Slashdot

This week Harvard's president Claudine Gay resigned "after conservative activists revealed she had plagiarized," writes Business Insider, adding that hedge fund manager/prominent Harvard donor Bill Ackman "helped lead the charge." Then Business Insider "analyzed Ackman's wife's doctoral dissertation and found numerous instances of plagiarism." In most cases Ackman's wife put the author's name and publication date immediately after the material which she used — but did not put quotation marks around it. But according to the Business Insider, "At least 15 passages from her 2010 MIT doctoral dissertation were lifted without any citation from Wikipedia entries." Her husband, Ackman, has taken a hardline stance on plagiarism. On Wednesday, responding to news that Gay is set to remain a part of Harvard's faculty after she resigned as president, he wrote on X that Gay should be fired completely due to "serious plagiarism issues... Students are forced to withdraw for much less," Ackman continued. "Rewarding her with a highly paid faculty position sets a very bad precedent for academic integrity at Harvard." Ackman's wife was a tenured MIT professor from 2017 to 2021, according to the article. "It is unfortunate that my actions to address problems in higher education have led to these attacks on my family," Ackman posted Friday night on Twitter. Then Ackman threatened "a review of the work of all current MIT faculty members. We will begin with a review of the work of all current MIT faculty members, President Kornbluth, other officers of the Corporation, and its board members for plagiarism." Business Insider notes that Ackman "has been vocal about wanting to see MIT's president, Sally Kornbluth, fired since Kornbluth testified on December 5 in front of a congressional panel examining how university presidents handled student protests against Israel's war in Gaza. Kornbluth said in her opening statement that she didn't support 'speech codes' that would restrict what students say during protests."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Russian hackers were inside Ukrainian telecoms giant Kyivstar's system from at least May last year in a cyberattack that should serve as a "big warning" to the West, Ukraine's cyber spy chief told Reuters. The hack, one of the most dramatic since Russia's full-scale invasion nearly two years ago, knocked out services provided by Ukraine's biggest telecoms operator for some 24 million users for days from Dec. 12. In an interview, Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department, disclosed exclusive details about the hack, which he said caused "disastrous" destruction and aimed to land a psychological blow and gather intelligence. "This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," he said. He noted Kyivstar was a wealthy, private company that invested a lot in cybersecurity. The attack wiped "almost everything", including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator." During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier, he said in a Zoom interview on Dec. 27. "For now, we can say securely, that they were in the system at least since May 2023," he said. "I cannot say right now, since what time they had ... full access: probably at least since November." The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and perhaps steal Telegram accounts with the level of access they gained, he said. A Kyivstar spokesperson said the company was working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks, adding: "No facts of leakage of personal and subscriber data have been revealed." Investigating the attack is harder because of the wiping of Kyivstar's infrastructure. Vitiuk said he was "pretty sure" it was carried out by Sandworm, a Russian military intelligence cyberwarfare unit that has been linked to cyberattacks in Ukraine and elsewhere. A year ago, Sandworm penetrated a Ukrainian telecoms operator, but was detected by Kyiv because the SBU had itself been inside Russian systems, Vitiuk said, declining to identify the company. The earlier hack has not been previously reported. Vitiuk said SBU investigators were still working to establish how Kyivstar was penetrated or what type of trojan horse malware could have been used to break in, adding that it could have been phishing, someone helping on the inside or something else. If it was an inside job, the insider who helped the hackers did not have a high level of clearance in the company, as the hackers made use of malware used to steal hashes of passwords, he said. Samples of that malware have been recovered and are being analysed, he added.

Read more of this story at Slashdot.

Business Insider's Kelli Maria Korducki reports on a growing trend happening on LinkedIn: some people are using the professional network for personal connections, fielding romantic offers amid job postings. But that leaves the question: Is it a good idea to mix work and love? From the report: Dustin Kidd, a professor of sociology at Temple University who researches social media and pop culture, said that dating via LinkedIn belonged to a long tradition of "dating hacks" -- using online tools designed for other purposes to snag a date. "In the aughts, this happened with Friendster and then Myspace," Kidd said, but has since spread to myriad platforms that are ostensibly romance-free. Even fitness-tracking sites such as Strava are fair game. The common thread for love-hijacked social-media sites is a single feature, Kidd said: DMs. "The design of LinkedIn helps to maintain its focus on the professional, but any platform with a direct-messaging option is likely to also be used to pursue sex and dating," he told me. The ease and relative privacy of direct messaging help explain how some people are using LinkedIn for romance, but it doesn't explain why. In an age with so many dedicated dating platforms -- from giants such as Tinder, Bumble, and Hinge to niche apps including Feeld (for the unconventional), Pure (for the noncommittal), and NUiT (for the astrologically inclined) -- why mix Cupid's arrow with corporate updates? Any type of social media where you can see people's pictures can turn into a dating app. And LinkedIn is even better because it's not just showing people's fake lives. One answer may be the growing number of Americans who have gotten tired of the roulette-like experience that comes with modern dating apps. In a 2023 Pew survey of US adults, nearly one-third of respondents said they had used an online dating site or app at least once. More than half of women who had used the apps reported feeling overwhelmed by the number of messages they had received in the past year, while 64% of men said they felt insecure from the lack of messages they had gotten. Though an overwhelming majority of men and women said they'd felt excited about people they connected with, an even-larger proportion of respondents said they were sometimes or often disappointed by their matches. [...] LinkedIn's appeal as a dating site, according to people who use it that way, is the platform's ability to give back some of that control and boost the caliber of their prospects. Because the professional-networking site asks users to link to their current and former employers' profile pages, it offers an additional layer of credibility that other social-media platforms lack. Many profiles also include first-person references from former colleagues and managers -- real people with real profile pages. [...] Even for those who shy away from using LinkedIn to angle for dates, the site has become a go-to tool for vetting romantic candidates found through conventional dating apps or in-person encounters. "Social media is just one big dating app," [said Samuela John, a 24-year-old personal organizer in New York City who developed chemistry with an oil-industry man on the platform]. "Any type of social media where you can see people's pictures can turn into a dating app. And LinkedIn is even better because it's not just showing people's fake lives." [...] "I don't think you should go into it like, 'All right, I'm going to find my husband on LinkedIn,'" John said. "I think you should go about it as if you were just networking, like in a casual sense. And then if you end up meeting the person, see the vibes and then go from there."

Read more of this story at Slashdot.

The White House has convened a last-minute meeting to discuss a private lunar mission, Peregrine Mission One, after the Navajo Nation requested a delay due to cultural concerns over the transport of human ashes for burial on the moon. "The moon holds a sacred place in Navajo cosmology," said Navajo Nation President Buu Nygren in a statement. "The suggestion of transforming it into a resting place for human remains is deeply disturbing and unacceptable to our people and many other tribal nations." If successful, the commercial mission scheduled to launch Monday "will be the first time an American-made spacecraft has landed on the lunar surface since the end of the Apollo program in 1972," notes CNN. Longtime Slashdot reader garyisabusyguy shares the report: The private companies providing these lunar burial services, Celestis and Elysium Space, are just two of several paying customers hitching a ride to the moon on Pittsburgh-based Astrobotic Technology's Peregrine lunar lander. The uncrewed spacecraft is expected to lift off on the inaugural flight of the United Launch Alliance's Vulcan Centaur rocket from Florida's Cape Canaveral Space Force Station. Celestis' payload, called Tranquility Flight, includes 66 "memorial capsules" containing "cremated remains and DNA," which will remain on the lunar surface "as a permanent tribute to the intrepid souls who never stopped reaching for the stars," according to the company's website. "We are aware of the concerns expressed by Mr. Nygren, but do not find them substantive," Celestis CEO Charles Chafer told CNN. "We reject the assertion that our memorial spaceflight mission desecrates the moon," Chafer said. "Just as permanent memorials for deceased are present all over planet Earth and not considered desecration, our memorial on the moon is handled with care and reverence, is a permanent monument that does not intentionally eject flight capsules on the moon. It is a touching and fitting celebration for our participants -- the exact opposite of desecration, it is a celebration." Elysium Space has not responded to CNN's request for a comment, but the company's website describes its "Lunar Memorial" as delivering "a symbolic portion of remains to the surface of the Moon, helping to create the quintessential commemoration." "I've been disappointed that this conversation came up so late in the game," John Thornton, Astrobotic Technology CEO, said. "I would have liked to have had this conversation a long time ago. We announced the first payload manifest of this nature to our mission back in 2015. A second in 2020. We really are trying to do the right thing and I hope we can find a good path forward with Navajo Nation." [...] Friday's meeting convened by the White House is scheduled to feature representatives from NASA, the FAA, the US Department of Transportation, and the Department of Commerce. But Navajo Nation officials have little hope that they will be able to stop Monday's launch. "Based off of what we're seeing, and NASA are already having their pre-launch briefing, it doesn't look like they have any intention of stopping the launch or removing the remains," Ahasteen said.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Consumer Reports has found that plastics retain a "widespread" presence in food despite the health risks, and called on regulators to reassess the safety of plastics that come into contact with food during production. The non-profit consumer group said on Thursday that 84 out of 85 supermarket foods and fast foods it recently tested contained "plasticizers" known as phthalates, a chemical used to make plastic more durable. It also said 79% of food samples in its study contained bisphenol A (BPA), another chemical found in plastic, and other bisphenols, though levels were lower than in tests done in 2009. Consumer Reports said none of the phthalate levels it found exceeded limits set by U.S. and European regulators. It also said there was no level of phthalates that scientists confirm is safe, but that does not guarantee the safety of foods you eat. Phthalates and bisphenols can disrupt the production and regulation of estrogen and other hormones, potentially boosting the risk of birth defects, cancer, diabetes, infertility, neurodevelopmental disorders, obesity and other health problems. Among tested supermarket foods, Annie's Organic Cheesy Ravioli contained the most phthalates in nanograms per serving, 53,579, followed by Del Monte sliced peaches and Chicken of the Sea pink salmon.

Read more of this story at Slashdot.

Dan Goodin reports via Ars Technica: Software maker Ivanti is urging users of its end-point security product to patch a critical vulnerability that makes it possible for unauthenticated attackers to execute malicious code inside affected networks. The vulnerability, in a class known as a SQL injection, resides in all supported versions of the Ivanti Endpoint Manager. Also known as the Ivanti EPM, the software runs on a variety of platforms, including Windows, macOS, Linux, Chrome OS, and Internet of Things devices such as routers. SQL injection vulnerabilities stem from faulty code that interprets user input as database commands or, in more technical terms, from concatenating data with SQL code without quoting the data in accordance with the SQL syntax. CVE-2023-39336, as the Ivanti vulnerability is tracked, carries a severity rating of 9.6 out of a possible 10. "If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication," Ivanti officials wrote Friday in a post announcing the patch availability. "This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server." RCE is short for remote code execution, or the ability for off-premises attackers to run code of their choice. Currently, there's no known evidence the vulnerability is under active exploitation. Ivanti has also published a disclosure that is restricted only to registered users. A copy obtained by Ars said Ivanti learned of the vulnerability in October. [...] Putting devices running Ivanti EDM behind a firewall is a best practice and will go a long way to mitigating the severity of CVE-2023-39336, but it would likely do nothing to prevent an attacker who has gained limited access to an employee workstation from exploiting the critical vulnerability. It's unclear if the vulnerability will come under active exploitation, but the best course of action is for all Ivanti EDM users to install the patch as soon as possible.

Read more of this story at Slashdot.

Shortly after the premium email service Hey announced a standalone Hey Calendar app, co-founder David Heinemeier Hansson said it was rejected by Apple for violating App Store rules. "Apple just called to let us know they're rejecting the HEY Calendar app from the App Store (in current form)," wrote DHH on X. "Same bullying tactics as last time: Push delicate rejections to a call with a first-name-only person who'll softly inform you it's your wallet or your kneecaps. Since it's clear we're never going to pay them the extortionate 30% ransom, they're back to the bullshit about 'the app doesn't do anything when you download it.' Despite the fact that after last time, they specifically carved out HEY in App Store Review Guidelines 3.1.3 (f)!" The Verge's Amrita Khalid reports: New users can't sign up for Hey Calendar directly on the app -- Basecamp, which makes Hey, makes users first sign up through a browser. Apple's App Store rules require most paid services to offer users the ability to pay and sign up through the app, ensuring the company gets up to a 30 percent cut. The controversial rule has a ton of gray areas and carve-outs (i.e. reader apps like Spotify and Kindle get an exception) and is the subject of antitrust fights in multiple countries. But as Hansson detailed on X and in a subsequent blog post, he found Apple's rejection insulting for another reason. Close to four years ago, the company rejected Hey's original iOS app for its email service for the exact same reason. The outcome of the 2020 fight actually worked out in Hey's favor. After days of back and forth between Apple's App Store Review Board and Basecamp, the Hey team agreed to a rather creative solution suggested by Apple exec Phil Schiller. Hey would offer a free option for the iOS app, allowing new users to sign up directly. But the company had a slight twist -- users who signed up via the iOS app got a free, temporary randomized email address that worked for 14 days -- after which they had to pay to upgrade. Currently, Hey email users can only pay for an account through the browser. Following the saga with Hey, Apple made a carve-out to its App Store rules that stated that free companion apps to certain types of paid web services were not required to have an in-app payment mechanism. But, as Hansson mentions on X, a calendar app wasn't mentioned in the list of services that Apple now makes an exception for, which includes VOIP, cloud storage, web hosting -- and of course -- email. Hansson plans to fight Apple's decision without elaborating on exactly how he intends to do so.

Read more of this story at Slashdot.

Code within the latest version of the ChatGPT Android app suggests that you'll soon be able to set it as the default assistant app, replacing the Google Assistant. Android Authority's Mishaal Rahman reports: ChatGPT version 1.2023.352, released last month, added a new activity named com.openai.voice.assistant.AssistantActivity. The activity is disabled by default, but after manually enabling and launching it, an overlay appears on the screen with the same swirling animation as the one shown when using the in-app voice chat mode. This overlay appears over other apps and doesn't take up the entire screen like the in-app voice chat mode. So, presumably, you could talk to ChatGPT from any screen by invoking this assistant. However, in my testing, the animation never finished and the activity promptly closed itself before I could speak with the chatbot. This could either be because the feature isn't finished yet or is being controlled by some internal flag. [...] However, the fact that the aforementioned XML file even exists hints that this is what OpenAI intends to do with the app. Making the ChatGPT app Android's default digital assistant app would enable users to launch it by long-pressing the home button (if using three-button navigation) or swiping up from a bottom corner (if using gesture navigation). Unfortunately, the ChatGPT app still wouldn't be able to create custom hotwords or respond to existing ones, since that functionality requires access to privileged APIs only available to trusted, preinstalled apps. Still, given that Google will launch Assistant with Bard any day now, it makes sense that OpenAI wants to make it easier for Android users to access ChatGPT so that users don't flock to Bard just because it's easier to use.

Read more of this story at Slashdot.

An anonymous reader quotes a report from VICE News: Last week border officials in the Punjab region of India revealed they intercepted 107 drug-carrying drones sent by smuggling gangs last year over the border from Pakistan, the highest number on record. Most were carrying heroin or opium from Pakistan to be dropped and received by collaborators in the Punjab, notorious for having India's worst levels of opiate addiction. Last year the head of a police narcotics unit in Lahore, a city in Pakistan which borders the Punjab, was dismissed after he was suspected of running a drug trafficking gang sending drones over to India. But the use of cheap flying robots instead of humans to smuggle drugs across borders is a worldwide phenomenon. [...] [D]rones will likely become an everyday part of drug dealing too, according to Peter Warren Singer, author of multiple books on national security and a Fellow at think tank New America, with legit medicines due to be delivered by drone in the U.S. later this year and maybe in the U.K. too. "We are just scraping the surface of what is possible, as drone deliveries become more and more common in the commercial world, it will be the same with delivery of illicit goods. In our book, Burn-In, we explain how a future city will see drones zipping about delivering everything from groceries and burritos to drugs, both prescribed by a doctor or bought off a dealer. Drones have traditionally been used by governments and corporations for what are known as the "3 D's" jobs that are too dull, dirty, or dangerous for humans. For criminals, it is the same, except add in another D: Dependable. A drone doesn't steal the product and can't be arrested or snitch if caught." Liam O'Shea, senior research fellow for organized crime and policing at defense and security thinktank RUSI, said drones were at the moment of limited value to wholesale traffickers and organized criminal gangs because of their range and the weight they can carry. "It makes sense that smugglers would seek to use drones. They are cheap and easy to acquire. They also lower the risks involved in some transactions, as smugglers do not have to be physically present during transactions. They offer opportunities for smuggling in areas where previous routes were too risky, such as prisons and over securitized borders. "I expect them to be of greater value to smaller players and distributors dealing with smaller quantities. Wholesale drug traffickers will still need to use routes that facilitate smuggling at higher volume or using drones to make multiple trips, which entails risks of detection. That may well change as improvements in technology improve drones' carrying capacity and crime groups are better able to access drones with greater capacity."

Read more of this story at Slashdot.

Tesla and Samsung are joining forces to allow users of Samsung's SmartThings platform to connect to Tesla products so they can keep track of energy production and usage. The Verge reports: When connected to the Powerwall, SmartThings Energy can sync with the "Storm Watch" feature so that you're notified of heavy weather on a Samsung phone or TV, for example. In addition to the Powerwall, SmartThings Energy will be able to connect to other Tesla products, including its electric vehicles, Solar Inverter, and Wall Connector charging solutions. The collaboration is possible thanks to Tesla's API, which Samsung claims SmartThings Energy is the first to take advantage of.

Read more of this story at Slashdot.

Once a dominant force in music discovery, Spotify's famed playlists like RapCaviar, which significantly influenced mainstream music and artist visibility, are losing ground. As the music industry shifts towards algorithmic suggestions and TikTok emerges as a major music promoter, Spotify's strategy evolves with more automated music discovery and less emphasis on human-curated playlists, signaling a potential end to the era where a few key playlists could make a star overnight. Bloomberg reports: Enter TikTok. In the late 2010s, as the algorithmic controlled, short-form video app emerged as a growing force in music promotion, Spotify took notice. On an earnings call in 2020, Spotify Chief Executive Officer Daniel Ek noted that users were increasingly opting for algorithmic suggestions and that Spotify would be leaning into the trend. "As we're getting better and better at personalization, we're serving better and better content and more and more of our users are choosing that," he said. From there, Spotify began implementing a number of changes that over time significantly altered the fundamental dynamics of how playlists get composed. Among other things, the company had already introduced a standardized pitching form that all artists and managers must use to submit tracks for playlist consideration. One former employee says the tool was created to foster a more merit-based system with a greater emphasis on data -- and less focus on the taste of individual curators. The goal, in part, was to give independent and smaller artists without the resources to personally court key playlist editors a better chance at placements. It was also a way to better protect the public-facing editors who in the early days were sometimes subjected to harassment from people disgruntled over their musical choices. As the automated submission system took hold, the editors gradually grew more anonymous and less associated with particular playlists. In a handbook for the editorial team, Spotify instructed curators not to claim ownership of any one playlist. At the same time, Spotify began introducing multiple splashy features meant to encourage algorithm-driven listening, including an AI DJ and Daylist, two features that constantly change to fit listeners' habits and interests. (Spotify says "human expertise" guides the AI DJ.) Last year, Spotify laid off members of the teams involved in making playlists as part of its various cuts. And over time, the shift in emphasis has had consequences outside the company as well. These days, the same music industry sources who in the late 2010s learned to obsess over what was included and excluded from key Spotify playlists have started noticing something else -- it no longer seems to matter as much. Employees at different major labels say they've seen streams coming from RapCaviar drop anywhere from 30% to 50%. The trend towards automated music discovery at Spotify shows no sign of slowing down. One internal presentation titled "Recapturing the Zeitgeist" encourages editorial curators to better utilize data. According to the people who have seen the plan, in addition to putting together a playlist, editorial curators would tag songs to help the algorithm accurately place them on relevant playlists that are automatically personalized for individual subscribers. The company has also shifted some human-curated playlists to personalized versions, including selections with seven-figure followings, like Housewerk and Indie Pop. These days, Spotify is also promoting something called Discovery Mode, wherein labels and artist teams can submit songs for additional algorithm pushes in exchange for a lower royalty rate. These tracks can only surface on personalized listening sessions, a former employee said, meaning Spotify would have a financial incentive to push people to them over editorially curated playlists. (For now, Discovery Mode songs only surface in radio or autoplay listening sessions.) The shift toward algorithmic distribution isn't necessarily a bad thing, says Dan Smith, US general manager at Armada, an independent dance label. "The way fans discovered new music was radio back in the day, then Spotify editorial playlists, then there were a few years where people only discovered new music through TikTok," Brad said. "All those things still work ... we're all just trying different ways to make sure songs get to the right people."

Read more of this story at Slashdot.

An anonymous reader quotes a report from the New York Times: The Justice Department is in the late stages of an investigation into Apple and could file a sweeping antitrust case taking aim at the company's strategies to protect the dominance of the iPhone as soon as the first half of this year, said three people with knowledge of the matter. The agency is focused on how Apple has used its control over its hardware and software to make it more difficult for consumers to ditch the company's devices, as well as for rivals to compete, said the people, who spoke anonymously because the investigation was active. Specifically, investigators have examined how the Apple Watch works better with the iPhone than with other brands, as well as how Apple locks competitors out of its iMessage service. They have also scrutinized Apple's payments system for the iPhone, which blocks other financial firms from offering similar services, these people said. The Justice Department is closing in on what would be the most consequential federal antitrust lawsuit challenging Apple, which is the most valuable tech company in the world. If the lawsuit is filed, American regulators will have sued four of the biggest tech companies for monopolistic business practices in less than five years. The Justice Department is currently facing off against Google in two antitrust cases, focused on its search and ad tech businesses, while the Federal Trade Commission has sued Amazon and Meta for stifling competition. The Apple suit would likely be even more expansive than previous challenges to the company, attacking its powerful business model that draws together the iPhone with devices like the Apple Watch and services like Apple Pay to attract and keep consumers loyal to its products. Rivals have said that they have been denied access to key Apple features, like the Siri virtual assistant, prompting them to argue the practices are anticompetitive.

Read more of this story at Slashdot.

Microsoft has begun ditching WordPad from Windows and removed the editor from the first Canary Channel build of 2024. From a report: We knew it was coming, but the reality has arrived in the Canary Channel. A clean install will omit WordPad as of build 26020 of Windows 11. At an undisclosed point, the application will be removed on upgrade. The People app is also being axed, as expected, and the Steps Recorder won't be getting any more updates and will instead show a banner encouraging users to try something else. Perhaps ClipChamp? WordPad was always an odd tool. Certainly not something one would want to edit text with, but not much of a word processor either. It feels like a throwback to a previous era. However, it was also free, came with Windows, and didn't insist on having a connection to the internet for it to work.

Read more of this story at Slashdot.

Huawei's newest laptop runs on a chip made by Taiwan Semiconductor Manufacturing Co., a teardown of the device showed, quashing talk of another Chinese technological breakthrough. From a report: The Qingyun L540 notebook contains a 5-nanometer chip made by the Taiwanese company in 2020, around the time US sanctions cut off Huawei's access to the chipmaker, research firm TechInsights found after dismantling the device for Bloomberg News. That counters speculation that Huawei's mainland Chinese chipmaking partner, Semiconductor Manufacturing International Corp., may have achieved a major leap in fabrication technique. Huawei caused a stir in the US and China last August when it released a smartphone with a 7nm processor made by Shanghai-based SMIC. A teardown by the Canada-based research outfit for Bloomberg News showed the Mate 60 Pro's chip was only a few years behind the cutting edge, a feat that US trade curbs were meant to prevent. That revelation spurred celebration across the Chinese tech scene, and a debate in the US about the effectiveness of sanctions.

Read more of this story at Slashdot.

The Food and Drug Administration has allowed Florida to import millions of dollars worth of medications from Canada at far lower prices than in the United States, overriding fierce decades-long objections from the pharmaceutical industry. From a report: The approval, issued in a letter to Florida Friday, is a major policy shift for the United States, and supporters hope it will be a significant step forward in the long and largely unsuccessful effort to rein in drug prices. Individuals in the United States are allowed to buy directly from Canadian pharmacies, but states have long wanted to be able to purchase medicines in bulk for their Medicaid programs, government clinics and prisons from Canadian wholesalers. Florida has estimated that it could save up to $150 million in its first year of the program, importing medicines that treat H.I.V., AIDS, diabetes, hepatitis C and psychiatric conditions. Other states have applied to the F.D.A. to set up similar programs. But significant hurdles remain. The pharmaceutical industry's major lobbying organization, the Pharmaceutical Research and Manufacturers of America, or PhRMA, which has sued over previous importation efforts, is expected to file suit to prevent the Florida plan from going into effect. Some drug manufacturers have agreements with Canadian wholesalers not to export their medicines, and the Canadian government has already taken steps to block the export of prescription drugs that are in short supply.

Read more of this story at Slashdot.

As the number of bees and other pollinators falls, field pansies are adapting by fertilizing their own seeds, a new study found. From a report: Every spring, trillions of flowers mate with the help of bees and other animals. They lure the pollinators to their flowers with flashy colors and nectar. As the animals travel from flower to flower, they take pollen with them, which can fertilize the seeds of other plants. A new study suggests that humans are quickly altering this annual rite of spring. As toxic pesticides and vanishing habitats have driven down the populations of bees and other pollinators, some flowers have evolved to fertilize their own seeds more often, rather than those of other plants. Scientists said they were surprised by the speed of the changes, which occurred in just 20 generations. "That's rapid evolution," said Pierre-Olivier Cheptou, an evolutionary ecologist at the University of Montpellier in France who led the research. Dr. Cheptou was inspired to carry out the study when it became clear that bees and other pollinators were in a drastic decline. Would flowers that depend on pollinators for sex, he wondered, find another way to reproduce? The study focused on a weedy plant called the field pansy, whose white, yellow and purple flowers are common in fields and on roadsides across Europe. Field pansies typically use bumblebees to sexually reproduce. But they can also use their own pollen to fertilize their own seeds, a process called selfing. Selfing is more convenient than sex, since a flower does not have to wait for a bee to drop by. But a selfing flower can use only its own genes to produce new seeds. Sexual reproduction allows flowers to mix their DNA, creating new combinations that may make them better prepared for diseases, droughts and other challenges that future generations may face. To track the evolution of field pansies in recent decades, Dr. Cheptou and his colleagues took advantage of a cache of seeds that France's National Botanical Conservatories collected in the 1990s and early 2000s. The researchers compared these old flowers with new ones from across the French countryside. After growing the new and old seeds side by side in the lab under identical conditions, they discovered that selfing had increased 27 percent since the 1990s.

Read more of this story at Slashdot.

Little noticed, days before the holiday break, Boeing petitioned the Federal Aviation Administration for an exemption from key safety standards for the 737 MAX 7 -- the still-uncertified smallest member of its newest jet family. Seattle Times: Since August, earlier models of the MAX currently flying passengers in the U.S. have had to limit use of the jet's engine anti-ice system after Boeing discovered a defect in the system with potentially catastrophic consequences. The flaw could cause the inlet at the front end of the pod surrounding the engine -- known as a nacelle -- to break and fall off. In an August Airworthiness Directive, the FAA stated that debris from such a breakup could penetrate the fuselage, putting passengers seated at windows behind the wings in danger, and could damage the wing or tail of the plane, "which could result in loss of control of the airplane." Dennis Tajer, a spokesperson for the Allied Pilots Association, the union representing 15,000 American Airlines pilots, said the flaw in the engine anti-ice system has "given us great concern." He said the pilot procedure the FAA approved as an interim solution -- urging pilots to make sure to turn off the system when icing conditions dissipate to avoid overheating that within five minutes could seriously damage the structure of the nacelle -- is inadequate given the serious potential danger. "You get our attention when you say people might get killed," Tajer said. "We're not interested in seeing exemptions and accommodations that depend on human memory. ... There's just got to be a better way." In its petition to the FAA, Boeing argues the breakup of the engine nacelle is "extremely improbable" and that an exemption will not reduce safety. "The 737 MAX has been in service since 2017 and has accumulated over 6.5 million flight hours. In that time, there have been no reported cases of parts departing aircraft due to overheating of the engine nacelle inlet structure," the filing states.

Read more of this story at Slashdot.

An anonymous reader shares a report: The DeepMind robotics team has revealed three new advances that it says will help robots make faster, better, and safer decisions in the wild. One includes a system for gathering training data with a "Robot Constitution" to make sure your robot office assistant can fetch you more printer paper -- but without mowing down a human co-worker who happens to be in the way. Google's data gathering system, AutoRT, can use a visual language model (VLM) and large language model (LLM) working hand in hand to understand its environment, adapt to unfamiliar settings, and decide on appropriate tasks. The Robot Constitution, which is inspired by Isaac Asimov's "Three Laws of Robotics," is described as a set of "safety-focused prompts" instructing the LLM to avoid choosing tasks that involve humans, animals, sharp objects, and even electrical appliances. For additional safety, DeepMind programmed the robots to stop automatically if the force on its joints goes past a certain threshold and included a physical kill switch human operators can use to deactivate them. Over a period of seven months, Google deployed a fleet of 53 AutoRT robots into four different office buildings and conducted over 77,000 trials. Some robots were controlled remotely by human operators, while others operated either based on a script or completely autonomously using Google's Robotic Transformer (RT-2) AI learning model.

Read more of this story at Slashdot.

Orange Espana, Spain's second-biggest mobile operator, suffered a major outage on Wednesday after an unknown party obtained a "ridiculously weak" password and used it to access an account for managing the global routing table that controls which networks deliver the company's Internet traffic, researchers said. From a report: The hijacking began around 9:28 Coordinated Universal Time (about 2:28 Pacific time) when the party logged into Orange's RIPE NCC account using the password "ripeadmin" (minus the quotation marks). The RIPE Network Coordination Center is one of five Regional Internet Registries, which are responsible for managing and allocating IP addresses to Internet service providers, telecommunication organizations, and companies that manage their own network infrastructure. RIPE serves 75 countries in Europe, the Middle East, and Central Asia. The password came to light after the party, using the moniker Snow, posted an image to social media that showed the orange.es email address associated with the RIPE account. RIPE said it's working on ways to beef up account security. Security firm Hudson Rock plugged the email address into a database it maintains to track credentials for sale in online bazaars. In a post, the security firm said the username and "ridiculously weak" password were harvested by information-stealing malware that had been installed on an Orange computer since September. The password was then made available for sale on an infostealer marketplace.

Read more of this story at Slashdot.

China's top diplomat warned the US that decoupling would be "self defeating" as the country set out to implement a recent agreement made between their leaders. From a report: Foreign Minister Wang Yi, speaking on Friday at an event to mark the 45th anniversary of US-China diplomatic relations, cited a slew of initiatives that reflect improved ties including streamlined visas for US travelers, a counternarcotics working group to battle the flow of the synthetic fentanyl to the US, and the sending of pandas to the US by the end of the year. "Any decoupling attempt to stem the tide will only be counterproductive and self defeating," Wang said. David Meale, deputy chief of mission at the U.S. Embassy in Beijing, joined Friday's event as charge d'affaires with Ambassador Nicholas Burns out of town. Tensions between China and the US started to ease after President Joe Biden and Chinese leader Xi Jinping met in November. The talks resulted in a resumption of high-level military-to-military ties, a promise to collaborate on the fentanyl problem and a commitment to boost interactions between people in the two countries.

Read more of this story at Slashdot.