Slashdot

An international team of scientists used 1.8 billion letters of genetic code from more than 9,500 species covering almost 8,000 known flowering plant genera to create the most up-to-date understanding of the flowering plant tree of life. The research has been published in the journal Nature. Phys.Org reports: The major milestone for plant science, led by [Royal Botanic Gardens, Kew] and involving 138 organizations internationally, was built on 15 times more data than any comparable studies of the flowering plant tree of life. Among the species sequenced for this study, more than 800 have never had their DNA sequenced before. The sheer amount of data unlocked by this research, which would take a single computer 18 years to process, is a huge stride towards building a tree of life for all 330,000 known species of flowering plants -- a massive undertaking by Kew's Tree of Life Initiative. The flowering plant tree of life, much like our own family tree, enables us to understand how different species are related to each other. The tree of life is uncovered by comparing DNA sequences between different species to identify changes (mutations) that accumulate over time like a molecular fossil record. Our understanding of the tree of life is improving rapidly in tandem with advances in DNA sequencing technology. For this study, new genomic techniques were developed to magnetically capture hundreds of genes and hundreds of thousands of letters of genetic code from every sample, orders of magnitude more than earlier methods. A key advantage of the team's approach is that it enables a wide diversity of plant material, old and new, to be sequenced, even when the DNA is badly damaged. The vast treasure troves of dried plant material in the world's herbarium collections, which comprise nearly 400 million scientific specimens of plants, can now be studied genetically. [...] Across all 9,506 species sequenced, more than 3,400 came from material sourced from 163 herbaria in 48 countries. Additional material from plant collections around the world (e.g., DNA banks, seeds, living collections) have been vital for filling key knowledge gaps to shed new light on the history of flowering plant evolution. The team also benefited from publicly available data for more than 1,900 species, highlighting value of the open science approach to future genomic research. Flowering plants alone account for about 90% of all known plant life on land and are found virtually everywhere on the planet -- from the steamiest tropics to the rocky outcrops of the Antarctic Peninsula. [...] Utilizing 200 fossils, the authors scaled their tree of life to time, revealing how flowering plants evolved across geological time. They found that early flowering plants did indeed explode in diversity, giving rise to more than 80% of the major lineages that exist today shortly after their origin. However, this trend then declined to a steadier rate for the next 100 million years until another surge in diversification about 40 million years ago, coinciding with a global decline in temperatures. These new insights would have fascinated Darwin and will surely help today's scientists grappling with the challenges of understanding how and why species diversify. A list of "remarkable species" included in the flowering plant tree of life is embedded below the article. Looking ahead, the study's authors believe this data will aid future attempts to identify new species, refine plant classification, uncover new medicinal compounds, and conserve plants in the face of climate change and biodiversity loss.

Read more of this story at Slashdot.

Department of Transportation Secretary Pete Buttigieg announced new rules for the airline industry that will require airlines to automatically give cash refunds to passengers for canceled and significantly delayed flights. They will also require airlines to give cash refunds if your bags are lost and not delivered within 12 hours. "This is a big day for America's flying public," said Buttigieg at a Wednesday morning news conference. According to Buttigieg, the new rules are the biggest expansion of passenger rights in the department's history. ABC News reports: Airlines can no longer decide how long a delay must be before a refund is issued. Under the new DOT rules, the delays covered would be more than three hours for domestic flights and more than six hours for international flights, the agency said. This includes tickets purchased directly from airlines, travel agents and third-party sites such as Expedia and Travelocity. The refunds must be issued within seven days, according to the new DOT rules, and must be in cash unless the passenger chooses another form of compensation. Airlines can no longer issue refunds in forms of vouchers or credits when consumers are entitled to receive cash. Airlines will have six months to comply with the new rules. The DOT said it is also working on rules related to family seating fees, enhancing rights for wheelchair-traveling passengers for safe and dignified travel and mandating compensation and amenities if flights are delayed or canceled by airlines. Buttigieg said the DOT is also protecting airline passengers from being surprised by hidden fees -- a move he estimates will have Americans billions of dollars every year. The DOT rules include that passengers will receive refunds for extra services paid for and not provided, such as Wi-Fi, seat selection or inflight entertainment.

Read more of this story at Slashdot.

An anonymous reader quotes a report from MIT Technology Review: Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state surveillance groups, according to researchers at the Citizen Lab, a technology and security research lab affiliated with the University of Toronto. These apps help users type Chinese characters more efficiently and are ubiquitous on devices used by Chinese people. The four most popular apps -- built by major internet companies like Baidu, Tencent, and iFlytek -- basically account for all the typing methods that Chinese people use. Researchers also looked into the keyboard apps that come preinstalled on Android phones sold in China. What they discovered was shocking. Almost every third-party app and every Android phone with preinstalled keyboards failed to protect users by properly encrypting the content they typed. A smartphone made by Huawei was the only device where no such security vulnerability was found. In August 2023, the same researchers found that Sogou, one of the most popular keyboard apps, did not use Transport Layer Security (TLS) when transmitting keystroke data to its cloud server for better typing predictions. Without TLS, a widely adopted international cryptographic protocol that protects users from a known encryption loophole, keystrokes can be collected and then decrypted by third parties. Even though Sogou fixed the issue after it was made public last year, some Sogou keyboards preinstalled on phones are not updated to the latest version, so they are still subject to eavesdropping. [...] After the researchers got in contact with companies that developed these keyboard apps, the majority of the loopholes were fixed. But a few companies have been unresponsive, and the vulnerability still exists in some apps and phones, including QQ Pinyin and Baidu, as well as in any keyboard app that hasn't been updated to the latest version.

Read more of this story at Slashdot.

Samantha Cole reports via 404 Media: A Japan-based online art platform is banning kink content for users based in the US and UK, as laws in these countries continue to tighten around sites that allow erotic content. Pixiv is an image gallery site where artists primarily share illustrations, manga, and novels. The site announced on April 22 that starting April 25, users whose account region is set to the US or UK will be subject to Pixiv's new terms of use, "Restrictions for Healthy Expression in Specific Countries and Regions." The restrictions include several kinds of content that are illegal in the US, including sexualized depictions of minors and bestiality, as well as non-consensual depictions and deepfakes. But it also includes "content that appeals to the prurient interest, is patently offensive in light of community standards where you are located or where such content may be accessed or distributed, lacks serious literary, artistic, political, or scientific value, or otherwise violates any applicable obscenity laws, rules or regulations." This is an invocation of the Miller test, which determines non-constitutionally protected obscenity. "I'd never say this a few years ago, but it's my personal fear that the next step is most major internet hosting services implementing these policies on an infrastructure level," said an artist who goes by kradeelav. "My colleagues are certainly planning for it by specifically looking for kink-friendly hosts, to actually making homebrew servers themselves in worst-case scenarios."

Read more of this story at Slashdot.

Hartley Charlton reports via MacRumors: Apple is said to be developing its own AI server processor using TSMC's 3nm process, targeting mass production by the second half of 2025. According to a post by the Weibo user known as "Phone Chip Expert," Apple has ambitious plans to design its own artificial intelligence server processor. The user, who claims to have 25 years of experience in the integrated circuit industry, including work on Intel's Pentium processors, suggests this processor will be manufactured using TSMC's 3nm node. Apple's purported move toward developing a specialist AI server processor is reflective of the company's ongoing strategy to vertically integrate its supply chain. By designing its own server chips, Apple can tailor hardware specifically to its software needs, potentially leading to more powerful and efficient technologies. Apple could use its own AI processors to enhance the performance of its data centers and future AI tools that rely on the cloud. While Apple is rumored to be prioritizing on-device processing for many of its upcoming AI tools, it is inevitable that some operations will have to occur in the cloud. By the time the custom processor could be integrated into operational servers in late 2025, Apple's new AI strategy should be well underway.

Read more of this story at Slashdot.

Google is delaying the end of third-party cookies in Chrome -- again. This marks the third time Google pushed back its original deadline set in January 2020, when the company said it would phase out third-party cookies "within two years" to improve internet security. Digiday reports: The announcement was made on Tuesday ahead of quarterly reports from Google and the ever-watchful U.K. Competition and Markets Authority (CMA), keeping tabs on how this whole situation unfolds. "We recognize that there are ongoing challenges related to reconciling divergent feedback from the industry, regulators and developers, and will continue to engage closely with the entire ecosystem," according to a statement Google posted on its website for the Privacy Sandbox. "It's also critical that the CMA has sufficient time to review all evidence including results from industry tests, which the CMA has asked market participants to provide by the end of June. Given both of these significant considerations, we will not complete third-party cookie deprecation during the second half of Q4." Google did not outline a more specific timetable beyond hoping for 2025. [...] "We remain committed to engaging closely with the CMA and ICO and we hope to conclude that process this year," Google's statement read. "Assuming we can reach an agreement, we envision proceeding with third-party cookie deprecation starting early next year." "We welcome Google's announcement clarifying the timing of third-party cookie deprecation. This will allow time to assess the results of industry tests and resolve remaining issues," said a spokesperson from the CMA. "Under the commitments, Google has agreed to resolve our remaining competition concerns before going ahead with third-party cookie deprecation. Working closely with the ICO we expect to conclude this process by the end of 2024." At the start of the year, Google started purging third-party cookies for one percent of browser traffic.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Wired: Network security appliances like firewalls are meant to keep hackers out. Instead, digital intruders are increasingly targeting them as the weak link that lets them pillage the very systems those devices are meant to protect. In the case of one hacking campaign over recent months, Cisco is now revealing that its firewalls served as beachheads for sophisticated hackers penetrating multiple government networks around the world. On Wednesday, Cisco warned that its so-called Adaptive Security Appliances -- devices that integrate a firewall and VPN with other security features -- had been targeted by state-sponsored spies who exploited two zero-day vulnerabilities in the networking giant's gear to compromise government targets globally in a hacking campaign it's calling ArcaneDoor. The hackers behind the intrusions, which Cisco's security division Talos is calling UAT4356 and which Microsoft researchers who contributed to the investigation have named STORM-1849, couldn't be clearly tied to any previous intrusion incidents the companies had tracked. Based on the group's espionage focus and sophistication, however, Cisco says the hacking appeared to be state-sponsored. "This actor utilized bespoke tooling that demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor," a blog post from Cisco's Talos researchers reads. Cisco declined to say which country it believed to be responsible for the intrusions, but sources familiar with the investigation tell WIRED the campaign appears to be aligned with China's state interests. Cisco says the hacking campaign began as early as November 2023, with the majority of intrusions taking place between December and early January of this year, when it learned of the first victim. "The investigation that followed identified additional victims, all of which involved government networks globally," the company's report reads. In those intrusions, the hackers exploited two newly discovered vulnerabilities in Cisco's ASA products. One, which it's calling Line Dancer, let the hackers run their own malicious code in the memory of the network appliances, allowing them to issue commands to the devices, including the ability to spy on network traffic and steal data. A second vulnerability, which Cisco is calling Line Runner, would allow the hackers' malware to maintain its access to the target devices even when they were rebooted or updated. It's not yet clear if the vulnerabilities served as the initial access points to the victim networks, or how the hackers might have otherwise gained access before exploiting the Cisco appliances. Cisco advises that customers apply its new software updates to patch both vulnerabilities. A separate advisory (PDF) from the UK's National Cybersecurity Center notes that physically unplugging an ASA device does disrupt the hackers' access. "A hard reboot by pulling the power plug from the Cisco ASA has been confirmed to prevent Line Runner from re-installing itself," the advisory reads.

Read more of this story at Slashdot.

Axon on Tuesday announced a new tool called Draft One that uses artificial intelligence built on OpenAI's GPT-4 Turbo model to transcribe audio from body cameras and automatically turn it into a police report. Axon CEO Rick Smith told Forbes that police officers will then be able to review the document to ensure accuracy. From the report: Axon claims one early tester of the tool, Fort Collins Colorado Police Department, has seen an 82% decrease in time spent writing reports. "If an officer spends half their day reporting, and we can cut that in half, we have an opportunity to potentially free up 25% of an officer's time to be back out policing," Smith said. These reports, though, are often used as evidence in criminal trials, and critics are concerned that relying on AI could put people at risk by depending on language models that are known to "hallucinate," or make things up, as well as display racial bias, either blatantly or unconsciously. "It's kind of a nightmare," said Dave Maass, surveillance technologies investigations director at the Electronic Frontier Foundation. "Police, who aren't specialists in AI, and aren't going to be specialists in recognizing the problems with AI, are going to use these systems to generate language that could affect millions of people in their involvement with the criminal justice system. What could go wrong?" Smith acknowledged there are dangers. "When people talk about bias in AI, it really is: Is this going to exacerbate racism by taking training data that's going to treat people differently?" he told Forbes. "That was the main risk." Smith said Axon is recommending police don't use the AI to write reports for incidents as serious as a police shooting, where vital information could be missed. "An officer-involved shooting is likely a scenario where it would not be used, and I'd probably advise people against it, just because there's so much complexity, the stakes are so high." He said some early customers are only using Draft One for misdemeanors, though others are writing up "more significant incidents," including use-of-force cases. Axon, however, won't have control over how individual police departments use the tools.

Read more of this story at Slashdot.

Similar to the way Google makes its mobile OS Android open source, Meta announced it is opening up its Quest headset's operating system to rival device makers. Reuters reports: The move will allow partner companies to build their headsets using Meta Horizon OS, a rebranded operating system that brings capabilities like gesture recognition, passthrough, scene understanding and spatial anchors to the devices that run on it, the company said in a blog post. The social media company said partners Asus and Lenovo would use the operating system to build devices tailored for particular activities. Meta is also using it to make a limited edition version of the Quest headset "inspired by" Microsoft's Xbox gaming console, according to the company's statement. [...] In a video posted on Zuckerberg's Instagram account, he previewed examples of specialized headsets partners might make: a lightweight device with sweat-wicking materials for exercise, an immersive high-resolution one for entertainment and another equipped with sensation-inducing haptics for gaming. Meta said in its blog post that ASUS' Republic of Gamers is developing a gaming headset and Lenovo is working on an MR device for productivity, learning, and entertainment using the Horizon OS. Zuckerberg said it may take a few years for these devices to launch. [...] Meta said the Meta Horizon OS includes Horizon Store, renamed from Quest Store, to download apps and experiences. The platform will work with a mobile companion app now called Meta Horizon app. While Google is reportedly working on an Android platform for VR and MR devices, Meta has called on Google to bring the Play Store to Quest, saying: "Because we don't restrict users to titles from our own app store, there are multiple ways to access great content on Meta Horizon OS, including popular gaming services like Xbox Game Pass Ultimate, or through Steam Link or our Air Link system for wirelessly streaming PC software to headsets. And we encourage the Google Play 2D app store to come to Meta Horizon OS, where it can operate with the same economic model it does on other platforms." "Should Google bring the Play Store to Horizon OS, Meta says Google would be able to operate it on the 'same economic model' as it does on Android," notes 9to5Google. "In theory, that could actually represent a better payout for developers compared to what's been reported for Meta's store, but Meta does specifically say '2D app store,' implying VR/XR apps wouldn't be in the Play Store on Horizon OS."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Two researchers at the University of California, Davis -- Yanning Li and Alan Jenn -- have determined that nearly two-thirds of [California's] feeder lines don't have the capacity that will likely be needed for car charging. Updating to handle the rising demand might set its utilities back as much as 40 percent of the existing grid's capital cost. Li and Jenn aren't the first to look at how well existing grids can handle growing electric vehicle sales; other research has found various ways that different grids fall short. However, they have access to uniquely detailed data relevant to California's ability to distribute electricity (they do not concern themselves with generation). They have information on every substation, feeder line, and transformer that delivers electrons to customers of the state's three largest utilities, which collectively cover nearly 90 percent of the state's population. In total, they know the capacity that can be delivered through over 1,600 substations and 5,000 feeders.[...] By 2025, only about 7 percent of the feeders will experience periods of overload. By 2030, that figure will grow to 27 percent, and by 2035 -- only about a decade away -- about half of the feeders will be overloaded. Problems grow a bit more slowly after that, with two-thirds of the feeders overloaded by 2045, a decade after all cars sold in California will be EVs. At that point, total electrical demand will be close to twice the existing capacity. The problems aren't evenly distributed, though. They appear first in high-population areas like the Bay Area. And throughout this period, most of the problems are in feeders that serve residential and mixed-use neighborhoods. The feeders that serve neighborhoods that are primarily business-focused don't see the same coordinated surge in demand that occurs as people get home from work and plug in; they're better able to serve the more erratic use of charging stations at office complexes and shopping centers. In terms of the grid, residential services will need to see their capacity expand by about 16 gigawatts by 2045. Public chargers will need nine gigawatts worth of added capacity by the same point. The one wild card is direct current fast charging. Eliminating fast chargers entirely would reduce the number of feeders that need upgrades by 12 percent. Converting all public stations to DC fast charging, in contrast, would boost that number by 15 percent. So the details of the upgrades that will be needed will be very sensitive to the impatience of EV drivers. Paying for the necessary upgrades will be pricey, but there's a lot of uncertainty here. Li and Jenn came up with a range of anywhere between $6 billion and $20 billion. They put this in context in two ways. The total capital invested in the existing grid is estimated to be $51 billion, so the cost of updating it could be well over a third of its total value. At the same time, the costs will be spread out over decades and only total up to (at most) three times the grid's annual operation and maintenance costs. So in any one year, the costs shouldn't be crippling. All that might be expected to drive the cost of electricity up. But Li and Jenn suggest that the greater volume of electricity consumption will exert a downward pressure on prices (people will pay more overall but pay somewhat less per unit of electricity). Based on a few economic assumptions, the researchers conclude that this would roughly offset the costs of the necessary grid expansion, so the price per unit of electricity would be largely static. The findings have been published in the journal Proceedings of the National Academy of Sciences (PNAS).

Read more of this story at Slashdot.

Lenovo's latest ThinkPad P1 Gen 7 laptop is set to be the first to use the new LPCAMM2 memory form factor, the successor to SODIMM sticks. From a report: While Lenovo has largely focused on the AI performance of its new laptop, which is equipped with an Intel Core Ultra CPU and Nvidia RTX 3000 Ada GPU, the company also noted that its device was the first in the world to use the LPCAMM2 memory standard. LPCAMM2 uses 64 percent less space than SODIMM and 61 percent less active power, according to Lenovo. This is thanks to it being based on LPDDR5X memory instead of regular DDR5. Designed specifically for laptops, the LPCAMM2 standard actually has its origins in tech developed by Dell. Simply termed CAMM (Compression Attached Memory Module), it first debuted as a proprietary type of memory in Dell's Precision 7670 in 2022. However, in 2023 the PC giant donated its intellectual property to JEDEC, the organization that standardizes memory technologies. CAMM became LPCAMM2 (Low-Power Compression Attached Memory Module) in September 2023 when JEDEC finally confirmed its specifications. Samsung promptly announced plans to produce LPCAMM2 sticks, and claimed they would have 50 percent more performance and 70 percent more efficiency than their SODIMM-based predecessors. Plus, LPCAMM2 can offer dual-channel memory without requiring a second module.

Read more of this story at Slashdot.

According to the Wall Street Journal, a deal for IBM to acquire HashiCorp could materialize in the next few days. Shares of HashiCorp jumped almost 20% on the news. UPDATE 4/24/24: IBM has confirmed the deal valued at $6.4 billion. "IBM will pay $35 per share for HashiCorp, a 42.6% premium to Monday's closing price," reports Reuters. "The acquisition will be funded by cash on hand and will add to adjusted core profit within the first full year of closing, expected by the end of 2024." HashiCorp's shares continued to surge Tuesday on the news. CNBC reports: Developers use HashiCorp's software to set up and manage infrastructure in public clouds that companies such as Amazon and Microsoft operate. Organizations also pay HashiCorp for managing security credentials. Founded in 2012, HashiCorp went public on Nasdaq in 2021. The company generated a net loss of nearly $191 million on $583 million in revenue in the fiscal year ending Jan. 31, according to its annual report. In December, Mitchell Hashimoto, co-founder of HashiCorp, whose family name is reflected in the company name, announced that he was leaving. Revenue jumped almost 23% during that period, compared with 2% for IBM in 2023. IBM executives pointed to a difficult economic climate during a conference call with analysts in January. The hardware, software and consulting provider reports earnings on Wednesday. Cisco held $9 million in HashiCorp shares at the end of March, according to a regulatory filing. Cisco held early acquisition talks with HashiCorp, according to a 2019 report.

Read more of this story at Slashdot.

Adobe researchers have developed a new generative AI model called VideoGigaGAN that can upscale blurry videos at up to eight times their original resolution. From a report: Introduced in a paper published on April 18th, Adobe claims VideoGigaGAN is superior to other Video Super Resolution (VSR) methods as it can provide more fine-grained details without introducing any "AI weirdness" to the footage. In a nutshell, Generative Adversarial Networks (GANs) are effective for upscaling still images to a higher resolution, but struggle to do the same for video without introducing flickering and other unwanted artifacts. Other upscaling methods can avoid this, but the results aren't as sharp or detailed. VideoGigaGAN aims to provide the best of both worlds -- the higher image/video quality of GAN models, with fewer flickering or distortion issues across output frames. The company has provided several examples here that show its work in full resolution.

Read more of this story at Slashdot.

Glance, which operates a popular lockscreen platform targeting Android smartphones, is setting its sights on the U.S. market. From a report: The Indian startup recently commenced a pilot program in partnership with Motorola and Verizon in the U.S., with plans for a full launch in the country later this year, sources familiar with the matter told TechCrunch. The Bengaluru-headquartered startup, backed by investors, including Google and Jio Platforms, has already made significant inroads in India, Southeast Asia, and Japan, where it expanded last year. According to a person familiar with the matter, Glance's lockscreen platform today reaches more than 450 million smartphones and is active on about 300 million of them, delivering those customers a customized feed of news, local events, sports updates, media content, and interactive games directly to their lockscreens without requiring them to install additional apps. The recently launched Moto G Power smartphone in the U.S. shipped with Glance's platform, the report says. Further reading: Motorola Spoiled a Good Budget Phone With Bloatware.

Read more of this story at Slashdot.

An anonymous reader shares a report: "Early Access" was once a novel, quirky thing, giving a select set of Steam PC games a way to involve enthusiastic fans in pre-alpha-level play-testing and feedback. Now loads of games launch in various forms of Early Access, in a wide variety of readiness. It's been a boon for games like Baldur's Gate 3, which came a long way across years of Early Access. Early Access, and the "Advanced Access" provided for complete games by major publishers for "Deluxe Editions" and the like, has also been a boon to freeloaders. Craven types could play a game for hours and hours, then demand a refund within the standard two hours of play, 14 days after the purchase window of the game's "official" release. Steam-maker Valve has noticed and, as of Tuesday night, updated its refund policy. "Playtime acquired during the Advanced Access period will now count towards the Steam refund period," reads the update. In other words: Playtime is playtime now, so if you've played more than two hours of a game in any state, you don't get a refund. That closes at least one way that people could, with time-crunched effort, play and enjoy games for free in either Early or Advanced access.

Read more of this story at Slashdot.

Bloomberg looks at America's biggest operator of private electrical vehicle charging infrastructure: Amazon. "In a little more than two years, Amazon has installed more than 17,000 chargers at about 120 warehouses around the U.S." — and had Rivian build 13,500 custom electric delivery vans. Amazon has a long way to go. The Seattle-based company says its operations emitted about 71 million metric tons of carbon dioxide equivalent in 2022, up by almost 40% since Jeff Bezos's 2019 vow that his company would eventually stop contributing to the emissions warming the planet. Many of Amazon's emissions come from activities — air freight, ocean shipping, construction and electronics manufacturing, to name a few — that lack a clear, carbon-free alternative, today or any time soon. The company has not made much progress on decarbonization of long-haul trucking, whose emissions tend to be concentrated in industrial and outlying areas rather than the big cities that served as the backdrop for Amazon's electric delivery vehicle rollout... Another lesson Amazon learned is one the company isn't keen to talk about: Going green can be expensive, at least initially. Based on the type of chargers Amazon deploys — almost entirely midtier chargers called Level 2 in the industry — the hardware likely cost between $50 million and $90 million, according to Bloomberg estimates based on cost estimates supplied by the National Renewable Energy Laboratory. Factoring in costs beyond the plugs and related hardware — like digging through a parking lot to lay wires or set up electrical panels and cabinets — could double that sum. Amazon declined to comment on how much it spent on its EV charging push. In addition to the expense of the chargers, electric vehicle-fleet operators are typically on the hook for utility upgrades. When companies request the sort of increases to electrical capacity that Amazon has — the Maple Valley warehouse has three megawatts of power for its chargers — they tend to pay for them, making the utility whole for work done on behalf of a single customer. Amazon says it pays upgrade costs as determined by utilities, but that in some locations the upgrades fit within the standard service power companies will handle out of their own pocket. The article also includes this quote from Kellen Schefter, transportation director at the Edison Electric Institute trade group (which worked with Amazon on its electricity needs). "Amazon's scale matters. If Amazon can show that it meets their climate goals while also meeting their package-delivery goals, we can show this all actually works."

Read more of this story at Slashdot.

This week the Register spoke to former senior White House cyber policy director A.J. Grotto — who complained it was hard to get even slight concessions from Microsoft: "If you go back to the SolarWinds episode from a few years ago ... [Microsoft] was essentially up-selling logging capability to federal agencies" instead of making it the default, Grotto said. "As a result, it was really hard for agencies to identify their exposure to the SolarWinds breach." Grotto told us Microsoft had to be "dragged kicking and screaming" to provide logging capabilities to the government by default. [In the interview he calls it "an epic fight" which lasted 18 months."] [G]iven the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best. That illustrates, Grotto said, that "they [Microsoft] just have a ton of leverage, and they're not afraid to use it." Add to that concerns over an Exchange Online intrusion by Chinese snoops, and another Microsoft security breach by Russian cyber operatives, both of which allowed spies to gain access to US government emails, and Grotto says it's fair to classify Microsoft and its products as a national security concern. He estimates that Microsoft makes 85% of U.S. government productivity software — and has an even greater share of their operating systems. "Microsoft in many ways has the government locked in, he says in the interview, "and so it's able to transfer a lot of these costs associated with the security breaches over to the federal government." And about five minutes in, he says, point-blank, that "It's perfectly fair" to consider Microsoft a national security threat, given its dominance "not just within the federal government, but really in sort of the boarder IT marketplace. I think it's fair to say, yeah, that a systemic compromise that affects Microsoft and its products do rise to the level of a national security risk." He'd like to see the government encourage more competition — to the point where public scrutiny prompts software customers to change their behavior, and creates a true market incentive for better performance...

Read more of this story at Slashdot.

An anonymous reader shared this report from CNN: On a slice of the ocean front in west Singapore, a startup is building a plant to turn carbon dioxide from air and seawater into the same material as seashells, in a process that will also produce "green" hydrogen — a much-hyped clean fuel. The cluster of low-slung buildings starting to take shape in Tuas will become the "world's largest" ocean-based carbon dioxide removal plant when completed later this year, according to Equatic, the startup behind it that was spun out of the University of California at Los Angeles. The idea is that the plant will pull water from the ocean, zap it with an electric current and run air through it to produce a series of chemical reactions to trap and store carbon dioxide as minerals, which can be put back in the sea or used on land... The $20 million facility will be fully operational by the end of the year and able to remove 3,650 metric tons of carbon dioxide annually, said Edward Sanders, chief operating officer of Equatic, which has partnered with Singapore's National Water Agency to construct the plant. That amount is equivalent to taking roughly 870 average passenger cars off the road. The ambition is to scale up to 100,000 metric tons of CO2 removal a year by the end of 2026, and from there to millions of metric tons over the next few decades, Sanders told CNN. The plant can be replicated pretty much anywhere, he said, stacked up in modules "like lego blocks...." The upfront costs are high but the company says it plans to make money by selling carbon credits to polluters to offset their pollution, as well as selling the hydrogen produced during the process. Equatic has already signed a deal with Boeing to sell it 2,100 metric tons of hydrogen, which it plans to use to create green fuel, and to fund the removal of 62,000 metric tons of CO2. There's other projects around the world attempting ocean-based carbon renewal, CNN notes. "Other projects include sprinkling iron particles into the ocean to stimulate CO2-absorbing phytoplankton, sinking seaweed into the depths to lock up carbon and spraying particles into marine clouds to reflect away some of the sun's energy." But carbon-removal projects are controversial, criticized for being expensive, unproven at scale and a distraction from policies to cut fossil fuels. And when they involve the oceans — complex ecosystems already under huge strain from global warming — criticisms can get even louder. There are "big knowledge gaps" when it comes to ocean geoengineering generally, said Jean-Pierre Gatusso, an ocean scientist at the Sorbonne University in France. "I am very concerned with the fact that science lags behind the industry," he told CNN.

Read more of this story at Slashdot.

Two months ago the team behind NASA's Ingenuity Helicopter released a video reflecting on its historic explorations of Mars, flying 10.5 miles (17.0 kilometers) in 72 different flights over three years. It was the team's way of saying goodbye, according to NASA's video. And this week, LiveScience reports, Ingenuity answered back: On April 16, Ingenuity beamed back its final signal to Earth, which included the remaining data it had stored in its memory bank and information about its final flight. Ingenuity mission scientists gathered in a control room at NASA's Jet Propulsion Laboratory (JPL) in California to celebrate and analyze the helicopter's final message, which was received via NASA's Deep Space Network, made up of ground stations located across the globe. In addition to the remaining data files, Ingenuity sent the team a goodbye message including the names of all the people who worked on the mission. This special message had been sent to Perseverance the day before and relayed to Ingenuity to send home. The helicopter, which still has power, will now spend the rest of its days collecting data from its final landing spot in Valinor Hills, named after a location in J.R.R. Tolkien's "The Lord of the Rings" books. The chopper will wake up daily to test its equipment, collect a temperature reading and take a single photo of its surroundings. It will continue to do this until it loses power or fills up its remaining memory space, which could take 20 years. Such a long-term dataset could not only benefit future designs for Martian vehicles but also "provide a long-term perspective on Martian weather patterns and dust movement," researchers wrote in the statement. However, the data will be kept on board the helicopter and not beamed back to Earth, so it must be retrieved by future Martian vehicles or astronauts. "Whenever humanity revisits Valinor Hills — either with a rover, a new aircraft, or future astronauts — Ingenuity will be waiting with her last gift of data," Teddy Tzanetos, an Ingenuity scientist at JPL, said in the statement. Thursday NASA's Jet Propulsion Laboratory released another new video tracing the entire route of Ingenuity's expedition over the surface of Mars. "Ingenuity's success could pave the way for more extensive aerial exploration of Mars down the road," adds Spacae.com: Mission team members are already working on designs for larger, more capable rotorcraft that could collect a variety of science data on the Red Planet, for example. And Mars isn't the only drone target: In 2028, NASA plans to launch Dragonfly, a $3.3 billion mission to Saturn's huge moon Titan, which hosts lakes, seas and rivers of liquid hydrocarbons on its frigid surface. The 1,000-pound (450 kg) Dragonfly will hop from spot to spot on Titan, characterizing the moon's various environments and assessing its habitability.

Read more of this story at Slashdot.

Long-time Slashdot reader tippen shared this report from the Register: AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed. In a newly released paper, four University of Illinois Urbana-Champaign (UIUC) computer scientists — Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang — report that OpenAI's GPT-4 large language model (LLM) can autonomously exploit vulnerabilities in real-world systems if given a CVE advisory describing the flaw. "To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the CVE description," the US-based authors explain in their paper. "When given the CVE description, GPT-4 is capable of exploiting 87 percent of these vulnerabilities compared to 0 percent for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and Metasploit)...." The researchers' work builds upon prior findings that LLMs can be used to automate attacks on websites in a sandboxed environment. GPT-4, said Daniel Kang, assistant professor at UIUC, in an email to The Register, "can actually autonomously carry out the steps to perform certain exploits that open-source vulnerability scanners cannot find (at the time of writing)." The researchers wrote that "Our vulnerabilities span website vulnerabilities, container vulnerabilities, and vulnerable Python packages. Over half are categorized as 'high' or 'critical' severity by the CVE description...." "Kang and his colleagues computed the cost to conduct a successful LLM agent attack and came up with a figure of $8.80 per exploit"

Read more of this story at Slashdot.