"A Microsoft employee appears to have accidentally announced that Windows 11's Notepad app is getting a tabs feature," reports the Verge: The employee, a senior product manager at Microsoft, posted a photo of a version of Notepad with tabs, enthusiastically announcing "Notepad in Windows 11 now has tabs!" with a loudspeaker emoji.

The tweet was deleted minutes later, but not before Windows Central and several Windows enthusiast Twitter accounts had spotted the mistake. The Notepad screenshot includes a Microsoft internal warning: "Confidential Don't discuss features or take screenshots...."

The addition of tabs in Notepad could signal a shift towards tabs appearing in more built-in Windows apps.

Ars Technica reports on a dangerously "wormable" Windows vulnerability that allowed attackers to execute malicious code with no authentication required — a vulnerability that was present "in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability." Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes. At the time, however, Microsoft researchers believed the vulnerability allowed only the disclosure of potentially sensitive information. As such, Microsoft gave the vulnerability a designation of "important." In the routine course of analyzing vulnerabilities after they're patched, IBM security researcher Valentina Palmiotti discovered it allowed for remote code execution in much the way EternalBlue did [the flaw used to detonate WannaCry]. Last week, Microsoft revised the designation to critical and gave it a severity rating of 8.1, the same given to EternalBlue....

One potentially mitigating factor is that a patch for CVE-2022-37958 has been available for three months. EternalBlue, by contrast, was initially exploited by the NSA as a zero-day. The NSA's highly weaponized exploit was then released into the wild by a mysterious group calling itself Shadow Brokers. The leak, one of the worst in the history of the NSA, gave hackers around the world access to a potent nation-state-grade exploit. Palmiotti said there's reason for optimism but also for risk: "While EternalBlue was an 0-Day, luckily this is an N-Day with a 3 month patching lead time," said Palmiotti.
There's still some risk, Palmiotti tells Ars Technica. "As we've seen with other major vulnerabilities over the years, such as MS17-010 which was exploited with EternalBlue, some organizations have been slow deploying patches for several months or lack an accurate inventory of systems exposed to the internet and miss patching systems altogether."

Thanks to Slashdot reader joshuark for sharing the article.

Neal Stephenson coined the phrase "metaverse" in his 1992 book Snow Crash. 30 years later, Stephenson is part of a blockchain startup "optimized for the Open Metaverse" called Lamina1. This week they announced their "first-of-its-kind fund" for investing in early stage Layer 1 blockchain projects ("largely focused" on the Open Metaverse). .

The goal is "to provide broad economic access to global accredited investors looking to support the next era of the internet," according to the announcement — and to also provide Web3 builders "a vehicle for raising capital for their Open Metaverse ventures." The fund will be led by Lamina1's co-founder Peter Vessenes (who, among other things, was the first Chairman of the Bitcoin foundation), "offering investors a chance to join him at the forefront of the emerging Open Metaverse economy..."

"Investors and builders can both apply to participate immediately." The fund launch will be closely followed by the much-anticipated launch of Lamina1's testnet.... The L1EF fund works by allowing accredited investors to access and co-invest in companies and entrepreneurs through quarterly subscriptions.

Investments will be largely focused on the technology and experiences users can access in the Open Metaverse, ranging from immersive computing to open AI at scale. To support the rapid advancement and expansion of the Open Metaverse, L1EF is simultaneously focused on investing in builders and creators who will foster the quality tech and infrastructure necessary to support the protocol, and create immersive experiences that bring Lamina1's vision of an Open Metaverse to life. Some of these early stage projects include layer 2 protocols, DeFi, GameFi, marketplaces, bridges, and many more.

"We're thrilled to introduce L1EF to serve both creators and investors who are actively promoting the development of an Open Metaverse," said Rebecca Barkin, President of Lamina1. "Peter has a deep understanding and demonstrated success of growing economies around a chain, and his approach to grant builders early access to capital — right as we're preparing to place testnet in their hands — is in perfect alignment with our mission to build the open infrastructure that brings together the most powerful creative community on the planet...."

In addition to capital, projects that are part of L1EF will receive early access and support for Lamina1 developer tooling through the forthcoming Lamina1 Early Access Program.
"The team has a front row seat to all happening in the ecosystem," Vessenes said this week, "and essentially gets a 'first look' at what many of the most compelling creators and storytellers of our time are doing, building, making, and producing around the world.

"We want to share that front row seat with as many people as possible."


In 2004 Neal Stephenson answered questions from Slashdot's readers.

ByteDance confirmed it used TikTok to monitor three journalists' physical location using their IP addresses, reports Forbes, "to unearth the source of leaks inside the company following a drumbeat of stories exposing the company's ongoing links to China." As a result of the investigation into the surveillance tactics, ByteDance fired Chris Lepitak, its chief internal auditor who led the team responsible for them. The China-based executive Song Ye, who Lepitak reported to and who reports directly to ByteDance CEO Rubo Liang, resigned.... "It is standard practice for companies to have an internal audit group authorized to investigate code of conduct violations," TikTok General Counsel Erich Andersen wrote in a second internal email shared with Forbes. "However, in this case individuals misused their authority to obtain access to TikTok user data...."

"This new development reinforces serious concerns that the social media platform has permitted TikTok engineers and executives in the People's Republic of China to repeatedly access private data of U.S. users despite repeated claims to lawmakers and users that this data was protected," Senator Mark Warner told Forbes....

ByteDance is not the first tech giant to use an app to monitor specific users. In 2017, the New York Times reported that Uber had identified various local politicians and regulators and served them a separate, misleading version of the Uber app to avoid regulatory penalties.... Both Uber and Facebook also reportedly tracked the location of journalists reporting on their apps.
Ironically, TikTok's journalist-tracking project involved the company's Chief Security and Privacy Office, according to Forbes, and targeted three Forbes journalists who had formerly worked at BuzzFeed News.

It was back in October that Forbes first reported ByteDance had discussed tracking journallists. ByteDance had immediately denied the charges on Twitter, saying "TikTok has never been used to 'target' any members of the U.S. government, activists, public figures or journalists," and that "TikTok could not monitor U.S. users in the way the article suggested."

Forbes also notes that in 2021, TikTok became the most visited website in the world.

Thanks to long-time Slashdot reader newbie_fantod for submitting the story!

Meta, Microsoft and Apple, and Google all want carbon-free power. But Google "says its goals for carbon-free power are impeded by state-regulated utilities," reports the New York Times, especially those in America's Southeastern states which aren't facing a competitive market. Google's battle in the region, where it has a major concentration of data centers, raises a question that applies to the energy transition everywhere: Is what's good for a few companies good for all?

At the heart of their campaign, Google and its tech giant allies want to dismantle a decades-old regulatory system in the Southeast that allows a handful of utilities to generate and sell the region's electricity — and replace it with a market in which many companies can compete to do so. Such markets exist in some form in much of the country, but the Southeastern utilities are staunchly defending the status quo. Senior utility executives contend that their system better insulates consumers from spikes in prices of commodities like natural gas, promotes reliability and supports the long-term investments needed to develop clean-power technologies....

Most electricity in the United States was long generated and distributed by heavily regulated monopoly utilities in each state. But just before the start of this century, lawmakers and regulators, arguing that competition would bring efficiencies, made it possible to set up power markets and end the dominance of the utilities — a revolution that bypassed the Southeast. Google and others contend that the markets have brought cost savings, innovation and the capital needed to increase clean power generation from wind and solar. The most recent move toward a form of power market, in a group of Western states, has saved nearly $3 billion since 2014, according to the market operator.

Self-interest also plays a role: In power markets, large companies can strike deals with independent producers that give them more leeway to bargain on price and secure more clean energy. Google entered a landmark deal last year to provide clean power to its data centers in Virginia, which is in a sprawling market called PJM....

The big utilities in the Southeast are now building more solar projects, but those pushing for a market in the region say it's not enough. In the region, the proposed solar projects' generating capacity is equivalent to just over a fourth of total capacity, which is far below the 80 percent for PJM, according to an analysis by Tyler Norris, a senior executive at Cypress Creek Renewables, a solar company, and a special adviser in the Energy Department during the Obama administration. "Project developers are attracted to open wholesale electricity markets with price transparency, independent oversight and the ability to trade with multiple potential customers," Mr. Norris said.

For three years Stockholm-based games studio Embark has been working on the Rust-gpu project to make Rust "a first class language and ecosystem for GPU programming." The project's latest announcement? rust-gpu now supports ray-tracing.

Their original announcement explained the rationale for this years-long dvelopment effort: Historically in games GPU programming has been done through writing either HLSL, or to a lesser extent GLSL. These are simple programming languages that have evolved along with rendering APIs over the years. However, as game engines have evolved, these languages have failed to provide mechanisms for dealing with large codebases, and have generally stayed behind the curve compared to other programming languages.

In part this is because it's a niche language for a niche market, and in part this has been because the industry as a whole has sunk quite a lot of time and effort into the status quo. While over-all better alternatives to both languages exist, none of them are in a place to replace HLSL or GLSL. Either because they are vendor locked, or because they don't support the traditional graphics pipeline. Examples of this include CUDA and OpenCL. And while attempts have been made to create language in this space, none of them have gained any notable traction in the gamedev community.

Our hope with this project is that we push the industry forward by bringing an existing, low-level, safe, and high performance language to the GPU; namely Rust. And with it come some additional benefits that can't be overlooked: a package/module system that's one of the industry's best, built in safety against race-conditions or out of bounds memory access, a wide range of tools and utilities to improve programmer workflows, and many others!
Along with ray-tracing, this week they announced plans to keep rust-gpu on the same schedule as the stable Rust release, "so you can use your favorite new language features as new stable versions of Rust are being released, by just updating your rust-gpu version."

Thanks to Slashdot reader guest reader for sharing the news!

Under the bipartisan spending bill that passed both chambers of Congress as of Friday, TikTok will be banned from government devices, underscoring the growing concern about the popular video-sharing app owned by China's ByteDance. From a report: The bill, which still has to be signed into law by President Joe Biden, also calls on e-commerce platforms to do more vetting to help deter counterfeit goods from being sold online, and forces companies pursuing large mergers to pay more to file with federal antitrust agencies.

Congress failed to pass many of the most aggressive bills targeting tech, including antitrust legislation that would require app stores developed by Apple and Google to give developers more payment options, and a measure mandating new guardrails to protect kids online. And though Congress made more headway this year than in the past toward a compromise bill on national privacy standards, there remains only a patchwork of state laws determining how consumer data is protected. Center-left tech industry group Chamber of Progress cheered the exclusion of several antitrust bills that would have targeted its backers, which include Apple, Amazon, Google and Meta.

Facebook owner Meta Platforms has agreed to pay $725 million to resolve a class-action lawsuit accusing the social media giant of allowing third parties, including Cambridge Analytica, to access users' personal information. From a report: The proposed settlement, which was disclosed in a court filing late on Thursday, would resolve a long-running lawsuit prompted by revelations in 2018 that Facebook had allowed the British political consulting firm Cambridge Analytica to access data of as many as 87 million users. Lawyers for the plaintiffs called the proposed settlement the largest to ever be achieved in a U.S. data privacy class action and the most that Meta has ever paid to resolve a class action lawsuit.

"This historic settlement will provide meaningful relief to the class in this complex and novel privacy case," the lead lawyers for the plaintiffs, Derek Loeser and Lesley Weaver, said in a joint statement. Meta did not admit wrongdoing as part of the settlement, which is subject to the approval of a federal judge in San Francisco. The company said in a statement settling was "in the best interest of our community and shareholders." "Over the last three years we revamped our approach to privacy and implemented a comprehensive privacy program," Meta said.

b0s0z0ku writes: The European Union is proposing a law requiring easily replaceable batteries in new appliances and portable electronic devices. The law also sets targets for collection and recycling of those batteries, requiring 73% compliance by 2030. "Companies would get plenty of notice, however, as the requirement would only come into force 3.5 years after the legislation takes effect," adds 9to5Mac. "Companies will also be legally required to accept and recycle old batteries."

Additionally, the European Commission is "expected to consider outlawing the use of non-rechargeable portable batteries," though this would likely come with many exceptions and wouldn't happen before the end of the decade.

Further reading: EU Sets December 28, 2024, Deadline For All New Phones To Use USB-C for Wired Charging

The FBI is recommending the use of ad blockers, warning in an alert this week that cybercriminals are using online ads in search results to steal or extort money from victims. TechCrunch reports: In a pre-holiday public service announcement, the FBI said that cybercriminals are buying ads to impersonate legitimate brands, like cryptocurrency exchanges. Ads are often placed at the top of search results but with "minimum distinction" between the ads and the search results, the feds say, which can look identical to the brands that the cybercriminals are impersonating. Malicious ads are also used to trick victims into installing malware disguised as genuine apps, which can steal passwords and deploy file-encrypting ransomware. One of the FBI's recommendations for consumers is to install an ad blocker.

As the name suggests, ad blockers are web browser extensions that broadly block online ads from loading in your browser, including in search results. By blocking ads, would-be victims are not shown any ads at all, making it easier to find and access the websites of legitimate brands. Ad blockers don't just remove the enormous bloat from websites, like auto-playing video and splashy ads that take up half the page, which make your computer fans run like jet engines. Ad blockers are also good for privacy, because they prevent the tracking code within ads from loading. That means the ad companies, like Google and Facebook, cannot track you as you browse the web, or learn which websites you visit, or infer what things you might be interested in based on your web history. "Of course, you can switch your ad blocker off any time you want, and even allow or deny ads for entire websites," adds the report.

"Ads are still an important part of what keeps the internet largely free and accessible, including TechCrunch (and Slashdot!), even as subscriptions and paywalls are increasingly becoming the norm."

An anonymous reader quotes a report from Gizmodo: DuckDuckGo, the internet's favorite private search engine, is rolling out a new feature across its service Wednesday called Google Sign-in Pop-up Protection, It's on by default, saving your eyes and your time from Google's nagging. You can still sign in with Google whenever you want, you just don't have to deal with Google's prompts. "They popups are invasive, annoying and they undermine user privacy," said Peter Dolanjski, director of product for DuckDuckGo. "Google is employing a dark pattern by pushing you to sign in when you might not have otherwise. When you do, Google is is tracking what you do on those websites and linking it to your identity."

Google Sign In is nothing new, but the popups are a subtle but pervasive change to the web. You can find them on Booking.com, Pinterest, Reddit, Trulio, Zillo and countless more. "We believe google is pitching the popups to these websites as a win-win," Dolanjski said. "If they can get more users to sign in, it opens up more data collection both for Google and publishers, and it lets Google better target users with ads." That means more money for everyone involved, except you.

A small but growing number of universities are now blocking access to TikTok on school-owned devices or WiFi networks, in the latest sign of a widening crackdown on the popular short-form video app. From a report: The University of Oklahoma and Auburn University in Alabama have each said they will restrict student and faculty access to TikTok, in order to comply with recent moves from the governors in their respective states to ban TikTok on government-issued devices. The 26 universities and colleges in the University System of Georgia are also reportedly taking a similar step.

"In compliance with the Governor's Executive Order 2022-33, effective immediately, no university employee or student shall access the TikTok application or website on University-owned or operated devices, including OU wired and wireless networks," the University of Oklahoma said in an email this week. According to the email, the school will also require that university-administered TikTok accounts be deleted and "alternate social media platforms utilized in their place." Further reading: TikTok steps up efforts to clinch U.S. security deal.

A proposal to force cellphone companies to block certain spam texts is gaining momentum. From a report: California Attorney General Rob Bonta has expressed his support for a proposal by the Federal Communications Commission (FCC) to put an end to illegal and malicious texts. By doing so, he joined attorneys general from the other 49 states and Washington D.C., who had all previously expressed their support of the proposal. In a letter signed by all 51 attorneys general to the FCC, supporting them in their hopes to require cellular providers to block illegal text messages from invalid or unused numbers, as well as blocking any phone numbers found on a "do not originate" list, numbers which have previously been proved to have been used for fraudulent activity.

A new wave of chat bots like ChatGPT use artificial intelligence that could reinvent or even replace the traditional internet search engine. From a report: Over the past three decades, a handful of products like Netscape's web browser, Google's search engine and Apple's iPhone have truly upended the tech industry and made what came before them look like lumbering dinosaurs. Three weeks ago, an experimental chat bot called ChatGPT made its case to be the industry's next big disrupter. [...] Although ChatGPT still has plenty of room for improvement, its release led Google's management to declare a "code red." For Google, this was akin to pulling the fire alarm. Some fear the company may be approaching a moment that the biggest Silicon Valley outfits dread -- the arrival of an enormous technological change that could upend the business.

For more than 20 years, the Google search engine has served as the world's primary gateway to the internet. But with a new kind of chat bot technology poised to reinvent or even replace traditional search engines, Google could face the first serious threat to its main search business. One Google executive described the efforts as make or break for Google's future. ChatGPT was released by an aggressive research lab called OpenAI, and Google is among the many other companies, labs and researchers that have helped build this technology. But experts believe the tech giant could struggle to compete with the newer, smaller companies developing these chat bots, because of the many ways the technology could damage its business.

Google has announced that two of its latest privacy-enhancing technologies (PETs), including one that blurs objects in a video, will be provided to anyone for free via open source. From a report: The new tools are part of Google's Protected Computing initiative designed to transform "how, when and where data is processed to technically ensure its privacy and safety," the company said. The first is an internal project called Magritte, now out on Github, which uses machine learning to detect objects and apply a blur as soon as they appear on screen. It can disguise arbitrary objects like license plates, tattoos and more.

The other with the unwieldy name "Fully Homomorphic Encryption (FHE) Transpiler, allows developers to perform computations on encrypted data without being able to access personally identifiable information. Google says it can help industries like financial services, healthcare and government, "where a robust security guarantee around the processing of sensitive data is of highest importance." Google notes that PETs are starting to enter the mainstream after being mostly an academic exercise. The White House recently touted the technology, saying "it will allow researchers, physicians, and others permitted access to gain insights from sensitive data without ever having access to the data itself."

The United States Copyright Office (USCO) reversed an earlier decision to grant a copyright to a comic book that was created using "A.I. art," and announced that the copyright protection on the comic book will be revoked, stating that copyrighted works must be created by humans to gain official copyright protection. From a report: In September, Kris Kashtanova announced that they had received a U.S. copyright on his comic book, Zarya of the Dawn, a comic book inspired by their late grandmother that she created with the text-to-image engine Midjourney. Kashtanova referred to herself as a "prompt engineer" and explained at the time that she went to get the copyright so that she could "make a case that we do own copyright when we make something using AI."

An anonymous reader quotes a report from Ars Technica: One of the Kremlin's most active hacking groups targeting Ukraine recently tried to hack a large petroleum refining company located in a NATO country. The attack is a sign that the group is expanding its intelligence gathering as Russia's invasion of its neighboring country continues. The attempted hacking occurred on August 30 and was unsuccessful, researchers with Palo Alto Networks' Unit 42 said on Tuesday. The hacking group -- tracked under various names including Trident Ursa, Gamaredon, UAC-0010, Primitive Bear, and Shuckworm -- has been attributed by Ukraine's Security Service to Russia's Federal Security Service.

In the past 10 months, Unit 42 has mapped more than 500 new domains and 200 samples and other bread crumbs Trident Ursa has left behind in spear phishing campaigns attempting to infect targets with information-stealing malware. The group mostly uses emails with Ukrainian-language lures. More recently, however, some samples show that the group has also begun using English-language lures. "We assess that these samples indicate that Trident Ursa is attempting to boost their intelligence collection and network access against Ukrainian and NATO allies," company researchers wrote. Among the filenames used in the unsuccessful attack were: MilitaryassistanceofUkraine.htm, Necessary_military_assistance.rar, and List of necessary things for the provision of military humanitarian assistance to Ukraine.lnk. Tuesday's report didn't name the targeted petroleum company or the country where the facility was located. In recent months, Western-aligned officials have issued warnings that the Kremlin has set its sights on energy companies in countries opposing Russia's war on Ukraine.

Trident Ursa's hacking techniques are simple but effective. The group uses multiple ways to conceal the IP addresses and other signatures of its infrastructure, phishing documents with low detection rates among anti-phishing services, and malicious HTML and Word documents. Unit 42 researchers wrote: "Trident Ursa remains an agile and adaptive APT that does not use overly sophisticated or complex techniques in its operations. In most cases, they rely on publicly available tools and scripts -- along with a significant amount of obfuscation -- as well as routine phishing attempts to successfully execute their operations..." Tuesday's report provides a list of cryptographic hashes and other indicators organizations can use to determine if Trident Ursa has targeted them. It also provides suggestions for ways to protect organizations against the group.

YouTube's Doctor Volt repurposed a Blu-Ray drive, which are now easy to find on the cheap in the era of streaming content, to build a simple scanning laser microscope. Gizmodo reports: A couple of custom-designed and manufactured plastic parts were added to the mix to create a scanning bed for a sample that could move back in forth in one direction, while the laser itself shifted back and forth in the other. Unlike an optical microscope, where the entirely of an object is imaged at once, a scanning laser microscope takes light intensity measurements in increments, moving across an object in a grid and assembling a magnified image pixel by pixel. In this case, given the limitations of the Blu-Ray drive's spindle, which moves the sample being viewed back and forth, the image is assembled from 16,129 measurements (a 127x127 grid) and then scaled up to a 512x512 image.

A browser-based user interface written in Java allows focus adjustments and the scanning speed of the microscope to be modified, but at the slowest possible speed, the results are surprisingly good and recognizable. Certainly not comparable to what you'd get from lab equipment that costs tens of thousands of dollars, but for a re-purposed Blu-Ray drive you could get for less than $20 on eBay, this is an impressive hack.

schwit1 shares a report from Futurism: Your robot vacuums are watching you -- and the resulting imagery of your most private moments can, horrifically, get leaked online. As the MIT Technology Review reports, the aptly-named company iRobot, behind the uber-popular Roomba vacuums, confirmed that gig workers outside of the US broke a non-disclosure agreement when sharing intimate photos, including one of a woman on the toilet, to social media.

The images in question, some of which MIT Tech shared -- though thankfully not the bathroom one -- were snapped by the vacuums for the purpose of data annotation, the process in which humans confirm or deny whether AI has accurately labeled things correctly. While the data annotation process is integral to Roomba-style vacuums and other AI-enabled robotics, most people are unaware of the process, though iRobot claimed in its responses to MIT Tech that the leaked images came from development robots that had a bright green label that said "video recording in process."

An anonymous reader shares a report: I reviewed a number of laptops in 2022 across consumer, workstation, gaming, business, Chromebook, and everywhere else. I touched all of the major brands. But I had a particular focus on ultraportables this year -- that is, thin and light devices that people buy to use, say, on their couch at home -- because, with Apple's MacBooks in such a dominant position, many eyes have been on their competitors on the Windows side. For many of these models, I found myself writing the same review over and over and over. They were generally good. They performed well. But their battery life was bad.

What these laptops had in common is that they were all powered by the Intel P-series. Without getting too into the weeds here, Intel processors have, in the past, included H-series processors -- powerful chips that you'll find in gaming laptops and workstations -- and U-series processors for thinner, lighter devices. (There was also a G-series, which was this whole other thing, for a couple of years.) But the Intel 12th Generation of mobile chips (that is, the batch of chips that Intel released this year) has a new letter: the P-series. The P-series is supposed to sit between the power-hungry H-series and the power-efficient U-series; the hope was that it would combine H-series power with U-series efficiency.

And then many -- a great many -- of this year's top ultraportable laptops got the P-series: big-screeners like the LG Gram 17; modular devices like the Framework Laptop; business notebooks like the ThinkPad X1 Yoga Gen 7; premium ultraportables like the Acer Swift 5, the Lenovo Yoga 9i, the Samsung Galaxy Book2 Pro, and the Dell XPS 13 Plus. The problem was that, in reality, the P-series was just a slightly less powerful H-series chip, which Intel had slapped an "ultraportable" label onto. It was identical to the H-series in core count and architecture, but it was supposed to draw slightly less power.