"On a typical day 1,300 planes take off and land at Heathrow Airport, and keeping that going requires around 20 million litres of jet fuel every day," reports the BBC. "That's the equivalent of filling up your car around 400,000 times.

"But, when it comes to fuel, airports around the world are having to have a major rethink..." To be of any use to the aviation industry, hydrogen needs to be in its liquid form, which involves chilling it to minus 253C. Handling a liquid at that kind of temperature is immensely challenging. Given the chance, liquid hydrogen will "boil-off" and escape as a gas — potentially becoming a hazard. So tanks, pipes and hoses all have to be extra-insulated to keep the liquid cold.

France's Air Liquide has a lot of experience in this area. For around 50 years it has been supplying cryogenic hydrogen to the Ariane rockets of the European Space Agency (ESA)... Over the past three years, in partnership with Airbus and France's biggest airport operator, Group ADP, Air Liquide has been investigating the potential of hydrogen in the aviation business. It is also part of the H2Fly consortium which this summer successfully flew an aircraft using liquid hydrogen. For Air Liquide, it was an opportunity to test systems for fuelling a hydrogen aircraft...

However, installing the equipment needed to store and distribute hydrogen at airports will not be cheap. The consultancy Bain & Company estimates it could cost as much as a billion dollars per airport. One start-up, Universal Hydrogen, says it has a solution... The company has developed special tanks to hold liquid hydrogen (UH calls them modules), which can then be trucked to the airport. The modules are designed to slot straight into the aircraft, where they can be plugged into the propulsion system. No need for pipes, hoses and pumps.

The modules are extremely well insulated and can keep the hydrogen in its liquid form for four days. Two modules would hold 360kg of hydrogen and would be able to fly an aircraft 500 miles, plus an extra 45 minutes of flight time in reserve.

AI employed by the U.S. military "has piloted pint-sized surveillance drones in special operations forces' missions and helped Ukraine in its war against Russia," reports the Associated Press.

But that's the beginning. AI also "tracks soldiers' fitness, predicts when Air Force planes need maintenance and helps keep tabs on rivals in space." Now, the Pentagon is intent on fielding multiple thousands of relatively inexpensive, expendable AI-enabled autonomous vehicles by 2026 to keep pace with China. The ambitious initiative — dubbed Replicator — seeks to "galvanize progress in the too-slow shift of U.S. military innovation to leverage platforms that are small, smart, cheap, and many," Deputy Secretary of Defense Kathleen Hicks said in August. While its funding is uncertain and details vague, Replicator is expected to accelerate hard decisions on what AI tech is mature and trustworthy enough to deploy — including on weaponized systems.'

There is little dispute among scientists, industry experts and Pentagon officials that the U.S. will within the next few years have fully autonomous lethal weapons. And though officials insist humans will always be in control, experts say advances in data-processing speed and machine-to-machine communications will inevitably relegate people to supervisory roles. That's especially true if, as expected, lethal weapons are deployed en masse in drone swarms. Many countries are working on them — and neither China, Russia, Iran, India or Pakistan have signed a U.S.-initiated pledge to use military AI responsibly.

Google Maps has added "a fresh color scheme, including a different look for parks and city blocks," writes SFGate. "But it's the changes to the app's all-important road maps that are rankling online commentators..." Previously, highways and freeways were depicted in bright yellow, which stood out against a stark white grid. Now, the app shows every road in various shades of gray, with major thoroughfares like Interstate 80 and Highway 1 showing up darker and thicker than other roadways. Raynell Cooper, an employee at the San Francisco Municipal Transportation Agency, called the new look "cartographically disappointing" in a Monday post to X, formerly known as Twitter. He added, "major local roads and limited-access highways (freeways) are basically indistinguishable."
TechRadar has a side-by-side comparison of the old and new color schemes, quoting one Reddit who says the new one is a bit harder to read quickly. "The toned down look is cute but not practical." And the Evening Standard shares more negative reactions, including one user who complained the new color scheme is "shockingly bad." "Hate it hate it hate it hate it. Yellow roads were so good, and everything was bright and cheery," states another person on Reddit. "Now it's depressing and the roads are hard to see when not fairly zoomed in, they just don't pop like the yellow did.
One Reddit user offered another complaint. "I think the water is a fairly significant change, it's a much closer shade to the green of the land which makes it a little harder to differentiate at a quick glance."

And another criticism came from a post on X. "15 years ago, I helped design Google Maps..." wrote designer Elizabeth Laraki. "Last week, the team dramatically changed the map's visual design. I don't love it." It feels colder, less accurate and less human. But more importantly, they missed a key opportunity to simplify and scale... Google Maps should have cleaned up the crud overlaying the map. So much stuff has accumulated on top of the map. Currently there are ~11 different elements obscuring it.
Tech blogger John Gruber writes, "This is a very long way of saying that Google Maps's app design should be like Apple Maps."

The New York Times reports: Meta has received more than 1.1 million reports of users under the age of 13 on its Instagram platform since early 2019 yet it "disabled only a fraction" of those accounts, according to a newly unsealed legal complaint against the company brought by the attorneys general of 33 states.

Instead, the social media giant "routinely continued to collect" children's personal information, like their locations and email addresses, without parental permission, in violation of a federal children's privacy law, according to the court filing. Meta could face hundreds of millions of dollars, or more, in civil penalties should the states prove the allegations. "Within the company, Meta's actual knowledge that millions of Instagram users are under the age of 13 is an open secret that is routinely documented, rigorously analyzed and confirmed," the complaint said, "and zealously protected from disclosure to the public...."

It also accused Meta executives of publicly stating in congressional testimony that the company's age-checking process was effective and that the company removed underage accounts when it learned of them — even as the executives knew there were millions of underage users on Instagram... The lawsuit argues that Meta elected not to build systems to effectively detect and exclude such underage users because it viewed children as a crucial demographic — the next generation of users — that the company needed to capture to assure continued growth.
More from the Wall Street Journal: An internal 2020 Meta presentation shows that the company sought to engineer its products to capitalize on the parts of youth psychology that render teens "predisposed to impulse, peer pressure, and potentially harmful risky behavior," the filings show... "Teens are insatiable when it comes to 'feel good' dopamine effects," the Meta presentation shows, according to the unredacted filing, describing the company's existing product as already well-suited to providing the sort of stimuli that trigger the potent neurotransmitter. "And every time one of our teen users finds something unexpected their brains deliver them a dopamine hit...."

"In December 2017, an Instagram employee indicated that Meta had a method to ascertain young users' ages but advised that 'you probably don't want to open this pandora's box' regarding age verification improvements," the states say in the suit. Some senior executives raised the possibility that cracking down on underage usage could hurt Meta's business... The states say Meta made little progress on automated detection systems or adequately staffing the team that reviewed user reports of underage activity. "Meta at times has a backlog of 2-2.5 million under-13 accounts awaiting action," according to the complaint...

The unredacted material also includes allegations that Meta Chief Executive Mark Zuckerberg instructed his subordinates to give priority to boosting its platforms' usage above the well being of users... Zuckerberg also repeatedly dismissed warnings from senior company officials that its flagship social-media platforms were harming young users, according to unsealed allegations in a lawsuit filed by Massachusetts earlier this month...

The complaint cites numerous other executives making public claims that were allegedly contradicted by internal documents. While Meta's head of global safety, Antigone Davis, told Congress that the company didn't consider profitability when designing products for teens, a 2018 internal email stated that product teams should keep in mind that "The lifetime value of a 13 y/o teen is roughly $270" when making product decisions.

"The abolition of third-party cookies will make it possible to protect privacy-related data such as what sites users visit and what pages they view from advertising companies," notes the Japan-based site Gigazine.

And this month "Google has confirmed that it is on track to start disabling third-party cookies across its Chrome browser in a matter of weeks," writes TechRadar: An internal email published online sees Google software engineer Johann Hofmann share with colleagues the company's plan to switch off third-party cookies for 1% of Chrome users from Q1 2024 — a plan that was shared months ago and that, surprisingly, remains on track, given the considerable pushbacks so far... Hofmann explains that Google is still awaiting a UK Competition and Markets Authority consultation in order to address any final concerns before "Privacy Sandbox" gets the go-ahead.
The Register explores Google's "Privacy Sandbox" idea: Since 2019 — after it became clear that European data protection rules would require rethinking how online ads work — Google has been building a set of ostensibly privacy-preserving ad tech APIs known as the Privacy Sandbox... One element of the sandbox is the Topics API: that allows websites to ask Chrome directly what the user is interested in, based on their browser history, so that targeted ads can be shown. Thus, no need for any tracking cookies set by marketers following you around, though it means Chrome squealing on you unless you tell it not to...

Peter Snyder, VP of privacy engineering at Brave Software, which makes the Brave browser, told The Register in an email that the cookie cutoff and Privacy Sandbox remains problematic as far as Brave is concerned. "Replacing third-party cookies with Privacy Sandbox won't change the fact that Google Chrome has the worst privacy protections of any major browser, and we're very concerned about their upcoming plans," he said. "Google's turtle-paced removal of third-party cookies comes along with a large number of other changes, which when taken together, seriously harm the progress other browsers are making towards a user-first, privacy-protecting Web.

"Recent Google Chrome changes restrict the ability for users to modify, make private, and harden their Web experience (Manifest v3), broadcasting users' interests to websites they visit (Topics), dissolving privacy boundaries on the Web (Related Sites), offloading the battery-draining costs of ad auctions on users (FLEDGE/Protected Audience API), and reducing user control and Web transparency (Signed Exchange/WebBundles)," Snyder explained. "And this is only a small list of examples from a much longer list of harmful changes being shipped in Chrome."

Snyder said Google has characterized the removal of third-party cookies as getting serious about privacy, but he argued the truth is the opposite. "Other browsers have shown that a more private, more user-serving Web is possible," he said. "Google removing third-party cookies should be more accurately understood as the smallest possible change it can make without harming Google's true priority: its own advertising business."
The Register notes that other browser makers such as Apple, Brave, and Mozilla have already begun blocking third-party cookies by default, while Google Chrome and Microsoft Edge "provide that option, just not out of the box."

EFF senior staff technologist Jacob Hoffman-Andrews told The Register that "When Google Chrome finishes the project on some unspecified date in the future, it will be a great day for privacy on the web. According to the announcement, the actual phased rollout is slated to begin in Q3 2024, with no stated deadline to reach 100 percent. Let's hope Google's advertising wing does not excessively delay these critical privacy improvements."

TechRadar points out that after the initial testing period in 2024, Google will begin its phased rollout of the cookie replacement program — starting in June.

Thanks to long-time Slashdot reader AmiMoJo for sharing the news.

Last January the Register reported that the Budgie desktop environment was planning to switch from using GNOME to Enlightenment. But this week Budgie's project lead David Mohammed and packaging guru Sam Lane "passed on news of a rift — and indeed possible divorce — between Budgie and Enlightenment," the Register reported. "And it's caused by Wayland." The development team of the Budgie desktop is changing course and will work with the Xfce developers toward Budgie's Wayland future...

While Enlightenment does have some Wayland support, in the project's own words this is "still considered experimental and not for regular end users." Mohammed told us... "Progress though towards a full implementation currently doesn't fit into the deemed urgent nature to move to Wayland (Red Hat dropping further X11 development, and questions as to any organisation stepping up, etc.)"

So, instead, Budgie is exploring different ways to build a Wayland-only environment. For now, as we mentioned when looking at Ubuntu's 23.10 release, there's a new windowing library, Magpie. Magpie 0.9 is what the project describes as "a soft-fork of GNOME's mutter at version 43" — the term soft fork meaning it's a temporary means to an end, rather than intended to form an on-going independent continuation.

For the future, though, Mohammed told us... "[T]he Budgie team has been evaluating options to move forward. XFCE are doing some really great work in this area with libxfce4windowing — a compatibility layer bridging Wayland and X11, allowing the move in a logical direction without needing a big-bang approach. To date, most of the current codebase has already been reworked and is ready for a Wayland-only approach without impacting further development and enhancements."
Mohammed later told the Register, "It makes sense for the more dynamic smaller projects to work together where there are shared aims."

Long-time Slashdot reader destinyland writes: The popular party game "Cards Against Humanity" continued their tradition of practical jokes on Black Friday. They created a new social network where users can perform only one action: posting the word "yowza."

Then announced it on their official social media accounts on Instagram, Facebook, and X...

Regardless of what words you type into the window, they're replaced with the word yowza. "For just $0.99, you'll get an exclusive black check by your name," reads an announcement on the site, "and the ability to post a new word: awooga."

It's a magical land where "yowfluencers" keep "reyowzaing" the "yowzas" of other users. And there's also a tab for trending hashtags. (Although, yes, they all seem to be "yowza".) But they've already gotten a write up in the trade industry publication Advertising Age.

"With every bad thing happening in the world, social media is always right there, making it worse," a spokesperson said.... "[W]e asked ourselves: Is there a way we could make a social network that doesn't suck? At first, the answer was 'no.' The content moderation problem is just too hard. And then we thought, why not solve the content moderation problem by having no content? That's Yowza...."

When creating your profile on the network there's a dropdown menu for specifying your age and location — although all of the choices are yowza. More details from Advertising Age:

The company said the word "yowza" was the first that came to mind when its creative teams were brainstorming—and it just stuck. "It's dumb, it's ridiculous, it means nothing. It's perfect," the rep said.

And the service is still evolving, with fresh user upgrades. The official Yowza store will now also sell you the ability to also post the word Shazam — for $29.99. (Also on sale are 100,000 followers — for 99 cents.) But there's also an official FAQ which articulates the service's deep commitment to protecting their users' privacy.

Do you promise you won't share my private information with the Chinese Communist Party, like TikTok?

Yowza.

"Every car we were driving with was heading that direction..." Shelby Easler says in a TikTok video, "so we assumed this was going somewhere..."

But SFGate reports that instead of a handy "alternate route," Google Maps was leading her and her two passengers "far off the major highway and into Nevada's fierce deserts on an off-roading trail." Easler's car were not the only bushwackers. In Shelby's viral TikTok, a trail of cars closely follows behind them. "The first driver that turned around talked to us to tell us that the road gets washed out the higher into the mountain you get, and we have to turn around since the path leads nowhere. He was in a huge truck and was just driving straight through the bushes and shrubs to let people know to turn around," Easler said.
1.5 million people have viewed Easler's earlier footage of their road to nowhere. The off-roading trail was apparently only wide enough for traffic in one direction, and attempting to return in that other direction, "We were driving over bushes and rocks and alot of the cars couldn't even make it," Easler says in the second video. "Which is kind of why our car broke down."

They told SFGate that ultimately "We had to leave the car in Vegas, and it got towed to the service center of a dealership. They said the rear, right tire was coming off, and the alignment was messed up too. Low-key a pretty expensive fix."

They eventually called the highway patrol to shut down the road that Google Maps was sending people to, because "With every car coming in, every single car was getting trapped."

AI models can find patterns and make predictions, but their reasoning is often inscrutable. This "black box" issue makes AI less reliable and less scientifically useful. However, a team led by Dion Hafner (a computer scientist at the University of Copenhagen) devised a clever neural network to predict rogue waves. By restricting inputs to meaningful wave measurements and tracing how they flowed through the network, the team extracted a simple five-part equation encapsulating the AI's logic. Economist adds: To generate a human-comprehensible equation, the researchers used a method inspired by natural selection in biology. They told a separate algorithm to come up with a slew of different equations using those five variables, with the aim of matching the neural network's output as closely as possible. The best equations were mixed and combined, and the process was repeated. The result, eventually, was an equation that was simple and almost as accurate as the neural network. Both predicted rogue waves better than existing models.

The first part of the equation rediscovered a bit of existing theory: it is an approximation of a well-known equation in wave dynamics. Other parts included some terms that the researchers suspected might be involved in rogue-wave formation but are not in standard models. There were some puzzlers, too: the final bit of the equation includes a term that is inversely proportional to how spread out the energy of the waves is. Current human theories include a second variable that the machine did not replicate. One explanation is that the network was not trained on a wide enough selection of examples. Another is that the machine is right, and the second variable is not actually necessary.

Some Pixel 8 Pro owners have noticed circular bumps in several places on the screen that look to be the result of something pressing up against the underside, which is soft and fragile, of the 6.7-inch OLED panel. From a report: A statement from the company today acknowledges how "some users may see impressions from components in the device that look like small bumps" in specific conditions. Google says there is "no functional impact to Pixel 8 performance or durability," which does line up with all current reports.

Researchers have used the technology behind the AI chatbot ChatGPT to create a fake clinical-trial data set to support an unverified scientific claim. From a report: In a paper published in JAMA Ophthalmology on 9 November, the authors used GPT-4 -- the latest version of the large language model on which ChatGPT runs -- paired with Advanced Data Analysis (ADA), a model that incorporates the programming language Python and can perform statistical analysis and create data visualizations. The AI-generated data compared the outcomes of two surgical procedures and indicated -- wrongly -- that one treatment is better than the other.

"Our aim was to highlight that, in a few minutes, you can create a data set that is not supported by real original data, and it is also opposite or in the other direction compared to the evidence that are available," says study co-author Giuseppe Giannaccare, an eye surgeon at the University of Cagliari in Italy. The ability of AI to fabricate convincing data adds to concern among researchers and journal editors about research integrity. "It was one thing that generative AI could be used to generate texts that would not be detectable using plagiarism software, but the capacity to create fake but realistic data sets is a next level of worry," says Elisabeth Bik, a microbiologist and independent research-integrity consultant in San Francisco, California. "It will make it very easy for any researcher or group of researchers to create fake measurements on non-existent patients, fake answers to questionnaires or to generate a large data set on animal experiments."

Ian Hickson, a software engineer at Google who left the company after 18 years, reflects on his time at the firm in a blog post and why he thinks the firm lost its way. He joined in 2005 when its culture genuinely prioritized doing good, but over time he saw that culture erode into one focused on profits over users, he writes. The recent layoffs have damaged trust and morale across the company, he writes. An excerpt from the post: Much of these problems with Google today stem from a lack of visionary leadership from Sundar Pichai, and his clear lack of interest in maintaining the cultural norms of early Google. A symptom of this is the spreading contingent of inept middle management. Take Jeanine Banks, for example, who manages the department that somewhat arbitrarily contains (among other things) Flutter, Dart, Go, and Firebase. Her department nominally has a strategy, but I couldn't leak it if I wanted to; I literally could never figure out what any part of it meant, even after years of hearing her describe it. Her understanding of what her teams are doing is minimal at best; she frequently makes requests that are completely incoherent and inapplicable. She treats engineers as commodities in a way that is dehumanising, reassigning people against their will in ways that have no relationship to their skill set. She is completely unable to receive constructive feedback (as in, she literally doesn't even acknowledge it). I hear other teams (who have leaders more politically savvy than I) have learned how to "handle" her to keep her off their backs, feeding her just the right information at the right time. Having seen Google at its best, I find this new reality depressing.

There are still great people at Google. [...] In recent years I started offering career advice to anyone at Google and through that met many great folks from around the company. It's definitely not too late to heal Google. It would require some shake-up at the top of the company, moving the centre of power from the CFO's office back to someone with a clear long-term vision for how to use Google's extensive resources to deliver value to users. I still believe there's lots of mileage to be had from Google's mission statement (to organize the world's information and make it universally accessible and useful). Someone who wanted to lead Google into the next twenty years, maximising the good to humanity and disregarding the short-term fluctuations in stock price, could channel the skills and passion of Google into truly great achievements.

I do think the clock is ticking, though. The deterioration of Google's culture will eventually become irreversible, because the kinds of people whom you need to act as moral compass are the same kinds of people who don't join an organisation without a moral compass.

An anonymous reader quotes a report from TorrentFreak: Cloudflare is a content-neutral Internet infrastructure service. The company aims not to interfere with the traffic of its clients and users but, in some cases, it has to take action. This means responding to DMCA subpoenas and takedown requests for hosted content, for example. In addition, Cloudflare now reports it has blocked access to 'abusive' content on its Ethereum gateway. [...] In its most recent transparency report, Cloudflare further notes that it has implemented access restrictions on its public Ethereum gateway. The company doesn't store any content on the Ethereum network, nor can it remove any. However, it can block access through its service.

If Cloudflare receives valid abuse reports or copyright infringement complaints, it will take appropriate action. The same applies to the gateway for the decentralized IPFS network. In its previous transparency report, Cloudflare already mentioned more than 1,000 IPFS actions a figure that increased slightly in the second half of last year. At the same time, Cloudflare also restricted access to 99 'items' on the Ethereum network. Since these are 'gateway' related restrictions there's no impact on the content hosted on IPFS or Ethereum. Instead, it will only make it impossible to access content through Cloudflare's service.

It's not clear how many of these restrictions are abuse or copyright-related, as not much context is provided. The Ethereum actions are, at least in part, a response to the U.S. Department of Treasury's sanctions against the cryptocurrency tumbler Tornado Cash. "Those sanctions raise significant legal questions about the extent to which particular computer software, rather than individuals or entities that use that software, can be subject to sanctions," Cloudflare writes. "Nonetheless, to comply with legal requirements, Cloudflare has taken steps to disable access through the Cloudflare-operated Ethereum Gateway to the digital currency addresses identified in the designation." The report notes that the volume of valid DMCA notices Cloudflare received has increased, "up from 18 to 972 in the span of a year." Meanwhile, the number of civil subpoenas it's received, including those issued under the DMCA, has decreased. "In the second half of last year, the company received 20 civil subpoenas which targeted 57 domain names," reports TorrentFreak. "That's the lowest number since Cloudflare first disclosed this statistic five years ago, signaling a downward trend."

Cloudflare's latest Transparency Report is available here (PDF).

Brian Silvestro reports via Motor1.com: New Jersey announced a new rule set on Wednesday laying out plans to transition sales of light-duty vehicles in the state to 100-percent zero-emission by 2035. According to a statement released by the office of governor Phil Murphy, the law, titled the Advanced Clean Cars II rule, will come into effect starting in 2027, where manufacturers must ensure that zero-emissions vehicles represent 42 percent of sales in the state. That percentage will climb with each year until 2035, when it reaches 100 percent. Currently, EVs represent roughly 12 percent of all new vehicle sales, according to the governor's office.

The new law will also put more stringent standards in place for traditional ICE-powered vehicles, with the goal of improving air quality in New Jersey communities and high-traffic corridors. While the announcement does not directly mention investment into charging infrastructure, the governor's office points out its continued dedication to providing adequate charging locations across the state, claiming it has helped fund the installment of 2,980 charging stations with 5,271 ports at 680 locations. New Jersey is the ninth state to enact a ban on future ICE car sales, joining California, Connecticut, Maryland, Massachusetts, New York, Oregon, Rhode Island, and Washington.

Nvidia's fiscal third-quarter results surpassed Wall Street's predictions, with revenue growing 206% year over year. However, Nvidia shares are down after the company called for a negative impact in the next quarter due to export restrictions affecting sales in China and other countries. CNBC reports: Nvidia's revenue grew 206% year over year during the quarter ending Oct. 29, according to a statement. Net income, at $9.24 billion, or $3.71 per share, was up from $680 million, or 27 cents per share, in the same quarter a year ago. The company's data center revenue totaled $14.51 billion, up 279% and more than the StreetAccount consensus of $12.97 billion. Half of the data center revenue came from cloud infrastructure providers such as Amazon, and the other from consumer internet entities and large companies, Nvidia said. Healthy uptake came from clouds that specialize in renting out GPUs to clients, Kress said on the call.

The gaming segment contributed $2.86 billion, up 81% and higher than the $2.68 billion StreetAccount consensus. With respect to guidance, Nvidia called for $20 billion in revenue for the fiscal fourth quarter. That implies nearly 231% revenue growth. [...] Nvidia faces obstacles, including competition from AMD and lower revenue because of export restrictions that can limit sales of its GPUs in China. But ahead of Tuesday report, some analysts were nevertheless optimistic.

HP CEO Enrique Lores is betting a sprinkle of AI dust can regenerate the flagging PC market -- and with shipments still in decline across the industry, he can't afford to tease Wall Street. From a report: The world's second largest seller of desktop computing hardware has reported a 15 percent year-on-year decline in revenue to $53.7 billion for fiscal 2023 ended 31 October. Profit before tax was $2.93 billion versus $4.32 billion in the prior year.

[...] Orders picked up in recent months. Analyst data indicates the rate of decline is slowing after resellers began clearing inventory they'd amassed in the latter stage of the pandemic, when the frenzied buying patterns seen in prior years vanished. For Q4, HP reported revenue of $13.8 billion, down 6.5 percent year-on-year. Personal Systems was down 8 percent to $9.4 billion and Printing was down 3 percent to $4.4 billion. Profit before tax was $852 million, better than the $647 million brought in a year earlier, helped by a reduction in structural costs. HP expects business PC refresh cycles to kick in next year, with more corporate customers shifting their estate to Windows 11 -- yet it is the advent of the AI PC that Lores thinks signal better times.

It's not your imagination: Airlines are piling on more fees and extra charges, driving up the cost of air travel. From a report: Across the industry, revenue from what's known as ancillary sales -- fees for selecting seats, checking bags, and buying food, to name a few -- will reach a record $117.9 billion in 2023. That's a 7.7% increase from pre-pandemic records, according to a recent study from airline consultancy firm IdeaWorks and B2B car rental company CarTrawler.

As plane ticket prices have become more competitive, airlines have turned to ancillary sales to boost profits. And where these fees were once largely confined to low-cost carriers, practices like charging customers for seats and checked luggage are now widespread across all airlines. As the IdeaWorks study points out, carriers like British Airways, Air France, and KLM are now even charging fliers to secure 'better' business class seats.

It's not simply the fees that are raising hackles. It's also how they're sold online. Due to the time sensitive nature of airfares, as well as the dozens of upgrades and extras offered as you click through the sales process, airline websites can be ripe environments for what's known as dark patterns. Coined in 2010 by Harry Brignull, a UX designer with a doctorate in cognitive science, dark patterns are design strategies used to trick consumers during their purchasing experience and guide them to decisions they would not make otherwise. Airlines employ a range of tactics on their websites, ranging from manipulation to deception, Bringull says. "People need to be aware of their tactics if we want to see changes in the way they operate."

Microsoft's Windows Hello fingerprint authentication has been bypassed on laptops from Dell, Lenovo, and even Microsoft. From a report: Security researchers at Blackwing Intelligence have discovered multiple vulnerabilities in the top three fingerprint sensors that are embedded into laptops and used widely by businesses to secure laptops with Windows Hello fingerprint authentication. Microsoft's Offensive Research and Security Engineering (MORSE) asked Blackwing Intelligence to evaluate the security of fingerprint sensors, and the researchers provided their findings in a presentation at Microsoft's BlueHat conference in October.

The team identified popular fingerprint sensors from Goodix, Synaptics, and ELAN as targets for their research, with a newly-published blog post detailing the in-depth process of building a USB device that can perform a man-in-the-middle (MitM) attack. Such an attack could provide access to a stolen laptop, or even an "evil maid" attack on an unattended device. A Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X all fell victim to fingerprint reader attacks, allowing the researchers to bypass the Windows Hello protection as long as someone was previously using fingerprint authentication on a device. Blackwing Intelligence researchers reverse engineered both software and hardware, and discovered cryptographic implementation flaws in a custom TLS on the Synaptics sensor. The complicated process to bypass Windows Hello also involved decoding and reimplementing proprietary protocols.

Using fake names, sham LinkedIn profiles, counterfeit work papers and mock interview scripts, North Korean IT workers seeking employment in Western tech companies are deploying sophisticated subterfuge to get hired. From a report: Landing a job outside North Korea to secretly earn hard currency for the isolated country demands highly-developed strategies to convince Western hiring managers, according to documents reviewed by Reuters, an interview with a former North Korean IT worker and cybersecurity researchers. North Korea has dispatched thousands of IT workers overseas, an effort that has accelerated in the last four years, to bring in millions to finance Pyongyang's nuclear missile programme, according to the United States, South Korea, and the United Nations.

"People are free to express ideas and opinions," reads one interview script used by North Korean software developers that offers suggestions for how to describe a "good corporate culture" when asked. Expressing one's thoughts freely could be met with imprisonment in North Korea. The scripts totalling 30 pages, were unearthed by researchers at Palo Alto Networks, a U.S. cybersecurity firm which discovered a cache of internal documents online that detail the workings of North Korea's remote IT workforce. The documents contain dozens of fraudulent resumes, online profiles, interview notes, and forged identities that North Korean workers used to apply for jobs in software development.

An anonymous reader shares a report: Firefox users across the internet say that they are encountering an "artificial" five-second load time when they try to watch YouTube videos that exists on Firefox, but not Chrome. Google, meanwhile, told 404 Media that this is all part of its larger effort against ad blockers, and that it doesn't have anything to do with Firefox at all. [...] Mozilla, which makes Firefox, told 404 Media that it does not believe this is a Firefox-specific issue. Enough people have posted about it, however, that it is clearly happening for some users and not others.

In a statement to 404 Media, Google did not provide specifics but also did not deny implementing an artificial wait time. "To support a diverse ecosystem of creators globally and allow billions to access their favorite content on YouTube, we've launched an effort to urge viewers with ad blockers enabled to allow ads on YouTube or try YouTube Premium for an ad free experience, the spokesperson said. "Users who have ad blockers installed may experience suboptimal viewing, regardless of the browser they are using."