"Over at Fast Company, where we're celebrating 1994 Week, I wrote about the year of Peak CD-ROM, when excitement over the medium's potential was sky-high and the World Wide Web's audience still numbered in the extremely low millions," writes Slashdot reader and Fast Company technology editor Harry McCracken (harrymcc). "I cover once-famous products such as Microsoft's Encarta encyclopedia, the curse of shovelware, the rise of a San Francisco neighborhood known as 'Multimedia Gulch,' and why the whole dream soon came crashing down." Here's an excerpt from the article: Thirty years ago, a breakthrough technology was poised to transform how people stayed informed, entertained themselves, and maybe even shopped. I'm not talking about the World Wide Web. True, it was already getting good buzz among early adopter types. But even three years after going online, Tim Berners-Lee's creation was "still relatively slow and crude" and "limited to perhaps two million Internet users who have the proper software to gain access to it," wrote The New York Times' Peter H. Lewis in November 1994. At the time, it was the CD-ROM that had captured the imagination of consumers and the entire publishing industry. The high-capacity optical discs enabled mass distribution of multimedia for the first time, giving software developers the ability to create new kinds of experiences. Some of the largest companies in America saw them as media's next frontier, as did throngs of startups. In terms of pure mindshare, 1994 might have been the year of Peak CD, with 17.5 million CD-ROM drives and $590 million in discs sold, according to research firms Dataquest and Link Resources. You already know that the frenzy didn't last. As the web got faster, slicker, and more readily accessible, CD-ROMs came to look pretty mundane, and eventually faded from memory. Myst, once the best-selling PC game of all time, might be the only 1990s disc that retains a prominent spot in our shared cultural consciousness. (Full disclosure: I do have a friend who can be relied upon to fondly bring up Microsoft's Cinemania movie guide about once a year for no apparent reason.) Revisiting the discs that defined the mid-1990s -- all of which are incompatible with modern operating systems -- isn't easy. To get some of them up and running again, I downloaded virtual CD-ROM files from the Internet Archive and used them with Windows 3.1 on my iPad Pro, courtesy of a piece of software Apple removed from the App Store in 2021. Spending time with titles such as Compton's Interactive Encyclopedia and It's a Wonderful Life Multi-Media Edition, three decades after they last commanded my attention, was a Proustian rush. You may not want to go to similar extremes. But would you indulge me as I wallow in enough CD-ROM nostalgia to get it out of my system?

Read more of this story at Slashdot.

Thomas Claburn reports via The Register: Meta allegedly tried to discredit university researchers in Brazil who had flagged fraudulent adverts on the social network's ad platform. Nucleo, a Brazil-based news organization, said it has obtained government documents showing that attorneys representing Meta questioned the credibility of researchers from NetLab, which is part of the Federal University of Rio de Janeiro (UFRJ). NetLab's research into Meta's ads contributed to Brazil's National Consumer Secretariat (Senacon) decision in 2023 to fine Meta $1.7 million (9.3 million BRL), which is still being appealed. Meta (then Facebook) was separately fined of $1.2 million (6.6 million BRL) related to Cambridge Analytica. As noted by Nucleo, NetLab's report showed that Facebook, despite being notified about the issues, had failed to remove more than 1,800 scam ads that fraudulently used the name of a government program that was supposed to assist those in debt. In response to the fine, attorneys representing Meta from law firm TozziniFreire allegedly accused the NetLab team of bias and of failing to involve Meta in the research process. Nucleo says that it obtained the administrative filing through freedom of information requests to Senacon. The documents are said to date from December 26 last year and to be part of the ongoing case against Meta. A spokesperson for NetLab, who asked not to be identified by name due to online harassment directed at the organization's members, told The Register that the research group was aware of the Nucleo report. "We were kind of surprised to see the account of our work in this law firm document," the spokesperson said. "We expected to be treated with more fairness for our work. Honestly, it comes at a very bad moment because NetLab particularly, but also Brazilian science in general, is being attacked by far-right groups." On Thursday, more than 70 civil society groups including NetLab published an open letter decrying Meta's legal tactics. "This is an attack on scientific research work, and attempts at intimidation of researchers and researchers who are performing excellent work in the production of knowledge from empirical analysis that have been fundamental to qualify the public debate on the accountability of social media platforms operating in the country, especially with regard to paid content that causes harm to consumers of these platforms and that threaten the future of our democracy," the letter says. "This kind of attack and intimidation is made even more dangerous by aligning with arguments that, without any evidence, have been used by the far right to discredit the most diverse scientific productions, including NetLab itself." The claim, allegedly made by Meta's attorneys, is that the ad biz was "not given the opportunity to appoint a technical assistant and present questions" in the preparation of the NetLabs report. This is particularly striking given Meta's efforts to limit research into its ad platform. A Meta spokesperson told The Register: "We value input from civil society organizations and academic institutions for the context they provide as we constantly work toward improving our services. Meta's defense filed with the Brazilian Consumer Regulator questioned the use of the NetLab report as legal evidence, since it was produced without giving us prior opportunity to contribute meaningfully, in violation of local legal requirements."

Read more of this story at Slashdot.

A Zillow listing for a $2.4 million house in a Dallas suburb is grabbing attention for its 5,786-square-foot data center with immersion cooling tanks, massive server racks, and two separate power grids. Tom's Hardware reports: With a brick exterior, cute paving, and mini-McMansion arch stylings, the building certainly looks to be a residential home for the archetypal Texas family. Prospective home-buyers will thus be disappointed by the 0 bedroom, 1 bathroom setup, which becomes a warehouse-feeling office from the first step inside where you are met with a glass-shielded reception desk in a white-brick corridor. The "Crypto Collective" branding betrays the former life of the unit, which served admirably as a crypto mining base. The purchase of the "upgraded turnkey Tier 2 Data Center" will include all of its cooling and power infrastructure. Three Engineered Fluids "SLICTanks," single-phase liquid immersion cooling tanks for use with dielectric coolant, will come with pumps and a 500kW dry cooler. The tanks are currently filled with at least 80 mining computers visible from the photos, though the SLICTanks can be configured to fit more machines. Also visible in proximity to the cooling array is a deep row of classic server racks and a staggering amount of networking. The listing advertises a host of potential uses for future customers, from "AI services, cloud hosting, traditional data center, servers or even Bitcoin Mining". Also packed into the 5,786 square feet of real estate is two separate power grids, 5 HVAC units, a hefty amount of four levels of warehouse-style storage aisles, a lounge/office space, and a fully-paved backyard. In other good news, its future corporate residents will not have an HOA to deal with, and will only be 20 minutes outside of the heart of Dallas, sitting just out of earshot of two major highways.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TorrentFreak: A French court has ordered Google, Cloudflare, and Cisco to poison their DNS resolvers to prevent circumvention of blocking measures, targeting around 117 pirate sports streaming domains. The move is another anti-piracy escalation for broadcaster Canal+, which also has permission to completely deindex the sites from search engine results. [...] Two decisions were handed down by the Paris judicial court last month; one concerning Premier League matches and the other the Champions League. The orders instruct Google, Cloudflare, and Cisco to implement measures similar to those in place at local ISPs. To protect the rights of Canal+, the companies must prevent French internet users from using their services to access around 117 pirate domains. According to French publication l'Informe, which broke the news, Google attorney Sebastien Proust crunched figures published by government anti-piracy agency Arcom and concluded that the effect on piracy rates, if any, is likely to be minimal. Starting with a pool of all users who use alternative DNS for any reason, users of pirate sites -- especially sites broadcasting the matches in question -- were isolated from the rest. Users of both VPNs and third-party DNS were further excluded from the group since DNS blocking is ineffective against VPNs. Proust found that the number of users likely to be affected by DNS blocking at Google, Cloudflare, and Cisco, amounts to 0.084% of the total population of French Internet users. Citing a recent survey, which found that only 2% of those who face blocks simply give up and don't find other means of circumvention, he reached an interesting conclusion. "2% of 0.084% is 0.00168% of Internet users! In absolute terms, that would represent a small group of around 800 people across France!" In common with other courts presented with the same arguments, the Paris court said the number of people using alternative DNS to access the sites, and the simplicity of switching DNS, are irrelevant. Canal+ owns the rights to the broadcasts and if it wishes to request a blocking injunction, it has the legal right to do so. The DNS providers' assertion that their services are not covered by the legislation was also waved aside by the court. Google says it intends to comply with the order. As part of the original matter in 2023, it was already required to deindex the domains from search results under the same law. At least in theory, this means that those who circumvented the original blocks using these alternative DNS services, will be back to square one and confronted by blocks all over again. Given that circumventing this set of blocks will be as straightforward as circumventing the originals, that raises the question of what measures Canal+ will demand next, and from whom.

Read more of this story at Slashdot.

According to Bloomberg's Mark Gurman, Apple appears ready to embrace a thinner design language with the upcoming MacBook Pro, Apple Watch, and iPhone. MacRumors reports: When the M4 iPad Pro was unveiled last month, Apple touted it as the company's thinnest product ever, and even compared it to the 2012 iPod nano to emphasize its slim dimensions. Writing in the latest edition of his Power On newsletter, Gurman says that like the iPad Pro, Apple is now focused on delivering the thinnest possible devices across its lineups without compromising on battery life or major new features. Gurman writes that the new iPad Pro is the "beginning of a new class of Apple devices," and that Apple's aim is to offer "the thinnest and lightest products in their categories across the whole tech industry." Apple now reportedly has its sights on making thinner versions of iPhone, Apple Watch, and MacBook Pro over the next couple of years. Gurman's sources tell him Apple is now focused on developing a significantly skinnier iPhone in time for the iPhone 17 line in 2025, corroborating a May report by The Information. According to the latter report, Apple is planning to launch an all-new thinner iPhone 17 model next year that will allegedly feature a "major redesign" akin to the iPhone X. Gurman previously reported that Apple is planning a complete revamp of the Apple Watch for the device's tenth anniversary, dubbed "Apple Watch X." Since the original Apple Watch was unveiled in 2014 and launched in 2015, Gurman is unsure whether the Apple Watch X will be released in 2024 or 2025. However, Apple analyst Ming-Chi Kuo today claimed that this year's upcoming Apple Watch will have a larger screen and thinner design, which sounds like the sort of major overhaul and design signature that Gurman has suggested.

Read more of this story at Slashdot.

After two years of testing, McDonald's has ended its use of AI-powered drive-thru ordering. "The company was trialing IBM tech at more than 100 of its restaurants but it will remove those systems from all locations by the end of July, meaning that customers will once again be placing orders with a human instead of a computer," reports Engadget. From the report: As part of that decision, McDonald's is ending its automated order taking (AOT) partnership with IBM. However, McDonald's may be considering other potential partners to work with on future AOT efforts. "While there have been successes to date, we feel there is an opportunity to explore voice ordering solutions more broadly," Mason Smoot, chief restaurant officer for McDonald's USA, said in an email to franchisees that was obtained by trade publication Restaurant Business (as noted by PC Mag). Smoot added that the company would look into other options and make "an informed decision on a future voice ordering solution by the end of the year," noting that "IBM has given us confidence that a voice ordering solution for drive-thru will be part of our restaurant's future." McDonald's told Restaurant Business that the goal of the test was to determine whether AOT could speed up service and streamline operations. By automating drive-thru orders, companies are hoping to negate the need for a staff member to take them and either reduce the number of workers needed to operate a restaurant or redeploy resources to other areas of the business. IBM will continue to power other McDonald's systems and it's in talks with other fast-food chains over the use of its AOT tech. The likes of Hardee's, Carl's Jr., Krystal, Wendy's, Dunkin and Taco Johns are already testing or using such technology at their drive-thru locations.

Read more of this story at Slashdot.

An anonymous reader quotes a report from NBC News: U.S. Surgeon General Vivek Murthy on Monday called on Congress to require a tobacco-style warning for visitors to social media platforms. In an op-ed published in The New York Times, Murthy said the mental health crisis among young people is an urgent problem, with social media "an important contributor." He said his vision of the warning includes language that would alert users to the potential mental health harms of the websites and apps. "A surgeon general's warning label, which requires congressional action, would regularly remind parents and adolescents that social media has not been proved safe," he wrote. In 1965, after the previous year's landmark report from Surgeon General Luther L. Terry that linked cigarette smoking to lung cancer and heart disease, Congress mandated unprecedented warning labels on packs of cigarettes, the first of which stated, "Caution: Cigarette Smoking May Be Hazardous to Your Health." Murthy said in the op-ed, "Evidence from tobacco labels shows that surgeon general's warnings can increase awareness and change behavior." But he acknowledged the limitations and said a label alone wouldn't make social media safe. Steps can be taken by Congress, social media companies, parents and others to mitigate the risks, ensure a safer experience online and protect children from possible harm, he wrote. In the op-ed, Murthy linked the amount of time spent on social media to the increasing risk that children will experience symptoms of anxiety and depression. The American Psychological Association says teenagers spend nearly five hours every day on top platforms such as YouTube, TikTok and Instagram. In a 2019 study, the association found the proportion of young adults with suicidal thoughts or other suicide-related outcomes increased 47% from 2008 to 2017, when social media use among that age group soared. And that was before the pandemic triggered a year's worth of virtual isolation for the U.S. In early 2021, amid continued pandemic lockdowns, Murthy called on social media platforms to "proactively enhance and contribute to the mental health and well-being of our children." [...] A surgeon general's public health advisory on social media's mental health published last year cited research finding that among its potential harms are exposure to violent and sexual content and to bullying, harassment and body shaming.

Read more of this story at Slashdot.

Cybercriminals are demanding payments of between $300,000 and $5 million apiece from as many as 10 companies breached in a campaign that targeted Snowflake customers, according to a security firm helping with the investigation. From a report: The hacking scheme has entered a "new stage" as the gang looks to profit from the most valuable information it has stolen, said Austin Larsen, a senior threat analyst at Google's Mandiant security business, which helped lead Snowflake's inquiry. That includes auctioning companies' data on illegal online forums to try to pressure them into making payments, he said. "We anticipate the actor to continue to attempt to extort victims," Larsen said. Snowflake, a cloud-based data analytics firm, said on June 2 that hackers had launched a "targeted" effort directed against Snowflake users that used single-factor authentication techniques. The company declined to comment on any specific customers.

Read more of this story at Slashdot.

Apple said on Monday it will no longer offer its "buy now, pay later" service, Apple Pay Later, in the United States, and will instead focus on bringing installment loan offerings to Apple Pay users globally later this year. The company told 9to5Mac that the new feature will allow users to access installment loans from eligible credit and debit cards, as well as lenders, when checking out with Apple Pay. Existing Apple Pay Later users in the U.S. will still be able to manage their loans through the Wallet app. Apple Pay Later, which launched in the U.S. in March last year, allowed users to split purchases of $50 to $1,000 into four equal payments over six weeks without fees or interest. The company said the shift to a global installment loan offering will enable it to provide flexible payments to more users worldwide in collaboration with Apple Pay enabled banks and lenders.

Read more of this story at Slashdot.

Proton, the secure-minded email and productivity suite, is becoming a nonprofit foundation, but it doesn't want you to think about it in the way you think about other notable privacy and web foundations. From a report: "We believe that if we want to bring about large-scale change, Proton can't be billionaire-subsidized (like Signal), Google-subsidized (like Mozilla), government-subsidized (like Tor), donation-subsidized (like Wikipedia), or even speculation-subsidized (like the plethora of crypto "foundations")," Proton CEO Andy Yen wrote in a blog post announcing the transition. "Instead, Proton must have a profitable and healthy business at its core." The announcement comes exactly 10 years to the day after a crowdfunding campaign saw 10,000 people give more than $500,000 to launch Proton Mail. To make it happen, Yen, along with co-founder Jason Stockman and first employee Dingchao Lu, endowed the Proton Foundation with some of their shares. The Proton Foundation is now the primary shareholder of the business Proton, which Yen states will "make irrevocable our wish that Proton remains in perpetuity an organization that places people ahead of profits." Among other members of the Foundation's board is Sir Tim Berners-Lee, inventor of HTML, HTTP, and almost everything else about the web. Of particular importance is where Proton and the Proton Foundation are located: Switzerland. As Yen noted, Swiss foundations do not have shareholders and are instead obligated to act "in accordance with the purpose for which they were established." While the for-profit entity Proton AG can still do things like offer stock options to recruits and even raise its own capital on private markets, the Foundation serves as a backstop against moving too far from Proton's founding mission, Yen wrote.

Read more of this story at Slashdot.

The U.S. government on Monday sued Adobe, accusing the maker of Photoshop and Acrobat of harming consumers by enrolling them in its most lucrative subscription plans without clearly disclosing important terms. From a report: In a complaint filed in the San Jose, California, federal court, the government said Adobe failed to adequately disclose hefty early termination fees, sometimes reaching hundreds of dollars, when customers sign up for "annual, paid monthly" subscription plans. The government said Adobe hides important terms in fine print and behind textboxes and hyperlinks, clearly discloses the fees only when subscribers try to cancel, and makes canceling an onerous and complicated process.

Read more of this story at Slashdot.

Thousands of people catching trains in the United Kingdom likely had their faces scanned by Amazon software as part of widespread artificial intelligence trials, new documents reveal. Wired: The image recognition system was used to predict travelers' age, gender, and potential emotions -- with the suggestion that the data could be used in advertising systems in the future. During the past two years, eight train stations around the UK -- including large stations such as London's Euston and Waterloo, Manchester Piccadilly, and other smaller stations -- have tested AI surveillance technology with CCTV cameras with the aim of alerting staff to safety incidents and potentially reducing certain types of crime. The extensive trials, overseen by rail infrastructure body Network Rail, have used object recognition -- a type of machine learning that can identify items in videofeeds -- to detect people trespassing on tracks, monitor and predict platform overcrowding, identify antisocial behavior ("running, shouting, skateboarding, smoking"), and spot potential bike thieves. Separate trials have used wireless sensors to detect slippery floors, full bins, and drains that may overflow. The scope of the AI trials, elements of which have previously been reported, was revealed in a cache of documents obtained in response to a freedom of information request by civil liberties group Big Brother Watch. "The rollout and normalization of AI surveillance in these public spaces, without much consultation and conversation, is quite a concerning step," says Jake Hurfurt, the head of research and investigations at the group.

Read more of this story at Slashdot.

The accounting and finance professions have long adapted to technology -- from calculators and spreadsheets to cloud computing. However, the emergence of generative AI presents both new challenges and opportunities for students looking to get ahead in the world of finance. From a report: Research last year by investment bank Evercore and Visionary Future, which incubates new ventures, highlights the workforce disruption being wreaked by generative AI. Analysing 160mn US jobs, the study reveals that service sectors such as legal and financial are highly susceptible to disruption by AI, although full job replacement is unlikely. Instead, generative AI is expected to enhance productivity, the research concludes, particularly for those in high-value roles paying above $100,000 annually. But, for current students and graduates earning below this threshold, the challenge will be navigating these changes and identifying the skills that will be in demand in future. Generative AI is being swiftly integrated into finance and accounting, by automating specific tasks. Stuart Tait, chief technology officer for tax and legal at KPMG UK, describes it as a "game changer for tax," because it is capable of handling complex tasks beyond routine automation. "Gen AI for tax research and technical analysis will give an efficiency gain akin to moving from typewriters to word processors," he says. The tools can answer tax queries within minutes, with more than 95 per cent accuracy, Tait says.

Read more of this story at Slashdot.

Three out of Vietnam's five active international undersea internet cables are down, state media said over the weekend, the second major round of outages in the country in just over a year. From a report: The problems with the three cables, which connect Vietnam with the United States, Europe and Asia, have "significantly affected Vietnam's internet connection with the world", reported the official Vietnam News Agency. Vietnam is connected to the global internet mainly via five undersea cables with a combined capacity of nearly 62 Tbps, according to data from FPT, one of the country's top internet service providers. It's not clear if the three cables referred to, which account for most of the bandwidth, are totally or partially down.

Read more of this story at Slashdot.

Wells Fargo's co-branded credit card partnership with fintech startup Bilt Technologies is causing the bank to lose up as much as $10 million monthly, according to a WSJ report. The bank agreed to a co-branded program with the fintech startup that most other big banks -- including JPMorgan Chase -- passed on, incorrectly modeled key assumptions and sees no path to profitability. The card, which allows users to pay rent without fees while earning rewards, has attracted many young customers. From the report: There is a reason why credit cards hadn't gained traction in the rent sector until Bilt came along. Most landlords didn't accept them because they refuse to pay card fees that get pocketed by the banks issuing them and often run between 2% and 3%. Bilt structured the card so landlords won't incur the fees. Wells instead eats much of that. About six months after the credit card was launched, Wells began paying Bilt a fee of about 0.80% of each rent transaction, even though the bank isn't collecting interchange fees from landlords. It appears that the problem for Wells Fargo is that Bilt customers are savvy. They are making the rent payments, but not carrying balances or doing any other transactions through the card.

Read more of this story at Slashdot.

YouTube is piloting a new feature called "Notes" that allows viewers to add context and information under videos. The move comes as YouTube aims to minimize the spread of misinformation on its platform, particularly during the pivotal 2024 U.S. election year. The feature, similar to Community Notes on X (formerly Twitter), will initially be available on mobile in the U.S. in English.

Read more of this story at Slashdot.

A report from BleepingComputer notes that ASUS "has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices." But there's more bad news: Taiwan's CERT has also informed the public about CVE-2024-3912 in a post yesterday, which is a critical (9.8) arbitrary firmware upload vulnerability allowing unauthenticated, remote attackers to execute system commands on the device. The flaw impacts multiple ASUS router models, but not all will be getting security updates due to them having reached their end-of-life (EoL). Finally, ASUS announced an update to Download Master, a utility used on ASUS routers that enables users to manage and download files directly to a connected USB storage device via torrent, HTTP, or FTP. The newly released Download Master version 3.1.0.114 addresses five medium to high-severity issues concerning arbitrary file upload, OS command injection, buffer overflow, reflected XSS, and stored XSS problems.

Read more of this story at Slashdot.

Researchers have devised a way to extract energy from the photosynthesis process of algae, according to an announcement from Concordia University. Suspended in a specialized solution, the algae forms part of a "micro photosynthetic power cell" that can actually generate enough energy to power low-power devices like Internet of Things (IoT) sensors. "Photosynthesis produces oxygen and electrons. Our model traps the electrons, which allows us to generate electricity," [says Kirankumar Kuruvinashetti, PhD 20, now a Mitacs postdoctoral associate at the University of Calgary.] "So more than being a zero-emission technology, it's a negative carbon emission technology: it absorbs carbon dioxide from the atmosphere and gives you a current. Its only byproduct is water." [...] Muthukumaran Packirisamy, professor in the Department of Mechanical, Industrial and Aerospace Engineering and the paper's corresponding author, admits the system is not yet able to compete in power generation with others like photovoltaic cells. The maximum possible terminal voltage of a single micro photosynthetic power cell is only 1.0V. But he believes that, with enough research and development, including artificial intelligence-assisted integration technologies, this technology has the potential to be a viable, affordable and clean power source in the future. It also offers significant manufacturing advantages over other systems, he says. "Our system does not use any of the hazardous gases or microfibres needed for the silicon fabrication technology that photovoltaic cells rely on. Furthermore, disposing of silicon computer chips is not easy. We use biocompatible polymers, so the whole system is easily decomposable and very cheap to manufacture." In the paper the researchers also described it as a âoemicrobial fuel cellâ...

Read more of this story at Slashdot.

"At the height of the COVID-19 pandemic, the U.S. military launched a secret campaign to counter what it perceived as China's growing influence in the Philippines..." reports Reuters. "It aimed to sow doubt about the safety and efficacy of vaccines and other life-saving aid that was being supplied by China, a Reuters investigation found." Reuters interviewed "more than two dozen current and former U.S officials, military contractors, social media analysts and academic researchers," and also reviewed posts on social media, technical data and documents about "a set of fake social media accounts used by the U.S. military" — some active for more than five years. Friday they reported the results of their investigation: Through phony internet accounts meant to impersonate Filipinos, the military's propaganda efforts morphed into an anti-vax campaign. Social media posts decried the quality of face masks, test kits and the first vaccine that would become available in the Philippines — China's Sinovac inoculation. Reuters identified at least 300 accounts on X, formerly Twitter, that matched descriptions shared by former U.S. military officials familiar with the Philippines operation. Almost all were created in the summer of 2020 and centered on the slogan #Chinaangvirus — Tagalog for China is the virus. "COVID came from China and the VACCINE also came from China, don't trust China!" one typical tweet from July 2020 read in Tagalog. The words were next to a photo of a syringe beside a Chinese flag and a soaring chart of infections. Another post read: "From China — PPE, Face Mask, Vaccine: FAKE. But the Coronavirus is real." After Reuters asked X about the accounts, the social media company removed the profiles, determining they were part of a coordinated bot campaign based on activity patterns and internal data. The U.S. military's anti-vax effort began in the spring of 2020 and expanded beyond Southeast Asia before it was terminated in mid-2021, Reuters determined. Tailoring the propaganda campaign to local audiences across Central Asia and the Middle East, the Pentagon used a combination of fake social media accounts on multiple platforms to spread fear of China's vaccines among Muslims at a time when the virus was killing tens of thousands of people each day. A key part of the strategy: amplify the disputed contention that, because vaccines sometimes contain pork gelatin, China's shots could be considered forbidden under Islamic law... A senior Defense Department official acknowledged the U.S. military engaged in secret propaganda to disparage China's vaccine in the developing world, but the official declined to provide details. A Pentagon spokeswoman... also noted that China had started a "disinformation campaign to falsely blame the United States for the spread of COVID-19." A senior U.S. military officer directly involved in the campaign told Reuters that "We didn't do a good job sharing vaccines with partners. So what was left to us was to throw shade on China's." At least six senior State Department officials for the region objected, according to the article. But in 2019 U.S. Defense Secretary Mark Esper signed "a secret order" that "elevated the Pentagon's competition with China and Russia to the priority of active combat, enabling commanders to sidestep the StateDepartment when conducting psyops against those adversaries." [A senior defense official] said the Pentagon has rescinded parts of Esper's 2019 order that allowed military commanders to bypass the approval of U.S. ambassadors when waging psychological operations. The rules now mandate that military commanders work closely with U.S. diplomats in the country where they seek to have an impact. The policy also restricts psychological operations aimed at "broad population messaging," such as those used to promote vaccine hesitancy during COVID... Nevertheless, the Pentagon's clandestine propaganda efforts are set to continue. In an unclassified strategy document last year, top Pentagon generals wrote that the U.S. military could undermine adversaries such as China and Russia using "disinformation spread across social media, false narratives disguised as news, and similar subversive activities [to] weaken societal trust by undermining the foundations of government." And in February, the contractor that worked on the anti-vax campaign — General Dynamics IT — won a $493 million contract. Its mission: to continue providing clandestine influence services for the military.

Read more of this story at Slashdot.

ASUS has suddenly agreed "to overhaul its customer support and warranty systems," writes the hardware review site Gamers Nexus — after a three-video series on its YouTube channel documented bad and "potentially illegal" handling of customer warranties for the channel's 2.2 million viewers. The Verge highlights ASUS's biggest change: If you've ever been denied a warranty repair or charged for a service that was unnecessary or should've been free, Asus wants to hear from you at a new email address. It claims those disputes will be processed by Asus' own staff rather than outsourced customer support agents.... The company is also apologizing today for previous experiences you might have had with repairs. "We're very sorry to anyone who has had a negative experience with our service team. We appreciate your feedback and giving us a chance to make amends." It started five weeks ago when Gamers Nexus requested service for a joystick problem, according to a May 10 video. First they'd received a response wrongly telling them their damage was out of warranty — which also meant Asus could add a $20 shipping charge for the requested repair. "Somehow that turned into ASUS saying the LCD needs to be replaced, even though the joystick is covered under their repair policies," the investigators say in the video. [They also note this response didn't even address their original joystick problem — "only that thing that they had decided to find" — and that ASUS later made an out-of-the-blue reference to "liquid damage."] The repair would ultimately cost $191.47, with ASUS mentioning that otherwise "the unit will be sent back un-repaired and may be disassembled." ASUS gave them four days to respond, with some legalese adding that an out-of-warranty repair fee is non-refundable, yet still "does not guarantee that repairs can be made." Even when ASUS later agreed to do a free "partial" repair (providing the requested in-warranty service), the video's investigators still received another email warning of "pending service cancellation" and return of the unit unless they spoke to "Invoice Quotation Support" immediately. The video-makers stood firm, and the in-warranty repair was later performed free — but they still concluded that "It felt like ASUS tried to scam us." ASUS's response was documented in a second video, with ASUS claiming it had merely been sending a list of "available" repairs (and promising that in the future ASUS would stop automatically including costs for the unrequested repair of "cosmetic imperfections" — and that they'd also change their automatic emails.) Gamers Nexus eventually created a fourth, hour-long video confronting various company officials at Computex — which finally led to them publishing a list of ASUS's promised improvements on Friday. Some highlights: ASUS promises it's "created a Task Force team to retroactively go back through a long history of customer surveys that were negative to try and fix the issues." (The third video from Gamers Nexus warned ASUS was already on the government's radar over its handling of warranty issues.) ASUS also announced their repairs centers were no longer allowed to claim "customer-induced damage" (which Gamers Nexus believes "will remove some of the financial incentive to fail devices" to speed up workloads). ASUS is creating a new U.S. support center allowing customers to choose either a refurbished board or a longer repair. Gamers Nexus says they already have devices at ASUS repair centers — under pseudonyms — and that they "plan to continue sampling them over the next 6-12 months so we can ensure these are permanent improvements." And there's one final improvement, according to Gamers Nexus. "After over a year of refusing to acknowledge the microSD card reader failures on the ROG Ally [handheld gaming console], ASUS will be posting a formal statement next week about the defect."

Read more of this story at Slashdot.

Long-time Slashdot reader theodp shared this warning from a long-time AI researcher arguing that data science "is due" for a reckoning over whether results can be reproduced. "Few technological revolutions came with such a low barrier of entry as Machine Learning..." Unlike Machine Learning, Data Science is not an academic discipline, with its own set of algorithms and methods... There is an immense diversity, but also disparities in skill, expertise, and knowledge among Data Scientists... In practice, depending on their backgrounds, data scientists may have large knowledge gaps in computer science, software engineering, theory of computation, and even statistics in the context of machine learning, despite those topics being fundamental to any ML project. But it's ok, because you can just call the API, and Python is easy to learn. Right...? Building products using Machine Learning and data is still difficult. The tooling infrastructure is still very immature and the non-standard combination of data and software creates unforeseen challenges for engineering teams. But in my views, a lot of the failures come from this explosive cocktail of ritualistic Machine Learning: - Weak software engineering knowledge and practices compounded by the tools themselves; - Knowledge gap in mathematical, statistical, and computational methods, encouraged black boxing API; - Ill-defined range of competence for the role of data scientist, reinforced by a pool of candidates with an unusually wide range of backgrounds; - A tendency to follow the hype rather than the science. - What can you do? - Hold your data scientists accountable using Science. - At a minimum, any AI/ML project should include an Exploratory Data Analysis, whose results directly support the design choices for feature engineering and model selection. - Data scientists should be encouraged to think outside-of-the box of ML, which is a very small box - Data scientists should be trained to use eXplainable AI methods to provide context about the algorithm's performance beyond the traditional performance metrics like accuracy, FPR, or FNR. - Data scientists should be held at similar standards than other software engineering specialties, with code review, code documentation, and architectural designs. The article concludes, "Until such practices are established as the norm, I'll remain skeptical of Data Science."

Read more of this story at Slashdot.

"SpaceX has received FCC clearance to operate a mysterious 'wireless module' device," PC Magazine reported earlier this week, speculating that the device "might be a new Starlink router." On Tuesday, the FCC issued an equipment authorization for the device, which uses the 2.4GHz and 5GHz Wi-Fi radio bands. A document in SpaceX's filing also says it features antennas along with Wi-Fi chips apparently from MediaTek. Another document calls the device by the codename "UTW-231," and defines it as a "wireless router" supporting IEEE 802.11b/g/n/ax for Wi-Fi 6 speeds up to 1,300Mbps. But perhaps the most interesting part is an image SpaceX attached, which suggests the router is relatively small and can fit in a person's open hand.... SpaceX CEO Elon Musk has said the "Starlink mini" dish is slated to arrive later this year and that it's small enough to fit in a backpack... On Wednesday, PCMag also spotted the official Starlink.com site referencing the name "Mini" in a specification page for the satellite internet system. Today saw some interesting speculation on the unoffical "Starlink Hardware" blog (written by Noah Clarke, who has a degree in electronics). Clarke guesses the product "will be aimed at portable use cases, such as camping, RV's, vans, hiking... designed to be easy to store, transport, and deploy". But he also notes Starlink updated their app today, with a new shopping page showing what he believes the upcoming product will look like. ("Very similar to the Standard dish, just smaller. It has a similar shape, and even a kickstand.") If you go into developer mode and play around with the Mini network settings, you notice something interesting. There is no separate router. Devices are connected to the dish itself... I'm guessing that, in order to make the Mini as portable as possible, Starlink decided it was best to simplify the system and limit the number of components. There are more Wifi details that have been revealed, and that is mesh compatibility. For those of you that might be interested in using the Mini at home, or for larger events where you need additional Wifi coverage, the Mini's built-in router will be compatible with Starlink mesh. You'll be able to wirelessly pair another Starlink router to the Mini.

Read more of this story at Slashdot.

In 2016, Phoronix remembered how the early days of Linux kernel mode-setting (KMS) had brought hopes for improved error messages. And one long-awaited feature was errors messages for "Direct Rendering Manager" (or DRM) drivers — something analgous to the "Blue Screen of Death" Windows gives for critical errors. Now Linux 6.10 is introducing a new DRM panic handler infrastructure enabling messages when a panic occurs, Phoronix reports today. "This is especially important for those building a kernel without VT/FBCON support where otherwise viewing the kernel panic message isn't otherwise easily available." With Linux 6.10 the initial DRM Panic code has landed as well as wiring up the DRM/KMS driver support for the SimpleDRM, MGAG200, IMX, and AST drivers. There is work underway on extending DRM Panic support to other drivers that we'll likely see over the coming kernel cycles for more widespread support... On Linux 6.10+ with platforms having the DRM Panic driver support, this "Blue Screen of Death" functionality can be tested via a route such as echo c > /proc/sysrq-trigger. The article links to a picture shared on Mastodon by Red Hat engineer Javier Martinez Canillas of the error message being generated on a BeaglePlay single board computer. Phoronix also points out that some operating systems have even considered QR codes for kernel error messages...

Read more of this story at Slashdot.

Wednesday the annual electric vehicle outlook report was released by market researcher BloombergNEF. And the analyst wrote that "Our long-term outlook for EVs remains bright," according to the Los Angeles Times: In 2023, EVs made up 18% of global passenger-vehicle sales. By 2030, according to the report, 45% will be EVs. That number jumps to 73% by 2040 — still short of what the world needs to reach net zero emissions in transportation, the firm says, but enough to achieve major reductions in climate-changing carbon emissions... [D]ifferent countries are moving at different speeds and with different levels of commitment. Today, "China, India and France are still showing signs of healthy growth, but the latest data from Germany, Italy and the U.S. is more concerning," BloombergNEF said. Global EV sales "are set to rise from 13.9 million in 2023 to over 30 million in 2027," despite the lagging U.S. [The article points out later that "For the first quarter in China, EV sales were up 37%, according to BloombergNEF. In India, it's 39%, and in France, 20%. The U.S. was a laggard, up just 4%."] Whatever the geography, consumer concerns about price, driving range, battery lifespan, and unreliable public charging continue to dampen many buyers' enthusiasm for EVs. BloombergNEF's findings are echoed by consulting firm McKinsey and the AAA motor club, in recent forecasts of their own. But EV prices are coming down, range is improving, and large numbers of public chargers are being installed, all of which could revive sales growth. Consumers around the planet are warming to the idea of buying an electric car, but they're moving slowly. According to McKinsey, 14% of 30,000 global survey respondents in 2021 said their next vehicle would be an EV. This year, it's 18%. In the U.S. it's a different story, where consumer interest in an EV purchase declined to 18% this year, according to AAA's survey, down from 23% in 2023. And nearly two-thirds reported they were unlikely to buy an EV next time they buy a car. Interest in hybrids is on the rise. One in three said they were likely to buy a hybrid, a vehicle that adds a small battery to an internal combustion engine to improve fuel efficiency. That's bad news for pure EV sales, at least in the immediate future, said Greg Brannon, head of automotive research at AAA. Early adopters already have their EVs, he said, while mainstream buyers remain skeptical. The article does note that major automakers "are losing billions of dollars in their EV division," with several cutting the EV goals for the U.S. (Though Hyundai and Kia are not.) And then there's this... A global survey conducted by consulting firm McKinsey, also released Wednesday, included this shocker: 29% of EV owners told McKinsey they plan to replace the EV they bought with a gasoline or diesel car, a figure that jumps to 38% for U.S. EV owners. Phillip Kampshoff, who leads McKinsey's Center for Future Mobility in the Americas, said he'd seen EV sales as "a one way street. Once you buy, you're hooked on an EV. But that's not what the data shows...." But the article points out that both BloombergNEF and McKinsey still remained bullish that adoption will increase in the future.

Read more of this story at Slashdot.

The Los Angeles Times reports that "The personal information of more than 200,000 people in Los Angeles County was potentially exposed after a hacker used a phishing email to steal the login credentials of 53 public health employees, the county announced Friday." Details that were possibly accessed in the February data breach include the first and last names, dates of birth, diagnoses, prescription information, medical record numbers, health insurance information, Social Security numbers and other financial information of Department of Public Health clients, employees and other individuals. "Affected individuals may have been impacted differently and not all of the elements listed were present for each individual," the agency said in a news release... The data breach happened between Feb. 19 and 20 when employees received a phishing email, which tries to trick recipients into providing important information such as passwords and login credentials. The employees clicked on a link in the body of the email, thinking they were accessing a legitimate message, according to the agency... The county is offering free identity monitoring through Kroll, a financial and risk advisory firm, to those affected by the breach. Individuals whose medical records were potentially accessed by the hacker should review them with their doctor to ensure the content is accurate and hasn't been changed. Officials say people should also review the Explanation of Benefits statement they receive from their insurance company to make sure they recognize all the services that have been billed. Individuals can also request credit reports and review them for any inaccuracies. From the official statement by the county's Public Health department: Upon discovery of the phishing attack, Public Health disabled the impacted e-mail accounts, reset and re-imaged the user's device(s), blocked websites that were identified as part of the phishing campaign and quarantined all suspicious incoming e-mails. Additionally, awareness notifications were distributed to all workforce members to remind them to be vigilant when reviewing e-mails, especially those including links or attachments. Law enforcement was notified upon discovery of the phishing attack, and they investigated the incident.

Read more of this story at Slashdot.

Bloomberg reports: A disease caused by a rare "flesh-eating bacteria" that can kill people within 48 hours is spreading in Japan after the country relaxed Covid-era restrictions. Cases of streptococcal toxic shock syndrome (STSS) reached 977 this year by June 2, higher than the record 941 cases reported for all of last year, according to the National Institute of Infectious Diseases, which has been tracking incidences of the disease since 1999. Group A Streptococcus (GAS) typically causes swelling and sore throat in children known as "strep throat," but some types of the bacteria can lead to symptoms developing rapidly, including limb pain and swelling, fever, low blood pressure, that can be followed by necrosis, breathing problems, organ failure and death. People over 50 are more prone to the disease. "Most of the deaths happen within 48 hours," said Ken Kikuchi, a professor in infectious diseases at Tokyo Women's Medical University. "As soon as a patient notices swelling in foot in the morning, it can expand to the knee by noon, and they can die within 48 hours...." At the current rate of infections, the number of cases in Japan could reach 2,500 this year, with a "terrifying" mortality rate of 30%, Kikuchi said.

Read more of this story at Slashdot.

Building off Friday's release of Wine 9.11, the development team has now also released Wine Staging 9.11 with some 428 patches, reports Phoronix founder Michael Larabel: Catching my interest was a patch for Bug 7955. That right away catches my attention since the latest Wine bug reports are at a bug ticket number over 56,000.... Yep, Bug 7955 dates back 14 years ago to April 2007. The #7955 bug report is over the S-Hoai Windows client displaying an application exception when clicking the "File" or "Projects" menu. S-Hoai is a Windows application used in Germany by architects and building engineers/contractors for managing estimates and billing according to German laws.

Read more of this story at Slashdot.

Slashdot reader hackertourist shared this announcement from NASA's Jet Propulsion Laboratory: Edward C. Stone, former director of NASA's Jet Propulsion Laboratory and project scientist of the Voyager mission for 50 years, died on June 9, 2024. He was age 88... Stone served on nine NASA missions as either principal investigator or a science instrument lead, and on five others as a co-investigator (a key science instrument team member). These roles primarily involved studying energetic ions from the Sun and cosmic rays from the galaxy. He had the distinction of being one of the few scientists involved with both the mission that has come closest to the Sun (NASA's Parker Solar Probe) and the one that has traveled farthest from it (Voyager). Stone is best known for his work on NASA's longest-running mission, Voyager, whose twin spacecraft launched in 1977 and are still exploring deep space today. He served as Voyager's sole project scientist from 1972 until his retirement in 2022. Under Stone's leadership, the mission took advantage of a celestial alignment that occurs just once every 176 years to visit Jupiter, Saturn, Uranus, and Neptune. During their journeys, the spacecraft revealed the first active volcanoes beyond Earth, on Jupiter's moon Io, and an atmosphere rich with organic molecules on Saturn's moon Titan. Voyager 2 remains the only spacecraft to fly by Uranus and Neptune, revealing Uranus' unusual tipped magnetic poles, and the icy geysers erupting from Neptune's moon Triton. The mission "transformed our understanding of the solar system, and is still providing useful data today," writes hackertourist. (Watch Stone speak in this 2018 video about the Voyager 2 spacecraft.) NASA's announcement also includes stories of Stone's desire to engage the public and his thoughtfulness in considering the true boundary of interstellar space. As director of JPL, Stone was responsible for more than two dozen other missions, including landing NASA's Pathfinder mission with the first Mars rover in 1996. "Ed Stone was a trailblazer who dared mighty things in space. He was a dear friend to all who knew him, and a cherished mentor to me personally," said Nicola Fox, associate administrator for the Science Mission Directorate at NASA Headquarters in Washington. "Ed took humanity on a planetary tour of our solar system and beyond, sending NASA where no spacecraft had gone before. His legacy has left a tremendous and profound impact on NASA, the scientific community, and the world."

Read more of this story at Slashdot.

The Washington Post reports: Commitments from Big Tech companies to identify and label fake artificial-intelligence-generated images on their platforms won't be enough to keep the tech from being used by other countries to try to influence the U.S. election, said the head of the Cybersecurity and Infrastructure Security Agency. AI won't completely change the long-running threat of weaponized propaganda, but it will "inflame" it, CISA Director Jen Easterly said at The Washington Post's Futurist Summit on Thursday. Tech companies are doing some work to try to label and identify deepfakes on their platforms, but more needs to be done, she said. "There is no real teeth to these voluntary agreements," Easterly said. "There needs to be a set of rules in place, ultimately legislation...." In February, tech companies, including Google, Meta, OpenAI and TikTok, said they would work to identify and label deepfakes on their social media platforms. But their agreement was voluntary and did not include an outright ban on deceptive political AI content. The agreement came months after the tech companies also signed a pledge organized by the White House that they would label AI images. Congressional and state-level politicians are debating numerous bills to try to regulate AI in the United States, but so far the initiatives haven't made it into law. The E.U. parliament passed an AI Actt year, but it won't fully go into force for another two years.

Read more of this story at Slashdot.

ZDNet published a new article this week with their own tips for new Linux users. It begins by arguing that switching to the Linux desktop "is easier than you think" and "you'll find help everywhere". (And also that "You won't want for apps.") That doesn't mean it has everything. For example, there is no version of Adobe Photoshop. There is GIMP (which is just as powerful as Photoshop) but for those of you accustomed to Adobe's de facto standard, you're out of luck. The worst-case scenario is you have to learn a new piece of software to meet your graphic needs. At the same time, you might have to turn to proprietary software. For open-source purists, that's a no-go. But for those who just need to get things done, you'll find a mixture of open-source and proprietary software will give you everything you need to be productive and entertained. Their article also recommends new users should "weed out Arch-based distributions," while warning that "Linux is more secure, but..." The truth is, any time you have a computer connected to a network, it's vulnerable and it doesn't matter what operating system you use. To that end, it's crucial that you keep your operating system (and the installed applications) up to date. Fortunately, most Linux operating systems make this very easy... You're probably used to the slow trickle of updates and improvements found in the likes of Windows or MacOS. On Linux, you can count on that process being considerably faster. This is especially important with updates. When a vulnerability is found in an application that affects Linux, it is fixed far faster than it would be on competing platforms. The reason for this is that most Linux software is created and maintained by developers who don't have to answer to boards or committees or have a painfully slow bug resolution process. It might be announced that a vulnerability has been discovered in an application and the fix is officially released the next day. I've seen that very thing happen more times than I can count. But it's not just about vulnerabilities. Developers add new features to software all the time and even listen to users. You could contact a developer of an open-source application with an idea and find it implemented in the next update. Linux is always evolving and it does so much faster than other operating systems. And there's one final caveat. "Not all hardware will work (but most will)." I'll say this (and I stand by it): Ubuntu Linux probably has the best hardware detection and support of any operating system on the market. But that doesn't mean it works with everything. Certain peripherals you own could have trouble working with Linux. Two of the more problematic pieces of hardware are scanners and wireless chips. When I find a piece of hardware that isn't supported, here's one thing I've often done: I try a different Linux distribution... (Fedora often ships with a newer kernel than Ubuntu Linux, and therefore supports more modern hardware.) Keep in mind that most Linux distributions are offered as Live images, which means you can test-drive them without making any changes to your hard drive. This is a great way to tell if a distribution will support all the hardware you need to use. Agree? Disagree? Share your reactions in the comments... And what advice would you give to a first-time Linux user?

Read more of this story at Slashdot.

"Titanium that was distributed with fake documentation has been found in commercial Boeing and Airbus jets," reports CNN. America's Federal Aviation Administration is now investigating whether those components pose a safety hazard to the public," along with the manufacturers of the aircraft and supplier Spirit AeroSystems. "A parts supplier found small holes in the material from corrosion," the New York Times reported Friday: Boeing and Airbus both said their tests of affected materials so far had shown no signs of problems. Boeing said it directly purchased most of the titanium used in its plane production, so most of its supply was unaffected. "This industrywide issue affects some shipments of titanium received by a limited set of suppliers, and tests performed to date have indicated that the correct titanium alloy was used," Boeing said in a statement. "To ensure compliance, we are removing any affected parts on airplanes prior to delivery. Our analysis shows the in-service fleet can continue to fly safely."

Read more of this story at Slashdot.

It's one of Saturn's 146 moons — just 310 miles in diameter (or 498 kilometers). Yet the European Space Agency plans to send a robot on a one-billion mile trip to visit it. Why? Because astronomers have discovered Enceladus "possesses geysers that regularly erupt from its surface and spray water into space," reports the Guardian: Even more astonishing, these plumes contain complex organic compounds, including propane and ethane. "Enceladus has three key ingredients that are considered to be essential for the appearance of life," said astronomer Professor Michele Dougherty of Imperial College London. "It has got liquid water, organic material and a source of heat. That combination makes it my favourite moon in the whole solar system." A panel of expert scientists have now recommended the Saturn moon for an ESA mission by 2040, according to the article, "with the aim of either landing on the moon or flying through the geysers spraying water and carbon chemicals from its surface into space. Preferably, both goals would be attempted, the panel added." It will be tricky. Dougherty warns that Enceladus "is small with weak gravity, which means you will need a lot of fuel to slow it down so that it does not whiz past its target into deep space. That is going to be a tricky issue for those designing the mission." But Dougherty has a special interest, as the principal investigator for the magnetometer flown on the Cassini mission that studied Saturn and its moons between 2004 and 2017. "At one point, Cassini passed close to Enceladus and our instrument indicated Saturn's magnetic field was being dragged round the moon in a way that suggested the little moon had an atmosphere," said Dougherty. Cassini's managers agreed to direct the probe to take a closer look and, in July 2005, the spaceship swept over the moon's surface at a height of 173km — and detected significant amounts of water vapour. "It was wonderful," recalls Dougherty. Subsequent sweeps produced even greater wonders. Huge geysers of water were pictured erupting from geological fault lines at the south pole. The only other body in the solar system, apart from Earth, possessing liquid water on its surface had been revealed. Finally came the discovery of organics in those plumes and Enceladus went from being rated a minor, unimportant moon to a world that is now set to trigger the expenditure of billions of euros and decades of effort by European astronomers and space engineers. Thanks to long-time Slashdot reader thephydes for sharing the article.

Read more of this story at Slashdot.

Last month TIOBE announced its estimate that the four most popular programming languages were: 1. Python 2. C 3. C++ 4. Java But this month C++ "overtook" C for the first time, TIOBE announced, becoming (according to the same methodology) the #2 most popular programming language, with C dropping to #3. " C++ has never been that high in the TIOBE index," says TIOBE Software CEO Paul Jansen in the announcement, "whereas C has never been that low." 1. Python 2. C++ 3. C 4. Java C++ started a new life as of 2011 with its consistent 3 yearly updates. Although most compilers and most engineers can't take up with this pace, it is considered a success to see the language evolve. The main strengths of C++ are its performance and scalability. Its downside is its many ways to get things done, i.e. its rich idiom of features, which is caused by its long history and aim for backward compatibility. C++ is heavily used in embedded systems, game development and financial trading software, just to name a few domains. There's different rankings from the rival PYPL index of programming language popularity. It lumps C and C++ together to award them a collective ranking (#5). But unlike TIOBE, it shows Java [and JavaScript and C#] all being more popular (with Python still the #1 most popular language). Of course, statistical anomalies could be also skewing the results. Visual Basic also lost two ranks in popularity in the last month, according to TIOBE, dropping from the #7 position to the #9 position (now falling just behind Go and SQL). This becomes the first time that Go has risen as high as #7, according to TIOBE's announcement — with Rust also reaching an all-time high of #17...

Read more of this story at Slashdot.

The $22 million paid by Change Healthcare's parent company to unlock its systems "may have emboldened bad actors to further target the vulnerable industry," writes Axios: There were 44 attacks against the health care sector in April, the most that [cybersecurity firm] Recorded Future has seen in the four years it's been collecting data. It was also the second-largest month-over-month jump, after 30 ransomware attacks were recorded in March. There were 32 attacks in February and May. But an analysis by the security-focused magazine CSO says the "disastrous" incident also "starkly illustrated the fragility of the healthcare sector, prompting calls for regulatory action." In response to the attack, US politicians have called for mandated baseline cybersecurity standards in the health sector, as well as better information sharing. They have also raised concerns that industry consolidation is increasing cyber risk. So what went wrong? The attackers used a set of stolen credentials to remotely access the company's systems. But the article also notes Change Healthcare's systems "suffered from a lack of segmentation, which enables easy lateral movement of the attack" — and that the company's acquisition may have played a role: Mergers and acquisitions create new cyber threats because they involve the integration of systems, data, and processes from different organizations, each with its own security protocols and potential vulnerabilities. "During this transition, cybercriminals can exploit discrepancies in security measures, gaps in IT governance, and the increased complexity of managing merged IT environments," Aron Brand, CTO of CTERA told CSOonline. "Additionally, the heightened sharing of sensitive information between parties provides more opportunities for data breaches." And "In the end, paying the ransom failed to protect UHG from secondary attempts at extortion." In April, cybercriminals from the RansomHub group threatened to leak portions of 6TB of sensitive data stolen from the breach of Change Healthcare, and obtained through Nichy, according to an analysis by security vendor Forescout. An estimated one in three Americans had their sensitive data exposed as a result of the attack. Such secondary scams are becoming increasingly commonplace and healthcare providers are particularly at risk, according to compliance experts... The US Department of Health and Human Services (HHS) is investigating whether a breach of protected health information occurred in assessing whether either UHG or Change Healthcare violated strict healthcare sector privacy regulations. Thanks to Slashdot reader snydeq for sharing the article.

Read more of this story at Slashdot.

The New York Times magazine remembers that once upon a time, in the early 1990s, "some prominent researchers were promoting, and the media helped popularize, the idea that moderate drinking...was linked to greater longevity. "The cause of that association was not clear, but red wine, researchers theorized, might have anti-inflammatory properties that extended life and protected cardiovascular health..." More recently, though, research has piled up debunking the idea that moderate drinking is good for you. Last year, a major meta-analysis that re-examined 107 studies over 40 years came to the conclusion that no amount of alcohol improves health; and in 2022, a well-designed study found that consuming even a small amount brought some risk to heart health. That same year, Nature published research stating that consuming as little as one or two drinks a day (even less for women) was associated with shrinkage in the brain — a phenomenon normally associated with aging... [M]ore people are now reporting that they consume cannabis than alcohol on a daily basis. Some governments are responding to the new research by overhauling their messaging. Last year, Ireland became the first country to pass legislation requiring a cancer warning on all alcohol products sold there, similar to those found on cigarettes: "There is a direct link between alcohol and fatal cancers," the language will read. And in Canada, the government has revised its alcohol guidelines, announcing: "We now know that even a small amount of alcohol can be damaging to health." The guidelines characterize one to two drinks a week as carrying "low risk" and three to six drinks as carrying "moderate risk." (Previously the guidelines suggested that women limit themselves to no more than two standard drinks most days, and that men place that limit at three.)

Read more of this story at Slashdot.

Wednesday The Information reported that OpenAI had doubled its annualized revenue — a measure of the previous month's revenue multiplied by 12 — in the last six months. It's now $3.4 billion (which is up from around $1 billion last summer, notes Engadget). And now an anonymous reader shares a new report from The Information: OpenAI CEO Sam Altman recently told some shareholders that the artificial intelligence developer is considering changing its governance structure to a for-profit business that OpenAI's nonprofit board doesn't control, according to a person who heard the comments. One scenario Altman said the board is considering is a for-profit benefit corporation, which rivals such as Anthropic and xAI are using, this person said. Such a change could open the door to an eventual initial public offering of OpenAI, which currently sports a private valuation of $86 billion, and may give Altman an opportunity to take a stake in the fast-growing company, a move some investors have been pushing. More from Reuters: The restructuring discussions are fluid and Altman and his fellow directors could ultimately decide to take a different approach, The Information added. In response to Reuters' queries about the report, OpenAI said: "We remain focused on building AI that benefits everyone. The nonprofit is core to our mission and will continue to exist." Is that a classic non-denial denial? Note that the nonprofit's "continuing to exist" does not in any way preclude OpenAI from becoming a for-profit business — with a spin-off nonprofit, continuing to exist...

Read more of this story at Slashdot.

Have scientists discovered infrared radiation, evidence of waste heat generated by the energy-harvesting star-surrounding spheres first proposed by British American physicist Freeman Dyson? CNN reports: [A] new study that looked at 5 million stars in the Milky Way galaxy suggests that seven candidates could potentially be hosting Dyson spheres — a finding that's attracting scrutiny and alternate theories... Using historical data from telescopes that pick up infrared signatures, the research team looked at stars located within less than 1,000 light-years from Earth: "We started with a sample of 5 million stars, and we applied filters to try to get rid of as much data contamination as possible," said lead study author Matías Suazo, a doctoral student in the department of physics and astronomy of Uppsala University in Sweden. "So far, we have seven sources that we know are glowing in the infrared but we don't know why, so they stand out...." Among the natural causes that could explain the infrared glow are an unlucky alignment in the observation, with a galaxy in the background overlapping with the star, planetary collisions creating debris, or the fact that the stars may be young and therefore still surrounded by disks of hot debris from which planets would later form... An earlier study, published in March and using data from the same sources as the new report, had also found infrared anomalies among a sample dataset of 5 million stars in our galaxy. "We got 53 candidates for anomalies that cannot be well explained, but can't say that all of them are Dyson sphere candidates, because that's not what we are specifically looking for," said Gabriella Contardo, a postdoctoral research fellow at the International School for Advanced Studies in Trieste, Italy, who led the earlier study. She added that she plans to check the candidates against Suazo's model to see how many tie into it. "You need to eliminate all other hypotheses and explanations before saying that they could be a Dyson sphere," she added. "To do so you need to also rule out that it's not some kind of debris disk, or some kind of planetary collision, and that also pushes the science forward in other fields of astronomy — so it's a win-win." Both Contardo and Suazo agree that more research is needed on the data, and that ultimately they could turn to NASA's James Webb Space Telescope for more information, as it is powerful enough to observe the candidate stars directly. However, because of the lengthy, competitive procedures that regulate use of the telescope, securing access might take some time. CNN adds that "A May 23 paper published in response to the one by Suazo and his colleagues suggests that at least three of the seven stars have been 'misidentified' as Dyson spheres and could instead be 'hot DOGs' — hot dust-obscured galaxies — and that the remaining four could probably be explained this way as well." But "As for Dyson himself, if he were still alive, he also would be highly skeptical that these observations represent a technological signature, his son George argued: 'But the discovery of new, non-technological astronomical phenomena is exactly why he thought we should go out and look.' "

Read more of this story at Slashdot.

This week the Rust Foundation jointly announced "the Safety-Critical Rust Consortium" with industry partners including Arm, AdaCore, Lynx Software Technologies, and Toyota's mobility tech subsidiary Woven. Its goal is supporting "responsible use" of Rust "in safety-critical software — systems whose failure can impact human life or cause severe environmental or property harm." "This is exciting," said Rust creator Graydon Hoare in a statement. "I am truly pleased to see the Rust Foundation and anyone in the safety-critical space coming together on this topic." From the announcement: "Safety is our foremost priority in vehicle software development. Traditionally, achieving the highest levels of safety has been a complex and lengthy endeavor, requiring the use of specialized tools and processes beyond the programming language," said JF Bastien, Distinguished Engineer at Woven by Toyota. "We are therefore pleased to collaborate with leading experts in the safety industry to integrate new tools such as Rust into our safety-critical systems...." Industries that are particularly concerned with functional safety include transportation (such as automotive, aviation, space), energy, life sciences, and more. Because of their potential impacts, these industries are often regulated, have liability considerations, and are guided by standards... These industries have decades of experience delivering products, learning from iterating based on real-world feedback, and improving processes. An ecosystem of tools and tool vendors have evolved, and best practices have been learned to create a safety culture around tooling. Rust offers particular advantages in terms of developer ergonomics, productivity and software quality; however, it lacks a deep and established well of safety-processes and collective industry knowledge of safety-critical systems. Without closing this gap, a developer must primarily rely on best practices and normative precautions, which can limit innovation. Rust developers who stray from the well-trod path can find themselves facing an inquiry were an accident to occur. In these circumstances, anything that seems unusual will be investigated for fault. This risk creates a disincentive to widespread Rust adoption, leaving developers unable to reap all its advantages while potentially facing financial, reputational and moral costs. The gap in safety-critical resources within the Rust programming language ecosystem is also an exciting opportunity. By rapidly incorporating lessons learned from years of careful development and past mistakes in the wider open source ecosystem, Rust can become a valuable component of a safety toolkit adaptable to various safety-critical industries and severity levels. "Work under the consortium will begin with the creation of a public charter and goals," according to the announcement, with a scope possibly including "the development of guidelines, linters, libraries, static analysis tools, formal methods and language subsets to meet industrial and legal requirements. The group may further shepherd Rust Foundation-funded implementation work, including grants to existing academic teams or FOSS projects... The group will further attempt to coordinate with and expand on existing safety-critical projects and standards including SAE JA1020. The group will maintain communication with the larger Rust Project, and "The Consortium's deliverables will be developed and licensed in a manner compatible with other Rust Project endeavors."

Read more of this story at Slashdot.

French photovoltaics group Hespul tested solar panels installed in 1992, reports PV Magazine: The testing showed that the modules still produce on average 79.5% of their initial power after 31 years of operation. In a previous testing carried out 11 years ago, the panels were found to produce 91.7% of their initial power. "This result exceeds the performance promised by the manufacturers who said the panels would have maintained 80% of their output after 25 years," said Hespul. The drop in performance is on average 20.5%, or 0.66% per year over 31 years, and 1.11% per year over the last 11 years... Another more recent study carried out by the US Department of Energy's National Renewable Energy Laboratory (NREL) on 1,700 American sites totaling 7.2 GW of power, showed a median degradation of around -0.75%/year. Moveover, another research study focused on 4,300 residential installations in operation in Europe and used different data processing methodologies. Depending on the methods, a median loss of -0.36% to -0.67%/year was obtained. Thanks to long-time Slashdot reader storkus for sharing the news.

Read more of this story at Slashdot.

Slashdot reader BrianFagioli shares his report from BetaNews: The PC community is abuzz with Qualcomm's recent announcement of its Snapdragon X Elite SoC, a powerhouse chipset that promises to revolutionize the performance and energy efficiency of laptops and tablets. While Windows 11 Copilot+ PCs are set to feature this advanced processor, Linux enthusiasts have reasons to celebrate as well. You see, TUXEDO Computers is bringing this cutting-edge technology to the Linux world with its upcoming ARM notebook, positioning it as a strong competitor to Windows 11 Copilot+ devices. In a recent update, TUXEDO Computers revealed its ambitious project of developing an ARM notebook powered by the Snapdragon X Elite SoC from Qualcomm. This announcement has generated significant excitement, as it presents a viable alternative to traditional x86 notebooks, offering comparable performance with lower energy consumption, directly challenging the dominance of Windows 11 Copilot+... Benchmarks suggest that the Snapdragon X Elite can not only rival but potentially surpass Apple's M2 SoCs, boasting higher energy efficiency. TUXEDO's preliminary tests confirm these impressive claims, setting the stage for a fierce competition with Windows 11 Copilot+ PCs. "We recently presented a prototype of the ARM notebook we are working on at the Computex computer trade fair in Taiwan," according to TUXEDO's announcement. "On the software side, a port of TUXEDO OS with KDE Plasma to the ARM platform is our goal for this project running internally under the working title Drako... "It is quite conceivable that an ARM notebook from TUXEDO will be under your Christmas tree in 2024... If you have subscribed to our newsletter, you will be the first to know."

Read more of this story at Slashdot.

An anonymous reader shared this report from Futurism: An AI chatbot named VIC, or Virtually Integrated Citizen, is trying to make it onto the ballot in this year's mayoral election for Wyoming's capital city of Cheyenne. But as reported by Wired, Wyoming's secretary of state is battling against VIC's legitimacy as a candidate — and now, an investigation is underway. According to Wired, VIC, which was built on OpenAI's GPT-4 and trained on thousands of documents gleaned from Cheyenne council meetings, was created by Cheyenne resident and library worker Victor Miller. Should VIC win, Miller told Wired that he'll serve as the bot's "meat puppet," operating the AI but allowing it to make decisions for the capital city.... "My campaign promise," Miller told Wired, "is he's going to do 100 percent of the voting on these big, thick documents that I'm not going to read and that I don't think people in there right now are reading...." Unfortunately for the AI and its — his? — meat puppet, however, they've already made some political enemies, most notably Wyoming Secretary of State Chuck Gray. As Gray, who has challenged the legality of the bot, told Wired in a statement, all mayoral candidates need to meet the requirements of a "qualified elector." This "necessitates being a real person," Gray argues... Per Wired, it's also run amuck with OpenAI, which says the AI violates the company's "policies against political campaigning." (Miller told Wired that he'll move VIC to Meta's open-source Llama 3 model if need be, which seems a bit like VIC will turn into a different candidate entirely.) The Wyoming Tribune Eagle offers more details: [H]is dad helped him design the best system for VIC. Using his $20-a-month ChatGPT subscription, Miller had an 8,000-character limit to feed VIC supporting documents that would make it an effective mayoral candidate... While on the phone with Miller, the Wyoming Tribune Eagle also interviewed VIC itself. When asked whether AI technology is better suited for elected office than humans, VIC said a hybrid solution is the best approach. "As an AI, I bring unique strengths to the role, such as impartial decision-making, data-driven policies and the ability to analyze information rapidly and accurately," VIC said. "However, it's important to recognize the value of human experience and empathy and leadership. So ideally, an AI and human partnership would be the most beneficial for Cheyenne...." The artificial intelligence said this unique approach could pave a new pathway for the integration of human leadership and advanced technology in politics.

Read more of this story at Slashdot.

Friday the Python Software Foundation published several blog posts about this year's "Python Language Summit" May 15th (before PyCon US), which featured talks and discussions by core developers, triagers, and Python implementation maintainers. There were several lightning talks. One talk came from the maintainer of the PyO3 project, offering Rust bindings for the Python C API (which requires mapping Rust concepts to Python — leaving a question as to how to map Rust's error-handling panic! macro). There was a talk on formalizing the PEP prototype process, and a talk on whether the Python team should have a more official presence in the Apple App Store (and maybe the Google Play Store). One talk suggested changing the formatting of error messages for assert statements, and one covered a "highly experimental" project to support structured data sharing between Python subinterpreters. One talk covered Python's "unsupported build" warning and how it should behave on platforms beyond Python's officially supported list. Python Foundation blog posts also covered some of the longer talks, including one on the idea of using type annotations as a mechanism for transformers. One talk covered the new interactive REPL interpreter coming to Python 3.13. And one talk focused on Python's security model after the xz-utils backdoor: Pablo Galindo Salgado, Steering Council member and the release manager for Python 3.10 and 3.11, brought this topic to the Language Summit to discuss what could be done to improve Python's security model... Pablo noted the similarities shared between CPython and xz-utils, referencing the previous Language Summit's talk on core developer burnout, the number of modules in the standard library that have one or zero maintainers, the high ratio of maintainers to source code, and the use of autotools for configuration. Autotools was used by [xz's] Jia Tan as part of the backdoor, specifically to obscure the changes to tainted release artifacts. Pablo confirmed along with many nods of agreement that indeed, CPython could be vulnerable to a contributor or core developer getting secretly malicious changes merged into the project. For multiple reasons like being able to fix bugs and single-maintainer modules, CPython doesn't require reviewers on the pull requests of core developers. This can lead to "unilateral action", meaning that a change is introduced into CPython without the review of someone besides the author. Other situations like release managers backporting fixes to other branches without review are common. Much discussion ensued about the possibility of altering workflows (including pull request reviews), identity verification, and the importance of post-incident action plans. Guido van Rossum suggested a "higher bar" for granting write access, but in the end "Overall it was clear there is more discussion and work to be done in this rapidly changing area." In another talk, Hugo van Kemenade, the newly announced Release Manager for Python 3.14 and 3.15, "started the Language Summit with a proposal to change Python's versioning scheme. The perception of Python using semantic versioning is a source of confusion for users who don't expect backwards incompatible changes when upgrading to new versions of Python. In reality almost all new feature releases of Python include backwards incompatible changes such as the removal of "dead batteries" where PEP 594 marked 19 modules for removal in Python 3.13. Calendar Versioning (CalVer) encompasses a wide array of different versioning schemes that have one property in common: using the release date as part of a release's version... Hugo offered multiple proposed versioning schemes, including: - Using the release year as minor version (3.YY.micro, "3.26.0") - Using the release year as major version (YY.0.micro, "26.0.0") - Using the release year and month as major and minor version (YY.MM.micro, "26.10.0") [...] Overall the proposal to use the current year as the minor version was well-received, Hugo mentioned that he'd be drafting up a PEP for this change.

Read more of this story at Slashdot.

wgoodman shares a report from The Register: NASA's Voyager 1 spacecraft is back in action and conducting normal science operations for the first time since the veteran probe began spouting gibberish at the end of 2023. All four of the spacecraft's remaining operational instruments are now returning usable data to Earth, according to NASA. Some additional work is needed to tidy up the effects of the issue. Engineers need to resynchronize the timekeeping software of Voyager 1's three onboard computers to ensure that commands are executed at the correct times. Maintenance will also be performed on the digital tape recorder, which records some data from the plasma instrument for a six-monthly downlink to Earth. Voyager 1's woes began in November 2023, when the spacecraft stopped transmitting usable data back to Earth. Rather than engineering and science data, NASA found itself faced with a repeating pattern of ones and zeroes, as though the spacecraft was somehow stalled. Engineers reckoned the issue lay with the Flight Data System (FDS) and in March sent a command -- dubbed a "poke" -- to get the FDS to try some other software sequences and thus circumvent whatever was causing the problem. The result was a complete memory dump from the computer, which allowed engineers to pinpoint where the corruption had occurred. It appeared that a single chip was malfunctioning, and engineers were faced with the challenge of devising a software update that would work around the defective hardware. Usable engineering data began to be returned later in April, and in May the mission team sent commands to instruct the probe to keep science data flowing. The result was that the plasma wave subsystem and magnetometer instrument began sending data immediately. According to NASA, the cosmic ray subsystem and low energy charged particle instrument required a little more tweaking but are now operational. The rescue was made all the more impressive by the fact that it takes 22.5 hours for a command to reach Voyager 1 and another 22.5 hours for a response to be received on Earth.

Read more of this story at Slashdot.

The Pentagon announced the first winners of its $5.6 billion National Security Space Launch program, with Jeff Bezos' Blue Origin securing a spot for the first time alongside Elon Musk's SpaceX and United Launch Alliance (ULA). These companies will compete for contracts through mid-2029 under the program's Phase 3, which is expected to include 90 rocket launch orders. CNBC reports: Under the program, known as NSSL Phase 3 Lane 1, the trio of companies will be eligible to compete for contracts through mid-2029. ULA and SpaceX have already been competing for contracts under the previous Phase 2 edition of NSSL: In total, over five years of Phase 2 launch orders, the military assigned ULA with 26 missions worth $3.1 billion, while SpaceX got 22 missions worth $2.5 billion. Blue Origin, as well as Northrop Grumman, missed out on Phase 2 when the Pentagon selected ULA and SpaceX for the program in August 2020. But with Phase 3, the U.S. military is raising the stakes -- and widening the field -- on a high-profile competition for Space Force mission contracts. Phase 3 is expected to see 90 rocket launch orders in total, with a split approach of categories Lane 1 and Lane 2 to allow even more companies to bid.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Alphabet's Google must face trial on U.S. antitrust enforcers' claim that the internet search juggernaut illegally dominates the online advertising technology market, a federal judge ruled on Friday. U.S. District Judge Leonie Brinkema in Alexandria, Virginia, denied Google's motion during a hearing, according to court records. Google had argued for a win without a trial, saying that antitrust laws do not block companies from refusing to deal with rivals and that regulators had not accurately defined the ad tech market. Court papers did not specify what reasons the judge provided at the hearing. Motions like the one Google filed are only granted where a judge determines there is no factual dispute to send to trial. Last year, the U.S. Justice department and eight states sued Google, calling for the break up of the search giant's ad-technology business over alleged illegal monopolization of the digital advertising market.

Read more of this story at Slashdot.

Drew Turney reports via Live Science: The "Turing test," first proposed as "the imitation game" by computer scientist Alan Turing in 1950, judges whether a machine's ability to show intelligence is indistinguishable from a human. For a machine to pass the Turing test, it must be able to talk to somebody and fool them into thinking it is human. Scientists decided to replicate this test by asking 500 people to speak with four respondents, including a human and the 1960s-era AI program ELIZA as well as both GPT-3.5 and GPT-4, the AI that powers ChatGPT. The conversations lasted five minutes -- after which participants had to say whether they believed they were talking to a human or an AI. In the study, published May 9 to the pre-print arXiv server, the scientists found that participants judged GPT-4 to be human 54% of the time. ELIZA, a system pre-programmed with responses but with no large language model (LLM) or neural network architecture, was judged to be human just 22% of the time. GPT-3.5 scored 50% while the human participant scored 67%. "Machines can confabulate, mashing together plausible ex-post-facto justifications for things, as humans do," Nell Watson, an AI researcher at the Institute of Electrical and Electronics Engineers (IEEE), told Live Science. "They can be subject to cognitive biases, bamboozled and manipulated, and are becoming increasingly deceptive. All these elements mean human-like foibles and quirks are being expressed in AI systems, which makes them more human-like than previous approaches that had little more than a list of canned responses." Further reading: 1960s Chatbot ELIZA Beat OpenAI's GPT-3.5 In a Recent Turing Test Study

Read more of this story at Slashdot.

The Energy Information Administration (EIA) expects Americans' monthly electricity bills to average $173 between June through August, compared to $168 last summer. "The slight bump in costs comes from consumers cranking up their air conditioning more to cope with a warmer season than last year," writes The Verge's Justine Calma. "Bills would have jumped higher, if not for lower residential electricity prices helping to balance out some of the increased energy use from air conditioning." From the report: Some regions are likely to be harder hit by the weather than others. Because of heat and humidity along the Gulf Coast, residents in Southern states typically use the most electricity in the summer to cool their homes. The Pacific Coast, meanwhile, faces the biggest potential percentage increase in retail electricity prices in the nation -- a 7 percent jump since last year. Wholesale electricity costs there have risen since 2022, in part because of a heat and drought-induced shortfall in hydroelectricity generation. Households along the Pacific could see their electricity bills go up an average of $11 per month this summer, according to the EIA. To be sure, the EIA says that weather is "the main source of uncertainty" in its forecasts for folks' utility bills. If this summer winds up being hotter than expected, households could wind up paying even more. Residential electricity use typically peaks in the summer for most of the US because of air conditioning. Extreme heat can even trigger power outages if demand suddenly rises too sharply. California, the Southwest, the Midwest, Texas, and New England are at "elevated risk" of electricity supply shortages during any extreme weather this summer, according to an assessment (PDF) by the North American Electric Reliability Corporation.

Read more of this story at Slashdot.

A critical vulnerability in the PHP programming language (CVE-2024-4577) has been exploited by ransomware criminals, leading to the infection of up to 1,800 servers primarily in China with the TellYouThePass ransomware. This vulnerability, which affects PHP when run in CGI mode, allows attackers to execute malicious code on web servers. Ars Technica's Dan Goodin reports: As of Thursday, Internet scans performed by security firm Censys had detected 1,000 servers infected by a ransomware strain known as TellYouThePass, down from 1,800 detected on Monday. The servers, primarily located in China, no longer display their usual content; instead, many list the site's file directory, which shows all files have been given a .locked extension, indicating they have been encrypted. An accompanying ransom note demands roughly $6,500 in exchange for the decryption key. The vulnerability, tracked as CVE-2024-4577 and carrying a severity rating of 9.8 out of 10, stems from errors in the way PHP converts Unicode characters into ASCII. A feature built into Windows known as Best Fit allows attackers to use a technique known as argument injection to convert user-supplied input into characters that pass malicious commands to the main PHP application. Exploits allow attackers to bypass CVE-2012-1823, a critical code execution vulnerability patched in PHP in 2012. CVE-2024-4577 affects PHP only when it runs in a mode known as CGI, in which a web server parses HTTP requests and passes them to a PHP script for processing. Even when PHP isn't set to CGI mode, however, the vulnerability may still be exploitable when PHP executables such as php.exe and php-cgi.exe are in directories that are accessible by the web server. This configuration is extremely rare, with the exception of the XAMPP platform, which uses it by default. An additional requirement appears to be that the Windows locale -- used to personalize the OS to the local language of the user -- must be set to either Chinese or Japanese. The critical vulnerability was published on June 6, along with a security patch. Within 24 hours, threat actors were exploiting it to install TellYouThePass, researchers from security firm Imperva reported Monday. The exploits executed code that used the mshta.exe Windows binary to run an HTML application file hosted on an attacker-controlled server. Use of the binary indicated an approach known as living off the land, in which attackers use native OS functionalities and tools in an attempt to blend in with normal, non-malicious activity. In a post published Friday, Censys researchers said that the exploitation by the TellYouThePass gang started on June 7 and mirrored past incidents that opportunistically mass scan the Internet for vulnerable systems following a high-profile vulnerability and indiscriminately targeting any accessible server. The vast majority of the infected servers have IP addresses geolocated to China, Taiwan, Hong Kong, or Japan, likely stemming from the fact that Chinese and Japanese locales are the only ones confirmed to be vulnerable, Censys researchers said in an email. Since then, the number of infected sites -- detected by observing the public-facing HTTP response serving an open directory listing showing the server's filesystem, along with the distinctive file-naming convention of the ransom note -- has fluctuated from a low of 670 on June 8 to a high of 1,800 on Monday. Censys researchers said in an email that they're not entirely sure what's causing the changing numbers.

Read more of this story at Slashdot.

In a featured article for The Verge, David Pierce explores the world of competitive Excel, highlighting its rise from a hobbyist activity to a potential esport, showcased during the Excel World Championship in Las Vegas. Top spreadsheet enthusiasts competed at the MGM Grand to solve complex Excel challenges, emphasizing the transformative power and ubiquity of spreadsheets in both business and entertainment. An anonymous reader quotes an excerpt from the report: Competitive Excel has been around for years, but only in a hobbyist way. Most of the people in this room full of actuaries, analysts, accountants, and investors play Excel the way I play Scrabble or do the crossword -- exercising your brain using tools you understand. But last year's competition became a viral hit on ESPN and YouTube, and this year, the organizers are trying to capitalize. After all, someone points out to me, poker is basically just math, and it's all over TV. Why not spreadsheets? Excel is a tool. It's a game. Now it hopes to become a sport. I've come to realize in my two days in this ballroom that understanding a spreadsheet is like a superpower. The folks in this room make their living on their ability to take some complex thing -- a company's sales, a person's lifestyle, a region's political leanings, a race car -- and pull it apart into its many component pieces. If you can reduce the world down to a bunch of rows and columns, you can control it. Manipulate it. Build it and rebuild it in a thousand new ways, with a couple of hotkeys and an undo button at the ready. A good spreadsheet shows you the universe and gives you the ability to create new ones. And the people in this room, in their dad jeans and short-sleeved button-downs, are the gods on Olympus, bending everything to their will. There is one inescapably weird thing about competitive Excel: spreadsheets are not fun. Spreadsheets are very powerful, very interesting, very important, but they are for work. Most of what happens at the FMWC is, in almost every practical way, indistinguishable from the normal work that millions of people do in spreadsheets every day. You can gussy up the format, shorten the timelines, and raise the stakes all you want -- the reality is you're still asking a bunch of people who make spreadsheets for a living to just make more spreadsheets, even if they're doing it in Vegas. You really can't overstate how important and ubiquitous spreadsheets really are, though. "Electronic spreadsheets" actually date back earlier than computers and are maybe the single most important reason computers first became mainstream. In the late 1970s, a Harvard MBA student named Dan Bricklin started to dream up a software program that could automatically do the math he was constantly doing and re-doing in class. "I imagined a magic blackboard that if you erased one number and wrote a new thing in, all of the other numbers would automatically change, like word processing with numbers," he said in a 2016 TED Talk. This sounds quaint and obvious now, but it was revolutionary then. [...] Competitive Excel has been around for years, but only in a hobbyist way. Most of the people in this room full of actuaries, analysts, accountants, and investors play Excel the way I play Scrabble or do the crossword -- exercising your brain using tools you understand. But last year's competition became a viral hit on ESPN and YouTube, and this year, the organizers are trying to capitalize. After all, someone points out to me, poker is basically just math, and it's all over TV. Why not spreadsheets? Excel is a tool. It's a game. Now it hopes to become a sport. I've come to realize in my two days in this ballroom that understanding a spreadsheet is like a superpower. The folks in this room make their living on their ability to take some complex thing -- a company's sales, a person's lifestyle, a region's political leanings, a race car -- and pull it apart into its many component pieces. If you can reduce the world down to a bunch of rows and columns, you can control it. Manipulate it. Build it and rebuild it in a thousand new ways, with a couple of hotkeys and an undo button at the ready. A good spreadsheet shows you the universe and gives you the ability to create new ones. And the people in this room, in their dad jeans and short-sleeved button-downs, are the gods on Olympus, bending everything to their will.

Read more of this story at Slashdot.