The CEO of NSO Group, whose spyware tools have reportedly been used to target journalists and activists, says that people who aren't criminals shouldn't be afraid of being surveilled AppleInsider reports: Shalev Hulio, 39, recently spoke to Forbes after investigations indicated that NSO Group's Pegasus spyware was used by authoritarian governments to hack and surveil the mobile devices of world leaders, high-profile journalists, and activists. NSO Group says that it sells its tools to governments to help them catch serious criminals like terrorists or gangsters. However, Hulio admitted that it can't control what governments ultimately do with the tools. "We are selling our products to governments. We have no way to monitor what those governments do," he said.

Hulio did note that NSO Group has mechanisms in place to detect when abuse happens so that the company can "shut them down." He says that NSO Group has "done it before and will continue to do so. On the other hand, he said that NSO Group shouldn't be responsible for government misuse. Additionally, Hulio said that the average smartphone has nothing to worry about. While NSO Group's spyware can break into the latest iPhones running up-to-date software, often without any action from the user, it's only aimed at criminals. "The people that are not criminals, not the Bin Ladens of the world -- there's nothing to be afraid of. They can absolutely trust on the security and privacy of their Google and Apple devices," Hulio said.

An anonymous reader quotes a report from Ars Technica: SpaceX can keep launching broadband satellites despite a lawsuit filed by Viasat, a federal appeals court ruled Tuesday. Viasat sued the Federal Communications Commission in May and asked judges for a stay that would halt SpaceX's ongoing launches of low Earth orbit (LEO) satellites that power Starlink Internet service. To get a stay, Viasat had to show that it is likely to win its lawsuit alleging that the FCC improperly approved the satellite launches. A three-judge panel at the US Court of Appeals for the District of Columbia Circuit was not persuaded, saying in a short order that "Viasat has not satisfied the stringent requirements for a stay pending court review." The judges did grant a motion to expedite the appeal, however, so the case should move faster than normal.

You can now block people in Google Drive. From a report: A notification pops up on your phone: "Click here for hot XXX action!" It's Google Drive again. Someone shared a document containing that title, and now your phone is begging you to look at it. Even if you ban Google Drive from generating phone notifications, you'll still get emails. If you block the emails, you'll have to see the spam when you click on the "shared" section of Google Drive. The problem is that Drive document sharing was built with no spam-management tools. Anyone who gets a hold of your email is considered to be an important sharer of valid documents, and there has been nothing you can do about it -- until now.

Google officially acknowledged the problem back in 2019, and the company said it was making spam controls "a priority." Now, more than two years later, Google is finally rolling out the most basic of spam tools to Google Drive sharing -- you can block individual email addresses! The company announced this feature in May, but the tool is rolling out to users over the next 15 days. Soon, once the spam arrives in your Google Drive, you'll be able to click the menu button next to the item and choose "block user." Drive sharing works just like email spam. Anyone can share a drive file with you if they know your address. Documents that have been shared with you still automatically show up in your Drive collection without your consent. There's no way to turn off sharing, to limit sharing to approved users, or to limit it to existing contacts. It's a free-for-all.

The extremes of floods and fires are not going away, but adaptation can lessen their impact. Economist (paywalled): If temperatures rise by 3C above pre-industrial levels in the coming decades -- as they might even if everyone manages to honour today's firm pledges -- large parts of the tropics risk becoming too hot for outdoor work. Coral reefs and the livelihoods that depend on them will vanish and the Amazon rainforest will become a ghost of itself. Severe harvest failures will be commonplace. Ice sheets in Antarctica and Greenland will shrink past the point of no return, promising sea rises measured not in millimetres, as today's are, but in metres.

Six years ago, in Paris, the countries of the world committed themselves to avoiding the worst of that nightmare by eliminating net greenhouse-gas emissions quickly enough to hold the temperature rise below 2C. Their progress towards that end remains woefully inadequate. Yet even if their efforts increased dramatically enough to meet the 2C goal, it would not stop forests from burning today; prairies would still dry out tomorrow, rivers break their banks and mountain glaciers disappear. Cutting emissions is thus not enough. The world also urgently needs to invest in adapting to the changing climate. The good news is that adaptation makes political sense. People can clearly see the need for it. When a country invests in flood defences it benefits its own citizens above all others -- there is no free-rider problem, as there could be for emissions reduction. Nor does all the money come from the public purse; companies and private individuals can see the need for adaptation and act on it. When they do not do so, insurance companies can open their eyes to the risks they are running.

Some adaptation is fairly easily set in place. Systems for warning Germans of coming floods will surely now improve. But other problems require much larger public investment, like that which has been put into water-management in the Netherlands. Rich countries can afford such things. Poor countries and poor people need help, which is why the Paris climate agreement calls for annual transfers of $100bn from rich to poor. The rich countries have not yet lived up to their side of this. On July 20th John Kerry, President Joe Biden's special envoy on climate change, reiterated America's pledge to triple its support to $1.5bn for adaptation in poorer countries by 2024, part of a broader move to increase investment in adaptation and mitigation in developing countries. More such efforts are vital.

Could a flexible processor stuck on your produce track the freshness of your cantaloupe? That's the idea behind the latest processor from UK computer chip designer Arm, which says such a device could be manufactured for pennies by printing circuits directly onto paper, cardboard or cloth. From a report: The technology could give trillions of everyday items such as clothes and food containers the ability to collect, process and transmit data across the internet -- something that could be as convenient for retailers as it is concerning for privacy advocates.

In recent decades, processors have reduced in size and price to the point that they are now commonly used in everything from televisions to washing machines and watches. But almost all chips manufactured today are rigid devices created on silicon wafers in highly specialised and costly factories where dozens of complex chemical and mechanical processes take up to eight weeks from start to finish. Now, Arm has developed a 32-bit processor called PlasticARM with circuits and components that are printed onto a plastic substrate, just as a printer deposits ink on paper. James Myers at Arm says the processor can run a variety of programs, although it currently uses read-only memory so is only able to execute the code it was built with. Future versions will use fully programmable and flexible memory.

A four-year-old startup says it has built an inexpensive battery that can discharge power for days using one of the most common elements on Earth: iron. From a report: Form Energy's batteries are far too heavy for electric cars. But it says they will be capable of solving one of the most elusive problems facing renewable energy: cheaply storing large amounts of electricity to power grids when the sun isn't shining and wind isn't blowing. The work of the Somerville, Mass., company has long been shrouded in secrecy and nondisclosure agreements. It recently shared its progress with The Wall Street Journal, saying it wants to make regulators and utilities aware that if all continues to go according to plan, its iron-air batteries will be capable of affordable, long-duration power storage by 2025.

Its backers include Breakthrough Energy Ventures, a climate investment fund whose investors include Microsoft co-founder Bill Gates and Amazon founder Jeff Bezos. Form recently initiated a $200 million funding round, led by a strategic investment from steelmaking giant ArcelorMittal one of the world's leading iron-ore producers. Form is preparing to soon be in production of the "kind of battery you need to fully retire thermal assets like coal and natural gas" power plants, said the company's chief executive, Mateo Jaramillo, who developed Tesla's Powerwall battery and worked on some of its earliest automotive powertrains. On a recent tour of Form's windowless laboratory, Mr. Jaramillo gestured to barrels filled with low-cost iron pellets as its key advantage in the rapidly evolving battery space. Its prototype battery, nicknamed Big Jim, is filled with 18,000 pebble-size gray pieces of iron, an abundant, nontoxic and nonflammable mineral.

For a lithium-ion battery cell, the workhorse of electric vehicles and today's grid-scale batteries, the nickel, cobalt, lithium and manganese minerals used currently cost between $50 and $80 per kilowatt-hour of storage, according to analysts. Using iron, Form believes it will spend less than $6 per kilowatt-hour of storage on materials for each cell. Packaging the cells together into a full battery system will raise the price to less than $20 per kilowatt-hour, a level at which academics have said renewables plus storage could fully replace traditional fossil-fuel-burning power plants. A battery capable of cheaply discharging power for days has been a holy grail in the energy industry, due to the problem that it solves and the potential market it creates.

Ed Zitron, CEO of national Media Relations and Public Relations company EZPR, writes about Clubhouse -- a one-year-old social audio app that is valued at $4 billion and is backed by several high-profile investors including A16z and Tiger Global and whose popularity appears to be on a decline: Yes, Clubhouse's vanity metrics say that people are creating "500,000 rooms a day," and they've launched a DM feature, but seriously -- I am asking you, dear reader, do you know a single soul who has spent more than a few minutes on Clubhouse in the last 3 months? If you do, do they spend regular time on the app? [...] Clubhouse is the elephant in the room in venture, and I believe there is a conscious attempt to not discuss it for fear that it proves that the entire conversation around it was hot air. When everyone desperately rushed to say that it was the next big thing, I asked repeatedly what exactly about it was going to be big, or change things. The answer mostly came down to the idea that we don't know what the future looks like, and that people were on the waitlist - which is no longer an excuse.

Nick Bilton at Vanity Fair was a rare case of dissent, making a clear warning that this was very much a pandemic app and nothing more -- but many people in venture and tech do not seem to want to discuss it as anything other than "a big social network." The Information questioned whether Clubhouse was the next Foursquare -- a promising company with tons of press that ultimately didn't reach the giddy heights it was "meant to" -- but for the most part, people have remained either indifferent or positive about it. The fact this isn't regularly discussed is both a bad sign for the app and also a sign, in my opinion, of an industry-wide embarrassment. So many people rushed to join Clubhouse, or discuss what's big on Clubhouse, or how Clubhouse was the beginning of a "social audio revolution" because they were afraid they'd miss out on the next TikTok, and I'd argue that the press did a woeful job at actually questioning the format. It feels as if there was an unquestioning conflation between an app being important and an app raising a bunch of money, and though one can say that the simple act of raising makes something important, it's irresponsible and embarrassing to run a single article on Clubhouse without questioning the format itself.

"Software research is a train wreck," says Hillel Wayne, a Chicago-based software consultant who specialises in formal methods, instancing the received wisdom that bugs are way more expensive to fix once software is deployed. Wayne did some research, noting that "if you Google 'cost of a software bug' you will get tons of articles that say 'bugs found in requirements are 100x cheaper than bugs found in implementations.' They all use this chart from the 'IBM Systems Sciences Institute'... There's one tiny problem with the IBM Systems Sciences Institute study: it doesn't exist." The Register: Laurent Bossavit, an Agile methodology expert and technical advisor at software consultancy CodeWorks in Paris, has dedicated some time to this matter, and has a post on GitHub called "Degrees of intellectual dishonesty". Bossavit referenced a successful 1987 book by Roger S Pressman called Software Engineering: a Practitioner's Approach, which states: "To illustrate the cost impact of early error detection, we consider a series of relative costs that are based on actual cost data collected for large software projects [IBM81]." The reference to [IBM81] notes that the information comes from "course notes" at the IBM Systems Sciences Institute. Bossavit discovered, though, that many other publications have referenced Pressman's book as the authoritative source for this research, disguising its tentative nature.

Bossavit took the time to investigate the existence of the IBM Systems Science Institute, concluding that it was "an internal training program for employees." No data was available to support the figures in the chart, which shows a neat 100x the cost of fixing a bug once software is in maintenance. "The original project data, if any exist, are not more recent than 1981, and probably older; and could be as old as 1967," said Bossavit, who also described "wanting to crawl into a hole when I encounter bullshit masquerading as empirical support for a claim, such as 'defects cost more to fix the later you fix them'."

New submitter SofiaWW writes: A few days ago, at Microsoft Inspire, it was announced that Windows 11 would ship with dark mode activated by default. This was not a case of rumor or speculation, this was an announcement made at an official Microsoft event by a Microsoft employee. But now it transpires that the statement was not correct. Microsoft has now clarified that it "will ship Windows 11 SKUs in light mode on by default." No explanation for the miscommunications has yet been given.

Remote management software vendor Kaseya said this week it had obtained a universal decryptor for the REvil ransomware and is now in the process of helping customers recover their encrypted data following a major ransomware attack that targeted its on-premises VSA servers on July 2 this year. From a report: In a phone call today, a Kaseya spokesperson told The Record it obtained the decrypter from a "trusted third-party," but declined to elaborate further, for the moment. The company said it obtained the decryptor yesterday, verified that the decryption tool worked properly, and has begun shipping it to affected customers earlier today. In an update on July 6, the Kaseya CEO said that around 60 of its direct customers, users of VSA servers, were impacted in the July 2 attack. Hackers used a zero-day to gain access to Kaseya VSA on-premise servers and then pivoted to workstations managed through the VSA software, deploying a version of the REvil ransomware on those systems and encrypting their files.

Hardcore porn was embedded all over several regular websites late Thursday because a porn company has purchased the domain of a popular, defunct video hosting site. From a report: As pointed out by Twitter user @dox_gay, hardcore porn is now embedded on the pages of the Huffington Post, New York magazine, The Washington Post, and a host of other websites. This is because a porn site called 5 Star Porn HD bought the domain for Vidme, a brief YouTube competitor founded in 2014 and shuttered in 2017. Its Twitter account is still up, but the domain lapsed.

Most Americans who haven't been vaccinated against COVID-19 say they are unlikely to get the shots and doubt they would work against the aggressive delta variant despite evidence they do, according to a new poll that underscores the challenges facing public health officials amid soaring infections in some states. AP: Among American adults who have not yet received a vaccine, 35% say they probably will not, and 45% say they definitely will not, according to a poll from The Associated Press-NORC Center for Public Affairs Research. Just 3% say they definitely will get the shots, though another 16% say they probably will. What's more, 64% of unvaccinated Americans have little to no confidence the shots are effective against variants -- including the delta variant that officials say is responsible for 83% of new cases in the U.S. -- despite evidence that they offer strong protection. In contrast, 86% of those who have already been vaccinated have at least some confidence that the vaccines will work.

That means "that there will be more preventable cases, more preventable hospitalizations and more preventable deaths," said Dr. Amesh Adalja, an infectious disease specialist at Johns Hopkins University. "We always knew some proportion of the population would be difficult to persuade no matter what the data showed, (and) a lot of people are beyond persuasion," said Adalja. He echoed Centers for Disease Control and Prevention Director Rochelle Walensky in calling the current surge "a pandemic of the unvaccinated" because nearly all hospital admissions and deaths have been among those who weren't immunized.

Facebook's acquisition of U.S. customer service startup Kustomer is set to trigger a full-scale EU antitrust investigation next month, Reuters reported Friday, citing three people familiar with the matter. From the report: The world's largest social network, which announced the deal in November, is looking to the deal to scale up its instant messaging app WhatsApp, whose usage has soared during the COVID-19 pandemic. The European Commission will conclude its preliminary review of the deal on Aug. 2 after which it will begin an in-depth 90-day investigation, the people said. Facebook has until July 26 to offer concessions to stave off the investigation but is unlikely to do so because of the difficulty of finding the right remedies to address competition concerns, the people said on condition of anonymity.

Threat actors who spread and manage malware have long abused legitimate online services. As we found during our investigation into the use of TLS by malware, more than half of network traffic generated by malware uses TLS encryption, and 20 percent of that involved the malware communicating with legitimate online services. During the timeframe of that research, we found that four percent of the overall TLS-protected malware downloads came from one service in particular: Discord. From a report: The growing popularity of the game-centric text and voice chat platform has not failed to draw the attention of malware operators. Discord operates its own content delivery network, or CDN, where users can upload files to share with others. The service also publishes an API, enabling developers to create new ways to interact with Discord other than through its client application. We observed significant volumes of malware hosted in Discord's own CDN, as well as malware interacting with Discord APIs to send and receive data.

Several password-hijacking malware families specifically target Discord accounts. SophosLabs also found malware that leveraged Discord chat bot APIs for command and control, or to exfiltrate stolen information into private Discord servers or channels. As the origins of the service were tied to online gaming, Discord's audience includes large numbers of gamers -- including players of youth-oriented titles such as Fortnite, Minecraft, or Roblox. Among the malicious files we discovered in Discord's network, we found game cheating tools that target games that integrate with Discord, in-game. The tools allegedly make it possible, exploiting weaknesses in Discord's protocols, for one player to crash the game of another player. We also found applications that serve as nothing more than harmless, though disruptive, pranks.

China is considering asking companies that offer tutoring on the school curriculum to go non-profit, Bloomberg News reported Friday, citing people familiar with the matter, as part of a sweeping set of constraints that could decimate the country's $100 billion education tech industry. Shares sank. From a report: In rules currently being mulled, the platforms will likely no longer be allowed to raise capital or go public, the people said, asking to not be identified because the information is not public. Listed firms will also probably no longer be allowed to invest in or acquire education firms teaching school subjects while foreign capital will also be barred from the sector, one of the people said. Local regulators will stop approving new after-school education firms seeking to offer tutoring on China's compulsory syllabus and require extra scrutiny of existing online platforms, the people said. Vacation and weekend tutoring on school subjects will also be banned, they said. Changes may still occur as the rules haven't been published.