studios to bring more PC games to its Microsoft Store. "Game developers are at the heart of bringing great games to our players, and we want them to find success on our platforms," says Matt Booty, head of Xbox Game Studios at Microsoft. "A clear, no-strings-attached revenue share means developers can bring more games to more players and find greater commercial success from doing so." These changes will only affect PC games and not Xbox console games in Microsoft's store. While Microsoft hasn't explained why it's not reducing the 30 percent it takes on Xbox game sales, it's likely because the console business model is entirely different to PC. Microsoft, Sony, and Nintendo subsidize hardware to make consoles more affordable, and offer marketing deals in return for a 30 percent cut on software sales. Microsoft's new reduction on the PC side is significant, and it matches the same revenue split that Epic Games offers PC game developers while also putting more pressure on Valve to reduce its Steam store cut. Valve still takes a 30 percent cut on sales in its Steam store, which is reduced to 25 percent when sales hit $10 million, and then 20 percent for every sale after $50 million.Read more of this story at Slashdot.

Cybersecurity experts, law enforcement agencies and governments urged the White House to root out safe havens for criminals engaging in ransomware and step up regulation of cryptocurrencies, the lifeblood of hackers, in the hopes of controlling a growing wave of attacks. From a report: These are two of 48 recommendations made by a task force in a report Thursday to the Biden administration aimed at fighting the continuing ransomware episodes that plague major corporations, local governments and health-care providers across the world. The task force, organized by the Institute for Security and Technology, said the cyber-attacks have become a $350 million criminal industry -- a four-fold increase from the previous year. Last week, the U.S. Justice Department created its own, independent ransomware task force, signaling growing awareness inside the U.S. government of the now decade-old threat. Ransomware is a type of malicious code that typically encrypts a victim's data or network of computers. The hackers then demand a ransom to decrypt the information. More recently, ransomware gangs have also stolen data and threatened to make it public unless the victim pays a fee.Read more of this story at Slashdot.

Rei_is_a_dumbass shares a report from CNBC: Tesla is defending itself in the U.S. and Germany against allegations that it has violated environmental rules and regulations, according to a new financial filing. In the U.S., the Environmental Protection Agency accused Tesla last week of failing to prove it is in compliance with federal emissions standards for hazardous air pollutants. Specifically, the EPA is seeking details about how Tesla handles "surface coating" of its vehicles. As CNBC has previously reported, the "paint shop" at Tesla's main U.S. car plant in Fremont, California, has a history of problems, including fires, improper cleaning and maintenance. Some vehicle re-touching, to fix flaws in paint on the cars, has been done in a tented "paint hospital" at the Fremont factory, employees previously told CNBC. In 2020, Tesla embarked on massive improvements to its paint facilities, Fremont building permits revealed. Tesla said in the filing Wednesday that the company "has responded to all information requests from the EPA and refutes the allegations." The company does not expect any "material adverse impact" on its business from its dealings with the EPA in this matter. Tesla is also still tangling with local air quality authorities in California -- the Bay Area Air Quality Management District -- over previously disclosed "notices of violation," relating to "air permitting and related compliance for the Fremont Factory." In Germany, Wednesday's financial filing said, authorities have fined Tesla 12 million euros, or about $14.5 million, for allegedly failing to make public notifications and properly fulfill their obligations to take back old batteries from customers. German law requires automakers selling electric cars to take back batteries and dispose of them in an environmentally sustainable manner. Tesla wrote in the filing: "This is primarily relating to administrative requirements, but Tesla has continued to take back battery packs." Tesla filed an objection in Germany and said that the matter should not have a material impact on Tesla's business.Read more of this story at Slashdot.

DigitalOcean has emailed customers warning of a data breach involving customers' billing data, TechCrunch has learned. Zack Whittaker reports: The cloud infrastructure giant told customers in an email on Wednesday, obtained by TechCrunch, that it has "confirmed an unauthorized exposure of details associated with the billing profile on your DigitalOcean account." The company said the person "gained access to some of your billing account details through a flaw that has been fixed" over a two-week window between April 9 and April 22. The email said customer billing names and addresses were accessed, as well as the last four digits of the payment card, its expiry date and the name of the card-issuing bank. The company said that customers' DigitalOcean accounts were "not accessed," and passwords and account tokens were "not involved" in this breach. "To be extra careful, we have implemented additional security monitoring on your account. We are expanding our security measures to reduce the likelihood of this kind of flaw occuring [sic] in the future," the email said. DigitalOcean said it fixed the flaw and notified data protection authorities, but it's not clear what the apparent flaw was that put customer billing information at risk. In a statement, DigitalOcean's security chief Tyler Healy said 1% of billing profiles were affected by the breach, but declined to address our specific questions, including how the vulnerability was discovered and which authorities have been informed.Read more of this story at Slashdot.

Hmmmmmm shares a report from Phys.Org: China plans to launch the core module for its first permanent space station this week in the latest big step forward for the country's space exploration program. The Tianhe, or 'Heavenly Harmony' module is set to be hurtled into space aboard a Long March 5B rocket from the Wenchang Launch Center on the southern island of Hainan. The launch could come as early as Thursday night if all goes as planned. It would be the first of 11 missions to build and supply the space station for a three-person crew. Another 10 launches will send up two more modules; four cargo supply shipments and four missions with crews. At least 12 astronauts are training to fly to and live in the station, including veterans of previous flights, newcomers and women. When completed by late 2022, Tianhe is expected to weigh about 66 tons, a fraction the size of the International Space Station, which launched its first module in 1998 and will weigh about 450 tons when completed. Tianhe will have a docking port and will also be able to connect with a powerful Chinese space satellite. Theoretically, it could be expanded with more modules.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Coming on the heels of the Neuralink announcement earlier this month -- complete with video showing a monkey playing Pong with its mind, thanks to a wireless brain implant -- researchers with the BrainGate Consortium have successfully demonstrated a high-bandwidth wireless brain-computer interface (BCI) in two tetraplegic human subjects. The researchers described their work in a recent paper published in the journal IEEE Transactions in Biomedical Engineering. As for the latest Neuralink breakthrough, Ars Science Editor John Timmer wrote last week that most of the individual pieces of Neuralink's feat have been done before -- in some cases, a decade before (BrainGate is among those earlier pioneers). But the company has taken two important steps toward its realization of a commercial BCI: miniaturizing the device and getting it to communicate wirelessly, which is harder than it sounds. According to [John Simeral of Brown University, a member of the BrainGate consortium and lead author of the new paper], the BrainGate wireless system makes the opposite tradeoff -- higher bandwidth and fidelity -- because it wants all the finer details of the data for its ongoing research. In that regard, it complements the Utrecht and Neuralink systems in the BCI space. The new BrainGate system is based on the so-called Brown Wireless Device (BWD) designed by Arto Nurmikko, and it replaces the cables with a small transmitter that weighs about 1.5 ounces. The transmitter sits atop the user's head and connects wirelessly to an implant electrode array inside the motor cortex. There were two participants in the clinical trial -- a 35-year-old man and a 65-year-old man -- both of whom were paralyzed by spinal cord injuries. They were able to continuously use the BCI for a full 24 hours, even as they slept, yielding continuous data over that time period. (The medical-grade battery lasts for 36 hours.) "We can learn more about the neural signals that way because we can record over long periods of time," said Simeral. "And we can also begin to learn a little bit about how people actually will use the system, given the freedom to do so." His team was encouraged by the fact that one of its study participants often asked if they could leave the wireless transmitters on a little longer. He has a head tracker he can use as a fallback, but several nights a week, he would choose to use the wireless BrainGate system because he liked it. "Right now, we typically decode or interpret the spiking activity from networks of neurons," said Simeral. "There are other encoding mechanisms that have been studied in the brain that have to do with how the oscillations in the brain are related to these spiking signals. There's information in the different oscillation frequencies that might relate to, for example, sleep state, attention state, other phenomenon that we care about. Without a continuous recording, you've surrendered the ability to learn about any of those. Learning how this all happens in the human brain in the home as people are behaving and having different thoughts requires having a broadband system recording from the human brain." "The ability to potentially have individuals with disability using these systems at home on demand, I think is a great step forward," said Simeral. "More broadly, going forward, having more players in the field, having more funding, is important. I see nothing but great things from all of these interactions. For our own work, we see things on the horizon that were impossible five years ago, when there was essentially nobody in the corporate world interested in this space. So I think it's a very promising time."Read more of this story at Slashdot.

The vast majority of the world's mountain glaciers are losing 31 percent more snow and ice per year than they did 15 years earlier, according to 3D satellite measurements. Scientists blame human-caused climate change. NBC News reports: Using 20 years of recently declassified satellite data, scientists calculated that the world's 220,000 mountain glaciers are losing more than 328 billion tons (298 billion metric tons) of ice and snow per year since 2015, according to a study in Wednesday's journal Nature. That's enough melt flowing into the world's rising oceans to put Switzerland under almost 24 feet (7.2 meters) of water each year. The annual melt rate from 2015 to 2019 is 78 billion more tons (71 billion metric tons) a year than it was from 2000 to 2004. Global thinning rates, different than volume of water lost, doubled in the last 20 years and "that's enormous," said Romain Hugonnet, a glaciologist at ETH Zurich and the University of Toulouse in France who led the study. Half the world's glacial loss is coming from the United States and Canada. Alaska's melt rates are "among the highest on the planet," with the Columbia glacier retreating about 115 feet (35 meters) a year, Hugonnet said. Almost all the world's glaciers are melting, even ones in Tibet that used to be stable, the study found. Except for a few in Iceland and Scandinavia that are fed by increased precipitation, the melt rates are accelerating around the world. The near-uniform melting "mirrors the global increase in temperature" and is from the burning of coal, oil and gas, Hugonnet said. Some smaller glaciers are disappearing entirely.Read more of this story at Slashdot.

According to a new study from the CDC, Pfizer and Moderna vaccines were 94 percent effective in preventing hospitalization for COVID-19 among people age 65 and older. The Hill reports: The study provides new evidence on the benefits of vaccination, and builds on results from the clinical trials by adding real-world evidence from 417 hospitalized adults in 14 states from January to March. "This multisite U.S. evaluation under real-world conditions suggests that vaccination provided protection against COVID-19-associated hospitalization among adults aged [65 and older]," the study states. The 94 percent efficacy rate was for people who were fully vaccinated, meaning they were at least two weeks past their second dose. For people who were only partially vaccinated, meaning they were more than two weeks past the first dose but less than two weeks past the second dose, effectiveness was 64 percent. Notably, no significant effectiveness was found for people who were less than 14 days past their first dose, highlighting that it takes some time for protection to kick in and that people should not disregard precautions right away. The results show that as vaccinations spread, hospitalizations and deaths are set to decline, the CDC said.Read more of this story at Slashdot.

For the first time in nearly 15 years, Microsoft is changing the default Microsoft Office font -- and it wants your help to pick a new one. The Verge reports: While there are more than 700 font options in Word, Microsoft has commissioned five new custom fonts for Office, in a move away from the Calibri font that has been the default in Microsoft Office for nearly 15 years. The five new sans-serif fonts feature a variety of styles, including traditional, modern, and even one inspired by German road and railway signs. Microsoft is starting to gather feedback on these five new fonts today, and it plans to set one as the new Office default font in 2022. Microsoft is now releasing these five new fonts in Microsoft 365 so everyone can try them out before a new default is chosen. Polls and feedback will be considered as part of how Microsoft picks a winner, and the company is going to spend the next few months evaluating these new fonts and seeing which ones are proving popular. Once a decision has been made, the new default font will appear in Microsoft Office apps in 2022.Read more of this story at Slashdot.

Epic Games is holding back Fortnite from being available on Microsoft's Xbox Cloud Gaming (xCloud) service, according to a new deposition made public as part of the Epic case against Apple. From a report: The Fortnite developer views Microsoft's xCloud service as competition to its PC offerings, and the company is deliberately not offering Fortnite on xCloud as a result. Joe Kreiner, Epic's vice president of business development, was questioned over why Fortnite isn't available on xCloud, and confirmed it was a deliberate choice. "We viewed Microsoft's efforts with xCloud to be competitive with our PC offerings," says Kreiner in the deposition. The court document makes it appear like Kreiner may go on to explain why, but the next part of the questioning has been redacted.Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Chinese social groups, enterprises and public entities will have increased responsibility to combat foreign espionage under new regulations issued by the country's ministry of state security. The regulations, which were released and took effect on Monday, come amid deepening hostilities between China and some western governments, including over the detention of foreigners accused of national security crimes. According to state media, state security will work with other government departments to "adjust" the list of groups susceptible to foreign espionage and to develop measures to safeguard against it, including Chinese Communist Party and state organs, social groups, enterprises and public institutions. Once organizations are designated as having anti-espionage responsibility, state security will provide "guidance, supervision and inspection" of their efforts, including personnel vetting, and strict training, monitoring and debriefing for staff trips overseas. Identified organizations must report suspicions and incidents to authorities. It come amid increasing public campaigns to watch out for foreign spies, which state media has warned could be an "intimate lover" or "an online friend with the same interests." According to Li Wei, an expert on national security and anti-terrorism at the China Institute of Contemporary International Relations, the new regulation "places emphasis on companies and institutions taking precautionary measures against foreign espionage." Li said key fields would include companies or institutions working in national defense, diplomacy, economy, finance and tech.Read more of this story at Slashdot.

The family of late Samsung Electronics Chairman Lee Kun-hee said on Wednesday they will pay over 12 trillion won ($10.8 billion) in inheritance tax for his estate and donate his vast private art collection to state curators. Reuters reports: Lee, who is credited with transforming Samsung into the world's largest smartphone and memory chip maker, died on Oct. 25 with an estate local media valued at around 26 trillion won. The inheritance tax bill -- one of the largest-ever in South Korea and globally -- has been closely watched due to its potential to dilute the family's controlling stake in Samsung. The family said it planned to pay the bill over five years in six installments, starting this month. "It is our civic duty and responsibility to pay all taxes," the family said in a statement released by Samsung. Analysts have said the family is likely to use loans and dividends from both their own and Lee's shares to pay the tax.Read more of this story at Slashdot.

A tweet from Oracle Executive VP Ken Glueck goading his followers into harassing a female reporter was found to violate Twitter's policies, the company told Gizmodo on Wednesday. From the report: Glueck, who's previously made headlines as one of the top lobbyists under Oracle, was forced to take down the tweet and have his account suspended in a read-only mode for the next 12 hours, a Twitter spokesperson said. "The Tweet you referenced was in violation of the Twitter Rules. The account owner will be required to delete the violative Tweet and spend 12 hours with their account in read-only mode," a Twitter spokesperson said in an email. The tweet we reference was, of course, Glueck's. That tweet was the latest attack on the Intercept's Mara Hvistendahl, who last week published an expose detailing how reseller networks in China reportedly funnel Oracle's tech into the hands of the country's government. In response, Glueck published roughly 2,700 words worth of rebuttal on the official Oracle blog, helmed by a request for readers to send "any information about Mara or her reporting" to his personal Protonmail email address.Read more of this story at Slashdot.

"Self-driving" vehicles could be allowed on UK roads by the end of this year, the government has said. The BBC reports: The Department for Transport said automated lane-keeping systems (ALKS) would be the first type of hands-free driving legalized. The technology controls the position and speed of a car in a single lane and it will be limited to 37mph (60km/h). Following a consultation last year, the government has now said that vehicles with ALKS technology can be legally defined as self-driving, "as long as they receive GB type approval and that there is no evidence to challenge the vehicle's ability to self-drive." The government confirmed that drivers will not be required to monitor the road or keep their hands on the wheel when the vehicle is driving itself. But the driver will need to stay alert and be able take over when requested by the system within 10 seconds. If a driver fails to respond, the vehicle will automatically put on its hazard lights to warn nearby vehicles, slow down and eventually stop. The Highway Code is now consulting on what rules will be put into new laws to make sure the technology is safely used. "ALKS as currently proposed by the government are not automated," cautions Matthew Avery, director of research at Thatcham Research. "They are assisted driving systems as they rely on the driver to take back control. Aside from the lack of technical capabilities, by calling ALKS automated our concern also is that the UK government is contributing to the confusion and frequent misuse of assisted driving systems that have unfortunately already led to many tragic deaths. Consumers will expect the car to do the job of a driver, which current models can't do."Read more of this story at Slashdot.

An anonymous reader quotes a report from Wired: For a decade, Bitcoin Fog has offered to obscure the source and destination of its customers' cryptocurrency, making it one of the most venerable institutions in the dark web economy. Now the IRS says it has finally identified the Russian-Swedish administrator behind that long-running anonymizing system and charged him with laundering hundreds of millions of dollars worth of bitcoins, much of which was sent to or from dark web drug markets. What gave him away? The trail of his own decade-old digital transactions. US authorities on Tuesday arrested Roman Sterlingov in Los Angeles, according to court records, and charged him with laundering more than 1.2 million bitcoins -- worth $336 million at the times of the payments -- over the 10 years that he allegedly ran Bitcoin Fog. According to the IRS criminal investigations division, Sterlingov, a citizen of Russia and Sweden, allowed users to blend their transactions with those of others to prevent anyone examining the Bitcoin blockchain from tracing any individual's payments. He took commissions on those transactions of 2 to 2.5 percent. In total, the IRS calculates, Sterlingov allegedly took home roughly $8 million worth of bitcoin through the service, based on exchange rates at the times of each transaction. That's before factoring in Bitcoin's massive appreciation over the past decade. Ironically, it appears that the 2011 transactions Sterlingov allegedly used to set up Bitcoin Fog's server hosting are what put the IRS on his trail. Of the $336 million the complaint accuses Bitcoin Fog of laundering, at least $78 million passed through the service to various narcotics-selling dark web markets like the Silk Road, Agora, and AlphaBay over the years that followed. The IRS also appears to have used undercover agents in 2019 to transact with Bitcoin Fog, in one case sending messages to Bitcoin Fog's administrator that explicitly stated that they hoped to launder proceeds from selling ecstasy. Bitcoin Fog completed that user's transactions without a response. Most remarkable, however, is the IRS's account of tracking down Sterlingov using the very same sort of blockchain analysis that his own service was meant to defeat. The complaint outlines how Sterlingov allegedly paid for the server hosting of Bitcoin Fog at one point in 2011 using the now-defunct digital currency Liberty Reserve. It goes on to show the blockchain evidence that identifies Sterlingov's purchase of that Liberty Reserve currency with bitcoins: He first exchanged euros for the bitcoins on the early cryptocurrency exchange Mt. Gox, then moved those bitcoins through several subsequent addresses, and finally traded them on another currency exchange for the Liberty Reserve funds he'd use to set up Bitcoin Fog's domain. Based on tracing those financial transactions, the IRS says, it then identified Mt. Gox accounts that used Sterlingov's home address and phone number, and even a Google account that included a Russian-language document on its Google Drive offering instructions for how to obscure Bitcoin payments. That document described exactly the steps Sterlingov allegedly took to buy the Liberty Reserve funds he'd used.Read more of this story at Slashdot.

With Covid-19 restrictions lifting, more people are booking trips and hotels online, which is very good for Google's advertising business. Google's employees, however, are working from home and not traveling as much on the company dime -- and that's also good for its business. From a report: During the first quarter, Google parent Alphabet saved $268 million in expenses from company promotions, travel and entertainment, compared to same period a year earlier, "primarily as a result of COVID-19," according to a company filing. On an annualized basis, that would be more than $1 billion. Indeed, Alphabet said in its annual report earlier this year that advertising and promotional expenses dropped by $1.4 billion in 2020 as the company reduced spending, paused or rescheduled campaigns, and changed some events to digital-only formats due to the pandemic. Travel and entertainment expenses fell by $371 million. The savings offset many of the costs that came with hiring thousands more workers. And the pandemic prudence allowed the company to keep its marketing and administrative costs effectively flat for the first quarter, despite boosting revenue by 34%.Read more of this story at Slashdot.