Isaac Schultz reports via Gizmodo: Nine years and 3.2 billion pixels later, it is complete: the LSST Camera stands as the largest digital camera ever built for astronomy and will serve as the centerpiece of the Vera Rubin Observatory, poised to begin its exploration of the southern skies. The Rubin Observatory's key goal is the 10-year Legacy Survey of Space and Time (LSST), a sweeping, near-constant observation of space. This endeavor will yield 60 petabytes of data on the composition of the universe, the nature and distribution of dark matter, dark energy and the expansion of the universe, the formation of our galaxy, our intimate little solar system, and more. The camera will use its 5.1-foot-wide optical lens to take a 15-second exposure of the sky every 20 seconds, automatically changing filters to view light in every wavelength from near-ultraviolet to the near-infrared. Its constant monitoring of the skies will eventually amount to a timelapse of the heavens; it will highlight fleeting events for other scientists to train their telescopes on, and monitor changes in the southern sky.

To do this, the team needed a Rolls Royce of a digital camera. Mind you, the camera actually cost many million times that of an actual Royce Royce, and at 6,200 pounds (2,812 kilograms), it weighs a lot more than a fancy car. Each of the 21 rafts that makes up the camera's focal plane is the price of a Maserati, and are worth every penny if they collect the sort of data scientists expect them to. "I'm personally most excited to study the expansion of the Universe using gravitational lenses to better understand Dark Energy," said Aaron Roodman, a physicist at SLAC and lead on the camera program, in an email to Gizmodo. "That means two things: 1) measuring the brightness in all six of our filters of literally billions of galaxies and very carefully measuring their shape, which has been subtly altered by the bending of light by matter, and 2) discovering and studying very special objects where a distant quasar is almost perfectly lined up with a more nearby galaxy."

Speaking through a SLAC release, Rodman said the camera's images could "resolve a golf ball from around 15 miles away, while covering a swath of the sky seven times wider than the full moon." The first images from the Rubin Observatory are slated to be publicly released in March 2025, which feels like a long way away. But several important agenda items still need to happen. For one, the SLAC team has to ship the LSST camera safely to Chile from its current lodgings in northern California. (Don't worry -- they've made a test run of the journey.) Then, the observatory's mirrors need to be readied for testing and the observatory's dome has to be completed, among some other tasks. But whenever all that is complete, the legacy survey will launch into a decade's worth of scientific discovery. Rubin Observatory estimates suggest that LSST could "increase the number of known objects by a factor of 10," according to a SLAC release.

quonset shares a report: In a scathing indictment of Microsoft corporate security and transparency, a Biden administration-appointed review board issued a report Tuesday saying "a cascade of errors" by the tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials including Commerce Secretary Gina Raimondo.

The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company's knowledge of the targeted breach, which affected multiple U.S. agencies that deal with China. It concluded that "Microsoft's security culture was inadequate and requires an overhaul" given the company's ubiquity and critical role in the global technology ecosystem. Microsoft products "underpin essential services that support national security, the foundations of our economy, and public health and safety."

The panel said the intrusion, discovered in June by the State Department and dating to May "was preventable and should never have occurred," blaming its success on "a cascade of avoidable errors." What's more, the board said, Microsoft still doesn't know how the hackers got in. [...] It said Microsoft's CEO and board should institute "rapid cultural change" including publicly sharing "a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products."

Personal data from 73 million AT&T customers has leaked onto the dark web, reports CNN — both current and former customers.

AT&T has launched an investigation into the source of the data leak... In a news release Saturday morning, the telecommunications giant said the data was "released on the dark web approximately two weeks ago," and contains information such as account holders' Social Security numbers. ["The information varied by customer and account," AT&T said in a statement, " but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode."]

"It is not yet known whether the data ... originated from AT&T or one of its vendors," the company added. "Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set."

The data seems to have been from 2019 or earlier. The leak does not appear to contain financial information or specifics about call history, according to AT&T. The company said the leak shows approximately 7.6 million current account holders and 65.4 million former account holders were affected.
CNN says the first reports of the leak came two weeks ago from a social media account claiming "the largest collection of malware source code, samples, and papers. Reached for a comment by CNN, AT&T had said at the time that "We have no indications of a compromise of our systems."

AT&T's web site now includes a special page with an FAQ — and the tagline that announces "We take cybersecurity very seriously..."

"It has come to our attention that a number of AT&T passcodes have been compromised..."

The page points out that AT&T has already reset the passcodes of "all 7.6 million impacted customers." It's only further down in the FAQ that they acknowledge that the breach "appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and 65.4 million former account holders." Our internal teams are working with external cybersecurity experts to analyze the situation... We encourage customers to remain vigilant by monitoring account activity and credit reports. You can set up free fraud alerts from nationwide credit bureaus — Equifax, Experian, and TransUnion. You can also request and review your free credit report at any time via Freecreditreport.com...

We will reach out by mail or email to individuals with compromised sensitive personal information and offering complimentary identity theft and credit monitoring services... If your information was impacted, you will be receiving an email or letter from us explaining the incident, what information was compromised, and what we are doing for you in response.

In November of 2021 America passed a "Bipartisan Infrastructure Law" which included $7.5 billion for up to 20,000 EV charging spots, or around 5,000 stations, notes the Washington Post (citing an analysis from the EV policy analyst group Atlas Public Policy).

And new stations are now already open in Hawaii, New York, Ohio and Pennsylvania, "and under construction in four other states. Twelve additional states have awarded contracts for constructing the charging stations." A White House spokesperson said America should reach its goal of 500,000 charging stations by 2026.

So why is it that right now — more than two years after the bill's passage — why does the Federal Highway System say the program has so far only delivered seven open charging stations with a total of 38 charging spots? Nick Nigro, founder of Atlas Public Policy, said that some of the delays are to be expected. "State transportation agencies are the recipients of the money," he said. "Nearly all of them had no experience deploying electric vehicle charging stations before this law was enacted." Nigro says that the process — states have to submit plans to the Biden administration for approval, solicit bids on the work, and then award funds — has taken much of the first two years since the funding was approved. "I expect it to go much faster in 2024," he added.

"We are building a national EV charging network from scratch, and we want to get it right," a spokesperson for the Federal Highway Administration said in an email. "After developing program guidance and partnering with states to guide implementation plans, we are hitting our stride as states move quickly to bring National Electric Vehicle Infrastructure stations online...."

Part of the slow rollout is that the new chargers are expected to be held to much higher standards than previous generations of fast chargers. The United States currently has close to 10,000 "fast" charging stations in the country, of which over 2,000 are Tesla Superchargers, according to the Department of Energy. Tesla Superchargers — some of which have been opened to drivers of other vehicles — are the most reliable fast-charging systems in the country. But many non-Tesla fast chargers have a reputation for poor performance and sketchy reliability. EV advocates have criticized Electrify America, the company created by Volkswagen after the company's "Dieselgate" emissions scandal, for spending hundreds of millions of dollars on chargers that don't work well. The company has said they are working to improve reliability. The data analytics company J.D. Power has estimated that only 80 percent of all charging attempts in the country are successful.

Biden administration guidance requires the new publicly funded chargers to be operational 97% of the time, provide 150kW of power at each charger, and be no more than one mile from the interstate, among many other requirements.EV policy experts say those requirements are critical to building a good nationwide charging program — but also slow down the build-out of the chargers. "This funding comes with dozens of rules and requirements," Laska said. "That is the nature of what we're trying to accomplish....

"States are just not operating with the same urgency that some of the rest of us are."
The article notes that private companies are also building charging stations — but the publicly-funded spots would increase America's car-charging capacity by around 50 percent, "a crucial step to alleviating 'range anxiety' and helping Americans shift into battery electric cars.

"States just have to build them first."

An anonymous reader quotes a report from Ars Technica: On Wednesday, the IEEE Computer Society announced to members that, after April 1, it would no longer accept papers that include a frequently used image of a 1972 Playboy model named Lena Forsen. The so-called "Lenna image," (Forsen added an extra "n" to her name in her Playboy appearance to aid pronunciation) has been used in image processing research since 1973 and has attracted criticism for making some women feel unwelcome in the field. In an email from the IEEE Computer Society sent to members on Wednesday, Technical & Conference Activities Vice President Terry Benzel wrote, "IEEE's diversity statement and supporting policies such as the IEEE Code of Ethics speak to IEEE's commitment to promoting an including and equitable culture that welcomes all. In alignment with this culture and with respect to the wishes of the subject of the image, Lena Forsen, IEEE will no longer accept submitted papers which include the 'Lena image.'"

An uncropped version of the 512×512-pixel test image originally appeared as the centerfold picture for the December 1972 issue of Playboy Magazine. Usage of the Lenna image in image processing began in June or July 1973 (PDF) when an assistant professor named Alexander Sawchuck and a graduate student at the University of Southern California Signal and Image Processing Institute scanned a square portion of the centerfold image with a primitive drum scanner, omitting nudity present in the original image. They scanned it for a colleague's conference paper, and after that, others began to use the image as well. The image's use spread in other papers throughout the 1970s, 80s, and 90s, and it caught Playboy's attention, but the company decided to overlook the copyright violations. In 1997, Playboy helped track down Forsén, who appeared at the 50th Annual Conference of the Society for Imaging Science in Technology, signing autographs for fans. "They must be so tired of me ... looking at the same picture for all these years!" she said at the time. VP of new media at Playboy Eileen Kent told Wired, "We decided we should exploit this, because it is a phenomenon."

The image, which features Forsen's face and bare shoulder as she wears a hat with a purple feather, was reportedly ideal for testing image processing systems in the early years of digital image technology due to its high contrast and varied detail. It is also a sexually suggestive photo of an attractive woman, and its use by men in the computer field has garnered criticism over the decades, especially from female scientists and engineers who felt that the image (especially related to its association with the Playboy brand) objectified women and created an academic climate where they did not feel entirely welcome. Due to some of this criticism, which dates back to at least 1996, the journal Nature banned the use of the Lena image in paper submissions in 2018.

LinkedIn is testing support for short-form videos to help it compete with TikTok, YouTube Shorts, Instagram Reels, and other social media platforms. "[W]e are testing new ways to help members more easily discover timely, relevant videos to watch on LinkedIn," Suzi Owens, a company spokesperson, tells Axios in an email. From the report: A new "Video" option will appear next to the "Home" button at the bottom of the app's navigation bar, per a demo of the feature shared online by Austin Null, strategy director at creative agency McKinney. After tapping it, viewers are led to a feed of short-form videos similar to Instagram Reels and TikTok.

Victoria Song reports via The Verge: When Gmail launched with a goofy press release 20 years ago next week, many assumed it was a hoax. The service promised a gargantuan 1 gigabyte of storage, an excessive quantity in an era of 15-megabyte inboxes. It claimed to be completely free at a time when many inboxes were paid. And then there was the date: the service was announced on April Fools' Day, portending some kind of prank. But soon, invites to Gmail's very real beta started going out -- and they became a must-have for a certain kind of in-the-know tech fan. At my nerdy high school, having one was your fastest ticket to the cool kids' table. I remember trying to track one down for myself. I didn't know whether I actually needed Gmail, just that all my classmates said Gmail would change my life forever.

Teenagers are notoriously dramatic, but Gmail did revolutionize email. It reimagined what our inboxes were capable of and became a central part of our online identities. The service now has an estimated 1.2 billion users -- about 1/7 of the global population -- and these days, it's a practical necessity to do anything online. It often feels like Gmail has always been here and always will be. But 20 years later, I don't know anyone who's champing at the bit to open up Gmail. Managing your inbox is often a chore, and other messaging apps like Slack and WhatsApp have come to dominate how we communicate online. What was once a game-changing tool sometimes feels like it's been sidelined. In another 20 years, will Gmail still be this central to our lives? Or will it -- and email -- be a thing of the past?

An anonymous reader shares a report: Mutterings of alarm are emerging from the cloisters of Red Hat after the world's largest management consultancy was hired to help the IBM subsidiary focus engineers on their highest-value work. Red Hat confirmed the partnership with McKinsey & Company to The Reg, sharing this extract from an email from CTO Chris Wright to the Global Engineering Team:

"Hey everyone -- as I mentioned during the recent Q1 All Hands, my goal is to have Global Engineering recognized as the world's greatest open-source software engineering organization. This team is already doing amazing work, and we have several initiatives in progress to help us achieve the goal I've set. One of those is a partnership with McKinsey. The objective of this project is to help us understand and incorporate learnings on working models, development practices, and tooling from across the software industry.

"We've heard your feedback in person, during All Hands, and through RHAS [the annual Red Hat Associate Survey]. This project will help us to identify and remove mundane tasks that drain your energy so that you can focus on the most engaging and highest value work â" to make your job better. The work with McKinsey is one piece of the overall plan to help us become the world's greatest open-source software engineering organization"

Apple today announced that its 35th annual Worldwide Developers Conference (WWDC) is set to take place June 10 through 14, 2024. It'll be an online event open to all developers at no cost. MacRumors reports: Apple will hold a WWDC 2024 keynote event on Monday, June 10 to show off iOS 18, iPadOS 18, tvOS 18, macOS 15, watchOS 11, and visionOS 2. The keynote event will be available on the Apple Developer app, the Apple website, and YouTube, with Apple also planning to share videos and information all week long.

Though WWDC 2024 is an online event, Apple is once again planning a special event for select developers and students, which is set to take place on June 10 at the Apple Park campus in Cupertino, California. Attendees will be able to watch the keynote and State of the Union presentations at Apple Park, as well as meet Apple employees and attend the Apple Design Awards. Apple will provide developers with additional information about WWDC 2024 through email, the Apple Developer app, and the Apple Developer website.

Court filings unsealed last week allege Meta created an internal effort to spy on Snapchat in a secret initiative called "Project Ghostbusters." Gizmodo: Meta did so through Onavo, a Virtual Private Network (VPN) service the company offered between 2016 and 2019 that, ultimately, wasn't private at all. "Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them," said Mark Zuckerberg in an email to three Facebook executives in 2016, unsealed in Meta's antitrust case on Saturday. "It seems important to figure out a new way to get reliable analytics about them... You should figure out how to do this."

Thus, Project Ghostbusters was born. It's Meta's in-house wiretapping tool to spy on data analytics from Snapchat starting in 2016, later used on YouTube and Amazon. This involved creating "kits" that can be installed on iOS and Android devices, to intercept traffic for certain apps, according to the filings. This was described as a "man-in-the-middle" approach to get data on Facebook's rivals, but users of Onavo were the "men in the middle."

Meta's Onavo unit has a history of using invasive techniques to collect data on Facebook's users. Meta acquired Onavo from an Israeli firm over 10 years ago, promising users private networking, as most VPNs do. However, the service was reportedly used to spy on rival social media apps through tens of millions of people who downloaded Onavo. It gave Facebook valuable intel about competitors, and this week's court filings seem to confirm that. A team of senior executives and roughly 41 lawyers worked on Project Ghostbusters, according to court filings. The group was heavily concerned with whether to continue the program in the face of press scrutiny. Facebook ultimately shut down Onavo in 2019 after Apple booted the VPN from its app store.

Earlier today, the U.S. and U.K. accused hackers linked to the Chinese state of being behind "malicious" cyber campaigns targeting political figures. The U.K. government also blamed China for a 2021 cyberattack that compromised the personal information of millions of U.K. voters. In response, PBS reports that the U.S. and British government announced sanctions against a company and two people linked to the Chinese government. From the report: Officials said those sanctioned are responsible for a hack that may have gained access to information on tens of millions of U.K. voters held by the Electoral Commission, as well as for cyberespionage targeting lawmakers who have been outspoken about the China threat. The Foreign Office said the hack of the election registers "has not had an impact on electoral processes, has not affected the rights or access to the democratic process of any individual, nor has it affected electoral registration." The Electoral Commission said in August that it identified a breach of its system in October 2022, though it added that "hostile actors" had first been able to access its servers since 2021. At the time, the watchdog said the data included the names and addresses of registered voters. But it said that much of the information was already in the public domain.

In Washington, the Treasury Department said it sanctioned Wuhan Xiaoruizhi Science and Technology Company Ltd., which it calls a Chinese Ministry of State Security front company that has "served as cover for multiple malicious cyberoperations." It named two Chinese nationals, Zhao Guangzong and Ni Gaobin, affiliated with the Wuhan company, for cyberoperations that targeted U.S. critical infrastructure sectors, "directly endangering U.S. national security." Separately, British cybersecurity officials said that Chinese government-affiliated hackers "conducted reconnaissance activity" against British parliamentarians who are critical of Beijing in 2021. They said no parliamentary accounts were successfully compromised.

Three lawmakers, including former Conservative Party leader Iain Duncan Smith, told reporters Monday they have been "subjected to harassment, impersonation and attempted hacking from China for some time." Duncan Smith said in one example, hackers impersonating him used fake email addresses to write to his contacts. The politicians are members of the Inter-Parliamentary Alliance on China, an international pressure group focused on countering Beijing's growing influence and calling out alleged rights abuses by the Chinese government.

An anonymous reader quotes a report from KrebsOnSecurity: The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep's CEO to admit that he has founded dozens of people-search networks over the years. Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus. Launched in 2018 under the name Firefox Monitor, Mozilla Monitor also checks data from the website Have I Been Pwned? to let users know when their email addresses or password are leaked in data breaches. On March 14, KrebsOnSecurity published a story showing that Onerep's Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search services since 2010, including a still-active data broker called Nuwber that sells background reports on people. Onerep and Shelest did not respond to requests for comment on that story.

But on March 21, Shelest released a lengthy statement wherein he admitted to maintaining an ownership stake in Nuwber, a consumer data broker he founded in 2015 -- around the same time he launched Onerep. Shelest maintained that Nuwber has "zero cross-over or information-sharing with Onerep," and said any other old domains that may be found and associated with his name are no longer being operated by him. "I get it," Shelest wrote. "My affiliation with a people search business may look odd from the outside. In truth, if I hadn't taken that initial path with a deep dive into how people search sites work, Onerep wouldn't have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I'm aiming to do better in the future." The full statement is available here (PDF).

In a statement released today, a spokesperson for Mozilla said it was moving away from Onerep as a service provider in its Monitor Plus product. "Though customer data was never at risk, the outside financial interests and activities of Onerep's CEO do not align with our values," Mozilla wrote. "We're working now to solidify a transition plan that will provide customers with a seamless experience and will continue to put their interests first." KrebsOnSecurity also reported that Shelest's email address was used circa 2010 by an affiliate of Spamit, a Russian-language organization that paid people to aggressively promote websites hawking male enhancement drugs and generic pharmaceuticals. As noted in the March 14 story, this connection was confirmed by research from multiple graduate students at my alma mater George Mason University.

Shelest denied ever being associated with Spamit. "Between 2010 and 2014, we put up some web pages and optimize them -- a widely used SEO practice -- and then ran AdSense banners on them," Shelest said, presumably referring to the dozens of people-search domains KrebsOnSecurity found were connected to his email addresses (dmitrcox@gmail.com and dmitrcox2@gmail.com). "As we progressed and learned more, we saw that a lot of the inquiries coming in were for people." Shelest also acknowledged that Onerep pays to run ads on "on a handful of data broker sites in very specific circumstances." "Our ad is served once someone has manually completed an opt-out form on their own," Shelest wrote. "The goal is to let them know that if they were exposed on that site, there may be others, and bring awareness to there being a more automated opt-out option, such as Onerep."

An anonymous reader quotes a report from Ars Technica: Starting in early 2023, Williams team principal James Vowles and chief technical officer Pat Fry started reworking the F1 team's systems for designing and building its car. It would be painful, but the pain would keep the team from falling even further behind. As they started figuring out new processes and systems, they encountered what they considered a core issue: Microsoft Excel. The Williams car build workbook, with roughly 20,000 individual parts, was "a joke," Vowles recently told The Race. "Impossible to navigate and impossible to update." This colossal Excel file lacked information on how much each of those parts cost and the time it took to produce them, along with whether the parts were already on order. Prioritizing one car section over another, from manufacture through inspection, was impossible, Vowles suggested.

"When you start tracking now hundreds of thousands of components through your organization moving around, an Excel spreadsheet is useless," Vowles told The Race. Because of the multiple states each part could be in -- ordered, backordered, inspected, returned -- humans are often left to work out the details. "And once you start putting that level of complexity in, which is where modern Formula 1 is, the Excel spreadsheet falls over, and humans fall over. And that's exactly where we are." The consequences of this row/column chaos, and the resulting hiccups, were many. Williams missed early pre-season testing in 2019. Workers sometimes had to physically search the team's factory for parts. The wrong parts got priority, other parts came late, and some piled up. And yet transitioning to a modern tracking system was "viciously expensive," Fry told The Race, and making up for the painful process required "humans pushing themselves to the absolute limits and breaking."

The idea that a modern Formula 1 team, building some of the most fantastically advanced and efficient machines on Earth, would be using Excel to build those machines might strike you as odd. F1 cars cost an estimated $12-$16 million each, with resource cap of about $145 million. But none of this really matters, and it actually makes sense, if you've ever worked IT at nearly any decent-sized organization. Then again, it's not even uncommon in Formula 1. When Sebastian Anthony embedded with the Renault team, he reported back for Ars in 2017 that Renault Sport Formula One's Excel design and build spreadsheet was 77,000 lines long -- more than three times as large as the Williams setup that spurred an internal revolution in 2023.

Every F1 team has its own software setup, Anthony wrote, but they have to integrate with a lot of other systems: Computational Fluid Dynamics (CFD) and wind tunnel results, rapid prototyping and manufacturing, and inventory. This leaves F1 teams "susceptible to the plague of legacy software," Anthony wrote, though he noted that Renault had moved on to a more dynamic cloud-based system that year. (Renault was also "a big Microsoft shop" in other areas, like email and file sharing, at the time.) One year prior to Anthony's excavation, Adam Banks wrote for Ars about the benefits of adopting cloud-based tools for enterprise resource planning (ERP). You adopt a cloud-based business management software to go "Beyond Excel." "If PowerPoint is the universal language businesses use to talk to one another, their internal monologue is Excel," Banks wrote. The issue is that all the systems and processes a business touches are complex and generate all kinds of data, but Excel is totally cool with taking in all of it. Or at least 1,048,576 rows of it. Banks cited Tim Worstall's 2013 contention that Excel could be "the most dangerous software on the planet." Back then, international investment bankers were found manually copying and pasting Excel between Excel sheets to do their work, and it raised alarm.

The Associated Press reports on the passing of astronaut Thomas P. Stafford, the commander of a dress rehearsal flight for the 1969 moon landing and the first U.S.-Soviet space linkup. He was 93. From the report: Stafford, a retired Air Force three-star general, took part in four space missions. Before Apollo 10, he flew on two Gemini flights, including the first rendezvous of two U.S. capsules in orbit. He died in a hospital near his Space Coast Florida home, said Max Ary, director of the Stafford Air & Space Museum in Weatherford, Oklahoma. Stafford was one of 24 NASA astronauts who flew to the moon, but he did not land on it. Only seven of them are still alive. After he put away his flight suit, Stafford was the go-to guy for NASA when it sought independent advice on everything from human Mars missions to safety issues to returning to flight after the 2003 space shuttle Columbia accident. He chaired an oversight group that looked into how to fix the then-flawed Hubble Space Telescope, earning a NASA public service award.

"Tom was involved in so many things that most people were not aware of, such as being known as the 'Father of Stealth,'" Ary said in an email. Stafford was in charge of the famous 'Area 51' desert base that was the site of many UFO theories, but the home of testing of Air Force stealth technologies. The Apollo 10 mission in May 1969 set the stage for Apollo 11's historic mission two months later. Stafford and Gene Cernan took the lunar lander nicknamed Snoopy within 9 miles (14 kilometers) of the moon's surface. Astronaut John Young stayed behind in the main spaceship dubbed Charlie Brown. "The most impressive sight, I think, that really changed your view of things is when you first see Earth," Stafford recalled in a 1997 oral history, talking about the view from lunar orbit. Then came the moon's far side: "The Earth disappears. There's this big black void." Apollo 10's return to Earth set the world's record for fastest speed by a crewed vehicle at 24,791 mph (39,897 kph).

After the moon landings ended, NASA and the Soviet Union decided on a joint docking mission and Stafford, a one-star general at the time, was chosen to command the American side. It meant intensive language training, being followed by the KGB while in the Soviet Union, and lifelong friendships with cosmonauts. The two teams of space travelers even went to Disney World and rode Space Mountain together before going into orbit and joining ships. "We have capture," Stafford radioed in Russian as the Apollo and Soyuz spacecraft hooked up. His Russian counterpart, Alexei Leonov, responded in English: "Well done, Tom, it was a good show. I vote for you." [...] The 1975 mission included two days during which the five men worked together on experiments. After, the two teams toured the world together, meeting President Gerald Ford and Soviet leader Leonid Brezhnev. "It helped prove to the rest of the world that two completely opposite political systems could work together," Stafford recalled at a 30th anniversary gathering in 2005. Later, Stafford was a central part of discussions in the 1990s that brought Russia into the partnership building and operating the International Space Station.

Published scientific papers include language that appears to have been generated by AI-tools like ChatGPT, showing how pervasive the technology has become, and highlighting longstanding issues with some peer-reviewed journals. From a report: Searching for the phrase "As of my last knowledge update" on Google Scholar, a free search tool that indexes articles published in academic journals, returns 115 results. The phrase is often used by OpenAI's ChatGPT to indicate when the data the answer it is giving users is coming from, and the specific months and years found in these academic papers correspond to previous ChatGPT "knowledge updates."

"As of my last knowledge update in September 2021, there is no widely accepted scientific correlation between quantum entanglement and longitudinal scalar waves," reads a paper titled "Quantum Entanglement: Examining its Nature and Implications" published in the "Journal of Material Sciences & Manfacturing [sic] Research," a publication that claims it's peer-reviewed. Over the weekend, a tweet showing the same AI-generated phrase appearing in several scientific papers went viral.

Most of the scientific papers I looked at that included this phrase are small, not well known, and appear to be "paper mills," journals with low editorial standards that will publish almost anything quickly. One publication where I found the AI-generated phrase, the Open Access Research Journal of Engineering and Technology, advertises "low publication charges," an "e-certificate" of publication, and is currently advertising a call for papers, promising acceptance within 48 hours and publication within four days.

Databricks CTO Matei Zaharia "said that Databricks had to keep track of scheduling a million things," remembers adjunct MIT professor Michael Stonebraker. " He said that this can't be done with traditional operating system scheduling, and so this was done out of a Postgres database. And then he started to whine that Postgres was too slow, and I told him we can do better than that...."

This resulted in DBOS — short for "database operating system" — which they teamed up to build with teams Stanford and MIT, according to The Next Platform: They founded a company to commercialize the idea in April 2023 and secured $8.5 million initial seed funding to start building the real DBOS. Engine Ventures and Construct Capital led the funding, along with Sinewave and GutBrain Ventures...

"The state that the operating system has to keep track of — memory, files, messages, and so on — is approximately linear to the resources you have got," says Stonebraker. "So without me saying another word, keeping track of operating system state is a database problem not addressed by current operating system schedulers. Moreover, OLTP [Online Transaction Processing] database performance has gone up dramatically, and that is why we thought instead of running the database system in user space on top of the operating system, why don't we invert our thinking 180 degrees and run the operating system on top of the database, with all of the operating services are coded in SQL...?"

For now, DBOS can give the same kind of performance as that full blown Linux operating system, and thanks to the distributed database underpinnings of its kernel, it can do things that a Linux kernel just cannot do... One is provide reliable execution, which means that if a program running atop DBOS is ever interrupted, it starts where it left off and does not have to redo its work from some arbitrary earlier point and does not crash and have to start from the beginning. And because every little bit of the state of the operating system — and therefore the applications that run atop it — is preserved, you can go backwards in time in the system and restart the operating system if it experiences some sort of anomaly, such as a bad piece of application software running or a hack attack. You can use this "time travel" feature, as Stonebraker calls it, to reproduce what are called heisenbugs — ones that are very hard to reproduce precisely because there is no shared state in the distributed Linux and Kubernetes environment and that are increasingly prevalent in a world of microservices.

The other benefit of the DBOS is that it presents a smaller attack surface for hackers, which boosts security, and that you analyze the metrics of the operating system in place since they are already in a NoSQL database that can be queried rather than aggregating a bunch of log files from up and down the software stack to try to figure out what is going on...

There is also a custom tier for DBOS, which we presume costs money, that can use other databases and datastores for user application data, stores more than three days of log data, can have multiple users per account, that adds email and Slack support with DBOS techies, and that is available on other clouds as well as AWS.
The operating system kernel/scheduler "is itself largely a database," with services written in TypeScript, according to the article. The first iteration used the FoundationDB distributed key-value store for its scheduling core (open sourced by Apple in 2018), according to the article — "a blazingly fast NoSQL database... Stonebraker says there is no reason to believe that DBOS can't scale across 1 million cores or more and support Java, Python, and other application languages as they are needed by customers..."

And the article speculates they could take things even further. "There is no reason why DBOS cannot complete the circle and not only have a database as an operating system kernel, but also have a relational database as the file system for applications."

New emails from before the launch of the Epic Games Store in 2018 show just how angry Epic CEO Tim Sweeney was with the "assholes" at companies like Valve and Apple for squeezing "the little guy" with what he saw as inflated fees. "The emails, which came out this week as part of Wolfire's price-fixing case against Valve (as noticed by the GameDiscoverCo newsletter), confront Valve managers directly for platform fees Sweeney says are 'no longer justifiable,'" writes Ars Technica's Kyle Orland. "They also offer a behind-the-scenes look at the fury Sweeney and Epic would unleash against Apple in court proceedings starting years later. From the report: The first mostly unredacted email chain from the court documents, from August 2017 (PDF), starts with Valve co-founder Gabe Newell asking Sweeney if there is "anything we [are] doing to annoy you?" That query was likely prompted by Sweeney's public tweets at the time questioning "why Steam is still taking 30% of gross [when] MasterCard and Visa charge 2-5% per transaction, and CDN bandwidth is around $0.002/GB." Later in the same thread, he laments that "the internet was supposed to obsolete the rent-seeking software distribution middlemen, but here's Facebook, Google, Apple, Valve, etc." Expanding on these public thoughts in a private response to Newell, Sweeney allows that there was "a good case" for Steam's 30 percent platform fee "in the early days." But he also argues that the fee is too high now that Steam's sheer scale has driven down operating costs and made it harder for individual games to get as much marketing or user acquisition value from simply being available on the storefront.

Sweeney goes on to spitball some numbers showing how Valve's fees are contributing to the squeeze all but the biggest PC game developers were feeling on their revenues: "If you subtract out the top 25 games on Steam, I bet Valve made more profit from most of the next 1,000 than the developer themselves made. These guys are our engine customers and we talk to them all the time. Valve takes 30% for distribution; they have to spend 30% on Facebook/Google/Twitter [user acquisition] or traditional marketing, 10% on server, 5% on engine. So, the system takes 75% and that leaves 25% for actually creating the game, worse than the retail distribution economics of the 1990's." Based on experience with Fortnite and Paragon, Sweeney estimates that the true cost of distribution for PC games that sell for $25 or more in Western markets "is under 7% of gross." That's only slightly lower than the 12 percent take Epic would establish for its own Epic Games Store the next year.

The second email chain (PDF) revealed in the lawsuit started in November 2018, with Sweeney offering Valve a heads-up on the impending launch of the Epic Games Store that would come just weeks later. While that move was focused on PC and Mac games, Sweeney quickly pivots to a discussion of Apple's total control over iOS, the subject at the time of a lawsuit whose technicalities were being considered by the Supreme Court. Years before Epic would bring its own case against Apple, Sweeney was somewhat prescient, noting that "Apple also has the resources to litigate and delay any change [to its total App Store control] for years... What we need right now is enough developer, press, and platform momentum to steer Apple towards fully opening up iOS sooner rather than later." To that end, Sweeney attempted to convince Valve that lowering its own platform fees would hurt Apple's position and thereby contribute to the greater good: "A timely move by Valve to improve Steam economics for all developers would make a great difference in all of this, clearly demonstrating that store competition leads to better rates for all developers. Epic would gladly speak in support of such a move anytime!"

In a follow-up email on December 3, just days before the Epic Games Store launch, Sweeney took Valve to task more directly for its policy of offering lower platform fees for the largest developers on Steam. He offered some harsh words for Valve while once again begging the company to serve as a positive example in the developing case against Apple: "Right now, you assholes are telling the world that the strong and powerful get special terms, while 30% is for the little people. We're all in for a prolonged battle if Apple tries to keep their monopoly and 30% by cutting backroom deals with big publishers to keep them quiet. Why not give ALL developers a better deal? What better way is there to convince Apple quickly that their model is now totally untenable?" After being forwarded the message by Valve's Erik Johnson, Valve COO Scott Lynch simply offered up a sardonic "You mad bro?"

France Travail, the government agency responsible for assisting the unemployed, has fallen victim to a massive data breach exposing the personal information of up to 43 million French citizens dating back two decades, the department announced on Wednesday. The incident, which has been reported to the country's data protection watchdog (CNIL), is the latest in a series of high-profile cyber attacks targeting French government institutions and underscores the growing threat to citizens' private data. From a report: The department's statement reveals that names, dates of birth, social security numbers, France Travail identifiers, email addresses, postal addresses, and phone numbers were exposed. Passwords and banking details aren't affected, at least. That said, CNIL warned that the data stolen during this incident could be linked to stolen data in other breaches and used to build larger banks of information on any given individual. It's not clear whether the database's entire contents were stolen by attackers, but the announcement suggests that at least some of the data was extracted.

Over 15,000 Roku customers were hacked and used to make fraudulent purchases of hardware and streaming subscriptions. According to BleepingComputer, the threat actors were "selling the stolen accounts for as little as $0.50 per account, allowing purchasers to use stored credit cards to make illegal purchases." From the report: On Friday, Roku first disclosed the data breach, warning that 15,363 customer accounts were hacked in a credential stuffing attack. A credential stuffing attack is when threat actors collect credentials exposed in data breaches and then attempt to use them to log in to other sites, in this case, Roku.com. The company says that once an account was breached, it allowed threat actors to change the information on the account, including passwords, email addresses, and shipping addresses. This effectively locked a user out of the account, allowing the threat actors to make purchases using stored credit card information without the legitimate account holder receiving order confirmation emails.

"It appears likely that the same username/password combinations had been used as login information for such third-party services as well as certain individual Roku accounts," reads the data breach notice. "As a result, unauthorized actors were able to obtain login information from third-party sources and then use it to access certain individual Roku accounts. "After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions." Roku says that it secured the impacted accounts and forced a password reset upon detecting the incident. Additionally, the platform's security team investigated for any charges due to unauthorized purchases performed by the hackers and took steps to cancel the relevant subscriptions and refund the account holders.

A researcher told BleepingComputer last week that the threat actors have been using a Roku config to perform credential stuffing attacks for months, bypassing brute force attack protections and captchas by using specific URLs and rotating through lists of proxy servers. Successfully hacked accounts are then sold on stolen account marketplaces for as little as 50 cents, as seen below where 439 accounts are being sold. The seller of these accounts provides information on how to change information on the account to make fraudulent purchases. Those who purchase the stolen accounts hijack them with their own information and use stored credit cards to purchase cameras, remotes, soundbars, light strips, and streaming boxes. After making their purchases, it is common for them to share screenshots of redacted order confirmation emails on Telegram channels associated with the stolen account marketplaces.

Microsoft revealed earlier this year that Russian state-sponsored hackers had been spying on the email accounts of some members of its senior leadership team. Now, Microsoft is disclosing that the attack, from the same group behind the SolarWinds attack, has also led to some source code being stolen in what Microsoft describes as an ongoing attack. From a report: "In recent weeks, we have seen evidence that Midnight Blizzard [Nobelium] is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access," explains Microsoft in a blog post. "This has included access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised."

It's not clear what source code was accessed, but Microsoft warns that the Nobelium group, or "Midnight Blizzard," as Microsoft refers to them, is now attempting to use "secrets of different types it has found" to try to further breach the software giant and potentially its customers. "Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures," says Microsoft.