Longtime Slashdot reader hackingbear writes: South China Morning Post, citing Chinese state media, reported that an experimental reactor developed in the Gobi Desert by the Chinese Academy of Sciences' Shanghai Institute of Applied Physics has achieved thorium-to-uranium fuel conversion, paving the way for an almost endless supply of nuclear energy. It is the first time in the world that scientists have been able to acquire experimental data on thorium operations from inside a molten salt reactor according to a report by Science and Technology Daily. Thorium is much more abundant and accessible than uranium and has enormous energy potential. One mine tailings site in Inner Mongolia is estimated to hold enough of the element to power China entirely for more than 1,000 years.

At the heart of the breakthrough is a process known as in-core thorium-to-uranium conversion that transforms naturally occurring thorium-232 into uranium-233 -- a fissile isotope capable of sustaining nuclear chain reactions within the reactor itself. Thorium (Th-232) is not itself fissile and so is not directly usable in a thermal neutron reactor. Thorium fuels therefore need a fissile material as a 'driver' so that a chain reaction (and thus supply of surplus neutrons) can be maintained. The only fissile driver options are U-233, U-235 or Pu-239. (None of these are easy to supply.) In the 1960s, the Oak Ridge National Laboratory (USA) designed and built a demonstration MSR using U-233, derived externally from thorium as the main fissile driver.

Despite recent test failures, NASA has added SpaceX's Starship to its Launch Services Program contract, allowing it to compete for future science missions once it achieves a successful orbital flight. Florida Today reports: NASA announced the addition Friday to its current launch provider contract with SpaceX, which covers the Falcon 9 and Falcon Heavy. This opens the possibility of Starship flying future NASA science missions -- that is once Starship reaches a successful orbital flight.

"NASA has awarded SpaceX of Starbase, Texas, a modification under the NASA Launch Services (NLS) II contract to add Starship to their existing Falcon 9 and Falcon Heavy launch service offerings," NASA's statement reads. Th announcement is simply an onboarding of Starship as an option, as the contract runs through 2032. However, SpaceX is under pressure to get Starship operational by next year as the company plans not only to send an uncrewed Starship to Mars by late 2026, but the NASA Artemis III moon landing is fast approaching. Should it remain the plan with the current administration, Starship will act as a human lander for NASA's Artemis III crew.

"The NLS II contracts are multiple award, indefinite-delivery/indefinite-quantity, with an ordering period through June 2030 and an overall period of performance through December 2032. The contracts include an on-ramp provision that provides an opportunity annually for new launch service providers to add their launch service on an NLS II contract and compete for future missions and allows existing contractors to introduce launch services not currently on their NLS II contracts," NASA's statement reads.

Nominated for 10 Oscars, The Brutalist (directed and produced by Brady Corbet) has an "intriguing and controversial technical feature," according to the Baffler, that threatens to turn movie-viewing into "a drab appreciation of machine-managed flawlessness, and acting less interesting..." In January, the film's editor Dávid Jancsó revealed that he and Corbet used tools from AI speech software company Respeecher to make the Hungarian-language dialogue spoken by Adrien Brody (who plays the protagonist, Hungarian émigré architect László Tóth) and Felicity Jones (who plays Tóth's wife Erzsébet) sound more Hungarian. In response to the ensuing backlash, Corbet clarified that the actors worked "for months" with a dialect coach to perfect their accents; AI was used "in Hungarian language dialogue editing only, specifically to refine certain vowels and letters for accuracy...." Defenders of this slimy deception claim the use of AI in film is no different than CGI or automated dialogue replacement, tools commonly deployed in the editing suite for picture and audio enhancement. But CGI and ADR don't tamper with the substance of a performance, which is what's at issue here....

AI seems poised to decimate the voice acting industry; how long will it be before filmmakers give up on the whole time-wasting business of dialect coaching and language research and toss their performers' untrained vocalizations directly into the linguistic Instant Pot...? "Adrien and Felicity's performances are completely their own," Corbet has argued. Only, they're not. Brody and Jones's performances may now be authentic to spoken Hungarian, but they're no longer authentic to themselves: at least in the parts of the film with Hungarian dialogue, the acting stands more as a monument to the prowess of the voice-matching software than that of the actors...

AI is a different beast from color film, or the Louma crane, or the hand-held camera: it's steroidal, aesthetically corrupting, and unlike these earlier advances it confronts the filmmaker with real ethical questions... Use implies complicity. To incorporate AI into the production of art today, no matter how sparingly or subtly, is to endorse Silicon Valley's politics and worldview: its exploitation of both producers and "users," its blithe indifference to the social impact of post-automation layoffs and the environmental assault of industrial data processing, its cramped and uninteresting idea of imagination, its petrification of creation. It's a vote for the assholes...
In short, the essays calls this "recourse to corrective AI" a "filmmaking prosthesis that cheats the viewer and cheapens the performances." And ironically this clashes with the film's depiction of a "principled artist," according to the article. ("Some of the 'retro' digital renderings in the memorial video included in this scene were also, Corbet has admitted, produced with the help of AI.")

The essay notes that several of 2024's other Oscar-nominated films also employed Respeecher, including Dune: Part Two and Emilia Pérez. "What matters here is not this particular infraction but the precedent it sets, the course it establishes for culture."

Lego teamed up with the European Space Agency to make Lego pieces from actual meteorite dust, writes Engadget.

"It's a proof of concept to show how astronauts could use moondust to build lunar structures." Consider the sheer amount of energy and money required to haul up building materials from Earth to the Moon. It would be a game changer to, instead, build everything from pre-existing lunar materials. There's a layer of rock and mineral deposits at the surface of the Moon, which is called lunar regolith...

However, there isn't too much lunar regolith here on Earth for folks to experiment with. ESA scientists made their own regolith by grinding up a really old meteorite. [4.5 billion years, according to Lego's site, discovered in Africa in 2000.] The dust from this meteorite was turned into a mixture that was used to 3D print the Lego pieces. Voila. Moon bricks. They click together just like regular Lego bricks, though they only come in one color (space gray obviously.)
"The result is amazing," says ESA Science Officer Aidan Cowley on the Lego site (though "the bricks may look a little rougher than usual. Importantly the clutch power still works, enabling us to play and test our designs.")

"Nobody has built a structure on the Moon," Cowley said in an ESA statement. "So it was great to have the flexibility to try out all kinds of designs and building techniques with our space bricks." And the bricks will also be "helping to inspire the next generation of space engineers," according to the ESA's announcement — since they'll be on display in select Lego stores in the U.S., Canada, the U.K., Spain, France, Germany, the Netherlands, and Australia through September 20th.

Long-time Slashdot reader destinyland writes: It's a question that comes up all the time on Reddit. Etsy even created a special page for programmer-themed gift suggestions (showing more than 5,000 results). While CNET sticks to broader lists of "tech gifts" — and a separate list for "Star Wars gifts" — other sites around the web have been specifically honing in on programmer-specific suggestions. (Blue light-blocking glasses... A giant rubber duck... The world's strongest coffee... A printer that transfers digital images onto cheese...)

So while in years past Amazon has said they laughed at customer reviews for cans of uranium, this year Amazon has now added a special section that's entirely dedicated to Gifts for Computer Programmers, according to this funny rundown of 2023's "Gifts for Programmers" (that ends up recommending ChatGPT gift cards and backyard office sheds):
From the article: [Amazon's Gifts for Programmers section] shows over 3,000 results, with geek-friendly subcategories like "Glassware & Drinkware" and "Novelty Clothing"... For the coder in your life, Amazon offers everything from brain–teasing programming puzzles to computer–themed jigsaw puzzles. Of course, there's also a wide selection of obligatory funny t–shirts... But this year there's also tech-themed ties and motherboard-patterned socks...

Some programmers, though, might prefer a gift that's both fun and educational. And what's more entertaining than using your Python skills to program a toy robot dog...? But if you're shopping for someone who's more of a cat person, Petoi sells a kit for building a programmable (and open source) cat robot named "Nybble". The sophisticated Arduino-powered feline can be programmed with Python and C++ (as well as block-based coding)... [part of] the new community that's building around "OpenCat", the company's own quadruped robotic pet framework (open sourced on GitHub).

Last year, Queens resident David Leacraft filed a lawsuit against Canon claiming that his Canon Pixma All-in-One printer won't scan documents unless it has ink. According to The Verge's Sean Hollister, it has quietly ended in a private settlement rather than becoming a big class-action. From the report: I just checked, and a judge already dismissed David Leacraft's lawsuit in November, without (PDF) Canon ever being forced to show what happens when you try to scan without a full ink cartridge. (Numerous Canon customer support reps wrote that it simply doesn't work.) Here's the good news: HP, an even larger and more shameless manufacturer of printers, is still possibly facing down a class-action suit for the same practice.

As Reuters reports, a judge has refused to dismiss a lawsuit by Gary Freund and Wayne McMath that alleges many HP printers won't scan or fax documents when their ink cartridges report that they've run low. Among other things, HP tried to suggest that Freund couldn't rely on the word of one of HP's own customer support reps as evidence that HP knew about the limitation. But a judge decided it was at least enough to be worth exploring in court. "Plaintiffs have plausibly alleged that HP had a duty to disclose and had knowledge of the alleged defect," wrote Judge Beth Labson Freeman, in the order denying almost all of HP's current attempts to dismiss the suit.

Interestingly, neither Canon nor HP spent any time trying to argue their printers do scan when they're low on ink in the lawsuit responses I've read. Perhaps they can't deny it? Epson, meanwhile, has an entire FAQ dedicated to reassuring customers that it hasn't pulled that trick since 2008. (Don't worry, Epson has other forms of printer enshittification.) HP does seem to be covering its rear in one way. The company's original description on Amazon for the Envy 6455e claimed that you could scan things "whenever". But when I went back now to check the same product page, it now reads differently: HP no longer claims this printer can scan "whenever" you want it to. Now, we wait to see whether the case can clear the bars needed to potentially become a big class-action trial, or whether it similarly settles like Canon, or any number of other outcomes.

An anonymous reader quotes a report from TechCrunch: As U.S. lawmakers move forward with their plans for a TikTok ban or forced sale, the app's Chinese parent company ByteDance is driving another of its social platforms into the Top Charts of the U.S. App Store. ByteDance-owned app Lemon8, an Instagram rival that describes itself as a "lifestyle community," jumped into the U.S. App Store's Top Charts on Monday, becoming the No. 10 Overall app, across both apps and games. Today, it's ranked No. 9 on the App Store's Top Apps chart, excluding games. This is a dramatic move for the little-known app and one that points to paid user acquisition efforts powering this surge. Prior to yesterday, the Lemon8 app had never before ranked in the Top 200 Overall Charts in the U.S., according to app store intelligence provided to TechCrunch by data.ai.

The firm confirms that such a fast move from being an unranked app to being No. 9 among the top free apps in the U.S. -- ahead of YouTube, WhatsApp, Gmail and Facebook -- implies a "significant" and "recent" user acquisition push on the app publisher's part. Unfortunately, because the app is so new to the App Store's Top Charts, third-party app analytics firms don't yet have precise data on Lemon8's U.S. installs, or how those installs have recently changed over the past few days. [...] According to app intelligence provider Apptopia's data, Lemon8 debuted on both iOS and Android in March 2020 and has since gained 16 million global downloads, with Japan as its top market, accounting for 38% of its total installs. While the firm also doesn't have a figure for its U.S. installs, it was able to estimate the app currently has 4.25 million monthly active users. TechCrunch believes ByteDance may be leveraging TikTok to drive app installs of Lemon8. "Over on TikTok, we noticed a number of creators recently began posting about Lemon8, with many new videos appearing in just the past 24 hours," reports TechCrunch. "Concerningly, many of their reviews are extremely positive but are not marked as sponsored content. [...] In fact, some creators even said they're getting the app in case TikTok gets banned."

NSO Group's Pegasus spyware was used to target Thai pro-democracy protesters and leaders calling for reforms to the monarchy. "We forensically confirmed that at least 30 individuals were infected with NSO Group's Pegasus spyware," reports Citizen Lab. "The observed infections took place between October 2020 and November 2021." Here's an excerpt from the report: Introduction: Surveillance & Repression in Thailand: The Kingdom of Thailand is a constitutional monarchy with a parliamentary-style government divided into executive, legislative, and judiciary branches. The country has been beset by intense political conflict since 2005, during the government of former Prime Minister Thaksin Shinawatra. Corruption allegations against the regime culminated in a military coup on September 19, 2006 that ousted Thaksin. The military launched another coup on May 22, 2014 and seized power following mass protests against the civilian government led by Thaksin's sister, Yingluck Shinawatra. The junta claimed that the 2014 coup was needed to restore order and called itself the National Council for Peace and Order (NCPO).

Findings: Pegasus Infections in Thailand: On November 23, 2021, Apple began sending notifications to iPhone users targeted by state-backed attacks with mercenary spyware. The recipients included individuals that Apple believes were targeted with NSO Group's FORCEDENTRY exploit. Many Thai civil society members received this warning. Shortly thereafter, multiple recipients of the notification made contact with the Citizen Lab and regional groups. In collaboration with Thai organizations iLaw and DigitalReach, forensic evidence was obtained from notification recipients, and other suspected victims, who consented to participate in a research study with the Citizen Lab. We then performed a technical analysis of forensic artifacts to determine whether these individuals were infected with Pegasus or other spyware. Victims publicly named in this report consented to be identified as such, while others chose to remain anonymous, or have their cases described with limited detail.

Civil Society Pegasus Infections: We have identified at least 30 Pegasus victims among key civil society groups in Thailand, including activists, academics, lawyers, and NGO workers. The infections occurred from October 2020 to November 2021, coinciding with a period of widespread pro-democracy protests, and predominantly targeted key figures in the pro-democracy movement. In numerous cases, multiple members of movements or organizations were infected. Many of the victims included in this report have been repeatedly detained, arrested, and imprisoned for their political activities or criticism of the government. Many of the victims have also been the subject of lese-majeste prosecutions by the Thai government. While many of the infections were detected on the devices of prominent figures, hacking was also observed against individuals who are not publicly involved in the protests. Speculatively, this may reflect the attackers' intent to uncover details about how opposition movements were organized, and may have been prompted by specific financial transactions that would have been known to Thai financial institutions and the government, but not the public.

An anonymous reader quotes a report from The Guardian: Elderly people living near or downwind from unconventional oil and gas wells such as fracking sites are more likely to die prematurely, according to a major new US study. Extracting oil and gas through newer or unconventional methods like fracking has expanded rapidly across America over the past two decades with at least 17.6 million people now living within one kilometer of an active well. Compared with traditional drilling, unconventional oil and gas development (UOGD) is linked to higher levels of exposure to toxic air pollution and poor water quality, as well as noise and light pollution which can be harmful to human health. The impact of fossil fuel extraction -- including by unconventional methods -- has disproportionately affected low income communities and people of color.

Researchers from the Harvard TH Chan School of Public Health studied the health records of 15 million people on Medicare, the health insurance program that includes at least 95% of Americans aged 65 and older, living in all significant drilling regions from 2001 to 2015. They also gathered data on about 2.5 million oil and gas wells covering leading exploration states, from Montana to Texas and Pennsylvania. The closer people live to an oil and gas operation, the higher the risk of dying prematurely, even after accounting for socioeconomic, environmental and demographic factors such as gender and race, according to the study published in Nature Energy.

Residents most adversely affected are those living nearby and downwind, suggesting toxic airborne contaminants emitted from UOGD sites probably contributed to higher mortality rates. Exposure to toxins associated with unconventional drilling such as volatile organic compounds (VOCs), nitrogen oxides and radioactive materials are linked to a wide range of life-threatening medical conditions. Overall, elderly residents living near these wells have about 2.5% higher mortality rates than those living far away compared with 3.5% for those who are also downwind. This would mean thousands of premature deaths linked to the oil and gas boom, though the peer-reviewed study does not include estimates of lives lost.

Friday Rockstar Games issued an update in the Announcements section of the company's web site "regarding the unexpected technical issues that came to light as part of the launch of Grand Theft Auto: The Trilogy — The Definitive Edition." (See Slashdot's earlier coverage here and here.)

"Firstly, we want to sincerely apologize to everyone who has encountered issues playing these games..." the Rockstar Games Team wrote: The Grand Theft Auto series — and the games that make up this iconic trilogy — are as special to us as we know they are to fans around the world. The updated versions of these classic games did not launch in a state that meets our own standards of quality, or the standards our fans have come to expect.

We have ongoing plans to address the technical issues and to improve each game going forward. With each planned update, the games will reach the level of quality that they deserve to be.

A new Title Update is on the way in the coming days for all versions of Grand Theft Auto: The Trilogy — The Definitive Edition that will address a number of issues. We will update everyone as soon as it is live.

In the meantime, it pains us to mention that we are hearing reports of members of the development teams being harassed on social media. We would kindly ask our community to please maintain a respectful and civil discourse around this release as we work through these issues.

While one of the goals of the Definitive Editions was to allow players to enjoy these games on modern platforms for many years to come, we also understand that some of you would still like to have the previous classic versions available for purchase.

We will be adding the classic PC versions of Grand Theft Auto III, Grand Theft Auto: Vice City, and Grand Theft Auto: San Andreas back to the Rockstar Store shortly as a bundle. Additionally, everyone who has purchased Grand Theft Auto: The Trilogy — The Definitive Edition for PC from the Rockstar Store through June 30, 2022, will receive these classic versions in their Rockstar Games Launcher library at no additional cost. We will update everyone as soon as these are back in the Rockstar Store.

Once again, we'd like to thank everyone for their patience and understanding while we work through these updates to ensure these games meet everyone's justifiably high standards.

A new report finds that some of the country's most powerful utilities raked in millions of dollars in taxpayer bailout funds last year -- while continuing to shut off service for households across the U.S. during the pandemic. Gizmodo: The report, released Thursday from the Center for Biological Diversity and BailoutWatch, takes a look at states with publicly available data on utility shutoffs. In the 17 states where there was available data on shutoffs, the report found that the 16 utilities operating in those states cut off electric services for their customers nearly 1 million times between February 2020 and June 2021. (For some context on shutoffs during a normal, non-pandemic year, the U.S. Census found that 1.2 million households in 50 states reported experiencing shutoffs within a three-month period of taking the survey in 2017, the latest Census Bureau data available on disconnections.)

The offenses here are not shared by the utility industry equally; there are especially bad actors. The report highlights six utilities that were responsible for a jaw-dropping 94% of all shutoffs last year. NextEra, Duke Energy, Southern Company, Dominion Energy, Exelon, and DTE Energy make up what the authors call a "Hall of Shame." NextEra alone, the report found, accounted for more than half of all shutoffs. The analysis also examined financial documents, including proxy statements filed with the Securities and Exchange Commission before a company's shareholder meeting, to calculate how much money these 16 utilities received from the government as part of relief efforts during the pandemic. The CARES Act was originally designed to help struggling businesses pay workers, but utilities took advantage of corporate loopholes within the act that changed how big businesses could report taxes. (The CARES Act also disproportionately benefited oil and gas producers: BailoutWatch, one of the authors of this report, has also used financial documents to show how oil companies laid off thousands of people and yet still gave their CEOs raises during the pandemic, all the while taking handouts from the government.)

An anonymous reader quotes a report from Gizmodo: Researchers in Germany recently demonstrated that cattle can be toilet trained to reduce some of their climate impact. By having the young cows pee in latrines made of turf, the team of experts in animal behavior and agricultural science stopped the natural production of nitrous oxide from the cow's urine. Cows are notorious for their contributions to greenhouse gas emissions in large-scale farming; the animals belch (and to a lesser extent, fart) methane, and their urine and poop combine to produce ammonia, which isn't a greenhouse gas itself but is converted into nitrous oxide by microbes in the soil. The team trained nearly a dozen calves to urinate in a makeshift latrine, nicknamed the MooLoo, thereby stopping the urine from becoming part of the problem. The research was published on Monday in Current Biology.

Training the cows was a fairly simple process on paper. First, the scientists penned 16 of the animals into the latrine area. When the cows urinated, they were given food or sugar water, tacit endorsements of their decisions. The next step was teaching them not to pee in the pasture, which the team did by implementing an unpleasant stimulus whenever they did so. That stimulus was originally a loud noise, but when the researchers realized the animals didn't mind it much, they swapped it out for spraying the cows with water, a relatively harmless message of "bad cow." The team found that the cows' ability to hold it and go in the latrine was equivalent to a child's ability with the toilet -- even superior to that of young children. [The team] hopes to bring the latrines to other sites and increase the number of potty-trained cows. "To do this, we must first automate the whole training procedure and adapt it to the conditions on the farm," he told Gizmodo in an email. "We want to tackle this in a follow-up project." The report notes there are a couple of limitations with this effort. "First, not all of the cows could be potty-trained. Only 10 of the 16 calves quickly learned to pee in the proper place and could routinely reproduce that action," reports Gizmodo. "That's trouble for anyone trying to scale up the practice (there are more than 1 billion cows on Earth). Second, the experiment didn't cover defecation, and cow poop also contains ammonia. There's also still the major problem of methane, a greenhouse gas 80 times more potent than carbon dioxide, tied to cows burps and farts."

"A mystery lies deep within the Grand Canyon: one billion years' worth of rocks have disappeared," Space.com reported last week.

The BBC explains: Today geologists know that the youngest of the hard, crystalline rocks are 1.7 billion years old, whereas the oldest in the sandstone layer were formed 550 million years ago. This means there's more than a billion-year-gap in the geological record. To this day, no one knows what happened to the rocks in between.

While the missing rock is particularly obvious in the Grand Canyon, the phenomenon is ubiquitous. "It's one of these features that pretty much occurs under a lot of people's feet, when they don't even realise it," says Stephen Marshak, professor emeritus in the Department of Geology at the University of Illinois. He explains that in the centre of any continent, whether you're in the United States, Siberia or Europe, if you drill down far enough you'll hit the two layers of rock involved in this mysterious geological anomaly....

[F]inding out what happened during, and led to, the missing billion years is no trivial matter. There are two reasons for this. The first is that it just so happens to have occurred immediately before another inexplicable event — the sudden proliferation in the diversity of life on Earth 541 million years ago. The Cambrian explosion refers to an era when the oceans suddenly shifted from hosting a scattering of weird and unfamiliar creatures — such as triffid-like leaf-shaped animals and giant steamrollered ovals which continue to defy all efforts to categorise them — to an abundance of life, with many of the major taxonomic groups around today. It happened in the space of just 13-25 million years — an evolutionary twinkling of an eye...

The second is that it's thought Earth underwent radical climate change during the lost years — possibly turning into a giant ball of ice, with an almost entirely frozen surface. Very little is currently known about how this "snowball Earth" formed, or how life managed to cling on.
They share the three good theories. First, "snowball" — the earth develops a global ice sheet, with the speedy glaciers wearing away surface rocks.

The second theory is that it was all lost during the erosion of the supercontinent Rodinia.

And theory #3 is: confusion. The BBC cites new research that "suggests that the epic interruption in the geological record was not a single, discrete phenomenon — but instead is actually at least two mini-gaps, which look like one big one because they occurred at around the same time." Even the missing rocks on the two sides of America's Grand Canyon "may instead have vanished in several separate events over the course of several hundred million years."

An anonymous reader quotes a report from ZDNet: Suppose you are in the business of generating passwords, it would probably be a good idea to use an additional source of entropy other than the current time, but for a long time, that's all Kaspersky Password Manager (KPM) used. In a blog post to cap off an almost two year saga, Ledger Donjon head of security research Jean-Baptiste Bedrune showed KPM was doing just that. "Kaspersky Password Manager used a complex method to generate its passwords. This method aimed to create passwords hard to break for standard password crackers. However, such method lowers the strength of the generated passwords against dedicated tools," Bedrune wrote.

One of the techniques used by KPM was to make letters that are not often used appear more frequently, which Bedrune said was probably an attempt to trick password cracking tools. "Their password cracking method relies on the fact that there are probably 'e' and 'a' in a password created by a human than 'x' or 'j', or that the bigrams 'th' and 'he' will appear much more often than 'qx' or 'zr'," he said. "Passwords generated by KPM will be, on average, far in the list of candidate passwords tested by these tools. If an attacker tries to crack a list of passwords generated by KPM, he will probably wait quite a long time until the first one is found. This is quite clever." The flip side was that if an attacker could deduce that KPM was used, then the bias in the password generator started to work against it.

"If an attacker knows a person uses KPM, he will be able to break his password much more easily than a fully random password. Our recommendation is, however, to generate random passwords long enough to be too strong to be broken by a tool." The big mistake made by KPM though was using the current system time in seconds as the seed into a Mersenne Twister pseudorandom number generator. "It means every instance of Kaspersky Password Manager in the world will generate the exact same password at a given second," Bedrune said. Because the program has an animation that takes longer than a second when a password is created, Bedrune said it could be why this issue was not discovered. "The consequences are obviously bad: every password could be bruteforced," he said. Bedrune added due to sites often showing account creation time, that would leave KPM users vulnerable to a bruteforce attack of around 100 possible passwords. "Kaspersky was informed of the vulnerability in June 2019, and released the fix version in October that same year," adds ZDNet. "In October 2020, users were notified that some passwords would need to be generated, with Kaspersky publishing its security advisory on 27 April 2021."

"All public versions of Kaspersky Password Manager liable to this issue now have a new logic of password generation and a passwords update alert for cases when a generated password is probably not strong enough," the security company said.

Intel has rehired 28-year veteran Shlomit Weiss into the position of Senior VP and Co-General Manager of Intel's Design Engineering Group (DEG), a position recently vacated by Uri Frank who left to head up Google's SoC development. "Weiss is the latest in an ever-growing list of 're-hiring' Intel veterans, which leads to the problem that at some point Intel will run out of ex-employees to rehire and instead nurture internal talent for those roles," writes Dr. Ian Cutress via AnandTech. From the report: As reported in Tom's Hardware and confirmed in her own LinkedIn announcement, Weiss will be working at Intel's Israel design center alongside Sunil Shenoy and is "committed to ensuring that the company continues to lead in developing chips." [...] In her first 28-year stint at Intel, Weiss is reported to have lead the team that developed both Intel Sandy Bridge and Intel Skylake, arguably two of the company's most important processor families over the last decade: Sandy Bridge reaffirmed Intel's lead in the market with a new base microarchitecture and continues in its 6+th generation in Comet Lake today, while Skylake has been Intel's most profitable microarchitecture ever. Weiss also received Intel's Achievement Award, the company's highest offer, but is not listed as an Intel Fellow, while CRN reports that Weiss also founded the Intel Israel Women Forum in 2014. Weiss left Intel in September 2017 to join Mellanox/NVIDIA, where she held the role of Senior VP Silicon Engineering and ran the company's networking chip design group. In her new role at Intel, Tom's is reporting that Weiss will lead all of Intel's consumer chip development and design, while the other Co-GM of Intel DEG Sunil Shenoy will lead the data center design initiatives. AnandTech goes on to note that Intel has hired 12 veterans since Dec. 20th of last year. "Of these named hires (plenty of other people hired below the role of VP), seven are listed as ex-Intel employees being rehired into the company, mostly into engineering-focused positions," writes Cutress. He continues: It should be noted however that number of engineers that Intel could rehire is limited -- going after key personnel critical to Intel's growth in the last few decades, despite their lists of successful products and accolades, can't be the be-all and end-all of Intel's next decade of growth. If we're strictly adhering to typical retirement ages as well, a number of them will soon be at that level within the next ten years. Intel can't keep rehiring veteran talent into key positions to get to the next phase in its product evolution -- at some level it has to reignite the initial passion from within.

[I]f Intel is having to rehire those who enabled former glory for the company, one has to wonder exactly what is going on such that talent already within the company isn't stepping up. At some point these veterans will retire, and Intel will be at a crossroads. In a recent interview with former Intel SVP Jim Keller, he stated that (paraphrased) "building a chip design team at a company depends on volume -- you hire in if you don't have the right people, but if you have a team of 1,000, then there are people there and it's a case of finding the right ones." In a company of 110,000 employees, it seems odd that Intel feels it has to rehire to fill those key roles. Some might question if those rehires would have left in the first place if Intel's brain drain had never occurred, but it poses an interesting question nonetheless.

League of Legends developer Riot Games released a 37-track album of ambient tunes (now on Spotify, YouTube, and Apple Music) "that will let gamers stream their sessions accompanied by music that doesn't infringe copyright protections," reports Bloomberg.

And that's just one response to aggressive copyright enforcement: For example, a new Guardians of the Galaxy game to be released later this year will be loaded with a soundtrack with songs by Iron Maiden, KISS, Wham!, Blondie and more. To stay on the good side of the Digital Millennium Copyright Act, the studio behind the game, Eidos Montreal, has created a toggle switch that will allow gamers to turn off the soundtrack when live streaming, Venturebeat has reported. Cyberpunk 2077 developer CD Projekt SA also created an option for players to turn off certain songs that could cause trouble and replace them with an alternative.

After largely ignoring streaming platforms for years, last spring the music industry suddenly bore down on Twitch, owned by Amazon.com Inc. and started sending users thousands of DMCA takedowns for copyright violations. Twitch responded by telling users they could no longer use copyrighted material and also had to remove old posts that violated the rules. Some games are still struggling to adapt. Earlier this month, a number of music publishers, including those that represent Ed Sheeran and Ariana Grande, sued Roblox Corp. for copyright infringement, saying the company hasn't licensed the music many of its creators have used in their games. The lawsuit is seeking at least $200 million in damages, the Wall Street Journal reported...

The collection is just the beginning and Riot said it's committed to creating more projects like Sessions in the future.

An anonymous reader quotes a report from Gizmodo: A Maryland defense attorney has decided to challenge the conviction of one of his clients after it was recently discovered that the phone cracking product used in the case, produced by digital forensics firm Cellebrite, has severe cybersecurity flaws that could make it vulnerable to hacking. Ramon Rozas, who has practiced law for 25 years, told Gizmodo that he was compelled to pursue a new trial after reading a widely shared blog post written by the CEO of the encryption chat app Signal, Moxie Marlinspike. It was just about a week ago that Marlinspike brutally dunked on Cellebrite -- writing, in a searing takedown, that the company's products lacked basic "industry-standard exploit mitigation defenses," and that security holes in its software could easily be exploited to manipulate data during cell phone extraction.

Given the fact that Cellebrite's extraction software is used by law enforcement agencies the world over, questions have naturally emerged about the integrity of investigations that used the tech to secure convictions. For Rozas, the concerns center around the fact that "Cellebrite evidence was heavily relied upon" to convict his client, who was charged in relation to an armed robbery. The prosecution's argument essentially turned on that data, which was extracted from the suspect's phone using the company's tools. In a motion recently filed, Rozas argued that because "severe defects" have since been uncovered about the technology, a "new trial should be ordered so that the defense can examine the report produced by the Cellebrite device in light of this new evidence, and examine the Cellebrite device itself." "I think it's going to take a while to figure out what the exact legal ramifications of this are," says Megan Graham, a Clinical Supervising Attorney at the Samuelson Law, Technology & Public Policy Clinic with Berkeley Law School. "I don't know how likely it is that cases would be thrown out," she said, adding that a person who has already been convicted would likely have to "show that someone else identified this vulnerability and exploited it at the time" -- not an especially easy task.

"Going forward, I think it's just hard to tell," Graham said. "We now know that this vulnerability exists, and it creates concerns about the security of Cellebrite devices and the integrity of evidence." But there's a lot that we don't know, she emphasized. Among Graham's concerns, she said that "we don't know if the vulnerability is being exploited," and that makes it difficult to discern when it could become an issue in past cases. "I think there will be cases where defense attorneys are able to get judges engaged [on this issue]. They will present the security concerns, worries about manipulated evidence, and it might be persuasive. I think there will be a wide array of responses when it comes to how this plays out in cases," she said.

German authorities are trying to force internet service providers to block major porn sites that don't implement age verification systems. Gizmodo reports: Currently, German law requires porn sites to restrict access to individuals 18 or older. What's changed is that German authorities, like the British before them, have now dubbed it a good use of their time to actually pursue porn sites they think aren't doing enough to prevent under-18 browsing, and are trying to compel them to introduce more stringent age verification systems. That in turn comes with all the complications and privacy issues that thwarted a similar effort in the UK, such as the technical difficulty enforcing the rules, censorship, and -- depending on how sites choose to comply -- the possibility third-party age verification services would build databases of who's watching what and when.

Per Motherboard, German regulators -- in an effort spearheaded by the director of the State Media Authority (LMA) of the German state of North Rhine-Westphalia, Tobias Schmid -- are in the process of forcing telecoms like Vodafone and Deutsche Telekom to impose Domain Name System (DNS) blocks against sites like Pornhub and YouPorn. The DNS system is essentially the phonebook of the internet, translating domain names into IP addresses so users can navigate the web. DNS blocking Pornhub would prevent German internet users from typing "pornhub.com" into a stock web browser and immediately arriving at the page. The logic, apparently, is that faced with the threat of a losing the majority of their web traffic from Germany, major porn sites will cave to regulators and enforce the rules.

But it's not exactly foolproof (or teenproof). It would be trivial for German youth to evade these blocks by using an alternate DNS provider or simply downloading a browser plugin. They could also use a virtual private network, which creates an encrypted bridge from a user's device to a server somewhere else, to visit a porn site from another country. Or, they could simply drop the IP address into their browser and arrive at any site without needing to go through DNS. (Pornhub's happens to be 66.254.114.41. You're welcome, Germans of the future.) According to Motherboard, German regulators are also only targeting a handful of the largest sites on the web, meaning anyone could simply navigate to a lesser-known porn site and watch uninhibited.

Long-time Slashdot reader theodp writes: On Sunday, The Simpsons aired The Miseducation Of Lisa Simpson, an episode in which Marge — with the help of a song from John Legend ("STEM, it's not just for dorks, dweebs and nerds / It'll turn all your dumb kids to Zuckerbergs") — convinces Springfield to use a windfall the town reaped by seizing shipwreck treasure to build the Springfield STEM Academy to "prepare kids for the jobs of tomorrow."

All goes well initially — both Lisa and Bart love their new school — until Lisa realizes there's a two-tiered curriculum. While children classified as "divergent pathway assimilators" (i.e., gifted) like Lisa study neural networks and C+++ upstairs, kids like Bart are relegated to the basement where they're prepared via VR and gamified learning for a life of menial, gig economy side-hustles — charging e-scooters, shopping for rich people's produce, driving ride-share.
The school's administrator was even played by Silicon Valley actor Zach Woods, who delivered one of the episode's harshest lines, notes The A.V. Club.

"Staging a Norma Rae-style revolt at how the 'non-gifted' students are being trained to do everyone else's dirty work, Lisa's brought up short with a startled 'Eep' by Woods' administrator asking, 'Isn't that the point of a gifted class?'"

Long-time Slashdot reader theodp writes: A Microsoft blog post notes the company has lined up K-12 educators to sing the praises of Minecraft Education Edition at the Future of Education Technology Conference, where it'll also be pitching Microsoft Education in general. A 2019 Recap of Minecraft: Education Edition (and an accompanying video) highlight Microsoft's success in getting teachers to use Minecraft to teach subjects across the K-12 curriculum, not just Hour of Code tutorials. Microsoft's ambitions for Minecraft were tipped in a 2015 press release, which included the lofty claim that "Minecraft has the power to transform learning on a global scale...."

There are some teacher walkthrough videos available for review, like the unlisted one for Math Bed Wars! , a Common Core-aligned Minecraft-based lesson that teaches multiplication commutativity ("Students build arrays to show commutative properties of multiplication while constructing defenses as part of a Minecraft mini-game"). The lesson plan for Math Bed Wars! warns that children who fail to get enough hands-on Minecraft play time aren't likely to get much of a math education:

"While there is not much actually doing of math in the section of the lesson plan, it is by far the most important. It is in the game play where they get its meaning, and deeper thinking happens. For example, they will start thinking how to use math to build strategically. However, the most important part is what it does for the students' engagement across math. So please give them at least 30 minutes of game play, even if you have to break up the lesson into two days."

Is it okay for schools to make children play Microsoft Minecraft if the kids want to learn math and other subjects?