joshuark shares a report from BleepingComputer: A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey. The campaign employs "ClickFix" techniques where targets are tricked into executing commands in Terminal, infecting themselves with malware. Researchers at threat hunting company Hunt.io identified more than 85 domains impersonating the three platforms in this campaign [...].

When checking some of the domains, BleepingComputer discovered that in some cases the traffic to the sites was driven via Google Ads, indicating that the threat actor promoted them to appear in Google Search results. The malicious sites feature convincing download portals for the fake apps and instruct users to copy a curl command in their Terminal to install them, the researchers say. In other cases, like for TradingView, the malicious commands are presented as a "connection security confirmation step." However, if the user clicks on the 'copy' button, a base64-encoded installation command is delivered to the clipboard instead of the displayed Cloudflare verification ID.

The German Koblenz Regional Court has banned the internet service provider 1&1 from marketing its fiber-to-the-curb service as fiber-optic DSL. The court found that the company misled customers because its network uses copper cables for the final stage of connections, sometimes extending up to a mile from the distribution box to subscribers' homes.

Customers who visited the ISP's website and checked connection availability received a notification stating that a "1&1 fiber optic DSL connection" was available, even though fiber optic cables terminate at street-level distribution boxes or building service rooms. The company pairs the copper lines with vectoring technology to boost DSL speeds to 100 megabits per second. The Federation of German Consumer Organizations filed the lawsuit. Ramona Pop, the organization's chairperson, said that anyone who promises fiber optics but delivers only DSL is deceiving customers.

Kohler has launched the Dekoda, a $599 smart toilet camera that analyzes users' waste to track hydration, gut health, and detect potential issues like blood. "It also comes with a rechargeable battery, a USB connection, and a fingerprint sensor to identify who's using the toilet," reports TechCrunch. From the report: The Dekoda is currently available for preorder, with shipments scheduled to begin on October 21. In addition to the hardware purchase fee, customers will need to pay between $70 and $156 per year for a subscription. If you're uneasy about the privacy implications of putting a camera right below your private parts, the company says, "Dekoda's sensors see down into your toilet and nowhere else." It also notes that the resulting data is secured via end-to-end encryption.

Spotify has officially partnered with major record labels to create a "responsible AI" initiative aimed at developing generative music tools that supposedly benefit both artists and fans. While Spotify promises choice, transparency, and fair compensation, the vague announcement has many skeptics wondering if "responsible AI" is just another remix of old industry power plays set to a new algorithmic beat. The Verge reports: Spotify didn't detail any specific products in the works but said it was building a "state-of-the-art generative AI research lab and product team focused on developing technologies that reflect our principles and create breakthrough experiences for fans and artists." Most of the press release is dedicated to vagaries and laying out the principles that will guide Spotify's generative AI projects: [partnerships with record labels, distributors, and music publishers; choice in participation; fair compensation and new revenue; and artist-fan connection.]

BrianFagioli writes: TP-Link has officially achieved the first successful Wi-Fi 8 connection using a prototype device built through an industry collaboration. The company confirmed that both the beacon and data throughput worked, marking a real-world validation of next-generation wireless tech. It's an early glimpse of what the next leap in speed and reliability could look like, even as the Wi-Fi 8 standard itself remains under development. The Verge adds: Like its predecessor, Wi-Fi 8 will utilize 2.4GHz, 5GHz, and 6GHz bands with a theoretical maximum channel bandwidth of 320MHz and peak data rate of 23Gbps, but aims to improve real-world performance and connection reliability. The goal is to provide better performance in environments with low signal, or under high network loads, where an increasing number of devices are sharing the same connection.

It's the largest nuclear power plant in Europe. But "Ukraine's foreign minister accused Russia on Sunday of deliberately severing the external power line to the Russian-held Zaporizhzhia nuclear power station," reports Reuters, "in order to link the plant to Moscow's power grid." Ukrainian Foreign Minister Andrii Sybiha said Moscow was attempting to test a reconnection to Russia's grid. Ukraine has long feared that Moscow would try to redirect the plant's output to its grid. But Russian officials have denied any intention of trying to restart the plant, seized by Moscow's forces in the early weeks of the February 2022 invasion of Ukraine.

The plant produces no electricity at the moment, but has been without an external electricity source for nearly three weeks. Officials have relied on emergency diesel generators to secure the power needed to keep the fuel cool inside the facility and guard against a meltdown. "Russia intentionally broke the plant's connection with the Ukrainian grid in order to forcefully test reconnection with the Russian grid," Sybiha wrote on X in English. He denounced the "attempted theft of a peaceful Ukrainian nuclear facility".... Each side has accused the other of shelling that caused the line outage.
Russia's continued occupation of the Zaporizhzhia nuclear power plant deprived Ukraine of a quarter of its generating capacity, according to a report from the Brookings Institute — calling Ukraine's energy sector "a key battleground" in the war. The Russian invasion began on the very day that Ukraine launched its so-called island test. This involved completely isolating the Ukrainian and Moldovan power systems from their neighbors to check whether the system was stable. This is a mandatory procedure prior to synchronization with the European grid... Despite this, Ukraine managed not only to militarily defend itself but also to maintain grid stability in wartime conditions and implement all the solutions necessary for an unprecedented synchronization on March 16, 2022.
In 2022 a former commissioner of the U.S. Nuclear Regulatory Commission (from 1998 to 2007) even argued in the Wall Street Journal that "An unappreciated motive for Russia's invasion of Ukraine is that Kyiv was positioning itself to break from its longtime Russian nuclear suppliers..." At the time of the invasion, Westinghouse supplied fuel to six of the 15 [Ukrainian] nuclear reactors and could displace the Russians in all of them. The U.S. government had been highly supportive of this effort, and these fuel contracts represented hundreds of millions of dollars in yearly lost sales to Atomstroyexport [a nuclear exporter that's a subsidiary of Russian state corporation Rosatom]. By seizing the nuclear plants, Russia is able to retake the market for Ukrainian nuclear fuel.

Most important, Westinghouse, with support from the U.S., was in a position to build nuclear reactors in Ukraine over the next two decades. On Aug. 31, 2021, Energy Secretary Jennifer Granholm and her Ukrainian counterpart, Herman Halushchenko, signed a strategic cooperation agreement to build five nuclear units with a value, according to the World Nuclear Association, of more than $30 billion. The timing is telling. In November 2021, Ukraine's leaders signed a deal with Westinghouse to start construction on what they hoped would be at least five nuclear units — the first tranche of a program that could more than double the number of plants in the country, with a potential total value approaching $100 billion. Ukraine clearly intended that Russia receive none of that business.
Brookings looks at how Ukraine's energy sector has fared during the war: The Ukrainian energy sector was designed to be oversized with significant redundancy in order to meet huge Soviet-era industrial demand as well as to make it more resilient to a future world war... A radical change did not occur until 2014, when Ukrainians overthrew the pro-Russian president, Viktor Yanukovych. In the decade since then, Ukraine has pursued a policy of European Union (EU) integration with determination and without interruption... The real prospect of an improvement in the quality of life and development of Ukraine through integration with the EU and NATO was unacceptable to Russia, which first annexed Crimea and covertly attacked the Ukrainian Donbas, before launching a full-scale invasion of Ukraine on February 24, 2022. Russia's in-depth knowledge of the Ukrainian power system, dating back to the Soviet Union, was used to carry out a well-planned operation to cut off electricity to Ukrainians.

The aim was to break the morale of Ukrainians to continue defending themselves and to collapse the economy so that it could not support the Ukrainian military effort. Ironically, however, the size of the energy system, which had been scaled up in case of war, and the enormous Western support, unexpectedly ensured its resilience to Russian attacks.
Although they note that "During the first two years of the war, Russia fired nearly 2,000 missiles and drones at Ukrainian energy infrastructure... "

And this week in Ukraine, damage to substations, power plants and oil depot temporarily cut off electricity for hundreds of thousands of Ukrainian homes and businesses, reports the UN. "As colder weather sets in, strikes on critical infrastructure are deepening humanitarian needs," warned a UN spokesperson on Thursday...

Ferrari's first electric car arrives next summer, reports Carscoops, with a top speed of 193 mph (310 km/h) and accelerating from 0 to 62 mph (0 to 100 km/h) in just 2.5 seconds.

"The Elettrica" will also have a large high-density battery for over 329 miles (530 km) of range, ultra-fast DC charging up to 350 kW, and a 122 kWh capacity and an energy density of 195 Wh/kg that Ferrari "claims is the highest among production EVs."

But what's really interesting is its engine noises: Ferrari's approach to the Elettrica's sound moves away from artificial engine simulation. Instead, a sensor mounted on the inverter detects the powertrain's real mechanical vibrations, which are then amplified to create what the company describes as a natural, evolving tone that reflects how the car is being driven... a reactive soundtrack. Antonio Palermo [Ferrari's head of sound and vibration] calls it "language and connection," a way to keep drivers emotionally engaged with the car without resorting to synthetic gimmicks...

Needless to say, how convincing this synthesized feedback will feel in practice remains to be seen, as much of Ferrari's allure has traditionally rested on the emotional impact of its combustion engines.
"The Torque Shift Engagement system offers five selectable levels of power and torque using the right paddle, while the left paddle adjusts braking intensity," the article points out.

But if the engine noises are well-executed, argues the EV news site Electrek, "I even think it might convince some petrolheads to give EVs a try," . Whether you like them or not, engine sounds are essential, especially in performance vehicles. They are part of the identity of certain cars — a sort of signature. They can be emotional. They can give a sense of power. But beyond that, they are information. The pitch, volume, and texture of the engine sound provide critical, real-time feedback to the driver about RPM, load, and the car's health.

Some electric automakers are using curated soundscapes (like BMW with Hans Zimmer) or trying to mimic V8s (like Dodge with its "Fratzonic Chambered Exhaust")... Other automakers are simply letting the natural sounds of the electric motors exist. There's nothing wrong with that. However, considering that electric motors produce minimal sounds, which are then trapped inside a metal casing, you rarely hear anything significant, especially in modern vehicles with quiet cabins and even active noise cancellation. For most EVs, this is not a problem, but for a performance electric vehicle, it does feel like something is missing...

Ferrari insists the sound will only be used when "functionally useful" to provide feedback to the driver and will be directly tied to torque requests... The entire system was reportedly developed in-house, giving Ferrari complete control over the vehicle's final acoustic signature... [T]hey are embracing the new technology rather than hiding it. They are making a confident statement that an electric powertrain can be emotionally engaging on its own terms, without having to pretend to be something it's not...

If you prefer a completely silent drive, you can disable it.
Electrek's conclusion? "The purists who were worried that Ferrari would lose its soul in the EV transition should be encouraged by this."

Microsoft is eliminating all known workarounds that let users install Windows 11 without an internet connection or Microsoft account, forcing everyone through the online setup process. The Verge reports: "We are removing known mechanisms for creating a local account in the Windows Setup experience (OOBE)," says Amanda Langowski, the lead for the Windows Insider Program. "While these mechanisms were often used to bypass Microsoft account setup, they also inadvertently skip critical setup screens, potentially causing users to exit OOBE with a device that is not fully configured for use."

The changes mean Windows 11 users will need to complete the OOBE screens with an internet connection and Microsoft account in future versions of the OS. Microsoft already removed the "bypassnro" workaround earlier this year, and today's changes also disable the "start ms-cxh:localonly" command that Windows 11 users discovered after Microsoft's previous changes. Using this command now resets the OOBE process and it fails to bypass the Microsoft account requirement.

From 10 a.m. to 7 p.m. today (EDT), the Free Software Foundation celebrates its 40th anniversary with an online and in-person event. "We will broadcast the talks and workshops via a fully free software livestream on fsf.org/live," according to the FSF's official "FSF40 Celebration" page. "Everyone will be able to join the discussion via the #fsf40 IRC channel on Libera.Chat."

"4 decades, 4 freedoms, 4 all users" is the event's slogan.

And during the ceremony, a 40th-anniversary cake was sliced by newly-elected FSF president Ian Kelling (who was unanimously confirmed by FSF board members): Kelling, age 43, has held the role of a board member and a voting member since March 2021. The board said of Kelling's confirmation: "His hands-on technical experience resulting from his position as the organization's senior systems administrator proved invaluable for his work on the board of directors... He has the technical knowledge to speak with authority on most free software issues, and he has a strong connection with the community as an active speaker and blogger."

Kelling earned a bachelor's degree in computer science and is a continuous user, developer, and advocate for free software. His personal commitment to complete software freedom has been shaped by his past experiences working as a software developer for proprietary software companies while using, learning, and contributing to GNU/Linux on his own time.

"Ian has shown good judgment on the board, and a firm commitment to the free software movement," FSF founder and Chief GNUisance Richard Stallman said. Outgoing FSF President and long-time board member Geoff Knauth added: "Since joining the board in 2021, Ian has shown a clear understanding of the free software philosophy in today's technology, and a strong vision. He recognizes threats in upcoming technologies, promotes transparency, has played a significant role in designing and implementing the new board recruitment processes, and has always adhered to ethical principles. He has also given me valuable advice at critical moments, for which I am very grateful..."

Kelling will continue to fill the role of senior systems administrator for the FSF, which he has held since 2017, where he leads the FSF's tech team under the direction of Zoë Kooyman, executive director of the FSF. True to the FSF's tradition for this role, he takes on the governance role as a volunteer.
Upcoming on the livestream:

• Free Software Foundation trivia
• LibreLocal group lightning talks
• A panel with the FSF, Electronic Frontier Foundation (EFF) , F-Droid, and Sugar Labs

An anonymous reader quotes a report from Ars Technica: As we careen toward a future in which Google has final say over what apps you can run, the company has sought to assuage the community's fears with a blog post and a casual "backstage" video. Google has said again and again since announcing the change that sideloading isn't going anywhere, but it's definitely not going to be as easy. The new information confirms app installs will be more reliant on the cloud, and devs can expect new fees, but there will be an escape hatch for hobbyists.

Confirming app verification status will be the job of a new system component called the Android Developer Verifier, which will be rolled out to devices in the next major release of Android 16. Google explains that phones must ensure each app has a package name and signing keys that have been registered with Google at the time of installation. This process may break the popular FOSS storefront F-Droid. It would be impossible for your phone to carry a database of all verified apps, so this process may require Internet access. Google plans to have a local cache of the most common sideloaded apps on devices, but for anything else, an Internet connection is required. Google suggests alternative app stores will be able to use a pre-auth token to bypass network calls, but it's still deciding how that will work.

The financial arrangement has been murky since the initial announcement, but it's getting clearer. Even though Google's largely automated verification process has been described as simple, it's still going to cost developers money. The verification process will mirror the current Google Play registration fee of $25, which Google claims will go to cover administrative costs. So anyone wishing to distribute an app on Android outside of Google's ecosystem has to pay Google to do so. What if you don't need to distribute apps widely? This is the one piece of good news as developer verification takes shape. Google will let hobbyists and students sign up with only an email for a lesser tier of verification. This won't cost anything, but there will be an unclear limit on how many times these apps can be installed. The team in the video strongly encourages everyone to go through the full verification process (and pay Google for the privilege). We've asked Google for more specifics here.

An anonymous reader shares a report: Immigration anxieties and a challenging job market have sparked an online backlash over China's latest attempt at attracting global talent -- a new visa program announced in August. The program, which was rolled out on Wednesday with the aim of attracting foreign professionals, will also test how China balances its immigration policy with its pursuit of technological ambitions.

Under the new rules, young graduates -- in the fields of science, technology, engineering and mathematics or STEM -- no longer need backing from a local employer and can enjoy more flexibility in terms for entry frequency and duration of stay. The keyword "K-visa" -- as China's new visa category is called -- was among the top searches on social media site Weibo for days, before chatter about National Day traffic jams pushed it off the charts as millions hit the road for a week-long holiday.

Chinese social media users argue that the new visa tilts the playing field toward foreign graduates at the expense of those educated in China. Others on Weibo warned that without employer sponsorship, the program could invite fraudulent applications and open the door to a surge in arrivals from developing countries, piling pressure on an already strained labor market.

An anonymous reader shares a report: In a preprint titled "Can LIGO Detect Daylight Savings Time?," Reed Essick, former LIGO member and now a physicist at the University of Toronto, gives a simple answer to the paper's title: "Yes, it can." The paper, which has yet to be peer-reviewed, was recently uploaded to arXiv. That might seem like an odd connection. It's true that observational astronomy must contend with noise from light pollution, satellites, and communication signals. But these are tangible sources of noise that scientists can sink their teeth into, whereas daylight savings time is considerably more nebulous and abstract as a potential problem.

To be clear, and as the paper points out, daylight savings time does not influence actual signals from merging black holes billions of light-years away -- which, as far as we know, don't operate on daylight savings time. The "detection" here refers to the "non-trivial" changes in human activity having to do with the researchers involved in this kind of work, among other work- and process-related factors tied to the sudden shift in time. The presence of individuals -- whether through operational workflows or even their physical activity at the observatories -- has a measurable impact on the data collected by LIGO and its sister institutions, Virgo in Italy and KAGRA in Japan, the new paper argues.

To see why this might be the case, consider again the definition of gravitational waves: ripples in space-time. A very broad interpretation of this definition implies that any object in space-time affected by gravity can cause ripples, like a researcher opening a door or the rumble of a car moving across the LIGO parking lot. Of course, these ripples are so tiny and insignificant that LIGO doesn't register them as gravitational waves. But continued exposure to various seismic and human vibrations does have some effect on the detector -- which, again, engineers and physicists have attempted to account for. What they forgot to consider, however, were the irregular shifts in daily activity as researchers moved back and forth from daylight savings time. The bi-annual time adjustment shifted LIGO's expected sensitivity pattern by roughly 75 minutes, the paper noted. Weekends, and even the time of day, also influenced the integrity of the collected data, but these factors had been raised by the community in the past.

An anonymous reader quotes a report from InsideEVs: On Monday morning, I spoke to a Volvo EX90 owner who reported a litany of issues with her 2025 EX90: malfunctioning phone-as-a-key functionality, a useless keyfob, a keycard that rarely worked quickly, constant phone connection issues, infotainment glitches and error messages. I was surprised not because I hadn't heard of these kinds of problems, but because I experienced them myself over a year ago at the EX90 first drive again. At the time, Volvo said software fixes were imminent. Today, we know the issues go deeper. To solve them, Volvo announced on Tuesday that it will replace the central computer of every 2025 EX90 with the new one from the 2026 EX90. It's a tacit admission that the company can't solve the EX90's issues while simultaneously launching its next-generation software-defined vehicles, and that it's easier to replace the original computer than to build bug-free software for it. But for some, the damage to the Volvo brand has already been done. "I say without exaggeration that this car is a dumpster fire inside a train wreck," InsideEVs reader and EX90 owner Sally Greer told InsideEVs.

The report notes that Volvo will replace the computer inside the 2025 EX90 with a Nvidia Drive AGX Orin-based core computer that has contains over 500 TOPS (Trillion Operations Per Second) of power, which Volvo says will help power its autonomous driving ambitions.

A July combat training exercise involved a satellite dish-style antenna that "could fire enough electromagnetic energy to fry the satellite 22,000 miles away," reports the Washington Post. But "Instead, the salvo would be more covert — millisecond pulses of energy that would subtly disrupt the satellite's signals, which U.S. military forces were using to communicate in the Pacific Ocean." The goal was to disguise the strike as a garbled connection that could be easily remedied by securing a loose cable or a simple reboot, leaving U.S. service members frustrated without raising their suspicions. [And using less power "would make it harder for the Blue Team to track where the interference was coming from."] This is how the next war could start: invisible shots fired in space on the electromagnetic spectrum that could render U.S. fighter jets and aircraft carriers deaf and blind, unable to communicate. In this case, the "aggressors" targeting the U.S. satellite were not from China or Russia, but rather an elite squadron of U.S. Space Force Guardians mimicking how potential adversaries would act in a conflict that begins in orbit... Involving more than 700 service members and spanning 50 million square miles and six time zones, the training exercise, called Resolute Space, was observed firsthand exclusively by The Washington Post.
The article describes leadership at the U.S. Space Force "still honing their mission while jousting with adversaries, such as China, that are moving quickly and conducting combat-like operations in orbit... While the Space Force continues to evolve, many defense analysts and some members of Congress fear the United States has already ceded its dominance in space to China and others." With a budget of just $40 billion, the relatively tiny Space Force makes up just about 4 percent of the Defense Department's budget and less than 1 percent of its personnel. It has more than 15,000 Guardians, which also includes several thousand civilians. By comparison, the Army has nearly 1 million soldiers. The Space Force has been squeezed under the department of the Air Force and struggled to distinguish itself from the other branches...

China, Russia and others have demonstrated that they can take out or interfere with the satellites operated by the Pentagon and intelligence agencies that provide the nation's missile warning and tracking, reconnaissance and communications. China in particular has moved rapidly to build an arsenal of space-based weapons... [R]ecently, several of China's satellites have engaged in what Space Force officials have called "dogfighting," jousting with U.S. satellites at high speeds and close ranges.

An anonymous reader shares a column: After nearly 30 years of USB-A connectivity, the market is now transitioning to the convenient USB-C standard, which makes sense given that it supports higher speeds, display data, and power delivery. The symmetrical connection is also smaller and more user-friendly, as it's reversible and works with smartphones and tablets. I get that USB-C is inevitable, but tech brands should realize that the ubiquitous USB-A isn't going anywhere soon and stop removing the ports we need to run our devices.

[...] It's premature for brands to phase out USB-A when peripheral brands are still making compatible products in 2025. For example, Logitech's current wireless pro gaming mice connect using a USB-A Lightspeed dongle, and most Seagate external drives still use USB-A as their connection method. The same can be said for other memory sticks, keyboards, wireless headsets, and other new devices that are still manufactured with a USB-A connection.

I have a gaming laptop with two USB-A and USB-C ports, and it's a constant struggle to connect all my devices simultaneously without needing a hub. I use the two USB-A ports for my mouse and wireless headset dongles, while a phone charging cable and portable monitor take up the USB-Cs. This setup stresses me out because there's no extra space to connect anything else without losing functionality.

California's legislature this week approved a bill to let renters opt out of bulk-billing arrangements that force them to pay for Internet service from a specific provider. ArsTechnica: The bill says that by January 1, a landlord must "allow the tenant to opt out of paying for any subscription from a third-party Internet service provider, such as through a bulk-billing arrangement, to provide service for wired Internet, cellular, or satellite service that is offered in connection with the tenancy." If a landlord fails to do so, the tenant "may deduct the cost of the subscription to the third-party Internet service provider from the rent," and the landlord would be prohibited from retaliating.

The bill passed the state Senate in a 30-7 vote on Wednesday but needs Gov. Gavin Newsom's signature to become law. It was approved by the state Assembly in a 75-0 vote in April. Assemblymember Rhodesia Ransom, a Democratic lawmaker who authored the bill, told Ars today that lobby groups for Internet providers and real estate companies have been "working really hard" to defeat it. But she expects Newsom will approve. "I strongly believe that the governor is going to look at what this bill provides as far as protections for tenants and sign it into law," Ransom said in a phone interview.