You are here

Slashdot

Subscribe to Feed Slashdot Slashdot
News for nerds, stuff that matters
Përditësimi: 1 ditë 3 orë më parë

Data Collected by the US Justice Department Exposed in Consultant's Breach

Dje, 14/04/2024 - 1:16pd
DOJ-Collected Information Exposed In Data Breach Affecting 340,000 Information Collected An anonymous reader shared this report from Security Week: Economic analysis and litigation support firm Greylock McKinnon Associates, Inc. (GMA) is notifying over 340,000 individuals that their personal and medical information was compromised in a year-old data breach. The incident was detected on May 30, 2023, but it took the firm roughly eight months to investigate and determine what type of information was compromised and to identify the impacted individuals. According to GMA's notification letter to the affected individuals, a copy of which was submitted to the Maine Attorney General's Office, both personal and Medicare information was compromised in the data breach... "This information may have included your name, date of birth, address, Medicare Health Insurance Claim Number (which contains a Social Security number associated with a member) and some medical information and/or health insurance information," the notification letter reads. The compromised data, GMA says, was obtained by the US Department of Justice "as part of a civil litigation matter". More than 340,000 individuals were affected by the data breach, the company told the Maine Attorney General's Office. The impacted individuals, however, are "not the subject of this investigation or the associated litigation matters", the company tells the affected individuals.

Read more of this story at Slashdot.

Will America's Next Soldiers Be Machines?

Sht, 13/04/2024 - 11:43md
Foreign Policy magazine visits a U.S. military training exercise that pitted Lt. Isaac McCurdy and his platoon of infantry troops against machines with camera lenses for eyes and sheet metal for skin: Driving on eight screeching wheels and carrying enough firepower on their truck beds to fill a small arms depot, a handful of U.S. Army robots stormed through the battlefield of the fictional city of Ujen. The robots shot up houses where the opposition force hid. Drones that had been loitering over the battlefield for hours hovered above McCurdy and his team and dropped "bombs" — foam footballs, in this case — right on top of them, a perfectly placed artillery shot. Robot dogs, with sensors for heads, searched houses to make sure they were clear. "If you see the whites of someone's eyes or their sunglasses, [and] you shoot back at that, they're going to have a human response," McCurdy said. "If it's a robot pulling up, shooting something that's bigger than you can carry yourself, and it's not going to just die when you shoot a center mass, it's a very different feeling." In the United States' next major war, the Army's brass is hoping that robots will be the ones taking the first punch, doing the dirty, dull, and dangerous jobs that killed hundreds — likely thousands — of the more than 7,000 U.S. service members who died during two decades of wars in the Middle East. The goal is to put a robot in the most dangerous spot on the battlefield instead of a 19-year-old private fresh out of basic training... [Several] Army leaders believe that almost every U.S. Army unit, down to the smallest foot patrols, will soon have drones in the sky to sense, protect, and attack. And it won't be long before the United States is deploying ground robots into battle in human-machine teams. The robots haven't been tested with live ammunition yet — or in colder temperatures, the magazine notes. (And at one point in the exercise, "Army officials jammed themselves, and a swarm of drones dropped out of the sky.) But the U.S. Army is "considering a proposal to add a platoon of robots, the equivalent of 20 to 50 human soldiers, to its armored brigade combat team." Six generals and several colonels watched the exercise, according to the article, which notes that the ultimate goal isn't to replace all human soldiers. "The point is to get the advantage before China or Russia do."

Read more of this story at Slashdot.

New Spectre V2 Attack Impacts Linux Systems On Intel CPUs

Sht, 13/04/2024 - 10:34md
An anonymous reader shared this report from BleepingComputer: Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors. Spectre V2 is a new variant of the original Spectre attack discovered by a team of researchers at the VUSec group from VU Amsterdam. The researchers also released a tool that uses symbolic execution to identify exploitable code segments within the Linux kernel to help with mitigation. The new finding underscores the challenges in balancing performance optimization with security, which makes addressing fundamental CPU flaws complicated even six years after the discovery of the original Spectre.... As the CERT Coordination Center (CERT/CC) disclosed yesterday, the new flaw, tracked as CVE-2024-2201, allows unauthenticated attackers to read arbitrary memory data by leveraging speculative execution, bypassing present security mechanisms designed to isolate privilege levels. "An unauthenticated attacker can exploit this vulnerability to leak privileged memory from the CPU by speculatively jumping to a chosen gadget," reads the CERT/CC announcement. "Current research shows that existing mitigation techniques of disabling privileged eBPF and enabling (Fine)IBT are insufficient in stopping BHI exploitation against the kernel/hypervisor." "For a complete list of impacted Intel processors to the various speculative execution side-channel flaws, check this page updated by the vendor."

Read more of this story at Slashdot.

US Government Says Recent Microsoft Breach Exposed Federal Agencies to Hacking

Sht, 13/04/2024 - 9:34md
From the Washington Post: The U.S. government said Thursday that Russian government hackers who recently stole Microsoft corporate emails had obtained passwords and other secret material that might allow them to breach multiple U.S. agencies. The Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security, on Tuesday issued a rare binding directive to an undisclosed number of agencies requiring them to change any log-ins that were taken and investigate what else might be at risk. The directive was made public Thursday, after recipients had begun shoring up their defenses. The "successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies," CISA wrote. "This Emergency Directive requires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and take additional steps to ensure authentication tools for privileged Microsoft Azure accounts are secure." "CISA officials told reporters it is so far unclear whether the hackers, associated with Russian military intelligence agency SVR, had obtained anything from the exposed agencies," according to the article. And the article adds that CISA "did not spell out the extent of any risks to national interests." But the agency's executive assistant director for cybersecurity did tell the newspaper that "the potential for exposure of federal authentication credentials...does pose an exigent risk to the federal enterprise, hence the need for this directive and the actions therein." Microsoft's Windows operating system, Outlook email and other software are used throughout the U.S. government, giving the Redmond, Washington-based company enormous responsibility for the cybersecurity of federal employees and their work. But the longtime relationship is showing increasing signs of strain.... [T]he breach is one of a few severe intrusions at the company that have exposed many others elsewhere to potential hacking. Another of those incidents — in which Chinese government hackers cracked security in Microsoft's cloud software offerings to steal email from State Department and Commerce Department officials — triggered a major federal review that last week called on the company to overhaul its culture, which the Cyber Safety Review Board cited as allowing a "cascade of avoidable errors."

Read more of this story at Slashdot.

'Defeated' CEO's Finally Concede Hybrid Working Is Here to Stay

Sht, 13/04/2024 - 8:34md
"After a year of cracking down with rigid return-to-office mandates, defeated CEOs are now finally accepting that hybrid working is here to stay," reports Fortune: KPMG surveyed U.S. CEOs of companies turning over at least $500 million and found that just one-third expect a full return to the office in the next three years. So it's official: Leaders who believe that office workers will be back at their desks five days a week in the near future are now in the small minority. It's a complete 360 on their stance last year, when 62% of CEOs surveyed predicted that working from home would end by 2026. At the time, 90% of CEOs even admitted that they were so steadfast on summoning staff back to their vertical towers that they were sweetening the pot with salary raises, promotions, and favorable assignments to those who showed face more. But now, bosses are backtracking: Nearly half of CEOs have concluded that the future of work is hybrid — up from 34% last year. What's more, a sizable chunk of CEOs aren't just embracing working from home on Fridays, they're going one step further and ditching the workday altogether. KPMG found that a third of CEOs are exploring the feasibility of a four-day week at their firm... Research has echoed that nearly half of companies with return-to-office mandates witnessed a higher level of employee attrition than they had anticipated, and 29% of companies enforcing office returns are struggling with recruitment. It perhaps explains why, as KPMG's data shows, CEOs are now waking up to the fact that the future of work is probably the happy medium of hybrid... Lewis Maleh, CEO of the global executive recruitment agency Bentley Lewis, has already witnessed a U-turn to more flexible job ads. "I've noticed a definite rise in job postings advertising remote or hybrid work," Maleh tells Fortune. "We haven't worked on any searches that require the candidate to be in the office five days per week in the past six months globally." "The shift demonstrates the cementing of hybrid work models, as CEOs increasingly recognize flexibility as a key factor in attracting and retaining top talent."

Read more of this story at Slashdot.

73-Year-Old Clifford Stoll Is Now Selling Klein Bottles

Sht, 13/04/2024 - 7:34md
O'Reilly's "Tech Trends" newsletter included an interesting item this month: Want your own Klein Bottle? Made by Cliff Stoll, author of the cybersecurity classic The Cuckoo's Egg, who will autograph your bottle for you (and may include other surprises). First described in 1882 by the mathematician Felix Klein, a Klein bottle (like a Mobius strip) has a one-side surface. ("Need a zero-volume bottle...?" asks Stoll's web site. "Want the ultimate in non-orientability...? A mathematician's delight, handcrafted in glass.") But how the legendary cyberbreach detective started the company is explained in this 2016 article from a U.C. Berkeley alumni magazine. Its headline? "How a Berkeley Eccentric Beat the Russians — and Then Made Useless, Wondrous Objects." The reward for his cloak-and-dagger wizardry? A certificate of appreciation from the CIA, which is stashed somewhere in his attic... Stoll published a best-selling book, The Cuckoo's Egg, about his investigation. PBS followed it with a NOVA episode entitled "The KGB, the Computer, and Me," a docudrama starring Stoll playing himself and stepping through the "fourth wall" to double as narrator. Stoll had stepped through another wall, as well, into the numinous realm of fame, as the burgeoning tech world went wild with adulation... He was more famous than he ever could have dreamed, and he hated it. "After a few months, you realize how thin fame is, and how shallow. I'm not a software jockey; I'm an astronomer. But all people cared about was my computing." Stoll's disenchantment also arose from what he perceived as the false religion of the Internet... Stoll articulated his disenchantment in his next book, Silicon Snake Oil, published in 1995, which urged readers to get out from behind their computer screens and get a life. "I was asking what I thought were reasonable questions: Is the electronic classroom an improvement? Does a computer help a student learn? Yes, but what it teaches you is to go to the computer whenever you have a question, rather than relying on yourself. Suppose I was an evil person and wanted to eliminate the curiosity of children. Give the kid a diet of Google, and pretty soon the child learns that every question he has is answered instantly. The coolest thing about being human is to learn, but you don't learn things by looking it up; you learn by figuring it out." It was not a popular message in the rise of the dot-com era, as Stoll soon learned... Being a Voice in the Wilderness doesn't pay well, however, and by this time Stoll had taken his own advice and gotten a life; namely, marrying and having two children. So he looked around for a way to make some money. That ushered in his third — and current — career as President and Chief Bottle Washer of the aforementioned Acme Klein Bottle company... At first, Stoll had a hard time finding someone to make Klein bottles. He tried a bong peddler on Telegraph Avenue, but the guy took Cliff's money and disappeared. "I realized that the trouble with bong makers is that they're also bong users." Then in 1994, two friends of his, Tom Adams and George Chittenden, opened a shop in West Berkeley that made glassware for science labs. "They needed help with their computer program and wanted to pay me," Stoll recalls. "I said, 'Nah, let's make Klein bottles instead.' And that's how Acme Klein Bottles was born."

Read more of this story at Slashdot.

Google Finally Launches Android's 'Find My Device' Network

Sht, 13/04/2024 - 6:34md
This week the new "Find My Device" feature rolled out to Android devices around the world, starting in the U.S. and Canada. "With a new, crowdsourced network of over a billion Android devices, Find My Device can help you find your misplaced Android devices and everyday items quickly and securely," according to a Google blog post. ZDNet explains: Although Google already offers a Find My Device setting on Android phones, the device you're looking for must be powered on and connected for the feature to work. The new Find My Device network is designed to use Bluetooth to track down missing phones and other devices that are disconnected from a Wi-Fi or cellular network. A Powered Off Finding feature would let each device store beacons in its Bluetooth controller's memory, letting the network see any supported device even if it's not connected. From Google's blog post: Locate your compatible Android phone and tablet by ringing them or viewing their location on a map in the app — even when they're offline. And thanks to specialized Pixel hardware, Pixel 8 and 8 Pro owners will also be able to find their devices if they're powered off or the battery is dead. Starting in May, you'll be able to locate everyday items like your keys, wallet or luggage with Bluetooth tracker tags from Chipolo and Pebblebee in the Find My Device app. Google promises "end-to-end encryption of location data as well as aggregated device location reporting, a first-of-its-kind safety feature that provides additional protection against unwanted tracking back to a home or private location." Find My Device is available on compatible devices running Android 9 or higher. In addition, "Sometimes what we're looking for is right under our noses. If you're close to your lost device but need a little extra help tracking it down, a 'Find nearby' button will appear to help you figure out exactly where it's hiding. You'll also be able to use this to find everyday items, like your wallet or keys, when Bluetooth tags launch in May. "More often than not, we lose everyday items like our keys or phone right at home. So the Find My Device app now shows a lost device's proximity to your home Nest devices, giving you an easy reference point."

Read more of this story at Slashdot.

Cloud Brightening Research Begins in California

Sht, 13/04/2024 - 5:34md
Aboard the deck of a World War II-era aircraft carrier, University of Washington scientists flicked the switch on a glorified snow-making machine," reports the Seattle Times. They describe the scientists "blasting a plume of saline spray off the coast of Alameda, California... trying to perfect a shot of salty particles that would make clouds better at reflecting sunlight back toward space, and help cool the Earth. "It's called marine cloud brightening." Compressed air was pumped at hundreds of pounds per square inch through a nozzle full of a salty mix with a similar composition to seawater housed in an apparatus similar to a snow-making machine. The New York Times reported the machine produced a deafening hiss, releasing a fine mist that traveled hundreds of feet through the air. The scientists wanted to see if the machine could generate a consistent spray of the right size salt aerosols, taking samples downwind with instruments mounted on scissor lifts, commonly used in construction. "This study is not yet large enough to affect local weather," the article points out. Yet "the idea of interfering with nature is so contentious, organizers of Tuesday's test kept the details tightly held, concerned that critics would try to stop them," reported the New York Times. If it works, the next stage would be to aim at the heavens and try to change the composition of clouds above the Earth's oceans..."I hope, and I think all my colleagues hope, that we never use these things, that we never have to," said Sarah Doherty, an atmospheric scientist at the University of Washington and the manager of its marine cloud brightening program. She said there were potential side effects that still needed to be studied, including changing ocean circulation patterns and temperatures, which might hurt fisheries. Cloud brightening could also alter precipitation patterns, reducing rainfall in one place while increasing it elsewhere. But it's vital to find out whether and how such technologies could work, Doherty said, in case society needs them. And no one can say when the world might reach that point. More from the Seattle Times: Some scientists warn that human influence on natural phenomena has rarely yielded the desired outcome, and often comes with unintended consequences. But, as the fossil-fueled world hurtles toward the internationally approved global warming limit to avoid the worst impacts of climate change, some argue there's a need to study backup plans. "When I started graduate school in 1995, climate change, global warming was on the horizon, but there was still time to do something like reduce emissions at a scale that would allow us to avoid serious climate disruption," program manager Sarah Doherty said in an interview. "I think it's come to the point where the science community recognizes that a fairly significant degree of climate disruption and damage and suffering is pretty inevitable...." Doherty and the team are not advocating that anyone try cloud brightening now, but instead are hoping to develop a foundation for research that future decision-makers could rely on if they are evaluating geoengineering as a means of reducing suffering. More info here from Politico and San Francisco Chronicle. The New York Times notes that Bill Gates began funding early research in 2006.

Read more of this story at Slashdot.

The Linux Foundation's 'OpenTofu' Project Denies HashiCorp's Allegations of Code Theft

Sht, 13/04/2024 - 4:34md
The Linux Foundation-backed project OpenTofu "has gotten legal pushback from HashiCorp," according to a report — just seven months after forking OpenTofu's code from HashiCorp's IT deployment software Terraform: On April 3, HashiCorp issued a strongly-worded Cease and Desist letter to OpenTofu, accusing that the project has "repeatedly taken code HashiCorp provided only under the Business Software License (BSL) and used it in a manner that violates those license terms and HashiCorp's intellectual property rights." It goes on to note that "In at least some instances, OpenTofu has incorrectly re-labeled HashiCorp's code to make it appear as if it was made available by HashiCorp originally under a different license." Last August, HashiCorp announced that it would be transitioning its software from the open source Mozilla Public License (MPL 2.0) to the Business Source License (BSL), a license that permits the source to be viewed, but not run in production environments without explicit approval by the license owner. HashiCorp gave OpenTofu until April 10 to remove any allegedly copied code from the OpenTofu repository, threatening litigation if the project fails to do so. Others are also covering the fracas, including Steven J. Vaughan-Nichols at DevOps.com: OpenTofu replied, "The OpenTofu team vehemently disagrees with any suggestion that it misappropriated, mis-sourced, or otherwise misused HashiCorp's BSL code. All such statements have zero basis in facts." In addition, it said, HashiCorp's claims of copyright infringement are completely unsubstantiated. As for the code in question, OpenTofu claims it can clearly be shown to have been copied from older code under the Mozilla Public License (MPL) 2.0. "HashiCorp seems to have copied the same code itself when they implemented their version of this feature. All of this is easily visible in our detailed SCO analysis, as well as their own comments." In a detailed source code origination (SCO) examination of the problematic source code, OpenTofu stated that HashiCorp was mistaken. "We believe that this is just a case of a misunderstanding where the code came from." OpenTofu maintains the code was originally licensed under the MPL, not the BSL. If so, then OpenTofu was perfectly within its right to use the code in its codebase... [OpenTofu's lawyer] concluded, "In the future, if you should have any concerns or questions about how source code in OpenTofu is developed, we would ask that you contact us first. Immediately issuing DMCA takedown notices and igniting salacious negative press articles is not the most helpful path to resolving concerns like this."

Read more of this story at Slashdot.

Should the US Ban Chinese EVs?

Sht, 13/04/2024 - 3:00md
An anonymous reader quotes a report from Ars Technica: Influential US Senator Sherrod Brown (D-Ohio) has called on U.S. President Joe Biden to ban electric vehicles from Chinese brands. Brown calls Chinese EVs "an existential threat" to the U.S. automotive industry and says that allowing imports of cheap EVs from Chinese brands "is inconsistent with a pro-worker industrial policy." Brown's letter to the president (PDF) is the most recent to sound alarms about the threat of heavily subsidized Chinese EVs moving into established markets. Brands like BYD and MG have been on sale in the European Union for some years now, and last October, the EU launched an anti-subsidy investigation into whether the Chinese government is giving Chinese brands an unfair advantage. The EU probe won't wrap until November, but another report published this week found that government subsidies for green technology companies are prevalent in China. BYD, which now sells more EVs than Tesla, has benefited from almost $4 billion (3.7 billion euro) in direct help from the Chinese government in 2022, according to a study by the Kiel Institute. Last month, the EU even started paying extra attention to imports of Chinese EVs, issuing a threat of retroactive tariffs that could start being imposed this summer. Chinese EV imports to the EU have increased by 14 percent since the start of its investigation, but they have yet to really begin in the U.S., where there are a few barriers in their way. Chinese batteries make an EV ineligible for the IRS's clean vehicle tax credit, for one thing. And Chinese-made vehicles (like the Lincoln Nautilus, Buick Envision, and Polestar 2) are already subject to a 27.5 percent import tax. But Chinese EVs are on sale in Mexico already, and that has American automakers worried. Last year, Ford CEO Jim Farley said he saw Chinese automakers "as the main competitors, not GM or Toyota." And in January, Tesla CEO Elon Musk said he believed that "if there are no trade barriers established, they will pretty much demolish most other car companies in the world." [...] It's not just the potential damage to the U.S. auto industry that has prompted this letter. Brown wrote that he is concerned about the risk of China having access to data collected by connected cars, "whether it be information about traffic patterns, critical infrastructure, or the lives of Americans," pointing out that "China does not allow American-made electric vehicles near their official buildings." At the end of February, the Commerce Department also warned of the security risk from Chinese-connected cars and revealed it has launched an investigation into the matter. "When the goal is to dominate a sector, tariffs are insufficient to stop their attack on American manufacturing," Brown wrote. "Instead, the Administration should act now to ban Chinese EVs before they destroy the potential for the U.S. EV market. For this reason, no solution should be left off the table, including the use of Section 421 (China Safeguard) of the Trade Act of 1974, or some other authority."

Read more of this story at Slashdot.

Japanese Astronauts To Land On Moon As Part of New NASA Partnership

Sht, 13/04/2024 - 12:00md
Under a new agreement between the U.S. and Japan, the first non-American on the Moon as part of the Artemis lunar exploration campaign will be a Japanese astronaut. SpaceNews reports: At an event in Washington, NASA Administrator Bill Nelson and Japanese Minister of Education, Culture, Sports, Science and Technology (MEXT) Masahito Moriyama signed an agreement regarding an additional Japanese contribution to Artemis, a pressurized lunar rover called Lunar Cruiser. NASA will deliver the rover to the moon, which the agencies said should take place ahead of the Artemis 7 mission scheduled for no earlier than 2031. NASA will also provide two seats on future Artemis lunar landing missions to astronauts from the Japanese space agency JAXA, the first agency other than NASA to secure spots on landing missions. The Japanese rover will support extended expeditions from Artemis landing sites that are beyond the range of the Lunar Terrain Vehicle that three American companies are developing for NASA under contracts announced April 3. The rover is designed to accommodate two astronauts for up to 30 days, with an overall lifetime of 10 years. The announcement, though, offered no details about when the Japanese astronauts would fly to the moon. "It depends," Nelson said at an April 10 briefing when asked about schedules, noting that the two countries "announced a shared goal for a Japanese national to land on the moon on a future NASA mission assuming benchmarks are achieved." "No mission has been currently assigned to a Japanese astronaut," added Lara Kearney, manager of NASA's extravehicular activity and human surface mobility program, at the briefing. The implementing agreement (PDF) said several factors will go into crew assignments, including progress on the pressurized rover, or PR: "The timing of the flight opportunities will be determined by NASA in line with existing flight manifesting and crew assignment processes and will take into account program progress and constraints, MEXT's request for the earliest possible assignment of the Japanese astronauts to lunar surface missions, and major PR milestones such as when the PR is first deployed on the lunar surface." The assumption among many in the industry, though, is that at least one of the astronauts will fly before the rover is delivered, and possibly as soon as the Artemis 4 mission, the second crewed landing, in the late 2020s.

Read more of this story at Slashdot.

ESA Prepares To Create Solar Eclipses To Study the Sun

Sht, 13/04/2024 - 9:00pd
Andrew Jones reports via IEEE Spectrum: The European Space Agency will launch a mission late this year to demonstrate precision formation flying in orbit to create artificial solar eclipses. In a press conference last week, the agency announced details of the mission and the technology the orbiters will use to pull off its exquisitely-choreographed maneuvers. ESA's Proba-3 (PRoject for On-Board Autonomy) consists of a pair of spacecraft: a 300-kilogram Coronagraph spacecraft and a 250-kilogram Occulter. The pair are now slated to launch on an Indian PSLV rocket in September and ultimately enter a highly elliptical, 600-by-60,530-kilometer orbit. The aim, the agency says, is to move the separate spacecraft to some 144 meters apart, with the Occulter, as a disc, blocking out the sun. Achieving this formation will allow the Coronagraph to study our star's highly ionized, extremely hot atmosphere -- but also demonstrate the technology as a precursor for more ambitious, future, formation-flying endeavors. [...] ESA has science objectives for Proba-3, using observations made in space to study solar astrophysics without any intervention of the Earth's atmosphere. The agency's Association of Spacecraft for Polarimetric and Imaging Investigation of the Corona of the Sun (ASPIICS) coronagraph will help to discern why the solar corona is significantly hotter than the Sun itself. This could further our understanding of the Sun and assist solar weather predictions. However, it is the precision formation flying that Proba-3 aims to demonstrate which could help unlock future breakthroughs. [...] Precisely-controlled Occulter spacecraft could be used with space telescopes to block light from a star in order to directly detect potential orbiting planets, while a constellation of spacecraft can, through interferometry, create large-scale observatories, achieving large apertures and long focal lengths than possible with large solo satellites. Further applications include Earth observation, space-based gravitational wave detection, and a range of missions in which two or more spacecraft need to interact, such as rendezvous, docking, and in-orbit servicing.

Read more of this story at Slashdot.

House Votes To Extend -- and Expand -- a Major US Spy Program

Sht, 13/04/2024 - 5:30pd
An anonymous reader quotes a report from Wired: A controversial US wiretap program days from expiration cleared a major hurdle on its way to being reauthorized. After months of delays, false starts, and interventions by lawmakers working to preserve and expand the US intelligence community's spy powers, the House of Representatives voted on Friday to extend Section 702 (PDF) of the Foreign Intelligence Surveillance Act (FISA) for two years. Legislation extending the program -- controversial for being abused by the government -- passed in the House in a 273-147 vote. The Senate has yet to pass its own bill. Section 702 permits the US government to wiretap communications between Americans and foreigners overseas. Hundreds of millions of calls, texts, and emails are intercepted by government spies each with the "compelled assistance" of US communications providers. The government may strictly target foreigners believed to possess "foreign intelligence information," but it also eavesdrops on the conversations of an untold number of Americans each year. (The government claims it is impossible to determine how many Americans get swept up by the program.) The government argues that Americans are not themselves being targeted and thus the wiretaps are legal. Nevertheless, their calls, texts, and emails may be stored by the government for years, and can later be accessed by law enforcement without a judge's permission. The House bill also dramatically expands the statutory definition for communication service providers, something FISA experts, including Marc Zwillinger -- one of the few people to advise the Foreign Intelligence Surveillance Court (FISC) -- have publicly warned against. The FBI's track record of abusing the program kicked off a rare detente last fall between progressive Democrats and pro-Trump Republicans -- both bothered equally by the FBI's targeting of activists, journalists, anda sitting member of Congress. But in a major victory for the Biden administration, House members voted down an amendment earlier in the day that would've imposed new warrant requirements on federal agencies accessing Americans' 702 data. The warrant amendment was passed earlier this year by the House Judiciary Committee, whose long-held jurisdiction over FISA has been challenged by friends of the intelligence community. Analysis by the Brennan Center this week found that 80 percent of the base text of the FISA reauthorization bill had been authored by intelligence committee members.

Read more of this story at Slashdot.

Calpine's California Battery Plant Is Among World's Largest

Sht, 13/04/2024 - 4:20pd
Calpine's billion-dolllar Nova Power Bank near Los Angeles will be among the largest in the world when it comes online later this year. According to Reuters, the plant is built on the site of a failed gas-fired power plant and "will be able to power about 680,000 homes for up to four hours when charged." From the report: The 680-megawatt lithium-ion battery bank is big even for California, which boasts about 55% of the nation's power storage capacity, according to data from the U.S. Energy Information Administration. Calpine will bring online 620 MW of the bank in two phases this year starting in the summer and open the remaining 60 MW in 2025. [...] Calpine, best known in the state for its fleet of gas plants, has about 2,000 MW of battery capacity under development. California was a pioneer in mandating that its utilities begin procuring energy storage more than a decade ago. The state is expected to need about 50 gigawatts of battery storage to meet its 2045 goal of getting all of its power from carbon-free sources, up from about 7 GW today.

Read more of this story at Slashdot.

Scientists Discover First Nitrogen-Fixing Organelle

Sht, 13/04/2024 - 3:40pd
In two recent papers, an international team of scientists describes the first known nitrogen-fixing organelle within a eukaryotic cell, which the researchers are calling a nitroplast. Phys.Org reports: The discovery of the organelle involved a bit of luck and decades of work. In 1998, Jonathan Zehr, a UC Santa Cruz distinguished professor of marine sciences, found a short DNA sequence of what appeared to be from an unknown nitrogen-fixing cyanobacterium in Pacific Ocean seawater. Zehr and colleagues spent years studying the mystery organism, which they called UCYN-A. At the same time, Kyoko Hagino, a paleontologist at Kochi University in Japan, was painstakingly trying to culture a marine alga. It turned out to be the host organism for UCYN-A. It took her over 300 sampling expeditions and more than a decade, but Hagino eventually successfully grew the alga in culture, allowing other researchers to begin studying UCYN-A and its marine alga host together in the lab. For years, the scientists considered UCYN-A an endosymbiont that was closely associated with an alga. But the two recent papers suggest that UCYN-A has co-evolved with its host past symbiosis and now fits criteria for an organelle. In a paper published in Cell in March 2024, Zehr and colleagues from the Massachusetts Institute of Technology, Institut de Ciencies del Mar in Barcelona and the University of Rhode Island show that the size ratio between UCYN-A and their algal hosts is similar across different species of the marine haptophyte algae Braarudosphaera bigelowii. The researchers use a model to demonstrate that the growth of the host cell and UCYN-A are controlled by the exchange of nutrients. Their metabolisms are linked. This synchronization in growth rates led the researchers to call UCYN-A "organelle-like." "That's exactly what happens with organelles," said Zehr. "If you look at the mitochondria and the chloroplast, it's the same thing: they scale with the cell." But the scientists did not confidently call UCYN-A an organelle until confirming other lines of evidence. In the cover article of the journal Science, published today, Zehr, Coale, Kendra Turk-Kubo and Wing Kwan Esther Mak from UC Santa Cruz, and collaborators from the University of California, San Francisco, the Lawrence Berkeley National Laboratory, National Taiwan Ocean University, and Kochi University in Japan show that UCYN-A imports proteins from its host cells. "That's one of the hallmarks of something moving from an endosymbiont to an organelle," said Zehr. "They start throwing away pieces of DNA, and their genomes get smaller and smaller, and they start depending on the mother cell for those gene products -- or the protein itself -- to be transported into the cell." Coale worked on the proteomics for the study. He compared the proteins found within isolated UCYN-A with those found in the entire algal host cell. He found that the host cell makes proteins and labels them with a specific amino acid sequence, which tells the cell to send them to the nitroplast. The nitroplast then imports the proteins and uses them. Coale identified the function of some of the proteins, and they fill gaps in certain pathways within UCYN-A. "It's kind of like this magical jigsaw puzzle that actually fits together and works," said Zehr. In the same paper, researchers from UCSF show that UCYN-A replicates in synchrony with the alga cell and is inherited like other organelles.

Read more of this story at Slashdot.

96% of US Hospital Websites Share Visitor Info With Meta, Google, Data Brokers

Sht, 13/04/2024 - 3:00pd
An anonymous reader quotes a report from The Guardian: Hospitals -- despite being places where people implicitly expect to have their personal details kept private -- frequently use tracking technologies on their websites to share user information with Google, Meta, data brokers, and other third parties, according to research published today. Academics at the University of Pennsylvania analyzed a nationally representative sample of 100 non-federal acute care hospitals -- essentially traditional hospitals with emergency departments -- and their findings were that 96 percent of their websites transmitted user data to third parties. Additionally, not all of these websites even had a privacy policy. And of the 71 percent that did, 56 percent disclosed specific third-party companies that could receive user information. The researchers' latest work builds on a study they published a year ago of 3,747 US non-federal hospital websites. That found 98.6 percent tracked and transferred visitors' data to large tech and social media companies, advertising firms, and data brokers. To find the trackers on websites, the team checked out each hospitals' homepage on January 26 using webXray, an open source tool that detects third-party HTTP requests and matches them to the organizations receiving the data. They also recorded the number of third-party cookies per page. One name in particular stood out, in terms of who was receiving website visitors' information. "In every study we've done, in any part of the health system, Google, whose parent company is Alphabet, is on nearly every page, including hospitals," [Dr Ari Friedman, an assistant professor of emergency medicine at the University of Pennsylvania] observed. "From there, it declines," he continued. "Meta was on a little over half of hospital webpages, and the Meta Pixel is notable because it seems to be one of the grabbier entities out there in terms of tracking." Both Meta and Google's tracking technologies have been the subject of criminal complaints and lawsuits over the years -- as have some healthcare companies that shared data with these and other advertisers. In addition, between 20 and 30 percent of the hospitals share data with Adobe, Friedman noted. "Everybody knows Adobe for PDFs. My understanding is they also have a tracking division within their ad division." Others include telecom and digital marketing companies like The Trade Desk and Verizon, plus tech giants Oracle, Microsoft, and Amazon, according to Friedman. Then there's also analytics firms including Hotjar and data brokers such as Acxiom. "And two thirds of hospital websites had some kind of data transfer to a third-party domain that we couldn't even identify," he added. Of the 71 hospital website privacy policies that the team found, 69 addressed the types of user information that was collected. The most common were IP addresses (80 percent), web browser name and version (75 percent), pages visited on the website (73 percent), and the website from which the user arrived (73 percent). Only 56 percent of these policies identified the third-party companies receiving user information. In lieu of any federal data privacy law in the U.S., Friedman recommends users protect their personal information via the browser-based tools Ghostery and Privacy Badger, which identify and block transfers to third-party domains.

Read more of this story at Slashdot.

Adobe Firefly Used Thousands of Midjourney Images In Training Its 'Ethical AI' Model

Sht, 13/04/2024 - 2:20pd
According to Bloomberg, Adobe used images from its competitor Midjourney to train its own artificial intelligence image generator, Firefly -- contradicting the "commercially safe" ethical standards the company promotes. Tom's Guide reports: The startup has never declared the source of its training data but many suspect it is from images it scraped from the internet without licensing. Adobe says only about 5% of the millions of images used to train Firefly fell into this category and all of them were part of the Adobe Stock library, which meant they'd been through a "rigorous moderation process." When Adobe first launched Firefly it offered an indemnity against copyright theft claims for its enterprise customers as a way to convince them it was safe. Adobe also sold Firefly as the safe alternative to the likes of Midjourney and DALL-E as all the data had been licensed and cleared for use in training the model. Not all artists were that keen at the time and felt they were coerced into agreeing to let their work be used by the creative tech giant -- but the sense was any image made with Firefly was safe to use without risk of being sued for copyright theft. Despite the revelation some of the images came from potentially less reputable sources, Adobe says all of the non-human pictures are still safe. A spokesperson told Bloomberg: "Every image submitted to Adobe Stock, including a very small subset of images generated with AI, goes through a rigorous moderation process to ensure it does not include IP, trademarks, recognizable characters or logos, or reference artists' names." The company seems to be taking a slightly more rigorous step with its plans to build an AI video generator. Rumors suggest it is paying artists per minute for video clips.

Read more of this story at Slashdot.

Huawei Building Vast Chip Equipment R&D Center In Shanghai

Sht, 13/04/2024 - 1:40pd
AmiMoJo writes: Huawei Technologies is building a massive semiconductor equipment research and development center in Shanghai as the Chinese tech titan continues to beef up its chip supply chain to counter a U.S. crackdown. The centre's mission includes building lithography machines, vital equipment for producing cutting-edge chips. To staff the new center, Huawei is offering salary packages worth up to twice as much as local chipmakers, industry executives and sources briefed on the matter told Nikkei Asia. The company has already hired numerous engineers who have worked with top global chip tool builders like Applied Materials, Lam Research, KLA and ASML, they said, adding that chip industry veterans with more than 15 years of experience at leading chipmakers like TSMC, Intel and Micron are also among recent and potential hires. The report says Huawei is investing about 12 billion yuan ($1.66 billion) for this R&D chip plant, making it one of Shanghai's top projects for 2024. Working for the company is no easy task, says one chip engineering: "Working with them is brutal. It's not 996 -- meaning working from 9 a.m. to 9 p.m., six days a week. ... It will literally be 007 -- from midnight to midnight, seven days a week. No days off at all. The contract will be for three years, [but] the majority of people can't survive till renewal."

Read more of this story at Slashdot.

Google Threatens To Cut Off News After California Proposes Paying Media Outlets

Sht, 13/04/2024 - 1:00pd
An anonymous reader quotes a report from The Verge: Google says it will start removing links to California news websites in a "short term test for a small percentage of California users." The move is in response to the pending California Journalism Preservation Act (CJPA), which would require Google to pay a fee for linking Californians to news articles. "If passed, CJPA may result in significant changes to the services we can offer Californians and the traffic we can provide to California publishers," Jaffer Zaidi, Google VP of global news partnerships, wrote in a blog post announcing the decision. "The testing process involves removing links to California news websites, potentially covered by CJPA, to measure the impact of the legislation on our product experience." Zaidi adds that Google will also pause "further investments in the California news ecosystem," referring to initiatives like Google News Showcase, product and licensing programs for news organizations, and the Google News Initiative. A study (PDF) conducted in 2023 estimates that Google would owe U.S. publishers around $10 to 12 billion annually if the Journalism Competition and Preservation Act, a national bill, is passed.

Read more of this story at Slashdot.

China Tells Telecom Carriers To Phase Out Foreign Chips in Blow To Intel, AMD

Sht, 13/04/2024 - 12:20pd
China's push to replace foreign technology is now focused on cutting American chip makers out of the country's telecoms systems. From a report: Officials earlier this year directed the nation's largest telecom carriers to phase out foreign processors that are core to their networks by 2027, a move that would hit American chip giants Intel and Advanced Micro Devices, people familiar with the matter said. The deadline given by China's Ministry of Industry and Information Technology aims to accelerate efforts by Beijing to halt the use of such core chips in its telecom infrastructure. The regulator ordered state-owned mobile operators to inspect their networks for the prevalence of non-Chinese semiconductors and draft timelines to replace them, the people said. In the past, efforts to get the industry to wean itself off foreign semiconductors have been hindered by the lack of good domestically made chips. Chinese telecom carriers' procurements show they are switching more to domestic alternatives, a move made possible in part because local chips' quality has improved and their performance has become more stable, the people said. Such an effort will hit Intel and AMD the hardest, they said. The two chip makers have in recent years provided the bulk of the core processors used in networking equipment in China and the world.

Read more of this story at Slashdot.

Faqet