The Washington Post details a vision of home security "pitched by Sauron, a Silicon Valley start-up boasting a waiting list of tech CEOs and venture capitalists." In the future, your home will feel as safe from intruders as a state-of-the-art military base. Cameras and sensors surveil the perimeter, scanning bystanders' faces for potential threats. Drones from a "deterrence pod" scare off trespassers by projecting a searchlight over any suspicious movements. A virtual view of the home is rendered in 3D and updated in real time, just like a Tesla's digital display. And private security agents monitor alerts from a central hub.... By incorporating technology developed for autonomous vehicles, robotics and border security, Sauron has built a supercharged burglar alarm [argued Sauron co-founder Kevin Hartz, a tech entrepreneur and former partner at Peter Thiel's venture firm Founders Fund]...

For many tech elites, security is both a national priority and a growing concern in their personal lives... After the presidential election last month, the start-up incubator Y Combinator put out a request for "public safety technology" companies, such as those that produce tools that facilitate a neighborhood watch or technology that uses computer vision to identify "suspicious activities or people in distress from video feeds...." Sauron has raised $18 million in funding from executives behind Flock Safety and Palantir, the data analytics firm, [and] defense tech investors such as 8VC, a venture firm started by Palantir co-founder Joe Lonsdale... Sauron is targeting homeowners at the high end of the real estate market, beginning with a private event at Abraham's home on Thursday, during Art Basel Miami Beach, the annual art exhibition that attracts collectors from around the world. The company plans to launch in San Francisco early next year, before expanding to Los Angeles and Miami...

Big Tech companies haven't deployed tools such as facial recognition as aggressively as Hartz would like. "If somebody comes onto my property, I feel like I should know who that is," Hartz said... In recent years massive investments have driven down the cost of drones, high-resolution cameras and lidar sensors, which use light detection to create 3D maps. Sauron uses lower-cost hardware and tools like facial recognition, combined with custom-built software adapted for residential use. For facial recognition, it will use a third-party service called Paravision... Sauron is still figuring out how to incorporate drones, but it is already imagining more aggressive countermeasures, Hartz said. "Is it a machine that could take out a bad actor with a bullet or something?"

India has struck a landmark $715 million deal with 30 global academic publishers to provide nationwide free access to nearly 13,000 research journals. The "One Nation One Subscription" initiative, launching January 2025, will benefit an estimated 18 million students and researchers. The agreement, which surpasses similar arrangements in Germany and the UK, marks a significant shift in India's academic publishing landscape, despite the country's position as the world's third-largest producer of research papers. Science magazine: India's is expected to encompass some 6300 government-funded institutions, which produce almost half the country's research papers. Currently, only about 2300 of these institutions have subscriptions to 8000 journals. Under the new arrangement, "universities that aren't so well funded, and can't afford many journals, will gain," said Aniket Sule of the Homi Bhabha Centre for Science Education. Specialist institutes that only subscribe to journals relevant to their field will benefit from accessing work outside their silos, he added. Colleges that want to subscribe to journals not included under this initiative can use their own funds to do so.

Some part of the $715 million will cover the fees some journals charge to publish papers open access, making them immediately free to read by anyone worldwide when published, Madalli told Science. Details of that component have not been worked out yet, but the amount will be calculated based on the country's current spending on these fees, known as article-processing charges (APCs), which are paid by authors or their institutions, Madalli says.

The ongoing cybersecurity incident affecting a North West England NHS group has forced sites to fall back on pen-and-paper operations. From a report: The Wirral University Teaching Hospital NHS Trust updated its official line on the incident on Wednesday evening, revealing new details about the case, but remains coy about the true nature of the attack.

"After detecting suspicious activity, as a precaution, we isolated our systems to ensure that the problem did not spread. This resulted in some IT systems being offline," the updated statement said.

"We have reverted to our business continuity processes and are using paper rather than digital in the areas affected. We are working closely with the national cybersecurity services and we are planning to return to normal services at the earliest opportunity."

A security researcher discovered an unprotected database belonging to SL Data Services containing over 600,000 sensitive files, including criminal histories and background checks with names, addresses, and social media accounts. The Register reports: We don't know how long the personal information was openly accessible. Infosec specialist Jeremiah Fowler says he found the Amazon S3 bucket in October and reported it to the data collection company by phone and email every few days for more than two weeks. [The info service provider eventually closed up the S3 bucket, says Fowler, although he never received any response.] In addition to not being password protected, none of the information was encrypted, he told The Register. In total, the open bucket contained 644,869 PDF files in a 713.1 GB archive.

Some 95 percent of the documents Fowler saw were labeled "background checks," he said. These contained full names, home addresses, phone numbers, email addresses, employment, family members, social media accounts, and criminal record history belonging to thousands of people. In at least one of these documents, the criminal record indicated that the person had been convicted of sexual misconduct. It included case details, fines, dates, and additional charges. While court records and sex offender status are usually public records in the US, this exposed cache could be combined with other data points to make complete profiles of people -- along with their family members and co-workers -- providing everything criminals would need for targeted phishing and/or social engineering attacks.

American hospitals and healthcare organizations would be required to adopt multi-factor authentication (MFA) and other minimum cybersecurity standards under new legislation proposed by a bipartisan group of US senators. From a report: The Health Care Cybersecurity and Resiliency Act of 2024 [PDF], introduced on Friday by US Senators Bill Cassidy (R-Louisiana), Mark Warner (D-Virginia), John Cornyn (R-Texas), and Maggie Hassan (D-New Hampshire), would, among other things, require better coordination between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) around cybersecurity in the healthcare and public health sector.

This includes giving HHS a year to implement a cybersecurity incident response plan and update the types of information displayed publicly via the department's breach reporting portal. Currently, all healthcare orgs that are considered "covered entities" under the US Health Insurance Portability and Accountability Act (HIPAA) are required to notify HHS if they are breached. The new law would require breached entities to report how many people were affected by the security incident.

It would also mandate that the portal include details on "any corrective action taken against a covered entity that provided notification of a breach" as well as "recognized security practices that were considered" during the breach investigation, plus any other information that the HHS secretary deems necessary.

A new rule passed in Texas requiring cryptocurrency miners using the grid maintained by the Energy Reliability Council of Texas (ERCOT) to register and report key details about their facilities. CoinTelegraph reports: Under the Public Utilities Commission of Texas (PUCT) rule (PDF), passed on Nov. 21, Bitcoin miners must share the location, ownership information and demand for electricity of their facilities with the state agency. Miners have only one working day after the date their facility connects to the ERCOT grid to register and must renew every calendar year on or before March 1.

ERCOT is an independent system operator representing 90% of the state's electric load. According to PUCT Chairman Thomas Gleeson, the new rule was designed to help manage the power grid as more mining facilities come online. "To ensure the ERCOT grid is reliable and meets the electricity needs of all Texans, the PUCT and ERCOT need to know the location and power needs of virtual currency miners," he said. Bitcoin miners who fail to register under the PUCT rule will face a Class A violation, which can result in up to $25,000 in daily fines.

Craig Newmark "is alarmed about potential cybersecurity risks in the U.S.," according to Yahoo Finance. The 71-year-old Craigslist founder says "our country is under attack now" in a new interview with Yahoo Finance executive editor Brian Sozzi on his Opening Bid podcast.

But Newmark also revealed what he's doing about it: [H]e started Craig Newmark Philanthropies to primarily invest in projects to protect critical American infrastructure from cyberattacks. He told Sozzi he is now spending $200 million more to address the issue, on top of an initial $100 million pledge revealed in September of this year. He encouraged other wealthy people to join him in the fight against cyberattacks. "I tell people, 'Hey, the people who protect us could use some help. The amounts of money comparatively are small, so why not help out,'" he said... The need for municipalities and other government entities to act rather than react remains paramount, warns Newmark. "I think a lot about this," said Newmark.

"I've started to fund networks of smart volunteers who can help people protect infrastructure, particularly [for] the small companies and utilities across the country who are responsible for most of our electrical and power supplies, transportation infrastructure, [and] food distribution.... A lot of these systems have no protection, so an adversary could just compromise them, saying unless you do what we need, we can start shutting off these things," he continued. Should that happen, recovery "could take weeks and weeks without your water supply or electricity."
A web page at Craig Newmark Philanthropies offers more details Craig was part of the whole "duck and cover" thing, in the 50s and 60s, and realizes that we need civil defense in the cyber domain, "cyber civil defense." This is patriotism, for regular people.

He's committed $100 million to form a Cyber Civil Defense network of groups who are starting to protect the country from cyber threats. Attacks on our power grids, our cyber infrastructure and even the internet-connected gadgets and appliances in our homes are real. If people think that's alarmist, tell them to "Blame Craig." The core of Cyber Civil Defense [launched in 2022] includes groups like Aspen Digital, Global Cyber Alliance, and Consumer Reports, focusing on citizen cyber education and literacy, cyber tool development, and cybersecurity workforce programs aimed at diversifying the growing field.
It's already made significant investments in groups like the Ransomware Task Force and threat watchdog group Shadowserver Foundation...

The GitHub Secure Open Source Fund launched this week with an initial commitment of $1.25 million, reports TechCrunch, using "capital from contributors including American Express, 1Password, Shopify, Stripe, and GitHub's own parent company Microsoft." GitHub briefly teased the new initiative at its annual GitHub Universe developer conference last month, but Tuesday it announced full details and formally opened the program for applicants, which will be reviewed "on a rolling basis" through the closing date of January 7, 2025, with programming and funding starting shortly after...

Tuesday's news builds on a number of previous GitHub initiatives designed to support project maintainers that work on key components of critical software, including GitHub Sponsors which landed in 2019 (and which is powering the new fund), but more directly the GitHub Accelerator program that launched its first cohort last year — the GitHub Secure Open Source Fund is essentially an extension of that.

"We're trying to acknowledge the fact that we're the home of open source, ultimately, and we have an obligation to help ensure that open source can continue to thrive and have the support that it needs," GitHub Chief Operating Officer Kyle Daigle told TechCrunch in an interview. Qualifying projects can be pretty much any project that has an open source license, but of course GitHub will be looking at those that need the funds most — so Kubernetes can hold fire with its application. "We're looking for the outsized impact, which tends to be big projects with few maintainers that we all rely on," Daigle said.

The sum of $1.25 million might sound like a reasonable amount, but it will be split across 125 projects, which means just $10,000 each — better than nothing, for sure, but a drop in the ocean on the grand scheme of things. However, Daigle is quick to stress that money is only part of the prize here — as with the initial accelerator program, maintainers embark on a three-week program, which includes mentorship, certification, education workshops, and ongoing access to GitHub tools.
From GitHub's announcement: Since introducing support for organizations through GitHub Sponsors, more than 5,800 organizations, including Microsoft and Stripe, have invested in maintainers and projects on GitHub, up nearly 40% YoY. Cumulatively, the platform has unlocked over $60 million in funding for maintainers to help them spend more time working on their projects.

But we know we're just scratching the surface when it comes to organizations and corporate support of open source. This summer, we partnered with the Linux Foundation and researchers from Laboratory for Innovation Science at Harvard (LISH) to learn more about the state of open source funding today. Diving in, we assessed organizations funding behaviors, potential misalignments, and opportunities to improve. In the report launched today, we found:


- Responding organizations annually invest $1.7 billion in open source, which can be extrapolated to estimate that approximately $7.7 billion is invested across the entire open source ecosystem annually.

- 86% of investment is in the form of contribution labor by employees and contractors working for the funding organization, with the remaining 14% being direct financial contributions.

- Organizations generally know how and where they contribute (65%) but lack specific clarity of their contributions (38%).

- Security efforts focus on bugs and maintenance; only a few (6%) said comprehensive security audits are a priority.


We all stand to benefit from unlocking more funding for open source. By tackling problems like open source security as an ecosystem, we believe we can help create more available funding and resources that are vital to the sustainability of open source. Not every open source project or maintainer has access to funding and training for security. That's why we created a fund that everyone potentially eligible can apply for...

This is the beginning of a journey into helping find ways to secure open source. On its own, it's not the answer, but we are confident it will help. We will be monitoring the impact of these investments and share what we learn as we go.

"You can use any Linux distribution inside of the Windows Subsystem for Linux" Microsoft recently reminded Windows users, "even if it is not available in the Microsoft Store, by importing it with a tar file."

But being an official distro "makes it easier for Windows Subsystem for Linux users to install and discover it with actions like wsl --list --online and wsl --install," Microsoft pointed out this week. And "We're excited to announce that Red Hat will soon be delivering a Red Hat Enterprise Linux WSL distro image in the coming months..."

Thank you to the Red Hat team as their feedback has been invaluable as we built out this new architecture, and we're looking forwards to the release...! Ron Pacheco, senior director, Red Hat Enterprise Linux Ecosystem, Red Hat says:

"Developers have their preferred platforms for developing applications for multiple operating systems, and WSL is an important platform for many of them. Red Hat is committed to driving greater choice and flexibility for developers, which is why we're working closely with the Microsoft team to bring Red Hat Enterprise Linux, the largest commercially available open source Linux distribution, to all WSL users."
Read Pacheco's own blog post here.

But in addition Microsoft is also releasing "a new way to make WSL distros," they announced this week, "with a new architecture that backs how WSL distros are packaged and installed." Up until now, you could make a WSL distro by either creating an appx package and distributing it via the Microsoft Store, or by importing a .tar file with wsl -import. We wanted to improve this by making it possible to create a WSL distro without needing to write Windows code, and for users to more easily install their distros from a file or network share which is common in enterprise scenarios... With the tar based architecture, you can start with the same .tar file (which can be an exported Linux container!) and just edit it to add details to make it a WSL distro... These options will describe key distro attributes, like the name of the distro, its icon in Windows, and its out of box experience (OOBE) which is what happens when you run WSL for the first time. You'll notice that the oobe_command option points to a file which is a Linux executable, meaning you can set up your full experience just in Linux if you wish.

Longtime Slashdot reader mspohr shares a report from Gizmodo: Hackers for the Chinese government were able to deeply penetrate U.S. telecommunications infrastructure in ways that President Joe Biden's administration hasn't yet acknowledged, according to new reports from the Washington Post and New York Times. The hackers were able to listen to phone calls and read text messages, reportedly exploiting the system U.S. authorities use to wiretap Americans in criminal cases. The worst part? The networks are still compromised and it may take incredibly drastic measures to boot them from U.S. systems.

The hackers behind the infiltration of U.S. telecom infrastructure are known to Western intelligence agencies as Salt Typhoon, and this particular breach of U.S. equipment was first reported in early October by the Wall Street Journal. But Sen. Mark Warner, a Democrat from Virginia, spoke with the Washington Post and New York Times this week to warn the public that this is so much worse than we initially thought, dubbing it "the worst telecom hack in our nation's history." And those articles based on Warner's warnings were published late Thursday.

Hackers weren't able to monitor or intercept anything encrypted, according to the Times, which means that conversations over apps like Signal and Apple's iMessage were probably protected. But end-to-end encryption over texts between Apple devices and Android devices, for instance, aren't encrypted in the same way, meaning they were vulnerable to interception by Salt Typhoon, according to the Times. The details about how the hackers were able to push so deeply into U.S. systems are still scarce, but it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.

An anonymous reader quotes a report from Reuters: Google has sued one of its former engineers in Texas federal court, accusing him of stealing trade secrets related to its chip designs and sharing them publicly on the internet. The lawsuit, filed on Tuesday (PDF), said that Harshit Roy "touted his dominion" over the secrets in social media posts, tagging competitors and making threatening statements to the company including "I need to take unethical means to get what I am entitled to" and "remember that empires fall and so will you."

Google hired Roy in 2020 to develop computer chips used in Google Pixel devices like smartphones. Google said in the lawsuit that Roy resigned in February and moved from Bangalore, India to the United States in August to attend a doctorate program at the University of Texas at Austin. According to the complaint, Roy began posting confidential Google information to his X account later that month along with "subversive text" directed at the company, such as "don't expect me to adhere to any confidentiality agreement." The posts included photographs of internal Google documents with specifications for Pixel processing chips.

The lawsuit said that Roy ignored Google's takedown requests and has posted additional trade secrets to X and LinkedIn since October. Google alleged that Roy tagged competitors Apple and Qualcomm in some of the posts, "presumably to maximize the potential harm of his disclosure." Google's complaint also said that several news outlets have published stories with confidential details about Google's devices based on the information that Roy leaked. Google asked the court for an unspecified amount of monetary damages and court orders blocking Roy from using or sharing its secrets.

The Register's Simon Sharwood reports: Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it. The Center's somewhat maudlin advice is motivated by recent incidents in which citizens struggled to cancel subscriptions their loved ones signed up for before their demise, because they didn't know their usernames or passwords. The resulting "digital legacy" can be unpleasant to resolve, the agency warns, so suggested four steps to simplify ensure our digital legacies aren't complicated:

- Ensuring family members can unlock your smartphone or computer in case of emergency;
- Maintain a list of your subscriptions, user IDs and passwords;
- Consider putting those details in a document intended to be made available when your life ends;
- Use a service that allows you to designate someone to have access to your smartphone and other accounts once your time on Earth ends.

The Center suggests now is the time for it to make this suggestion because it is aware of struggles to discover and resolve ongoing expenses after death. With smartphones ubiquitous, the org fears more people will find themselves unable to resolve their loved ones' digital affairs -- and powerless to stop their credit cards being charged for services the departed cannot consume.

Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability. From a report: Most of the details about the bug are being kept under wraps given the potential for wide exploitation. The vendor hasn't assigned it a CVE identifier or really said much about it at all other than that it's a buffer overflow bug that leads to unauthenticated RCE.

Unauthenticated RCE issues are essentially as bad as vulnerabilities get, and D-Link warned that if customers continued to use the affected products, the devices connected to them would also be put at risk. Previous bugs in similar products from other vendors have carried warnings that attackers could exploit them to install rootkits and use that persistent access to surveil an organization's web traffic, potentially stealing data such as credentials. Further reading: D-Link Won't Fix Critical Flaw Affecting 60,000 Older NAS Devices.

An anonymous reader quotes a report from The Register: Framework CEO Nirav Patel had one of the bravest tech demos that we've seen at a conference yet -- modifying a Framework Laptop from x86 to RISC-V live on stage. In the five-minute duration of one of the Ubuntu Summit's Lightning Talks, he opened up a Framework machine, removed its motherboard, installed a RISC-V-powered replacement, reconnected it, and closed the machine up again. All while presenting the talk live, and pretty much without hesitation, deviation, or repetition. It was an impressive performance, and you can watch it yourself at the 8:56:30 mark in the video recording.

Now DeepComputing is taking orders for the DC-ROMA board, at least to those in its early access program. The new main board is powered by a StarFive JH7110 System-on-Chip. (Note: there are two tabs on the page, for both the JH7110 and JH7100, and we can't link directly to the latter.) CNX Software has more details about the SoC. Although the SoC has six CPU cores, two are dedicated processors, making it a quad-core 64-bit device. The four general-purpose cores are 64-bit and run at up to 1.5 GHz. It supports 8 GB of RAM and eMMC storage. [...]

In our opinion, RISC-V is not yet competitive with Arm in performance. However, this is a real, usable, general-purpose computer, based on an open instruction set. That's no mean feat, and it's got more than enough performance for less demanding work. It's also the first third-party main board for the Framework hardware, which is another welcome achievement. The company has now delivered several new generations of hardware, including a 16-inch model, and continues to upgrade its machines' specs.

jojowombl shares a report from The Guardian: Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker -- and not its government customers -- is the party that "installs and extracts" information from mobile phones targeted by the company's hacking software. The new details were contained in sworn depositions from NSO Group employees, portions of which were published for the first time on Thursday.

It comes five years after WhatsApp, the popular messaging app owned by Facebook, first announced it was filing suit against NSO. The company, which was blacklisted by the Biden administration in 2021, makes what is widely considered the world's most sophisticated hacking software, which -- according to researchers -- has been used in the past in Saudi Arabia, Dubai, India, Mexico, Morocco and Rwanda. [...] At the heart of the legal fight was an allegation by WhatsApp that NSO had long denied: that it was the Israeli company itself, and not its government clients around the world, who were operating the spyware. NSO has always said that its product is meant to be used to prevent serious crime and terrorism, and that clients are obligated not to abuse the spyware. It has also insisted that it does not know who its clients are targeting. [...]

To make its case, WhatsApp was allowed by Judge Phyllis Hamilton to make its case, including citing depositions that have previously been redacted and out of public view. In one, an NSO employee said customers only needed to enter a phone number of the person whose information was being sought. Then, the employee said, "the rest is done automatically by the system." In other words, the process was not operated by customers. Rather NSO alone decided to access WhatsApp's servers when it designed (and continuously upgraded) Pegasus to target individuals' phones. A spokesperson for NSO, Gil Lainer, said in a statement: "NSO stands behind its previous statements in which we repeatedly detailed that the system is operated solely by our clients and that neither NSO nor its employees have access to the intelligence gathered by the system. We are confident that these claims, like many others in the past, will be proven wrong in court, and we look forward to the opportunity to do so."

Server maker Super Micro Computer is facing mounting challenges after EY resigned as its auditor on October 24, citing concerns about management's integrity and ethical values. EY's departure came just months after replacing Deloitte & Touche, which had audited Super Micro for two decades through June 2023.

The resignation raises questions about potential issues Deloitte may have missed. Super Micro has appointed a special committee and hired legal and forensic accounting firms to investigate, though details remain undisclosed. The company faces a November 16 deadline to submit a compliance plan to Nasdaq regarding delayed financial reports. A former employee's lawsuit alleges improper revenue recognition between 2020-2022 under Deloitte's watch, prompting a Justice Department investigation. WSJ adds: Persuading another major audit firm to sign on under the current circumstances would be an impressive feat. EY in its resignation letter said it was "unwilling to be associated with the financial statements prepared by management."

Why would any other auditor feel differently?

British telecom Virgin Media O2 has deployed an AI tool to combat phone scammers by wasting their time with fake conversations, the company said. The AI system, named Daisy, uses voice synthesis to mimic an elderly woman and engages fraudsters in lengthy discussions about fictitious family members or provides false bank details, keeping them occupied for up to 40 minutes per call.

Virgin Media O2 embedded phone numbers connected to Daisy within scammer call lists targeting vulnerable individuals. The system, developed with help from anti-scam YouTuber Jim Browning, automatically transcribes incoming calls and generates responses without human intervention.

Further reading: Google Rolls Out Call Screening AI To Thwart Phone Fraudsters.

Rocket Lab says it has signed the first customer for its Neutron launch vehicle, with a launch planned for mid-2025. SpaceNews reports: The company announced Nov. 12 that it signed a contract with an undisclosed "commercial satellite constellation operator" for two launches of Neutron, one in mid-2026 and the other in 2027, a deal that could lead to additional launches for the same customer. "We see this agreement as an important opportunity that signifies the beginning of a productive collaboration that could see Neutron deploy this particular customer's entire constellation," Peter Beck, chief executive of Rocket Lab, said in an earnings call Nov. 12 to discuss the company's third quarter financial results. [...]

Beck said Rocket Lab is "deep into the qualification testing" of flight hardware, including vehicle structures and the Archimedes engine, which was hotfired for the first time in August at the Stennis Space Center in Mississippi. "Our engine test cadence in Mississippi has doubled over the quarter, and we've bought multiple engines to the test stand," he said. Neutron is a key part of the company's ambitions to deploy its own constellation, something that Beck has hinted at in some previous earnings calls. His presentation called that constellation the third pillar for Rocket Lab, after launch services and spacecraft production, both of which support the constellation.

"We're not ready to reveal details on what this constellation or application may be," he said, "but I think it's important to understand the strong foundation we've built up across launch and space systems to enable it in due course." That includes Neutron, with Beck citing SpaceX's use of Falcon 9 to deploy its Starlink constellation. "Everything is irrelevant without a reusable high cadence launch. So, Neutron is really the key to unlocking that."

An anonymous reader quotes a report from The Register: Royal assent was granted to two right to repair bills last week that amend Canada's Copyright Act to allow the circumvention of technological protection measures (TPMs) if this is done for the purposes of "maintaining or repairing a product, including any related diagnosing," and "to make the program or a device in which it is embedded interoperable with any other computer program, device or component." The pair of bills allow device owners to not only repair their own stuff regardless of how a program is written to prevent such non-OEM measures, but said owners can also make their devices work with third-party components without needing to go through the manufacturer to do so.

Bills C-244 (repairability) and C-294 (interoperability) go a long way toward advancing the right to repair in Canada and, as iFixit pointed out, are the first federal laws anywhere that address how TPMs restrict the right to repair -- but they're hardly final. TPMs can take a number of forms, from simple administrative passwords to encryption, registration keys, or even the need for a physical object like a USB dongle to unlock access to copyrighted components of a device's software. Most commercially manufactured devices with proprietary embedded software include some form of TPM, and neither C-244 nor C-294 place any restrictions on the use of such measures by manufacturers. As iFixit points out, neither Copyright Act amendments do anything to expand access to the tools needed to circumvent TPMs. That puts Canadians in a similar position to US repair advocates, who in 2021 saw the US Copyright Office loosen DMCA restrictions to allow limited repairs of some devices despite TPMs, but without allowing access to the tools needed to do so. [...]

Canadian Repair Coalition co-founder Anthony Rosborough said last week that the new repairability and interoperability rules represent considerable progress, but like similar changes in the US, don't actually amount to much without the right to distribute tools. "New regulations are needed that require manufacturers and vendors to ensure that products and devices are designed with accessibility of repairs in mind," Rosborough wrote in an op-ed last week. "Businesses need to be able to carry out their work without the fear of infringing various intellectual property rights."

When a volcano erupted in 1980 about 70 miles from Portland, "lava incinerated anything living for miles around," remembers an announcement from the University of California at Riverside. But "As an experiment, scientists later dropped gophers onto parts of the scorched mountain for only 24 hours.

"The benefits from that single day were undeniable — and still visible 40 years later." Once the blistering blast of ash and debris cooled, scientists theorized that, by digging up beneficial bacteria and fungi, gophers might be able to help regenerate lost plant and animal life on the mountain. Two years after the eruption, they tested this theory. "They're often considered pests, but we thought they would take old soil, move it to the surface, and that would be where recovery would occur," said UC Riverside microbiologist Michael Allen.

They were right. But the scientists did not expect the benefits of this experiment would still be visible in the soil today, in 2024. A paper out this week in the journal Frontiers in Microbiomes details an enduring change in the communities of fungi and bacteria where gophers had been, versus nearby land where they were never introduced. "In the 1980s, we were just testing the short-term reaction," said Allen. "Who would have predicted you could toss a gopher in for a day and see a residual effect 40 years later?"

In 1983, Allen and Utah State University's James McMahon helicoptered to an area where the lava had turned the land into collapsing slabs of porous pumice. At that time, there were only about a dozen plants that had learned to live on these slabs. A few seeds had been dropped by birds, but the resulting seedlings struggled. After scientists dropped a few local gophers on two pumice plots for a day, the land exploded again with new life. Six years post-experiment, there were 40,000 plants thriving on the gopher plots. The untouched land remained mostly barren.
All this was possible because of what isn't always visible to the naked eye. Mycorrhizal fungi penetrate into plant root cells to exchange nutrients and resources. They can help protect plants from pathogens in the soil, and critically, by providing nutrients in barren places, they help plants establish themselves and survive.
Mycorrhizal fungi also helped an old-growth forest survive, accoridng to the researchers — even after volcano ash had caused them to drop their needles...