Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Submission + - Dropbox Says Hackers Breached Digital-Signature Product (yahoo.com)

Submitted by Anonymous Coward
An anonymous reader writes: Dropbox said its digital-signature product, Dropbox Sign, was breached by hackers, who accessed user information including emails, user names and phone numbers. The software company said it became aware of the cyberattack on April 24, sought to limit the incident and reported it to law enforcement and regulatory authorities. “We discovered that the threat actor had accessed data related to all users of Dropbox Sign, such as emails and user names, in addition to general account settings,” Dropbox said Wednesday in a regulatory filing. “For subsets of users, the threat actor also accessed phone numbers, hashed passwords, and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.”

Dropbox said there is no evidence hackers obtained user accounts or payment information. The company said it appears the attack was limited to Dropbox Sign and no other products were breached. The company didn’t disclose how many customers were affected by the hack. The hack is unlikely to have a material impact on the company’s finances, Dropbox said in the filing. The shares declined about 2.5% in extended trading after the cyberattack was disclosed and have fallen 20% this year through the close.

Submission + - Congress Lets Broadband Funding Run Out, Ending $30 Low-Income Discounts (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: The Federal Communications Commission chair today made a final plea to Congress, asking for money to continue a broadband-affordability program that gave out its last round of $30 discounts to people with low incomes in April. The Affordable Connectivity Program (ACP) has lowered monthly Internet bills for people who qualify for benefits, but Congress allowed funding to run out. People may receive up to $14 in May if their ISP opted into offering a partial discount during the program's final month. After that there will be no financial help for the 23 million households enrolled in the program.

"Additional funding from Congress is the only near-term solution for keeping the ACP going," FCC Chairwoman Jessica Rosenworcel wrote in a letter to members of Congress today. "If additional funding is not promptly appropriated, the one in six households nationwide that rely on this program will face rising bills and increasing disconnection. In fact, according to our survey of ACP beneficiaries, 77 percent of participating households report that losing this benefit would disrupt their service by making them change their plan or lead to them dropping Internet service entirely." The ACP started with $14.2 billion allocated by Congress in late 2021. The $30 monthly ACP benefit replaced the previous $50 monthly subsidy from the Emergency Broadband Benefit Program.

Submission + - Tesla conducting more layoffs, including entire Supercharger team (electrek.co)

Submitted by theweatherelectric
theweatherelectric writes: Just after laying off “more than 10%” of its global workforce, Tesla is laying off even more employees – including senior executives and long-time veterans of the company, most notably the entire Supercharging team and the executive responsible for negotiating NACS adoption across the industry. This has already caused Tesla scale back plans for further expansion of the Supercharger network.

Submission + - PFAS increase likelihood of death by cardiovascular disease, study shows (theguardian.com)

Submitted by berghem
berghem writes: The Guardian reports:

For the first time, researchers have formally shown that exposure to toxic PFAS increases the likelihood of death by cardiovascular disease, adding a new level of concern to the controversial chemicalsâ(TM) wide use.

The findings are especially significant because proving an association with death by chemical exposure is difficult, but researchers were able to establish it by reviewing death records from northern Italyâ(TM)s Veneto region, where many residents for decades drank water highly contaminated with PFAS, also called âoeforever chemicalsâ.

âoeThis is the first time that anyone has found strong evidence of an association of PFAS exposure and cardiovascular mortality,â said Annibale Biggeri, the peer-reviewed studyâ(TM)s lead author, and a researcher with the University of Padua.

PFAS are a class of 15,000 chemicals used across dozens of industries to make products resistant to water, stains and heat. Though the compounds are highly effective, previous research has linked them to cancer, kidney disease, birth defects, decreased immunity, liver problems and a range of other serious diseases.

Submission + - Mysterious 'gpt2-chatbot' AI Model Appears Suddenly, Confuses Experts (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: On Sunday, word began to spread on social media about a new mystery chatbot named "gpt2-chatbot" that appeared in the LMSYS Chatbot Arena. Some people speculate that it may be a secret test version of OpenAI's upcoming GPT-4.5 or GPT-5 large language model (LLM). The paid version of ChatGPT is currently powered by GPT-4 Turbo. Currently, the new model is only available for use through the Chatbot Arena website, although in a limited way. In the site's "side-by-side" arena mode where users can purposely select the model, gpt2-chatbot has a rate limit of eight queries per day—dramatically limiting people's ability to test it in detail. [...] On Monday evening, OpenAI CEO Sam Altman seemingly dropped a hint by tweeting, "i do have a soft spot for gpt2." [...]

So, whatever it is, it's probably not GPT-5. We've seen other people reach the same conclusion after further testing, saying that the new mystery chatbot doesn't seem to represent a large capability leap beyond GPT-4. "Gpt2-chatbot is good. really good," wrote HyperWrite CEO Matt Shumer on X. "But if this is gpt-4.5, I’m disappointed." Still, OpenAI's fingerprints seem to be all over the new bot. "I think it may well be an OpenAI stealth preview of something," AI researcher Simon Willison told Ars Technica. But what "gpt2" is exactly, he doesn't know. After surveying online speculation, it seems that no one apart from its creator knows precisely what the model is, either. Willison has uncovered the system prompt for the AI model, which claims it is based on GPT-4 and made by OpenAI. But as Willison noted in a tweet, that's no guarantee of provenance because "the goal of a system prompt is to influence the model to behave in certain ways, not to give it truthful information about itself."

Submission + - SES to buy Intelsat for $3.1B (reuters.com)

Submitted by schwit1
schwit1 writes: SES plans to buy fellow satellite operator Intelsat, in a deal that could help the combined company compete with SpaceX's huge Starlink broadband network.

Submission + - America's Wind Power Production Drops for the First Time in 25 Years (yahoo.com)

Submitted by Anonymous Coward
An anonymous reader writes: U.S. wind power slipped last year for the first time in a quarter-century due to weaker-than-normal Midwest breezes, underscoring the challenge of integrating volatile renewable energy sources into the grid. Power produced by turbines slipped 2% in 2023, even after developers added 6.2 gigawatts of new capacity, according to a government report Tuesday. The capacity factor for the country’s wind fleet — how much energy it’s actually generating versus its maximum possible output — declined to an eight-year low of 33.5%. Most of that decline was driven by the central US, a region densely dotted with turbines.

Wind is a key component of the effort to cut carbon emissions, but the data highlights the downside of relying on intermittent energy sources tied to the effects of global weather. Last year’s low wind speeds came during El Nino, a warming of the equatorial Pacific that tends to weaken trade winds. La Nina, the Pacific cooling pattern that dominated in 2022 and is poised to return later this year, usually has the opposite effect.

Submission + - Change Healthcare Hackers Broke In Using Stolen Credentials, No MFA (techcrunch.com)

Submitted by Anonymous Coward
An anonymous reader writes: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication (MFA), according to the chief executive of its parent company, UnitedHealth Group (UHG). UnitedHealth CEO Andrew Witty provided the written testimony ahead of a House subcommittee hearing on Wednesday into the February ransomware attack that caused months of disruption across the U.S. healthcare system. This is the first time the health insurance giant has given an assessment of how hackers broke into Change Healthcare’s systems, during which massive amounts of health data were exfiltrated from its systems. UnitedHealth said last week that the hackers stole health data on a “substantial proportion of people in America.”

According to Witty’s testimony, the criminal hackers “used compromised credentials to remotely access a Change Healthcare Citrix portal.” Organizations like Change use Citrix software to let employees access their work computers remotely on their internal networks. Witty did not elaborate on how the credentials were stolen. However, Witty did say the portal “did not have multifactor authentication,” which is a basic security feature that prevents the misuse of stolen passwords by requiring a second code sent to an employee’s trusted device, such as their phone. It’s not known why Change did not set up multifactor authentication on this system, but this will likely become a focus for investigators trying to understand potential deficiencies in the insurer’s systems. “Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data,” said Witty. Witty said the hackers deployed ransomware nine days later on February 21, prompting the health giant to shut down its network to contain the breach.

Submission + - China Launches World's Largest Electric Container Ship (techtimes.com)

Submitted by AmiMoJo
AmiMoJo writes: China has reached a major landmark in green transportation with the launch of the world's largest fully electric container ship. Developed and manufactured by China Ocean Shipping Group (Cosco), the vessel is now operating a regular service route between Shanghai and Nanjing, aiming to reduce emissions significantly along its journey.

The Greenwater 01, an all-electric container ship, is positioning itself to be a shipping industry pioneer. Equipped with a main battery exceeding 50,000 kilowatt-hours, the vessel can accommodate additional battery boxes for longer voyages. These battery boxes, each containing 1,600 kilowatt-hours of electricity and similar in size to standard 20-foot containers, provide flexibility in extending the ship's travel range. With 24 battery boxes onboard, the Greenwater 01 can complete a journey consuming 80,000 kilowatt-hours of electricity. This is equivalent to saving 15 tonnes of fuel compared to a standard container ship, highlighting the efficiency of electric propulsion systems.

Submission + - Systemd wants to expand to include a sudo replacement (fosspost.org)

Submitted by Anonymous Coward
An anonymous reader writes: Systemd lead developer Lennart Poettering has posted on Mastodon about their upcoming v256 release of Systemd, which is expected to include a sudo replacement called “run0”.

The developer talks about the weaknesses of sudo, and how it has a large possible attack surface. For example, sudo supports network access, LDAP configurations, other types of plugins, and much more. But most importantly, its SUID binary provides a large attack service according to Lennart:

"I personally think that the biggest problem with sudo is the fact it’s a SUID binary though – the big attack surface, the plugins, network access and so on that come after it it just make the key problem worse, but are not in themselves the main issue with sudo. SUID processes are weird concepts: they are invoked by unprivileged code and inherit the execution context intended for and controlled by unprivileged code. By execution context I mean the myriad of properties that a process has on Linux these days, from environment variables, process scheduling properties, cgroup assignments, security contexts, file descriptors passed, and so on and so on."

He’s saying that sudo is a Unix concept from many decades ago, and a better privilege escalation system should be in place for 2024 security standards:

  "So, in my ideal world, we’d have an OS entirely without SUID. Let’s throw out the concept of SUID on the dump of UNIX’ bad ideas. An execution context for privileged code that is half under the control of unprivileged code and that needs careful manual clean-up is just not how security engineering should be done in 2024 anymore."

Submission + - The End of Crypto? (yahoo.com) 1

Submitted by RossCWilliams
RossCWilliams writes: Venezuela is using crypto currency to avoid US sanctions. This is leading to demands for controls on its use:

Venezuelan opposition politician Leopoldo Lopez and expert Kristofer Doucette presented a report on Monday detailing transactions since Venezuelan President Nicolas Maduro took office. Democratic governments should counter his attempts "to exploit cryptocurrency for moving illicit proceeds into the international financial system," the report said.

"Structures must be set up to combat this type of money laundering," said Doucette, national security leader at Chainalysis

Is the recognition of crypto currency as a national security threat that threatens international financial controls the beginning of the end of unregulated crypto currencies?

Submission + - How 'History and Tradition' Rulings Are Changing American Law (nytimes.com)

Submitted by Mr.Intel
Mr.Intel writes: In November 2022, a group of L.G.B.T.Q. students at West Texas A&M University started planning a drag show for the following spring. They wanted to raise money for suicide prevention and stand up for queer self-expression at a time when conservatives in Texas, in the name of protecting children, were mobilizing to shut drag shows down.

The president of West Texas A&M, Walter Wendler, announced in March 2023 that he was barring the event from campus. In a statement on his personal website, Wendler called drag shows “derisive, divisive and demoralizing misogyny.” Spectrum WT sued, arguing that Wendler’s decision to cancel the show was a “textbook” example of discriminating against speech based on viewpoint.

Legally speaking, Spectrum WT had a strong case. Since the 1970s, the Supreme Court has ruled that the First Amendment protects speech on public university campuses, “no matter how offensive” and despite “conventions of decency,” as two decisions put it. Wendler acknowledged that he was refusing to allow the drag show to take place “even when the law of the land appears to require it.”

But the lawsuit landed on the docket of Judge Matthew J. Kacsmaryk, a Trump appointee to the federal bench in Amarillo who is the author of several sweeping arch-conservative rulings. And in the drag-show case, Judge Kacsmaryk had a new tool, supplied by the Supreme Court. Known as the “history and tradition” test, the legal standard has been recently adopted by the court’s conservative majority to allow judges to set aside modern developments in the law to restore the precedents of the distant past.

Non-paywalled link: https://dnyuz.com/2024/04/29/h...

Submission + - Copilot Workspace Is GitHub's Take On AI-Powered Software Engineering (techcrunch.com)

Submitted by Anonymous Coward
An anonymous reader writes: Ahead of its annual GitHub Universe conference in San Francisco early this fall, GitHub announced Copilot Workspace, a dev environment that taps what GitHub describes as “Copilot-powered agents” to help developers brainstorm, plan, build, test and run code in natural language. Jonathan Carter, head of GitHub Next, GitHub’s software R&D team, pitches Workspace as somewhat of an evolution of GitHub’s AI-powered coding assistant Copilot into a more general tool, building on recently introduced capabilities like Copilot Chat, which lets developers ask questions about code in natural language. “Through research, we found that, for many tasks, the biggest point of friction for developers was in getting started, and in particular knowing how to approach a [coding] problem, knowing which files to edit and knowing how to consider multiple solutions and their trade-offs,” Carter said. “So we wanted to build an AI assistant that could meet developers at the inception of an idea or task, reduce the activation energy needed to begin and then collaborate with them on making the necessary edits across the entire corebase.”

Given a GitHub repo or a specific bug within a repo, Workspace — underpinned by OpenAI’s GPT-4 Turbo model — can build a plan to (attempt to) squash the bug or implement a new feature, drawing on an understanding of the repo’s comments, issue replies and larger codebase. Developers get suggested code for the bug fix or new feature, along with a list of the things they need to validate and test that code, plus controls to edit, save, refactor or undo it. The suggested code can be run directly in Workspace and shared among team members via an external link. Those team members, once in Workspace, can refine and tinker with the code as they see fit.

Perhaps the most obvious way to launch Workspace is from the new “Open in Workspace” button to the left of issues and pull requests in GitHub repos. Clicking on it opens a field to describe the software engineering task to be completed in natural language, like, “Add documentation for the changes in this pull request,” which, once submitted, gets added to a list of “sessions” within the new dedicated Workspace view. Workspace executes requests systematically step by step, creating a specification, generating a plan and then implementing that plan. Developers can dive into any of these steps to get a granular view of the suggested code and changes and delete, re-run or re-order the steps as necessary.

Submission + - Walmart and Roblox Team Up To Make Virtual E-Commerce a Reality (digiday.com)

Submitted by Anonymous Coward
An anonymous reader writes: As of today, Walmart is able to sell physical goods directly to users inside Roblox. The introduction of real-life e-commerce could be a watershed moment for the company’s ambitions to become an all-encompassing destination for virtual life. Walmart’s Roblox e-commerce experience launches later today, with users inside the pre-existing Walmart Discovered able to have real-life items shipped directly to their doorsteps. Users entering the experience will be greeted with a new storefront showcasing virtual twins of select physical items sold at real-life Walmart stores.

After trying out the virtual items on their avatars, players will be able to load an e-commerce experience that takes the form of a browser window inside Roblox imitating the experience of shopping on Walmart’s website — essentially a virtual laptop set up inside Roblox to access Walmart.com. The commerce feature within Walmart Discovered will be gated specifically to users aged 13 or older in the United States only. “There is a traditional sort of checkout flow where you put your name, your address and your credit card information, and that’s all powered by a Walmart API that handles all of the information super securely — it’s very safe,” said Walmart director of brand experiences and strategic partnerships Justin Breton. “And once you hit checkout, you’ll get your confirmation email from Walmart. All of that is handled by us on the back end, the user will then get their item in the mail, but the virtual twin is granted immediately back on Roblox.”

Today’s pilot test is the first of multiple e-commerce tests that Roblox is planning with different products, brands and shopping methodologies. When it all shakes out, it’s possible that future e-commerce experiences on the platform will ultimately look very different than Walmart’s pilot test. “We are excited to start testing real-world commerce as a key step towards enabling it in the future for our community of creators and brands,” said Roblox vp of economy Enrico D’Angelo. “Shopping for virtual items is already an important element of how people engage and express themselves on Roblox daily, so our goal is to gather feedback, test the technology and learn what resonates with Gen Z customers the most when it comes to shopping for physical items.”

Submission + - G7 Reaches Deal To Exit From Coal By 2035 (reuters.com)

Submitted by Anonymous Coward
An anonymous reader writes: Energy ministers from the Group of Seven (G7) major democracies reached a deal to shut down their coal-fired power plants in the first half of the 2030s, in a significant step towards the transition away from fossil fuels. "There is a technical agreement, we will seal the final political deal on Tuesday," said Italian energy minister Gilberto Pichetto Fratin, who is chairing the G7 ministerial meeting in Turin. On Tuesday the ministers will issue a final communique detailing the G7 commitments to decarbonise their economies. Pichetto said the ministers were also pondering potential restrictions to Russian imports of liquefied natural gas to Europe which the European Commission is due to propose in the short-term.

The agreement on coal marks a significant step in the direction indicated last year by the COP28 United Nations climate summit to phase out fossil fuels, of which coal is the most polluting. Italy last year produced 4.7% of its total electricity through a handful of coal-fired stations. Rome currently plans to turn off its plants by 2025, except on the island of Sardinia where the deadline is 2028. In Germany and Japan coal has a bigger role, with the share of electricity produced by the fuel higher than 25% of total last year.

Slashdot Top Deals

"By the time they had diminished from 50 to 8, the other dwarves began to suspect "Hungry." -- a Larson cartoon

Close