An anonymous reader quotes a report from Ars Technica: Researchers have uncovered malware designed to disrupt electric power transmission and may have been used by the Russian government in training exercises for creating or responding to cyberattacks on electric grids. Known as CosmicEnergy, the malware has capabilities that are comparable to those found in malware known as Industroyer and Industroyer2, both of which have been widely attributed by researchers to Sandworm, the name of one of the Kremlin's most skilled and cutthroat hacking groups.

Researchers from Mandiant, the security firm that found CosmicEnergy, wrote: "COSMICENERGY is the latest example of specialized OT malware capable of causing cyber physical impacts, which are rarely discovered or disclosed. What makes COSMICENERGY unique is that based on our analysis, a contractor may have developed it as a red teaming tool for simulated power disruption exercises hosted by Rostelecom-Solar, a Russian cyber security company. Analysis into the malware and its functionality reveals that its capabilities are comparable to those employed in previous incidents and malware, such as INDUSTROYER and INDUSTROYER.V2, which were both malware variants deployed in the past to impact electricity transmission and distribution via IEC-104. The discovery of COSMICENERGY illustrates that the barriers to entry for developing offensive OT capabilities are lowering as actors leverage knowledge from prior attacks to develop new malware. Given that threat actors use red team tools and public exploitation frameworks for targeted threat activity in the wild, we believe COSMICENERGY poses a plausible threat to affected electric grid assets. OT asset owners leveraging IEC-104 compliant devices should take action to preempt potential in the wild deployment of COSMICENERGY."

Right now, the link is circumstantial and mainly limited to a comment found in the code suggesting it works with software designed for training exercises sponsored by the Kremlin. Consistent with the theory that CosmicEnergy is used in so-called Red Team exercises that simulate hostile hacks, the malware lacks the ability to burrow into a network to obtain environment information that would be necessary to execute an attack. The malware includes hardcoded information object addresses typically associated with power line switches or circuit breakers, but those mappings would have to be customized for a specific attack since they differ from manufacturer to manufacturer. "For this reason, the particular actions intended by the actor are unclear without further knowledge about the targeted assets," Mandiant researchers wrote.

According to email addresses associated with Z-Library, more than 600,000 students and teachers are using the pirate eBook repository. TorrentFreak notes that this is "likely an underestimation," especially since the United States is excluded from the analysis. From the report: The team analyzed its user database to check how many user email-addresses are linked to universities, colleges and schools. This gives an impression of how many students and employees use the site but it's likely a low estimate, as students may very well use their personal email addresses to sign up. Still, the overall outcome and the global distribution of users is worth highlighting. China is the top country in absolute numbers, followed by India and Indonesia. This is no surprise, perhaps, as these countries also have the largest populations. Looking at the full database, Z-Library linked 600,000 email addresses to a total of 30,000 educational institutions around the world.

The only country missing from the top list, population-wise, is the United States. Z-Library notes that it intentionally excluded the country due to the criminal prosecution of two of the site's alleged operators. "It should be noted that when compiling statistics, we excluded all data related to the United States due to illegal arrest of two Russian citizens on suspicion of involvement in Z-Library," the shadow library writes on Telegram. There are also some relatively smaller countries in the top list, such as Australia. With a population of just over 25 million, Z-Library is relatively popular there, beating Brazil and Vietnam, which both have much larger populations.

The Australian Monash University also gets a special mention. Apparently, it is the educational institution where users have created the most public booklists. These lists are personal book collections that can be focused on any theme, including educational topics. Trinity College Dublin, in Ireland, is the runner-up based on the number of created booklists. It's worth a separate mention, however, as it also appears in the top 5 universities that donated to Z-Library. The list of most avid Z-Library supported is led by the top Chinese universities, which are grouped for the purpose of this analysis.

The head of the world's leading carbon credit certifier has announced he will step down as CEO next month. From a report: It comes amid concerns that Verra, a Washington-based nonprofit, approved tens of millions of worthless offsets that are used by major companies for climate and biodiversity commitments, according to a joint Guardian investigation earlier this year. In a statement on LinkedIn on Monday, Verra's CEO, David Antonioli, said he would leave his role after 15 years leading the organisation that dominates the $2bn voluntary carbon market, which has certified more than 1bn credits through its verified carbon standard (VCS).

Antonioli thanked current and former staff, and said he was immensely proud of what Verra had accomplished through the environmental standards it operates. He did not give a reason for his departure and said he would be taking a break once he left the role. Judith Simon, Verra's recently appointed president, will serve as interim CEO following Antonioli's departure on 16 June. "The trust you placed in Verra and myself in my role as CEO has meant a lot, and I leave knowing we have made tremendous strides together in addressing some of the world's most vexing environmental and social problems. Working with you on these important issues has been a great highlight of my career," he said.

A dozen poor countries are facing economic instability and even collapse under the weight of hundreds of billions of dollars in foreign loans, much of them from the world's biggest and most unforgiving government lender, China. From a report: An Associated Press analysis of a dozen countries most indebted to China -- including Pakistan, Kenya, Zambia, Laos and Mongolia -- found paying back that debt is consuming an ever-greater amount of the tax revenue needed to keep schools open, provide electricity and pay for food and fuel. And it's draining foreign currency reserves these countries use to pay interest on those loans, leaving some with just months before that money is gone. Behind the scenes is China's reluctance to forgive debt and its extreme secrecy about how much money it has loaned and on what terms, which has kept other major lenders from stepping in to help. On top of that is the recent discovery that borrowers have been required to put cash in hidden escrow accounts that push China to the front of the line of creditors to be paid.

Countries in AP's analysis had as much as 50% of their foreign loans from China and most were devoting more than a third of government revenue to paying off foreign debt. Two of them, Zambia and Sri Lanka, have already gone into default, unable to make even interest payments on loans financing the construction of ports, mines and power plants. In Pakistan, millions of textile workers have been laid off because the country has too much foreign debt and can't afford to keep the electricity on and machines running. In Kenya, the government has held back paychecks to thousands of civil service workers to save cash to pay foreign loans. The president's chief economic adviser tweeted last month, "Salaries or default? Take your pick."

An anonymous reader quotes a report from TechCrunch: Seven weeks after Alibaba announced its historic restructuring plan to split itself into six independent companies, the juggernaut is gearing up to spin off its intelligence group. Alibaba went public in New York back in 2014, marking the largest IPO at the time. Not long after Hong Kong relaxed rules around dual-class structures, which allow founders to retain certain control while opening the company to outside investment, in 2019, Alibaba sought a secondary listing in the city. Rising tensions between the U.S. and China also prompted many Chinese companies to retreat from the NASDAQ and NYSE in recent years.

"We are taking concrete steps towards unlocking value from our businesses and are pleased to announce that our board has approved a full spin-off of the Cloud Intelligence Group via a stock dividend distribution to shareholders, with intention for it to become an independent publicly listed company," Daniel Zhang, chairman and chief executive officer of Alibaba Group, announced in the firm's earnings report today. Zhang is also one of the cloud arm's board of directors. Alibaba aims to complete the spinoff in the next 12 months and plans to include external strategic investors in the group through private financings.

You might not be familiar with Alibaba's cloud intelligence group, but think of its main product lines roughly as "AWS+Slack+OpenAI". Its cloud business Alibaba Cloud dominates China's market. Globally, Alibaba Cloud was the third largest infrastructure-as-a-service (IaaS) public cloud provider in 2021, according to market research firm Gartner. Add platform-as-a-service (PaaS) and private cloud to the mix, Alibaba came in fourth in Q4 2021, according to another market insight firm Synergy Research Group. Alibaba's Dingtalk, an enterprise chat app and productivity platform, surpassed 600 million users as of Q3 2022, with 15 million paid daily active users and 23 million enterprise users, the company said previously. [...] It makes sense that Alibaba is grouping its cloud business and AI research team under one umbrella as these two go hand in hand. With each new breakthrough in AI, the amount of computational power needed to train data increases exponentially -- so does the cost. "The cloud business generated $2.7 billion in revenue during the first quarter, making up 9% of Alibaba's total revenues," notes TechCrunch. You can read a deep dive into the cloud spinout here.

An anonymous reader quotes a report from VentureBeat: Nintendo announced today that Tears of the Kingdom sold 10 million copies within the first three days of its launch. This makes it, according to the company, the fastest-selling title in The Legend of Zelda series. Market analysis company GfK revealed earlier this week that Tears of the Kingdom had the biggest physical release of any game in the UK in 2023, and the second-biggest launch in UK history by revenue. Link's latest adventure looks poised to break several more records within the next several months. "The Legend of Zelda: Tears of the Kingdom is the fastest-selling game in the Americas for any Nintendo system ever, and one of the hottest games worldwide for the Switch," adds Axios. "Tears of the Kingdom is on track to potentially become 2023's best-selling video game."

An anonymous reader quotes a report from Ars Technica: Researchers on Tuesday unveiled a major discovery -- malicious firmware that can wrangle a wide range of residential and small office routers into a network that stealthily relays traffic to command-and-control servers maintained by Chinese state-sponsored hackers. A firmware implant, revealed in a write-up from Check Point Research, contains a full-featured backdoor that allows attackers to establish communications and file transfers with infected devices, remotely issue commands, and upload, download, and delete files. The implant came in the form of firmware images for TP-Link routers. The well-written C++ code, however, took pains to implement its functionality in a "firmware-agnostic" manner, meaning it would be trivial to modify it to run on other router models.

The main purpose of the malware appears to relay traffic between an infected target and the attackers' command and control servers in a way that obscures the origins and destinations of the communication. With further analysis, Check Point Research eventually discovered that the control infrastructure was operated by hackers tied to Mustang Panda, an advanced persistent threat actor that both the Avast and ESET security firms say works on behalf of the Chinese government.

The researchers discovered the implant while investigating a series of targeted attacks against European foreign affairs entities. The chief component is a backdoor with the internal name Horse Shell. The three main functions of Horse Shell are: a remote shell for executing commands on the infected device; file transfer for uploading and downloading files to and from the infected device; and the exchange of data between two devices using SOCKS5, a protocol for proxying TCP connections to an arbitrary IP address and providing a means for UDP packets to be forwarded. The SOCKS5 functionality seems to be the ultimate purpose of the implant. By creating a chain of infected devices that establish encrypted connections with only the closest two nodes (one in each direction), it's difficult for anyone who stumbles upon one of them to learn the origin or ultimate destination or the true purpose of the infection. As Check Point researchers wrote: "Learning from history, router implants are often installed on arbitrary devices with no particular interest, with the aim to create a chain of nodes between the main infections and real command and control," Check Point researchers wrote in a shorter write-up. "In other words, infecting a home router does not mean that the homeowner was specifically targeted, but rather that they are only a means to a goal."

According to S&P Global Mobility, the average age of light vehicles on the road in the U.S. is now at an all-time high of 12.5 years, up three months from 2022. Two decades ago, their average was 9.7 years. Axios reports: The impact: The transition from gas to electric cars will take decades.

It'll likely take until at least 2050 -- and possibly longer -- before most gas-powered cars are off the road, Campau says.

Of note: EV longevity is going in the opposite direction. Their average age fell from 3.7 years in 2022 to 3.6 years in 2023, in part due to an upswing in new purchases.

By the numbers: About 6.6% of battery-powered EVs bought between 2013-2022 have left the passenger fleet, compared with 5.2% of non-EVs -- but [...] it's too early to know why. EVs generally come with an 8-year, 100,000-mile warranty -- but early evidence suggests they last longer than that, according to an analysis by Recurrent, which tracks battery data. Carmakers say electric cars should last 15 to 20 years, but modern EVs haven't been around long enough to validate that claim. The report projects that there will be fewer than 100 million passenger cars on the road within the next 18-24 months -- a low not seen since 1978. By 2028, at least 7 in 10 vehicles on the road will be pickups, SUVs or crossovers.

An anonymous reader quotes a report from Ars Technica: Microsoft cloud services are scanning for malware by peeking inside users' zip files, even when they're protected by a password, several users reported on Mastodon on Monday. Compressing file contents into archived zip files has long been a tactic threat actors use to conceal malware spreading through email or downloads. Eventually, some threat actors adapted by protecting their malicious zip files with a password the end user must type when converting the file back to its original form. Microsoft is one-upping this move by attempting to bypass password protection in zip files and, when successful, scanning them for malicious code.

While analysis of password-protected in Microsoft cloud environments is well-known to some people, it came as a surprise to Andrew Brandt. The security researcher has long archived malware inside password-protected zip files before exchanging them with other researchers through SharePoint. On Monday, he took to Mastodon to report that the Microsoft collaboration tool had recently flagged a zip file, which had been protected with the password "infected." "While I totally understand doing this for anyone other than a malware analyst, this kind of nosy, get-inside-your-business way of handling this is going to become a big problem for people like me who need to send their colleagues malware samples," Brandt wrote. "The available space to do this just keeps shrinking and it will impact the ability of malware researchers to do their jobs."

Fellow researcher Kevin Beaumont joined the discussion to say that Microsoft has multiple methods for scanning the contents of password-protected zip files and uses them not just on files stored in SharePoint but all its 365 cloud services. One way is to extract any possible passwords from the bodies of email or the name of the file itself. Another is by testing the file to see if it's protected with one of the passwords contained in a list. "If you mail yourself something and type something like 'ZIP password is Soph0s', ZIP up EICAR and ZIP password it with Soph0s, it'll find (the) password, extract and find (and feed MS detection)," he wrote. "A Google representative said the company doesn't scan password-protected zip files, though Gmail does flag them when users receive such a file," notes Ars.

"One other thing readers should remember: password-protected zip files provide minimal assurance that content inside the archives can't be read. As Beaumont noted, ZipCrypto, the default means for encrypting zip files in Windows, is trivial to override. A more dependable way is to use an AES-256 encryptor built into many archive programs when creating 7z files."

According to the Financial Times, OpenAI CEO Sam Altman is close to raising around $100 million in funding for his Worldcoin cyrpto project. Markets Insider reports: Worldcoin is in advanced talks to raise the cash from both new and existing investors ahead of a potential launch within the next few weeks, the Financial Times said Sunday, citing three people with knowledge of the deal. The startup wants to use eyeball-scanning technology to create a digital identification system that would give people across the globe access to a free crypto token called Worldcoin. It's previously received backing from Andreessen Horowitz's crypto fund, Coinbase's VC arm Coinbase Ventures, and FTX founder Sam Bankman-Fried.

Worldcoin pulled in $100 million from investors last year through a token sale that valued the company at around $3 billion, according to a report by The Information from March 2022. That fundraising effort came before a bruising period for crypto in which flagship tokens like bitcoin and ether cratered in price and high-profile companies including Bankman-Fried's FTX collapsed. "It's a bear market, a crypto winter. It's remarkable for a project in this space to get this amount of investment," one of the FT's sources told the publication.

The college graduates who fill white-collar jobs in the San Francisco area began to leave in growing numbers about a decade ago. From a report: More and more have moved to other parts of the country -- an accelerating outflow of educated workers that, in a poorer part of America, might be thought of as brain drain. When the pandemic arrived, these departures surged so sharply that the San Francisco area has lately lost more educated workers than have moved in. Over this same time, a similar pattern has been taking shape on the other side of the country. (Charts in the linked story.) And in the New York area, long a net exporter of graduates, swelling losses have reinforced the trend: Educated workers, dating to even before the pandemic, have been migrating away from the most prosperous parts of the country.

This pattern, visible in an Upshot analysis of census microdata, is startling in retrospect. Major coastal metros have been hubs of the kind of educated workers coveted most by high-powered employers and economic development officials. Economists have lamented the growing coastal concentration of their wealth. A politics of resentment in America has fed on it, too. These urban centers have become a class of their own -- "superstar cities" -- with outsize impact on the American economy fueled by the clustering of workers with degrees. But it appears in domestic migration data that, years after lower-wage residents have been priced out of expensive coastal metros, higher-paid workers are now turning away from them, too.

Working-age Americans with a degree are still flowing into these regions from other parts of the country, often in large numbers. But as the pool leaving grows faster, that educational advantage is eroding. Boston's pull with college graduates has weakened. Seattle's edge vanished during the pandemic. And the analysis shows San Francisco, San Jose, Los Angeles and Washington all crossing a significant threshold: More college-educated workers left than moved in. For most of this century, large metros with a million residents or more have received all of the net gains from college-educated workers migrating around the country, at the expense of smaller places. But among those large urban areas, the dozen metros with the highest living costs -- nearly all of them coastal -- have had a uniquely bifurcated migration pattern: As they saw net gains from college graduates, they lost large numbers of workers without degrees.

As smoke began filling the cabin, an airplane passenger saw sparks and fire bursting from a bag in the seat directly behind her — which turned out to be a "smoky flashing lithium battery, which had begun smoldering in a carry-on bag," according to CBS News.

The flight crew contained the situation, and "Airport fire trucks met the plane on the runway and everyone evacuated safely." But a CBS News Investigation "has discovered similar incidents have been happening much more frequently in the skies over the United States." The FAA verifies the number of lithium-Ion battery fires jumped more 42% in the last five years. A CBS News analysis of the FAA's data found that since 2021 there's been at least one lithium battery incident on a passenger plane somewhere in the U.S., on average, once every week...

Some airlines are taking action to control the growing number of fires. They are using specialized "thermal containment" bags designed for flight crews to use if a lithium battery starts heating up to the point where it's smoking or burning. Mechanical engineers at the University of Texas at Austin say the bags can effectively contain fire and keep it from spreading, but don't extinguish it.
In a video accompanying the article, an engineering professor at the university's Fire Research Group even showed a lithium-ion battery fire that continued burning undewater. "You can't put it out. It's a fire within the cell. So, you've got fuel, oxygen, heat in the cell, all." (The article also notes a startup called Pure Lithium is working on a new kind of non-flammable battery using lithium metal cells instead of lithium ion).

Guidelines from America's Federal Aviation Administration require spare lithium-ion batteries be kept with passengers (and not checked) — and prohibits passengers from bringing onboard damaged or recalled batteries and battery-powered devices.

Thanks to long-time Slashdot reader khb for sharing the article.

ZDNet reports that Jim Zemlin, executive director at the Linux Foundation, recently noted rounds of tech-industry layoffs "in the name of cost-cutting." But then Zemlin added that "open source is countercyclical to these trends. The Linux Foundation itself, for instance, had its best first quarter ever."

As Hilary Carter, SVP of research and communications at the Linux Foundation, said in her keynote speech at Open Source Summit North America in Vancouver, Canada: "In spite of what the headlines are saying, the facts are 57% of organizations are adding workers this year." Carter was quoting figures from the Linux Foundation's latest job survey, which was released at the event.

Other research also points to brighter signs in tech employment trends. CompTIA's recent analysis of the latest Bureau of Labor Statistics (BLS) data suggests the tech unemployment rate climbed by just 2.3% in April. In fact, more organizations plan to increase their technical staff levels rather than decrease.

The demand for skilled tech talent remains strong, particularly in fast-developing areas, such as cloud and containers, cybersecurity, and artificial intelligence and machine learning. So, what do these all areas of technology have in common? The answer is they're all heavily dependent on open source and Linux technologies.
While layoffs are happening at Microsoft, Amazon, Google, IBM, and even Red Hat, "the Linux Foundation found senior technical roles are seeing the biggest cuts," the article points out. "New hiring is focused on developers and IT managers." And companies are also spending more on training for existing technical staff, "driven by the fact that there aren't enough experts in hot technologies, such as Kubernetes and generative AI, to go around." Interestingly, a college degree is no longer seen as such a huge benefit. Businesses responding to the Linux Foundation's research felt upskilling (91%) and certifications (77%) are more important than a university education (58%) when it comes to addressing technology needs.

An anonymous reader quotes a report from The Guardian: The societal cost of using toxic PFAS or "forever chemicals" across the global economy totals about $17.5 trillion annually, a new analysis of the use of the dangerous compounds has found. Meanwhile, the chemicals yield comparatively paltry profits for the world's largest PFAS manufacturers -- about $4 billion annually. The report, compiled by ChemSec, a Sweden-based NGO that works with industry and policymakers to limit the use of toxic chemicals, partially aims to highlight how the "astronomical" cost of using PFAS is shouldered by governments typically forced to fund the cleanup of pollution and individuals who suffer from health consequences. "If you compare the profits that they make and the cost to society -- it's ridiculous," said Peter Pierrou, ChemSec's communications director.

PFAS are a class of about 15,000 chemicals often used to make products resistant to water, stains and heat. The chemicals are ubiquitous, and linked at low levels of exposure to cancer, thyroid disease, kidney dysfunction, birth defects, autoimmune disease and other serious health problems. They are called "forever chemicals" because they do not naturally degrade. The chemicals are thought to be contaminating drinking water for at least 200 million Americans, while watchdogs have identified thousands of industrial polluters. Similar widespread contamination persists throughout Europe.

ChemSec found 12 companies account for most of the world's PFAS production and pollution. Among them are 3M, Chemours, Solvay, Daiki, Honeywell, BASF, Merk and Bayer, though 3M this year announced it would discontinue making PFAS in part because of regulatory pressure and litigation. [...] The analysis broke down societal costs into four categories. Soil and water remediation are the most expensive, followed by healthcare costs and bio-monitoring of PFAS pollution. While the average market price of PFAS is [about $20.75] for each kilogram, the price spikes to about [$20,456.78] for each kilogram when societal costs are factored in. Beyond profits and pollution, the analysis also provides a closer look at how the chemicals are used across the economy, and whether those uses are "essential" or "non-essential." Banning non-essential uses would probably spell the end of the chemicals in most consumer goods and cut deeply into the industry's profits.

An anonymous reader shares an excerpt from MIT Technology Review: Today, researchers announced yet another version of the human genome map, which they say combines the complete DNA of 47 diverse individuals -- Africans, Native Americans, and Asians, among other groups -- into one giant genetic atlas that they say better captures the surprising genetic diversity of our species. The new map, called a "pangenome," has been a decade in the making, and researchers say it will only get bigger, creating an expanding view of the genome as they add DNA from another 300 people from around the globe. It was published in the journal Nature today. People's genomes are largely alike, but it's the hundreds of thousands of differences, often just single DNA letters, that explain why each of us is unique. The new pangenome, researchers say, should make it possible to observe this diversity in more detail than ever before, highlighting so-called evolutionary hot spots as well as thousands of surprisingly large differences, like deleted, inverted, or duplicated genes, that aren't observable in conventional studies. The pangenome relies on a mathematical concept called a graph, which you can imagine as a massive version of connect-the-dots. Each dot is a segment of DNA. To draw a particular person's genome, you start connecting the numbered dots. Each person's DNA can take a slightly different path, skipping some numbers and adding others.

One payoff of the new pangenome could be better ways to diagnose rare diseases, although practical applications aren't easy to name. Instead, scientists say it's mainly giving them insight into some of the "dark matter" of the genome that's previously been hard to see, including strange regions of chromosomes that seem to share and exchange genes. For now, most biologists and doctors will stick to the existing "reference genome," the one first produced in draft form in 2001 and gradually improved. It answers most questions researchers are interested in, and all their computer tools work with it. The reason a reference genome is important is that when a new person's genome is sequenced, that sequence is projected onto the reference in order to organize and read the new data. Yet since the current reference is just one possible genome, missing bits that some people have, some information can't be analyzed and is usually ignored. Researchers call this effect "reference bias" or, more simply, the streetlamp problem. You don't see where you don't look.

Officials with NIH said they hoped the new update to the genome map would make gene research more "equitable." That's because the more different your genome is from the current reference, the more information about you could be missed. The existing reference is largely the DNA of one African-American man, although it includes segments from several other people as well. "If the genome you want to analyze has sequences that are not in that reference, they will be missed in the analysis," says Deanna Church, a consultant with the business incubator General Inception, who previously held a key role at NIH managing the reference genome. "In reality, the notion that there is a 'human genome' is really the problem," she says. "The current version is the simplest model you can make. It made sense when we started ... But now we need better models."

An anonymous reader shares an excerpt from a Motherboard article: Now, frustrated with a lack of transparency and trust around official accounts of UFO phenomena, a team of developers has decided to take matters into their own hands with an open source citizen science project called Sky360, which aims to blanket the earth in affordable monitoring stations to watch the skies 24/7, and even plans to use AI and machine learning to spot anomalous behavior. Unlike earlier 20th century efforts such as inventors proposing "geomagnetic detectors" to discover nearby UFOs, or more recent software like the short-lived UFO ID project, Sky360 hopes that it can establish a network of autonomously operating surveillance units to gather real-time data of our skies. Citizen-led UFO research is not new. Organizations like MUFON, founded in 1969, have long investigated sightings, while amateur groups like the American Flying Saucer Investigating Committee of Columbus even ran statistical analysis on sightings in the 1960s (finding that most of them happened on Wednesdays). However, Sky360 believes that the level of interest and the technology have now both reached an inflection point, where citizen researchers can actually generate large-scale actionable data for analysis all on their own.

The Sky360 stations consist of an AllSkyCam with a wide angle fish-eye lens and a pan-tilt-focus camera, with the fish-eye camera registering all movement. Underlying software performs an initial rough analysis of these events, and decides whether to activate other sensors -- and if so, the pan-tilt-focus camera zooms in on the object, tracks it, and further analyzes it. According to developer Nikola Galiot, the software is currently based on a computer vision "background subtraction" algorithm that detects any motion in the frame compared to previous frames captured; anything that moves is then tracked as long as possible and then automatically classified. The idea is that the more data these monitoring stations acquire, the better the classification will be. There are a combination of AI models under the hood, and the system is built using the open-source TensorFlow machine learning platform so it can be deployed on almost any computer. Next, the all-volunteer team wants to create a single algorithm capable of detection, tracking and classification all in one.

All the hardware components, from the cameras to passive radar and temperature gauges, can be bought cheaply and off-the-shelf worldwide -- with the ultimate goal of finding the most effective combinations for the lowest price. Schematics, blueprints, and suggested equipment are all available on the Sky360 site and interested parties are encouraged to join the project's Discord server. There are currently 20 stations set up across the world, from the USA to Canada to more remote regions like the Azores in the middle of the Atlantic [...] Once enough of the Sky360 stations have been deployed, the next step is to work towards real-time monitoring, drawing all the data together, and analyzing it. By striving to create a huge, open, transparent network, anyone would be free to examine the data themselves.

In June of this year, Sky360, which has a team of 30 volunteer developers working on the software, hopes to release its first developer-oriented open source build. At its heart is a component called 'SimpleTracker', which receives images frame by frame from the cameras, auto-adjusting parameters to get the best picture possible. The component determines whether something in the frame is moving, and if so, another analysis is performed, where a machine learning algorithm trained on the trajectories of normal flying objects like planes, birds, or insects, attempts to classify the object based on its movement. If it seems anomalous, it's flagged for further investigation.

Amazon CTO Werner Vogels, writes in a blog post: Software architectures are not like the architectures of bridges and houses. After a bridge is constructed, it is hard, if not impossible, to change the way it was built. Software is quite different, once we are running our software, we may get insights about our workloads that we did not have when it was designed. And, if we had realized this at the start, and we chose an evolvable architecture, we could change components without impacting the customer experience. My rule of thumb has been that with every order of magnitude of growth you should revisit your architecture, and determine whether it can still support the next order level of growth.

A great example can be found in two insightful blog posts written by Prime Video's engineering teams. The first describes how Thursday Night Football live streaming is built around a distributed workflow architecture. The second is a recent post that dives into the architecture of their stream monitoring tool, and how their experience and analysis drove them to implement it as a monolithic architecture. There is no one-size-fits-all. We always urge our engineers to find the best solution, and no particular architectural style is mandated. If you hire the best engineers, you should trust them to make the best decisions.

I always urge builders to consider the evolution of their systems over time and make sure the foundation is such that you can change and expand them with the minimum number of dependencies. Event-driven architectures (EDA) and microservices are a good match for that. However, if there are a set of services that always contribute to the response, have the exact same scaling and performance requirements, same security vectors, and most importantly, are managed by a single team, it is a worthwhile effort to see if combining them simplifies your architecture.

Evolvable architectures are something that we've taken to heart at Amazon from the very start. Re-evaluating and re-architecting our systems to meet the ever-increasing demands of our customers. You can go all the way back to 1998, when a group of senior engineers penned the Distributed Computing Manifesto, which put the wheels in motion to move Amazon from a monolith to a service-oriented architecture. In the decades since, things have continued to evolve, as we moved to microservices, then microservices on shared infrastructure, and as I spoke about at re:Invent, EDA.

An anonymous reader quotes a report from The Guardian: An EU plan under which all WhatsApp, iMessage and Snapchat accounts could be screened for child abuse content has hit a significant obstacle after internal legal advice said it would probably be annulled by the courts for breaching users' rights. Under the proposed "chat controls" regulation, any encrypted service provider could be forced to survey billions of messages, videos and photos for "identifiers" of certain types of content where it was suspected a service was being used to disseminate harmful material. The providers issued with a so-called "detection order" by national bodies would have to alert police if they found evidence of suspected harmful content being shared or the grooming of children.

Privacy campaigners and the service providers have already warned that the proposed EU regulation and a similar online safety bill in the UK risk end-to-end encryption services such as WhatsApp disappearing from Europe. Now leaked internal EU legal advice, which was presented to diplomats from the bloc's member states on 27 April and has been seen by the Guardian, raises significant doubts about the lawfulness of the regulation unveiled by the European Commission in May last year. The legal service of the council of the EU, the decision-making body led by national ministers, has advised the proposed regulation poses a "particularly serious limitation to the rights to privacy and personal data" and that there is a "serious risk" of it falling foul of a judicial review on multiple grounds.

The EU lawyers write that the draft regulation "would require the general and indiscriminate screening of the data processed by a specific service provider, and apply without distinction to all the persons using that specific service, without those persons being, even indirectly, in a situation liable to give rise to criminal prosecution." The legal service goes on to warn that the European court of justice has previously judged the screening of communications metadata is "proportionate only for the purpose of safeguarding national security" and therefore "it is rather unlikely that similar screening of content of communications for the purpose of combating crime of child sexual abuse would be found proportionate, let alone with regard to the conduct not constituting criminal offenses." The lawyers conclude the proposed regulation is at "serious risk of exceeding the limits of what is appropriate and necessary in order to meet the legitimate objectives pursued, and therefore of failing to comply with the principle of proportionality". The legal service is also concerned about the introduction of age verification technology and processes to popular encrypted services. "The lawyers write that this would necessarily involve the mass profiling of users, or the biometric analysis of the user's face or voice, or alternatively the use of a digital certification system they note 'would necessarily add another layer of interference with the rights and freedoms of the users,'" reports the Guardian.

"Despite the advice, it is understood that 10 EU member states -- Belgium, Bulgaria, Cyprus, Hungary, Ireland, Italy, Latvia, Lithuania, Romania and Spain -- back continuing with the regulation without amendment."

At its annual Google I/O developers conference on Wednesday, Google is planning to announce a number of generative AI updates, including launching a general-use large language model (LLM) called PaLM 2. CNBC reports: According to internal documents about Google I/O viewed by CNBC, the company will unveil PaLM 2, its most recent and advanced LLM. PaLM 2 includes more than 100 languages and has been operating under the internal codename "Unified Language Model." It's also performed a broad range of coding and math tests as well as creative writing tests and analysis. At the event, Google will make announcements on the theme of how AI is "helping people reach their full potential," including "generative experiences" to Bard and Search, the documents show. Pichai will be speaking to a live crowd of developers as he pitches his company's AI advancements.

Google first announced the PaLM language model in April of 2022. In March of this year, the company launched an API for PaLM alongside a number of AI enterprise tools it says will help businesses "generate text, images, code, videos, audio, and more from simple natural language prompts." Last month, Google said its medical LLM called "Med-PaLM 2" can answer medical exam questions at an "expert doctor level" and is accurate 85% of the time.

An anonymous reader shares a report: We recently covered a study by Secure Data Recovery, an HDD, SSD, and RAID data recovery company, of 2,007 defective hard disk drives it received. It found the average time before failure among those drives to be 2 years and 10 months. That seemed like a short life span, but considering the limited sample size and analysis in Secure Data Recovery's report, there was room for skepticism. Today, Backblaze, a backup and cloud storage company with a reputation for detailed HDD and SSD failure analysis, followed up Secure Data Recovery's report with its own research using a much larger data set. Among the 17,155 failed HDDs Backblaze examined, the average age at which the drives failed was 2 years and 6 months.

Backblaze arrived at this age by examining all of its failed drives and their respective power-on hours. The company recorded each drive's failure date, model, serial number, capacity, failure, and SMART raw value. The 17,155 drives examined include 72 different models and does not include failed boot drives, drives that had no SMART raw attribute data, or drives with out-of-bounds data. If Backblaze only looked at drives that it didn't use in its data centers anymore, there would be 3,379 drives across 35 models, and the average age of failure would be a bit longer at 2 years and 7 months. Backblaze said its results thus far "are consistent" with Secure Data Recovery's March findings. This is despite Backblaze currently using HDDs that are older than 2 years and 7 months.