Nikhil Wahi, brother of former Coinbase product manager Ishan Wahi, pleaded guilty in a Monday hearing to one count of conspiracy to commit wire fraud in connection with an alleged insider trading scheme. Decrypt reports: "Less than two months after he was charged, Nikhil Wahi admitted in court today that he traded in crypto assets based on Coinbase's confidential business information to which he was not entitled," said Damien Williams of the U.S. Attorney's Office in New York in a statement. "For the first time ever, a defendant has admitted his guilt in an insider trading case involving the cryptocurrency markets," Williams continued. "Today's guilty plea should serve as a reminder to those who participate in the cryptocurrency markets that the Southern District of New York will continue to steadfastly police frauds of all stripes and will adapt as technology evolves."

Nikhil now awaits sentencing in December, which could mean up to 20 years in prison. He has also been ordered to give back the money earned as a result of the illicit Coinbase trading, Williams said. Back in July, the Justice Department charged Ishan, Nikhil, and their friend Sameer Ramani with wire fraud conspiracy and wire fraud as it relates to cryptocurrency insider trading. The Securities and Exchange Commission also filed charges against the trio. While he was working at Coinbase, Ishan allegedly shared his insider knowledge of upcoming Coinbase listing announcements with Nikhil and Sameer to then profit from the listings by purchasing the tokens before they went live on Coinbase. In August, Ishan pled not guilty to the DOJ's charges. Now that his brother has pleaded guilty, it's unclear how Ishan's case will proceed and whether he will continue to fight the insider trading case.

According to the DOJ's statement released Monday, Nikhil implicated his brother Ishan and admitted to receiving tips from him. Nikhil then reportedly used numerous different crypto wallets in others' names to anonymize his insider trading. Concerns of insider trading at cryptocurrency exchanges extend beyond just this case, which is considered the first of its kind and is likely to set a precedent. Three Australian finance academics have posited that up to 25% of Coinbase listings in the past four years may have involved some insider trading.

"A vital offsite electricity supply to the Zaporizhzhia nuclear plant has been destroyed by shelling," the Guardian reported Friday, "and there is little likelihood a reliable supply will be re-established, the United Nations' nuclear watchdog chief has said." Rafael Grossi, the director general of the International Atomic Energy Agency (IAEA), said shelling had destroyed the switchyard of a nearby thermal power plant. The plant has supplied power to the nuclear facility each time its normal supply lines had been cut over the past three weeks.

The thermal plant was also supplying the surrounding area, which was plunged into darkness. Local Ukrainian officials said work was under way to restore the connection, which has been cut multiple times this week....

When the thermal supply has been cut the plant has relied on its only remaining operating reactor for the power needed for cooling and other safety functions. This method is designed to provide power only for a few hours at a time. Diesel generators are used as a last resort. The constant destruction of thermal power supply has led Ukraine to consider shutting down the remaining operating reactor, said Grossi. Ukraine "no longer [has] confidence in the restoration of offsite power", he said.

Grossi said that if Ukraine decided not to restore the offsite supply the entire power plant would be reliant on emergency diesel generators to ensure supplies for the nuclear safety and security functions.

"As a consequence, the operator would not be able to restart the reactors unless offsite power was reliably re-established," he said.
NPR provides some context: Normally, the plant holds a 10-day reserve of diesel fuel, the agency says, and currently has approximately 2,250 tonnes of fuel available. If that fuel is depleted, or the generators are damaged in further fighting, it could trigger a meltdown.

But Steven Nesbit, a nuclear engineer and member of the American Nuclear Society's rapid response taskforce, which is tracking the current crisis, says that doesn't necessarily mean there would be a Chernobyl-like catastrophe. The meltdown at Chernobyl was due to a unique mix of design flaws and operator error that would be essentially impossible to replicate at Zaporizhzhia. And unlike the Fukushima nuclear disaster in 2011, some of the reactors at Zaporizhzhia have already been shut down for a while, allowing the nuclear fuel to cool somewhat, Nesbit says. Even in the worst case scenario, the reactors at Zaporizhzhia are a modern design surrounded by a heavy "containment" building, Nesbit says. "It's reinforced concrete, typically about three to four feet of that; it's designed to withstand very high internal pressures." That could allow it to hold in any radioactive material.

But the world's nuclear agency doesn't want to test any of this.
Meanwhile, the French international news agency AFP reports on what's been happening at the plant since it was captured by Russian troops in March: Russian forces controlling Ukraine's Zaporizhzhia nuclear power plant have killed two staff at the facility and detained and abused dozens of others, the head of Ukraine's nuclear energy agency told AFP on Friday.

"We do not know where about ten people are now," Petro Kotin said. "They were taken (by the Russians) and after that we have no information about their whereabouts," Kotin said, adding about 200 people had been detained. He described the current situation at the plant as "very difficult," citing "torture" of staff and "beatings" of personnel. "The Russians look for pro-Ukrainian people and persecute them. People are psychologically broken," he said in an interview with AFP reporters in his office in Kyiv... "Two people on the territory of the plant were wounded during shelling — a woman and a man — on separate occasions," Kotin, clad in a military-style jacket, said.

"But people understand that the nuclear safety of the plant depends on them, so the employees return to Energodar and continue working at the facility," he added.

Elizabeth Holmes -- the founder of blood testing startup Theranos and the poster child for misleading investors, media, and innocent people looking for medical care through a web of deceit -- wants a do-over. She is requesting a new trial, according to a document filed Tuesday in the Southern District Court of California. Gizmodo reports: The motion for a new trial, authored by Holmes' attorneys, hinges on "newly discovered evidence," specifically: the alleged testimony regrets of Adam Rosendorff. Rosendorff was a lab director at Theranos and later, testified as a key witness in the case against Holmes and her ex-boyfriend/partner in crime Ramesh "Sunny" Balwani. His original testimony lasted multiple days and emphasized the pressure that Theranos employees were under to demonstrate the faulty diagnostic technology worked, even when it didn't.

"I felt that it was a question on my integrity as a physician not to remain there and to continue to bolster results I essentially didn't have faith in," Rosendorff said while on the witness stand in 2021, according to CNBC. "I came to understand that management was not sincere in diverting resources to solve issues." Now, Holmes and her lawyers are claiming that Rosendorff left a voicemail and then showed up at Holmes' residence on August 8 in a desperate bid to communicate that he "felt he had done something wrong, apparently in connection with Ms. Holmes' trial." The motion, supposedly paraphrasing Rosendorff, says that the former Theranos employee stated, "the government made things seem worse than they were."

In the document, Holmes' legal team wrote, "Under any interpretation of his statements, the statements warrant a new trial under Rule 33. But, at a minimum, and to the extent the Court has any doubt about whether a new trial is required, the Court should order an evidentiary hearing and permit Ms. Holmes to subpoena Dr. Rosendorff to testify about his concerns." Holmes was found guilty in January on four of 11 charges defrauding the company's investors and patients. She was found not guilty on four counts.

In July, Balwani was found guilty of 12 counts of conspiracy and fraud against certain investors and patients.

Mike Fahey, longtime senior reporter of Kotaku, has passed away at age 49 after years of health complications. In a post published today, current and former colleagues share their memories of "the heart and soul of Kotaku." Here's an excerpt, written by Kotaku's Editor-In-Chief, Patricia Hernandez: Most people know Mike's humor: the way he would slip into cartoon voices on a whim, how every conversation was like a poke to the ribs that tested your verve. The six-foot-six guy with a thunderous laugh was a magician, though, and his larger-than-life personality was classic misdirection. Behind every joke and every antic was a sensitive man who had lived many lives and seen a lot of shit.

Yes, this was the guy that reviewed toys and snacks for a living. He was also the guy that could make you go "damn" in a blog about Fortnite or Animal Crossing. Mike Fahey wanted to tell you about the dozens of keyboards he owned, to show you that he'd pinpointed the specific symphony of sounds that he heard when he pressed his fingers down on each individual key, curious to see if you could hear it, too. I suspect this was the same drive that made him want to tell you what he dreamed about during a coma. It's no accident that Mike was one of the first writers on the internet to really capture what made MMOs tick. All we have is each other, and Mike knew better than anyone that we often use video games to find connection. Even when he was being absurd and reviewing, say, a frozen dinner, he still wanted to find ways to make people feel less alone. With Fahey, even moments of crushing despair were laced with a hopeful laugh.

It's hard to write this, for a variety of reasons that may be obvious, but one of them is the heartbreak of knowing just how badly Mike wanted to come back and keep sharing his joy with everyone at Kotaku after eight months of being away. Between trips to the hospital, Mike kept telling me that he was sure he would come back soon -- that he needed to, because writing and playing games were one of the things that still brought him joy. But after years of fighting against health issues, some of which left him partially paralyzed in 2018, Mike Fahey has passed away at 49 years old, possibly due to organ failure according to his spouse. It's bewildering to write this, because by the time I started writing for Kotaku on the side while still in college in 2012, Mike had already been here for around six years. That was a decade ago. To say Mike is the heart and soul of Kotaku is an understatement.

For many readers, Fahey is Kotaku. He built this thing that millions of people read every month, as a part of a network that forever redefined what it was like to surf and read the internet. We take the idea of "personalities" as a given on the internet now, but Mike Fahey provided a blueprint for being a human voice in a tech-driven space. The drive to put a person at the forefront of everything is still in many ways Kotaku's north star. Fahey may be gone, but his spirit will forever live on in anything that we do. I said this to Kotaku staffers this weekend, but it bears repeating again: I want to think that somewhere, there's still an Xbox game superglued to a ceiling that will never come down. You can contribute to the Fahey family's fundraising efforts here, and scroll down further to read memories from colleagues current and former. We'll miss you, Mike.

Sunnova is one of America's largest rooftop solar companies, according to the New York Times. But they've now applied to California's Public Utilities Commission for permission to become the state's first solar (and storage) micro-utility, initiating formal steps to qualify and "request a certificate to construct and operate microgrids," targetting new home developments that aren't yet connected to the grid.

"We see a future where communities, neighborhoods, and businesses can operate independently from the legacy grid with sustainable energy sources that provide uninterrupted power," says the company's founder and CEO. "We believe microgrids address a strong need in the market for more robust energy solutions and better connectivity...." But he's also offering touting another possible benefit: "relief that the existing transmission and distribution system will experience given that most of the power that will be consumed by these communities will be generated locally from renewable resources."

The company likes to point out that America's recently-passed climate bill included tax incentives to encourage microgrids. But the New York Times describes it as "a business model that is illegal in much of the United States." Sunnova said it would offer those residents electricity that was up to 20 percent cheaper than the rates charged by investor-owned utilities like Pacific Gas & Electric and Southern California Edison. If approved by regulators, the micro-utility model, also known as a microgrid, could undermine the growth of those larger utilities by depriving them access to new homes or forcing them to lower their rates to keep that business. Sunnova executives argue that the approach they are seeking approval for was authorized under a California law passed almost two decades ago for a resort just south of Lake Tahoe. In addition, the company says advances in solar and battery technology mean that neighborhoods can be designed to generate more than enough electricity to meet their own needs at a lower cost than relying on the grid.

"If they don't want to choose me, that should be their right; if they don't want to choose you, that should be their right, too," said John Berger, the chief executive of Sunnova.

A small number of homeowners have gone off the grid as the cost of solar panels and batteries has fallen. But doing so can be hard or impossible. Some local governments have rejected permits for off-grid homes on health and safety grounds, arguing that a connection to the grid is essential. But connecting a single home to the grid can cost tens or even hundreds of thousands of dollars, which means an off-grid system may actually be cheaper — especially for properties in remote areas, or in places where the local grid is at its capacity and would require significant upgrades to serve more homes. Off-grid setups can also be appealing because once a system is paid off, the cost of operating and maintaining it is often modest and predictable, whereas utility rates can move up sharply.... The nationwide average retail electricity rate increased 11 percent in June from a year earlier, according to the Energy Information Administration.

But the kind of micro-utilities that Sunnova hopes to create have also had problems. The utopian visions of generating electricity where it is used have often run into maintenance and other problems. Many tiny utilities created under such models in the United States and Canada were later swallowed up by larger power companies.... Sunnova's microgrid approach could suffer a similar fate. But the costs of solar panels and batteries have tumbled over the last decade, making the energy that off-grid systems generate much more affordable....

Utilities have been pressing regulators to reduce the compensation homeowners receive for the excess solar energy their rooftop systems send to the grid. The companies have argued that customers with solar panels are being offered generous credits for power that they are not contributing adequately toward the cost of maintaining power lines and other grid equipment....

Building and operating microgrids could provide a steady source of income to companies like Sunnova. That could essentially transform the rooftop solar companies into the kinds of utilities that they have long fought against.
Sunnova bills itself as an "Energy as a Service" company, and they expect their microgrids to experience 30 minutes or less of outages each year, the Times points out, "compared with an average of two hours a year at California's large investor-owned utilities."

In the article, the chief executive of home-building company Lennar says they've already formed a partnership with Sunnova. "We value the current electric grid and we're intrigued by new microgrid solutions that can supplement and support the traditional utility grid and help solve reliability during extreme weather and peak demand."

A company called Subsea Cloud is planning to have a commercially available undersea datacenter operating off the coast of the US before the end of 2022, with other deployments planned for the Gulf of Mexico and the North Sea. The Register reports: Subsea, which says it has already deployed its technology with "a friendly government faction," plans to put its first commercial pod into the water before the end of this year near Port Angeles, Washington. The company claims that placing its datacenter modules underwater can reduce power consumption and carbon dioxide emissions by 40 percent, as well as lowering latency by allowing the datacenter to be located closer to metropolitan areas, many of which are located near the coast. However, according to Subsea founder Maxie Reynolds, it can also deploy 1MW of capacity for as much as 90 percent less cost than it takes to get 1MW up and running at a land-based facility.

The Port Angeles deployment, known as Jules Verne, will comprise one 20ft pod, which is similar in size and dimensions to a standard 20-foot shipping container (a TEU or Twenty-foot Equivalent Unit). Inside, there is space for about 16 datacenter racks accommodating about 800 servers, according to Subsea. Additional capacity, if and when required, is delivered by adding another pod. The pod-to-shore link in this deployment provides a 100Gbps connection. As it is a commercial deployment, Jules Verne will be open for any prospective clients or partners to come and check it out, virtually or otherwise, according to Reynolds. It will be sited in shallow water, visible from the port, whereas the Njord01 pod in the Gulf of Mexico and the Manannan pod in the North Sea are expected to be deeper, at 700-900ft and 600-700ft respectively.

The Subsea pods are kept cool by being immersed in water, which is one reason for the reduced power and CO2 emissions. Inside, the servers are also immersed in a dielectric coolant, which conducts heat but not electricity. However, the Subsea pods are designed to passively disperse the heat, rather than using pumps as is typical in submersion cooling in land-based datacenters. But what happens if something goes wrong, or a customer wants to replace their servers? According to Subsea, customers can schedule periodic maintenance, including server replacement, and the company says that would take 4-16 hours for a team to get to the site, bring up the required pod(s), and replace any equipment.

The Federal Trade Commission (FTC) has sued Kochava, a large location data provider, for allegedly selling data that the FTC says can track people at reproductive health clinics and places of worship, according to an announcement from the agency. From a report: The news is a dramatic move from the FTC in a post-Roe United States, and signals that the agency will take steps against what it identifies as privacy violations around reproductive health and location data. "Defendant's violations are in connection with acquiring consumers' precise geolocation data and selling the data in a format that allows entities to track the consumers' movements to and from sensitive locations, including, among others, locations associated with medical care, reproductive health, religious worship, mental health temporary shelters, such as shelters for the homeless, domestic violence survivors, or other at risk populations, and addiction recovery," the lawsuit reads.

Long-time Slashdot reader Beeftopia writes: All living cells power themselves by coaxing protons from one side of a membrane to the other. A place where this occurs naturally outside of cells are alkaline hydrothermal vents on the deep seafloor, inside highly porous rock formations that are almost like mineralized sponges. "Carbon and energy metabolism are driven by proton gradients, exactly what the vents provided for free," wrote biochemist Nick Lane. In Lane's view, metabolism came first, and genetic information emerged naturally from it rather than the other way around.
Quanta magazine asks Lane the big question: How did these first proto-cells become independent from the proton gradients they got for free in the hydrothermal vents? LANE: We've shown that theoretically, if you introduce random sequences of RNA and assume that the nucleotides in there can polymerize, you get little chains of nucleotides. Let's say seven or eight random letters long, with no information encoded in there whatsoever.... [H]ydrophobic amino acids are more likely to interact with hydrophobic bases. So you have a random sequence of RNA that generates a nonrandom peptide. And that nonrandom peptide could by chance have some function in a growing proto-cell. It could make the cell grow better or grow worse; it could help the RNA replicate itself; it could bind to cofactors. Then you have selection for that peptide and the RNA sequence that gave rise to it.

Although it's a very rudimentary system, this means we've just entered the world of genes, information and natural selection.
Quanta summarizes Lane's next idea: that these vent environments "favored the beginnings of what we call the Krebs cycle, the metabolic process that derives energy from carbohydrates, fats and proteins." Lane himself has said that metabolism "conjures genes into existence."

But if genes are conjured into existence by metabolism, then what else might be true? Lane ultimately concludes that cancer may be a metabolic disease rather than a "genomic" one: LANE: About 10 years ago, the cancer community was amazed by the discovery that in some cancers, mutations can lead to parts of the Krebs cycle running backward. It came as quite a shock because the Krebs cycle is usually taught as only spinning forward to generate energy. But it turns out that while a cancer cell does need energy, what it really needs even more is carbon-based building blocks for growth. So the whole field of oncology began to see this reversal of the Krebs cycle as a kind of metabolic rewiring that helps cancer cells grow....

[C]ancers aren't caused simply by some genetically deterministic mutation that forces cells to go on growing without stopping. Metabolism is important too, for providing a permissive environment for growth. Growth comes before genes in this sense.
Or, as Slashdot reader Beeftopia puts it, "In Lane's view, metabolism came first, and genetic information emerged naturally from it rather than the other way around. Lane believes that the implications of this reversal touch almost every big mystery in biology, including the nature of cancer and aging."

The war in Ukraine has "reshaped" energy markets, reports the Washington Post, with gas and oil shortages driving up the price of fossil fuels.

The end result? "From Japan to Germany to Britain to the United States, leaders of countries that had stopped investing in nuclear power are now considering building new power plants or delaying the closure of existing ones." The shift is especially notable in Japan and Germany, where both turned decisively against nuclear power after the 2011 Fukushima disaster.... This week, Japanese Prime Minister Fumio Kishida announced that his government is considering constructing next-generation nuclear power plants with the goal of making them commercially operational in the 2030s. The government may also extend the operational life of its current nuclear power plants. German policymakers, meanwhile, are considering prolonging the life of three final nuclear power plants that had been scheduled to go offline at the end of the year. The reprieve would be temporary — just a year or two to get through the current energy crisis — but it would still mark a significant policy reversal that has been a major focus of Germany political life for the last decade...

Any decision in Germany would have to be approved by [German Economy Minister Robert] Habeck and his Green party — which was founded decades ago to focus on abolishing nuclear power. It remains a core policy position of the party — but so is opposition to Russia's war in Ukraine and a desire to be as strong as possible against the Kremlin. "We are in really special times," said Dennis Tänzler, a director of Adelphi, a Berlin-based climate think tank. "The bottom line is that German climate and energy policy has been shaped since Fukushima by a cross-party consensus that overall the technological risks, the security risks, are just too great."

Even some prominent nuclear critics appear open to keeping existing plants online for longer, though they oppose building any new ones. "There's no connection between building nuclear power plants and dealing with the price spike caused by the loss of Russian gas," since they take at least a decade to construct, said Tom Burke, the chairman of E3G, a London-based climate think tank. But, he said, extending the life of existing reactors could make sense. "If you can do it safely, and it's worthwhile economically to do it, I don't see any good reason not to extend the life of nuclear reactors," he said.

Google is trying "to make it easier for developers to create Android apps that connect in some way across a range of devices," reports the Verge. Documentation for the software development kit says it will simplify development for "multi-device experiences."

"The Cross device SDK is open-source and will be available for different Android surfaces and non-Android ecosystem devices (Chrome OS, Windows, iOS)," explains the documentation, though the current developer preview only works with Android phones and tablets, according to the Verge.

But they report that Google's new SDK "contains the tools developers need to make their apps play nice across Android devices, and, eventually non-Android phones, tablets, TVs, cars, and more." The SDK is supposed to let developers do three key things with their apps: discover nearby devices, establish secure connections between devices, and host an app's experience across multiple devices. According to Google, its cross-device SDK uses Wi-Fi, Bluetooth, and ultra-wideband to deliver multi-device connectivity.... [I]t could let multiple users on separate devices choose items from a menu when creating a group food order, saving you from passing your phone around the room. It could also let you pick up where you left off in an article when swapping from your phone to a tablet, or even allow the passengers in a car to share a specific map location with the vehicle's navigation system.

It almost sounds like an expansion of Nearby Share, which enables users on Android to transfer files to devices that use Chrome OS and other Androids. In April, Esper's Mishaal Rahman spotted an upcoming Nearby Share update that could let you quickly share files across the devices that you're signed into Google with. Google also said during a CES 2022 keynote that it will bring Nearby Share to Windows devices later this year.
"This SDK abstracts away the intricacies involved with working with device discovery, authentication, and connection protocols," argues Google's blog post, "allowing you to focus on what matters most — building delightful user experiences and connecting these experiences across a variety of form factors and platforms."

From the Washington Post earlier this week: On Tuesday, The Washington Post reported that Twitter's former head of security, Peiter Zatko, had filed a whistleblower complaint with federal regulators, including the Securities and Exchange Commission, accusing Twitter of "Lying about Bots to Elon Musk...."

"Twitter executives have little or no personal incentive to accurately 'detect' or measure the prevalence of spam bots," the complaint alleges, adding "deliberate ignorance was the norm" among its executive team.
The same article notes that three people familiar with Twitter's spam-detection, processes said Twitter's "internal bot prevalence numbers" were almost always less than 5%. (And the article reminds readers that Musk himself had waived his right to perform "due diligence" prior to striking the deal.)

But here's that Tuesday article's most prescient sentence. "The judge has rejected Musk's requests for information from more than 20 company leaders — including Zatko — but the whistleblower claims could open the door for them to make further requests, legal experts said."

Sure enough, Friday night CBS News reported that the judge "ordered both Twitter and Tesla CEO Elon Musk to turn over more information to opposing lawyers..." Chancellor Kathaleen St. Jude McCormick on Thursday ordered Twitter to provide Musk's attorneys more data regarding the company's estimates that less than 5% of the accounts on its platform are fake.

The judge also rejected Musk's attempts to shield details about analyses he used in his attempt to terminate the deal. That work was done by data scientists who examined live-feed information from Twitter about public user accounts to test the company's daily-user counts....

The judge rejected more comprehensive data requests from Musk's attorneys as "absurdly broad," noting that a literal reading of the request would require Twitter to produce "trillions upon trillions of data points" reflecting all data collected on roughly 200 million accounts over three years. But McCormick did order Twitter to produce information on 9,000 accounts that were reviewed in connection with company's fourth-quarter audit, a data subset that has been described as a "historical snapshot."

McCormick also ordered Twitter to turn over documents regarding other metrics, regardless of whether they expressly address "monetizable daily active users," or mDAU. Musk's attorneys have suggested that a comparison of Twitter's mDAU with other metrics, such as "User Active Minutes," could support their theory that the company has fraudulently misled investors and securities regulators about the scope of activity on its platform.

Vietnam's Ministry of Information and Communications updated cybersecurity laws this week to mandate Big Tech and telecoms companies store user data locally, and control that data with local entities. The Register reports: The data affected goes beyond the basics of name, email, credit card information, phone number and IP address, and extends into social elements -- including groups of which users are members, or the friends with whom they digitally interact. "Data of all internet users ranging from financial records and biometric data to information on people's ethnicity and political views, or any data created by users while surfing the internet must be to stored domestically," read the decree (PDF) issued Wednesday, as translated by Reuters. The decree applies to a wide swath of businesses including those providing telecom services, storing and sharing data in cyberspace, providing national or international domain names for users in Vietnam, e-commerce, online payments, payment intermediaries, transport connection services operating in cyberspace, social media, online video games, messaging services, and voice or video calls.

According to Article 26 of the government's Decree 53, the new rules go into effect October 1, 2022 -- around seven weeks from the date of its announcement. However, foreign companies have an entire 12 months in which to comply -- beginning when they receive instructions from the Minister of Public Security. The companies are then required to store the data in Vietnam for a minimum of 24 months. System logs will need to be stored for 12 months. After this grace period, authorities reserve the right to make sure affected companies are following the law through investigations and data collection requests, as well as content removal orders. Further reading: Vietnam To Make Apple Watch, MacBook For First Time Ever

A security researcher says that Apple's iOS devices don't fully route all network traffic through VPNs as a user might expect, a potential security issue the device maker has known about for years. From a report: Michael Horowitz, a longtime computer security blogger and researcher, puts it plainly -- if contentiously -- in a continually updated blog post. "VPNs on iOS are broken," he says. Any third-party VPN seems to work at first, giving the device a new IP address, DNS servers, and a tunnel for new traffic, Horowitz writes. But sessions and connections established before a VPN is activated do not terminate and, in Horowitz's findings with advanced router logging, can still send data outside the VPN tunnel while it's active.

In other words, you might expect a VPN client to kill existing connections before establishing a secure connection so they can be re-established inside the tunnel. But iOS VPNs can't seem to do this, Horowitz says, a finding that is backed up by a similar report from May 2020. "Data leaves the iOS device outside of the VPN tunnel," Horowitz writes. "This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers. The latest version of iOS that I tested with is 15.6."

VideoLan, the developer of popular media player VLC, says Indian telecom operators have been blocking its website since February of this year in a move that is potentially impacting some users in one of the open source firm's largest markets. From a report: "Most major ISPs [internet service providers] are banning the site, with diverse techniques," VideoLan president and lead developer Jean-Baptiste Kempf said of the blocking in India, in an email to TechCrunch. India represents 10% of all VLC users worldwide, he said. The website's traffic has seen an overall drop of 20% as a result of the blocking in India. [...] VLC, downloaded over 3.5 billion times worldwide, is a local media player that doesn't require internet access or connection to any particular service online for the vast majority of its features. But by blocking the website, India is pushing its citizens to "shady websites that are running hacked version of VLC. So they are endangering their own citizens with this ban," Kempf added.

An anonymous reader quotes a report from Wired: If you were born in the United States within the last 50 or so years, chances are good that one of the first things you did as a baby was give a DNA sample to the government. By the 1970s, states had established newborn screening programs, in which a nurse takes a few drops of blood from a pinprick on a baby's heel, then sends the sample to a lab to test for certain diseases. Over the years, the list has grown from just a few conditions to dozens. The blood is supposed to be used for medical purposes -- these screenings identify babies with serious health issues, and they have been highly successful at reducing death and disability among children. But a public records lawsuit filed last month in New Jersey suggests these samples are also being used by police in criminal investigations. The lawsuit, filed by the state's Office of the Public Defender and the New Jersey Monitor, a nonprofit news outlet, alleges that state police sought a newborn's blood sample from the New Jersey Department of Health to investigate the child's father in connection with a sexual assault from the 1990s.

Crystal Grant, a technology fellow at the American Civil Liberties Union, says the case represents a "whole new leap forward" in the misuse of DNA by law enforcement. "It means that essentially every baby born in the US could be included in police surveillance," she says. It's not known how many agencies around the country have sought to use newborn screening samples to investigate crimes, or how often those attempts were successful. But there is at least one other instance of it happening. In December 2020, a local TV station reported that police in California had issued five search warrants to access such samples, and that at least one cold case there was solved with the help of newborn blood. "This increasing overreach into the health system by police to get genetic information is really concerning," Grant says.

The New Jersey lawsuit alleges that police obtained the blood sample of a newborn child (who is now elementary-school aged) to perform a DNA analysis that linked the baby's father to a crime. This was done using a technique called investigative genetic genealogy, or forensic genealogy. It usually involves isolating DNA left at a crime scene and using it to create a digital genetic profile of a suspect. Investigators can upload this profile to genealogy websites where other people have freely shared their own DNA information in the hope of connecting with family members or learning about their ancestry. Because DNA is shared within families, investigators can use relative matches to map out a suspect's family tree and narrow down their identity. According to the New Jersey lawsuit, police had reopened an investigation into a cold case and had used genetics to place the suspect within a single family: one of several adults or their children. But police didn't yet have probable cause to obtain search warrants for DNA swabs from any of them. Instead, they asked the state's newborn screening lab for a blood sample of one of the children. Analysis of this genetic information revealed a close relationship between the baby's DNA and the DNA taken at the crime scene, indicating that the baby's father was the person police were seeking. That was enough to establish probable cause in the assault investigation, so police sought a warrant for a cheek swab from the father. After analyzing his DNA, the suit contends, police found that it was a match to the crime scene DNA. "Because there are no federal laws governing newborn screening programs, states set their own policies on which diseases they test for, how long samples are stored, and how they can be used," notes Wired. "Some states hold on to blood samples for months, others for years or decades. Virginia only keeps samples from infants with normal results for six months, while Michigan retains them for up to 100 years. New Jersey stores samples for 23 years before destroying them."

In June Netflix launched Web of Make Believe: Death, Lies, and the Internet, a true-crime series. It began with an episode documenting the 2017 death of a 28-year-old Kansas man named Andrew Finch after California gamer Tyler Barriss faked an emergency call from Finch's home to the Wichita, Kansas police department.

So where are they now? Barriss is now serving a 20-year prison sentence, Bustle reports. "Barriss, a resident of Los Angeles, California, pled guilty to a total of 51 charges, all having to do with hoax emergency calls he'd made, including the call that resulted in Finch's murder." Barriss received as 12-and-a-half year sentence for the Kansas call, and then another 8-and-a-half-year sentence for all the other illegal calls placed between 2015 and 2017 to 17 different U.S. states. "He also received another five years of supervised release in Washington, D.C., for phoning in bomb threats to the FBI and Federal Communications Commission in 2017."

And the 19-year-old who'd hired Barriss "received a 15-month prison sentence in 2019 after pleading guilty to obstruction of justice."

Meanwhile, Andrew Finch's surviving family members filed legal actions against the police department responsible for Finch's death. And while police officers normally receive "qualified immunity" protecting them from lawsuits over the performance of their duties, there was an update last month: An officer with the Wichita Police Department will face a civil trial in connection with the December 2017 swatting incident... Justin Rapp was the officer who shot the unarmed man. A U.S. appeals court sided with the Kansas district court in denying Officer Rapp qualified immunity in Finch's death. The court said a reasonable jury could believe Finch was unarmed and unthreatening when Rapp fired the shot that killed him.

Finch's family brought the excessive force civil suit. Sedgwick County District Attorney Marc Bennett declined to prosecute Rapp for fatally shooting Finch. The Wichita Police Department conclude Rapp didn't violate department policy....

Along with its conclusion that the civil case against Rapp can move forward, the appellate court also affirmed the district court's summary judgment on liability claims against the City of Wichita. This decision essentially maintained the city and the WPD as a whole weren't liable in Finch's death. The court of appeals dismissed arguments saying, in sum, "[the lawsuit from Finch's family] has failed to show any deliberately indifferent policies or customs that caused Rapp to use excessive lethal force."

Professionals pursuing that 'just right' look for LinkedIn profiles and resumes are tapping high-end headshot photographers who say they can help clients look better, feel better -- and boost their careers. From a report: Nailing your professional headshot seems harder and more clutch than ever at a time of record job changes and on-screen first impressions. The buttoned-up and made-up looks that once dominated business directories and professional profiles now seem stuffy in the work-from-anywhere era. Selfies are free, but some people chasing that just-so photo for their LinkedIn profile are paying $1,000 or more for headshots. Their quests are fueling a cottage industry of headshot photographers who offer facial-expression coaching and promise to help even the most insecure subjects look and feel great.

"I'm not a photographer per se," says Peter Hurley, who charges $1,500 for a headshot session and $300 for each image his clients keep. "I consider myself a facial conveyance strategist." His go-to move is telling people to "squinch," by which he means raise the lower eyelids -- just a tad -- in a modified squint. Photographers hoping to mimic his techniques can pay $1,800 for one of his weekend workshops. Mr. Hurley started taking headshots about 20 years ago, having learned the basics of photography while modeling to fund his pursuit of an Olympic sailing berth. (He didn't make the five-ring regatta, but he had a hell of a six-pack.) His early clients were fellow models and actors. Now, shooting at studios in New York and Los Angeles, he estimates 90% are business types tired of their bland, yearbook-style profile pics and willing to shell out to stand out.

In certain ways, the importance of a good headshot is measurable. LinkedIn, which enjoys more traffic when profiles are more engaging, reports that bios with headshots get 21 times more views than those without, and users receive nine times more connection requests when they include pictures of themselves. Headshots don't help everyone equally, says executive recruiter Martha Heller. She notes that the leaders of a company trying to fill a key position may have predetermined notions of what the ideal candidate should look like. Historically, they've often pictured a white man, though clients are increasingly seeking people who will diversify the senior ranks, she says. In any case, an applicant's odds of receiving an offer can be diminished by a headshot that doesn't match the picture in the boss's mind. Catalant, an online marketplace for independent consultants, says freelancers with headshots in their profiles are hired more often, but some businesses screen out names and photos because race and gender markers can play into unconscious biases and disadvantage certain candidates.

True 5G wireless data, with its ultrafast speeds and enhanced security protections, has been slow to roll out around the world. As the mobile technology proliferates -- combining expanded speed and bandwidth with low-latency connections -- one of its most touted features is starting to come in to focus. But the upgrade comes with its own raft of potential security exposures. From a report: A massive new population of 5G-capable devices, from smart-city sensors to agriculture robots and beyond, are gaining the ability to connect to the internet in places where Wi-Fi isn't practical or available. Individuals may even elect to trade their fiber-optic internet connection for a home 5G receiver. But the interfaces that carriers have set up to manage internet-of-things data are riddled with security vulnerabilities, according to research that will be presented on Wednesday at the Black Hat security conference in Las Vegas. And those vulnerabilities could dog the industry long-term. After years of examining potential security and privacy issues in mobile-data radio frequency standards, Technical University of Berlin researcher Altaf Shaik says he was curious to investigate the application programming interfaces (APIs) that carriers are offering to make IoT data accessible to developers.

These are the conduits that applications can use to pull, say, real-time bus-tracking data or information about stock in a warehouse. Such APIs are ubiquitous in web services, but Shaik points out that they haven't been widely used in core telecommunications offerings. Looking at the 5G IoT APIs of 10 mobile carriers around the world, Shaik and his colleague Shinjo Park found common, but serious API vulnerabilities in all of them, and some could be exploited to gain authorized access to data or even direct access to IoT devices on the network. "There's a big knowledge gap. This is the beginning of a new type of attack in telecom," Shaik told WIRED ahead of his presentation. "There's a whole platform where you get access to the APIs, there's documentation, everything, and it's called something like 'IoT service platform.' Every operator in every country is going to be selling them if they're not already, and there are virtual operators and subcontracts, too, so there will be a ton of companies offering this kind of platform."

An anonymous reader quotes a report from Wired: As marketers, data brokers, and tech giants endlessly expand their access to individuals' data and movements across the web, tools like VPNs or cookie blockers can feel increasingly feeble and futile. Short of going totally off the grid forever, there are few options for the average person to meaningfully resist tracking online. Even after coming up with a technical solution last year for how phone carriers could stop automatically collecting users' locations, researchers Barath Raghavan and Paul Schmitt knew it would be challenging to convince telecoms to implement the change. So they decided to be the carrier they wanted to see in the world. The result is a new company, dubbed Invisv, that offers mobile data designed to separate users from specific identifiers so the company can't access or track customers' metadata, location information, or mobile browsing. Launching in beta today for Android, the company's Pretty Good Phone Privacy or PGPP service will replace the mechanism carriers normally use to turn cell phone tower connection data into a trove of information about users' movements. And it will also offer a Relay service that disassociates a user's IP address from their web browsing.

PGPP's ability to mask your phone's identity from cell towers comes from a revelation about why cell towers collect the unique identifiers known as IMSI numbers, which can be tracked by both telecoms and other entities that deploy devices known as IMSI catchers, often called stringrays, which mimic a cell tower for surveillance purposes. Raghavan and Schmitt realized that at its core, the only reason carriers need to track IMSI numbers before allowing devices to connect to cell towers for service is so they can run billing checks and confirm that a given SIM card and device are paid up with their carrier. By acting as a carrier themselves, Invisv can implement their PGPP technology that simply generates a "yes" or "no" about whether a device should get service. On the PGPP "Mobile Pro" plan, which costs $90 per month, users get unlimited mobile data in the US and, at launch, unlimited international data in most European Union countries. Users also get 30 random IMSI number changes per month, and the changes can happen automatically (essentially one per day) or on demand whenever the customer wants them. The system is designed to be blinded so neither INVISV nor the cell towers you connect to know which IMSI is yours at any given time. There's also a "Mobile Core" plan for $40 per month that offers eight IMSI number changes per month and 9 GB of high-speed data per month.

Both of these plans also include PGPP's Relay service. Similar to Apple's iCloud Private Relay, PGPP's Relay is a method for blocking everyone, from your internet provider or carrier to the websites you visit, from knowing both who you are and what you're looking at online at the same time. Such relays send your browsing data through two way stations that allow you to browse the web like normal while shielding your information from the world. When you navigate to a website, your IP address is visible to the first relay -- in this case, Invisv -- but the information about the page you're trying to load is encrypted. Then the second relay generates and connects an alternate IP address to your request, at which point it is able to decrypt and view the website you're trying to load. The content delivery network Fastly is working with Invisv to provide this second relay. Fastly is also one of the third-party providers for iCloud Private Relay. In this way, each relay knows some of the information about your browsing; the first simply knows that you are using the web, and the second sees the sites you connect to, but not who specifically is browsing there. In addition to being included in the two PGPP data plans, customers can also purchase the Relay service on its own for $5 per month and turn it on while connected to mobile data or Wi-Fi. The carrier is still working to bring its services to Apple's iOS. It's also worth noting that Invisv only offers mobile data; there are no voice calling services.

An anonymous reader quotes a report from Gizmodo, written by Jody Serrano: In the early aughts, my wheezing dialup connection often operated as if it were perpetually out of breath. Thus, unlike my childhood friends, it was near to impossible for me to watch videos, TV shows, or listen to music. Far from feeling limited, I felt like I was lucky, for I had access to an encyclopedia of lovingly curated pages about anything I wanted to know -- which in those days was anime -- the majority of which was conveniently located on GeoCities. For all the zoomers scrunching up their brows, here's a primer. Back in the 1990s, before the birth of modern web hosting household names like GoDaddy and WP Engine, it wasn't exactly easy or cheap to publish a personal website. This all changed when GeoCities came on the scene in 1994.

The company gave anyone their own little space of the web if they wanted it, providing users with roughly 2 MB of space for free to create a website on any topic they wished. Millions took GeoCities up on its offer, creating their own homemade websites with web counters, flashing text, floating banners, auto-playing sound files, and Comic Sans. Unlike today's Wild Wild Internet, websites on GeoCities were organized into virtual neighborhoods, or communities, built around themes. "HotSprings" was dedicated to health and fitness, while "Area 51" was for sci-fi and fantasy nerds. There was a bottom-up focus on users and the content they created, a mirror of what the public internet was like in its infancy. Overall, at least 38 million webpages were built on GeoCities. At one point, it was the third most-visited domain online. Yahoo acquired GeoCities in 1999 for $3.6 billion. The company lived on for a decade more until Yahoo shut it down in 2009, deleting millions of sites.

Nearly two decades have passed since GeoCities, founded by David Bohnett, made its debut, and there is no doubt that the internet is a very different place than it was then. No longer filled with webpages on random subjects made by passionate folks, it now feels like we live in a cyberspace dominated by skyscrapers -- named Facebook, Google, Amazon, Twitter, and so on -- instead of neighborhoods. [...] We can, however, ask GeoCities' founder what he thinks of the internet of today, subsumed by social media networks, hate speech, and more corporate than ever. Bohnett now focuses on funding entrepreneurs through Baroda Ventures, an early-stage tech fund he founded, and on philanthropy with the David Bohnett Foundation, a nonprofit dedicated to social justice and social activism that he chairs. Right off the bat, Bohnett says something that strikes me. It may, in fact, be the sentence that summarizes the key distinction between the internet of the '90s-early 2000s and the internet we have today. "GeoCities was not about self-promotion," Bohnett told Gizmodo in an interview. "It was about sharing your interest and your knowledge." When asked to share his thoughts on the internet of today, Bohnett said: "... The heart of GeoCities was sharing your knowledge and passions about subjects with other people. It really wasn't about what you had to eat and where you've traveled. [...] It wasn't anything about your face." He added: "So, what has surprised me is how far away we've gotten from that original intent and how difficult it is [now]. It's so fractured these days for people to find individual communities. [...] I've been surprised at sort of the evolution away from self-generated content and more toward centralized programing and more toward sort of the self-promotion that we've seen on Facebook and Instagram and TikTok."

Bohnett went on to say that he thinks it's important to remember that "the pace of innovation on the internet continues to accelerate, meaning we're not near done. In the early days when you had dial up and it was the desktop, how could you possibly envision an Uber?"

"We're still in that trajectory where there's going to be various technologies and ways of communicating with each other, [as well as] wearable devices, blockchain technology, virtual reality, that will be as astounding as Uber seemed in the early days of GeoCities," added Bohnett. "I'm very, very excited about the future, which is why I continue to invest in early-stage startups because as I say, the pace of innovation accelerates and builds on top of itself. It's so exciting to see where we might go."