An anonymous reader quotes a report from CBC.ca: A government program meant to attract highly skilled tech workers from the U.S. closed for applications the day after it launched when it hit its maximum number of applicants. Last month, Immigration Minister Sean Fraser announced a new work permit for H-1B visa holders in the U.S. -- part of a larger federal government strategy to poach talent from abroad. H-1B visas allow foreign nationals to work temporarily in the U.S. in certain specialized occupations, including some in the technology sector. Tech companies went on a hiring binge during the pandemic but have since starting laying people off in large numbers. That has left a lot of H-1B visa holders scrambling to find new jobs before they're forced to leave the U.S.

Applications for the work permits opened on Sunday. By Monday the program had reached capacity, with 10,000 applicants bidding for a permit. "This temporary policy will last for 1 year or until we get 10,000 applications (whichever comes first)," the program's website says. The program is a response to massive layoffs in the U.S. tech industry. Since last summer, hundreds of thousands of workers have been laid off from such major firms as Google, Microsoft and Amazon. Fraser said he was watching the situation in the U.S. and saw it as an "opportunity" for Canada when he first announced the program.

Nick Schiavo, director of federal affairs for the Council of Canadian Innovators, said he's not surprised that applications filled up so quickly. He said the government should now consider expanding the program to more applicants. "The more that we can pull from these highly qualified individuals that we know have the work experience, the skill set the better," Schiavo said. "As this program develops, it would be great to see it expanded."

An anonymous reader quotes a report from Motherboard: [T]he NYPD announced it's piloting test drones to fly over at-risk neighborhoods and make public announcements during emergencies. On Sunday, at the tail end of a weekend of heavy rainfall and flooding, New York City's emergency notification system tweeted that the NYPD would be "conducting a test of remote-piloted public messaging capabilities" at a location confirmed to AM New York as Hook Creek Park in Queens. The NYPD told AM New York that the drones were being tested to make announcements during weather-related emergencies, and were being tested in advance of more flooding expected this weekend. The comments suggest that public announcement drones could be deployed in a real-world scenario very soon.

Besides the eeriness of a drone instructing New Yorkers during life-threatening emergencies, the test raises questions about the NYPD's compliance with laws that require the agency to alert the public when deploying surveillance technology. The NYPD is required to post an impact statement and use policy on its website and seek public comment 90 days prior to deploying new surveillance technology to comply with the 2020 POST Act. However, according to the law, the NYPD merely has to amend old use policies if it is using previously existing surveillance tech for new purposes. For its use policy for unmanned aircraft, finalized in April 2021, there is no mention of the emergency announcements. The document says, "In situations where deployment of NYPD (drones) has not been foreseen or prescribed in policy, the highest uniformed member of the NYPD, the Chief of Department, will decide if deployment is appropriate and lawful. In accordance with the Public Oversight of Surveillance Technology Act, an addendum to this impact and use policy will be prepared as necessary to describe any additional uses of UAS." No such addendum appears on the website. "This plan just isn't going to fly. The city already has countless ways of reaching New Yorkers, and it would take thousands of drones to reach the whole city," Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project told Motherboard by email.

"The drones are a terrible way to alert New Yorkers, but they are a great way to creep us out. More alarmingly, the NYPD is once again violating the landmark Public Oversight of Surveillance Technology (POST) Act, which requires public notice and comment before deploying new surveillance systems." Cahn added: "No gadget is going to be a substitute for effective city management and communication practices."

An anonymous reader quotes a report from Wired: Who owns thedata generated by your car? And who controls access to it? For almost a decade, right-to-repair activists, automakers, parts manufacturers, auto repair shop owners, technicians, and regular people who own cars have fought over those questions. How they are answered could radically change the cost and convenience of owning a modern camera-studded and cloud-enabled car -- and, some say, the future of the increasingly tech-heavy auto industry. Last week, a few trade groups announced they had finally figured it all out. In a letter (PDF) to the US Congress, three industry organizations that together represent the major automakers and thousands of repair shops said they had signed a "memorandum of understanding" on the right to repair. In the agreement, the automakers commit to giving independent car repair shops access to the data, tools, and information necessary to diagnose and repair vehicles -- the data, tools, and information provided to the automakers' own dealership networks. "Competition is alive and well in the auto repair industry," the letter said.

Right-to-repair advocates -- who contend that consumers should be able to fix the products they buy -- aren't so sure. They say the agreement doesn't give car owners full and unfettered control of the streams of data generated by the latest cars' cameras and other sensors, which log data on location, speed, acceleration, and how a vehicle's hardware and software are performing. The advocates worry the new agreement gives automakers and automaker-associated repairers room to squeeze out smaller, independent shops and at-home tinkerers in the future, making it more difficult for car owners to find places to quickly and affordably fix their cars. And they say there are no enforcement mechanisms to guarantee automakers follow through on their promises. Notably, the new agreement didn't include the Auto Care Association, the largest US trade group for independent repair shops and aftermarket parts suppliers. The group's chair, Corey Bartlett, says the agreement doesn't address some of the major barriers facing consumers looking to get a tech-heavy car repaired.

Smaller and especially rural repair shops sometimes can't fix the newest models, because they can't pay for the expensive tools, subscriptions, and training needed, which can cost hundreds of thousands of dollars. As cars get more complex, and move more services into apps and onto the internet, they fear access will shrink. [...] Many repair shops, especially those who opt in and pay to be part of those certified networks, say they have no trouble finding the information they need to fix cars, even before this week's agreement. [...] Other repairers worry that without an industry-wide overhaul that forces automakers to standardize and open up their data, car companies will find ways to limit access to repair information, or push customers towards their own dealership networks to boost profits. They say that if auto owners had clear and direct ownership over the data generated by their vehicles -- without the involvement of automakers' specialized tools or systems -- they could use it themselves to diagnose and repair a car, or authorize the repair shop of their choice to do the work. "My fear, if no one gives some stronger guidelines, is that I know automakers are going to monetize car data in a way that's unaffordable for us to gain access," says Dwayne Myers, co-owner of Dynamic Automotive, an auto repair business with several locations in Maryland.

Virtual pet website Neopets, which was popular in the 2000s but declined in recent years, is planning a comeback with $4 million in funding and a promise to bring back 50 classic games on July 25th. The BBC reports: Launched in 1999 by British developers, the site let users care for cartoon pets, chat and play games. But after Viacom bought it, for $160 million in 2005, the site failed to keep up with the times and many elements stopped working. At its peak, in the mid-2000s, Neopets had 25 million users, rivaling the popularity of Tamagotchis and other virtual pets. But by 2017, that had collapsed to just 100,000 daily users, according to then chief executive David Lord.

But will the promise of new funding and functionality tempt people to return to their neglected pets? [...] Neopets said a management buyout deal meant the website was now an independent business without a large corporate owner. "Free from the corporate baggage that existed in the past, the newly united [Neopets Team] has now been entrusted with the decision-making and overall brand strategy of Neopets, enabling them to work solely on the betterment of the entire Neopets game and community," it said in a blog post. "The Neopets Team is, for the first time in over a decade, equipped to make meaningful changes in pursuit of a Neopian renaissance." It plans to begin the "new era" with a refreshed homepage, on Thursday, 20 July. Five days later, it will bring back 50 of the website's classic games amid plans to fix "many of the most beloved games" in the future.

Qualcomm and Meta will enable the social networking company's new large language model, Llama 2, to run on Qualcomm chips on phones and PCs starting in 2024, the companies announced today. From a report: So far, LLMs have primarily run in large server farms, on Nvidia graphics processors, due to the technology's vast needs for computational power and data, boosting Nvidia stock, which is up more than 220% this year. But the AI boom has largely missed the companies that make leading edge processors for phones and PCs, like Qualcomm. Its stock is up about 10% so far in 2023, trailing the NASDAQ's gain of 36%. The announcement on Tuesday suggests that Qualcomm wants to position its processors as well-suited for A.I. but "on the edge," or on a device, instead of "in the cloud." If large language models can run on phones instead of in large data centers, it could push down the significant cost of running A.I. models, and could lead to better and faster voice assistants and other apps.

An anonymous reader quotes a report from Electrek: Tesla has officially launched its new 'Charge on Solar' feature to let its electric car owners charge their vehicles with sunshine. Tesla describes the feature: "With Charge on Solar, your Tesla vehicle can charge using only excess solar energy produced by your Tesla solar system. Using excess energy to charge your electric vehicle maximizes the value of your home's solar system. Use the Tesla app to set Charge on Solar limits and have your vehicle charge using extra solar energy."

If you have all the required hardware and software, you can go to your Tesla app, and under "Charge on Solar," you will be able to set your charge limit using excess solar energy. Tesla writes about the charge limit: "Your vehicle will charge from solar and the grid when your current charge level is below the left sun slider. After your vehicle's charge level passes the sun slider, your vehicle automatically switches to only charge on excess solar up to your charge limit. Solar power and home loads are variables so if you ever want to charge faster, you can simply increase the lower charge limit to a desired range." There's also a scheduling feature that stops charging with solar after a specific time if you know that your energy consumption will increase at a specific time.

Dale Vince, the green energy tycoon and founder of Ecotricity, is planning to launch Britain's first electric airline called Ecojet. The Guardian reports: Ecojet, styled as a "flag carrier for green Britain," will launch early next year with a 19-seater plane traveling on a route between Edinburgh and Southampton. The planes will run initially on kerosene-based fuel for the first year, before being retrofitted with engines that convert green hydrogen into electricity. The airline will launch with several green-striped 19-seater planes capable of traveling for 300 miles. Vince hopes to expand the number of routes out to cover all of Britain's big cities. Staff will wear environmentally friendly uniforms, and serve plant-based meals.

A second phase, 18 months later, will result in 70-seater planes capable of flying to Europe being introduced. The company is in the process of applying for a license from the Civil Aviation Authority and securing takeoff and landing slots at airports. However, the process of launching an airline is regarded as slow, and Ecojet will not launch as an electric plane operator, starting by using kerosene-based fuel instead. [...] Vince said Ecojet would "price match" existing airlines on air fares and was intended to attract a mass market, beyond environment-conscious consumers. He said he would invest one million pounds initially but plans to raise further funds next year.

An anonymous reader quotes a report from Motherboard: A phone-recorded video posted to Reddit shows a wooden desk strewn with various office supplies. On a monitor on the desk, a video begins to play: an Amazon delivery driver, being recorded by a driver-facing camera in their van, leans out of their window to talk to a customer. Though the video is cute, the setup is not: The camera's AI tracks their movements, surrounding them with a bright green box. Below them on the monitor's screen, a yellow line marks the length of the clip sent to the driver's dispatcher. Above them sits a timecode and a speed marker of "0 MPH." The driver opens their door, and moments later, a small French bulldog leaps into the van, tail wagging. The driver is delighted. The person behind the camera laughs a little. [...] The desk set-up looks consistent with that of an Amazon delivery service partner (DSP), the small-business contractors responsible for Amazon's door-to-door deliveries. The DSPs usually operate out of Amazon delivery warehouses, where they are given a desk like the one in the video, in a small area of the warehouse, out of which they select routes, dispatch drivers, and monitor their actions on the road with the help of the cameras.

The video is one of a slew of in-van surveillance videos recently posted to Reddit, a phenomenon which hasn't frequently been seen on the site before. Over the past two weeks, many users in the Amazon delivery service partner drivers subreddit (r/AmazonDSPDrivers) have shared video footage from the cameras, either directly or by recording it on their phone from a monitor within the warehouse. It is clear that many of the videos are not being posted by the subject of the video themselves, and highlights the fact that Amazon drivers, who already have incredibly difficult jobs, are being monitored at all times.

When Motherboard first wrote about the "Biometric Consent" form drivers had to sign that allows them to be monitored while on the job, Amazon insisted that the program was about safety only, and that workers shouldn't be worried about their privacy: "Don't believe the self-interested critics who claim these cameras are intended for anything other than safety," a spokesperson told us at the time. But this video, and a rash of others that have recently become public, shows that access to the camera feeds is being abused. [...] It's not clear why there has been a sudden spate of videos being posted publicly. One current Amazon delivery driver said that the drivers themselves did not have access to the videos -- only Amazon, Netradyne, and the relevant DSPs did.

Despite being the fastest-growing online platform in history, Meta's Threads is struggling to retain regular customer engagement. According to SimilarWeb, the Twitter rival saw daily active users decline from 49 million on July 7th to 23.6 million on July 14th. Furthermore, usage in the United States declined from 21 minutes per day to just over six minutes in the same time period. Here's are the key takeaways from the report: - On its best day, July 7, Threads had more than 49 million daily active users on Android, worldwide, according to SimilarWeb estimates. That's about 45% of the usage of Twitter, which had more than 109 million active Android users that day.
- By Friday, July 14, Threads was down to 23.6 million active users, or about 22% of Twitter's audience.
- Usage in the US, which saw the most activity, peaked at about 21 minutes of engagement with the app on July 7. By July 14, that was down to a little over 6 minutes.
- In the first two full days that Threads was generally available, Thursday and Friday, web traffic to twitter.com was down 5% compared with the same days of the previous week. Although traffic bounced back, for the most recent 7 days of data it's still down 11% year-over-year.
- On the days of peak interest in Threads, Twitter's Daily active users on Android, worldwide, were virtually unchanged, but time spent was down 4.3% -- perhaps because some users were off trying Threads. Even with that drop, however, the average total time spent on Twitter was about 25 minutes.

To a large extent, Threads solves the "empty party problem" that makes it tough to start a new online community by allowing Instagram users to instantly create a Threads account, bringing their existing contacts with them. Our daily usage numbers make Meta's claim of having achieved more than 100 million total account signups in a matter of days seem reasonable. However, Threads is missing many basic features and still needs to offer a compelling reason to switch from Twitter or start a new social media habit with Threads.

Mustafa Suleyman, co-founder of DeepMind, believes that for the UK to become an AI superpower, it needs to foster a culture of risk-taking and encourage large-scale investments. The BBC reports: Mustafa Suleyman added that he does not regret selling DeepMind to the US giant in 2014. "The US market is not only huge, but also more predisposed to taking big shots," he told the BBC. Prime Minister Rishi Sunak wants the UK to be a global hub for AI. He has pledged 1 billion pounds in funding over the next 10 years, and founded a UK taskforce with a remit of maximising the benefits of the tech while keeping it safe. This week BBC News is focusing on AI, how the technology affects our lives and what impacts it may have in the near future.

Mr Suleyman said the UK had "every chance" of becoming an AI superpower and praised its research facilities, but added there were not the same opportunities for businesses to grow as there are in the US. "I think the culture shift that it needs to make is to be more encouraging of large scale investments, more encouraging of risk taking, and more tolerant and more celebratory of failures," he said. "The truth is, the US market is not only huge, but also more predisposed to big risk taking, taking big shots and having big funding rounds." Mr Suleyman has chosen to base his new company, Inflection AI, in Palo Alto, California, which is also home to the headquarters of Google, Facebook and Tesla.

Mustafa Suleyman's views represent one of the challenges facing Ian Hogarth, a British entrepreneur and investor who has been appointed to lead the UK's AI taskforce. He took up the position five weeks ago. In his first interview since getting the job, Mr Hogarth told the BBC that while the UK was a good place for start-ups, it should also be easier for them to grow. "We've had some great [tech] companies and some of them got bought early, you know - Skype got bought by eBay, DeepMind got bought by Google. I think really our ecosystem needs to rise to the next level of the challenge."

Norway's data protection regulator has accused Meta of violating user privacy by tracking their activities, threatening to fine the company $100,000 per day if it fails to take corrective action. "It is so clear that this is illegal that we need to intervene now and immediately," said Tobias Judin, head of Norway's privacy commission, Datatilsynet. Engadget reports: The move follows a European court ruling banning Meta from harvesting user data like location, behavior and more for advertising. Datatilsynet has referred its actions to Europe's Data Protection Board, which could widen the fine across Europe. The aim is to put "additional pressure" on Meta, Judin said. (Norway is a member of the European single market, but not technically an EU member.)

Meta told Reuters that it's reviewing Datatilsynet's decision and that the decision wouldn't immediately impact its services. "We continue to constructively engage with the Irish DPC, our lead regulator in the EU, regarding our compliance with its decision," a spokesperson said. "The debate around legal bases has been ongoing for some time and businesses continue to face a lack of regulatory certainty in this area."

Thousands of writers including Nora Roberts, Viet Thanh Nguyen, Michael Chabon and Margaret Atwood have signed a letter asking artificial intelligence companies like OpenAI and Meta to stop using their work without permission or compensation. From a report: It's the latest in a volley of counter-offensives the literary world has launched in recent weeks against AI. But protecting writers from the negative impacts of these technologies is not an easy proposition. According to a forthcoming report from The Authors Guild, the median income for a full-time writer last year was $23,000. And writers' incomes declined by 42% between 2009 and 2019. The advent of text-based generative AI applications like GPT-4 and Bard, that scrape the Web for authors' content without permission or compensation and then use it to produce new content in response to users' prompts, is giving writers across the country even more cause for worry.

"There's no urgent need for AI to write a novel," said Alexander Chee, the bestselling author of novels like Edinburgh and The Queen of the Night. "The only people who might need that are the people who object to paying writers what they're worth." Chee is among the nearly 8,000 authors who just signed a letter addressed to the leaders of six AI companies including OpenAI, Alphabet and Meta. "It says it's not fair to use our stuff in your AI without permission or payment," said Mary Rasenberger, CEO of The Author's Guild. The non-profit writers' advocacy organization created the letter, and sent it out to the AI companies on Monday. "So please start compensating us and talking to us."

Passengers have flooded the FAA with complaints about narrow seats and scant legroom. From a report: Passengers have been sounding off for years about airline seating -- no legroom, thin cushions, too narrow. Now politicians are listening. A bill introduced in Congress last month to update aircraft evacuation standards would compel federal regulators to study seat sizes and spacing. Tito Echeverria, who used to travel frequently as a plant manager for a manufacturing company, has had too many awkward interactions with other squished travelers. "You end up having to consistently rub legs with someone, even though you're not really trying to," said Echeverria, 32, from Ontario, Calif. "You're just freaking there next to them."

U.S. regulations cover aisle width and the number of seats allowed on planes, but not minimum seat sizes. The Federal Aviation Administration has said in court it isn't required to set seat standards unless it finds they are necessary to protect passenger safety. In late 2019 and early 2020, it simulated emergency evacuations and found seat size and spacing didn't adversely affect the process. Last year, the FAA sought public feedback on whether seat sizes posed safety issues, and it got an earful. More than 26,000 public comments poured in over a three-month stretch. "Airplane seat sizes are appalling," one commenter wrote. "They are built for people from the '40s and '50s. They cannot remotely accommodate a person over 6 feet or 200 pounds. It's literally painful to fly today."

Millions of US military emails have been misdirected to Mali through a "typo leak" that has exposed highly sensitive information, including diplomatic documents, tax returns, passwords and the travel details of top officers. Financial Times: Despite repeated warnings over a decade, a steady flow of email traffic continues to the .ML domain, the country identifier for Mali, as a result of people mistyping .MIL, the suffix to all US military email addresses. The problem was first identified almost a decade ago by Johannes Zuurbier, a Dutch internet entrepreneur who has a contract to manage Mali's country domain.

Zuurbier has been collecting misdirected emails since January in an effort to persuade the US to take the issue seriously. He holds close to 117,000 misdirected messages -- almost 1,000 arrived on Wednesday alone. In a letter he sent to the US in early July, Zuurbier wrote: "This risk is real and could be exploited by adversaries of the US."

The Register shares its collection of "signs that Wayland is becoming the favored way to get a GUI on Linux." - The team developing Linux for Apple Silicon Macs said they didn't have the manpower to work on X.org support.

- A year ago, the developers of the Gtk toolkit used by many Linux apps and desktops said that the next version may drop support for X11...

- One of the developers of the Budgie desktop, Campbell Jones, recently published a blog post with a wildly controversial title that made The Reg FOSS desk smile: "Wayland is pretty good, actually." He lays out various benefits that Wayland brings to developers, and concludes: "Primarily, what I've learned is that Wayland is actually really well-designed. The writing is on the wall for X, and Wayland really is the future." Partly as a result of this, it looks likely that the next version of the Budgie desktop, Budgie 11, will only support Wayland, completely dropping support for X11. The team point out that this is not such a radical proposition: there was a proposal to make KDE 6 sessions default to Wayland as long ago as last October...

- The GNOME spin of Fedora has defaulted to Wayland since version 25 in 2017, and the GNOME flavor of Ubuntu since 21.04.

- [T]here's now an experimental effort to get Wayland working on OpenBSD. The effort happened at the recent OpenBSD hackathon in Tallinn, Estonia, and the developer's comments are encouraging. It's already available as part of FreeBSD.

"Logan Parson's first flight by himself ended with airport officials taking the teenager into custody and whisking him away into an interrogation room," reports the Independent. The teen was "denied boarding to an American Airlines flight," reports the Washington Post. "He hadn't committed a crime, nor was he accused of being unruly.

"His offense? Attempting to make use of a money-saving hack that gutsy fliers use every year." Direct flights to major cities are so expensive, it can actually be cheaper to book a flight with stops in two cities — and then skip the flight to that second city. The Post points out that while passengers can save money with this so-called "hidden-city ticket" trick — or skiplagging — "most carriers regard it as a form of fraud."

From North Carolina TV station WJZY: In a statement to WJZY, American Airlines said, "Purchasing a ticket without intending to fly all flights to gain lower fares (hidden city ticketing) is a violation of American Airlines terms and conditions and is outlined in our Conditions of Carriage online...." Other major airlines, like Delta and United, also prohibit hidden city ticketing. Even [skip-lagging resource] Skip Lagged warns there may be consequences of hidden city ticketing, like your checked luggage moving on to the final destination instead of where you stop or losing frequent flyer miles you've accrued.
The Arizona Republic adds: According to American and Southwest's contracts of carriage, they can cancel any unused part of a ticket, refuse to let the passenger and their bags fly, not issue a refund and charge the customer for what the ticket would have cost for the full route. Airlines may ban a passenger from flying with them in the future.

Some airlines have challenged the practice in court but without success. In November 2014, United Airlines sued Skiplagged.com and its founder in court, claiming trademark infringement, according to court documents. A judge dismissed the suit the following year.
The Washington Post shares another warning: Chris Dong, a Los Angeles-based travel writer and points expert who used to skiplag, says you especially can't do this on a round-trip flight. "Airlines will cancel your return flight if you're a 'no show' for any segment of a booked itinerary," Dong said in an email.
While the teen's father told WJZY that his son was "interrogated a little bit" before being "taken to a security room," American Airline says their records don't show that the teen was taken to a security room. Instead, they've told the Post that "Our records indicate the customer was questioned only at the ticket counter about their travel, while attempting to check-in for their flight." The fact that the teen was denied boarding underscores how serious airlines take skiplagging. It makes sense, since the practice saps revenue from them on two fronts: Not only do passengers underpay — potentially by hundreds of dollars per ticket — but the seat on the tossed leg could have been sold to someone else. Most contracts of carriage from major airlines expressly forbid skiplagging as a result.
The Post also got this quote from Clint Henderson, an industry expert and managing editor for the Points Guy. "The airlines are getting increasingly sophisticated and smart about it. I expect that will get even more prevalent as technology improves further."

Here's how long-time Slashdot reader Baron_Yam summarizes a radically new tiny-but-powerful "opposed-piston engine" created by INNengine of Granada, Spain. "500cc, 120 horsepower, under 40 kilograms (85 pounds). No cylinder head in the motor, no camshaft, no crankshaft, no valves, and no oil mixed in with the fuel."

The company calls it "a single-stroke combustion cycle," though the engine itself still has a compression stroke and an exhaust stroke, reports The Drive: Despite having four cylinder banks, the INNengine (depending on its configuration) actually has eight pistons. This is because the engine is an opposed-piston motor, meaning that each piston's compression stroke is performed against a second piston placed in the same cylinder bank rather than a static cylinder head. It still only has four combustion chambers, though, which means it sounds similar to a four-cylinder engine... The mechanical configuration also allows for better engine balance. That means typical drawbacks of an internal combustion motor (often referred to as noise, vibration, and harshness) are minimalized. Once combustion happens, the piston is pushed back against the plate and forces the plate to rotate. This motion is synced between each half of the motor via a shared shaft — meaning, no extra timing components...

Is it likely that we'll see INNengine's combustion tech powering the wheels of a car? Probably not, at least not directly hooked up to a gearbox. The Mazda featured in INNengine's demo video was a great concept, but the company seems to be instead targeting the EV market as a range extender, especially since that's the way the industry is ultimately headed.

If the tech had debuted a few decades ago or more, perhaps there would have been a chance of adoption in the main market (cue Felix Wankel's notorious rotary). But messing with perfection in this day and age, especially as combustion tech could be on the way out, seems a bit unlikely to take off. That's why a range extender would appear to be the most logical path forward for this tech, especially if we want more lightweight, cost-effective EVs.

An anonymous reader shared Thursday's report from eSecurity Planet: After Microsoft warned earlier this week that some drivers certified by the Windows Hardware Developer Program (MWHDP) are being leveraged maliciously, a Cisco Talos security researcher said the number of malicious drivers could number in the thousands.

Talos researcher Chris Neal discussed how the security problem evolved in a blog post. "Starting in Windows Vista 64-bit, to combat the threat of malicious drivers, Microsoft began to require kernel-mode drivers to be digitally signed with a certificate from a verified certificate authority," Neal wrote. "Without signature enforcement, malicious drivers would be extremely difficult to defend against as they can easily evade anti-malware software and endpoint detection." Beginning with Windows 10 version 1607, Neal said, Microsoft has required kernel-mode drivers to be signed by its Developer Portal. "This process is intended to ensure that drivers meet Microsoft's requirements and security standards," he wrote.

Still, there are exceptions — most notably, one for drivers signed with certificates that expired or were issued prior to July 29, 2015. If a newly compiled driver is signed with non-revoked certificates that were issued before that date, it won't be blocked. "As a result, multiple open source tools have been developed to exploit this loophole," Neal wrote. And while Sophos reported that it had uncovered more than 100 malicious drivers, Neal said Cisco Talos "has observed multiple threat actors taking advantage of the aforementioned Windows policy loophole to deploy thousands of malicious, signed drivers without submitting them to Microsoft for verification...."

"Microsoft, in response to our notification, has blocked all certificates discussed in this blog post," he noted.

After a severe rainstorm, two Cruise robotaxis drove past several downed trees and power lines, and then through caution tape, reports the San Francisco Chronicle. And then one of the Cruise vehicles caught on a low-hanging power wire for the city's bus system, "dragging it upward the rest of the block."

The article notes that the transit agency "had already de-energized the lines by the time the Cruise taxi hit them." But the cars only stopped "after driving through another set of caution tape and sandwich boards." Cruise personnel who retrieved the entangled car had to manually back it up a half block "to release the tension on the wire," according to a San Francisco Fire Department report. No one was inside the cars at the time, and no one was hurt...

But for city officials who oppose the rapid expansion of driverless taxi companies Cruise and Waymo, the episode reflects a recent and troubling trend. As driverless taxis ramp up operations in San Francisco, their disruption and close calls have increased in frequency and severity as well, officials say. "It really, really concerns me that something is going to go horribly wrong," Fire Chief Jeanine Nicholson said.

Cruise and Waymo say city officials have mischaracterized their safety track records. Their driverless taxis, the companies say, have lower collision rates than human drivers and public transit. Their self-driving cars, they argue, help improve traffic safety in San Francisco because their cars are programmed to follow posted speed limits.

The Fire Department has tallied 44 incidents so far this year in which robotaxis entered active fire scenes, ran over fire hoses or blocked fire trucks from responding to emergency calls. That count is double the figure from last year's informal count, which Nicholson said does not include all incidents.
Meanwhile the city's transit agency tallied 96 incidents just in March "where driverless cars disrupt traffic, transit and emergency responders," according to the article — and then another 91 in April.

But the issue is drawing more attention now because next month California's state regulatory agency and DMV "will vote on whether to allow Cruise and Waymo to charge for rides at all hours with no restrictions."

The Internet Archive has taken the rather unusual step of sending a DMCA notice to protect the copyrights of book publishers and authors. The non-profit organization asked GitHub to remove a tool that can strip DRM from books in its library. The protective move is likely motivated by the ongoing legal troubles between the Archive and book publishers. TorrentFreak reports: The Internet Archive sent a takedown request to GitHub, requesting the developer platform to remove a tool that circumvents industry-standard technical protection mechanisms for digital libraries. This "DeGouRou" software effectively allows patrons to save DRM-free copies of the books they borrow. "This DMCA complaint is about a tool made available on github which purports to circumvent technical protections in violation of the copyright act section 1201," the notice reads. "I am reporting a Git which provides a tool specifically used to circumvent industry standard library TPMs which are used by Internet Archive, and other libraries, to permit patrons to borrow an encrypted book, read the encrypted book, and return an encrypted book."

Interestingly, an IA representative states that they are "not authorized by the copyright owners" to submit this takedown notice. Instead, IA is acting on its duty to prevent the unauthorized downloading of copyright-protected books. It's quite unusual to see a party sending takedown notices without permission from the actual rightsholders. However, given the copyright liabilities IA faces, it makes sense that the organization is doing what it can to prevent more legal trouble. Permission or not, GitHub honored the takedown request. It removed all the DeGourou repositories that were flagged and took the code offline. [...] After GitHub removed the code, it soon popped up elsewhere.