LinuxWebLog.com

The United States Senate is poised to vote on legislation this week that, for the next two years at least, could dramatically expand the number of businesses that the US government can force to eavesdrop on Americans without a warrant. From a report: Some of the nation's top legal experts on a controversial US spy program argue that the legislation, known as the Reforming Intelligence and Securing America Act (RISAA), would enhance the US government's spy powers, forcing a variety of new businesses to secretly eavesdrop on Americans' overseas calls, texts, and email messages. Those experts include a handful of attorneys who've had the rare opportunity to appear before the US government's secret surveillance court. The Section 702 program, authorized under the Foreign Intelligence Surveillance Act, or FISA, was established more than a decade ago to legalize the government's practice of forcing major telecommunications companies to eavesdrop on overseas calls in the wake of the September 11, 2001, terrorist attacks. On the one hand, the government claims that the program is designed to exclusively target foreign citizens who are physically located abroad; on the other, the government has fiercely defended its ability to access wiretaps of Americans' emails and phone conversations, often years after the fact and in cases unrelated to the reasons the wiretaps were ordered in the first place. The 702 program works by compelling the cooperation of US businesses defined by the government as "electronic communications service providers" -- traditionally phone and email providers such as AT&T and Google. Members of the House Intelligence Committee, whose leaders today largely serve as lobbyists for the US intelligence community in Congress, have been working to expand the definition of that term, enabling the government to force new categories of businesses to eavesdrop on the government's behalf.

Read more of this story at Slashdot.

UnitedHealth, parent company of ransomware-besieged Change Healthcare, says the total costs of tending to the February cyberattack for the first calendar quarter of 2024 currently stands at $872 million. From a report: That's on top of the amount in advance funding and interest-free loans UnitedHealth provided to support care providers reeling from the disruption, a sum said to be north of $6 billion. In its results for the quarter ended March 31, filed today, UnitedHealth stated that the total impact on the company from the attack in Q1 was $0.74 per share, which is expected to rise to a sum between $1.15 and $1.35 per share by the end of the year. The remediation efforts spent on the attack are ongoing, so the total costs related to business disruption and repairs are likely to exceed $1 billion over time, potentially including the reported $22 million payment made to the ALPHV/BlackCat-affiliated criminals behind the attack. It's a charge that eclipsed that of casino group MGM, which didn't pay a ransom following an attack on its systems last year, and which faces recovery costs of $100 million to rebuild its systems and paying for the fallout from outages, operational disruptions, allegedly leaked data and more.

Read more of this story at Slashdot.

Apple is opening up web distribution for iOS apps targeting users in the European Union starting Tuesday. Developers who opt in -- and who meet Apple's criteria, including app notarization requirements -- will be able to offer iPhone apps for direct download to EU users from their own websites. From a report: It's a massive change for a mobile ecosystem that otherwise bars so-called "sideloading." Apple's walled garden stance has enabled it to funnel essentially all iOS developer revenue through its own App Store in the past. But, in the EU, that moat is being dismantled as a result of new regulations that apply to the App Store and which the iPhone maker has been expected to comply with since early last month. In March, Apple announced that a web distribution entitlement would soon be coming to its mobile platform as part of changes aimed at complying with the bloc's Digital Markets Act (DMA). The pan-EU regulation puts a set of obligations on in-scope tech giants that lawmakers hope will level the competitive playing field for platforms' business users, as well as protecting consumers from Big Tech throwing its weight around.

Read more of this story at Slashdot.

The Justice Department is preparing to sue Live Nation as soon as next month [non-paywalled link], an antitrust challenge that could spur major changes at the biggest name in concert promotion and ticketing. WSJ: The agency is preparing to file an antitrust lawsuit against the Ticketmaster parent in the coming weeks that would allege the nation's biggest concert promoter has leveraged its dominance in a way that undermined competition for ticketing live events, according to people familiar with the matter. The specific claims the department would allege couldn't be learned. The federal government opted out of trying to block Live Nation and Ticketmaster's 2010 tie up. Since then, the company has faced accusations of exorbitant ticket fees, flawed customer service and anticompetitive practices from lawmakers, regulators and state attorneys general. Critics of the merger say it has stifled competition in ticketing and that the company should be broken up. Live Nation's size and power in concert promotion, ticketing and venues are at the heart of a Justice Department investigation that began in 2022. The investigation gained momentum in November 2022 after Ticketmaster crashed during a fan presale to Taylor Swift's "Eras Tour."

Read more of this story at Slashdot.

Robotics firm Boston Dynamics, owned by Hyundai, has retired its humanoid robot Atlas after a decade, despite significant funding pouring into the category. TechCrunch adds: Boston Dynamics has been focused on commercializing technologies for a number of years now. Hyundai's 2021 acquisition of the firm, coupled with the appointment of Rob Playter as its second-ever CEO, has further accelerated that path. Given the tremendous interest around companies like Agility, Figure, 1X and Apptronik, it stands to reason that -- at the very least -- the Waltham, Massachusetts-based company has -- at the very least -- seriously explored the commercial humanoid category. Boston Dynamics was, of course, well ahead of the current humanoid robotics curve. Last July marked the 10th anniversary of the bipedal robot's debut. The company teamed with DARPA for Atlas' early development, leading the robot to be heavily incorporated into challenges of the era.

Read more of this story at Slashdot.

Microsoft's Beijing-based research group published a new open source AI model on Tuesday, only to remove it from the internet hours later after the company realized that the model hadn't gone through adequate safety testing. From a report: The team that published the model, which is comprised of China-based researchers in Microsoft Research Asia, said in a tweet on Tuesday that they "accidentally missed" the safety testing step that Microsoft requires before models can be published. Microsoft's AI policies require that before any AI models can be published, they must be approved by the company's Deployment Safety Board, which tests whether the models can carry out harmful tasks such as creating violent or disturbing content, according to an employee familiar with the process. In a now-deleted blog post, the researchers behind the model, dubbed WizardLM-2, said that it could carry out tasks like generating text, suggesting code, translating between different languages, or solving some math problems.

Read more of this story at Slashdot.

Film data researcher Stepehen, writing on his blog: This may surprise some, but since 2000, just over half of all movies released have been original screenplays. The most common source for adapted screenplays was real-life events, accounting for almost a fifth of movies made between 2000 and 2023. (Typically, in these cases, the filmmakers will have paid for the rights to a nonfiction book or two that covered those events, but we will classify that as 'based on real-life events' in this analysis.) Other sources include fictional books/articles (8.9%), previous movies (11.8%), stage productions (including plays, musicals, and dance performances) (1.5%), and TV/Web shows (0.9%). In the chart below, 'Other' includes myths, legends, poems, songs, games, toys, and more. How has this changed over the years? Forty years ago, about the same proportion of movies being made were original screenplays as they are today. That's quite surprising -- both because I assume that many people expected it to be lower in recent years, but also because little stays the same in the film industry over such a long period of time. But when we look at a time series by year, we can see that it hadn't plateaued. During the late 1990s and 2000s, original screenplays declined markedly and only rose again in the 2010s.

Read more of this story at Slashdot.

SonicSpike shares a report: The quest to return rock materials from Mars to Earth to see if they contain traces of past life is going to go through a major overhaul. The US space agency says the current mission design can't return the samples before 2040 on the existing funds and the more realistic $11bn needed to make it happen is not sustainable. Nasa is going to canvas for cheaper, faster "out of the box" ideas. It hopes to have a solution on the drawing board later in the year. Returning rock samples from Mars is regarded as the single most important priority in planetary exploration, and has been for decades. Just as the Moon rocks brought home by Apollo astronauts revolutionised our understanding of early Solar System history, so materials from the Red Planet are likely to recast our thinking on the possibilities for life beyond Earth.

Read more of this story at Slashdot.

China's Baidu says its AI chatbot "Ernie Bot" has amassed more than 200 million users as it seeks to remain China's most popular ChatGPT-like chatbot amid increasingly fierce competition. From a report: The number of users has roughly doubled since the company's last update in December. The chatbot was released to the public eight months ago. Baidu CEO Robin Li also said Ernie Bot's API is being used 200 million times everyday, meaning the chatbot was requested by its user to conduct tasks that many times a day. The number of enterprise clients for the chatbot reached 85,000, Li said at a conference in Shenzhen.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Federal prosecutors indicted a Nebraska man on charges he perpetrated a cryptojacking scheme that defrauded two cloud providers -- one based in Seattle and the other in Redmond, Washington -- out of $3.5 million. The indictment, filed in US District Court for the Eastern District of New York and unsealed on Monday, charges Charles O. Parks III -- 45 of Omaha, Nebraska -- with wire fraud, money laundering, and engaging in unlawful monetary transactions in connection with the scheme. Parks has yet to enter a plea and is scheduled to make an initial appearance in federal court in Omaha on Tuesday. Parks was arrested last Friday. Prosecutors allege that Parks defrauded "two well-known providers of cloud computing services" of more than $3.5 million in computing resources to mine cryptocurrency. The indictment says the activity was in furtherance of a cryptojacking scheme, a term for crimes that generate digital coin through the acquisition of computing resources and electricity of others through fraud, hacking, or other illegal means. Details laid out in the indictment underscore the failed economics involved in the mining of most cryptocurrencies. The $3.5 million of computing resources yielded roughly $1 million worth of cryptocurrency. In the process, massive amounts of energy were consumed. [...] Prosecutors didn't say precisely how Parks was able to trick the providers into giving him elevated services, deferring unpaid payments, or failing to discover the allegedly fraudulent behavior. They also didn't identify either of the cloud providers by name. Based on the details, however, they are almost certainly Amazon Web Services and Microsoft Azure. If convicted on all charges, Parks faces as much as 30 years in prison.

Read more of this story at Slashdot.

YouTube has updated its policies to no longer allow "third-party apps to turn off ads." The Verge reports: This appears to target mobile ad blockers like AdGuard, which lets you open YouTube within the ad blocking app, where you'll get to view videos interruption-free. "We only allow third-party apps to use our API when they follow our API Services Terms of Service," YouTube says. "When we find an app that violates these terms, we will take appropriate action to protect our platform, creators, and viewers." To get around this, YouTube once again suggests signing up for the ad-free YouTube Premium.

Read more of this story at Slashdot.

The National Oceanic and Atmospheric Administration on Monday declared that Earth is in the midst of a "4th global coral bleaching event" that's been documented over the last 14 months in every major ocean basin, including off Florida in the United States, in Australia's Great Barrier Reef and in the South Pacific. "As the world's oceans continue to warm, coral bleaching is becoming more frequent and severe," said Derek Manzello, a coral reef ecologist who coordinates NOAA's Coral Reef Watch Program, in a news release. "When these events are sufficiently severe or prolonged, they can cause coral mortality, which hurts the people who depend on the coral reefs for their livelihoods." NBC News reports: Corals are critical ecosystems that support a vast array of fish and aquatic species, which help feed coastal communities and attract tourists. The economic value of reefs is estimated at $2.7 trillion per year, according to a 2020 report from the Global Coral Reef Monitoring Network. "They protect our coastline. They offer protection from storms and hurricanes. They have a great value for our economy and safety," [Ana Palacio, an assistant scientist at the Cooperative Institute for Marine and Atmospheric Studies, a research institute that is based at the University of Miami in partnership with NOAA] said. In Florida, as sea surface temperatures spiked, bleaching started early in the season, experts said. "Normally, bleaching will be observed in the Northern Hemisphere around August and September. We started to observe bleaching in July last year," said Phanor Montoya-Maya, a marine biologist with the Coral Restoration Foundation, an organization that collects, restores and repopulates corals. Palacio said the region saw widespread mortality of elkhorn and staghorn corals, two species that have been the focus of restoration efforts. "In some locations, about 20% of those populations survived," Palacio said of restored corals. "We're concentrating our hope on why those corals survived and what they can tell us about resistance and how corals can be more resilient." The last global coral bleaching event happened in 2014 and lasted until 2017. More than 56% of global reef areas saw temperatures that could cause bleaching during that time period. In an email on Monday, Manzello said that 54% of the world's coral reef areas had experienced bleaching-level heat stress in the past year and that the event was poised to become the worst bleaching event in history. "The percentage of reef areas experiencing bleaching-level heat stress has been increasing by roughly 1% per week," Manzello said. "It is likely that this event will surpass the previous peak." Montoya-Maya said a bleaching alert is already in effect in Florida, even earlier than last year. He said the Coral Restoration Foundation was preparing for a busy summer responding to another bleaching event. The natural pattern of El Nino has begun to dissipate and NOAA's Climate Prediction Center estimates there is a 60% chance La Niaa develops this summer, which could help cool Atlantic waters and allow some corals to recover, at least temporarily.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Electrek: In a major clean energy benchmark, wind, solar, and hydro exceeded 100% of demand on California's main grid for 30 of the past 38 days. Stanford University professor of civil and environmental engineering Mark Z. Jacobson has been tracking California's renewables performance, and he shares his findings on Twitter (X) when the state breaks records. Jacobson notes that supply exceeds demand for "0.25-6 h per day," and that's an important fact. The continuity lies not in renewables running the grid for the entire day but in the fact that it's happening on a consistent daily basis, which has never been achieved before. At the two-week record mark, Ian Magruder at Rewiring America made this great point on LinkedIn: "And what makes it even better is that California has the largest grid-connected battery storage facility in the world (came online in January ...), meaning those batteries were filling up with excess energy from the sun all afternoon today and are now deploying as we speak to offset a good chunk of the methane gas generation that California still uses overnight." On April 2, the California Independent System Operator (ISO) recommended 26 new transmission projects worth $6.1 billion, with a big number being devoted to offshore wind. In response, Jacobson predicted on April 4 that California will entirely be on renewables and battery storage 24/7 by 2035.

Read more of this story at Slashdot.

T-Mobile employees from around the country are reportedly receiving text messages offering them cash in exchange for swapping SIMs. SIM swapping is when cybercriminals trick a cellular service provider into switching a victim's service to a SIM card that they control, essentially hijacking the victim's phone number and gaining access to two-factor authentication codes. From the Mobile Report: The texts offer the employee $300 per SIM swap, and asks the worker to contact them on telegram. The texts all come from a variety of different numbers across multiple area codes, making it more difficult to block. The text also claims they acquired the employee's number "from the T-Mo employee directory." If true, it could mean T-Mobile's employee directory, with contact numbers, has somehow been accessed. It's also possible the bad actor has live/current access to this data, though we consider that less likely due to the fact that some impacted people are former employees who have not worked at the company in months. Still, the biggest issue here is how this person (or multiple people) obtained the employee phone numbers. We're not sure yet which employees are impacted, but based on comments online it seems at least a few third-party employees are affected, and we've independently confirmed current corporate employees have also received the message. Though we can't say for certain, this likely means the information is not the same data as what was leaked during the Connectivity Source breach [from September]. We can't, however, eliminate that possibility. As mentioned, there are reports that some of the contacted people are former employees, and haven't been employed at T-Mobile for months, so the information being acted upon is likely a few months old at the very least. That being said, we're pretty confident based on corporate employees being included that this is a different source of data being used.

Read more of this story at Slashdot.

Meta plans to "temporarily" shut down Threads in Turkey from April 29, in response to an interim injunction prohibiting data sharing with Instagram. TechCrunch reports: The Turkish Competition Authority (TCA), known as Rekabet Kurumu, noted on March 18 that its investigations found that Meta was abusing its dominant market position by combining the data of users who create Threads profiles with that of their Instagram account -- without giving users the choice to opt in. [...] In the buildup to April 29, everyone using Threads in Turkey will receive a notification about the impending closure, and they will be given a choice to either delete or deactivate their profile. The latter of these options means a user's profile can be resurrected when and if Threads is available in the country again. "We disagree with the interim order, we believe we are in compliance with all Turkish legal requirements, and we will appeal," Meta wrote in the blog post today. "The TCA's interim order leaves us with no choice but to temporarily shut down Threads in Turkiye. We will continue to constructively engage with the TCA and hope to bring Threads back to people in Turkiye as quickly as possible."

Read more of this story at Slashdot.

Adobe is using its Firefly machine learning model to bring generative AI video tools to Premiere Pro. "These new Firefly tools -- alongside some proposed third-party integrations with Runway, Pika Labs, and OpenAI's Sora models -- will allow Premiere Pro users to generate video and add or remove objects using text prompts (just like Photoshop's Generative Fill feature) and extend the length of video clips," reports The Verge. From the report: Unlike many of Adobe's previous Firefly-related announcements, no release date -- beta or otherwise -- has been established for the company's new video generation tools, only that they'll roll out "this year." And while the creative software giant showcased what its own video model is currently capable of in an early video demo, its plans to integrate Premiere Pro with AI models from other providers isn't a certainty. Adobe instead calls the third-party AI integrations in its video preview an "early exploration" of what these may look like "in the future." The idea is to provide Premiere Pro users with more choice, according to Adobe, allowing them to use models like Pika to extend shots or Sora or Runway AI when generating B-roll for their projects. Adobe also says its Content Credentials labels can be applied to these generated clips to identify which AI models have been used to generate them.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Washington Post: The Biden administration marked the close of tax season Monday by announcing it had met a modest goal of getting at least 100,000 taxpayers to file through the Internal Revenue Service's new tax software, Direct File -- an alternative to commercial tax preparers. Although the government had billed Direct File as a small-scale pilot, it still represents one of the most significant experiments in tax filing in decades -- a free platform letting Americans file online directly to the government. Monday's announcement aside, though, Direct File's success has proven highly subjective. By and large, people who tried the Direct File software -- which looks a lot like TurboTax or other commercial tax software, with its question-and-answer format -- gave it rave reviews. "Against all odds, the government has created an actually good piece of technology," a writer for the Atlantic marveled, describing himself as "giddy" as he used the website to chat live with a helpful IRS employee. The Post's Tech Friend columnist Shira Ovide called it "visible proof that government websites don't have to stink." Online, people tweeted praise after filing their taxes, like the user who called it the "easiest tax experience of my life." While the users might be a happy group, however, there weren't many of them compared to other tax filing options -- and their positive reviews likely won't budge the opposition that Direct File has faced from tax software companies and Republicans from the outset. These headwinds will likely continue if the IRS wants to renew it for another tax season. The program opened to the public midway through tax season, when many low-income filers had already claimed their refunds -- and was restricted to taxpayers in 12 states, with only four types of income (wages, interest, Social Security and unemployment). But it gained popularity as tax season went on: The Treasury Department said more than half of the total users of Direct File completed their returns during the last week.

Read more of this story at Slashdot.

Roku has made two-factor authentication (2FA) mandatory for all users following two credential stuffing attacks that compromised approximately 591,000 customer accounts and led to unauthorized purchases in fewer than 400 cases. The Register reports: Credential stuffing and password spraying are both fairly similar types of brute force attacks, but the former uses known pairs of credentials (usernames and passwords). The latter simply spams common passwords at known usernames in the hope one of them leads to an authenticated session. "There is no indication that Roku was the source of the account credentials used in these attacks or that Roku's systems were compromised in either incident," it said in an update to customers. "Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials." All accounts now require 2FA to be implemented, whether they were affected by the wave of compromises or not. Roku has more than 80 million active accounts, so only a minority were affected, and these have all been issued mandatory password resets. Compromised or not, all users are encouraged to create a strong, unique password for their accounts, consisting of at least eight characters, including a mix of numbers, symbols, and letter cases. [...] Roku also asked users to remain vigilant to suspicious activity regarding its service, such as phishing emails or clicking on dodgy links to rest passwords -- the usual stuff. "In closing, we sincerely regret that these incidents occurred and any disruption they may have caused," it said. "Your account security is a top priority, and we are committed to protecting your Roku account."

Read more of this story at Slashdot.

Michael Larabel reports via Phoronix: Within yesterday's Linux 6.9-rc4 release is an interesting little nugget by Linus Torvalds to battle Kconfig parsers that can't correctly handle tabs but rather just assume spaces for whitespace for this kernel configuration format. Due to a patch having been queued last week to replace a tab with a space character in the kernel tracing Kconfig file, Linus Torvalds decided to take matters into his own hand for Kconfig parsers that can't deal with tabs... Torvalds authored a patch to intentionally add some tabs of his own into Kconfig for throwing off any out-of-tree/third-party parsers that can't correctly handle them. Torvalds added these intentional hidden tabs to the common Kconfig file for handling page sizes for the kernel. Thus sure to cause dramatic and noticeable breakage for any parsers not having tabs correctly.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Dropout's Dungeons & Dragons actual play show, Dimension 20, is getting pretty close to selling out a 19,000-seat venue just hours after ticket sales opened to the general public. To the uninitiated, it may seem absurd to go to a massive sports arena and watch people play D&D. As one Redditor commented, "This boggles my mind. When I was playing D&D in the early eighties, I would have never believed that there was a future where people would watch live D&D at Madison Square Garden. It's incomprehensible to me." It is indeed bizarre, albeit fun. But in this monumental moment for the actual play genre, the triumph is eclipsed by the biggest frustration that links sports, music and now D&D fans: Ticketmaster. As Federal Trade Commission chair Lina Khan said amid the Taylor Swift-Ticketmaster scandal, the company's failures "ended up converting more Gen Zers into anti-monopolists overnight than anything [she] could have done." In the case of Taylor Swift's Eras tour, fans were upset because demand was so high that Ticketmaster's system couldn't handle the traffic. For Dimension 20, the culprit is Ticketmaster's dynamic pricing. As more people try to buy tickets, the price of the tickets increase. About an hour after the Madison Square Garden tickets went on sale, the few dozen upper bowl tickets left were $800. Three hours after, these tickets are around $330, which is still very inflated. "Went onto the presale, tickets were $500+ for the worst ones, we assumed they were scalpers and that the actual sale today would have normal priced tickets $2000 for the lower bowl!? I know it's not dropout setting the price but wow is that a LOT of cash," a Redditor posted. And as a commenter astutely pointed out, thanks to dynamic pricing, Ticketmaster itself is actually the scalper. Of course, Dimension 20 fans are frustrated, especially since the show's content is overtly anti-capitalist. Despite the pricing debacle, the demand for the show is a great sign for both actual play shows and the creator economy at large.

Read more of this story at Slashdot.