According to Business Insider (paywalled), Microsoft's Copilot tool inadvertently let customers access sensitive information, such as CEO emails and HR documents. Now, Microsoft is working to fix the situation, deploying new tools and a guide to address the privacy concerns. The story was highlighted by Salesforce CEO Marc Benioff. From the report: These updates are designed "to identify and mitigate oversharing and ongoing governance concerns," the company said in a blueprint for Microsoft's 365 productivity software suite. [...] Copilot's magic -- its ability to create a 10-slide road-mapping presentation, or to summon a list of your company's most profitable products -- works by browsing and indexing all your company's internal information, like the web crawlers used by search engines. IT departments at some companies have set up lax permissions for who can access internal documents -- selecting "allow all" for the company's HR software, say, rather than going through the trouble of selecting specific users.

That didn't create much of a problem because there wasn't a tool that an average employee could use to identify and retrieve sensitive company documents -- until Copilot. As a result, some customers have deployed Copilot only to discover that it can let employees read an executive's inbox or access sensitive HR documents. "Now when Joe Blow logs into an account and kicks off Copilot, they can see everything," a Microsoft employee familiar with customer complaints said. "All of a sudden Joe Blow can see the CEO's emails."

[ Read more of this story ]( https://yro.slashdot.org/story/24/11/21/2315249/microsoft-copilot-customers-discover-it-can-let-them-read-hr-documents-ceo-emails?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Google is introducing "Restore Credentials," a feature that simplifies transferring app credentials when switching Android devices to keep you logged into your apps. The Verge reports: While some apps already did this, Google is making it easier for developers to include this experience by implementing a "restore key" that automatically transfers to the new phone and logs you back into the app. [...] Restore Credentials requires less work than the previous approach on Android, and can automatically check if a restore key is available and log you back in at the first app launch. A restore key is a public key that uses existing passkey infrastructure to move about your credentials.

Restore keys can also be backed up to the cloud, although developers can opt out. For that reason, transferring directly from device to device will still likely be more thorough than restoring from the cloud, as is the case with Apple devices today. Notably, Google says restore keys do not transfer if you delete an app and reinstall it.

[ Read more of this story ]( https://mobile.slashdot.org/story/24/11/21/2323246/androids-restore-credentials-feature-will-automatically-log-you-in-to-your-apps-on-a-new-phone?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Ars Technica: A federal court yesterday ruled against parents who sued a Massachusetts school district for punishing their son who used an artificial intelligence tool to complete an assignment. Dale and Jennifer Harris sued Hingham High School officials and the School Committee and sought a preliminary injunction requiring the school to change their son's grade and expunge the incident from his disciplinary record before he needs to submit college applications. The parents argued that there was no rule against using AI in the student handbook, but school officials said the student violated multiple policies.

The Harris' motion for an injunction was rejected in an order (PDF) issued yesterday from US District Court for the District of Massachusetts. US Magistrate Judge Paul Levenson found that school officials "have the better of the argument on both the facts and the law."

"On the facts, there is nothing in the preliminary factual record to suggest that HHS officials were hasty in concluding that RNH [the Harris' son, referred to by his initials] had cheated," Levenson wrote. "Nor were the consequences Defendants imposed so heavy-handed as to exceed Defendants' considerable discretion in such matters." "On the evidence currently before the Court, I detect no wrongdoing by Defendants," Levenson also wrote. "The manner in which RNH used Grammarly -- wholesale copying and pasting of language directly into the draft script that he submitted -- powerfully supports Defendants' conclusion that RNH knew that he was using AI in an impermissible fashion," Levenson wrote. While "the emergence of generative AI may present some nuanced challenges for educators, the issue here is not particularly nuanced, as there is no discernible pedagogical purpose in prompting Grammarly (or any other AI tool) to generate a script, regurgitating the output without citation, and claiming it as one's own work," the order said.

Levenson concluded with a quote from a 1988 Supreme Court ruling that said the education of youth "is primarily the responsibility of parents, teachers, and state and local school officials, and not of federal judges." According to Levenson, "This case well illustrates the good sense in that division of labor. The public interest here weighs in favor of Defendants."

[ Read more of this story ]( https://yro.slashdot.org/story/24/11/21/2330242/school-did-nothing-wrong-when-it-punished-student-for-using-ai-court-rules?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

China has overtaken Germany and Japan in terms of robot density, according to an annual report by the International Federation of Robotics (IFR). Reuters reports: South Korea is the world leader with 1,012 robots per 10,000 employees, up 5% since 2018, said the IFR. Singapore comes next, followed by China with 470 robots per 10,000 workers - more than double the density it had in 2019. That compares with 429 per 10,000 employees in Germany, which has had an annual growth rate of 5% since 2018, said IFR.

[ Read more of this story ]( https://hardware.slashdot.org/story/24/11/22/0333251/china-overtakes-germany-and-japan-in-robot-density?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The Register's Simon Sharwood reports: Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it. The Center's somewhat maudlin advice is motivated by recent incidents in which citizens struggled to cancel subscriptions their loved ones signed up for before their demise, because they didn't know their usernames or passwords. The resulting "digital legacy" can be unpleasant to resolve, the agency warns, so suggested four steps to simplify ensure our digital legacies aren't complicated:

- Ensuring family members can unlock your smartphone or computer in case of emergency;
- Maintain a list of your subscriptions, user IDs and passwords;
- Consider putting those details in a document intended to be made available when your life ends;
- Use a service that allows you to designate someone to have access to your smartphone and other accounts once your time on Earth ends.

The Center suggests now is the time for it to make this suggestion because it is aware of struggles to discover and resolve ongoing expenses after death. With smartphones ubiquitous, the org fears more people will find themselves unable to resolve their loved ones' digital affairs -- and powerless to stop their credit cards being charged for services the departed cannot consume.

[ Read more of this story ]( https://yro.slashdot.org/story/24/11/22/0340231/put-your-usernames-and-passwords-in-your-will-advises-japans-government?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Mozilla has warned that the Justice Department's proposed breakup of Google could harm independent web browsers, pushing back against a key element of the government's antitrust remedy.

The maker of Firefox browser said in a statement the DOJ's blanket ban on search revenue-sharing deals would disproportionately impact smaller players that rely on such agreements, while failing to meaningfully increase competition in search.

Firefox and similar browsers account for a small share of US search queries but provide crucial alternatives for privacy-conscious consumers, Mozilla said. The DOJ's wide-ranging proposal, submitted to a federal court in Washington, includes forcing Google to sell its Chrome browser and prohibiting the company from paying other firms to set Google as their default search engine.

The plan follows an August ruling that found Google illegally monopolized the search market. In a statement, Mozilla argued that rather than an outright prohibition on search agreements, remedies should focus on "addressing the barriers to competition and facilitating a marketplace that promotes competition and consumer choice."

[ Read more of this story ]( https://news.slashdot.org/story/24/11/22/1112255/mozilla-warns-dojs-google-breakup-plan-may-hurt-small-browser-makers?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from PYMNTS: The Justice Department's proposal to resolve its antitrust case over online search against Google reportedly would force the tech giant to unwind its partnership with artificial intelligence (AI) company Anthropic. A recommendation in the Justice Department's court filing Wednesday (Nov. 20) that Google be barred from partnerships with companies that control where consumers search for information, is intended to apply to the company's investment in Anthropic, Bloomberg reported Thursday (Nov. 21). [...]

It was reported in October 2023 that Google had invested $500 million in Anthropic and agreed to contribute another $1.5 billion over time. During that same month, PYMNTS reported that Anthropic's commitment to building and deploying what the company said are generative AI capabilities with stronger built-in guardrails, differentiated it from other foundational AI models on the market. On Tuesday (Nov. 19), the U.K.'s competition watchdog, the Competition and Markets Authority (CMA), cleared Google's partnership with Anthropic, saying that it had determined that the deal between the tech giant and the AI startup did not warrant additional investigation. "The CMA does not believe that Google has acquired material influence over Anthropic as a result of the partnership," the regulator said in its assessment of the arrangement. U.S. regulators also call for a sale of Google's Chrome browser and restrictions to prevent Android from favoring its own search engine.

"DOJ had a chance to propose remedies related to the issue in this case: search distribution agreements with Apple, Mozilla, smartphone OEMs and wireless carriers," Google said in a Thursday blog post. "Instead, DOJ chose to push a radical interventionist agenda that would harm Americans and America's global technology leadership."

[ Read more of this story ]( https://tech.slashdot.org/story/24/11/22/0351253/doj-antitrust-case-aims-to-undo-google-anthropic-partnership?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Apple's restrictions on mobile browsers are limiting innovation and holding back new features that could benefit iPhone users, according to provisional findings published today by the UK's Competition and Markets Authority (CMA). From a report: In its report, the CMA's independent inquiry group determined that Apple's Safari browser policies prevent competing browsers from implementing certain features, such as faster webpage loading technologies. The investigation also revealed that many UK app developers would prefer to offer progressive web apps as an alternative to App Store distribution, but Apple's current iOS limitations make this impractical.

Adding to competitive concerns, the regulator highlighted a revenue-sharing agreement between Apple and Google that "significantly reduces their financial incentives to compete" in the mobile browser space on iOS. The CMA also found that both companies can manipulate how users are presented with browser choices, making their own offerings appear as the clearest or easiest options.

[ Read more of this story ]( https://apple.slashdot.org/story/24/11/22/1413218/apples-browser-rules-stifle-innovation-on-ios-says-uk-regulator?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader shares a report: OpenAI is preparing to launch a frontal assault on Google. The ChatGPT owner recently considered developing a web browser that it would combine with its chatbot, and it has separately discussed or struck deals to power search features for travel, food, real estate and retail websites, according to people who have seen prototypes or designs of the products.

OpenAI has spoken about the search product with website and app developers such as Conde Nast, Redfin, Eventbrite and Priceline, these people said. OpenAI also has discussed powering artificial intelligence features on devices made by Samsung, a key Google business partner, similar to a deal OpenAI recently struck with Apple, according to people who were briefed about the situation at OpenAI.

[ Read more of this story ]( https://tech.slashdot.org/story/24/11/22/1421209/openai-considers-taking-on-google-with-browser?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Amazon said on Friday it will invest an additional $4 billion in AI startup Anthropic, following earlier investments of $4 billion made in September and March. As part of the deal, Amazon Web Services will become Anthropic's primary training partner, with the AI firm committing to use AWS's Trainium and Inferentia chips for future model development.

Anthropic operates the Claude large language model.

[ Read more of this story ]( https://slashdot.org/story/24/11/22/1552251/amazon-doubles-investment-in-ai-startup-anthropic-to-8-billion?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Damage to two undersea fiber-optic cables in the Baltic Sea this month points to growing vulnerability of critical submarine infrastructure, with German officials suspecting sabotage and Swedish police investigating a Chinese cargo vessel's involvement.

The incident highlights escalating risks to the global submarine cable network, which carries 99% of international telecommunications traffic through 530 cable systems spanning 850,000 miles. These garden hose-thick cables facilitate trillions in daily financial transactions and vital government communications.

Security experts warn that Russia has increased monitoring of undersea cables amid tensions over Ukraine. Taiwan reported 36 cable damages by foreign vessels since 2019, while Houthi rebels denied targeting Red Sea cables this year. Though most of the 100-plus annual cable faults are accidental, deliberate sabotage remains a concern. Repairs are costly, with new transatlantic cables running up to $250 million.

[ Read more of this story ]( https://tech.slashdot.org/story/24/11/22/1650214/how-the-worlds-vital-undersea-data-cables-are-being-targeted?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader shares a report: Plex is beginning to test its "newly reimagined Plex experience," which will be available first on mobile and is coming to TV platforms "very soon." Plex says the new experience has been in development for almost two years and is "designed to bring everything you love into one seamless interface." But don't worry -- while the new version of the app is currently missing some features, Plex says it will be "closing those gaps" and will keep the current app available during the preview, which will hopefully prevent a Sonos-like debacle.

A big change for the new app is redesigned navigation that more clearly delineates between media you might have on your Plex server and the company's streaming and on-demand offerings. The bottom bar has dedicated tabs for your media libraries, live TV, and on-demand movies and shows. The Watchlist, which lets you make a list of things you want to watch, has a spot at the top of the app. And artwork is shown more prominently.

[ Read more of this story ]( https://entertainment.slashdot.org/story/24/11/22/1757247/plexs-upcoming-app-redesign-is-a-big-swing-at-going-legit?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Microsoft has released a public preview of its redesigned Windows Recall feature, five months after withdrawing the original version due to security concerns. The feature will initially be available only on Qualcomm Snapdragon X Elite and Plus Copilot+ PCs running Windows Insider Dev channel build 26120.2415.

Recall, which continuously captures and indexes screenshots and text for later search, now includes mandatory encryption, opt-in activation, and Windows Hello authentication. The feature requires Secure Boot, BitLocker encryption, and attempts to automatically mask sensitive data like passwords and credit card numbers. The feature is exclusive to Copilot+ PCs equipped with neural processing units for local AI processing.

[ Read more of this story ]( https://it.slashdot.org/story/24/11/22/206216/microsofts-controversial-recall-scraper-is-finally-entering-public-preview?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Netflix is looking toward Discord for help in figuring out who, exactly, is leaking unreleased footage from some of its popular shows. From a report: The Northern District of California court issued a subpoena on Thursday to compel Discord to share information that can help identify a Discord user who's reportedly involved in leaking episodes and images from Netflix shows like Arcane and Squid Game.

Documents filed alongside the subpoena specifically call out an unreleased and copyrighted image from the second season of Squid Game, posted by a Discord user @jacejohns4n. In an interview linked on the user's now deleted X account, published on Telegram, the leaker claimed responsibility for the self-described "worst leak in streaming history," where episodes of Arcane, Heartstopper, Dandadan, Terminator Zero, and other shows were published online. Netflix confirmed in August that a post production studio was hacked.

[ Read more of this story ]( https://yro.slashdot.org/story/24/11/22/2013212/netflix-subpoenas-discord-to-id-alleged-arcane-squid-game-leaker?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Weeks after federal regulators announced a "click-to-cancel" rule for subscription businesses, a New York judge has ruled that SiriusXM made it too difficult for customers to end their service. Deadline: New York State Supreme Court Justice Lyle Frank's ruling, issued Thursday, upheld elements of a lawsuit filed against the satellite audio firm in 2023 by New York Attorney General Letitia James. In a post on X after Frank's ruling, she wrote that the company "illegally forced people to go through a long and burdensome process to simply cancel their subscriptions. We sued SiriusXM to protect people's wallets, and now, SiriusXM must simplify its cancellation process and stop taking advantage of New Yorkers."

[ Read more of this story ]( https://slashdot.org/story/24/11/22/2021233/siriusxm-made-it-too-tough-for-customers-to-end-their-subscriptions-ny-judge-rules?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Ars Technica: DirecTV is pulling out of an agreement to buy its satellite rival Dish after bondholders objected to terms of the deal. DirecTV issued an announcement last night saying "it has notified EchoStar of its election to terminate, effective as of 11:59 p.m., ET on Friday, November 22nd, 2024, the Equity Purchase Agreement (EPA) pursuant to which it had agreed to acquire EchoStar's video distribution business, Dish DBS."

In the deal announced on September 30, DirecTV was going to buy the Dish satellite TV and Sling TV streaming business from EchoStar for a nominal fee of $1. DirecTV would have taken on $9.75 billion of Dish debt if the transaction moved ahead. The deal did not include the Dish Network cellular business. Dish bondholders quickly objected to terms requiring them to take a loss on the value of their debt. DirecTV had said Dish notes would be exchanged with "a reduced principal amount of DirecTV debt which will have terms and collateral that mirror DirecTV's existing secured debt." The principal amount would have been reduced by at least $1.568 billion.

DirecTV last night said it is now exercising its right to terminate the acquisition because noteholders did not accept the exchange offer. "The termination of the Agreement follows Dish DBS noteholders' failure to agree to the proposed Exchange Debt Offer Terms issued by EchoStar, which was a condition of DirecTV's obligations to acquire Dish under the EPA," the press release said. DirecTV CEO Bill Morrow indicated his company wasn't willing to change the deal to satisfy Dish bondholders. "We have terminated the transaction because the proposed Exchange Terms were necessary to protect DirecTV's balance sheet and our operational flexibility," Morrow said.

[ Read more of this story ]( https://tech.slashdot.org/story/24/11/22/222244/directv-terminates-deal-to-buy-dish-satellite-business?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Baidu's new Apollo Go robotaxi brings significant advances in affordability and scalability that should make U.S. competitors like Waymo a bit nervous, according to The Verge's Andrew J. Hawkins. From the report: The RT6 is the sixth generation of Apollo Go's driverless vehicle, which made its official debut in May 2024. It's a purpose-built, Level 4 autonomous vehicle, meaning it's built without the need for a human driver. And here's the thing that should make US competitors nervous: adopting a battery-swapping solution, the price for one individual RT6 is "under $30,000," Baidu CEO Robin Li said in an earnings call. "All the strengths just mentioned above are driving us forward, paving the way to validate our business model," Li added. [...]

We still don't know the net effect of Baidu's cost improvements. But bringing down the upfront cost of each individual vehicle to below $30,000 will go a long way toward improving the company's unit economics, in which each vehicle brings in more money than it costs. There are still a lot of outstanding costs to consider, such as hardware depreciation and fleet maintenance, but from what Baidu is signaling, things are on the right track. From the looks of it, the company is passing those savings along to its customers. Base fares start as low as 4 yuan (around 55 cents), compared with 18 yuan (around $2.48) for a taxi driven by a human, according to state media outlet Global Times. Apollo Go said it has provided 988,000 rides across all of China in Q3 2024 -- a year-over-year growth of 20 percent. And cumulative public rides reached 8 million in October.

[ Read more of this story ]( https://tech.slashdot.org/story/24/11/22/2213210/baidus-supercheap-robotaxis-should-scare-the-hell-out-of-the-us?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The latest Steam client drops support for operating systems older than Windows 10 or macOS 10.15 Catalina. "That means Mac users can't run 32-bit games anymore, as all macOS versions from Catalina onward only run 64-bit binaries," reports The Register. From the report: [I]f you have a well-specified older Mac, here is another reason to check out Open Core Legacy Patcher. For now, macOS 10.15 Catalina will do but we suspect it won't for long. This version of Steam uses the equivalent to Chrome 126: "Updated embedded Chromium build in Steam to 126.0.6478.183." However, versions since Chrome 128 require macOS 11 or newer. For now, Catalina will work -- but the next significant Steam update will update Chromium as well, and there's a high probability that that will drop support for 10.15.

So, if you're using OCLP to install a newer macOS, you should probably go directly to Big Sur. In The Reg FOSS desk's testing, we found that Big Sur ran reasonably well on a machine with Intel HD 520 graphics, although the same hardware ran very poorly with macOS 12 Monterey. Unfortunately, the inevitable end is in sight for older Macs. That said, the November 2024 Steam client update brings several "wins," including a built-in Game Recording feature, an upgraded Chromium browser engine, and the new "Scout" Linux runtime environment for improved compatibility and performance, especially on the Steam Deck and Linux distros. Additionally, it delivers bug fixes and enhancements for modern OS users.

[ Read more of this story ]( https://tech.slashdot.org/story/24/11/22/2226201/steam-cuts-the-cord-for-legacy-windows-macos?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Reuters: Google has sued one of its former engineers in Texas federal court, accusing him of stealing trade secrets related to its chip designs and sharing them publicly on the internet. The lawsuit, filed on Tuesday (PDF), said that Harshit Roy "touted his dominion" over the secrets in social media posts, tagging competitors and making threatening statements to the company including "I need to take unethical means to get what I am entitled to" and "remember that empires fall and so will you."

Google hired Roy in 2020 to develop computer chips used in Google Pixel devices like smartphones. Google said in the lawsuit that Roy resigned in February and moved from Bangalore, India to the United States in August to attend a doctorate program at the University of Texas at Austin. According to the complaint, Roy began posting confidential Google information to his X account later that month along with "subversive text" directed at the company, such as "don't expect me to adhere to any confidentiality agreement." The posts included photographs of internal Google documents with specifications for Pixel processing chips.

The lawsuit said that Roy ignored Google's takedown requests and has posted additional trade secrets to X and LinkedIn since October. Google alleged that Roy tagged competitors Apple and Qualcomm in some of the posts, "presumably to maximize the potential harm of his disclosure." Google's complaint also said that several news outlets have published stories with confidential details about Google's devices based on the information that Roy leaked. Google asked the court for an unspecified amount of monetary damages and court orders blocking Roy from using or sharing its secrets.

[ Read more of this story ]( https://yro.slashdot.org/story/24/11/22/2235202/google-sues-ex-engineer-in-texas-over-leaked-pixel-chip-secrets?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

"Steven Adair, of cybersecurity firm Veloxity, revealed at the Cyberwarcon security conference how Russian hackers were able to daisy-chain as many as three separate Wi-Fi networks in their efforts to attack victims," writes Longtime Slashdot reader smooth wombat. Wired reports: Adair says that Volexity first began investigating the breach of its DC customer's network in the first months of 2022, when the company saw signs of repeated intrusions into the customer's systems by hackers who had carefully covered their tracks. Volexity's analysts eventually traced the compromise to a hijacked user's account connecting to a Wi-Fi access point in a far end of the building, in a conference room with external-facing windows. Adair says he personally scoured the area looking for the source of that connection. "I went there to physically run down what it could be. We looked at smart TVs, looked for devices in closets. Is someone in the parking lot? Is it a printer?" he says. "We came up dry."

Only after the next intrusion, when Volexity managed to get more complete logs of the hackers' traffic, did its analysts solve the mystery: The company found that the hijacked machine which the hackers were using to dig around in its customer's systems was leaking the name of the domain on which it was hosted -- in fact, the name of another organization just across the road. "At that point, it was 100 percent clear where it was coming from," Adair says. "It's not a car in the street. It's the building next door." With the cooperation of that neighbor, Volexity investigated that second organization's network and found that a certain laptop was the source of the street-jumping Wi-Fi intrusion. The hackers had penetrated that device, which was plugged into a dock connected to the local network via Ethernet, and then switched on its Wi-Fi, allowing it to act as a radio-based relay into the target network. Volexity found that, to break into that target's Wi-Fi, the hackers had used credentials they'd somehow obtained online but had apparently been unable to exploit elsewhere, likely due to two-factor authentication.

Volexity eventually tracked the hackers on that second network to two possible points of intrusion. The hackers appeared to have compromised a VPN appliance owned by the other organization. But they had also broken into the organization's Wi-Fi from another network's devices in the same building, suggesting that the hackers may have daisy-chained as many as three networks via Wi-Fi to reach their final target. "Who knows how many devices or networks they compromised and were doing this on," says Adair. Volexity had presumed early on in its investigation that the hackers were Russian in origin due to their targeting of individual staffers at the customer organization focused on Ukraine. Then in April, fully two years after the original intrusion, Microsoft warned of a vulnerability in Windows' print spooler that had been used by Russia's APT28 hacker group -- Microsoft refers to the group as Forest Blizzard -- to gain administrative privileges on target machines. Remnants left behind on the very first computer Volexity had analyzed in the Wi-Fi-based breach of its customer exactly matched that technique. "It was an exact one-to-one match," Adair says.

[ Read more of this story ]( https://mobile.slashdot.org/story/24/11/22/2331247/russian-spies-jumped-from-one-network-to-another-via-wi-fi?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Longtime Slashdot reader Geoffrey.landis writes: Economist Phillip Kobernick makes the case that the emphasis on fast-charging stations for electric vehicles in the U.S. is misplaced. According to an article from CleanTechnica, he argues that, from an economic standpoint, what we should be doing is installing more slow chargers. All thing equal, who wouldn't choose a 10-minute charge over a 3-hour charge or a 10-hour charge? But all things are not equal.

Superfast chargers are far more expensive than Level 2 chargers, and Level 2 chargers are also significantly more expensive than Level 1 charging infrastructure, which consists of normal electricity outlets. He points out that we get 4-7 times more charging capability installed for the same cost by going with Level 1 charging instead of Level 2. And given that people often just plug in their electric vehicles overnight, Level 1 charging can more than adequately provide what is needed in that time. The case is examined in a podcast on the site.

[ Read more of this story ]( https://hardware.slashdot.org/story/24/11/22/2343228/economist-makes-the-case-for-slow-level-1-ev-charging?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Longtime Slashdot reader mspohr shares a report from Gizmodo: Hackers for the Chinese government were able to deeply penetrate U.S. telecommunications infrastructure in ways that President Joe Biden's administration hasn't yet acknowledged, according to new reports from the Washington Post and New York Times. The hackers were able to listen to phone calls and read text messages, reportedly exploiting the system U.S. authorities use to wiretap Americans in criminal cases. The worst part? The networks are still compromised and it may take incredibly drastic measures to boot them from U.S. systems.

The hackers behind the infiltration of U.S. telecom infrastructure are known to Western intelligence agencies as Salt Typhoon, and this particular breach of U.S. equipment was first reported in early October by the Wall Street Journal. But Sen. Mark Warner, a Democrat from Virginia, spoke with the Washington Post and New York Times this week to warn the public that this is so much worse than we initially thought, dubbing it "the worst telecom hack in our nation's history." And those articles based on Warner's warnings were published late Thursday.

Hackers weren't able to monitor or intercept anything encrypted, according to the Times, which means that conversations over apps like Signal and Apple's iMessage were probably protected. But end-to-end encryption over texts between Apple devices and Android devices, for instance, aren't encrypted in the same way, meaning they were vulnerable to interception by Salt Typhoon, according to the Times. The details about how the hackers were able to push so deeply into U.S. systems are still scarce, but it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.

[ Read more of this story ]( https://yro.slashdot.org/story/24/11/22/2336254/china-wiretaps-americans-in-worst-hack-in-our-nations-history?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from VICE: It's early on a Sunday morning in late 1994, and you're shuffling your way through Fitzrovia in Central London, bloodstream still rushing after a long night at Bagley's. The sun comes up as you come down. You navigate side streets that you know like the back of your hand. But your hand's stamped with a party logo. And your brain's kaput. Coffee... yes, coffee. Good idea. Suddenly, you find yourself outside a teal blue cafe. Walking in is like entering an alien world; rows of club kids, tech heads, and game developers sit in front of desktops, lost in the primitive version of some new reality. Tentacular cables hang from the ceiling. Ambient techno reverberates from wall to wall. Cigarette smoke fills the air.

Welcome to Cyberia, the world's first internet cafe. Which, if you're too young to remember, are basically cafes with computers in them. It all began when Eva Pascoe, a Polish computing student living in London, crossed paths with Tim Berners Lee and other early internet mavericks at the dawn of the 90s. "I was very interested in cyberfeminism and wanted to figure out how women could reclaim tech," she recalls. The internet was still in its infancy. Diabolically slow dial-up modems only emerged around 1992; the World Wide Web was a pipe dream until 1993 and hardly anyone had the internet at home. But there wasn't just a lack of javascript; Eva remembers there being no good java, either. "There were no coffee shops in London," she says, which today seems ludicrous. "Just greasy spoons and everyone drank tea. I wanted a European-style cafe."

Linking up with like-minded pioneers David Rowe and husband and wife Keith and Gene Teare, Eva found a spot on the corner of Whitfield Street and launched Cyberia there in 1994. With Hackers-style aesthetics and futuristic furniture, it was based around a U-shaped layout that meant visitors could see each other's screens. "I wanted women to feel safe, because a lot of the stuff on the net was dodgy," she explains. Many of Eva's mates chipped in to help out -- architects, interior designers, graphic artists, publishers, and ravers among them.

And then there was the Amish community in Pennsylvania. Eva had to fly out there to negotiate for the "Cyberia.com" domain name they had bought. "It was a proper barn with horse carts and a wall of modems as they were running a bulletin board and an early ecommerce company. Apparently, there was always one family nominated to be the tech support," she remembers. Back in London, Cyberia quickly became a hotspot. "Virtually the second we opened, we had three lines deep around the block," she says. It's hard to imagine, but nowhere else in the world was doing what they were doing. It was the world's first cybercafe. "If you wanted to collect your emails, we were the only place in town," Eva says. Cyberia opened around 20 cafes worldwide, including branches in Bangkok, Paris, and Rotterdam. "For a fleeting moment it became like a sexier version of Richard Branson's Virgin empire: there was Cyberia Records, Cyberia Channel (a pioneering streaming service), Cyberia Payments, the Cyberia magazine, a Cyberia show on UK TV -- even a Cyberia wedding," writes VICE's Kyle MacNeill. He attended Cyberia's 30th birthday party in September and spoke with some of the cafe's original innovators, "shooting the shit about the good times and the not-so-good coffee."

[ Read more of this story ]( https://tech.slashdot.org/story/24/11/23/006233/remembering-cyberia-the-worlds-first-ever-cyber-cafe?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

A team of undergraduate students from the University of Southern California's Rocket Propulsion Lab set multiple amateur spaceflight records with their rocket, Aftershock II. "The student-made missile soared 90,000 feet (27,400 meters) beyond the previous record-holder -- a rocket launched more than 20 years ago," reports Live Science. From the report: The students launched Aftershock II on Oct. 20 from a site in Black Rock Desert, Nevada. The rocket stood about 14 feet (4 meters) tall and weighed 330 pounds (150 kilograms). The rocket broke the sound barrier just two seconds after liftoff and reached its maximum speed roughly 19 seconds after launch, the RPL team wrote in a Nov. 14 paper summarizing the launch. The rocket's engine then burned out, but the craft continued to climb as atmospheric resistance decreased, enabling it to leave Earth's atmosphere 85 seconds after launch and then reach its highest elevation, or apogee, 92 seconds later. At this point, the nose cone separated from the rest of the rocket and deployed a parachute so it could safely reenter the atmosphere and touch down in the desert, where it was collected by the RPL team for analysis.

The rocket's apogee was around 470,000 feet (143,300 m) above Earth's surface, which is "further into space than any non-governmental and non-commercial group has ever flown before," USC representatives wrote in a statement. The previous record of 380,000 feet (115,800 m) was set in 2004 by the GoFast rocket made by the Civilian Space Exploration Team. During the flight, Aftershock II reached a maximum speed of around 3,600 mph (5,800 km/h), or Mach 5.5 -- five and a half times the speed of sound. This was slightly faster than GoFast, which had also held the amateur speed record for 20 years.

But elevation and speed were not the only records Aftershock II broke. "This achievement represents several engineering firsts," Ryan Kraemer, an undergraduate mechanical engineering student at USC and executive engineer of the RPL team who will soon join SpaceX's Starship team, said in the statement. "Aftershock II is distinguished by the most powerful solid-propellant motor ever fired by students and the most powerful composite case motor made by amateurs."

[ Read more of this story ]( https://science.slashdot.org/story/24/11/23/0028234/student-built-rocket-breaks-multiple-20-year-spaceflight-records?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Neuralink, the brain chip startup founded by Elon Musk, says it has received approval to launch its first clinical trial in Canada for a device designed to give paralysed individuals the ability to use digital devices simply by thinking. Reuters reports: [T]he Canadian study aims to assess the safety and initial functionality of its implant which enables people with quadriplegia, or paralysis of all four limbs, to control external devices with their thoughts. Canada's University Health Network hospital said in a separate statement that its Toronto facility had been selected to perform the complex neurosurgical procedure. Neuralink has successfully implanted the device in two patients in the United States. One of the patients has been using it to play video games and learn how to design 3D objects.

[ Read more of this story ]( https://science.slashdot.org/story/24/11/23/0035224/neuralink-receives-canadian-approval-for-brain-chip-trial?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Longtime Slashdot reader theodp writes: Past corporate-sponsored Hour of Code tutorials for the nation's schoolchildren have blurred the lines between coding lessons and product infomercials. So too is the case again with this year's newly-announced Hour of Code 2024 flagship tutorials, which include Microsoft Minecraft, Amazon Music, and Transformers One movie-themed intros to coding. The press release announcing the tutorials from tech-backed nonprofit Code.org, which organizes the Hour of Code and counts Microsoft and Amazon as $30+ million donors, boasts of its "decade of partnership with [Microsoft] Minecraft this year, reaching more than 300 million sessions of Minecraft Hour of Code since 2015!"

Interestingly, The Transformers (Paramount Pictures, which released Transformers One in the U.S., is a $25,000+ Code.org donor) is cited as one of the OG's of children's Saturday morning cartoon advertising (aka 30-minute commercials) that prompted the Children's Television Act (CTA) of 1990, an act of Congress that ordered the FCC to put in place regulations to protect children from advertising. Throughout the 1980s, Action for Children's Television (ACT) criticized children's television programs that "blur(red) the distinction between program content and commercial speech."

[ Read more of this story ]( https://news.slashdot.org/story/24/11/23/0040245/is-the-hour-of-code-the-new-30-minute-saturday-morning-cartoon-commercial?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader shared this report from CNET:

Meta says it's taken down more than 2 million accounts this year linked to overseas criminal gangs behind scam operations that human rights activists say forced hundreds of thousands of people to work as scammers and cost victims worldwide billions of dollars.

In a Thursday blog post, the parent of Facebook, Instagram and WhatsApp says the pig butchering scam operations — based in Myanmar, Laos, Cambodia, the United Arab Emirates and the Philippines — use platforms like Facebook and Instagram; dating, messaging, crypto and other kinds of apps; and texts and emails, to globally target people... [T]he scammers strike up an online relationship with their victims and gain their trust. Then they move their conversations to crypto apps or scam websites and dupe victims into making bogus investments or otherwise handing over their money, Meta said. They'll ask the victims to deposit money, often in the form of cryptocurrency, into accounts, sometimes even letting the victims make small withdrawals, in order to add a veneer of legitimacy. But once the victim starts asking for their investment back, or it becomes clear they don't have any more money to deposit, the scammer disappears and takes the money with them.

And the people doing the scamming are often victims themselves. During the COVID-19 pandemic, criminal gangs began building scam centers in Southeast Asia, luring in often unsuspecting job seekers with what looked like amazing postings on local job boards and other platforms, then forcing them to work as scammers, often under the threat of physical harm. The scope of what's become a global problem is staggering. In a report issued in May, the US Institute of Peace estimates that at least 300,000 people are being forced to work, or are otherwise suffering human rights violations, inside these scam centers. The report also estimates global financial losses stemming from the scams at $64 billion in 2023, with the number of financial victims in the millions.
Meta says it has focused on investigating and disrupting the scam operations for more than two years, working with nongovernmental organizations and other tech companies, like OpenAI, Coinbase and dating-app operator Match Group, along with law enforcement in both the US and the countries where the centers are located.

Meta titled its blog post "Cracking Down On Organized Crime Behind Scam Centers," writing "We hope that sharing our insights will help inform our industry's defenses so we can collectively help protect people from criminal scammers."

[ Read more of this story ]( https://yro.slashdot.org/story/24/11/23/0356221/meta-removed-2-million-accounts-linked-to-organized-crime-pig-butching-scams?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

"The past 15 years were unique in ways that might be a bad predictor of our future," writes the Washington Post, with a surge in the number of internet users since 2010, and everyone spending more time online.

But today, "lots of smart people believe that artificial intelligence will upend how you find information. Googling is so yesterday."

Sam Altman, the top executive overseeing ChatGPT, has said that AI has a good shot at shoving aside Google search. Bill Gates predicted that emerging AI will do tasks like researching your ideal running shoes and automatically placing an order so you'll "never go to a search site again." In defending itself from a judge's decision that it runs an illegal monopoly, Google says the company might be roadkill as AI and other new technologies change how you find information. (On Wednesday, the U.S. government asked the judge to overhaul Google to undo its monopoly.)

But predictions of Google's looming obsolescence have been wrong before, which calls for humility in fortune-telling our collective technology habits. We're devilishly unpredictable.... Maybe it's right to extrapolate from how people are starting to use AI today. Or maybe that's the mistake that Jobs made when he said no one was searching on iPhones. It wasn't wrong in 2010, but it was within a few years. Or what if AI upends how billions of us find information and we still keep on Googling? "The notion that we can predict how these new technologies are going to evolve is silly," said David B. Yoffie, a Harvard Business School professor who has spent decades studying the technology industry.

Amit Mehta, the judge overseeing the Google monopoly case, formed his own view on AI moving us away from searching Google. "AI may someday fundamentally alter search, but not anytime soon," he said.

[ Read more of this story ]( https://tech.slashdot.org/story/24/11/23/0333202/will-ai-kill-google?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

"You can use any Linux distribution inside of the Windows Subsystem for Linux" Microsoft recently reminded Windows users, "even if it is not available in the Microsoft Store, by importing it with a tar file."

But being an official distro "makes it easier for Windows Subsystem for Linux users to install and discover it with actions like wsl --list --online and wsl --install," Microsoft pointed out this week. And "We're excited to announce that Red Hat will soon be delivering a Red Hat Enterprise Linux WSL distro image in the coming months..."

Thank you to the Red Hat team as their feedback has been invaluable as we built out this new architecture, and we're looking forwards to the release...! Ron Pacheco, senior director, Red Hat Enterprise Linux Ecosystem, Red Hat says:
"Developers have their preferred platforms for developing applications for multiple operating systems, and WSL is an important platform for many of them. Red Hat is committed to driving greater choice and flexibility for developers, which is why we're working closely with the Microsoft team to bring Red Hat Enterprise Linux, the largest commercially available open source Linux distribution, to all WSL users."
Read Pacheco's own blog post here.

But in addition Microsoft is also releasing "a new way to make WSL distros," they announced this week, "with a new architecture that backs how WSL distros are packaged and installed."

Up until now, you could make a WSL distro by either creating an appx package and distributing it via the Microsoft Store, or by importing a .tar file with wsl -import. We wanted to improve this by making it possible to create a WSL distro without needing to write Windows code, and for users to more easily install their distros from a file or network share which is common in enterprise scenarios... With the tar based architecture, you can start with the same .tar file (which can be an exported Linux container!) and just edit it to add details to make it a WSL distro... These options will describe key distro attributes, like the name of the distro, its icon in Windows, and its out of box experience (OOBE) which is what happens when you run WSL for the first time. You'll notice that the oobe_command option points to a file which is a Linux executable, meaning you can set up your full experience just in Linux if you wish.

[ Read more of this story ]( https://tech.slashdot.org/story/24/11/23/0251245/red-hat-is-becoming-an-official-microsoft-windows-subsystem-for-linux-distro?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Instead of focusing on chatbots, a new study reveals an automated way to breach LLM-driven robots "with 100 percent success," according to IEEE Spectrum. "By circumventing safety guardrails, researchers could manipulate self-driving systems into colliding with pedestrians and robot dogs into hunting for harmful places to detonate bombs..."

[The researchers] have developed RoboPAIR, an algorithm designed to attack any LLM-controlled robot. In experiments with three different robotic systems — the Go2; the wheeled ChatGPT-powered Clearpath Robotics Jackal; and Nvidia's open-source Dolphins LLM self-driving vehicle simulator. They found that RoboPAIR needed just days to achieve a 100 percent jailbreak rate against all three systems... RoboPAIR uses an attacker LLM to feed prompts to a target LLM. The attacker examines the responses from its target and adjusts its prompts until these commands can bypass the target's safety filters. RoboPAIR was equipped with the target robot's application programming interface (API) so that the attacker could format its prompts in a way that its target could execute as code. The scientists also added a "judge" LLM to RoboPAIR to ensure the attacker was generating prompts the target could actually perform given physical limitations, such as specific obstacles in the environment...

One finding the scientists found concerning was how jailbroken LLMs often went beyond complying with malicious prompts by actively offering suggestions. For example, when asked to locate weapons, a jailbroken robot described how common objects like desks and chairs could be used to bludgeon people.

The researchers stressed that prior to the public release of their work, they shared their findings with the manufacturers of the robots they studied, as well as leading AI companies. They also noted they are not suggesting that researchers stop using LLMs for robotics... "Strong defenses for malicious use-cases can only be designed after first identifying the strongest possible attacks," Robey says. He hopes their work "will lead to robust defenses for robots against jailbreaking attacks."
The article includes a reaction from Hakki Sevil, associate professor of intelligent systems and robotics at the University of West Florida. He concludes that the "lack of understanding of context of consequences" among even advanced LLMs "leads to the importance of human oversight in sensitive environments, especially in environments where safety is crucial." But a long-term solution could be LLMs with "situational awareness" that understand broader intent.

"Although developing context-aware LLM is challenging, it can be done by extensive, interdisciplinary future research combining AI, ethics, and behavioral modeling..."

Thanks to long-time Slashdot reader DesertNomad for sharing the article.

[ Read more of this story ]( https://hardware.slashdot.org/story/24/11/23/0513211/its-surprisingly-easy-to-jailbreak-llm-driven-robots?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Slashdot reader jjslash shared this report from TechSpot:

The SilverStone FLP01 made quite the impression when it was shared on X for April Fools' Day 2023. Loosely modeled after popular desktops from yesteryear like the NEC PC-9800 series, the chassis features dual 5.25-inch faux floppy bays that could stand to look a bit more realistic. Notably, the covers flip open to reveal access to a more modern (yet still legacy) optical drive and front I/O ports.

Modern-looking fan grills can be found on either side of the desktop, serving as yet another hint that the chassis is not as old at it appears on first glance. The grills look to be removable, and probably hold washable dust filters. Like early desktops, the system doubles as a stand for your monitor. The use of a green power LED up front helps round out the retro look; a red LED is used as a storage activity indicator.

[ Read more of this story ]( https://hardware.slashdot.org/story/24/11/23/0529232/silverstones-retro-beige-pc-case-turns-april-fools-joke-into-actual-product?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

CNN reports that investigators "are trying to crack the mystery of how two undersea internet cables in the Baltic Sea were cut within hours of each other." But there's now two competing viewpoints, "with European officials saying they believe the disruption was an act of sabotage and U.S. officials suggesting it was likely an accident."
The foreign ministers of Finland and Germany said in a joint statement that they were "deeply concerned" about the incident and raised the possibility that it was part of a "hybrid warfare," specifically mentioning Russia in their statement. Their assessment was not plucked out of thin air. Russia has been accused of waging a hybrid war against Europe after a string of suspicious incidents, arson attacks, explosions and other acts of sabotage across multiple European countries were traced back to Moscow. And the disruption to the cables came just weeks after the US warned that Moscow was likely to target critical undersea infrastructure. This followed months of suspicious movements of Russian vessels in European waters and the significant beefing up of a dedicated Russian secretive marine unit tasked with surveying the seabed...
But two US officials familiar with the initial assessment of the incident told CNN on Tuesday the damage was not believed to be deliberate activity by Russia or any other nation. Instead, the two officials told CNN they believed it likely caused by an anchor drag from a passing vessel. Such accidents have happened in the past, although not in a quick succession like the two on Sunday and Monday.

Cloudflare's blog also reminds readers that the two cable cuts resulted in little-to-no observable impact

Cloudflare attributes this largely to "the significant redundancy and resilience of Internet infrastructure in Europe." (Their Cloudflare Radar graphs show that after the Sweden-Lithuania cable cut "there was no apparent impact to traffic volumes in either country at the time that the cables were damaged.")

Telegeography's submarinecablemap.com illustrates, at least in part, the resilience in connectivity enjoyed by these two countries. In addition to the damaged cable, it shows that Lithuania is connected to neighboring Latvia as well as to the Swedish mainland. Over 20 submarine cables land in Sweden, connecting it to multiple countries across Europe. In addition to the submarine resilience, network providers in both countries can take advantage of terrestrial fiber connections to neighboring countries, such as those illustrated in a European network map from Arelion (formerly Telia), which is only one of the large European backbone providers.

Less than a day later, the C-Lion1 submarine cable, which connects Helsinki, Finland and Rostock Germany was reportedly damaged during the early morning hours of Monday, November 18... In this situation as well, as the Cloudflare Radar graphs below show, there was no apparent impact to traffic volumes in either country at the time that the cables were damaged...

Telegeography's submarinecablemap.com shows that both Finland and Germany also have significant redundancy and resilience from a submarine cable perspective, with over 10 cables landing in Finland, and nearly 10 landing in Germany, including Atlantic Crossing-1 (AC-1), which connects to the United States over two distinct paths. Terrestrial fiber maps from Arelion and eunetworks (as just two examples) show multiple redundant fiber routes within both countries, as well as cross-border routes to other neighboring countries, enabling more resilient Internet connectivity.

See also Does the Internet Route Around Damage?

[ Read more of this story ]( https://tech.slashdot.org/story/24/11/23/1953221/sabotage-or-accident-american-and-european-officials-disagree-on-what-caused-cuts-to-two-undersea-cables?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Meta wants to force Apple and Google to verify the ages of people downloading apps from their app stores, reports the Washington Post — and now Meta's campaign "is picking up momentum" with legislators in the U.S. Congress.

Federal and state lawmakers have recently proposed a raft of measures requiring that platforms such as Meta's Facebook and Instagram block users under a certain age from using their sites. The push has triggered fierce debate over the best way to ascertain how old users are online. Last year Meta threw its support behind legislation that would push those obligations onto app stores rather than individual app providers, like itself, as your regular host and Naomi Nix reported. While some states have considered the plan, it has not gained much traction in Washington.
That could be shifting. Two congressional Republicans are preparing a new age verification bill that places the burden on app stores, according to two people familiar with the matter, who spoke on the condition of anonymity to discuss the plans... The bill would be the first of its kind on Capitol Hill, where lawmakers have called for expanding guardrails for children amid concerns about the risks of social media but where political divisions have bogged down talks. The measure would give parents the right to sue an app store if their child was exposed to certain content, such as lewd or sexual material, according to a copy obtained by the Tech Brief. App stores could be protected against legal claims, however, if they took steps to protect children against harms, such as verifying their ages and giving parents the ability to block app downloads.
The article points out that U.S. lawmakers "have the power to set national standards that could override state efforts if they so choose..."

[ Read more of this story ]( https://apple.slashdot.org/story/24/11/23/0414258/meta-wants-apple-and-google-to-verify-the-age-of-app-downloaders?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

June, 2023: "Harvard Scholar Who Studies Honesty Is Accused of Fabricating Findings."
November, 2024: "The Business-School Scandal That Just Keeps Getting Bigger." A senior editor at the Atlantic raises the possibility of systemic dishonesty-rewarding incentives where "a study must be even flashier than all the other flashy findings if its authors want to stand out," writing that "More than a year since all of this began, the evidence of fraud has only multiplied."

And the suspect isn't just Francesca Gino, a Harvard Business School professor. One person deeply affected by all this is Gino's co-author, a business school professor from the University of California at Berkeley — Juliana Schroeder — who launched an audit of all 138 studies conducted by Francesca Gino (called "The Many Coauthors Project"):

Gino was accused of faking numbers in four published papers. Just days into her digging, Schroeder uncovered another paper that appeared to be affected — and it was one that she herself had helped write... The other main contributor was Alison Wood Brooks, a young professor and colleague of Gino's at Harvard Business School.... If Brooks did conduct this work and oversee its data, then Schroeder's audit had produced a dire twist. The Many Co-Authors Project was meant to suss out Gino's suspect work, and quarantine it from the rest... But now, to all appearances, Schroeder had uncovered crooked data that apparently weren't linked to Gino.... Like so many other scientific scandals, the one Schroeder had identified quickly sank into a swamp of closed-door reviews and taciturn committees. Schroeder says that Harvard Business School declined to investigate her evidence of data-tampering, citing a policy of not responding to allegations made more than six years after the misconduct is said to have occurred...

In the course of scouting out the edges of the cheating scandal in her field, Schroeder had uncovered yet another case of seeming science fraud. And this time, she'd blown the whistle on herself. That stunning revelation, unaccompanied by any posts on social media, had arrived in a muffled update to the Many Co-Authors Project website. Schroeder announced that she'd found "an issue" with one more paper that she'd produced with Gino... [Schroeder] said that the source of the error wasn't her. Her research assistants on the project may have caused the problem; Schroeder wonders if they got confused...

What feels out of reach is not so much the truth of any set of allegations, but their consequences. Gino has been placed on administrative leave, but in many other instances of suspected fraud, nothing happens. Both Brooks and Schroeder appear to be untouched. "The problem is that journal editors and institutions can be more concerned with their own prestige and reputation than finding out the truth," Dennis Tourish, at the University of Sussex Business School, told me. "It can be easier to hope that this all just goes away and blows over and that somebody else will deal with it...." [Tourish also published a 2019 book decrying "Fraud, Deception and Meaningless Research," which the article notes "cites a study finding that more than a third of surveyed editors at management journals say they've encountered fabricated or falsified data."] Maybe the situation in her field would eventually improve, [Schroeder] said. "The optimistic point is, in the long arc of things, we'll self-correct, even if we have no incentive to retract or take responsibility."

"Do you believe that?" I asked.

"On my optimistic days, I believe it."

"Is today an optimistic day?"

"Not really."

[ Read more of this story ]( https://science.slashdot.org/story/24/11/23/2151226/more-business-school-researchers-accused-of-fabricated-findings?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Microsoft-owned GitHub published a blog post asking "Does GitHub Copilot improve code quality? Here's what the data says."

Its first paragraph includes statistics from past studies — that GitHub Copilot has helped developers code up to 55% faster, leaving 88% of developers feeling more "in the flow" and 85% feeling more confident in their code.
But does it improve code quality?

[W]e recruited 202 [Python] developers with at least five years of experience. Half were randomly assigned GitHub Copilot access and the other half were instructed not to use any AI tools... We then evaluated the code with unit tests and with an expert review conducted by developers.
Our findings overall show that code authored with GitHub Copilot has increased functionality and improved readability, is of better quality, and receives higher approval rates... Developers with GitHub Copilot access had a 56% greater likelihood of passing all 10 unit tests in the study, indicating that GitHub Copilot helps developers write more functional code by a wide margin. In blind reviews, code written with GitHub Copilot had significantly fewer code readability errors, allowing developers to write 13.6% more lines of code, on average, without encountering readability problems. Readability improved by 3.62%, reliability by 2.94%, maintainability by 2.47%, and conciseness by 4.16%. All numbers were statistically significant... Developers were 5% more likely to approve code written with GitHub Copilot, meaning that such code is ready to be merged sooner, speeding up the time to fix bugs or deploy new features.

"While GitHub's reports have been positive, a few others haven't," reports Visual Studio magazine:

For example, a recent study from Uplevel Data Labs said, "Developers with Copilot access saw a significantly higher bug rate while their issue throughput remained consistent."
And earlier this year a "Coding on Copilot" whitepaper from GitClear said, "We find disconcerting trends for maintainability. Code churn — the percentage of lines that are reverted or updated less than two weeks after being authored — is projected to double in 2024 compared to its 2021, pre-AI baseline. We further find that the percentage of 'added code' and 'copy/pasted code' is increasing in proportion to 'updated,' 'deleted,' and 'moved 'code. In this regard, AI-generated code resembles an itinerant contributor, prone to violate the DRY-ness [don't repeat yourself] of the repos visited."

[ Read more of this story ]( https://developers.slashdot.org/story/24/11/23/1855203/does-github-copilot-improve-code-quality?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The Rust community has "recognized the unsafety of Rust (if used incorrectly)," according to a blog post by Amazon Web Services.
So now AWS and the Rust Foundation are "crowdsourcing an effort to verify the Rust standard library," according to an article at DevClass.com, "by setting out a series of challenges for devs and offering financial rewards for solutions..."

Rust includes ways to bypass its safety guarantees though, with the use of the "unsafe" keyword... The issue AWS highlights is that even if developers use only safe code, most applications still depend on the Rust standard library. AWS states that there are approximately 7.5K unsafe functions in the Rust Standard Library and notes that 57 "soundness issues" and 20 CVEs (Common Vulnerabilities and Exposures) have been reported in the last three years. [28% of the soundness issues were discovered in 2024.]

Marking a function as unsafe does not mean it is vulnerable, only that Rust does not guarantee its safety. AWS plans to reduce the risk by using tools and techniques for formal verification of key library code, but believes that "a single team would be unable to make significant inroads" for reasons including the lack of a verification mechanism in the Rust ecosystem and what it calls the "unknowns of scalable verification." The plan therefore is to turn this over to the community, by posing challenges and rewarding developers for solutions.... A GitHub repository provides a fork of the Rust code and includes a set of challenges, currently 13 of them... The Rust Foundation says that there is a financial reward tied to each challenge, and that the "challenge rewards committee is responsible for reviewing activity and dispensing rewards." How much will be paid though is not stated.
Despite the wide admiration for Rust, there is no formal specification for the language, an issue which impacts formal verification efforts.

Thanks to Slashdot reader sean-it-all for sharing the news.

[ Read more of this story ]( https://developers.slashdot.org/story/24/11/23/2327203/verify-the-rusts-standard-librarys-7500-unsafe-functions---and-win-financial-rewards?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

NBC News reports that a newly identified chemical byproduct "may be present in drinking water in about a third of U.S. homes, a study found."

"Scientists do not yet know whether the byproduct is dangerous. But some are worried that it could have toxic properties because of similarities to other chemicals of concern."

The newly identified substance, named "chloronitramide anion," is produced when water is treated with chloramine, a chemical formed by mixing chlorine and ammonia. Chloramine is often used to kill viruses and bacteria in municipal water treatment systems. Researchers said the existence of the byproduct was discovered about 40 years ago, but it was only identified now because analysis techniques have improved, which finally enabled scientists to determine the chemical's structure.
It could take years to figure out whether chloronitramide anion is dangerous — it's never been studied. The researchers reported their findings Thursday in the journal Science, in part to spur research to address safety concerns. The scientists said they have no hard evidence to suggest that the compound represents a danger, but that it bears similarities to other chemicals of concern. They think it deserves scrutiny because it's been detected so widely...
David Reckhow, a research professor in civil and environmental engineering at the University of Massachusetts, Amherst, who was not involved with the study, said the finding was an important step. The ultimate goal, he said, is understanding whether the substance is a hazard; he concurred that it was likely toxic. "It's a pretty small molecule and it can probably for that reason enter into biological systems and into cells. And it is still a reactive molecule," he said. "Those are the kinds of things you worry about."

"It's estimated more than 113 million people drink chloraminated processed water in the U.S.," according to a follow-up article by ABC News.
But they also include this quote from Dr. Stephanie Widmer, a board-certified medical toxicologist and emergency medicine physician. "The reality is that no one really knows too much about this chloronitramide and its impact on human health, and more research needs to be done. These disinfecting chemicals have been giving us clean drinking water for decades, so no reason to fear drinking water as a result of this study." Although ABC News tacks on this sentence.
"The study authors suggest, in general, adding a carbon filter to a sink or a standalone pitcher may be a good option for those concerned."

Thanks to long-time Slashdot reader Greymane for sharing the news.

[ Read more of this story ]( https://science.slashdot.org/story/24/11/24/0019202/potentially-toxic-chemical-byproduct-may-be-present-in-13-of-us-drinking-water?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Slashdot reader Bruce66423 shared this report from the Guardian:

Staff have resigned at Starling Bank after its new chief executive demanded thousands of workers attend its offices more frequently, despite lacking enough space to host them.

In his first major policy change since taking over from the UK digital bank's founder, Anne Boden, in March, Raman Bhatia has ordered all hybrid staff — many of whom were in the office only one or two days a week, or on an ad-hoc basis — to travel to work for a minimum of 10 days each month. But the bank, which operates online only, admitted that some of its offices would not be equipped to handle the influx... "We are considering ways in which we can create more space," an email sent by Starling's human resources team and seen by the Guardian said.

Starling has 3,231 staff, the vast majority of whom are in the UK with some also in Dublin. However, the Guardian understands that the bank has only about 900 desks, including 260 at its Cardiff site, 320 in its London headquarters and 155 in Southampton. The bank has a further 160 desks in its newest site in Manchester, where it has signed a 10-year lease to occupy the fifth floor of the Landmark building, which also houses Santander UK and HSBC staff... Some staff have already resigned over the "rushed" announcement, while others have threatened to do so...

The return to office announcement came a month after the Financial Conduct Authority hit Starling with a £29m fine after discovering "shockingly lax" controls that it said left the financial system "wide open to criminals". That included failures in its automated screening system for individuals facing government sanctions.
Starling Bank issued this statement to explain its reasoning. "By bringing colleagues together in person, our aim is to achieve greater collaboration that will benefit our customers as we enter Starling's next phase of growth."

The article also notes that the U.K. supermarket chain Asda "has also toughened its stance, making it compulsory for thousands of workers at its offices in Leeds and Leicester to spend at least three days a week at their desks from the new year."

[ Read more of this story ]( https://it.slashdot.org/story/24/11/24/0241229/bank-employees-resign-after-executive-demands-return-to-offices-without-space-for-everyone?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

"Scientists have found what seems to be the oldest direct evidence of hot water flowing on Mars during its ancient past," reports Space.com.

"The discovery could further indicate that the Red Planet, despite its arid and desolate appearance today, may have been capable of supporting life long ago."

The evidence was delivered to Earth and sealed within the well-known Martian meteorite NWA7034, found in the Sahara Desert in 2011. Due to its black, highly polished appearance, the Martian rock is also known as "Black Beauty." At an estimated 2 billion years old, Black Beauty is the second oldest Martian meteorite ever discovered. However, the Curtin University team discovered something even older within it: a 4.45 billion-year-old zircon grain that harbors the fingerprints of fluids rich in water.

Team member Aaron Cavosie from Curtin's School of Earth and Planetary Sciences thinks this discovery will open up new avenues to understanding hydrothermal systems associated with the activity of volcanic magma that once ran through Mars. "We used nano-scale geochemistry to detect elemental evidence of hot water on Mars 4.45 billion years ago," Cavosie said in a statement. "Hydrothermal systems were essential for the development of life on Earth, and our findings suggest Mars also had water, a key ingredient for habitable environments, during the earliest history of crust formation...."
[T]his new research implies that water in liquid form may have existed on Mars even earlier than previously expected in the planet's pre-Noachian period.

[ Read more of this story ]( https://science.slashdot.org/story/24/11/24/0337254/mars-meteorite-reveals-new-evidence-that-hot-water-flowed-on-ancient-mars?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

America's Justice Department "has ordered all consensual searches by drug enforcement agents conducted at the nation's airports stopped," reports Georgia's local TV station Atlanta News First — after their series of investigations "uncovered how the agents often search innocent passengers at airport gates, looking for cash."

On Thursday, the department made public a November 12, 2024, directive from the deputy attorney general to the U.S. Drug Enforcement Administration (DEA) that it suspend "all consensual encounters at mass transportation facilities unless they are either connected to an ongoing, predicated investigation involving one or more identified targets or criminal networks or approved by the DEA Administrator based on exigent circumstances." The management advisory memorandum was issued by DOJ Inspector General Michael Horowitz.

The memo specifically mentioned the case of an airline passenger interviewed by Atlanta News First Chief Investigator Brendan Keefe, author of the Atlanta News First investigation, In Plane Sight. The award-winning series uncovered how drug agents have been seizing anything over $5,000 if airline passengers can't prove — on the spot — that their own money didn't come from drug trafficking. The government seizes the cash when no drugs are found, without arresting the traveler or charging them with a crime, and the DEA gets to keep the money it seizes.

After witnessing the Atlanta News First series, the passenger in question — who was departing from Cincinnati and heading to New York, where he lives — refused consent to have his bags searched at the gate... "The DOJ Office of the Inspector General (OIG) further learned that the DEA Task Force Group selected this traveler for the encounter based on information provided by a DEA confidential source, who was an employee of a commercial airline, about travelers who had purchased tickets within 48 hours of the travel," the memo said. "The OIG learned that the DEA had been paying this employee a percentage of forfeited cash seized by the DEA office from passengers at the local airport when the seizure resulted from information the employee had provided to the DEA. The employee had received tens of thousands of dollars from the DEA over the past several years."
The news station's investigation "also revealed passengers selected for what the government calls 'random, consensual encounters' are actually profiled by the drug agents who search Black men far more often than any other group of passengers," according to the article.

"The reports analyzed data showing that, for drug agents to find just one passenger with money, they have to publicly search 10 departing passengers."

[ Read more of this story ]( https://yro.slashdot.org/story/24/11/24/0310249/americas-dea-ordered-to-stop-searching-random-travellers-at-airports---and-seizing-their-cash?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The GitHub Secure Open Source Fund launched this week with an initial commitment of $1.25 million, reports TechCrunch, using "capital from contributors including American Express, 1Password, Shopify, Stripe, and GitHub's own parent company Microsoft."

GitHub briefly teased the new initiative at its annual GitHub Universe developer conference last month, but Tuesday it announced full details and formally opened the program for applicants, which will be reviewed "on a rolling basis" through the closing date of January 7, 2025, with programming and funding starting shortly after...

Tuesday's news builds on a number of previous GitHub initiatives designed to support project maintainers that work on key components of critical software, including GitHub Sponsors which landed in 2019 (and which is powering the new fund), but more directly the GitHub Accelerator program that launched its first cohort last year — the GitHub Secure Open Source Fund is essentially an extension of that.

"We're trying to acknowledge the fact that we're the home of open source, ultimately, and we have an obligation to help ensure that open source can continue to thrive and have the support that it needs," GitHub Chief Operating Officer Kyle Daigle told TechCrunch in an interview. Qualifying projects can be pretty much any project that has an open source license, but of course GitHub will be looking at those that need the funds most — so Kubernetes can hold fire with its application. "We're looking for the outsized impact, which tends to be big projects with few maintainers that we all rely on," Daigle said.

The sum of $1.25 million might sound like a reasonable amount, but it will be split across 125 projects, which means just $10,000 each — better than nothing, for sure, but a drop in the ocean on the grand scheme of things. However, Daigle is quick to stress that money is only part of the prize here — as with the initial accelerator program, maintainers embark on a three-week program, which includes mentorship, certification, education workshops, and ongoing access to GitHub tools.

From GitHub's announcement:

Since introducing support for organizations through GitHub Sponsors, more than 5,800 organizations, including Microsoft and Stripe, have invested in maintainers and projects on GitHub, up nearly 40% YoY. Cumulatively, the platform has unlocked over $60 million in funding for maintainers to help them spend more time working on their projects.
But we know we're just scratching the surface when it comes to organizations and corporate support of open source. This summer, we partnered with the Linux Foundation and researchers from Laboratory for Innovation Science at Harvard (LISH) to learn more about the state of open source funding today. Diving in, we assessed organizations funding behaviors, potential misalignments, and opportunities to improve. In the report launched today, we found:

- Responding organizations annually invest $1.7 billion in open source, which can be extrapolated to estimate that approximately $7.7 billion is invested across the entire open source ecosystem annually.
- 86% of investment is in the form of contribution labor by employees and contractors working for the funding organization, with the remaining 14% being direct financial contributions.
- Organizations generally know how and where they contribute (65%) but lack specific clarity of their contributions (38%).
- Security efforts focus on bugs and maintenance; only a few (6%) said comprehensive security audits are a priority.
We all stand to benefit from unlocking more funding for open source. By tackling problems like open source security as an ecosystem, we believe we can help create more available funding and resources that are vital to the sustainability of open source. Not every open source project or maintainer has access to funding and training for security. That's why we created a fund that everyone potentially eligible can apply for...

This is the beginning of a journey into helping find ways to secure open source. On its own, it's not the answer, but we are confident it will help. We will be monitoring the impact of these investments and share what we learn as we go.

[ Read more of this story ]( https://news.slashdot.org/story/24/11/24/0414244/github-announces-new-open-source-fund-with-security-mentoring?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Back in the mid-1980s Mark Roth was in 5th grade when the game ChipWits "helped kindle his interest in coding," according to an online biography. ("By middle school, he wrote his first Commodore 64 assembler and by high school he authored a 3D Graphics library for DOS.")

And 40 years later, Slashdot reader markroth8 writes that the programming puzzle/logic game "inspired many people to become professional coders":

ChipWits was first released for Mac in 1984, and was later ported to Commodore 64 and Apple II in 1985. To celebrate the game's 40th anniversary, the team behind the new Steam reboot of ChipWits (including its original co-creator Doug Sharp, also of fame for the game King of Chicago) is announcing the recovery and open source release of the original game's source code, written in the FORTH programming language, for both Mac and Commodore 64 platforms.

Recovering data from 40-year old 5.25" and 3.5" disks was a challenge in and of itself, and most of the data survived unscathed! It's interesting to read the 40-year-old code, and compare it to modern game development.

"Our goal for open sourcing the original version of ChipWits is to ensure its legacy lives on," according to the announcement. (It adds that "We also wanted to share an appreciation for what cross-platform software development for 8-bit microcomputers was like in 1984.")

[ Read more of this story ]( https://news.slashdot.org/story/24/11/24/019242/macforth-code-for-1984-robot-coding-game-chipwits-from-1984-is-now-open-source?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

On November 24th, 1971 — 53 years ago today — a mysterious man jumped out of an airplane clutching $200,000 in ransom money. (He'd extorted it from the airline by claiming he had a bomb, and it's still "the only unsolved case of air piracy in the history of commercial aviation," according to Wikipedia.) Will modern technology finally let us solve the case — or just turn it into a miniseries on Netflix? And have online researchers finally discovered the definitive clue?

The FBI vetted more than 800 suspects, according to the Wyoming news site Cowboy State Daily, but in 2016 announced they were suspending their active investigation.

So it's newsworthy that the FBI now appears to be investigating new evidence, according to an amateur D.B. Cooper researcher on YouTube: the discovery of what's believed to be D.B. Cooper's uniquely-modified parachute:

Retired pilot, skydiver and YouTuber, Dan Gryder told Cowboy State Daily that he may have found the missing link after uncovering the modified military surplus bailout rig he believes was used by D.B. Cooper in the heist. It belonged to Richard Floyd McCoy II, and was carefully stored in his deceased mother's storage stash until very recently... McCoy's children, Chanté and Richard III, or "Rick," agree with Gryder that they believe their father was D.B. Cooper, a secret that shrouded the family but wasn't overtly discussed. For years, they said, the family stayed mum out of fear of implicating their mother, Karen, whom they believe was complicit in both hijackings. Upon her death in 2020, they broke their silence to Gryder after being contacted by him off and on for years.

Gryder, who has been researching the case for more than 20 years, documented his investigation in a lengthy two-part series on his YouTube channel, "Probable Cause," in 2021 and 2022, where he connects the dots and shows actual footage of him finding the parachute in an outbuilding on the McCoy family property in North Carolina in July 2022. On Monday, Gryder released a third video, "D.B. Cooper: Deep FBI Update," where he announced the FBI's new and very recent efforts in his discoveries. After watching his first two videos, Gryder said FBI agents contacted Rick and Gryder to see the parachute. It was the first investigative move by the agency since issuing the 2016 public statement, declaring the case closed pending new evidence. Gryder and Rick McCoy traveled to Richmond, Virginia, in September 2023, where they met with FBI agents, who took the harness and parachute into evidence along with a skydiving logbook found by Chanté that aligned with the timeline for both hijackings, providing another vital piece in the puzzle, Gryder said....

During the meeting, Gryder said the agents called it a first step. If the evidence proved fruitless, they would have promptly returned the skydiving rig, he said, but that didn't happen. Instead, an FBI agent called Rick a month later to ask to search the family property in Cove City, North Carolina, which McCoy's mother owned and where Gryder had found the parachute and canopy... [Gryder says he watched] at least seven vehicles descend on the property with more than a dozen agents who scoured the property for about four hours... Rick said he has provided a DNA sample and was told by the FBI agents that the next step might be exhuming his father's body, but no formal terms and conditions for that process have been established thus far, he said.
A retired commercial airline pilot who was present in the Virginia FBI meeting said "It was clear they were taking it seriously" — noting it was the FBI who'd requested that meeting. The article cites two FBI agents who'd earlier already believed D.B. Cooper was McCoy. And the article points out that the FBI "has never ruled McCoy out, stating in a 2006 statement that he was 'still a favorite suspect among many.'"

A second article notes that Gryder supports the FBI's recent request to exhume McCoy's body. As he sees it, "The existing DNA marker comparisons studied so far only validate the need for this final extreme step and should close the mystery once and for all."

And the article adds that McCoy's children are "eager for closure and hope that the FBI finds the evidence agents need to close the D.B. Cooper case once and for all."

[ Read more of this story ]( https://yro.slashdot.org/story/24/11/24/1815217/is-there-new-evidence-in-the-db-cooper-case?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Reddit's moderators drew some criticism after "locking" a discussion about C++ paper/proposal author Andrew Tomazos. The URL (in the post with the locked discussion) had led to a submission for Slashdot's queue of potential (but unpublished) stories, which nevertheless attracted 178 upvotes on Reddit and another 85 comments. That unpublished Slashdot submission was also submitted to Hacker News, where it drew another 38 upvotes but was also eventually flagged.

Back on Reddit's C++ subreddit (which has 300,000 members), a "direct appeal" was submitted to the moderators to unlock Reddit's earlier discussion (drawing over 100 upvotes). But there's one problem with this drama, as Slashdot reader brantondaveperson pointed out. "There appears to be no independent confirmation of this story anywhere. The only references to it are this Slashdot story, and a Reddit story. Neither cite sources or provide evidence." This drew a response from the person submitting the potential story to Slashdot:

You raise a valid point. The communication around this was private. The complaint about the [paper's] title, the author's response, and the decision to expel were all communicated by either private email, on private mailing lists or in private in-person meetings. These private communications could be quoted by participants in said communications. Please let us know if that would be sufficient.

The paper had already drawn some criticism in a longer blog post by programmer Izzy Muerte (which called it "a fucking cleaned up transcript of a ChatGPT conversation".) It's one of six papers submitted this year by Tomaszos to the ISO's "WG21" C++ committee. Tomazos (according to his LinkedIn profile) is "lead programmer" of videogame company Fury Games (founded by him and his wife). It also shows an earlier two-year stint as a Google senior software engineer.

There were two people claiming direct knowledge of the situation posting on Reddit. A user named kritzikratzi posted:

I contacted Andrew Tomazos directly. According to him the title "The Undefined Behavior Question" caused complaints inside WG21. The Standard C++ Foundation then offered two choices (1) change the paper title (2) be expelled. Andrew Tomazos chose (2).
A Reddit user Dragdu posted:
He wasn't expelled for that paper, but rather this was the last straw. And he wasn't banned from the [WG21] committee, that is borderline impossible, but rather the organization he was representing told him to fuck off and don't represent them anymore. If he can find different organization to represent, he can still attend... Tomazos has been on lot of people's shit list, because his contributions suck... He decided that the title is too important to his ViSiOn for the chatgpt BS submitted as a paper, and that he won't change the title. This was the straw that broke the camel's back and his "sponsor" told him to fuck off....

There was also some back-and-forth on Hacker News.
bun_terminator: r/cpp mods just woke up, banning everyone who question... this lunatic behavior.
(Reddit moderator): We did not go on a banning spree, we banned only one person, you. After removing the comment where you insulted someone, I checked your history, noticed that you did not meaningfully participate in r/cpp outside this thread, and decided to remove someone from the community who'd only be there to cause trouble.

[ Read more of this story ]( https://meta.slashdot.org/story/24/11/24/2055208/unpublished-slashdot-submission-dragged-into-reddit-drama-about-c-papers-title?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader shared this report from the New York Times:

Between the time [construction worker Florencio] Rendon applied for the coding boot camp and the time he graduated, what Mr. Rendon imagined as a "golden ticket" to a better life had expired. About 135,000 start-up and tech industry workers were laid off from their jobs, according to one count. At the same time, new artificial intelligence tools like ChatGPT, an online chatbot from OpenAI, which could be used as coding assistants, were quickly becoming mainstream, and the outlook for coding jobs was shifting. Mr. Rendon says he didn't land a single interview.

Coding boot camp graduates across the country are facing a similarly tough job market. In Philadelphia, Mal Durham, a lawyer who wanted to change careers, was about halfway through a part-time coding boot camp late last year when its organizers with the nonprofit Launchcode delivered disappointing news. "They said: 'Here is what the hiring metrics look like. Things are down. The number of opportunities is down,'" she said. "It was really disconcerting." In Boston, Dan Pickett, the founder of a boot camp called Launch Academy, decided in May to pause his courses indefinitely because his job placement rates, once as high as 90 percent, had dwindled to below 60 percent. "I loved what we were doing," he said. "We served the market. We changed a lot of lives. The team didn't want that to turn sour."

Compared with five years ago, the number of active job postings for software developers has dropped 56 percent, according to data compiled by CompTIA. For inexperienced developers, the plunge is an even worse 67 percent. "I would say this is the worst environment for entry-level jobs in tech, period, that I've seen in 25 years," said Venky Ganesan, a partner at the venture capital firm Menlo Ventures.

A Stack Overflow survey of 65,000 developers found that 60% had used AI coding tools this year, the article points out. And it includes two predictions about the future:

Armando Solar-Lezama, leader of MIT's Computer-Assisted Programming Group, "believes that A.I. tools are good news for programming careers. If coding becomes easier, he argues, we'll just make more, better software. We'll use it to solve problems that wouldn't have been worth the hassle previously, and standards will skyrocket."

Zach Sims, a co-founder of Codecademy, said of the job prospects for coding boot camp graduates" "I think it's pretty grim."

[ Read more of this story ]( https://news.slashdot.org/story/24/11/24/2159232/coding-boot-gamp-graduates-find-tough-prospects-in-an-ai-powered-world?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Microsoft's controversial "Recall" feature (in a public preview of Windows 11) already has some known issues, Microsoft admitted Friday. For example:
- Recall can be enabled or disabled from "Turn Windows features on or off". We are caching the Recall binaries on disk while we test add/remove. In a future update we will completely remove the binaries.

- You must have Secure Boot enabled for Recall to save snapshots.

- Some users experience a delay before snapshots first appear in the timeline while using their device. If snapshots do not appear after 5 minutes, reboot your device. If saving snapshots is enabled, but you see snapshots are no longer being saved, reboot your device.

- Clicking links within Recall to submit feedback may experience a delay in loading the Feedback Hub application. Be patient and it will display.

CNBC adds that according to Microsoft Recall "won't work with some accessibility programs, and if you specify that Recall shouldn't save content from a given website, it might get captured anyway while using the built-in Edge browser..." But those aren't the only issues CNBC noticed:

- While you might expect that your computer will be recording every last thing you look at once you've turned on Recall, it can go several minutes between making snapshots, leaving gaps in the timeline.

- Recall allows you to prevent screenshots from being made when you're accessing specific apps. But a few apps installed on my Surface Pro are not shown on that list.
- When you enter a search string to find words, results might be incomplete or incorrect. Recall clearly had two screen images that mention "Yankees," but when I typed that into the search box, only one of them came up as a text match. I typed in my last name, which appeared in eight images, but Recall produced just two text matches.

- Recall made a screenshot while I was scrolling through posts on social network BlueSky, and one contains a photo of a New York street scene. You can see a stoplight, a smokestack and street signs. I typed each of those into the search box, but Recall came up with no results...

- The search function is fast, but flipping through snapshots in Recall is not. It can take a couple of seconds to load screenshots as you swipe between them.

[ Read more of this story ]( https://tech.slashdot.org/story/24/11/24/2325257/microsofts-controversial-recall-feature-is-already-experiencing-some-issues?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

"At points there was fear the talks would implode, as groups representing vulnerable small island states and the least-developed countries walked out of negotiations Saturday," according to a new report from CNN.
But after weeks of international climate talks at COP29, "the world agreed to a new climate deal... "with wealthy countries pledging to provide $300 billion annually by 2035 to poorer countries to help them cope with the increasingly catastrophic impacts of the climate crisis."

The amount pledged, however, falls far short of the $1.3 trillion economists say is needed to help developing countries cope with a climate crisis they have done least to cause — and there has been a furious reaction from many developing countries. a fiery speech immediately after the gavel went down, India's representative Chandni Raina slammed the $300 billion as "abysmally poor" and a "paltry sum," calling the agreement "nothing more than an optical illusion" and unable to "address the enormity of the challenge we all face."

Others were equally damning in their criticism. We are leaving with a small portion of the funding climate-vulnerable countries urgently need," said Tina Stege, Marshall Islands climate envoy. Stege heavily criticized the talks as showing the "very worst of political opportunism." Fossil fuel interests "have been determined to block progress and undermine the multilateral goals we've worked to build," she said in a statement...

There was also a push for richer emerging economies such as China and Saudi Arabia to contribute to the climate funding package, but the agreement only "encourages" developing countries to make voluntary contributions, and places no obligations on them... Saudi Arabia, the world's top oil exporter, which has pushed against ambitious action at past climate summits, seemed even more emboldened in Baku, publicly and explicitly rejecting any reference to oil, coal and gas in the deal.

The package "is also being criticised as short-sighted from the richer world's perspective," notes the BBC:

The argument runs that if you want to keep the world safe from rising temperatures, then wealthier nations need to help emerging economies cut their emissions, because that is where 75% of the growth in emissions has occurred in the past decade.

But "Delegations more optimistic about the agreement said this deal is headed in the right direction," writes the Associated Press, "with hopes that more money flows in the future."

The text included a call for all parties to work together using "all public and private sources" to get closer to the $1.3 trillion per year goal by 2035. That means also pushing for international mega-banks, funded by taxpayer dollars, to help foot the bill. And it means, hopefully, that companies and private investors will follow suit on channeling cash toward climate action. The agreement is also a critical step toward helping countries on the receiving end create more ambitious targets to limit or cut emissions of heat-trapping gases.

[ Read more of this story ]( https://yro.slashdot.org/story/24/11/25/0145252/world-agrees-on-300b-climate-aid-financial-deal---after-cop29-summit-nearly-implodes?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Some days more than half of California's available solar power goes to waste, according to research from the California Institute for Energy and Environment. "In the last 12 months, California's solar farms have curtailed production of more than 3 million megawatt hours of solar energy," according to a data analysis by the Los Angeles Times — enough to power 518,000 California homes for a year.

And it was curtailed "either on the orders of the state's grid operator or because prices had plummeted because of the glut. The waste would have been even larger if California had not paid utilities in other states to take the excess solar energy, documents from the state's grid operator show."

That means green energy paid for by California electricity customers is sent away, lowering bills for residents of other states. Arizona's largest public utility reaped $69 million in savings last year by buying from the market California created to get rid of its excess solar power. The utility returned that money to its customers as a credit on their bills. Also reaping profits are electricity traders, including banks and hedge funds. The increasing oversupply of solar power has created a situation where energy traders can buy the excess at prices so low they become negative, said energy consultant Gary Ackerman, the former executive director of the Western Power Trading Forum. That means the solar plant is paying the traders to take it. "This is all being underwritten by California ratepayers," Ackerman said...

The solar glut also means higher electricity bills for Californians, since they are effectively paying to generate the power but not using it. California's electric rates are roughly twice the nation's average, with only Hawaii having higher rates. Rates at Southern California Edison and Pacific Gas & Electric increased by 51% over the last three years. "Ratepayers aren't getting the energy they've paid for," said Ron Miller, an energy industry consultant in Denver. He calculates that the retail value of the solar energy thrown away in a year would be more than $1 billion.

Gov. Gavin Newsom's advisors and those who manage the state's electric grid say they are working to reduce the curtailments, including by building more industrial-scale battery storage facilities that soak up the excess solar power during the day and then release it at night. Officials in the governor's office declined to be interviewed, but issued a statement saying the curtailments are often because of congestion on transmission lines, rather than a statewide oversupply of power. The state has been spending heavily to upgrade transmission lines to ease the congestion. "It's also important to have extra energy resources available that can help the state during periods of extreme weather and historic heatwaves when demand is particularly high, which have happened the past few years," the statement said...

The commercial solar industry contends that the expansion of storage capacity to bank solar power will eventually eliminate the glut.

[ Read more of this story ]( https://hardware.slashdot.org/story/24/11/25/0316224/solar-glut-half-of-californias-solar-power-sometimes-goes-to-waste-research-shows?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Craig Newmark "is alarmed about potential cybersecurity risks in the U.S.," according to Yahoo Finance. The 71-year-old Craigslist founder says "our country is under attack now" in a new interview with Yahoo Finance executive editor Brian Sozzi on his Opening Bid podcast.

But Newmark also revealed what he's doing about it:

[H]e started Craig Newmark Philanthropies to primarily invest in projects to protect critical American infrastructure from cyberattacks. He told Sozzi he is now spending $200 million more to address the issue, on top of an initial $100 million pledge revealed in September of this year. He encouraged other wealthy people to join him in the fight against cyberattacks. "I tell people, 'Hey, the people who protect us could use some help. The amounts of money comparatively are small, so why not help out,'" he said... The need for municipalities and other government entities to act rather than react remains paramount, warns Newmark. "I think a lot about this," said Newmark.

"I've started to fund networks of smart volunteers who can help people protect infrastructure, particularly [for] the small companies and utilities across the country who are responsible for most of our electrical and power supplies, transportation infrastructure, [and] food distribution.... A lot of these systems have no protection, so an adversary could just compromise them, saying unless you do what we need, we can start shutting off these things," he continued. Should that happen, recovery "could take weeks and weeks without your water supply or electricity."
A web page at Craig Newmark Philanthropies offers more details

Craig was part of the whole "duck and cover" thing, in the 50s and 60s, and realizes that we need civil defense in the cyber domain, "cyber civil defense." This is patriotism, for regular people.
He's committed $100 million to form a Cyber Civil Defense network of groups who are starting to protect the country from cyber threats. Attacks on our power grids, our cyber infrastructure and even the internet-connected gadgets and appliances in our homes are real. If people think that's alarmist, tell them to "Blame Craig." The core of Cyber Civil Defense [launched in 2022] includes groups like Aspen Digital, Global Cyber Alliance, and Consumer Reports, focusing on citizen cyber education and literacy, cyber tool development, and cybersecurity workforce programs aimed at diversifying the growing field.
It's already made significant investments in groups like the Ransomware Task Force and threat watchdog group Shadowserver Foundation...

[ Read more of this story ]( https://it.slashdot.org/story/24/11/25/0539244/craigslist-founder-gives-300m-to-fund-critical-us-infrastructure-cybersecurity?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

"Get your head examined. And get the fuck out of here with this shit." That's how Bcachefs developer Kent Overstreet ended a post on the Linux kernel mailing list.
This was followed by "insufficient action to restore the community's faith in having otherwise productive technical discussions without the fear of personal attacks," according to an official ruling by committee enforcing the kernel community's code of conduct. After formalizing an updated enforcement process for unacceptable behaviors, it then recommended that during the Linux 6.13 kernel development cycle, Overstreet's participation should be restricted (with his pull requests declined). Phoronix covered their ruling, and ItsFOSS and The Register offer some of the backstory.

Overstreet had already acknowledged that "Things really went off the rails (and I lost my cool, and earned the ire of the CoC committee)" in a 6,200-word blog post on his Patreon page. But he also emphasized that "I'm going to keep writing code no matter what. Things may turn into more of a hassle to actually get the code, but people who want to keep running bcachefs will always be able to (that's the beauty of open source, we can always fork), and I will keep supporting my users..."

More excerpts from Overstreet's blog post:

I got an emails from multiple people, including from Linus, to the effect of "trust me, you don't want to be known as an asshole — you should probably send him an apology"... Linus is a genuinely good guy: I know a lot of people reading this will have also seen our pull request arguments, so I specifically wanted to say that here: I think he and I do get under each other's skin, but those arguments are the kind of arguments you get between people who care deeply about their work and simply have different perspectives on the situation...

[M]y response was to say "no" to a public apology, for a variety of reasons: because this was the result of an ongoing situation that had now impacted two different teams and projects, and I think that issue needs attention — and I think there's broader issues at stake here, regarding the CoC board. But mostly, because that kind of thing feels like it ought to be kept personal... I'd like a better process that isn't so heavy handed for dealing with situations where tensions rise and communications break down. As for that process: just talk to people... [W]e're a community. We're not interchangeable cogs to be kicked out and replaced when someone is "causing a problem", we should be watching out for each other...

Another note that I was raising with the CoC is that a culture of dismissiveness, of finding ways to avoid the technical discussions we're supposed to be having, really is toxic, and moreso than mere flamewars... we really do need to be engaging properly with each other in order to do our work well.

After the official response from the committee, Overstreet responded on the kernel mailing list. "I do want to apologize for things getting this heated the other day, but I need to also tell you why I reacted the way I did... I do take correctness issues very seriously, and I will get frosty or genuinely angry if they're being ignored or brushed aside."

[ Read more of this story ]( https://linux.slashdot.org/story/24/11/25/0427242/flamewar-leads-to-declining-of-bcachefs-pull-requests-during-linux-613-kernel-development-cycle?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.