Linux fréttir

Bitwarden, the popular open-source password management program, has launched Bitwarden Passwordless.dev, a developer toolkit for integrating FIDO2 WebAuthn-based passkeys into websites and applications. The New Stack reports: Bitwarden Passwordless.dev uses an easy-to-use application programming interface (API) to provide a simplified approach to implementing passkey-based authentication with your existing code. This enables developers to create seamless authentication experiences swiftly and efficiently. For example, you can use it to integrate with FIDO2 WebAuthn applications such as Face ID, fingerprint, and Windows Hello. Enterprises also face challenges in integrating passkey-based authentication into their existing applications. Another way Bitwarden Passwordless.dev addresses this issue is by including an admin console. This enables programmers to configure applications, manage user attributes, monitor passkey usage, deploy code, and get started instantly. "Passwordless authentication is rapidly gaining popularity due to its enhanced security and streamlined user login experience," said Michael Crandell, CEO of Bitwarden. "Bitwarden equips developers with the necessary tools and flexibility to implement passkey-based authentication swiftly and effortlessly, thereby improving user experiences while maintaining optimal security levels."

Read more of this story at Slashdot.

According to investigative reporter Will Evans, Amazon recently backed out of a commitment to make 50% of its shipments net-zero carbon by 2030. "Amazon said (PDF) in a statement that it would roll this goal into a broader Climate Pledge to reach net-zero carbon across all its operations by 2040," reports Insider. "That's a decade later than the 50% goal, which was called 'Shipment Zero' at the time." From the report: "As we examined our work toward The Climate Pledge, we realized that it no longer made sense to have a separate and more narrow Shipment Zero goal that applied to only one part of our business, so we've decided to eliminate it," Amazon wrote in the statement. The investigative reporter Will Evans squeezed this information from Amazon and tweeted about it Thursday. Last year, Evans uncovered a study that said the company had drastically undercounted its carbon footprint. At the time, an Amazon spokesman reiterated the company's commitment to cutting emissions, including ordering a fleet of electric delivery vans and buying renewable energy for its electricity needs. Dropping the specific shipment pledge is noteworthy because Amazon's ecommerce operation relies on vast fleets of vehicles and aircraft to deliver packages to consumers quickly. Most of this activity chews up vast quantities of fossil fuels and spews out greenhouse gases. However, fast delivery is a key selling point for shoppers and the main reason millions subscribe to the company's Prime program. Amazon announced the Shipment Zero initiative in a blog a few years ago. The company has since deleted the post. However, through the magic of the Internet Archive's Wayback Machine, large corporations cannot rewrite online history. Here's a version of the blog.

Read more of this story at Slashdot.

Phone-hugging code can record calls, read messages, track geolocation, access camera, other snooping

The Android Predator spyware has more surveillance capabilities than previously suspected, according to analysis by Cisco Talos, with an assist from non-profit Citizen Lab in Canada.…

Google has been ordered to pay Sonos $32.5 million after a jury verdict found that Google's smart speakers and media players infringed on one of Sonos' patents. The Verge reports: The legal battle started in 2020 when Sonos accused Google of copying its patented multiroom audio technology after the companies partnered in 2013. Sonos went on to win its case at the US International Trade Commission, resulting in a limited import ban on some of the Google devices in question. Google has also had to pull some features from its lineup of smart speakers and smart displays. Last August, Google sued Sonos over allegations that the audio company infringed on Google's smart speakers and voice control technology. This most recent trial started earlier this month, with Google spokesperson Jose Castaneda telling Reuters at the time that the case pertains to "some very specific features that are not commonly used" and that Sonos "mischaracterized our partnership and technology." Neither Google nor Sonos immediately responded to The Verge's request for comment. Sonos didn't come out of the case completely victorious, however, as the jury decided that Google's Home app didn't infringe on a separate patent filed by Sonos. The judge also told jurors to "disregard a $90 million damages estimate from a Sonos expert witness, saying he had decided that some of the evidence provided was inadmissible," Law360 reports.

Read more of this story at Slashdot.

Python package pile prefers protecting programmer privacy

PyPI, the Python Package Index, began evaluating ways to reduce the amount of identifying information that it stores even before the US Justice Department came asking for data on suspect users.…

An anonymous reader quotes a report from KrebsOnSecurity: The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains. Freenom is the domain name registry service provider for five so-called "country code top level domains" (ccTLDs), including .cf for the Central African Republic; .ga for Gabon; .gq for Equatorial Guinea; .ml for Mali; and .tk for Tokelau. Freenom has always waived the registration fees for domains in these country-code domains, but the registrar also reserves the right to take back free domains at any time, and to divert traffic to other sites -- including adult websites. And there are countless reports from Freenom users who've seen free domains removed from their control and forwarded to other websites. By the time Meta initially filed its lawsuit in December 2022, Freenom was the source of well more than half of all new phishing domains coming from country-code top-level domains. Meta initially asked a court to seal its case against Freenom, but that request was denied. Meta withdrew its December 2022 lawsuit and re-filed it in March 2023. "The five ccTLDs to which Freenom provides its services are the TLDs of choice for cybercriminals because Freenom provides free domain name registration services and shields its customers' identity, even after being presented with evidence that the domain names are being used for illegal purposes," Meta's complaint charged. "Even after receiving notices of infringement or phishing by its customers, Freenom continues to license new infringing domain names to those same customers." Meta pointed to research from Interisle Consulting Group, which discovered in 2021 and again last year that the five ccTLDs operated by Freenom made up half of the Top Ten TLDs most abused by phishers. Interisle partner Dave Piscitello said something remarkable has happened in the months since the Meta lawsuit. "We've observed a significant decline in phishing domains reported in the Freenom commercialized ccTLDs in months surrounding the lawsuit," Piscitello wrote on Mastodon. "Responsible for over 60% of phishing domains reported in November 2022, Freenom's percentage has dropped to under 15%." Piscitello said it's too soon to tell the full impact of the Freenom lawsuit, noting that Interisle's sources of spam and phishing data all have different policies about when domains are removed from their block lists.

Read more of this story at Slashdot.

Hopefully this tech works better than his self-driving cars

Neuralink, the brain-computer interface startup founded by tech billionaire Elon Musk, has said the US Food and Drug Administration has given permission for its first human clinical trials.…

Researchers from Cisco's Talos security team have uncovered detailed information about Predator, a sophisticated spyware sold to governments worldwide, which can secretly record voice calls, collect data from apps like Signal and WhatsApp, and hide or disable apps on mobile devices. Ars Technica reports: An analysis Talos published on Thursday provides the most detailed look yet at Predator, a piece of advanced spyware that can be used against Android and iOS mobile devices. Predator is developed by Cytrox, a company that Citizen Lab has said is part of an alliance called Intellexa, "a marketing label for a range of mercenary surveillance vendors that emerged in 2019." Other companies belonging to the consortium include Nexa Technologies (formerly Amesys), WiSpear/Passitora Ltd., and Senpai. Last year, researchers with Google's Threat Analysis Group, which tracks cyberattacks carried out or funded by nation-states, reported that Predator had bundled five separate zero-day exploits in a single package and sold it to various government-backed actors. These buyers went on to use the package in three distinct campaigns. The researchers said Predator worked closely with a component known as Alien, which "lives inside multiple privileged processes and receives commands from Predator." The commands included recording audio, adding digital certificates, and hiding apps. [...] According to Talos, the backbone of the malware consists of Predator and Alien. Contrary to previous understandings, Alien is more than a mere loader of Predator. Rather, it actively implements the low-level capabilities that Predator needs to surveil its victims. "New analysis from Talos uncovered the inner workings of PREDATOR and the mechanisms it uses to communicate with the other spyware component deployed along with it known as 'ALIEN,'" Thursday's post stated. "Both components work together to bypass traditional security features on the Android operating system. Our findings reveal the extent of the interweaving of capabilities between PREDATOR and ALIEN, providing proof that ALIEN is much more than just a loader for PREDATOR as previously thought to be." In the sample Talos analyzed, Alien took hold of targeted devices by exploiting five vulnerabilities -- CVE-2021-37973, CVE-2021-37976, CVE-2021-38000, CVE-2021-38003, CVE-2021-1048 -- the first four of which affected Google Chrome, and the last Linux and Android. [...] The deep dive will likely help engineers build better defenses to detect the Predator spyware and prevent it from working as designed. Talos researchers were unable to obtain Predator versions developed for iOS devices.

Read more of this story at Slashdot.

Neuralink, a neurotech startup co-founded by Elon Musk, has received FDA approval for its first in-human clinical study to test its brain implant called the Link. The implant aims to help patients with severe paralysis regain the ability to control external technologies using neural signals, potentially allowing them to communicate through mind-controlled cursors and typing. CNBC reports: "This is the result of incredible work by the Neuralink team in close collaboration with the FDA and represents an important first step that will one day allow our technology to help many people," the company wrote in a tweet. The FDA and Neuralink did not immediately respond to CNBC's request for comment. The extent of the approved trial is not known. Neuralink said in a tweet that patient recruitment for its clinical trial is not open yet. No [brain-computer interface, or BCI] company has managed to clinch the FDA's final seal of approval. But by receiving the go-ahead for a study with human patients, Neuralink is one step closer to market. Neuralink's BCI will require patients to undergo invasive brain surgery. Its system centers around the Link, a small circular implant that processes and translates neural signals. The Link is connected to a series of thin, flexible threads inserted directly into the brain tissue where they detect neural signals. Patients with Neuralink devices will learn to control it using the Neuralink app. Patients will then be able to control external mice and keyboards through a Bluetooth connection, according to the company's website.

Read more of this story at Slashdot.

Come for the Kubernetes, stay for the containers

After using Azure Linux internally for two years and running it in public preview since October 2022, Microsoft this week finally made its distribution generally available.…

An anonymous reader quotes a report from Motherboard: Executives at the National Eating Disorders Association (NEDA) decided to replace hotline workers with a chatbot named Tessa four days after the workers unionized. NEDA, the largest nonprofit organization dedicated to eating disorders, has had a helpline for the last twenty years that provided support to hundreds of thousands of people via chat, phone call, and text. "NEDA claims this was a long-anticipated change and that AI can better serve those with eating disorders. But do not be fooled -- this isn't really about a chatbot. This is about union busting, plain and simple," helpline associate and union member Abbie Harper wrote in a blog post. According to Harper, the helpline is composed of six paid staffers, a couple of supervisors, and up to 200 volunteers at any given time. A group of four full-time workers at NEDA, including Harper, decided to unionize because they felt overwhelmed and understaffed. "We asked for adequate staffing and ongoing training to keep up with our changing and growing Helpline, and opportunities for promotion to grow within NEDA. We didn't even ask for more money," Harper wrote. "When NEDA refused [to recognize our union], we filed for an election with the National Labor Relations Board and won on March 17. Then, four days after our election results were certified, all four of us were told we were being let go and replaced by a chatbot." The chatbot, named Tessa, is described as a "wellness chatbot" and has been in operation since February 2022. The Helpline program will end starting June 1, and Tessa will become the main support system available through NEDA. Helpline volunteers were also asked to step down from their one-on-one support roles and serve as "testers" for the chatbot. According to NPR, which obtained a recording of the call where NEDA fired helpline staff and announced a transition to the chatbot, Tessa was created by a team at Washington University's medical school and spearheaded by Dr. Ellen Fitzsimmons-Craft. The chatbot was trained to specifically address body image issues using therapeutic methods and only has a limited number of responses. "Please note that Tessa, the chatbot program, is NOT a replacement for the Helpline; it is a completely different program offering and was borne out of the need to adapt to the changing needs and expectations of our community," a NEDA spokesperson told Motherboard. "Also, Tessa is NOT ChatGBT [sic], this is a rule-based, guided conversation. Tessa does not make decisions or 'grow' with the chatter; the program follows predetermined pathways based upon the researcher's knowledge of individuals and their needs." The NEDA spokesperson also told Motherboard that Tessa was tested on 700 women between November 2021 through 2023 and 375 of them gave Tessa a 100% helpful rating. "As the researchers concluded their evaluation of the study, they found the success of Tessa demonstrates the potential advantages of chatbots as a cost-effective, easily accessible, and non-stigmatizing option for prevention and intervention in eating disorders," they wrote.

Read more of this story at Slashdot.

A U.S. judge has approved Apple's $50 million class-action settlement resolving consumer claims over certain defective MacBook keyboards, in a ruling that spurned challenges to the deal. From a report: U.S. District Judge Edward Davila in San Jose, California, federal court in his ruling called the settlement "fair, adequate and reasonable." Eleven consumers from New York, Florida, California, Michigan and several other states were the lead plaintiffs in the national class action alleging consumer protection and warranty claims. The lawsuit accused Apple of failing to provide sufficient repairs or troubleshooting help for certain MacBook "butterfly" keyboards made between 2015 and 2019.

Read more of this story at Slashdot.

Uncle Sam confirms it's saying nothing

The US International Trade Administration (ITA) has admitted it promotes the sale of American-approved commercial spyware to foreign governments, and won't answer questions about it, according to US Senator Ron Wyden (D-OR).…

Delaware's low elevation mixed with crowded beaches and limited exit routes make the state particularly vulnerable to massive flooding, but officials hope an influx of federal infrastructure money will trigger future evacuation plans automatically via artificial intelligence. From a report: The Biden administration was set to announce a total of $53 million in grants Thursday to Delaware and seven other states aimed at high-tech solutions to traffic congestion problems. Although the money comes from the infrastructure law the president signed in 2021, many of the programs -- including the $5 million for flood response efforts in Biden's home state -- have evolved since then. "What's new is the predictive analysis; the machine learning," U.S. Federal Highway Administrator Shailen Bhatt, Delaware's former transportation secretary, said in an interview with The Associated Press. "Because now we have access to all this data, it's hard for us as humans to figure out what is data and what is actionable information." Delaware officials pull off evacuation-type procedures every week during the tourism season, with long lines of cars headed to the beaches on weekend mornings and back at night. But flooding presents a unique problem -- including standing water on roads that can make the most direct routes out of town even more treacherous than simply sheltering in place.

Read more of this story at Slashdot.

The two Koreas are elevating a space race aimed at modernizing how each country monitors the other's improving military firepower. From a report: As hopes for a diplomatic breakthrough have dimmed in recent years, North and South Korea have grown more antagonistic toward one another and upped their displays of military might. They have traded missile tests. Pyongyang has sent drones that flew over downtown Seoul. South Korea has sharpened security and defense ties with the U.S. and Japan. The rise in tensions has elevated the importance -- and need -- for spy-satellite technology that neither country now has. South Korea cleared a significant technological marker on Thursday, launching multiple commercial satellites aboard a homegrown rocket for the first time. North Korea's Kim Jong Un regime stands poised to soon fly its first military reconnaissance satellite. Nuri, South Korea's three-stage liquid-fuel rocket, blasted off at 6:24 p.m. local time Thursday from the Naro Space Center in Goheung, a city on the country's southern coast. The 200-ton rocket launched into space and deployed eight satellites into orbit about 342 miles above Earth, about 13 minutes after liftoff. Seoul has the clear technological advantage, weapons analysts say, though Pyongyang has been quick to advance its sanctioned missile program to develop long-range rockets that can carry satellites. Both nations remain years away from having a full-fledged network of spy satellites. But attaining the technology would allow the countries to identify military targets to precisely launch strikes during potential conflict without relying on their allies' satellite technology for information. In North Korea's case, space-based satellite technology is essential for its nuclear strategy. Having eyes in the sky would serve as an additional asset to launching nuclear strikes with better accuracy, said Yang Uk, a military expert at the Asan Institute for Policy Studies, a think tank in Seoul. Should the technology progress enough, North Korea could potentially identify nuclear strike targets in the U.S., he added.

Read more of this story at Slashdot.

New beta versions of Thunderbird (and Firefox, while we're at it) to help set you up

It's beta season in Mozilla land and some cool shiny stuff is on the way. Versions 114 of both the Firefox browser and its distant cousin the Thunderbird email client are heading our way.…

China's world-leading solar industry could face a wave of bankruptcies if the current aggressive expansion of manufacturing capacity continues, according to the sector's biggest player. From a report: More than half of China's solar manufacturers could be forced out in the next two to three years because of excess capacity, Li Zhenguo, president of Longi Green Energy Technology, said during an interview Wednesday on the sidelines of the SNEC PV Power Expo in Shanghai. "Those that will be hurt first will be those that are not prepared sufficiently," he said. Companies with weaker finances and less-advanced technology are most at risk, according to Li. The global solar market is growing rapidly, with installations expected to rise 36% this year to 344 gigawatts, according to BloombergNEF. But factories are expanding even faster. One step in the supply chain alone -- producing the polysilicon that goes into the panels -- will see capacity rise enough to produce 600 gigawatts this year, BloombergNEF analyst Jenny Chase said in a presentation at SNEC earlier this week. "There will be a price crash, it will hurt, and there will probably be bankruptcies across the industry," she said. Others pushed back against overcapacity concerns. Companies that are expanding are doing so because their customers need it, said Li Junfeng, executive council member of the China Energy Research Society.

Read more of this story at Slashdot.

'We accomplished the exact opposite of what we intended...'

Firefox…

Scientists have used artificial intelligence (AI) to discover a new antibiotic that can kill a deadly species of superbug. From a report: The AI helped narrow down thousands of potential chemicals to a handful that could be tested in the laboratory. The result was a potent, experimental antibiotic called abaucin, which will need further tests before being used. The researchers in Canada and the US say AI has the power to massively accelerate the discovery of new drugs. It is the latest example of how the tools of artificial intelligence can be a revolutionary force in science and medicine. Antibiotics kill bacteria. However, there has been a lack of new drugs for decades and bacteria are becoming harder to treat, as they evolve resistance to the ones we have. More than a million people a year are estimated to die from infections that resist treatment with antibiotics. The researchers focused on one of the most problematic species of bacteria - Acinetobacter baumannii, which can infect wounds and cause pneumonia. You may not have heard of it, but it is one of the three superbugs the World Health Organization has identified as a "critical" threat.

Read more of this story at Slashdot.

The instrument that proved Einstein right is back

The US ultra-sensitive space science project, which first proved the existence of gravitational waves, is back after three years of upgrades and maintenance made it 30 percent more sensitive.…