Twitter's potential new owner just made this announcement to his 93.1 million followers. "Very important to fix your Twitter feed," the annoncement began: 1. Tap home button.
2. Tap stars on upper right of screen.
3. Select "Latest tweets".

You are being manipulated by the algorithm in ways you don't realize.

Easy to switch back & forth to see the difference.
Currently it's been pinned to the top of Elon Musk's Twitter feed. And minutes later, he added this reply to his own tweet. "This message brought to you by the Illuminaughty."

Musk's motivation isn't clear — but just minutes earlier he'd tweeted a reply to own tweet from Friday that had suggested Twitter users check a sample of 100 Twitter accounts for the percentage of fake/spam/duplicate accounts. "I picked 100 as the sample size number," Musk had added as a reply Friday, "because that is what Twitter uses to calculate less than 5% fake/spam/duplicate." Musk's follow-up tweet today?

"Twitter legal just called to complain that I violated their NDA by revealing the bot check sample size is 100! This actually happened."

The tweets follow three more from the last 24 hours which all apparently comment wryly on Musk's planned acquisition of Twitter. "Whoever thought owning the libs would be cheap never tried to acquire a social media company!" Musk tweeted earlier this afternoon. "At least, that's what the lib hivemind thinks haha."

And an earlier tweet appeared to allude to his recently-expressed interest in the number of fake/spam accounts on Twitter. Friday night, Elon Musk tweeted:

"The bots are angry at being counted."

"We do not need to plunge headlong into a nuclear future," argues Serhii Plokhy, author of the book Atoms and Ashes: From Bikini Atoll to Fukushima.

He notes Belgium's adding a 10-year extension to the life of two of its nuclear reactors, France's program to build 14 new reactors, and Boris Johnson's pledge to create supply 25% of the UKs power needs with nuclear energy by 2050. On the surface, the switch to nuclear makes sense. It would not only enable European countries to meet their ambitious net zero targets, since it produces no CO2. It would also make them less vulnerable to Russian threats, and allow them to stop financing the Russian war machine....

What the Russian takeover of [Ukraine] nuclear facilities exposed is a hazard inherent in all nuclear power. In order for this method of producing electricity to be safe, everything else in society has to be functioning perfectly. Warfare, economic collapse, climate change itself — all of these increasingly real risks make nuclear sites potentially perilous places. Even without them, the dangers of atomic fission remain, and we must ask ourselves: are they really worth the cost...?

Technological developments, growing international cooperation and rising safety standards did indeed do a great deal to ensure that no major nuclear accident occurred for 25 years after Chernobyl. But the Fukushima explosions demonstrated that such improvements have not eradicated the dangers surrounding nuclear power plants.... Can anything be done to make reactors safer? A new generation of smaller modular reactors, designed from scratch to produce energy, not to facilitate warfare, has been proposed by Bill Gates, and embraced, among others, by Macron. The reactors promised by Gates's TerraPower company are still at the computer-simulation stage and years away from construction. But his claim that in such reactors "accidents would literally be prevented by the laws of physics" must be taken with a pinch of salt, as there are no laws of war protecting either old or new reactors from attack.

There is also serious concern that the rapid expansion in the number of plants, advocated as a way of dealing with climate change, will increase the probability of accidents. While new technology will help to avoid some of the old pitfalls, it will also bring new risks associated with untried reactors and systems. Responsibility for dealing with such risks is currently being passed on to future generations.

This is the second great risk from nuclear power: even if a reactor runs for its lifetime without incident, you still have a lot of dangerous material left at the end of it. Fuel from nuclear power plants will present a threat to human life and the environment for generations to come, with the half-life of some radioactive particles measured in tens of thousands of years.... Nuclear power plants generally have no alternative to storing their high-level radioactive waste on site....If what we bury today in the New Mexico desert — the waste created by our nuclear ambitions — is so repulsive to us, why do we pass it on to others to deal with?
The author's counter-proposal: expanding the use of renewable energy: New research should be encouraged, grid infrastructure should be built up, and storage capacity increased. Billions that would otherwise go to new nuclear infrastructure, with all the attendant costs of cleanup that continue for decades and beyond, should be pumped instead into clean energy.

In the meantime, we obviously have an existing nuclear industry, and the solution is not to run away in panic, but to take good care of the facilities that already dot our countryside. We must not abandon the industry to its current state of economic hardship, as that would only mean inviting the next accident sooner rather than later.

Flying cars — or even electric flying taxis — are the dream of several well-funded manufacturers building "electric vertical-takeoff and landing aircraft" (or eVTOLs).

But will they face stricter government regulations than anticipated? Long-time Slashdot reader wired_parrot reports that America's Federal Aviation Administration has shifted gears — "revising it certification requirements for eVTOLS from small aircraft to a powered-lift category." (The original submission cites a "growing number" of issues for the industry to resolve — and asks whether this raises concerns about the viability of the whole potential eVTOL market.)

Meanwhile, AVWeb reports: According to a Reuters report, the impetus for the shift came from an ongoing audit by the U.S. Department of Transportation's Office of the Inspector General. The IG said so-called Urban Air Mobility vehicles present the FAA with "new and complex safety challenges...."

In a written response to a request for clarification, an FAA spokesperson told AVweb:

"The FAA's top priority is to make sure the flying public is safe. This obligation includes our oversight of the emerging generation of eVTOL vehicles. The agency is pursuing a predictable framework that will better accommodate the need to train and certify the pilots who will operate these novel aircraft.

"Our process for certifying the aircraft themselves remains unchanged. All of the development work done by current applicants remains valid and the changes in our regulatory approach should not delay their projects. As this segment of the industry continues to grow, we look forward to certifying innovative new technologies that meet the safety standards that the public expects and deserves."

The Washington Post reports on the "My Friends My Data" coalition, a group of start-up founders "working to push tech giants to adopt a new industry-wide standard that would allow users to transfer their followings from one app to another, thereby creating more competition between platforms." "Large social media companies are intentionally holding our personal contact information hostage," said Daniel Liss, founder and CEO of Dispo, a photography-based social network. "This limits consumer choice, stymies competition and inhibits free speech. We are committed to giving our community members control of their friend data...."

MFMD's founding members include a who's who of buzzy social apps like Dispo, Itsme, Clash App, Muze, Spam app and Collage, which together have received more than $100 million in venture funding and amassed tens of millions of downloads. The group has issued letters to Meta, TikTok, Snap, Twitter and other large social platforms calling on them to join their crusade. As the start-ups have found, competing with tech giants like Meta or YouTube is difficult when the top talent on the Internet is essentially locked in to specific platforms because of their inability to take followers elsewhere.

Many creators are already on board with MFMD's initiative. Some learned lessons about ownership the hard way after the fall of Vine. Many top Vine stars were overleveraged, investing all their energy in building out their following on the short-form video platform. When the app shuttered in 2016 those who hadn't used Vine to springboard to other apps like YouTube were left without access to the massive fandoms they had built....

[Liss] said that in addition to putting public pressure on the tech giants he hopes the MFMD can be a political force as well. "I'm very comfortable engaging in the political process on behalf of what we think is right," Liss said. "Not just for our companies but also for the next generation of consumer start-ups."
Eugene Park, a gaming Twitch streamer in Los Angeles with 300,000 followers, likes the idea of making followers transferrable to other services, telling the Post it "would be taking power from the tech companies and putting it in the hands of creators who really make up these giant platforms."

In the meantime, the article points out, TikTok users "have taken to referring to other apps like Instagram and YouTube using 'algospeak' pseudonyms, because they say even uttering the name of a competitor can downrank your content."

"CIQ has landed $26 million in funding to support its plans to expand the use of Rocky Linux in the enterprise space," reports ZDNet. Last year, Red Hat decided to stop supporting CentOS 8 and shifted focus to CentOS Stream. CentOS had some huge enterprise users, among them Disney, GoDaddy, RackSpace, Toyota, and Verizon. In response, Greg Kurtzer, one of CentOS's founders, kicked off Rocky Linux in December 2020.... Kurtzer says Rocky Linux adoption has been "massive", with monthly downloads of OS images typically 250,000, reaching 750,000 in a bumper month. "Within two months we had 10,000 developer and contributors trying to be part of this project...."

The project has gained the support of Greg Kroah-Hartman, the maintainer of the main-line stable Linux kernel, to meet community demands for Rocky Linux to run on a more modern, optimized kernel, Kurtzer said. Kroah-Hartman is leading Rocky Linux special interest group (SIG) for the kernel to create an optional enhanced kernel for Rocky Linux. "He's working closely with us to make sure the kernel we use is blessed by him. He's in the loop as bugs come up and help us manage that kernel in Rocky Linux," says Kurtzer.
"Moreover, today's news follows shortly after CIQ inked a major deal with Google to help support companies looking to deploy Rocky Linux on Google's cloud infrastructure," reports VentureBeat.

Kurtzer tells the site that Rocky Linux "has been a rocket ship in terms of uptake across the enterprise and cloud."

"If you've visited a website in recent days and been randomly redirected to the same pages with sketchy "resources" or unwanted ads, it's likely the site in question was 1) built with WordPress tools and 2) hacked," reports Gizmodo. Details come from this blog post by researchers at Sucuri (a security provider owned by GoDaddy): As outlined in our latest hacked website report, we've been tracking a long-lasting campaign responsible for injecting malicious scripts into compromised WordPress websites. This campaign leverages known vulnerabilities in WordPress themes and plugins and has impacted an enormous number of websites over the year — for example, according to PublicWWW, the April wave for this campaign was responsible for nearly 6,000 infected websites alone. Since these PublicWWW results only show detections for simple script injections, we can assume that the scope is significantly larger.

We recently investigated a number of WordPress websites complaining about unwanted redirects. Interestingly enough, they were found to be related to a new wave of this massive campaign and were sending website visitors through a series of website redirects to serve them unwanted ads. The websites all shared a common issue — malicious JavaScript had been injected within their website's files and the database, including legitimate core WordPress files... This JavaScript was appended under the current script or under the head of the page where it was fired on every page load, redirecting site visitors to the attacker's destination.... Domains at the end of the redirect chain may be used to load advertisements, phishing pages, malware, or even more redirects....

At the time of writing, PublicWWW has reported 322 websites impacted by this new wave... Considering that this count doesn't include obfuscated malware or sites that have not yet been scanned by PublicWWW, the actual number of impacted websites is likely much higher. Our team has seen an influx in complaints for this specific wave of the massive campaign targeting WordPress sites beginning May 9th, 2022, which has impacted hundreds of websites already at the time of writing....

We expect the hackers will continue registering new domains for this ongoing campaign as soon as existing ones become blacklisted.
"It's important to note that these hacks are related to themes and plugins built by thousands of third-party developers using the open source WordPress software, not WordPress.com, which offers hosting and tools to build websites," Gizmodo points out. But this also cite this warning from Sucuri malware analyst Krasimir Konov: "This page tricks unsuspecting users into subscribing to push notifications from the malicious site. If they click on the fake CAPTCHA, they'll be opted in to receive unwanted ads even when the site isn't open — and ads will look like they come from the operating system, not from a browser," Konov wrote.

After traveling 300 miles on the underbelly of the Perseverance rover, the "Ingenuity" helicopter has made 28 different flights over the surface of Mars, reports the Washington Post, staying aloft for a total of nearly one hour, flying 4.3 miles with a maximum speed of 12.3 miles per hour and a top altitude of 39 feet. "It's traversed craters, taken photos of regions that would be hard to reach on the ground, and served as a surprisingly resilient scout that has adapted to the changing Martian atmosphere and survived its harsh dust storms and frigid nights.

"Now the engineers and scientists at NASA's Jet Propulsion Laboratory are worried that their four-pound, solar-powered drone on Mars, may be nearing the end of its life." Winter is setting in on Mars. The dust is kicking up, coating Ingenuity's solar panels and preventing it from fully charging its six lithium-ion batteries. This month, for the first time since it landed on Mars more than a year ago, Ingenuity missed a planned communications session with Perseverance, the Mars rover that it relies on to send data and receive commands from Earth. Will a dust-coated Ingenuity survive a Martian winter where temperatures routinely plunge below minus-100 degrees Fahrenheit? And if it doesn't, how should the world remember the little helicopter that cost $80 million to develop and more than five years to design and build? Those closest to the project say that as time winds down for Ingenuity, it's hard to overstate its achievements....

"We built it as an experiment," Lori Glaze, the director of NASA's planetary science division, told The Washington Post. "So it didn't necessarily have the flight-qualified parts that we use on the big missions like Perseverance." Some, such as components from smartphones, were even bought off-the-shelf, so "there were chances that they might not perform in the environment as we expected. And so there was a risk that it wasn't going to work.... What happened was, and this is really key, after Ingenuity performed so well on those first five flights, the science team from Perseverance came to us and said, 'You know what, we want this helicopter to keep operating to help us in our exploration and achieving our science goals,' " Glaze said.

So NASA decided to keep flying....

On April 29, it took its last flight to date, No. 28, a quarter-of-a-mile jaunt that lasted two-and-a-half minutes. Now NASA wonders if that will be the last one. The space agency thinks the helicopter's inability to fully charge its batteries caused the helicopter to enter a low-power state. When it went dormant, the helicopter's onboard clock reset, the way household clocks do after a power outage. So the next day, as the sun rose and began to charge the batteries, the helicopter was out of sync with the rover: "Essentially, when Ingenuity thought it was time to contact Perseverance, the rover's base station wasn't listening," NASA wrote.

Then NASA did something extraordinary: Mission controllers commanded Perseverance to spend almost all of May 5 listening for the helicopter.

Finally, little Ingenuity phoned home.

The radio link, NASA said, "was stable," the helicopter was healthy, and the battery was charging at 41 percent.

But, as NASA warned, "one radio communications session does not mean Ingenuity is out of the woods. The increased (light-reducing) dust in the air means charging the helicopter's batteries to a level that would allow important components (like the clock and heaters) to remain energized through the night presents a significant challenge."

Maybe Ingenuity will fly again. Maybe not.

"At this point, I can't tell you what's going to happen next," Glaze said. "We're still working on trying to find a way to fly it again. But Perseverance is the primary mission, so that we need to start setting our expectations appropriately."
For Ingenuity's "Wright Brothers moment" — when it flew for the first time on another planet — it was actually carrying a postage-sized bit of fabric from the Wright Brothers original 1903 aircraft.

Whatever happened to those two pilots who attempted to swap planes in mid-air — skydiving from one to the other while the planes slowly tumbled toward the desert 65 miles southeast of Phoenix?

One pilot successfully reached the other plane — but the other pilot didn't, parachuting safely to the ground instead. "All of our safety protocols worked," the first pilot said triumphantly in a documentary streamed on Hulu. Er, but what about that second plane, slowly tumbling toward the ground without a pilot? It fell 14,000 feet, landing "nose first" (according to footage from a local newscast) — though its descent was also slowed by a parchute. (Both planes also had a specially-engineered braking system to slow their fall so the skydiving pilots could overtake them.) The stunt was sponsored by Red Bull.

Both pilots had previously conducted more than 20,000 skydives — "but there's a problem," that local newscast pointed out. "The FAA says it had denied Red Bull permission to attempt the plane swap because it would not be in the public's interest." So now both pilots — who'd had "commercial pilot certificates" from America's Federal Aviation Administration — have had their certificates revoked.

The Associated Press reports: In a May 10 emergency order, the FAA cites the two pilots, Luke Aikins and Andrew Farrington, and describes their actions as "careless and reckless." Aikins also faces a proposed $4,932 fine from the agency....

Aikins had petitioned for an exemption from the rule that pilots must be at the helm with safety belts fastened at all times. He argued the stunt would "be in the public interest because it would promote aviation in science, technology, engineering and math."

While both pilots must surrender their certificates immediately, there is an appeal process.
Aikins had shared a statement on Instagram after the stunt, saying he made the "personal decision to move forward with the plane swap" despite the lack of the FAA exemption.

"I regret not sharing this information with my team and those who supported me."

"I am now turning my attention to cooperatively working transparently with the regulatory authorities as we review the planning and execution."

"Security consultant Lance Vick recently acquired the expired domain used by the maintainer of a widely used NPM package," reports the Register, "to remind the JavaScript community that the NPM Registry still hasn't implemented adequate security." "I just noticed 'foreach' on NPM is controlled by a single maintainer," wrote Vick in a Twitter post on Monday. "I also noticed they let their domain expire, so I bought it before someone else did. I now control 'foreach' on npm, and the 36,826 projects that depend on it."

That's not quite the full story — he probably could have taken control but didn't. Vick acquired the lapsed domain that had been used by the maintainer to create an NPM account and is associated with the "foreach" package on NPM. But he said he didn't follow through with resetting the password on the email account tied to the "foreach" package, which is fetched nearly six million times a week. In an email to the Register, Vick explained... "I did not log into the account, as again, that crosses a line. I just sent a password reset email and bailed.

"Regardless of how much control I have over this particular package, which is unclear, NPM admits this particular expired domain problem is a known issue, citing this 2021 [research paper] which says, 'We also found 2,818 maintainer email addresses associated with expired domains, allowing an attacker to hijack 8,494 packages by taking over the NPM accounts.' In other words, anyone poking around is going to find accounts easy to take over in this way. I was not lucky or special." His point, which he has been trying for several years to communicate to those overseeing NPM — a part of GitHub since March 2020 — is that taking over the NPM account of a popular project to conduct a software supply chain attack continues to be too easy.

Part of the problem is that JavaScript developers often use packages that implement simple functions that are either already built into the language, like forEach, or ought to be crafted manually to avoid yet another dependency, like left-pad (now built-in as padStart). These trivial packages get incorporated into other packages, which may in turn become dependencies in different packages, thereby making the compromise of something like "foreach" a potentially far-reaching security incident.
But Vick argues that with so many upstream attack vectors, "We are all just trusting strangers on the internet to give us good candy from their truck," according to the Register. Their article points out that on Tuesday GitHub launched a beta test of improved 2FA security for all its NPM accounts — which Vick calls "a huge win... [T]hat is the best way to protect accounts. We in the security community have been demanding this for years."

But he's still worried about the possibility of email addresses with weak two-factor authentication or compromised NPM employees, and would like to see NPM implement cryptographic signatures for code. "I am talking with a member of their team tomorrow and we will see where this goes."

An anonymous reader quotes a report from ZDNet: Securing the open-source software supply chain is a huge deal. Last year, the Biden administration issued an executive order to improve software supply chain security. This came after the Colonial Pipeline ransomware attack shut down gas and oil deliveries throughout the southeast and the SolarWinds software supply chain attack. Securing software became a top priority. In response, The Open Source Security Foundation (OpenSSF) and Linux Foundation rose to this security challenge. Now, they're calling for $150 million in funding over two years to fix ten major open-source security problems.

The government will not be paying the freight for these changes. $30 million has already been pledged by Amazon, Ericsson, Google, Intel, Microsoft, and VMWare. More is already on the way. Amazon Web Services (AWS) has already pledged an additional $10 million. At the White House press conference, OpenSSF general manager Brian Behlendorf said, "I want to be clear: We're not here to fundraise from the government. We did not anticipate needing to go directly to the government to get funding for anyone to be successful."

Here are the ten goals the open-source industry is committed to meeting:

1. Security Education: Deliver baseline secure software development education and certification to all.
2. Risk Assessment: Establish a public, vendor-neutral, objective-metrics-based risk assessment dashboard for the top 10,000 (or more) OSS components.
3. Digital Signatures: Accelerate the adoption of digital signatures on software releases.
4. Memory Safety: Eliminate root causes of many vulnerabilities through the replacement of non-memory-safe languages.
5. Incident Response: Establish the OpenSSF Open Source Security Incident Response Team, security experts who can step in to assist open source projects during critical times when responding to a vulnerability.
6. Better Scanning: Accelerate the discovery of new vulnerabilities by maintainers and experts through advanced security tools and expert guidance.
7. Code Audits: Conduct third-party code reviews (and any necessary remediation work) of up to 200 of the most-critical OSS components once per year.
8. Data Sharing: Coordinate industry-wide data sharing to improve the research that helps determine the most critical OSS components.
9. Software Bill of Materials (SBOMs): Everywhere Improve SBOM tooling and training to drive adoption.
10. Improved Supply Chains: Enhance the 10 most critical open-source software build systems, package managers, and distribution systems with better supply chain security tools and best practices.

Onkyo, one of the best-known Japanese manufacturers of home theater equipment, has "filed for bankruptcy at Osaka District Court on Friday, with total liabilities of around 3.1 billion yen ($24 million)," reports Nikkei Asia. The report is sparse on details but attributes the bankruptcy to a "market shift to streaming and smartphones."

In mid-2020, Onkyo USA Corporation ended a 45-year run as Onkyo's exclusive sales, marketing and distribution division for the Americas, according to Audioholics.

Onkyo has appeared in a few stories on Slashdot over the years. Our personal favorite was a story in 2003 about a new use of embedded Linux in Onkyo's home music server.

schwit1 shares a report: The House of Representatives [...] will provide taxpayer-funded Peloton memberships to all of its staff, costing taxpayers roughly $100,000 per month. The move comes one year after the fitness company set up a lobbying shop in Washington. Memberships to the exercise service, which offers workout classes, will be available to House staff in Washington, D.C., and in district offices, as well as to Capitol police officers, Fox Business reported. The number of people eligible for the fully taxpayer-funded memberships totals roughly 12,300.

Under the contract with Peloton, which takes effect May 18, the government will pay the company $10,000 up front and $10 per month for each staffer who chooses to enroll, according to Fox Business. With high participation among House staffers, the monthly cost of the contract for taxpayers could exceed $100,000 per month. [...] In March 2021, Peloton hired an in-house lobbyist and two lobbying firms to influence Congress on issues including "government programming to support health and wellness of Americans."

An anonymous reader quotes a report from VentureBeat: Today, researchers at security service edge provider, Netskope, published the Netskope Cloud and Threat Report: Global Cloud and Malware Trends, which found that phishing downloads rose 450% over the past 12 months, and highlighted that attackers are using search engine optimization (SEO) to rank malicious PDF files on search engines. The report's findings show that phishing attempts are constantly evolving, and attackers aren't just targeting employees through their email inboxes; they're also using popular search engines like Google and Bing. The increase in phishing attacks and the growing popularity of SEO techniques among cybercriminals highlights the need for enterprises to provide their employees with security awareness training so they're prepared to spot threats and not at risk of handing over sensitive information.

When it comes to defending against these SEO-driven attacks, [Ray Canzanese, director of Netskope's Threat Labs] highlights several methods that security teams can use to protect employees. One of the most effective is to use a solution that can decrypt and scan web traffic for malicious content. At the same time, security teams should encourage users to inspect all links they click on, and to exercise caution if the link takes them to an unfamiliar website. In the event an employee does click on a malicious PDF, they can expect to see a fake captcha at the top of the first page, followed by text on other pages. In these scenarios, users should close the file, delete it from the device and report it to the security team ASAP. Canzanese also notes that it's important for users to report malicious URLs that feature on popular search engines to help the provider unlist them from the site and prevent other users from falling victim to a scam.

BeerFartMoron shares a report from Motherboard: For the last five years, driverless car companies have been testing their vehicles on public roads. These vehicles constantly roam neighborhoods while laden with a variety of sensors including video cameras capturing everything going on around them in order to operate safely and analyze instances where they don't. While the companies themselves, such as Alphabet's Waymo and General Motors' Cruise, tout the potential transportation benefits their services may one day offer, they don't publicize another use case, one that is far less hypothetical: Mobile surveillance cameras for police departments.

"Autonomous vehicles are recording their surroundings continuously and have the potential to help with investigative leads," says a San Francisco Police department training document obtained by Motherboard via a public records request. "Investigations has already done this several times."

Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. "This is very concerning," Electronic Frontier Foundation (EFF) senior staff attorney Adam Schwartz told Motherboard. He said cars in general are troves of personal consumer data, but autonomous vehicles will have even more of that data from capturing the details of the world around them. "So when we see any police department identify AVs as a new source of evidence, that's very concerning."

As companies continue to make public roadways their testing grounds for these vehicles, everyone should understand them for what they are -- rolling surveillance devices that expand existing widespread spying technologies," said Chris Gilliard, Visiting Research Fellow at Harvard Kennedy School Shorenstein Center. "Law enforcement agencies already have access to automated license plate readers, geofence warrants, Ring Doorbell footage, as well as the ability to purchase location data. This practice will extend the reach of an already pervasive web of surveillance."