×
Security

Data Stolen Through Flaw in MOVEit Transfer, Researchers Say (reuters.com)

Reuters reports: Hackers have stolen data from the systems of a number of users of the popular file transfer tool MOVEit Transfer, U.S. security researchers said on Thursday, one day after the maker of the software disclosed that a security flaw had been discovered. Software maker Progress Software Corp, after disclosing the vulnerability on Wednesday, said it could lead to potential unauthorized access into users' systems.

The managed file transfer software made by the Burlington, Massachusetts-based company allows organizations to transfer files and data between business partners and customers. It was not immediately clear which or how many organizations use the software or were impacted by potential breaches. Chief Information Officer Ian Pitt declined to share those details, but said Progress Software had made fixes available since it discovered the vulnerability late on May 28...

Cybersecurity firm Rapid7 Inc and Mandiant Consulting — owned by Alphabet Inc's Google — said they had found a number of cases in which the flaw had been exploited to steal data. "Mass exploitation and broad data theft has occurred over the past few days," Charles Carmakal, chief technology officer of Mandiant Consulting, said in a statement... "Although Mandiant does not yet know the motivation of the threat actor, organizations should prepare for potential extortion and publication of the stolen data," Carmakal said.

Thanks to long-time Slashdot reader rexx mainframe for sharing the story.
The Almighty Buck

US Financial Watchdog: Money Stored in Venmo/PayPal/CashApp Isn't Federally Insured (apnews.com) 16

The Associated Press reports: Customers of Venmo, PayPal and CashApp should not store their money with those apps for the long term because the funds might not be safe during a crisis, the [U.S.] Consumer Financial Protection Bureau warned Thursday...

The Federal Deposit Insurance Corporation insures bank accounts up to $250,000. But money stored in Venmo or CashApp or Apple Cash is not being held in a traditional bank account. So, if there is an event similar to a bank run with those payment apps, those funds may not be protected. Some of the funds may be eligible for pass-through insurance coverage if customers do certain activities with the apps, the CFPB said, but generally by default the apps are not covered by deposit insurance.

For example, if a customer opened a PayPal Savings account, it would have deposit insurance through PayPal's partner bank, Synchrony Bank. But the general PayPal account is not covered by insurance. For Apple Cash, which can be insured through Green Dot Bank, it requires a user to verify their identity to get deposit insurance. "We find that stored funds can be at risk of loss in the event of financial distress or failure of the entity operating the nonbank payment platform, and often are not placed in an account at a bank or credit union and lack individual deposit insurance coverage," the CFPB said in its report.

"Consumers may not fully appreciate when, or under what conditions, they would be protected by deposit insurance," the agency added in its report.

Books

Why Bill Gates Recommends This Novel About Videogames (gatesnotes.com) 33

Bill Gates wrote a blog post this week recommending a novel about videogame development. Gates calls Tomorrow, and Tomorrow, and Tomorrow. "one of the biggest books of last year," telling the story of "two friends who bond over Super Mario Bros. as kids and grow up to make video games together." Although there are plenty of video games mentioned in the book — Oregon Trail is a recurring theme — I'd describe it more as a story about partnership and collaboration. When Sam and Sadie are in college, they create a game called Ichigo that turns out to be a huge hit. Their company, Unfair Games, becomes successful, but the two start to butt heads. Sadie is upset that Sam got most of the credit for Ichigo. Sam is frustrated that Sadie cares more about creating art than about making their company viable...

Most of the book is about how a creative partnership can be equal parts remarkable and complicated. I couldn't help but be reminded of my relationship with Paul Allen while I was reading it. Sadie believes that "true collaborators in this life are rare." I agree, and I was lucky to have one in Paul. An early chapter describing how Sam and Sadie worked until sunrise in a dingy apartment in Cambridge, Massachusetts, could have just as easily been about Paul and me coming up with the idea for Microsoft. Like Sam and Sadie, we worked together every day for years.

Paul's vision and contributions to the company were absolutely critical to its success, and then he chose to move on. We had a great relationship, but not without some of the complexities that success brings. Zevin really captures what it feels like to start a company that takes off. It's thrilling to know your vision is now real, but success brings a lot of new questions. Once you make money, do you still have something to prove? How does your relationship with your partner change once a lot more people get involved? How do you make the next idea as good as the last?

You can't help but wonder whether you would've been as successful if you started up at a different time... Paul and I were very lucky in terms of our timing with Microsoft. We got in when chips were just starting to become powerful but before other people had created established companies... Tomorrow, and Tomorrow, and Tomorrow resonated with me for personal reasons, but I think Zevin's exploration of partnership and collaboration is worth reading no matter who you are. Even if you're skeptical about reading a book about video games, the subject is a terrific metaphor for human connection.

The book is now being adapted into a movie.
Power

Can Open Source Speed the Adoption of Clean-Energy Microgrids? (linuxfoundation.org) 15

This week the Linux Foundation announced the publication of The Open Source Opportunity for Microgrids: Five Ways to Drive Innovation and Overcome Market Barriers for Energy Resilience. "The research informs readers about microgrids — groups of distributed energy resources designed to improve energy resiliency, with the ability to operate as part of a larger electrical grid, or separately as an island."

The report highlights the current state of the microgrid market and explores the potential for open source technology to accelerate the adoption of microgrids worldwide... The report concludes that microgrids are an essential tool to improve energy resilience and advance decarbonization, and that the market faces a range of challenges that the open source ecosystem is well positioned to address.
Among other things, the report "examines how participation in relevant open source programs and activities can help address gaps and challenges," according to the announcement, "and accelerate the learning, development, and governance of microgrid initiatives." One focus of the report is "enabling market innovation toward energy resilience at scale, supporting the Energy sector to adopt proven open source-enabled business models, security benefits, and cost reductions demonstrated in the IT and Telecom industries."

And according to the foundation's senior vice president of research and communications, the report also "describes the opportunities for open source to accelerate the proliferation of microgrids as a mechanism for clean energy production and consumption."
Cloud

Amazon's AWS is 'Retiring' Its Open-Source-and-on-GitHub Documentation 13

Long-time Slashdot reader theodp writes: On the AWS News Blog, AWS Chief Evangelist Jeff Barr has published a kind of obituary for AWS Documentation on GitHub (RIP, 2018-2023). From the blog post:

"About five years ago I announced that AWS Documentation is Now Open Source and on GitHub. After a prolonged period of experimentation we will archive most of the repos starting the week of June 5th, and will devote all of our resources to directly improving the AWS documentation and website."

"The primary source for most of the AWS documentation is on internal systems that we had to manually sync with the GitHub repos. Despite the best efforts of our documentation team, keeping the public repos in sync with our internal ones has proven to be very difficult and time consuming, with several manual steps and some parallel editing. With 262 separate repos and thousands of feature launches every year, the overhead was very high and actually consumed precious time that could have been put to use in ways that more directly improved the quality of the documentation."

"Our intent was to increase value to our customers through openness and collaboration, but we learned through customer feedback that this wasn't necessarily the case. After carefully considering many options we decided to retire the repos and to invest all of our resources in making the content better."
Transportation

In Hawaii, GPS Keeps Sending Drivers Into the Ocean (sfgate.com) 94

Slashdot reader DevNull127 writes: In April a tourist in Hawaii followed GPS driving directions straight into a harbor. And one month later, another tourist did the exact same thing — driving into the same harbor. One onlooker remembers "screaming the whole time to get her attention but her GPS had told her to go there, so she drove right in."

When asked if they'd add warning signs, a state government spokeperson said no. "It's really clear that it is a ramp and it leads directly into the water." Although an information specialist for Hawaii's Department of Transportation did offer future tourists this advice.

"If you see a body of water, don't drive towards it."

Medicine

Lung Cancer Pill Cuts Risk of Death by Half, Study Finds (theguardian.com) 15

The Guardian reports: A pill taken once a day cuts the risk of dying from lung cancer by half, according to "thrilling" and "unprecedented" results from a decade-long global study. Taking the drug osimertinib after surgery dramatically reduced the risk of patients dying by 51%, results presented at the world's largest cancer conference showed...

Everyone in the trial had a mutation of the EGFR gene, which is found in about a quarter of global lung cancer cases, and accounts for as many as 40% of cases in Asia. An EGFR mutation is more common in women than men, and in people who have never smoked or have been light smokers. Speaking in Chicago, [Dr Roy Herbst, the deputy director of Yale Cancer Center and lead author of the study] said the "thrilling" results added huge weight to earlier findings from the same trial that showed the pill also halves the risk of a recurrence of the disease... Not everyone diagnosed with lung cancer is tested for the EGFR mutation, which needs to change, Herbst said, given the study's findings...

After five years, 88% of patients who took the daily pill after the removal of their tumour were still alive, compared with 78% of patients treated with a placebo. Overall, there was a 51% lower risk of death for those who received osimertinib compared with those who received placebo. The survival benefit "was observed consistently" in an analysis across all study subgroups, including those with stage one, stage two and stage three lung cancer. Chemotherapy had been given to 60% of those in the study, and the survival benefit of osimertinib was seen regardless of whether prior chemotherapy was received.

Cellphones

Progressive Web Apps 'Don't Spy or Clog Your Phone'. Do You Use Them? (msn.com) 63

"It's worth questioning the status quo of technology," argues the Washington Post's Tech Friend newsletter, "including apps as we know them."

Then they tout the benefits of the "non-app app... a hybrid of a website and a conventional app, with features of each" — the unappreciated Progressive Web App (which many still don't know can be installed on your phone's home screen): Web apps look and function pretty much like the conventional apps for your phone or computer, but they clog less space on your device and are less pushy about surveilling you. People who make web apps also say they are easier to create and update than conventional apps... But web apps have been around for years, and most people don't know they exist...

[Traditional apps] come with profound downsides, including Big Tech control, privacy compromises and high development costs. It would be healthy if there were palatable alternative paths to our current app system. Web apps might be part of the solution... At their core, web apps are "the web with an app-like cover," said Rob Kochman, senior product manager for Google's Chrome. Kochman and other web app fans say these apps are less demanding and less intrusive than a conventional app. The web app for Starbucks, for example, takes up just 429 kilobytes of storage on my phone — or less than 1 percent of the storage taken by the standard Starbucks Android app...

And by design, once a conventional app is on your phone, it can access your phone's guts and peek under the hood of your internet network. Web apps are stingier about access, Kochman and other experts told me. "If you're worried about installing some app, you'd probably prefer that as a web app," said a veteran tech executive who helped develop the original technology for web apps. He referred to a web app as "just a website that took all the right vitamins...."

It's difficult to figure out which companies make web apps or find them. There's not an app store for web apps, although there are some attempts like Store.App and Appscope. They're not ideal... Some technologists told me that Apple has held back web apps by limiting their capabilities for Apple devices. The company has said that's not true. And this year, Apple added iPhone feature options for web apps...

We should keep challenging what can feel like immutable parts of digital life, including apps. We have to keep asking: What if there's something better?

It's as easy as "press the three-dot icon, then select 'Add to home screen.'" But it'd be interesting to hear the perspective of Slashdot readers. So share your thoughts and experiences in the comments.

Are you using progressive web apps?
AI

Big Tech Isn't Prepared for AI's Next Chapter: Open Source (slate.com) 19

Security guru Bruce Schneier and CS professor Jim Waldo think big tech has underestimated the impact of open source principles on AI research: In February, Meta released its large language model: LLaMA. Unlike OpenAI and its ChatGPT, Meta didn't just give the world a chat window to play with. Instead, it released the code into the open-source community, and shortly thereafter the model itself was leaked. Researchers and programmers immediately started modifying it, improving it, and getting it to do things no one else anticipated. And their results have been immediate, innovative, and an indication of how the future of this technology is going to play out. Training speeds have hugely increased, and the size of the models themselves has shrunk to the point that you can create and run them on a laptop. The world of A.I. research has dramatically changed.

This development hasn't made the same splash as other corporate announcements, but its effects will be much greater. It will wrest power from the large tech corporations, resulting in both much more innovation and a much more challenging regulatory landscape. The large corporations that had controlled these models warn that this free-for-all will lead to potentially dangerous developments, and problematic uses of the open technology have already been documented. But those who are working on the open models counter that a more democratic research environment is better than having this powerful technology controlled by a small number of corporations...

[B]uilding on public models like Meta's LLaMa, the open-source community has innovated in ways that allow results nearly as good as the huge models — but run on home machines with common data sets. What was once the reserve of the resource-rich has become a playground for anyone with curiosity, coding skills, and a good laptop.

Bigger may be better, but the open-source community is showing that smaller is often good enough. This opens the door to more efficient, accessible, and resource-friendly LLMs.

Low-cost customization will foster rapid innovation, the article argues, and "takes control away from large companies like Google and OpenAI." Although this may have one unforeseen consequence...

"Now that the open-source community is remixing LLMs, it's no longer possible to regulate the technology by dictating what research and development can be done; there are simply too many researchers doing too many different things in too many different countries."

Thanks to long-time Slashdot reader mrflash818 for submitting the article
Operating Systems

System76's Open Firmware 'Re-Disables' Intel's Management Engine (phoronix.com) 18

Linux computer vendor System76 shared some news in a recent blog post. "We prefer to disable the Intel Management Engine wherever possible to reduce the amount of closed firmware running on System76 hardware. We've resolved a coreboot bug that allows the Intel ME (Management Engine) to once again be disabled."

Phoronix reports that the move will "benefit their latest Intel Core 13th Gen 'Raptor Lake' wares as well as prior generation devices." Intel ME is disabled for their latest Raptor lake laptops and most older platforms with some exceptions like where having a silicon issue with Tiger Lake. System76 has also added a new firmware setup menu option for enabling/disabling UEFI Secure Boot. The motivation here with making it easier to toggle Secure Boot is for allowing Windows 11 support with SB active while running System76 Open Firmware.
Earth

What Stops Millions of Americans From Going Green: Their Landlords (msn.com) 122

The Washington Post looks at "Americans who want to lower their carbon footprints — but are stymied by their landlords." Homes and apartments burn oil and gas, suck up electricity, and account for about one-fifth of the United States' total greenhouse gas emissions. But current attempts to green America's homes, including billions of dollars in tax credits for energy efficient appliances and retrofits, seem aimed at the affluent owners of detached, single-family homes — in short, Mad-Men-style suburbias. In reality, about one-third of the country's households live in rented apartments or houses... And they generally do not have the spare cash — or the permission from their landlords — to make environmental upgrades. Part of the issue is what's known in economics as the "split-incentive problem," or the "landlord-tenant problem." Roughly 75% of tenants in the United States pay their own utility bills; that means they have a strong incentive to try to conserve electricity, water, or gas to save cash. But their landlords, who have to pay for installing and replacing those appliances and heating systems, don't. They benefit from renting out their properties as quickly and cheaply as possible...

Renters, therefore, are often stuck with leaky housing, inefficient appliances and ancient heating systems. According to one study from 2018, renters use almost 3 percent more energy than homeowners thanks to the split incentive problem... President Biden's signature climate bill includes an estimated $37 billion in tax credits to help households switch to efficient heat pumps, water heaters, or to seal up and insulate their homes. Those credits are applicable to individual homeowners or renters — but not landlords. According to IRS guidance, "the credits are never available for a home that you don't use as a residence." And few renters are going to want to spend thousands of dollars on a heat pump that they'll have to leave behind when they move...

If the landlord problem isn't solved, millions of less wealthy Americans could be left out of the green transition — and will be stuck with higher energy bills. For example, even in the same income bracket, homeowners are almost three times more likely than renters to own electric vehicles — largely because renters lack home charging. There are programs, including some in America's giant climate bill, that could change this... Still, those programs haven't launched yet and aren't expected until at least late this year. And even though renters make up one-third of American households, they're still getting less investment; the tax credits for homeowners are uncapped. The federal government could end up spending well over $50 billion on homeowners, and about $8 billion on renters.

Most renters remain at the mercy of their apartment managers and landlords.

Programming

NYT: It's the End of Computer Programming As We Know It (nytimes.com) 175

Long-time Slashdot theodp writes: Writing for the masses in It's the End of Computer Programming as We Know It. (And I Feel Fine.), NY Times opinion columnist Farhad Manjoo explains that while A.I. might not spell the end of programming ("the world will still need people with advanced coding skills"), it could mark the beginning of a new kind of programming — "one that doesn't require us to learn code but instead transforms human-language instructions into software."

"Wasn't coding supposed to be one of the can't-miss careers of the digital age?," Manjoo asks. "In the decades since I puttered around with my [ZX] Spectrum, computer programming grew from a nerdy hobby into a vocational near-imperative, the one skill to acquire to survive technological dislocation, no matter how absurd or callous-sounding the advice. Joe Biden told coal miners: Learn to code! Twitter trolls told laid-off journalists: Learn to code! Tim Cook told French kids: Apprenez à programmer! Programming might still be a worthwhile skill to learn, if only as an intellectual exercise, but it would have been silly to think of it as an endeavor insulated from the very automation it was enabling. Over much of the history of computing, coding has been on a path toward increasing simplicity."

In closing, Manjoo notes that A.I. has alleviated one of his worries (one shared by President Obama). "I've tried to introduce my two kids to programming the way my dad did for me, but both found it a snooze. Their disinterest in coding has been one of my disappointments as a father, not to mention a source of anxiety that they could be out of step with the future. (I live in Silicon Valley, where kids seem to learn to code before they learn to read.) But now I'm a bit less worried. By the time they're looking for careers, coding might be as antiquated as my first PC."

Btw, there are lots of comments — 700+ and counting — on Manjoo's column from programming types and others on whether reports of programming's death are greatly exaggerated.

The Almighty Buck

Nigeria's Central Bank Explains Its 2021 Ban on Cryptocurrency Transactions at Banks (thenationonlineng.net) 29

In 2020 Nigeria had the third-most cryptocurrency transactions in the world (behind the U.S. and Russia). But "Nigeria's history with crypto has been a bittersweet one where the citizens have embraced digital assets with open arms but the government remains vehemently against it," writes the site Bitcoinist.

In early 2021 the BBC reported that "In an effort to regulate the market, Nigeria's central bank banned banks from facilitating cryptocurrency-related transactions in 2017, but the ban remained largely unenforced. However, this year the institution doubled down on its stance." In a statement released on 7 February [2021] it cited the need to protect the general public and safeguard the country from potential threats posed by "unknown and unregulated entities" that are "well-suited for conducting many illegal activities". Since then, many Nigerians have reported that their bank accounts have been frozen due to cryptocurrency-related activity...

However many investors with the possibility say they will continue to trade using their overseas bank accounts. They say they can easily revert to peer-to-peer transactions. This means that rather than transferring funds between a financial institution and a cryptocurrency online trading platform, investors transfer funds directly to each other or through a middle person as they buy and sell. This is the method the cryptocurrency community used before the development of the virtual currency marketplace ecosystem in Nigeria...

At the heart of the rise of Bitcoin is a distrust of centralised financial systems and top-down economic control, investors say. Many express their frustrations with government policy and the decline of the Nigerian economy.

This week the Lagos-based Nigerian newspaper The Nation published this explanation of that crackdown from the Central Bank's deputy governor, Kinsley Obiora. "When the central bank started reacting to COVID with what we call printing money and responding to the crisis, a lot of people in the private sector felt that printing of money could lead to hyper-inflation and these private sector people decided to respond by creating cryptocurrencies." Over time, the creators of cryptocurrency, he added, felt that central banks should not be left with the authority to do whatever they like with money. Fearing that such a mindset might cause inflation and reduce the purchasing power of households, the CBN he said responded to what he called "the good aspect of that change because a lot of people actually took to crypto currencies". Fed up with the antics of the cryptocurrency operators, Obiora said the "we kicked them out of our banking system because the opacity of the system is still a threat to financial system stability".
Data Storage

ARM Joins Linux Foundation's 'Open Programmable Infrastructure' Project (linuxfoundation.org) 15

ARM has joined the Linux Foundation's Open Programmable Infrastructure project, "a community-driven initiative focused on creating a standards-based open ecosystem for next-generation architectures and frameworks" based on programmable processor technologies like DPUs (Data Processing Units) and IPUs (Infrastructure Processing Units).

From the Linux Foundation's announcement: Launched in June 2021 under the Linux Foundation, the project is focused on utilizing open software and standards, as well as frameworks and toolkits, to enable the rapid adoption of DPUs. Arm joins other premier members including Dell Technologies, F5, Intel, Keysight Technologies, Marvell, Nvidia, Red Hat, Tencent, and ZTE. These member companies work together to create an ecosystem of blueprints and standards to ensure that compliant DPUs work with any server.

DPUs are used today to accelerate networking, security, and storage tasks. In addition to performance benefits, DPUs help improve data center security by providing physical isolation for running infrastructure tasks. DPUs also help to reduce latency and improve performance for applications that require real-time data processing. As DPUs create a logical split between infrastructure compute and client applications, the manageability of workloads within different development and management teams is streamlined.

"Arm has been contributing to the OPI Project for a while now," said Kris Murphy, Chair of the OPI Project Governing Board and Senior Principal Software Engineer at Red Hat. "Now, as a premier member, we are excited that they're bringing their leadership to the Governing Board and expertise to the technical steering committee and working groups. Their participation will help to ensure that the DPU components are optimized for programmable infrastructure solutions."

"Across network, storage, and security applications, DPUs are already proving the power efficiency and capex benefits of specialized processing technology," said Marc Meunier, director of ecosystem development, Infrastructure Line of Business, Arm and member of OPI Governing Board. "As a premier member of the OPI project, we look forward to contributing our expertise in heterogeneous computing and working with other leaders in the industry to create solution blueprints and standards that pave the way for successful deployments."

"The DPU market offers an opportunity for us to change how infrastructure services can be deployed and managed," Arpit Joshipura, General Manager, Networking, Edge, and IoT, the Linux Foundation. "With collaboration across software and hardware vendors representing silicon devices and the entire DPU software stack, the OPI Project is creating an open ecosystem for next generation data centers, private clouds, and edge deployments."

Education

CS50, the World's Most Popular Online Programming Class, Turns to AI for Help (msn.com) 21

"The world's most popular online learning course, Harvard University's CS50, is getting a ChatGPT-era makeover," reports Bloomberg: CS50, an introductory course in computer science attended by hundreds of students on-campus and over 40,000 online, plans to use artificial intelligence to grade assignments, teach coding and personalize learning tips, according to its Professor David J. Malan... Even with more than 100 real-life teaching assistants, he said it had become difficult to fully engage with the growing number of students logging in from different time zones and with varying levels of knowledge and experience. "Providing support tailored to students' specific questions has been a challenge at scale, with so many more students online than teachers," said Mr Malan, 46.

His team is now fine-tuning an AI system to mark students' work, and testing a virtual teaching assistant to evaluate and provide feedback on students' programming. The virtual teaching assistant asks rhetorical questions and offers suggestions to help students learn, rather than simply catching errors and fixing coding bugs, he said. Longer term, he expects this to give human teaching assistants more time for in-person or Zoom-based office hours...

Mr Malan said CS50's use of AI could highlight its benefits for education, particularly in improving the quality and access of online learning — an industry that Grand View Research forecasts to grow to $348 billion by 2030, nearly tripling from 2022. "Potentially, AI is just hugely enabling in education," he said.

Slashdot Top Deals