Slashdot

A post shared Saturday on social media acknowledges those admins and developers at the Internet Archive working "literally round the clock... They have taken no days off this past week. They are taking none this weekend... they are working with all of their energy and considerable talent." It describes people "working so incredibly hard... putting their all in," with a top priority of "getting the site back secure and safe". But there's new and continuing problems, reports The Verge's weekend editor:Early this morning, I received an email from "The Internet Archive Team," replying to a message I'd sent on October 9th. Except its author doesn't seem to have been the digital archivists' support team - it was apparently written by the hackers who breached the site earlier this month and who evidently maintain some level of access to its systems. I'm not alone. Users on the Internet Archive subreddit are reporting getting the replies, as well. Here is the message I received: It's dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets. As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018. Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine - your data is now in the hands of some random guy. If not me, it'd be someone else. The site BleepingComputer believes they know the larger context, starting with the fact that they've also "received numerous messages from people who received replies to their old Internet Archive removal requests... The email headers in these emails also pass all DKIM, DMARC, and SPF authentication checks, proving they were sent by an authorized Zendesk server." BleepingComputer also writes that they'd "repeatedly tried to warn the Internet Archive that their source code was stolen through a GitLab authentication token that was exposed online for almost two years." And that "the threat actor behind the actual data breach, who contacted BleepingComputer through an intermediary to claim credit for the attack," has been frustrated by misreporting. (Specifically, they insist there were two separate attacks last week - a DDoS attack and a separate data breach for a 6.4-gigabyte database which includes email addresses for the site's 33 million users.)The threat actor told BleepingComputer that the initial breach of Internet Archive started with them finding an exposed GitLab configuration file on one of the organization's development servers, services-hls.dev.archive.org. BleepingComputer was able to confirm that this token has been exposed since at least December 2022, with it rotating multiple times since then. The threat actor says this GitLab configuration file contained an authentication token allowing them to download the Internet Archive source code. The hacker say that this source code contained additional credentials and authentication tokens, including the credentials to Internet Archive's database management system. This allowed the threat actor to download the organization's user database, further source code, and modify the site. The threat actor claimed to have stolen 7TB of data from the Internet Archive but would not share any samples as proof. However, now we know that the stolen data also included the API access tokens for Internet Archive's Zendesk support system. BleepingComputer attempted contact the Internet Archive numerous times, as recently as on Friday, offering to share what we knew about how the breach occurred and why it was done, but we never received a response. "The Internet Archive was not breached for political or monetary reasons," they conclude, "but simply because the threat actor could... "While no one has publicly claimed this breach, BleepingComputer was told it was done while the threat actor was in a group chat with others, with many receiving some of the stolen data. This database is now likely being traded amongst other people in the data breach community, and we will likely see it leaked for free in the future on hacking forums like Breached."Read more of this story at Slashdot.

Thatmassive geothermal energy project in Utah gets a closer look from the Washington Post, which calls it "a significant advance for a climate-friendly technology that is gaining momentum in the United States."Once fully operational, the project could generate up to 2 gigawatts of electricity - enough to power more than 2 million homes. In addition, the BLM proposed Thursday to speed up the permitting process for geothermal projects on public lands across the country. Earlier this month, the agency also hosted the biggest lease sale for geothermal developers in more than 15 years... White House national climate adviser Ali Zaidi said in an interview Thursday, "Enhanced geothermal technology has the opportunity to deliver something in the range of 65 million homes' worth of clean power - power that can be generated without putting any pollution in the sky. So we see it as a really meaningful contributor to our technology tool kit...." The developments Thursday come as tech companies race to find new sources of zero-emission power for data centers that can use as much energy as entire cities. With major backing from Google parent Alphabet, Fervo recently got its first project up and running in the northern Nevada desert... The advanced geothermal technology that Fervo is trying to scale up is an attractive option for tech firms. Enhanced geothermal plants do not pose all the safety concerns that come with nuclear power, but they have the potential to provide the round-the-clock energy that data centers need. The challenge Fervo faces is whether it can bring this technology online quickly enough. Fervo (a seven-year-old start-up) was co-founded by Tim Latimer, who previously worked as a drilling engineer, according to the article. But "Early in my career I got passionate about climate change. I started looking at where could a drilling engineer from the oil and gas industry make a difference," Latimer said during a Washington Post Live event in September. "And I realized that geothermal had been so overlooked ... even though the primary technical challenge to making geothermal work is dropping drilling costs."Read more of this story at Slashdot.

Libreboot is a distribution of coreboot "aimed at replacing the proprietary BIOS firmware contained by most computers." So then what exactly is GNU Boot? Its home page explains... In November 2022, Libreboot began to include non-libre code. We have made repeated efforts to continue collaboration with those developers to help their version of Libreboot remain libre, but that was not successful. Now we've stepped forward to stand up for freedom, ours and that of the wider community, by maintaining our own version - a genuinely libre Libreboot, that after some hurdles gave birth to this project: GNU Boot. But today, Phoronix writes:While priding itself on being "100% free", last December [GNU Boot] had to drop some motherboard support and CPU code after discovering they were shipping some files that are non-free by their free software standards. Today they announced another mistake in having inadvertently been shipping additional non-free code. GNU Boot discovered an issue with non-free code affecting not only them but also some of the Linux distributions that pride themselves on being fully free software / 100% open-source. This latest snafu they say is "more problematic" than their prior non-free code discover due to impacting the free software Linux distributions too. The issue at hand though comes down to test data contained within the archive and that containing non-free code in the form of microcode, BIOS bits, and Intel Management Engine firmware. "We also contacted Replicant..." according to the announcement, "a free Android distro that also ships vboot source code." And in addition, "We had to re-release all the affected tarballs." (Which at this point is three release candidates...)Read more of this story at Slashdot.

Neal Stephenson is a sci-fi writer "of exuberant prose who revels in embracing big ideas," according to the New York Times. "With Polostan he enters the realm of the spy novel..." Or, as the Washington Post puts it, Stephenson "drops readers into a bloody, inspiring, conflict-ridden and pivotal period of the early 20th century."With its flair for characterization, precision of language, witty apercus and fecundity of events, the novel delivers what we've come to cherish from the author of such fantastical classics as "The Diamond Age," "Snow Crash" and "Cryptonomicon." But the book is also utterly unlike the majority of Stephenson's work. For one thing, it's short - a far cry from the maximalist "systems novels" that cram in entire worlds with complex interacting power structures, both explicit and hidden. "Polostan" is also devoid of fantastical elements and farcical "hysterical realism," which comes as a bit of a shock given that this is the writer who invented Mafia pizza-delivery guys and cybernetic children's primers. The structure of the book is, likewise, unusually straightforward: a mainly linear narrative dispersed along two timelines... These observations aren't quibbles so much as alerts to the reader that this is new territory for Stephenson - and good for him! Though, because Polostan is the first novel in a planned historical series titled Bomb Light, which aims to capture the excitement and intrigue of the nuclear arms race, we cannot rule out any Stephenson freakiness down the line... Assuming the subsequent books are as good as this one, Stephenson might end up with a series that rivals Michael Moorcock's Pyat Quartet and Edward Whittemore's Jerusalem Quartet as a vivid and canny dissection of a century unlike any other. "Much of the next volume is already written," Stephenson says on Substack, calling it "a project that has been in the works for over ten years". (He also notes that among his novels, "even the stuff that's branded as science fiction tends to contain a lot of history.") Meanwhile in August, Stephenson's blockchain-tech startup Lamina1 announced a collaboration with special effects company Weta Workshop (from "The Lord of the Rings" film franchise) on a "participatory worldbuilding" experience. Variety reports:The experience is expected to offer "a new blueprint for IP expansion through immersive experiences that incorporate fan action and input." Per Lamina1's description for the project, "Stephenson and the Weta team will begin engaging a global community of creators and fans on the Lamina1 platform this fall, inviting them to unravel the lore behind a mysterious set of 'Artefacts' that will build upon the themes and lore from Stephenson's critically-acclaimed catalog of work. Next, the superfan will take on the new role of creator, utilizing their discoveries to contribute directly to the expansion of the universe." "Artefact" will serve as the flagship project in the Lamina1-Weta partnership and first major multimedia property launching on Lamina1's blockchain infrastructure and tooling. Neal Stephenson answered questions from Slashdot's readers in 2004. Now to promote his new novel Polostan, Stephenson will be making several personal appearances this week: At the Wisconsin Book Festival in Madison (Sunday at noon)Chicago's Book Stall (Monday at 7 p.m.)A Cary, North Carolina Barnes & Noble (Tuesday at 6 p.m.)New York City's Strand (Wednesday at 7 p.m.)At the Midtown Scholar Bookstore in Harrisburg, Pennsylvania (Thursday at 7 p.m.)Ames, Iowa at Dog Eared Books (Sunday at 6 p.m.)Read more of this story at Slashdot.

"A technology pioneered by Benjamin Franklin is being revived to build more efficient electric motors," reports the Wall Street Journal, "an effort in its nascent stage that has the potential to be massive."A handful of scientists and engineers - armed with materials and techniques unimaginable in the 1700s - are creating modern versions of Franklin's "electrostatic motor," that are on the cusp of commercialization... Franklin's "electrostatic motor" uses alternating positive and negative charges - the same kind that make your socks stick together after they come out of the dryer - to spin an axle, and doesn't rely on a flow of current like conventional electric motors. Every few years, an eager Ph.D. student or engineer rediscovers this historical curiosity. But other than applications in tiny pumps and actuators etched on microchips, where this technology has been in use for decades, their work hasn't made it out of the lab. Electrostatic motors have several potentially huge advantages over regular motors. They are up to 80% more efficient than conventional motors after all the dependencies of regular electric motors are added in. They could also allow new kinds of control and precision in robots, where they could function more like our muscles. And they don't use rare-earth elements because they don't have permanent magnets, and require as little as 5% as much copper as a conventional motor. Both materials have become increasingly scarce and expensive over the past decade, and supply chains for them are dominated by China. "It's reminiscent of the early 1990s, when Sony began to produce and sell the first rechargeable lithium-ion batteries, a breakthrough that's now ubiquitous..." according to the article. "These motors could lead to more efficient air-conditioning systems, factories, logistics hubs and data centers, and - since they can double as generators - better ways of generating renewable energy. They might even show up in tiny surveillance drones." And the article points out that C-Motive Technologies, a 16-person startup in Wisconsin, is already "reaching out to companies, hoping to get their motors out into the real world." ("So far, FedEx and Rockwell Automation, the century-old supplier of automation to factories, are among those testing their motors.")C-Motive's founders discovered that a number of technologies had matured enough that, when combined, could yield electrostatic motors competitive with conventional ones. These enabling technologies include super fast-switching power electronics - like those in modern electric vehicles - that can toggle elements of the motor between states of positive and negative charge very quickly... Dogged exploration of combinations of various readily available industrial organic fluids led to a proprietary mix that can both multiply the strength of the electric field and insulate the motor's spinning parts from each other - all without adding too much friction - says C-Motive Chief Executive Matt Maroon.Read more of this story at Slashdot.

It connects people, data, and money, Bill Gates wrote this week on his personal blog. But digital public infrastructure is also "revolutionizing the way entire nations serve their people, respond to crises, and grow their economies" - and the Gates Foundation sees it "as an important part of our efforts to help save lives and fight poverty in poor countries."Digital public infrastructure [or "DPI"]: digital ID systems that securely prove who you are, payment systems that move money instantly and cheaply, and data exchange platforms that allow different services to work together seamlessly... [W]ith the right investments, countries can use DPI to bypass outdated and inefficient systems, immediately adopt cutting-edge digital solutions, and leapfrog traditional development trajectories - potentially accelerating their progress by more than a decade. Countries without extensive branch banking can move straight to mobile banking, reaching far more people at a fraction of the cost. Similarly, digital ID systems can provide legal identity to millions who previously lacked official documentation, giving them access to a wide range of services - from buying a SIM card to opening a bank account to receiving social benefits like pensions. I've heard concerns about DPI - here's how I think about them. Many people worry digital systems are a tool for government surveillance. But properly designed DPI includes safeguards against misuse and even enhances privacy... These systems also reduce the need for physical document copies that can be lost or stolen, and even create audit trails that make it easier to detect and prevent unauthorized access. The goal is to empower people, not restrict them. Then there's the fear that DPI will disenfranchise vulnerable populations like rural communities, the elderly, or those with limited digital literacy. But when it's properly designed and thoughtfully implemented, DPI actually increases inclusion - like in India, where millions of previously unbanked people now have access to financial services, and where biometric exceptions or assisted enrollment exist for people with physical disabilities or no fixed address. Meanwhile, countries can use open-source tools - like MOSIP for digital identity and Mojaloop for payments - to build DPI that fosters competition and promotes innovation locally. By providing a common digital framework, they allow smaller companies and start-ups to build services without requiring them to create the underlying systems from scratch. Even more important, they empower countries to seek out services that address their own unique needs and challenges without forcing them to rely on proprietary systems. "Digital public infrastructure is key to making progress on many of the issues we work on at the Gates Foundation," Bill writes, "including protecting children from preventable diseases, strengthening healthcare systems, improving the lives and livelihoods of farmers, and empowering women to control their financial futures. "That's why we're so committed to DPI - and why we've committed $200 million over five years to supporting DPI initiatives around the world... The future is digital. Let's make sure it's a future that benefits everyone."Read more of this story at Slashdot.

A California oil refinery that produces 8% of the state's gasoline is shutting down late next year - a decision the Los Angeles Times says is "driven by climate change, the transition to electric vehicles and demands for cleaner air." "There's no question we are going to lose refineries over time, because demand is going to go down as we transition to electric vehicles, but I did not expect to see any of them exiting this quickly," said Severin Borenstein, faculty director of the Energy Institute at UC Berkeley's Haas School of Business. California "over the medium term" will have to rely more on imports, he said. "I think part of the response the state's going to need to consider is how to make sure that we can import sufficient gasoline to meet our needs...." David Hackett, chairman of Stillwater Associates, an Irvine oil consultancy, said he was contacted by Phillips just before the announcement, and was told the closure was a business decision. He said that although the timing was somewhat surprising, the closure wasn't, given the age of the refineries, their relatively small size and the inefficient layout that connects them by a pipeline. "That plant has been for sale for years. It hasn't found any buyers and I think that this has been an economic decision on their part. They looked at the profitability of the place and compared it with the other businesses that they have, and it didn't make the cut," he said. "The closure is likely to increase California's already high prices at the gas pump, given that much of the replacement gasoline will be shipped in by ocean vessel, analysts say..." according to another article from the Los Angeles Times. "Environmentalists and community activists cheered the news, however, saying it will mean cleaner air for the thousands who live in the area and that the state must continue the transition away from its dependence on fossil fuels."Read more of this story at Slashdot.

Tom's Hardware reports on some interesting hardware history being shared on X.com:AMD engineer Phil Park identified a curious nugget of PC architectural history from, of all places, a year-old Quora answer posted by former Intel engineer [and Pentium Pro architect] Robert Colwell. The nugget indicates that Intel could have beaten AMD to the x86-64 punch if the former wasn't dead-set on the x64-only Itanium line of CPUs. Colwell had responded on Quora to the question "Shouldn't Intel with its vast resources have been able to develop both architectures?"This was a marketing decision by Intel - they believed, probably rightly, that bringing out a new 64-bit feature in the x86 would be perceived as betting against their own native-64-bit Itanium, and might well severely damage Itanium's chances. I was told, not once, but twice, that if I "didn't stop yammering about the need to go 64-bits in x86 I'd be fired on the spot" and was directly ordered to take out that 64-bit stuff. I decided to split the difference, by leaving in the gates but fusing off the functionality. That way, if I was right about Itanium and what AMD would do, Intel could very quickly get back in the game with x86. As far as I'm concerned, that's exactly what did happen. Phil Park continued the discussion on X.com. "He didn't quite get what he wanted, but he got close since they had x86-64 support in subsequent products when Intel made their comeback." (So, Park posted later in the thread, "I think he won the long game.") Park also shared a post from Nicholas Wilt (NVIDIA CUDA designer who earlier did GPU computing work at Microsoft and built the prototype for Windows Desktop Manager):I have an x86-64 story of my own. I pressed a friend at AMD to develop an alternative to Itanium. "For all the talk about Wintel," I told him, "these companies bear no love for one another. If you guys developed a 64-bit extension of x86, Microsoft would support it...." Interesting coda: When it became clear that x86-64 was beating Itanium in the market, Intel reportedly petitioned Microsoft to change the architecture and Microsoft told Intel to pound sand.Read more of this story at Slashdot.

The Miami Herald reports:Cuba's electrical grid shut down again early Saturday, leaving the island without electricity after authorities tried but failed to restore power following an earlier nationwide blackout on Friday. The island's Electric Union reported a second "total outage" at 6:15 a.m., just hours after officials reported they had restored power in a few "microsystems" all over the island... The country has been going through its worst economic crisis since the fall of the Soviet Union, and the government lacks money to buy oil in the international market to meet domestic demand. Cubans irked by the daily blackouts defied the country's Draconian laws punishing criticism of the government and left several comments in official news outlets calling for government officials to resign. The second outage will likely exacerbate public frustration as food begins to spoil because of the lack of refrigeration. Two hours ago, Reuters reported that Cuba's government "said on Saturday it had made some progress in gradually re-establishing electrical service across the island, including to hospitals and parts of the capital Havana..." "Most of Cuba's 10 million people, however, remained without electricity on Saturday afternoon."Traffic lights were dark at intersections throughout Havana, and most commerce was halted... Cuban officials have said even if the immediate grid collapse is resolved, the electricity crisis will continue. Cuba produces little of its own crude oil, and fuel deliveries to the island have dropped significantly this year, as Venezuela, Russia and Mexico, once important suppliers, have reduced their exports to Cuba. Mexico experienced a historic drop in production, according to the New York Times, while Venezuela is selling its oil to foreign companies to ease its own economic crisis:The experts had warned for years: Cuba's power grid was on the verge of collapse, relying on plants nearly a half-century old and importing fuel that the cash strapped Communist government could barely afford... Cuban economists and foreign analysts blamed the crisis on several factors: the government's failure to tackle the island's aging infrastructure; the decline in fuel supplies from Venezuela, Mexico and Russia; and a lack of capital investment in badly needed renewable systems, such as wind and solar. Jorge Pinon, a Cuban-born energy expert at the University of Texas at Austin, highlighted that Cuba's electricity grid relies on eight very large power plants that are close to 50 years old. "They have not received any operational maintenance much less capital maintenance in the last 12 to 15 years," he said, adding that they have a lifetime of only 25-30 years. "So, number one, it's a structural problem, they are breaking down all the time and that has a domino effect," he said. Compounding the problems, Cuba burns crude oil as a fuel for its plants. Experts said Cuba's own crude oil production is very heavy in sulfur and metals that can impair the thermoelectric combustion process. "So they have to be constantly repairing them, and they're repairing them with Band-Aids," said Mr. Pinon... "If they can't turn these plants back on there is a concern that this could turn into another mass exodus," said Ricardo Herrero, the director of the Cuba Study Group in Washington. "They are really short on options," he added.Read more of this story at Slashdot.

An anonymous readed shared this report from CNN:[U.S. army boats] are poorly maintained and largely unprepared to meet the military's growing mission in the Pacific, a new government oversight report said this week.The Government Accountability Office released a report on Wednesday that concluded there are "wide-ranging" issues facing Army watercraft, which limit the Army's ability "to meet mission requirements in the Indo-Pacific theater where the need for Army watercraft is most pronounced." Despite Army policy requiring the vessels to be at least at a 90% mission capable rate - meaning the vessels are ready to perform their mission - the boats currently have a less than 40% capable rate this year. Overall, the fleet of watercraft has dropped by nearly half since 2018, going from 134 vessels to 70 as of May this year, in part due to divestment of vessels in 2018 and 2019... "Army boats have not been ready, capable, or in a mindset they'll have to do something dangerous or in the real world ... for decades now," a retired warrant officer and former chief engineer on Army watercraft told CNN at the time... [Army spokeswoman Cynthia Smith] said that the Army is "actively" working to address gaps in the watercraft's capability as a whole, and prioritizing improving the current fleet while also "investing in a modernized fleet to meet the needs of the 2040 force." Col. Dave Butler, a spokesman for Army Chief of Staff Gen. Randy George, told CNN that the Army is also looking at possibly replacing the existing fleet of Army watercraft with autonomous vessels in the future. "What we see is the oil industry and other shipping industries are doing this already, we see that happening all around the world," Butler said. "There's no reason the Army shouldn't be thinking that way ... leaders from down at ship level all the way to the Pentagon are looking at this and determining the best way to deploy our forces... "Maybe the future fleet is all autonomous, we just don't know," he said. "This is all stuff we're looking at in terms of trying to modernize the way we move people, weapons, and equipment." CNN notes that the report "also said the Army is considering leasing civilian watercraft to bolster its existing fleet and moving all of its watercraft to the Pacific." The report also included a response from Army Secretary Wormuth, who said the Army is "actively pursuing a holistic approach to mitigate the gaps in Army watercraft capability and capacity."Read more of this story at Slashdot.

"The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening..." writes Linux Magazine. From an October 7th announcement by The Gnome Foundation:Our plan for the previous financial year was to operate a break-even budget. We raised less than expected last year, due to a very challenging fundraising environment for nonprofits, on top of internal changes such as the departure of our previous Executive Director, Holly Million. The Foundation has a reserves policy which requires us to keep a certain amount of money in the bank account, to preserve core operations in the event of interruptions to our income. In order to meet our reserves policy, this year's budget had to reduce our expenditure to below expected income, and generate a small surplus to reinstate the Foundation's financial reserves to the necessary level... We're asking for your support in several ways: - Look out for opportunities to volunteer your time and skills in areas where we've had to reduce staff involvement. - Share ideas on how to organize and improve our activities in this new context. - Consider making donations to support the GNOME Foundation's core priorities, if you're able... Through these difficult decisions, the GNOME Foundation is able to meet its reserves policy, ensuring sufficient funds for the coming year. Our budget for the new financial year is realistic and supports four full time staff, who are able to support key operations like finance, infrastructure and events. We are additionally contracting a number of other individuals on a short term or part time basis, to help with fund raising, websites and delivering on our project commitments. We are going to be looking to the GNOME community to help with the areas that are most affected by our reduced staffing. If you would like to help GNOME with its events, marketing, or fundraising, we would love to hear from you. In their new budget, "expenses have been greatly reduced," according to an October 10 update:We are also very relieved to be able to provide a surplus budget for the first time in many years, and doing so while still being able to support the community: events, infrastructure, internships, travel funding, and meeting our commitment to donors for work done in some parts of the stack, e.g.: Flathub, parental controls and GNOME Software.Read more of this story at Slashdot.

MIT engineers have built a solar-powered desalination system that "ramps up its desalting process and automatically adjusts to any sudden variation in sunlight, for example by dialing down in response to a passing cloud or revving up as the skies clear." While traditional reverse osmosis systems typically require steady power levels, "the MIT system requires no extra batteries for energy storage, nor a supplemental power supply, such as from the grid." And their results were pretty impressive:The engineers tested a community-scale prototype on groundwater wells in New Mexico over six months, working in variable weather conditions and water types. The system harnessed on average over 94 percent of the electrical energy generated from the system's solar panels to produce up to 5,000 liters of water per day despite large swings in weather and available sunlight... "Being able to make drinking water with renewables, without requiring battery storage, is a massive grand challenge," says Amos Winter, the Germeshausen Professor of Mechanical Engineering and director of the K. Lisa Yang Global Engineering and Research Center at MIT. "And we've done it." The system is geared toward desalinating brackish groundwater - a salty source of water that is found in underground reservoirs and is more prevalent than fresh groundwater resources. The researchers see brackish groundwater as a huge untapped source of potential drinking water, particularly as reserves of fresh water are stressed in parts of the world. They envision that the new renewable, battery-free system could provide much-needed drinking water at low costs, especially for inland communities where access to seawater and grid power are limited... The researchers' report details the new system in a paper appearing in Nature Water. The study's co-authors are Bessette, Winter, and staff engineer Shane Pratt... "Our focus now is on testing, maximizing reliability, and building out a product line that can provide desalinated water using renewables to multiple markets around the world," Pratt adds. The team will be launching a company based on their technology in the coming months. This research was supported in part by the National Science Foundation, the Julia Burke Foundation, and the MIT Morningside Academy of Design. This work was additionally supported in-kind by Veolia Water Technologies and Solutions and Xylem Goulds. Thanks to long-time Slashdot reader schwit1 for sharing the news.Read more of this story at Slashdot.

An anonymous reader shared this report from Forbes:Recent headlines have proclaimed that Chinese scientists have hacked "military-grade encryption" using quantum computers, sparking concern and speculation about the future of cybersecurity. The claims, largely stemming from a recent South China Morning Post article about a Chinese academic paper published in May, was picked up by many more serious publications. However, a closer examination reveals that while Chinese researchers have made incremental advances in quantum computing, the news reports are a huge overstatement. "Factoring a 50-bit number using a hybrid quantum-classical approach is a far cry from breaking 'military-grade encryption'," said Dr. Erik Garcell, Head of Technical Marketing at Classiq, a quantum algorithm design company. While advancements have indeed been made, the progress represents incremental steps rather than a paradigm-shifting breakthrough that renders current cryptographic systems obsolete. "This kind of overstatement does more harm than good," Dr. Garcell said. "Misrepresenting current capabilities as 'breaking military-grade encryption' is not just inaccurate - it's potentially damaging to the field's credibility...." In fact, the Chinese paper in question, titled Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage, does not mention military-grade encryption, which typically involves algorithms like the Advanced Encryption Standard (AES). Instead, the paper is about attacking RSA encryption (RSA stands for Rivest-Shamir-Adleman, named after its creators)... While factoring a 50-bit integer is an impressive technical achievement, it's important to note that RSA encryption commonly uses key sizes of 2048 bits or higher. The difficulty of factoring increases exponentially with the size of the number, meaning that the gap between 50-bit and 2048-bit integers is astronomically large. Moreover, the methods used involve a hybrid approach that combines quantum annealing with classical computation. This means that the quantum annealer handles part of the problem, but significant processing is still performed by classical algorithms. The advances do not equate to a scalable method for breaking RSA encryption as it is used in practical applications today. Duncan Jones, Head of Cybersecurity at Quantinuum, tells Forbes that if China had actually broken AES - they'd be keeping it secret (rather than publicizing it in newspapers).Read more of this story at Slashdot.

"Getting sick feels bad in the moment," reports the Washington Post, "and may affect your brain in the longer term."A new study published in Nature Aging adds to growing evidence that severe infections, including flu, herpes and respiratory tract infections, are linked to accelerated brain atrophy and increased risk of dementia years later. It also hints at the biological drivers that may contribute to neurodegenerative disease. The current research is a "leap beyond previous studies that had already associated infection with susceptibility to Alzheimer's disease" and provides a "useful dataset," said Rudy Tanzi, a professor of neurology at Harvard Medical School and the director of the McCance Center for Brain Health at Massachusetts General Hospital. Other recent studies have found that the flu shot and the shingles vaccine reduce the risk of subsequent dementia in those who get them. Severe infections have also been linked to subsequent strokes and heart attacks. "Big infection, big immune response - not good for the brain," said one of the study's co-authors (Keenan Walker, a tenure-track investigator and the director of the Multimodal Imaging of Neurodegenerative Disease Unit at the National Institute on Aging). And the article also includes this quote from Kristen Funk, an assistant professor of biological sciences at the University of North Carolina at Charlotte (who studies neuroinflammation in neuroinfectious and neurodegenerative diseases). "They really found that there's a range of infections that are associated with this brain atrophy, associated with this cognitive decline."In turn, most of these infections associated with brain atrophy seem to be risk factors for dementia, according to the researchers' analyses of the UK Biobank data of 495,896 subjects and a Finnish dataset of 273,132 subjects. They found that having a history of infections was associated with an increased risk for Alzheimer's disease years later. The increased risk was even higher for vascular dementia, which is the second-most-common dementia diagnosis after Alzheimer's disease and caused by restriction of blood to the brain... More-minor infections are not cause for alarm since the data was drawn from patients who had a hospital record of their infections, indicating more-severe cases, experts say. And speaking of infections, the Post also published an interesting guest column by Dr. Mikkael A. Sekeres, division chief for hematology and medicine professor at the University of Miami's cancer center:A recent report from the American Association for Cancer Research attributed 13 percent of cancer cases worldwide to infections. Some estimates run as high as 20 percent, with particularly high rates of infection-related cancers in developing countries. Infectious agents linked to cancer include bacteria, such as Helicobacter pylori (H. pylori), and viruses, such as human papillomavirus (HPV), Epstein-Barr virus (EBV), and hepatitis B and C. But keep in mind that an exceedingly small percentage of infected people develop cancer...Read more of this story at Slashdot.

"Six years after the Spectre transient execution processor design flaws were disclosed, efforts to patch the problem continue to fall short," writes the Register:Johannes Wikner and Kaveh Razavi of Swiss University ETH Zurich on Friday published details about a cross-process Spectre attack that derandomizes Address Space Layout Randomization and leaks the hash of the root password from the Set User ID (suid) process on recent Intel processors. The researchers claim they successfully conducted such an attack.... [Read their upcomong paper here.] The indirect branch predictor barrier (IBPB) was intended as a defense against Spectre v2 (CVE-2017-5715) attacks on x86 Intel and AMD chips. IBPB is designed to prevent forwarding of previously learned indirect branch target predictions for speculative execution. Evidently, the barrier wasn't implemented properly. "We found a microcode bug in the recent Intel microarchitectures - like Golden Cove and Raptor Cove, found in the 12th, 13th and 14th generations of Intel Core processors, and the 5th and 6th generations of Xeon processors - which retains branch predictions such that they may still be used after IBPB should have invalidated them," explained Wikner. "Such post-barrier speculation allows an attacker to bypass security boundaries imposed by process contexts and virtual machines." Wikner and Razavi also managed to leak arbitrary kernel memory from an unprivileged process on AMD silicon built with its Zen 2 architecture. Videos of the Intel and AMD attacks have been posted, with all the cinematic dynamism one might expect from command line interaction. Intel chips - including Intel Core 12th, 13th, and 14th generation and Xeon 5th and 6th - may be vulnerable. On AMD Zen 1(+) and Zen 2 hardware, the issue potentially affects Linux users. The relevant details were disclosed in June 2024, but Intel and AMD found the problem independently. Intel fixed the issue in a microcode patch (INTEL-SA-00982) released in March, 2024. Nonetheless, some Intel hardware may not have received that microcode update. In their technical summary, Wikner and Razavi observe: "This microcode update was, however, not available in Ubuntu repositories at the time of writing this paper." It appears Ubuntu has subsequently dealt with the issue. AMD issued its own advisory in November 2022, in security bulletin AMD-SB-1040. The firm notes that hypervisor and/or operating system vendors have work to do on their own mitigations. "Because AMD's issue was previously known and tracked under AMD-SB-1040, AMD considers the issue a software bug," the researchers explain. "We are currently working with the Linux kernel maintainers to merge our proposed software patch." BleepingComputer adds that the ETH Zurich team "is working with Linux kernel maintainers to develop a patch for AMD processors, which will be available here when ready."Read more of this story at Slashdot.

"The Wayback Machine, Archive-It, scanning, and national library crawls have resumed," announced the Internet Archive Thursday, "as well as email, blog, helpdesk, and social media communications. Our team is working around the clock across time zones to bring other services back online." Founder Brewster Kahle told The Washington Post it's the first time in its almost 30-year history that it's been down more than a few hours. But their article says the Archive is "fighting back."Kahle and his team see the mission of the Internet Archive as a noble one - to build a "library of everything" and ensure records are kept in an online environment where websites change and disappear by the day. "We're all dreamers," said Chris Freeland, the Internet Archive's director of library services. "We believe in the mission of the Internet Archive, and we believe in the promise of the internet." But the site has, at times, courted controversy. The Internet Archive faces lawsuits from book publishers and music labels brought in 2020 and 2023 for digitizing copyrighted books and music, which the organization has argued should be permissible for noncommercial, archival purposes. Kahle said the hundreds of millions of dollars in penalties from the lawsuits could sink the Internet Archive. Those lawsuits are ongoing. Now, the Internet Archive has also had to turn its attention to fending off cyberattacks. In May, the Internet Archive was hit with a distributed denial-of-service (DDoS) attack, a fairly common type of internet warfare that involves flooding a target site with fake traffic. The archive experienced intermittent outages as a result. Kahle said it was the first time the site had been targeted in its history... [After another attack October 9th], Kahle and his team have spent the week since racing to identify and fix the vulnerabilities that left the Internet Archive open to attack. The organization has "industry standard" security systems, Kahle said, but he added that, until this year, the group had largely stayed out of the crosshairs of cybercriminals. Kahle said he'd opted not to prioritize additional investments in cybersecurity out of the Internet Archive's limited budget of around $20 million to $30 million a year... [N]o one has reliably claimed the defacement and data breach that forced the Internet Archive to sequester itself, said [cybersecurity researcher] Scott Helmef. He added that the hackers' decision to alert the Internet Archive of their intrusion and send the stolen data to Have I Been Pwned, the monitoring service, could imply they didn't have further intentions with it.... Helme said the episode demonstrates the vulnerability of nonprofit services like the Internet Archive - and of the larger ecosystem of information online that depends on them. "Perhaps they'll find some more funding now that all of these headlines have happened," Helme said. "And people suddenly realize how bad it would be if they were gone." "Our priority is ensuring the Internet Archive comes online stronger and more secure," the archive said in Thursday's statement. And they noted other recent-past instances of other libraries also being attacked online:As a library community, we are seeing other cyber attacks - for instance the British Library, Seattle Public Library, Toronto Public Library, and now Calgary Public Library. We hope these attacks are not indicative of a trend." For the latest updates, please check this blog and our official social media accounts: X/Twitter, Bluesky and Mastodon. Thank you for your patience and ongoing support.Read more of this story at Slashdot.

"Biden forgives more student loans," read Thursday's headline at CNBC. While this time it was $4.5 billion in student debt for over 60,000 public service workers, "The Biden-Harris Administration has approved $175 billion in student debt relief for nearly 5 million borrowers through various actions," according to an announcement from the White House on Thursday. (So the average amount received by each of the 5 million students is $35,000.) CNN calculates this eliminates roughly 11% of all outstanding U.S. federal student loan debt. This latest round of forgiveness fixed a loophole in a bipartisan program (passed during the Bush administration in 2007) called Public Service Loan Forgiveness:"For too long, the government failed to live up to its commitments, and only 7,000 people had ever received forgiveness under Public Service Loan Forgiveness before Vice President (Kamala) Harris and I took office," Biden said in a statement. "We vowed to fix that," he added... Thursday's announcement impacts about 60,000 borrowers who are now approved for approximately $4.5 billion in student debt relief under PSLF. CNN points out the total $175 billion in forgiven student debt is more than under any other president - though it's still "less than half of the $430 billion that would've been canceled under the president's one-time forgiveness plan, which was struck down by the Supreme Court last year." The Biden administration has made it easier for about 572,000 permanently disabled borrowers to receive the debt relief to which they are entitled. It also has granted student loan forgiveness to more than 1.6 million borrowers who were defrauded by their college... The Biden administration is conducting a one-time recount of borrowers' past payments and making adjustments if they had been counted incorrectly, bringing many people closer to debt relief.Read more of this story at Slashdot.

Longtime Slashdot reader schwit1 shares an op-ed written by Michael R. Bloomberg, founder and majority owner of Bloomberg LP, the parent company of Bloomberg News, UN Special Envoy on Climate Ambition and Solutions, and chair of the Defense Innovation Board: There are government boondoggles, and then there's NASA's Artemis program. More than a half century after Neil Armstrong's giant leap for mankind, Artemis was intended to land astronauts back on the moon. It has so far spent nearly $100 billion without anyone getting off the ground, yet its complexity and outrageous waste are still spiraling upward. The next US president should rethink the program in its entirety. As someone who greatly respects science and strongly supports space exploration, the more I have learned about Artemis, the more it has become apparent that it is a colossal waste of taxpayer money. [...] A celestial irony is that none of this is necessary. A reusable SpaceX Starship will very likely be able to carry cargo and robots directly to the moon -- no SLS, Orion, Gateway, Block 1B or ML-2 required -- at a small fraction of the cost. Its successful landing of the Starship booster was a breakthrough that demonstrated how far beyond NASA it is moving. Meanwhile, NASA is canceling or postponing promising scientific programs -- including the Veritas mission to Venus; the Viper lunar rover; and the NEO Surveyor telescope, intended to scan the solar system for hazardous asteroids -- as Artemis consumes ever more of its budget. Taxpayers and Congress should be asking: What on Earth are we doing? And the next president should be held accountable for answers.Read more of this story at Slashdot.

An anonymous reader shares a report: If you dread the thought of calling to change an airline ticket or negotiate your internet bill, a new artificial intelligence tool may provide a solution. DoNotPay, which offers an assortment of consumer-friendly services like tracking subscriptions, generating burner phone numbers, and searching for unclaimed property, now features a bot that will call customer service numbers for users, navigate through phone menus and sit through hold music, then politely but firmly advocate on users' behalf. The company shared examples of its AI calling a cellphone provider for help porting a phone number and talking with an airline to cancel a flight within the 24-hour cancellation window. Joshua Browder, CEO and founder of DoNotPay, says getting updates on lost luggage and seeking compensation for flight delays are also common use cases. DoNotPay already offered tools to connect to customer service agents via chat windows, and to draft and send emails, faxes, and even snail mail to companies on behalf of users. But while the service's artificial intelligence had enough smarts to wait on hold for users, then hand over a call when an agent was available, until recently AI models were not capable of carrying on a convincing voice conversation with a human operator in real time. Browder says that changed with Open AI's GPT-4o model, unveiled in May. "That has reduced the delay by about 70%, so instead of it taking three seconds to come up with a response, it now takes under a second, and that's finally fast enough to hold these phone conversations," he says. "So now we're doing thousands of these calls."Read more of this story at Slashdot.

sciencehabit shares a report from Science Magazine: From dumping iron into the ocean to launching mirrors into space, proposals to cool the planet through 'geoengineering' tend to be controversial -- and sometimes fantastical. A new idea isn't any less far-out, but it may avoid some of the usual pitfalls of strategies to fill the atmosphere with tiny, reflective particles. In a modeling study published this month in Geophysical Research Letters, scientists report that shooting 5 million tons of diamond dust into the stratosphere each year could cool the planet by 1.6C -- enough to stave off the worst consequences of global warming. The scheme wouldn't be cheap, however: experts estimate it would cost nearly $200 trillion over the remainder of this century -- far more than traditional proposals to use sulfur particles. [...] The researchers modeled the effects of seven compounds, including sulfur dioxide, as well as particles of diamond, aluminum, and calcite, the primary ingredient in limestone. They evaluated the effects of each particle across 45 years in the model, where each trial took more than a week in real-time on a supercomputer. The results showed diamond particles were best at reflecting radiation while also staying aloft and avoiding clumping. Diamond is also thought to be chemically inert, meaning it would not react to form acid rain, like sulfur. To achieve 1.6C of cooling, 5 million tons of diamond particles would need to be injected into the stratosphere each year. Such a large quantity would require a huge ramp up in synthetic diamond production before high-altitude aircraft could sprinkle the ground-up gems across the stratosphere. At roughly $500,000 per ton, synthetic diamond dust would be 2,400 times more expensive than sulfur and cost $175 trillion if deployed from 2035 to 2100, one study estimates.Read more of this story at Slashdot.

An anonymous reader quotes a report from Space News: SpaceX has been awarded contracts for eight launches under the National Security Space Launch (NSSL) Phase 3 Lane 1 program, the U.S. Space Force's Space Systems Command announced Oct. 18. The contracts worth $733.5 million span seven missions for the Space Development Agency (SDA) and one for the National Reconnaissance Office (NRO) projected to launch in 2026. These are part of the NSSL Phase 3 procurement of launch services for U.S. defense and intelligence agencies. The NSSL Phase 3 Lane 1 program is structured as an Indefinite Delivery, Indefinite Quantity (IDIQ) contract, a flexible procurement method often used in government contracting. The total value of the Lane 1 contract is estimated at $5.6 billion over five years, with Blue Origin, SpaceX, and United Launch Alliance (ULA) selected as the primary vendors to compete for individual task orders. The Space Development Agency is utilizing SpaceX's Falcon 9 rocket to launch small satellites into a low-Earth orbit (LEO) constellation, a network of satellites designed to enhance military communications and intelligence capabilities. SpaceX has already completed two successful launches for the Tranche 0 portion of SDA's constellation. "The Phase 3 Lane 1 construct allows us to execute launch services more quickly for risk-tolerant payloads, putting more capabilities in orbit faster to support national security," said Brig. Gen. Kristin Panzenhagen, program executive officer for Assured Access to Space at the Space Force. Blue Origin's New Glenn rocket has yet to perform its first launch and will need to complete at least two successful flights to qualify for NSSL certification, while ULA's Vulcan Centaur, which has completed two flights, is still awaiting final certification for the program.Read more of this story at Slashdot.

The world's biggest trade publisher has changed the wording on its copyright pages to help protect authors' intellectual property from being used to train large language models and other artificial intelligence tools, The Bookseller has reported. From the report: Penguin Random House has amended its copyright wording across all imprints globally, confirming it will appear "in imprint pages across our markets." The new wording states: "No part of this book may be used or reproduced in any manner for the purpose of training artificial intelligence technologies or systems," and will be included in all new titles and any backlist titles that are reprinted. The statement also "expressly reserves [the titles] from the text and data mining exception," in accordance with a European Parliament directive. The move specifically to ban the use of its titles by AI firms for the development of chatbots and other digital tools comes amid a slew of copyright infringement cases in the US and reports that large tranches of pirated books have already been used by tech companies to train AI tools. In 2024, several academic publishers including Taylor & Francis, Wiley and Sage have announced partnerships to license content to AI firms.Read more of this story at Slashdot.

An anonymous reader quotes a report from the Washington Post: Brandon Barrett arrived here two weeks ago, sick but hopeful, like dozens before him. Just a few years back, he could dead lift 660 pounds. After an injury while training to be a professional dirt-bike rider, he opened a motorcycle shop just north of Buffalo. When he wasn't working, he would cleanse his mind through rigorous meditation. In 2019, he began getting sick. And then sicker. Brain fog. Memory issues. Difficulty focusing. Depression. Anxiety. Fatigue. Brandon was pretty sure he knew why: the cell tower a quarter-mile behind his shop and all the electromagnetic radiation it produces, that cellphones produce, that WiFi routers produce, that Bluetooth produces, that the whole damn world produces. He thought about the invisible waves that zip through our airspace -- maybe they pollute our bodies, somehow? [...] Then Brandon read about Green Bank, an unincorporated speck on the West Virginia map, hidden in the Allegheny Mountains, about a four-hour drive southwest of D.C. There are no cell towers there, by design. He read that other sick people had moved here and gotten better, that the area's electromagnetic quietude is protected by the federal government. Perhaps it could protect Brandon. It's quiet here so that scientists can listen to corners of the universe, billions of light-years away. In the 1950s, the federal government snatched up farmland to build the Green Bank Observatory. It's now home to the Robert C. Byrd Green Bank Radio Telescope, the largest steerable telescope in the world at 7,600 metric tons and a height of 485 feet. Its 2.3-acre dish can study quasars and pulsars, map asteroids and planets, and search for evidence of extraterrestrial life. The observatory's machines are so sensitive that terrestrial radio waves would interfere with their astronomical exploration, like a shout (a bunch of WiFi signals) drowning out a whisper (signals from the clouds of hydrogen hanging out between galaxies). So in 1958, the Federal Communications Commission created the National Radio Quiet Zone, a 13,000-square-mile area encompassing wedges of both Virginia and West Virginia, where radio transmissions are restricted to varying degrees. At its center is a 10-mile zone around the observatory where WiFi, cellphones and cordless phones -- among many other types of wave-emitting equipment -- are outlawed. Wired internet is okay, as are televisions -- though you must have a cable or satellite provider. It's not a place out of 100 years ago. More like 30. If you want to make plans to meet someone, you make them in person. Some people move here to work at the observatory. Others come because they feel like they have to. These are the 'electrosensitives,' as they often refer to themselves. They are ill, and Green Bank is their Lourdes. The electrosensitives guess that they number at least 75 in Pocahontas County, which has a population of roughly 7,500. Literary Hub, the BBC, Slate, and the Washingtonian have non-paywalled articles about Green Bank and the "wi-fi refugees" that shelter there.Read more of this story at Slashdot.

Microsoft has notified customers that it's missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions. From a report: According to a notification sent to affected customers, Microsoft said that "a bug in one of Microsoft's internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform" between September 2 and September 19. The notification said that the logging outage was not caused by a security incident, and "only affected the collection of log events." Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights. Logging helps to keep track of events within a product, such as information about users signing in and failed attempts, which can help network defenders identify suspected intrusions. Missing logs could make it more difficult to identify unauthorized access to the customers' networks during that two-week window.Read more of this story at Slashdot.

Analogue, a retro gaming company, is releasing a hardware-emulated Nintendo 64 console that can play every N64 game in 4K resolution. TechCrunch reports: Analogue, as is its habit, spent years meticulously re-engineering the N64 in FPGA form -- basically, this means that the new 3D console is, in several important ways, indistinguishable from the original hardware. One hundred percent compatibility with the console's game library is the most obvious one, meaning every single N64 cartridge works with this thing. Perhaps the bigger challenge with the N64, as with many other consoles of that era, is how it produces an image. The N64 put out an analog video signal intended for display on interlaced CRT displays -- something that directly influenced the gameplay and art styles of countless games for the platform. Many retro games simply look bad on modern high-resolution displays not because they are dated or the art is insufficient, but because the display techs are fundamentally different. To that end, Analogue has built in a native upscaler that, rather than cleaning up and digitizing the analog video output of the original system (as some upscalers do, with varying degrees of success), produces a natively digital, 4K signal with imitation CRT artifacts and scanlines. This is something they pioneered early on and produced several versions of to reproduce accurate phosphors and display modes for the multi-system Analogue Pocket. [...] The result is simply that games ought to look how you remembered them, which is to say probably a sight better than they actually looked. The Analogue 3D is available for pre-order at 8am PDT on October 21. It's priced at $250.Read more of this story at Slashdot.

Phoronix's Michael Larabel reports: Germany's Sovereign Tech Fund (STF) is today celebrating its second anniversary for "empowering public digital infrastructure." In the past two years it has invested more than $24.9 million into sixty open technologies. This effort backed by the German government has provided nearly $25 million USD in open-source funding over the past two years. In this time there has been more than 500 submissions proposing over 114 million euros in work. This Sovereign Tech Funding has helped open-source projects provide much needed maintenance to their software, enhance the security posture of the software, and make other open-source improvements in the public interest. You can learn more about the Sovereign Tech Fund via their blog.Read more of this story at Slashdot.

The U.S. Federal Trade Commission is investigating farm equipment maker Deere over its repair policies, focusing on whether the company's restrictions on repairs violate customers' "right to repair." Reuters reports: The investigation, authorized on Sept. 2, 2021, focuses on repair restrictions manufacturers place on hardware or software, often referred to by regulators as impeding customers' "right to repair" the goods they purchase. The probe was made public through a filing by data analytics company Hargrove & Associates Inc, which sought to quash an FTC subpoena seeking market data submitted to it by members of the Association of Equipment Manufacturers. Neither HAI nor AEM is a target of the FTC probe [...]. The FTC is probing whether Deere violated the Federal Trade Act's section 5, according to the filing. The law prohibits unfair or deceptive practices affecting commerce, and the FTC has recently used it in a broad array of cases, including against Amazon and pharmacy benefit managers.Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: A US startup company is offering to help wealthy couples screen their embryos for IQ using controversial technology that raises questions about the ethics of genetic enhancement. The company, Heliospect Genomics, has worked with more than a dozen couples undergoing IVF, according to undercover video footage. The recordings show the company marketing its services at up to $50,000 for clients seeking to test 100 embryos, and claiming to have helped some parents select future children based on genetic predictions of intelligence. Managers boasted their methods could produce a gain of more than six IQ points. [...] The footage appears to show experimental genetic selection techniques being advertised to prospective parents. A Heliospect employee, who has been helping the company recruit clients, outlined how couples could rank up to 100 embryos based on "IQ and the other naughty traits that everybody wants," including sex, height, risk of obesity and risk of mental illness. The startup says its prediction tools were built using data provided by UK Biobank, a taxpayer-funded store of genetic material donated by half a million British volunteers, which aims to only share data for projects that are "in the public interest". Selecting embryos on the basis of predicted high IQ is not permitted under UK law. While it is legal in the US, where embryology is more loosely regulated, IQ screening is not yet commercially available there. Asked for comment, managers at Heliospect said the company, which is incorporated in the US, operated within all applicable law and regulations. They said Heliospect was in "stealth mode" before a planned public launch and was still developing its service. They added that clients who screened fewer embryos were charged about $4,000, and that pricing on launch would be in line with competitors. Leading geneticists and bioethicists said the project raised a host of moral and medical issues.Read more of this story at Slashdot.

Netflix has begun raising prices in several countries, including Japan, parts of Europe, and Africa, as it seeks to sustain growth following its crackdown on password sharing. While its recent financial results show strong revenue growth, the company faces challenges in finding new subscribers and aims to boost future growth through advertising and fresh content. The BBC reports: In its latest results, Netflix announced that it had added 5.1 million subscribers between July and September - ahead of forecasts but the smallest gain in more than a year. The company is under pressure to show investors what will power growth in the years ahead, as its already massive reach makes finding new subscribers more difficult. The last time Netflix saw signs of slowdown, in 2022, it launched measures to stop password sharing and said it would offer a new streaming option with advertisements. The crackdown unleashed a new wave of growth. The firm has added more than 45 million new members since last year and has 282 million subscribers globally. Analysts also expect advertisements to eventually become big business for Netflix. For now, however, Netflix has said it remains "early days" and warned it did not expect it to start driving growth until next year, despite many subscribers opting for the ad-supported plan. The plan, which is the company's least expensive option, accounted for 50% of new sign-ups in the places where it is offered in the most recent quarter, Netflix said. Even without a boost from advertising, Netflix said revenue in the July-September period was up 15% compared with the same period last year, to more than $9.8 billion. Profit also rose from $1.6 billion in the same period last year to $2.3 billion.Read more of this story at Slashdot.

Cuba's power grid failed on Friday, leaving 10 million people without electricity. NPR reports: One of the country's largest power plants, the Antonio Guiteras power plant in the western province of Matanzas, failed shortly before midday on Friday. The failure prompted a total breakdown of Cuba's electrical system. The power outage comes after days of rolling blackouts. Cuba's prime minister, Manuel Marrero Cruz, blamed the problem on deteriorating infrastructure and fuel shortages exacerbated by Hurricane Milton, which has made it difficult for fuel deliveries to reach the island. The prime minister made an address on state television on Thursday evening and said the government would prioritize providing electricity to residential areas and promised shipments of fuel would arrive on the island in the coming days. Cuban officials have not indicated a timeline for when the power grid will be operational again. The massive blackout is a new low in a country that has already been dealing with a deepening economic crisis and widespread food shortages.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Recently, AI researcher Simon Willison wanted to add up his charges from using a cloud service, but the payment values and dates he needed were scattered among a dozen separate emails. Inputting them manually would have been tedious, so he turned to a technique he calls "video scraping," which involves feeding a screen recording video into an AI model, similar to ChatGPT, for data extraction purposes. What he discovered seems simple on its surface, but the quality of the result has deeper implications for the future of AI assistants, which may soon be able to see and interact with what we're doing on our computer screens. "The other day I found myself needing to add up some numeric values that were scattered across twelve different emails," Willison wrote in a detailed post on his blog. He recorded a 35-second video scrolling through the relevant emails, then fed that video into Google's AI Studio tool, which allows people to experiment with several versions of Google's Gemini 1.5 Pro and Gemini 1.5 Flash AI models. Willison then asked Gemini to pull the price data from the video and arrange it into a special data format called JSON (JavaScript Object Notation) that included dates and dollar amounts. The AI model successfully extracted the data, which Willison then formatted as CSV (comma-separated values) table for spreadsheet use. After double-checking for errors as part of his experiment, the accuracy of the results -- and what the video analysis cost to run -- surprised him. "The cost [of running the video model] is so low that I had to re-run my calculations three times to make sure I hadn't made a mistake," he wrote. Willison says the entire video analysis process ostensibly cost less than one-tenth of a cent, using just 11,018 tokens on the Gemini 1.5 Flash 002 model. In the end, he actually paid nothing because Google AI Studio is currently free for some types of use.Read more of this story at Slashdot.

An anonymous reader shares a report: Every year for the past seven, Nathan Benaich, the founder and solo general partner at the early-stage AI investment firm Air Street Capital, has produced a magisterial "State of AI" report. Benaich and his collaborators marshal an impressive array of data to provide a great snapshot of the technology's evolving capabilities, the landscape of companies developing it, a survey of how AI is being deployed, and a critical examination of the challenges still facing the field. One of the big takeaways from this year's report, which was published late last week, is that OpenAI's lead over other AI labs has largely eroded. Anthropic's Claude 3.5 Sonnet, Google's Gemini 1.5, X's Grok 2, and even Meta's open-source Llama 3.1 405 B model have equaled, or narrowly surpassed on some benchmarks, OpenAI's GPT-4o.aaBut, on the other hand, OpenAI still retains an edge for the moment on reasoning tasks with the release of its o1 "Strawberry" model -- which Air Street's report rightly characterized as a weird mix of incredibly strong logical abilities for some tasks, and surprisingly weak ones for others. Another big takeaway, Benaich told me, is the extent to which the cost of using a trained AI model -- an activity known as "inference" -- is falling rapidly. There are several reasons for this. One is linked to that first big takeaway: With models less differentiated from one another on capabilities and performance, companies are forced to compete on price.aaAnother reason is that engineers for companies such as OpenAI and Anthropic -- and their hyperscaler partners Microsoft and AWS, respectively -- are discovering ways to optimize how the largest models run on big GPU clusters. The cost of outputs from OpenAI's GPT-4o today is 100-times less per token (which is about equivalent to 1.5 words) than it was for GPT-4 when that model debuted in March 2023. Google's Gemini 1.5 Pro now costs 76% less per output token than it did when that model was launched in February 2024.aRead more of this story at Slashdot.

An anonymous reader shares a report: At the end of September, Kaspersky forcibly uninstalled and replaced itself with a new antivirus called UltraAV on the computers of around a million Americans, many of whom were surprised and aghast that they were not asked to give their consent for the change. The move was the end result of the U.S. government ban on all sales of Kaspersky software in the country and -- at least in theory -- marked the end of Kaspersky in America. But not everyone in the U.S. has given up on the Russian-made antivirus. Some Americans have found ways to get around the ban and are still using Kaspersky's antivirus, TechCrunch has learned. Several people who live in the U.S. said in posts on Reddit that they are holding out as Kaspersky customers. When TechCrunch asked them about their motivations, their reasons range from being skeptical of the reasons behind the ban, or having paid for the product already, to simply preferring the product over its rivals.Read more of this story at Slashdot.

The FIDO Alliance is developing new specifications to enable secure transfer of passkeys between different password managers and platforms. Announced this week, the initiative is the result of collaboration among members of the FIDO Alliance's Credential Provider Special Interest Group, including Apple, Google, Microsoft, 1Password, Bitwarden, Dashlane, and others. From a report: Passkeys are an industry standard developed by the FIDO Alliance and the World Wide Web Consortium, and were integrated into Apple's ecosystem with iOS 16, iPadOS 16.1, and macOS Ventura. They offer a more secure and convenient alternative to traditional passwords, allowing users to sign in to apps and websites in the same way they unlock their devices: With a fingerprint, a face scan, or a passcode. Passkeys are also resistant to online attacks like phishing, making them more secure than things like SMS one-time codes. The draft specifications, called Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF), will standardize the secure transfer of credentials across different providers. This addresses a current limitation where passkeys are often tied to specific ecosystems or password managers. Further reading: Passwords Have Problems, But Passkeys have more.Read more of this story at Slashdot.

An anonymous reader shares a report: From the ground, northeastern Norway might look like fjord country, peppered with neat red houses and dissected by snowmobile tours through the winter. But for pilots flying above, the region has become a danger zone for GPS jamming. The jamming in the region of Finnmark is so constant, Norwegian authorities decided last month they would no longer log when and where it happens -- accepting these disturbance signals as the new normal. Nicolai Gerrard, senior engineer at NKOM, the country's communications authority, says his organization no longer counts the jamming incidents. "It has unfortunately developed into an unwanted normal situation that should not be there. Therefore, the [Norwegian authority in charge of the airports] are not interested in continuous updates on something that is happening all the time." Pilots meanwhile, still have to adapt, usually when they are above 6,000 feet in the air. "We experience this almost every day," says Odd Thomassen, a captain and senior safety adviser at the Norwegian airline Wideroe. He claims jamming typically lasts between six and eight minutes at a time.Read more of this story at Slashdot.

With ransomware attacks surging and 2024 on track to be one of the worst years on record, U.S. officials are seeking ways to counter the threat, in some cases, urging a new approach to ransom payments. From a report: Ann Neuberger, U.S. deputy national security adviser for cyber and emerging technologies, wrote in a recent Financial Times opinion piece, that insurance policies -- especially those covering ransomware payment reimbursements -- are fueling the very same criminal ecosystems they seek to mitigate. "This is a troubling practice that must end," she wrote, advocating for stricter cybersecurity requirements as a condition for coverage to discourage ransom payments. Zeroing in on cyber insurance as a key area for reform comes as the U.S. government scrambles to find ways to disrupt ransomware networks. According to the latest report by the Office of the Director of National Intelligence, by mid-2024 more than 2,300 incidents already had been recorded -- nearly half targeting U.S. organizations -- suggesting that 2024 could exceed the 4,506 attacks recorded globally in 2023. Yet even as policymakers scrutinize insurance practices and explore broader measures to disrupt ransomware operations, businesses are still left to grapple with the immediate question when they are under attack: Pay the ransom and potentially incentivize future attacks or refuse and risk further damage. For many organizations, deciding whether to pay a ransom is a difficult and urgent decision. "In 2024, I attended a briefing by the FBI where they continued to advise against paying a ransom," said Paul Underwood, vice president of security at IT services company Neovera. "However, after making that statement, they said that they understand that it's a business decision and that when companies make that decision, it is taking into account many more factors than just ethics and good business practices. Even the FBI understood that businesses need to do whatever it takes to get back to operations," Underwood said.Read more of this story at Slashdot.

An anonymous reader shares a report: Byju Raveendran, the founder of the embattled edtech group Byju's, acknowledged on Thursday afternoon that he made mistakes, mistimed the market, overestimated growth potential and that his startup, once valued at $22 billion, is now effectively worth "zero." Speaking to a group of journalists, Raveendran said the company's aggressive acquisition of more than two dozen startups to expand into new markets proved fatal when financing dried up in 2022. Byju's was planning to go public in early 2022 with several investment bankers giving the firm valuation as high as $50 billion, TechCrunch reported earlier. He alleged that many of his more than 100 investors had urged him to pursue aggressive expansion into as many as 40 markets. But, he added, those very investors got cold feet when global markets tumbled following Russia's invasion of Ukraine, sending the venture capital market into a downward spiral.Read more of this story at Slashdot.

WP Engine has filed a motion for a preliminary injunction against Automattic and its CEO Matt Mullenweg, seeking to halt their public campaign and regain access to WordPress resources. The hosting platform claims it's suffering "immediate irreparable harm," including a 14% spike in cancellation requests following Mullenweg's criticism. WP Engine alleges the dispute has created anxiety among developers and increased security risks for the WordPress community. The legal action comes after Automattic accused WP Engine of trademark infringement, leading to exchanged cease-and-desist orders and a lawsuit. Last week, the WordPress.org project, led by Mullenweg, took control of WP Engine's Advanced Custom Fields plugin, redirecting users to a forked version.Read more of this story at Slashdot.

India is expected to limit imports of laptops, tablets and personal computers after January, Reuters reported Friday citing government sources, a move to push companies such as Apple to increase domestic manufacturing. From the report: This plan, if implemented, could disrupt an industry worth $8 billion to $10 billion and reshape the dynamics of the IT hardware market in India, which is heavily reliant on imports. A similar plan to restrict imports was withdrawn last year following backlash from companies and lobbying from the United States. India has since monitored imports under a system set to expire this year and has asked firms to seek fresh approvals for imports next year. The government feels it has given the industry enough time to adapt, said the sources, who did not want to be identified as discussions are private.Read more of this story at Slashdot.

Salesforce founder and chief executive Marc Benioff has doubled down on his criticism of Microsoft's Copilot, the AI-powered tool that can write Word documents, create PowerPoint presentations, analyze Excel spreadsheets and even reply to emails through Outlook. In a post on X, he writes: When you look at how Copilot has been delivered to customers, it's disappointing. It just doesn't work, and it doesn't deliver any level of accuracy. Gartner says it's spilling data everywhere, and customers are left cleaning up the mess. To add insult to injury, customers are then told to build their own custom LLMs. I have yet to find anyone who's had a transformational experience with Microsoft Copilot or the pursuit of training and retraining custom LLMs. Copilot is more like Clippy 2.0.Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Stripe is in talks to acquire stablecoin platform Bridge for a whopping $1 billion, according to Forbes (paypalled). The talks are reportedly in advanced stages, although nothing has been finalized. Bridge, co-founded by Coinbase alumni Zach Abrams and Sean Yu, has built an API that helps companies accept stablecoins. The pair raised $58 million from investors like Index Ventures and Sequoia Capital, according to PitchBook. If the deal with Stripe goes through, it would be a huge jump from Bridge's $200 million valuation, as well as being Stripe's largest acquisition to date.Read more of this story at Slashdot.

The blockchain-based identity verification company founded by Sam Altman is now called "World." It also unveiled a new version of the "Orb" biometric devices the company uses to scan users' eyes. CoinTelegraph reports: World, as it's now known, also revealed a slew of other updates including a new version of its Orb biometric scanning devices, new options for identity verification and partnership integrations with popular apps including FaceTime, WhatsApp, and Zoom. [...] The new Orb, powered by Nvidia hardware, will be more efficient and "five times" more powerful than its predecessor with a smaller footprint and fewer parts. The company also said the new Orb would eventually be available in self-service kiosks in some markets. World also announced that users will soon be able to verify their identity through methods other than the firm's Orb hardware. Through a program called World ID Credentials, the company says users with NFC-enabled government issued passports will allow them to verify their identity on the World app. Another major announcement came in the form of World ID Deep Face, a service the company claims has "solved deepfakes." According to the company, its software can be implemented into just about any app where video can be uploaded or streamed to determine whether videos featuring verified persons are real or have been faked using AI. Finally, the company also announced that so far 15 million users have signed up for its World app service; among them, seven million are verified.Read more of this story at Slashdot.

AWS CEO Matt Garman has harsh words for remote workers: return to the office or quit. TechCrunch: The Amazon executive recently told employees who don't like the new five-day in-person work policy that, "there are other companies around," presumably companies they can work for remotely, Reuters reported on Thursday. Amazon's top boss, Andy Jassy, told employees last month that there will be a full return-to-office starting in 2025, an increase from three days for roughly the last year.Read more of this story at Slashdot.

An anonymous reader quotes a report from The Verge: Donald Trump said Apple CEO Tim Cook called him to discuss the billions of dollars that Apple has been fined in the European Union. Trump made the statement during his appearance on the PBD Podcast -- and said that he won't let the EU "take advantage" of US companies like Apple if reelected. "Two hours ago, three hours ago, he [Cook] called me," Trump said. "He said the European Union has just fined us $15 billion... Then on top of that, they got fined by the European Union another $2 billion." In March, the EU fined Apple around $2 billion after finding that Apple used its dominance to restrict music streaming apps from telling customers about cheaper subscription deals outside the App Store. The EU later won its fight to make Apple pay $14.4 billion in unpaid taxes. "He [Cook] said something that was interesting," Trump said. "He said they're using that to run their enterprise, meaning Europe is their enterprise. "I said, 'That's a lot... But Tim, I got to get elected first, but I'm not going to let them take advantage of our companies -- that won't, you know, be happening.'" Trump has talked to several Big Tech executives over the past several months. "During an interview this week, Trump said he spoke with Google CEO Sundar Pichai to complain about all the 'bad stories' the search engine shows about him," notes The Verge. "Elon Musk recently spoke at a Trump rally in Pennsylvania, while Meta CEO Mark Zuckerberg called Trump over the summer 'a few times,' according to the former president."Read more of this story at Slashdot.

During its MAX event yesterday, Adobe teased some experimental photo and video editing tools for PhotoShop and Premiere Pro. There are a total of nine features, which include being able to rotate vector images, produce sound effects from text descriptions, and generate images in various shapes and sizes. Engadget reports: [W]e'll start with Project Perfect Blend for PS, which improves natural blending and makes shadow casting more realistic, creating more lifelike images. Project Clean Machine removes photo flashes, fireworks and objects blocking the camera's view. One feature that stands out is Project In Motion, which lets users transform custom shape animations into video by entering a prompt, while Project Know How is a content authenticator tool that can search for a video file's source online. Project Turntable lets users rotate 2D vector art in 3D, thereby allowing the 2D vector art to face a direction of their choice. The generative AI model fills in any blanks to create presentable 3D vector art. Another standout tool is Project Super Sonic, which generates sound effects via prompts or clicking on objects in a video. The latter method can create sounds without typing prompts into the generative AI model. Project Super Sonic seems helpful for people looking to design the sounds they want. Adobe is also working on Microsoft Copilot integration in Project Scenic. This tool creates 3D scene layouts using Copilot prompts, and the camera and objects in the layout can be tweaked. Project Remix A Lot leverages generative AI to create images in various shapes and sizes, all fully editable. In other words, users can "remix" creations into shapes they like, including unusual ones. Finally, we have Project Hi-Fi. With this tool, it's possible to transform sketches and concepts into high-quality images. These images can easily be dragged into PhotoShop for editing.Read more of this story at Slashdot.

Google's NotebookLM app has been updated to let you generate custom podcasts from almost any source material. The AI software is also dropping the "experimental" tag. Wired reports: To make an AI podcast using NotebookLM, open up the Google Labs website and start a New Notebook. Then, add any source documents you would like to be used for the audio output. These can be anything from files on your computer to YouTube links. Next, when you click on the Notebook guide, you'll now see the option to generate a deep dive as well as the option to customize it first. Choose Customize and add your prompt for how you'd like the AI podcast to come out. The software suggests that you consider what sections of the sources you'd like highlighted, larger topics you want further explored, or different intended audiences who you want the message to reach. One tip [Raiza Martin, who leads the NotebookLM team inside of Google Labs] shares for trying out the new feature is to generate the Audio Overview without changes, and while you're listening to this first iteration, write down any burning questions you have or topics you wish it expanded on. Afterwards, use these notes as a launching pad to create your prompts for NotebookLM and regenerate that AI podcast with your interests in mind. [...] Yes, Google's NotebookLM might flatten the specifics of a big document or get some details mixed up, but being able to generate more personalized podcasts from disparate sources truly does feel like a transformation -- and luckily nothing like turning into a giant bug. You can view some examples of AI-generated podcasts here.Read more of this story at Slashdot.

An anonymous reader quotes a report from BleepingComputer: A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems. ClickFix is a social-engineering tactic that emerged in May, first reported by cybersecurity company Proofpoint, from a threat actor (TA571) that used messages impersonating errors for Google Chrome, Microsoft Word, and OneDrive. The errors prompted the victim to copy to clipboard a piece of PowerShell code that would fix the issues by running it in Windows Command Prompt. Victims would thus infect systems with various malware such as DarkGate, Matanbuchus, NetSupport, Amadey Loader, XMRig, a clipboard hijacker, and Lumma Stealer. In July, McAfee reported that the ClickFix campaigns were becoming mode frequent, especially in the United States and Japan. A new report from Sekoia, a SaaS cybersecurity provider, notes that ClickFix campaigns have evolved significantly and now use a Google Meet lure, phishing emails targeting transport and logistics firms, fake Facebook pages, and deceptive GitHub issues. According to the French cybersecurity company, some of the more recent campaigns are conducted by two threat groups, the Slavic Nation Empire (SNE) and Scamquerteo, considered to be sub-teams of the cryptocurrency scam gangs Marko Polo and CryptoLove.Read more of this story at Slashdot.

In a memo from CEO Sundar Pichai, Google said it is moving the team behind the Gemini app to its AI research lab DeepMind. The shift "will improve feedback loops, enable fast deployment of our new models in the Gemini app," said Pichai. Reuters reports: Gemini is Google's most advanced AI technology, developed by DeepMind. The Gemini app is the direct consumer interface to the latest Gemini models. The Gemini app team, led by Sissie Hsiao, will join Google DeepMind under the leadership of its CEO Demis Hassabis. Google also announced that Prabhakar Raghavan, who has led the company's products including search, ads and commerce will become chief technologist and work closely with Pichai. Raghavan's role as lead of the Knowledge and Information team will be taken up by Nick Fox, who has closely worked with Google on its AI product roadmap.Read more of this story at Slashdot.

404 Media journalist and Slashdot contributor samleecole shares a report: After an exodus of employees at Automattic who disagreed with CEO Matt Mullenweg's recently divisive legal battle with WP Engine, he's upped the ante with another buyout offer -- and a threat that employees speaking to the press should "exit gracefully, or be fired tomorrow with no severance." Earlier this month, Mullenweg posed an "Alignment Offer" to all of his employees: Stand with him through a messy legal drama that's still unfolding, or leave. "It became clear a good chunk of my Automattic colleagues disagreed with me and our actions," he wrote on his personal blog on Oct. 3, referring to the ongoing dispute between himself and website hosting platform WP Engine, which Mullenweg called a "cancer to WordPress" and accusing WP Engine of "strip-mining the WordPress ecosystem. In the last month, he and WP Engine have volleyed cease and desist letters, and WP Engine is now suing Automattic, accusing Mullenweg of extortion and abuse of power. "I'm certain that Matt hasn't eliminated all dissenters, because I'm still there, but I expect that within the next six to twelve months, everyone who didn't leave but wasn't 'aligned' will have found a new job and left on their own terms," a current employee told 404 Media. "My personal morale has never been lower at this job, and I know that I'm not alone." Mullenweg himself, in internal screenshots viewed by 404 Media, acknowledged that his first "Alignment Offer" did not make everyone who disagreed with him leave the company. On Wednesday Mullenweg posted another ultimatum in Automattic's Slack: a new offer that would include nine months of compensation (up from the previous offer of six months). "We have technical means to identify the leaker as well, that I obviously can't disclose," he continued. "So this is their opportunity to exit gracefully, or be fired tomorrow with no severance and probably a big legal case for violating confidentiality agreement."Read more of this story at Slashdot.

The FBI has arrested an Alabama man who is accused of hacking the Securities and Exchange Commission's X account in January. From a report: The indictment alleges that 25-year-old Eric Council Jr. worked with co-conspirators to take control of the account and post a fake message from SEC Chair Gary Gensler about Bitcoin ETFs that caused the price of Bitcoin to jump by more than $1,000 momentarily. To carry out this scheme, Council is accused of creating a fake ID using the information belonging to the person in control of the SEC's X account. He then allegedly tricked AT&T into providing a SIM card with the victim's phone number and install it into a new iPhone he purchased. Finally, Council was able to gain control of the SEC's account using recovery authentication codes sent to the number, and later return the iPhone to the Apple Store where he'd bought it.Read more of this story at Slashdot.