news aggregator

Earth had its first year-long, 1.5-degree rise in temperature. But does this mean we've already missed our goal of limiting temperature increases to 1.5 degrees? No, argues the Washington Post: There's actually some disagreement about what exactly counts as breaching that threshold — but scientists and policymakers agree that it has to be a multiyear average, not a single 12-month period. Scientists estimate that without dramatic emissions reductions, that will happen sometime in the 2030s. But there could be other single years or 12-month periods that cross the line before then. Can we still avoid passing 1.5C? Most scientists say passing 1.5C is inevitable. "The 1.5-degree limit is deader than a doornail," Columbia University climate scientist James Hansen said in a call with reporters late last year.... The Washington Post analyzed 1,200 modeled pathways for the world to shift to clean energy and found that only four of them showed the world hitting the 1.5C target without substantially overshooting or using speculative technology (like large-scale carbon capture) that doesn't yet exist. At this point, many experts believe that the economy is too stuck on fossil fuels to transition fast enough for 1.5 degrees. Does that mean we'll pass catastrophic tipping points? That's a more difficult question. Scientists don't know exactly when certain tipping points — like the collapse of the Greenland ice sheet or the release of greenhouse gases from thawing permafrost — will occur. It's very hard to predict and model these types of catastrophic changes. And 1.5C isn't a magic threshold; it's not as though as soon as we pass that number, Antarctic ice sheets will collapse and ocean circulations will grind to a halt. But one thing is certain: For every tenth of a degree of warming, tipping points are more likely. Two degrees is worse than 1.9 degrees, which is worse than 1.8 degrees, and so on. And at each tenth of a degree, the infrastructure and systems that the world has built — electric grids, homes, livelihoods — will become more strained. Our modern world simply was not designed for temperatures this high. At some level, the final temperature of the planet isn't what matters most. It's where countries can actually get carbon emissions to zero — and stop contributing to future warming altogether.

Read more of this story at Slashdot.

Since 2006 Baldrson (Slashdot reader #78,598) has been part of the team verifying "The Hutter Prize for Lossless Compression of Human Knowledge," an ongoing challenge to compress a 100-MB excerpt of Wikipedia (approximately the amount a human can read in a lifetime). "The intention of this prize is to encourage development of intelligent compressors/programs as a path to Artificial General Intelligence," explains the project's web site. 15 years ago, Baldrson wrote a Slashdot post explaining the logic (titled "Compress Wikipedia and Win AI Prize"): The basic theory, for which Hutter provides a proof, is that after any set of observations the optimal move by an AI is find the smallest program that predicts those observations and then assume its environment is controlled by that program. Think of it as Ockham's Razor on steroids. The amount of the prize also increases based on how much compression is achieved. (So if you compress the 1GB file x% better than the current record, you'll receive x% of the prize...) The first prize was awarded in 2006. And now Baldrson writes: Kaido Orav has just improved 1.38% on the Hutter Prize for Lossless Compression of Human Knowledge with his "fx-cmix" entry. The competition seems to be heating up, with this winner coming a mere 6 months since the prior winner. This is all the more impressive since each improvement in the benchmark approaches the (unknown) minimum size called the Kolmogorov Complexity of the data.

Read more of this story at Slashdot.

Long-time Slashdot reader v3rgEz shared this report from MuckRock: Founded in 2003, Appin has been described as a cybersecurity company and an educational consulting firm. Appin was also, according to Reuters reporting and extensive marketing materials, a prolific "hacking for hire" service, stealing information from politicians and militaries as well as businesses and even unfaithful spouses. Legal letters, being sent to newsrooms and organizations around the world, are trying to remove that story from the internet — and are often succeeding. Reuters investigation, published in November, was based in part on corroborated marketing materials, detailing a range of "hacking for hire" services Appin provided. After publication, Reuters was targeted by a legal campaign to shut down critical reporting, an effort which expanded to target news organizations around the world, including MuckRock. With the help of the Electronic Frontier Foundation, MuckRock is now sharing more details on this effort while continuing to host materials the Association of Appin Training Centers has gone to great lengths to remove from the web. The original story, by Reuters' staff writers Raphael Satter, Zeba Siddiqui and Chris Bing, is no longer available on the Reuters website. Following a preliminary court ruling issued in New Delhi, the story has been replaced with an editor's note, stating that Reuters "stands by its reporting and plans to appeal the decision." The story has since been reposted on Distributed Denial of Secrets, while the primary source materials that Reuters reporters and editors used in their reporting are available on MuckRock's DocumentCloud service. Representatives of the company's founders denied the assertions in the Reuters story, insisting instead that rogue actors "were misusing the Appin name." TechDirt titled their article "Sorry Appin, We're Not Taking Down Our Article About Your Attempts To Silence Reporters." And Thursday the EFF wrote its own take on "a campaign of bullying and censorship seeking to wipe out stories about the mercenary hacking campaigns of a less well-known company, Appin Technology, in general, and the company's cofounder, Rajat Khare, in particular." These efforts follow a familiar pattern: obtain a court order in a friendly international jurisdiction and then misrepresent the force and substance of that order to bully publishers around the world to remove their stories. We are helping to push back on that effort, which seeks to transform a very limited and preliminary Indian court ruling into a global takedown order. We are representing Techdirt and MuckRock Foundation, two of the news entities asked to remove Appin-related content from their sites... On their behalf, we challenged the assertions that the Indian court either found the Reuters reporting to be inaccurate or that the order requires any entities other than Reuters and Google to do anything. We requested a response — so far, we have received nothing... At the time of this writing, more than 20 of those stories have been taken down by their respective publications, many at the request of an entity called "Association of Appin Training Centers (AOATC)...." It is not clear who is behind The Association of Appin Training Centers, but according to documents surfaced by Reuters, the organization didn't exist until after the lawsuit was filed against Reuters in Indian court.... If a relatively obscure company like AOATC or an oligarch like Rajat Khare can succeed in keeping their name out of the public discourse with strategic lawsuits, it sets a dangerous precedent for other larger, better-resourced, and more well-known companies such as Dark Matter or NSO Group to do the same. This would be a disaster for civil society, a disaster for security research, and a disaster for freedom of expression.

Read more of this story at Slashdot.

An anonymous Slashdot reader shared this report from SiliconANGLE: The Rust Foundation, which supports the development of the popular open-source Rust programming language... shared that Google LLC had made a $1 million contribution specifically earmarked for a C++/Rust interoperability effort known as the "Interop Initiative." The initiative aims to foster seamless integration between Rust and the widely used C++ programming language, addressing one of the significant barriers to Rust's adoption in legacy systems entrenched in C++ code. Rust has the ability to prevent common memory errors that plague C++ programs and offers a path toward more secure and reliable software systems. However, transitioning from C++ to Rust presents notable challenges, particularly for organizations with extensive C++ codebases. The Interop Initiative seeks to mitigate these challenges by facilitating smoother transitions and enabling organizations to leverage Rust's advantages without completely overhauling their existing systems. As part of the initiative, the Rust Foundation will collaborate closely with the Rust Project Leadership Council, stakeholders and member organizations to develop a comprehensive scope of work. The collaborative effort will focus on enhancing build system integration, exploring artificial intelligence-assisted code conversion techniques and expanding upon existing interoperability frameworks. By addressing these strategic areas, the initiative aims to accelerate the adoption of Rust across the software industry and hence contribute to advancing memory safety and reducing the prevalence of software vulnerabilities. A post on Google's security blog says they're excited to collaborate "to ensure that any additions made are suitable and address the challenges of Rust adoption that projects using C++ face. Improving memory safety across the software industry is one of the key technology challenges of our time, and we invite others across the community and industry to join us in working together to secure the open source ecosystem for everyone." The blog post also includes this quote from Google's VP of engineering, Android security and privacy. "Based on historical vulnerability density statistics, Rust has proactively prevented hundreds of vulnerabilities from impacting the Android ecosystem. This investment aims to expand the adoption of Rust across various components of the platform." The Register adds: Lars Bergstrom, director of Android platform tools and libraries and chair of the Rust Foundation Board, announced the grant and said that the funding will "improve the ability of Rust code to interoperate with existing legacy C++ codebases.... Integrating Rust today is possible where there is a fallback C API, but for high-performance and high-fidelity interoperability, improving the ability to work directly with C++ code is the single biggest initiative that will further the ability to adopt Rust...." According to Bergstrom, Google's most significant increase in the use of Rust has occurred in Android, where interoperability started receiving attention in 2021, although Rust is also being deployed elsewhere.... Bergstrom said that as of mid-2023, Google had more than 1,000 developers who had committed Rust code, adding that the ad giant recently released the training material it uses. "We also have a team working on building out interoperability," he added. "We hope that this team's work on addressing challenges specific to Google's codebases will complement the industry-wide investments from this new grant we've provided to the Rust Foundation." Google's grant matches a $1 million grant last November from Microsoft, which also committed $10 million in internal investment to make Rust a "first-class language in our engineering systems." The Google-bucks are expected to fund further interoperability efforts, along the lines of KDAB's bidirectional Rust and C++ bindings with Qt.

Read more of this story at Slashdot.

The world's biggest builder of recycling plants has teamed with a startup to install AI-powered systems for sorting recycling, reports the Washington Post. And now over the next few years, "The companies plan to retrofit thousands of recycling facilities around the world with computers that can analyze and identify every item that passes through a waste plant, they said Wednesday." "[S]orted" recyclables, particularly plastic, wind up contaminated with other forms of trash, according to Lokendra Pal, a professor of sustainable materials engineering at North Carolina State University... [W]aste plants don't catch everything. [AI startup] Greyparrot has already installed over 100 of its AI trash spotters in about 50 sorting facilities around the world, and [co-founder Ambarish] Mitra said as much as 30 percent of potentially recyclable material winds up getting lumped in with the trash that's headed for the landfill. Failing to recycle means companies have to make more things from scratch, including a lot of plastic from fossil fuels. Also, more waste ends up in landfills and incinerators, which belch greenhouse gases into the atmosphere and pollute their surroundings. Mitra said putting Greyparrot's AI tools in thousands of waste plants around the world can raise the percentage of glass, plastic, metal and paper that makes it to recycling facilities. "If we can move the needle by even 5 to 10 percent, that would be a phenomenal outcome on a planetary basis for greenhouse gas emissions and environmental impact," he said. Cutting contamination would make recycled materials more valuable and raise the chances that companies would use them to make new products, according to Reck. "If the AI and the robots potentially helped to increase the quality of the recycling stream, that's huge," she said... Greyparrot's device is, basically, a set of visual and infrared cameras hooked up to a computer, which monitors trash as it passes by on a conveyor belt and labels it under 70 categories, from loose bottle caps (not recyclable!) to books (sometimes recyclable!) to aluminum cans (recyclable!). Waste plants could connect these AI systems to sorting robots to help them separate trash from recyclables more accurately. They could also use the AI as a quality control system to measure how well they're sorting trash from recyclables. That could help plant managers tinker with their assembly lines to recover more recyclables, or verify that a bundle of recyclables is free of contaminants, which would allow them to sell for a higher price. GreyParrot's co-founder said their trash-spotting computers "could one day help regulators crack down on companies that produce tsunamis of non-recyclable packaging," according to the article. "The AI systems are so accurate, he said, that they can identify the brands on individual items. 'There could be insights that make them more accountable for ... the commitments they made to the public or to shareholders,' he said."

Read more of this story at Slashdot.

Last week Microsoft's Visual Studio Code editor suddenly stopped supporting Ubuntu 18.04 LTS. But now Microsoft "has announced a temporary reprieve for developers who use VS Code to connect to servers, clouds, container, and other devices running on Ubuntu 18.04 LTS," according to the blog OMG Ubuntu: Microsoft [had] pushed out an update to VS Code that bumps its glibc requirement, dropping support for Ubuntu 18.04 LTS (which uses an older version of glibc) in the process. Innocuous though it sounds, that move had a huge impact, leaving thousands of developers who use VS Code unable to connect to/work with devices running Ubuntu 18.04 LTS or other Linux distros using glibc 2.27, including RHEL 7, CentOS 7, and Amazon Linux 2. — "Screwed" was the term many of those affected used! Well, good news: Microsoft says it plans to release a 'recovery' update for VS Code soon. This will restore the ability for developers to use the text editor's remote dev tools to connect to/work with machines running Ubuntu 18.04 LTS and other, older Linux distros. But only for the next 12 months. "We hope this will provide the needed time for you and your companies to migrate to newer Linux distributions," Microsoft's senior product manager for VS Code posted on GitHub. He added that the software will "show the appropriate dialog and banner that you are connecting to an OS that is not supported by VS Code." (The updated was released on Thursday.) He also thanked developers for their feedback and "for sharing your passion for VS Code and sharing how it is being used to enable various scenarios." Thanks to Slashdot reader motang for sharing the article.

Read more of this story at Slashdot.

$7 trillion will buy you a helluva lotta fabs or every chip biz of consequence

Opinion OpenAI CEO Sam Altman's dream of establishing a network of chip factories to fuel the growth of AI may be much, much wilder than feared.…

An anonymous reader quotes a report from the San Francisco Standard: California would ban all plastic shopping bags in 2026 under a new bill announced Thursday in the state Legislature. California already bans thin plastic shopping bags at grocery stores and other shops, but shoppers at checkout can purchase bags made with a thicker plastic that purportedly makes them reusable and recyclable. Democratic state Sen. Catherine Blakespear said people are not reusing or recycling those bags. She points to a state study that found the amount of plastic shopping bags trashed per person grew from 8 pounds per year in 2004 to 11 pounds per year in 2021. "It shows that the plastic bag ban that we passed in this state in 2014 did not reduce the overall use of plastic. It actually resulted in a substantial increase in plastic," Blakespear, a Democrat from Encinitas, said Thursday. "We are literally choking our planet with plastic waste." While California's bag ban would apply statewide, it would only end up impacting about half the state's population, according to Mark Murray, lead advocate for the environmental advocacy group Californians Against Waste. That's because most of the state's major cities already ban these types of thicker plastic bags. But a state law passed in 2014 and approved by voters in a 2016 referendum bans cities from passing new laws restricting plastic bag use. If the Legislature passes this bill, it would be up to Democratic Gov. Gavin Newsom to decide whether to sign it into law. As San Francisco's mayor in 2007, Newsom signed the nation's first plastic bag ban.

Read more of this story at Slashdot.

Around The World in 84 days

It is 50 years this week since Skylab's final crew departed the station after a record-setting 84 days of flight.…

Gen Z is reviving the trend of reading physical books over digital ones, with a notable increase in library visits and book purchases, as evidenced by celebrities like Kaia Gerber and Kendall Jenner promoting literature and book clubs. The Guardian reports: This week the 22-year-old model Kaia Gerber launched her own book club, Library Science. Gerber, who this month appears on the cover of British Vogue alongside her supermodel mum, Cindy Crawford, describes it as "a platform for sharing books, featuring new writers, hosting conversations with artists we admire -- and continuing to build a community of people who are as excited about literature as I am." "Books have always been the great love of my life," she added. "Reading is so sexy." Gerber isn't alone. Last year in the UK 669m physical books were sold, the highest overall level ever recorded. Research from Nielsen BookData highlights that it is print books that gen Z favour, accounting for 80% of purchases from November 2021 to 2022. Libraries are also reporting an uptick in gen Z users who favour their quiet over noisy coffee shops. In the UK in-person visits are up 71%. While the BookTok charts -- a subsection of TikTok where avid readers post recommendations -- are regularly topped by fantasy and romance titles from authors such as Colleen Hoover, gen Z are reading a diverse range of genres. [...] "Overall we are seeing a move towards escapism through the rise in speculative fiction, romance and fantasy, but I think it would be a mistake to homogenise gen Z and say they're reading lighter," says the author and literary agent Abigail Bergstrom. "With the oversaturation and noise of the wild west digital landscape, they are also demanding higher standards, especially when it comes to the authority and expertise of a writer on a particular subject."

Read more of this story at Slashdot.

AI is here to stay though conversations won't necessarily replace queries

Interview Web search, long dominated by Google, is in play again, at least among incumbents and entrepreneurs if not frustrated web searchers.…

schwit1 quotes a report from Phys.Org: The Joint European Torus (JET), one of the world's largest and most powerful fusion machines, has demonstrated the ability to reliably generate fusion energy, while simultaneously setting a world record in energy output. These notable accomplishments represent a significant milestone in the field of fusion science and engineering. In JET's final deuterium-tritium experiments (DTE3), high fusion power was consistently produced for five seconds, resulting in a ground-breaking record of 69 megajoules using a mere 0.2 milligrams of fuel. JET is a tokamak, a design which uses powerful magnetic fields to confine a plasma in the shape of a doughnut. Most approaches to creating commercial fusion favor the use of two hydrogen variants -- deuterium and tritium. When deuterium and tritium fuse together they produce helium and vast amounts of energy, a reaction that will form the basis of future fusion powerplants. Dr. Fernanda Rimini, JET Senior Exploitation Manager, said, "We can reliably create fusion plasmas using the same fuel mixture to be used by commercial fusion energy powerplants, showcasing the advanced expertise developed over time." Professor Ambrogio Fasoli, Program Manager (CEO) at EUROfusion, said, "Our successful demonstration of operational scenarios for future fusion machines like ITER and DEMO, validated by the new energy record, instill greater confidence in the development of fusion energy. Beyond setting a new record, we achieved things we've never done before and deepened our understanding of fusion physics." Dr. Emmanuel Joffrin, EUROfusion Tokamak Exploitation Task Force Leader from CEA, said, "Not only did we demonstrate how to soften the intense heat flowing from the plasma to the exhaust, we also showed in JET how we can get the plasma edge into a stable state thus preventing bursts of energy reaching the wall. Both techniques are intended to protect the integrity of the walls of future machines. This is the first time that we've ever been able to test those scenarios in a deuterium-tritium environment."

Read more of this story at Slashdot.

Some useful indicators of compromise right here

More than 70,000 presumably legit websites have been hijacked and drafted into a network that crooks use to distribute malware, serve phishing pages, and share other dodgy stuff, according to researchers.…

An anonymous reader quotes a report from Wired: Death is coming for the old-school gas furnace -- and its killer is the humble heat pump. They're already outselling gas furnaces in the US, and now a coalition of states has signed an agreement to supercharge the gas-to-electric transition by making it as cheap and easy as possible for their residents to switch. Nine states have signed a memorandum of understanding that says that heat pumps should make up at least 65 percent of residential heating, air conditioning, and water-heating shipments by 2030. ("Shipments" here means systems manufactured, a proxy for how many are actually sold.) By 2040, these states -- California, Colorado, Maine, Maryland, Massachusetts, New Jersey, New York, Oregon, and Rhode Island -- are aiming for 90 percent of those shipments to be heat pumps. "It's a really strong signal from states that they're committed to accelerating this transition to zero-emissions residential buildings," says Emily Levin, senior policy adviser at the Northeast States for Coordinated Air Use Management (NESCAUM), an association of air-quality agencies, which facilitated the agreement. The states will collaborate, for instance, in pursuing federal funding, developing standards for the rollout of heat pumps, and laying out an overarching plan "with priority actions to support widespread electrification of residential buildings." Instead of burning planet-warming natural gas, a heat pump warms a building by transferring heat from the outdoor air into the interior space. Run it in the opposite direction, and it can cool the inside of a building -- a heat pump is both a heater and AC unit. Because the system is electric, it can run off a grid increasingly powered by renewables like wind and solar. Even if you have to run a heat pump with electricity from fossil-fuel power plants, it's much more efficient than a furnace, because it's moving heat instead of creating it. A heat pump can save an average American household over $550 a year, according to one estimate. They've gotten so efficient that even when it's freezing out, they can still extract warmth from the air to heat a home. You can even install a heat pump system that also warms your water. "These states are aiming to further collaborate with those heat pump manufacturers by tracking sales and overall progress, sending a signal to the industry to ramp up production to meet the ensuing demand," reports Wired. "They'll also collaborate with each other on research and generally share information, working toward the best strategies for realizing the transition from gas to electric." "Basically, they're pursuing a sort of standardization of the policies and regulations for getting more heat pumps built, bought, and installed, which other states outside of the coalition might eventually tap into."

Read more of this story at Slashdot.

Bazaar of Bezos buries bargains, allegedly

Amazon has been sued by two customers in the United States who claim the internet titan artificially inflates prices, hitting shoppers in the wallet.…

Clay Risen reports via the New York Times: David Kahn, whose 1967 book, "The Codebreakers," established him as the world's pre-eminent authority on cryptology -- the science of making and breaking secret codes -- died on Jan. 24 in the Bronx. He was 93. His son Michael said the death, at a senior-living facility, was from the long-term effects of a stroke in 2015. Before Mr. Kahn's book, cryptology itself was something of a secret. Despite an explosion in cryptological technology and techniques during the 20th century and the central role they played during World War II, the subject was typically overlooked by historians, if only because their possible sources were still highly classified. "Codebreaking is the most important form of secret intelligence in the world today," Mr. Kahn wrote in his book's preface. "Yet it has never had a chronicler." Over the course of more than 1,000 pages, along with some 150 pages of notes, Mr. Kahn laid out cryptology's long history, starting with ancient Egypt 4,000 years ago and proceeding through the French and American revolutions, the innovations wrought by the advent of the telegraph and telephone to the mid-20th century and the dawn of computer-assisted code breaking.

Read more of this story at Slashdot.

Longtime Slashdot reader theodp writes: Our goal," Amazon founder Jeff Bezos explained in a Feb. 2021 Instagram post announcing the location of a second tuition-free @BezosAcademy preschool in Tacoma, WA, "is to unlock the potential in kids to become creative leaders, original thinkers, and lifelong learners -- regardless of their zip code." Three years later, a new Amazon SEC filing reveals how much zip codes can matter, even to Bezos, the third richest person in the world. GeekWire reports: "A new Amazon [SEC] filing, detailing Jeff Bezos' plan to sell a slice of his stake in the company, sheds fresh light on his move from Seattle to Miami -- and his ability to avoid Washington state's capital gains tax [ironically, earmarked to be funneled into early-childhood education programs and school construction] in the process. The filing reveals that the Amazon founder and executive chairman adopted a trading plan Nov. 8 to sell up to 50 million Amazon shares during a period ending in January 2025. It would be the first time he has sold Amazon stock since 2021. The plan was adopted less than a week after Bezos announced on Instagram, on Nov. 2, that he was leaving his longtime home of Seattle for sunnier skies in Miami. In his Instagram post, Bezos said he wanted to be closer to his parents and Blue Origin space venture in Florida. He did not mention taxes." "Given Bezos' recent move out of Washington -- where he founded and built Amazon into a global behemoth -- he will also be saving around $600 million in tax expense if he ends up selling the maximum of 50 million shares under the plan, based on the company's current stock price. That's around $600 million in what would have otherwise been tax revenue for his former home state, as The Center Square reported Monday. The capital gains tax, passed in 2021, imposes a 7% tax on any gains of more than $250,000 from the sale of stocks and bonds, with some exceptions. It was challenged in court but ultimately ruled constitutional by the state Supreme Court last year. The tax brought in nearly $900 million in its first year of collection. Revenue goes toward early education and childcare programs, as well as school construction projects." It's of course no secret that Bezos is no fan of taxes -- he explored founding Amazon on an Indian reservation near San Francisco to avoid taxes, ponied up $100,000 to defeat a proposed WA state income tax aimed at improving WA state public education (joined in the fight by Microsoft and Steve Ballmer), characterized as unconstitutional attempts to make Amazon collect and pay sales taxes, and came under fire by ProPublica for paying no income tax in some years.

Read more of this story at Slashdot.

In a blog post today, Meta announced that it'll stop showing political content across Instagram and Threads unless users explicitly choose to have it recommended to them. The Verge reports: Meta announced that it's expanding an existing Reels policy that limits political content from people you're not following (including posts about social issues) from appearing in recommended feeds to more broadly cover the company's Threads and Instagram platforms. "Our goal is to preserve the ability for people to choose to interact with political content, while respecting each person's appetite for it," said Instagram head Adam Mosseri, announcing on Threads that the changes will be applied over the next few weeks. Facebook is also expected to roll out these new controls at a later, undisclosed date. Users who still want to have content "likely to mention governments, elections, or social topics that affect a group of people and/or society at large" recommended to them can choose to turn off this limitation within their account settings. The changes will apply to public accounts when enabled and only in places where content is being recommended, such as Explore, Reels, in-feed recommendations, and suggested users. The update won't change how users view content from accounts they choose to follow, so accounts that aren't eligible to be recommended can still post political content to their followers via their feed and Stories. For creators, Meta says that "if your account is not eligible to be recommended, none of your content will be recommended regardless of whether or not all of your content goes against our recommendations guidelines." When these changes do go live, professional accounts on Instagram will be able to use the Account Status feature to check if posting political content is impacting their eligibility for recommendation. Professional accounts can also use Account Status to contest decisions that revoke this eligibility, alongside editing, removing, or pausing politically related posts until the account is eligible to be recommended again.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: The maker of a popular smart ski and bike helmet has fixed a security flaw that allowed the easy real-time location tracking of anyone wearing its helmets. Livall makes internet-connected helmets that allow groups of skiers or bike riders to talk with each other using the helmet's in-built speaker and microphone, and share their real-time location in a friend's group using Livall's smartphone apps. Ken Munro, founder of U.K. cybersecurity testing firm Pen Test Partners, said Livall's smartphone apps had a simple flaw allowing easy access to any group's audio chats and location data. Munro says the two apps, one for skiers and one for bike riders, collectively have about a million users. At the heart of the bug, Munro found that anyone using Livall's apps for group audio chat and sharing their location must be part of the same friends group, which could be accessed using only that group's six-digit numeric code. "That 6-digit group code simply isn't random enough," Munro said in a blog post describing the flaw. "We could brute force all group IDs in a matter of minutes." In doing so, anyone could access any of the 1 million possible permutations of group chat codes. "As soon as one entered a valid group code, one joined the group automatically," said Munro, adding that this happened without alerting other group members. "It was therefore trivial to silently join any group, giving us access to any users' location and the ability to listen in to any group audio communications," said Munro. "The only way a rogue group user could be detected was if the legitimate user went to check on the members of that group." [...] In an email, Livall's R&D director Richard Yi explained that the company improved the randomness of group codes by also adding letters, and including alerts for new members joining groups. Yi also said the app now allows the shared location to be turned off at the user level.

Read more of this story at Slashdot.

The French offices of Chinese tech giant Huawei were raided by financial prosecutors this week, the company confirmed Friday. CNN reports: A French judicial source told CNN Thursday that the raid had been carried out as part of a preliminary probe launched by the financial prosecutor's office over alleged "breach of probity," a broad term concerning offenses such as acts of corruption, favoritism and influence peddling. The source did not provide any further details about the investigation. A preliminary investigation does not imply any wrongdoing. "Huawei has been in France for over 20 years, and has been in compliance with the laws and regulations applicable in the country. While Huawei France does not wish to comment on an ongoing investigation, the company remains confident about its conclusions," a spokesperson said.

Read more of this story at Slashdot.