Anna's Archive, a meta-search engine for pirated books and other sources, faces monetary damages and a permanent injunction at a U.S. court. According to TorrentFreak, the operators of the site "failed to respond to a lawsuit filed by [Online Computer Library Center (OCLC)], after its WorldCat database was scraped and published online." From the report: The site launched in the fall of 2022, just days after Z-Library was targeted in a U.S. criminal crackdown, to ensure continued availability of 'free' books and articles to the broader public. Late last year, Anna's Archive expanded its offering by making information from OCLC's proprietary WorldCat database available online. The site's operators took more than a year to scrape several terabytes of data and published roughly 700 million unique records online, for free.

This 'metadata' heist was a massive breakthrough in the site's quest to archive as much published content as possible. However, OCLC wasn't pleased and responded with a lawsuit (PDF) at an Ohio federal court, accusing the site and its operators of hacking and demanding damages. The non-profit says that it spent more than a million dollars responding to Anna's Archive's alleged hacking efforts. Even then, it couldn't prevent the data from being released through a torrent. "Defendants, through the Anna's Archive domains, have made, and continue to make, all 2.2 TB of WorldCat data available for public download through its torrents," OCLC wrote in the complaint it filed in an Ohio federal court.

In the months that passed since then, the operators of Anna's Archive didn't respond in court. The only named defendant flat-out denied all connections to the site, and OCLC didn't receive any response from any of the official Anna's Archive email addresses that were served. Meanwhile, the pirate library continues to offer the WorldCat data, which is a major problem for the organization. Without the prospect of a two-sided legal battle, OCLC has now moved for a default judgment. [...] In addition to monetary damages, the non-profit also seeks injunctive relief. The motion doesn't specify the requested measures, but the original complaint sought an order that prevents Anna's Archive from scraping WorldCat data going forward. In addition, all previously scraped data should no longer be distributed. Instead, it should be destroyed in full, including all the torrents that are currently being offered.

After teasing support for the fediverse earlier this year, the newsletter platform and Substack rival Ghost has finally delivered. "Over the past few days, Ghost says it has achieved two major milestones in its move to become a federated service," reports TechCrunch. "Of note, it has federated its own newsletter, making it the first federated Ghost instance on the internet." From the report: Users can follow the newsletter through their preferred federated app at @index@activitypub.ghost.org, though the company warns there will be bugs and issues as it continues to work on the platform's integration with ActivityPub, the protocol that powers Mastodon and other federated apps. "Having multiple Ghost instances in production successfully running ActivityPub is a huge milestone for us because it means that for the first time, we're interacting with the wider fediverse. Not just theoretical local implementations and tests, but the real world wide social web," the company shared in its announcement of the news.

In addition, Ghost's ActivityPub GitHub repository is now fully open source. That means those interested in tracking Ghost's progress toward federation can follow its code changes in real time, and anyone else can learn from, modify, distribute or contribute to its work. Developers who want to collaborate with Ghost are also being invited to get involved following this move. By offering a federated version of the newsletter, readers will have more choices on how they want to subscribe. That is, instead of only being able to follow the newsletter via email or the web, they also can track it using RSS or ActivityPub-powered apps, like Mastodon and others. Ghost said it will also develop a way for sites with paid subscribers to manage access via ActivityPub, but that functionality hasn't yet rolled out with this initial test.

Serif, the design software developer behind Affinity, has introduced a six-month free trial for its creative suite, offering Affinity Photo, Designer, and Publisher on Mac, Windows PC, and iPad. This move, along with a 50% discount on perpetual licenses, aims to attract Adobe users and reassure them of Affinity's commitment to its one-time purchase pricing model despite its recent acquisition by Canva. The Verge reports: Affinity uses a one-time purchase pricing model that has earned it a loyal fanbase among creatives who are sick of paying for recurring subscriptions. Prices start at $69.99 for Affinity's individual desktop apps or $164.99 for the entire suite, with a separate deal currently offering customers 50 percent off all perpetual licenses.

This discount, alongside the six-month free trial, is potentially geared at soothing concerns that Affinity would change its pricing model after being acquired by Canva earlier this year. "We're saying 'try everything and pay nothing' because we understand making a change can be a big step, particularly for busy professionals," said Affinity CEO Ashley Hewson. "Anyone who takes the trial is under absolutely no obligation to buy."

An anonymous reader quotes a report from Fortune: On February 1st last year, Montana residents gawked upwards at a large white object hovering in the sky that looked to be another moon. The airborne object was in fact a Chinese spy balloon loaded with cameras, sensors, and other high-tech surveillance equipment, and it set off a nationwide panic as it drifted across the midwestern and southern United States. How much information the balloon gathered -- if any -- remains unknown, but the threat was deemed serious enough that an F-22 U.S. Air Force jet fired a Sidewinder missile at the unmanned balloon on a February afternoon, blasting it to pieces a few miles off the coast of South Carolina. At the same time that the eyes of Americans were fixed on the Chinese intruder in the sky, around 30 cars owned by Chinese companies and equipped with cameras and geospatial mapping technology were navigating the streets of greater Los Angeles, San Francisco, and San Jose. They collected detailed videos, audio recordings, and location data on their surroundings to chart out California's roads and develop their autonomous driving algorithms.

Since 2017, self-driving cars owned by Chinese companies have traversed 1.8 million miles of California alone, according to a Fortune analysis of the state's Department of Motor Vehicles data. As part of their basic functionality, these cars capture video of their surroundings and map the state's roads to within two centimeters of precision. Companies transfer that information from the cars to data centers, where they use it to train their self-driving systems. The cars are part of a state program that allows companies developing self-driving technology -- including Google-spinoff Waymo and Amazon-owned Zoox -- to test autonomous vehicles on public roads. Among the 35 companies approved to test by the California DMV, seven are wholly or partly China-based. Five of them drove on California roads last year: WeRide, Apollo, AutoX, Pony.ai, and DiDi Research America. Some Chinese companies are approved to test in Arizona and Texas as well.

Fitted with cameras, microphones, and sophisticated sensors, self-driving cars have long raised flags among privacy advocates. Matthew Guariglia, a policy analyst at the digital rights nonprofit Electronic Frontier Foundation, called self-driving cars "rolling surveillance devices" that passively collect massive amounts of information on Americans in plain sight. In the context of national security however, the data-hungry Chinese cars have received surprisingly little scrutiny. Some experts have compared them to Chinese-owned social media site TikTok, which has been subjected to a forced divestiture or ban on U.S. soil due to fears around its data collection practices threatening national security. The years-long condemnation of TikTok at the highest levels of the U.S. government has heightened the sense of distrust between the U.S. and China.

Some Chinese self-driving car companies appear to store U.S. data in China, according to privacy policies reviewed byFortune -- a situation that experts said effectively leaves the data accessible to the Chinese government. Depending on the type of information collected by the cars, the level of precision, and the frequency at which it's collected, the data could provide a foreign adversary with a treasure trove of intelligence that could be used for everything from mass surveillance to war planning, according to security experts who spoke withFortune. And yet, despite the sensitivity of the data, officials at the state and federal agencies overseeing the self-driving car testing acknowledge that they do not currently monitor, or have any process for checking, exactly what data the Chinese vehicles are collecting and what happens to the data after it is collected. Nor do they have any additional rules or policies in place for oversight of Chinese self-driving cars versus the cars in the program operated by American or European companies. "It is literally the wild, Wild West here," said Craig Singleton, director of the China program at the Foundation for Defense of Democracies, a conservative-leaning national security think tank. "There's no one in charge."

An anonymous reader quotes a report from Ars Technica: A bunch of eighth graders in a "wealthy Philadelphia suburb" recently targeted teachers with an extreme online harassment campaign that The New York Times reported was "the first known group TikTok attack of its kind by middle schoolers on their teachers in the United States." According to The Times, the Great Valley Middle School students created at least 22 fake accounts impersonating about 20 teachers in offensive ways. The fake accounts portrayed long-time, dedicated teachers sharing "pedophilia innuendo, racist memes," and homophobic posts, as well as posts fabricating "sexual hookups among teachers."

The Pennsylvania middle school's principal, Edward Souders, told parents in an email that the number of students creating the fake accounts was likely "small," but that hundreds of students piled on, leaving comments and following the fake accounts. Other students responsibly rushed to report the misconduct, though, Souders said. "I applaud the vast number of our students who have had the courage to come forward and report this behavior," Souders said, urging parents to "please take the time to engage your child in a conversation about the responsible use of social media and encourage them to report any instances of online impersonation or cyberbullying." Some students claimed that the group attack was a joke that went too far. Certain accounts impersonating teachers made benign posts, The Times reported, but other accounts risked harming respected teachers' reputations. When creating fake accounts, students sometimes used family photos that teachers had brought into their classrooms or scoured the Internet for photos shared online.

Following The Times' reporting, the superintendent of the Great Valley School District (GVSD), Daniel Goffredo, posted a message to the community describing the impact on teachers as "profound." One teacher told The Times that she felt "kicked in the stomach" by the students' "savage" behavior, while another accused students of slander and character assassination. Both were portrayed in fake posts with pedophilia innuendo. "I implore you also to use the summer to have conversations with your children about the responsible use of technology, especially social media," Goffredo said. "What seemingly feels like a joke has deep and long-lasting impacts, not just for the targeted person but for the students themselves. Our best defense is a collaborative one." Goffredo confirmed that the school district had explored legal responses to the group attack. But ultimately the district found that they were "limited" because "courts generally protect students' rights to off-campus free speech, including parodying or disparaging educators online -- unless the students' posts threaten others or disrupt school," The Times reported. Instead, the middle school "briefly suspended several students," teachers told The Times, and held an eighth-grade assembly raising awareness of harms of cyberbullying, inviting parents to join.

An anonymous reader writes: Google Maps is testing a new ad format that could cause distractions while driving. It brings up a pop-up notification during navigation that covers the bottom half of the screen with an unnecessary detour suggestion.

Anthony Higman on X (formerly Twitter) recently spotted the new ad format during their commute. According to Higman, the ad popped up while passing a Royal Farms gas station, even though they did not search for a gas station or convenience store while setting their destination. The ad has a Sponsored tag at the top of the card, followed by the name of the location, its review rating, and the estimated arrival time. It also includes two buttons to add it as a stop or cancel the suggestion.

Google plans to support its own long-term support (LTS) kernel releases for Android devices for four years, a move aimed at bolstering the security of the mobile operating system. This decision, reported by AndroidAuthority, comes in response to the Linux community's recent reduction of LTS support from six years to two years, a change that posed potential challenges for Android's security ecosystem.

The Android Common Kernel (ACK) branches, derived from upstream Linux LTS releases, form the basis of most Android devices' kernels. Google maintains these forks to incorporate Android-specific features and backport critical functionality. Regular updates to these kernels address vulnerabilities disclosed in monthly Android Security Bulletins. While the extended support period benefits Android users and manufacturers, it places significant demands on Linux kernel developers.

NATO is helping finance a project aimed at finding ways to keep the internet running should subsea cables shuttling civilian and military communications across European waters come under attack. From a report: Researchers, who include academics from the US, Iceland, Sweden and Switzerland, say they want to develop a way to seamlessly reroute internet traffic from subsea cables to satellite systems in the event of sabotage, or a natural disaster. The North Atlantic Treaty Organization's Science for Peace and Security Programme has approved a grant of as much as $433,600 for the $2.5 million project, and research institutions are providing in-kind contributions, documents seen by Bloomberg show.

Eyup Kuntay Turmus, adviser and program manager at the NATO program, confirmed the project was recently approved and said by email that implementation will start "very soon." The initiative, which hasn't yet been publicly announced, comes amid intensifying fears that Russia or China could mine, sever or otherwise tamper with undersea cables in an attempt to disrupt communications during a military crisis. Data carried through cables under the sea account for roughly $10 trillion worth of financial transactions every day, and nearly all of the NATO's internet traffic travels through them, according to the treaty organization. As a result, NATO has been ramping up efforts to protect cables over the course of the past several months.

The Internet Archive took a tumble overnight after "environmental factors" downed the Wayback Machine, leaving archive.org wobbling in a way that might bring a smile to the faces of certain publishers wishing for its demise. From a report: According to the organization, there was a "brief power outage in one of our datacenters," which was followed by "environmental factors," causing the service blackout. Those environmental factors are likely to be an increase in heat following a cooling outage. By this morning, The Internet Archive was reporting that things were back up and running again. However, some users (this writer included) are still experiencing the odd error or two when accessing the organization's services.

Remember those researchers who spent years training AI tools to analyze the reviews drivers left on the smartphone apps where they pay for EV charging?

There was one more unexpected finding. "Rideshare drivers who work for companies such as Uber are increasingly turning to electric vehicles to reduce fuel costs." That trend is boosting demand for conveniently located, publicly accessible EV chargers... "They are mostly relying on public chargers for their daily Uber needs, usually every day or every couple of days, which dramatically increases electric vehicle miles traveled," [climate fellow Omar Asensio told the Institute's blog], explaining that many drivers live in apartments that lack garages or space for a residential EV charger. Uber CEO Dara Khosrowshahi considers the issue so pressing he urged U.S. policymakers to accelerate plans to improve the nation's EV charging infrastructure in a Fast Co. op-ed in January — during the World Economic Forum in Davos, when media messaging can influence policymakers.

Independent Uber drivers, Khosrowshahi said, are converting to electric vehicles seven times faster than the general public and they tend to be disproportionately from low- and middle-income households that need access to public charging stations. "Charging infrastructure must be more equitable," Khosrowshahi wrote. "Many drivers don't have driveways or garages, so access to nearby overnight charging is essential. Yet our data shows us that Uber drivers often live in neighborhoods lacking this infrastructure. These 'charging deserts' hold countless people back from making the switch."

"Many bike riders are hopeful about a world of robot drivers that never experience road rage or get distracted by their phones," reports the Washington Post. "But some resent being guinea pigs for driverless vehicles that veer into bike lanes, suddenly stop short and confuse cyclists trying to navigate around them.

"In more than a dozen complaints submitted to the DMV, cyclists describe upsetting near misses and close calls... " Of the nearly 200 California DMV complaints analyzed by The Post, about 60 percent involved Cruise vehicles; the rest mostly involved Waymo. About a third describe erratic or reckless driving, while another third document near misses with pedestrians. The remainder involve reports of autonomous cars blocking traffic and disobeying road markings or traffic signals... Only 17 complaints involved bicyclists or bike lane disruptions. But interviews with cyclists suggest the DMV complaints represent a fraction of bikers' negative interactions with self-driving vehicles. And while most of the complaints describe relatively minor incidents, they raise questions about corporate boasts that the cars are safer than human drivers, said Christopher White, executive director of the San Francisco Bike Coalition... Robot cars could one day make roads safer, White said, "but we don't yet see the tech fully living up to the promise. ... The companies are talking about it as a much safer alternative to people driving. If that's the promise that they're making, then they have to live up to it...."

Many bicycle safety advocates support the mission of autonomous vehicles, optimistic the technology will cut injuries and deaths. They are quick to point out the carnage associated with human-driven cars: There were 2,520 collisions in San Francisco involving at least one cyclist from 2017 to 2022, according to state data analyzed by local law firm Walkup, Melodia, Kelly & Schoenberger. In those crashes, 10 cyclists died and another 243 riders were severely injured, the law firm found. Nationally, there were 1,105 cyclists killed by drivers in 2022, according to NHTSA, the highest on record...

Meanwhile, the fraction of complaints to the DMV related to bicycles demonstrates the shaky relationship between self-driving cars and cyclists. In April 2023, a Waymo edged into a crosswalk, confusing a cyclist and causing him to crash and fracture his elbow, according to the complaint filed by the cyclist. Then, in August — days after the state approved an expansion of these vehicles — a Cruise car allegedly made a right turn that cut off a cyclist. The rider attempted to stop but then flipped over their bike. "It clearly didn't react or see me!" the complaint said.

Even if self-driving cars are proven to be safer than human drivers, they should still receive extra scrutiny and aren't the only way to make roads safer, several cyclists said.
Thanks to Slashdot reader echo123 for sharing the article.

Its FOSS writes: When it comes to Linux, we get to see some really cool, and sometimes quirky projects (read Hannah Montana Linux) that try to show off what's possible, and that's not a bad thing. One such quirky undertaking has recently surfaced, which sees a sophomore trying to one-up their friend, who had booted Linux off NFS. With their work, they have been able to run Arch Linux on Google Drive.
Their ultimate idea included FUSE (which allows running file-system code in userspace). The developer's blog post explains that when Linux boots, "the kernel unpacks a temporary filesystem into RAM which has the tools to mount the real filesystem... it's very helpful! We can mount a FUSE filesystem in that step and boot normally.... " Thankfully, Dracut makes it easy enough to build a custom initramfs... I decide to build this on top of Arch Linux because it's relatively lightweight and I'm familiar with how it work."
Doing testing in an Amazon S3 container, they built an EFI image — then spent days trying to enable networking... And the adventure continues. ("Would it be possible to manually switch the root without a specialized system call? What if I just chroot?") After they'd made a few more tweaks, "I sit there, in front of my computer, staring. It can't have been that easy, can it? Surely, this is a profane act, and the spirit of Dennis Ritchie ought't've stopped me, right? Nobody stopped me, so I kept going..." I build the unified EFI file, throw it on a USB drive under /BOOT/EFI, and stick it in my old server... This is my magnum opus. My Great Work. This is the mark I will leave on this planet long after I am gone: The Cloud Native Computer.

Despite how silly this project is, there are a few less-silly uses I can think of, like booting Linux off of SSH, or perhaps booting Linux off of a Git repository and tracking every change in Git using gitfs. The possibilities are endless, despite the middling usefulness.

If there is anything I know about technology, it's that moving everything to The Cloud is the current trend. As such, I am prepared to commercialize this for any company wishing to leave their unreliable hardware storage behind and move entirely to The Cloud. Please request a quote if you are interested in True Cloud Native Computing.

Unfortunately, I don't know what to do next with this. Maybe I should install Nix?

Harvard Business School has an "Institute for Business in Global Society" that explores the societal impacts of business. And they've recently published some new AI-powered research about EV charging infrastructure, according to the Institute's blog, conducted by climate fellow Omar Asensio.

"Asensio and his team, supported by Microsoft and National Science Foundation awards, spent years building models and training AI tools to extract insights and make predictions," using the reviews drivers left (in more than 72 languages) on the smartphone apps drivers use to pay for charging. And ultimately this research identified "a significant obstacle to increasing electric vehicle (EV) sales and decreasing carbon emissions in the United States: owners' deep frustration with the state of charging infrastructure, including unreliability, erratic pricing, and lack of charging locations..." [C]harging stations in the U.S. have an average reliability score of only 78%, meaning that about one in five don't work. They are, on average, less reliable than regular gas stations, Asensio said. "Imagine if you go to a traditional gas station and two out of 10 times the pumps are out of order," he said. "Consumers would revolt...." EV drivers often find broken equipment, making charging unreliable at best and simply not as easy as the old way of topping off a tank of gas. The reason? "No one's maintaining these stations," Asensio said.
One problem? Another blog post by the Institute notes that America's approach to public charging has differed sharply from those in other countries: In Europe and Asia, governments started making major investments in public charging infrastructure years ago. In America, the initial thinking was that private companies would fill the public's need by spending money to install charging stations at hotels, shopping malls and other public venues. But that decentralized approach failed to meet demand and the Biden administration is now investing heavily to grow the charging network and facilitate EV sales... "No single market actor has sufficient incentive to build out a national charging network at a pace that meets our climate goals," the report declared. Citing research and the experience of other countries, it noted that "policies that increase access to charging stations may be among the best policies to increase EV sales." But the U.S. is far behind other countries.
Thanks to Slashdot reader NoWayNoShapeNoForm for sharing the article.

In Communications of the ACM, long-time FreeBSD contributor Poul-Henning Kamp mocks the idea that the free and open-source software movement has "come apart" and "will end in tears and regret." Economists and others focused on money — like my bank — have had a lot of trouble figuring out the free and open source software (FOSS) phenomenon, and eventually they seem to have reached the conclusion that it just makes no sense. So, they go with the flow. Recently, very serious people in the FOSS movement have started to write long and thoughtful opinion pieces about how it has all come apart and will end in tears and regret. Allow me to disagree...
What follows is a humorous history of how the Open Source movement bested a series of ill-conceived marketing failures starting after the "utterly bad" 1980s when IBM had an "unimaginably huge monopoly" — and an era of vendor lock-in from companies trying to be the next IBM: Out of that utter market failure came Minix, (Net/Free/Open)BSD, and Linux, at a median year of approximately 1991. I can absolutely guarantee that if we had been able to buy a reasonably priced and solid Unix for our 32-bit PCs — no strings attached — nobody would be running FreeBSD or Linux today, except possibly as an obscure hobby. Bill Gates would also have had a lot less of our money...
The essay moves on to when "that dot-com thing happened, fueled by the availability of FOSS operating systems, which did a much better job than any operating system you could buy — not just for the price, but in absolute terms of performance on any given piece of hardware. Thus, out of utter market failure, the FOSS movement was born."

And ultimately, the essay ends with our present day, and the phenomenon of companies that "make a business out of FOSS or derivatives thereof..." The "F" in FOSS was never silent. In retrospect, it seems clear that open source was not so much the goal itself as a means to an end, which is freedom: freedom to fix broken things, freedom from people who thought they could clutch the source code tightly and wield our ignorance of it as a weapon to force us all to pay for and run Windows Vista. But the FOSS movement has won what it wanted, and no matter how much oldsters dream about their glorious days as young revolutionaries, it is not coming back; the frustrations and anger of IT in 2024 are entirely different from those of 1991.

One very big difference is that more people have realized that source code is a liability rather than an asset. For some, that realization came creeping along the path from young teenage FOSS activists in the late 1990s to CIOs of BigCorp today. For most of us, I expect, it was the increasingly crushing workload of maintaining legacy code bases...

Monday Boeing announced plans to acquire its key supplier, Spirit AeroSystems, for $4.7 billion, according to the Associated Press — "a move that it says will improve plane quality and safety amid increasing scrutiny by Congress, airlines and the Department of Justice. Boeing previously owned Spirit, and the purchase would reverse a longtime Boeing strategy of outsourcing key work on its passenger planes."

But meanwhile, an anonymous reader shared this report from Newsweek: More than a hundred Boeing whistleblowers have contacted the U.S. aviation watchdog since the start of the year, Newsweek can reveal. Official figures show that the Federal Aviation Administration's (FAA) whistleblowing hotline has seen a huge surge of calls from workers concerned about safety problems. Since January the watchdog saw a total of 126 reports, via various channels, from workers concerned about safety problems. In 2023, there were just 11....

After a visit from FAA Administrator Mike Whitaker to a Boeing factory earlier in the year, Boeing CEO Dave Calhoun agreed to share details of the hotline with all Boeing employees. The FAA told Newsweek that the number of Boeing employees coming forward was a "sign of a healthy culture".... Newsweek also spoke to Jon Holden, president of the 751 District for the International Association of Machinists, Boeing's largest union which represents more than 32,000 aerospace workers. Holden said that numerous whistleblowers had complained to the FAA over Boeing's attempt to cut staff and reduce inspections in an effort to "speed up the rate" at which planes went out the door...

Holden's union is currently in contract negotiations with Boeing, and is attempting to secure a 40% pay rise alongside a 50-year guarantee of work security for its members.
CNN also reports on new allegations Wednesday from a former Boeing quality-control manager: that "for years workers at its 787 Dreamliner factory in Everett, Washington, routinely took parts that were deemed unsuitable to fly out of an internal scrap yard and put them back on factory assembly lines." In his first network TV interview, Merle Meyers, a 30-year veteran of Boeing, described to CNN what he says was an elaborate off-the-books practice that Boeing managers at the Everett factory used to meet production deadlines, including taking damaged and improper parts from the company's scrapyard, storehouses and loading docks... Meyers' claims that lapses he witnessed were intentional, organized efforts designed to thwart quality control processes in an effort to keep up with demanding production schedules. Beginning in the early 2000s, Meyers says that for more than a decade, he estimates that about 50,000 parts "escaped" quality control and were used to build aircraft. Those parts include everything from small items like screws to more complex assemblies like wing flaps. A single Boeing 787 Dreamliner, for example, has approximately 2.3 million parts...

Based on conversations Meyers says he had with current Boeing workers in the time since he left the company, he believes that while employees no longer remove parts from the scrapyard, the practice of using other unapproved parts in assembly lines continues. "Now they're back to taking parts of body sections — everything — right when it arrives at the Everett site, bypassing quality, going right to the airplane," Meyers said.

Company emails going back years show that Meyers repeatedly flagged the issue to Boeing's corporate investigations team, pointing out what he says were blatant violations of Boeing's safety rules. But investigators routinely failed to enforce those rules, Meyers says, even ignoring "eye witness observations and the hard work done to ensure the safety of future passengers and crew," he wrote in an internal 2022 email provided to CNN.

Windows Recall was "delayed" over concerns that storing unencrypted recordings of users' activity was a security risk.

But now Slashdot reader storagedude writes: The latest version of Microsoft's planned Windows Recall feature still contains data privacy and security vulnerabilities, according to a report by the Cyber Express.

Security researcher Kevin Beaumont — whose work started the backlash that resulted in Recall getting delayed last month — said the most recent preview version is still hackable by Alex Hagenah's "TotalRecall" method "with the smallest of tweaks."

The Windows screen recording feature could as yet be refined to fix security concerns, but some have spotted it recently in some versions of the Windows 11 24H2 release preview that will be officially released in the fall.
Cyber Express (the blog of threat intelligence vendor Cyble Inc) got this official response: Asked for comment on Beaumont's findings, a Microsoft spokesperson said the company "has not officially released Recall," and referred to the updated blog post that announced the delay, which said: "Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks."

"Beyond that, Microsoft has nothing more to share," the spokesperson added.
Also this week, the blog Android Authority wrote that Google is planning to introduce its own "Google AI" features to Pixel 9 smartphones. They include the ability to enhance screenshots, an "Add Me" tool for group photos — and also "a feature resembling Microsoft's controversial Recall" dubbed "Pixel Screenshots." Google's take on the feature is different and more privacy-focused: instead of automatically capturing everything you're doing, it will only work on screenshots you take yourself. When you do that, the app will add a bit of extra metadata to it, like app names, web links, etc. After that, it will be processed by a local AI, presumably the new multimodal version of Gemini Nano, which will let you search for specific screenshots just by their contents, as well as ask a bot questions about them.

My take on the feature is that it's definitely a better implementation of the idea than what Microsoft created.. [B]oth of the apps ultimately serve a similar purpose and Google's implementation doesn't easily leak sensitive information...

It's worth mentioning Motorola is also working on its own version of Recall — not much is known at the moment, but it seems it will be similar to Google's implementation, with no automatic saving of everything on the screen.
The Verge describes the Pixel 9's Google AI as "like Microsoft Recall but a little less creepy."

"Images captured from space show the growth of Cuba's electronic eavesdropping stations," reported the Wall Street Journal this week, citing a new report from the Center for Strategic and International Studies, a Washington-based think tank.

But they added that the stations "are believed to be linked to China," including previously-unreported construction about 70 miles from the U.S. naval base at Guantanamo Bay. (The Journal had previously reported China and Cuba were "negotiating closer defense and intelligence ties, including establishing a new joint military training facility on the island and an eavesdropping facility.") At the time, the Journal reported that Cuba and China were already jointly operating eavesdropping stations on the island, according to U.S. officials, who didn't disclose their locations. It couldn't be determined which, if any, of those are included in the sites covered by the CSIS report.

The concern about the stations, former officials and analysts say, is that China is using Cuba's geographical proximity to the southeastern U.S. to scoop up sensitive electronic communications from American military bases, space-launch facilities, and military and commercial shipping. Chinese facilities on the island "could also bolster China's use of telecommunications networks to spy on U.S. citizens," said Leland Lazarus, an expert on China-Latin America relations at Florida International University... Authors of the CSIS report, after analyzing years' worth of satellite imagery, found that Cuba has significantly upgraded and expanded its electronic spying facilities in recent years and pinpointed four sites — at Bejucal, El Salao, Wajay and Calabazar... "These are active locations with an evolving mission set," said Matthew Funaiole, a senior follow at CSIS and the report's chief author.
The CSIS web site shows some of the satellite images. "Pinpointing the specific targets of these assets is nearly impossible," they add — but since Cuba has no space program, "the types of space-tracking capabilities observed are likely intended to monitor the activities of other nations (like the United States) with a presence in orbit." While China's own satellites could also benefit from a North America-based groundstation for communications, the Cuban facilities "would also provide the ability to monitor radio traffic and potentially intercept data delivered by U.S. satellites as they pass over highly sensitive military sites across the southern United States."

The think tank points out that one possibly-installed system would be within range to monitor rocket launches from Cape Canaveral and NASA's Kennedy Space Center. "Studying these launches — particularly those of SpaceX's Falcon 9 and Falcon Heavy reusable first-stage booster rocket systems — is likely of keen interest to China as it attempts to catch up to U.S. leadership in space launch technology."

General Motors will pay nearly $146 million in penalties to the U.S. government, reports the Associated Press, "because 5.9 million of its older vehicles do not comply with emissions and fuel economy standards." The National Highway Traffic Safety Administration said in a statement Wednesday that certain GM vehicles from the 2012 through 2018 model years did not comply with federal fuel economy requirements. The penalty comes after the Environmental Protection Agency said its testing showed the GM pickup trucks and SUVs emit over 10% more carbon dioxide on average than GM's initial compliance testing claimed.

The EPA says the vehicles will remain on the road and cannot be repaired. The GM vehicles on average consume at least 10% more fuel than the window sticker numbers say, but the company won't be required to reduce the miles per gallon on the stickers, the EPA said... GM said in a statement that it complied with all regulations in pollution and mileage certification of its vehicles. The company said it is not admitting to any wrongdoing nor that it failed to comply with the Clean Air Act...

The enforcement action involves about 4.6 million full-size pickups and SUVs and about 1.3 million midsize SUVs, the EPA said. The affected models include the Chevy Tahoe, Cadillac Escalade and Chevy Silverado. About 40 variations of GM vehicles are covered. GM will be forced to give up credits used to ensure that manufacturers' greenhouse gas emissions are below the fleet standard for emissions that applies for that model year, the EPA said. In a quarterly filing with the Securities and Exchange Commission, GM said it expects the total cost to resolve the matter will be $490 million. Because GM agreed to address the excess emissions, EPA said it was not necessary to make a formal determination regarding the reasons for the excess pollution.
According to the article, David Cooke, senior vehicles analyst for the Union of Concerned Scientists, "said it's possible that GM owners could sue the company because they are getting lower gas mileage than advertised."

The article also notes that in 2014, Hyundai and Kia "entered into a settlement in which they had to pay a $100 million civil penalty to end a two year investigation into overstated gas mileage on window stickers of 1.2 million vehicles."

Longtime Slashdot reader Artem S. Tashkinov shares a report from The Hacker News: A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week. "This bottleneck influences the latency of network packets, allowing an attacker to infer the current network activity on someone else's Internet connection. An attacker can use this information to infer websites a user visits or videos a user watches." A defining characteristic of the approach is that it obviates the need for carrying out an adversary-in-the-middle (AitM) attack or being in physical proximity to the Wi-Fi connection to sniff network traffic. Specifically, it entails tricking a target into loading a harmless asset (e.g., a file, an image, or an ad) from a threat actor-controlled server, which then exploits the victim's network latency as a side channel to determine online activities on the victim system.

To perform such a fingerprinting attack and glean what video or a website a user might be watching or visiting, the attacker conducts a series of latency measurements of the victim's network connection as the content is being downloaded from the server while they are browsing or viewing. It then involves a post-processing phase that employs a convolutional neural network (CNN) trained with traces from an identical network setup to make the inference with an accuracy of up to 98% for videos and 63% for websites. In other words, due to the network bottleneck on the victim's side, the adversary can deduce the transmitted amount of data by measuring the packet round trip time (RTT). The RTT traces are unique per video and can be used to classify the video watched by the victim. The attack is so named because the attacking server transmits the file at a snail's pace in order to monitor the connection latency over an extended period of time.

Nvidia is expected to earn $12 billion from GPU sales to China in 2024, despite U.S. trade restrictions. Research firm SemiAnalysis says the GPU maker will ship over 1 million units of its new H20 model to the Chinese market, "with each one said to cost between $12,000 and $13,000 apiece," reports The Register. From the report: This figure is said by SemiAnalysis to be nearly double what Huawei is likely to sell of its rival accelerator, the Ascend 910B, as reported by The Financial Times. If accurate, this would seem to contradict earlier reports that Nvidia had moved to cut the price of its products for the China market. This was because buyers were said to be opting instead for domestically made kit for accelerating AI workloads. The H20 GPU is understood to be the top performing model out of three Nvidia GPUs specially designed for the Chinese market to comply with rules introduced by the Biden administration last year that curb performance.

In contrast, Huawei's Ascend 910B is claimed to have performance on a par with that of Nvidia's A100 GPU. It is believed to be an in-house design manufactured by Chinese chipmaker SMIC using a 7nm process technology, unlike the older Ascend 910 product. If this forecast proves accurate, it will be a relief for Nvidia, which earlier disclosed that its sales in China delivered a "mid-single digit percentage" of revenue for its Q4 of FY2024, and was forecast to do the same in Q1 of FY 2025. In contrast, the Chinese market had made up between 20 and 25 percent of the company's revenue in recent years, until the export restrictions landed.