An anonymous reader quotes a report from CNN: Employees' negative daily emotions and lack of well-being can ultimately hurt worker engagement -- and the economy, according to a new report released this week. Gallup, in its "State of the Global Workplace," estimates that low employee engagement costs the global economy $8.9 trillion, or 9% of global GDP. The report includes findings from its latest annual World Poll, which surveyed 128,278 employees in more than 140 countries last year. That poll found that roughly 20% of workers globally reported feeling lonely, angry or sad on a daily basis. And 41% on average say they feel stress. Those most likely to say they feel lonely were younger workers (22%), employees who worked remotely full-time (25%) and those who felt most disengaged on the job (31%).

While work isn't always the cause of a person's negative daily emotions, employers should still be concerned. That's because work can either improve or worsen employees' well-being. On the one hand, the Gallup report noted, "when employees find their work and work relationships meaningful, employment is associated with high levels of daily enjoyment and low levels of all negative daily emotions. Notably, half of employees who are engaged at work are thriving in life overall." On the other, researchers found that being disengaged at work can negatively affect a person's wellbeing as much as -- or more than -- not having a job at all. "Employees who dislike their jobs tend to have high levels of daily stress and worry, as well as elevated levels of all other negative emotions," they wrote. "On many wellbeing items (stress, anger, worry, loneliness), being actively disengaged at work is equivalent to or worse than being unemployed."

The poll found that last year only 23% of employees were engaged at work, unchanged from the year prior. Gallup defines an engaged employee as someone "highly involved in and enthusiastic about their work and workplace. They are psychological 'owners,' drive performance and innovation, and move the organization forward." But those who said they were not engaged rose by 3 percentage points to 62%. These are employees characterized as "psychologically unattached to their work and company. Because their engagement needs are not being fully met, they are putting time but not energy or passion into their work."

The FDA on Thursday approved the first hearing aid software for Apple's latest AirPods Pro earbuds. According to Apple, the feature will be pushed to eligible devices through a software update in the coming weeks. The Washington Post reports: The move, which comes two years after the FDA first approved over-the-counter hearing aids, could help more Americans with hearing loss start getting help, the FDA said in a statement. The feature works by amplifying some sounds, such as voices, while minimizing others, such as ambient noise. Users can take a hearing test in the Apple Health app, and their AirPods will adjust sound level automatically based on the results. The feature is only available on the AirPods Pro 2, which cost $249.

The FDA says it tested Apple's hearing aid feature in a clinical study with 118 subjects who believed they had mild or moderate hearing loss. The study found that people who set up their AirPods using Apple's hearing test noticed similar benefits as people who had a professional set up the earbuds. Over-the-counter hearing aids are best for people with mild to moderate hearing loss, audiologists say, many of whom don't seek treatment. [...] However, consumer earbuds aren't a good solution for people with severe hearing loss, experts maintain, and most over-the-counter hearing devices will still require a trip to the audiologist for some fine tuning.

An anonymous reader quotes a report from Ars Technica: Microsoft has updated a key cryptographic library with two new encryption algorithms designed to withstand attacks from quantum computers. The updates were made last week to SymCrypt, a core cryptographic code library for handing cryptographic functions in Windows and Linux. The library, started in 2006, provides operations and algorithms developers can use to safely implement secure encryption, decryption, signing, verification, hashing, and key exchange in the apps they create. The library supports federal certification requirements for cryptographic modules used in some governmental environments. Despite the name, SymCrypt supports both symmetric and asymmetric algorithms. It's the main cryptographic library Microsoft uses in products and services including Azure, Microsoft 365, all supported versions of Windows, Azure Stack HCI, and Azure Linux. The library provides cryptographic security used in email security, cloud storage, web browsing, remote access, and device management. Microsoft documented the update in a post on Monday. The updates are the first steps in implementing a massive overhaul of encryption protocols that incorporate a new set of algorithms that aren't vulnerable to attacks from quantum computers. [...]

The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). The KEM in the new name is short for key encapsulation. KEMs can be used by two parties to negotiate a shared secret over a public channel. Shared secrets generated by a KEM can then be used with symmetric-key cryptographic operations, which aren't vulnerable to Shor's algorithm when the keys are of a sufficient size. [...] The other algorithm added to SymCrypt is the NIST-recommended XMSS. Short for eXtended Merkle Signature Scheme, it's based on "stateful hash-based signature schemes." These algorithms are useful in very specific contexts such as firmware signing, but are not suitable for more general uses. Monday's post said Microsoft will add additional post-quantum algorithms to SymCrypt in the coming months. They are ML-DSA, a lattice-based digital signature scheme, previously called Dilithium, and SLH-DSA, a stateless hash-based signature scheme previously called SPHINCS+. Both became NIST standards last month and are formally referred to as FIPS 204 and FIPS 205. In Monday's post, Microsoft Principal Product Manager Lead Aabha Thipsay wrote: "PQC algorithms offer a promising solution for the future of cryptography, but they also come with some trade-offs. For example, these typically require larger key sizes, longer computation times, and more bandwidth than classical algorithms. Therefore, implementing PQC in real-world applications requires careful optimization and integration with existing systems and standards."

Bluesky, the decentralized social networking startup, has introduced support for videos up to 60 seconds long in its latest update, version 1.91. The Verge reports: The videos will autoplay by default, but Bluesky says you can turn this feature off in the settings menu. You can also add subtitles to your videos, as well as apply labels for things like adult content. There are some limitations to Bluesky's video feature, as the platform will only allow up to 25 video uploads (or 10GB of video) per day.

To protect Bluesky from harmful content or spam, it will require users to verify their email addresses before posting a video. Bluesky may also take away someone's ability to post videos if they repeatedly violate its community guidelines. The platform will also run videos through Hive, an AI moderation solution, and Thorn, a nonprofit that fights child sexual abuse, to check for illegal content or media that needs a warning.

A security researcher has exposed a critical vulnerability in the WHOIS system. Benjamin Harris, CEO of watchTowr, gained unprecedented access by registering an expired domain once used for .mobi's authoritative WHOIS server. His rogue server received millions of queries from thousands of systems, including government agencies, certificate authorities, and major tech companies. ArsTechnica adds: The humor aside, the rogue WHOIS server gave him powers he never should have had. One of the greatest was the ability to dictate the email address certificate authority GlobalSign used to determine if a party applying for a TLS certificate was the rightful owner of the domain name the certificate would apply to. Like the vast majority of its competitors, GlobalSign uses an automated process. An application for example.com, for instance, will prompt the certificate authority to send an email to the administrative email address listed in the authoritative WHOIS for that domain. If the party on the other end clicks a link, the certificate is automatically approved. When Harris generated a certificate signing request for microsoft.mobi, he promptly received an email from GlobalSign. The email gave him the option of receiving a verification link at whois@watchtowr.com. For ethical reasons, he stopped the experiment at this point. The vulnerability stems from outdated WHOIS client configurations, which underscores systemic weaknesses in internet infrastructure management.

Most kitchen products use plastics that are practically unrecyclable, yet a trade group representing major brands is pressuring regulators to allow companies to label such items as "recyclable," even though they are likely to end up in landfills. Experts warn this could worsen the plastic crisis and misleading labels could further deceive consumers about the true recyclability of these products. ProPublica reports: The Consumer Brands Association believes companies should be able to stamp "recyclable" on products that are technically "capable" of being recycled, even if they're all but guaranteed to end up in a landfill. As ProPublica previously reported, the group argued for a looser definition of "recyclable" in written comments to the Federal Trade Commission as the agency revises the Green Guides -- guidelines for advertising products with sustainable attributes. [...] ProPublica contacted the 51 companies on the association's board of directors to ask if they agreed with the trade group's definition of "recyclable." Most did not respond. None said they disagreed with the definition. Nine companies referred ProPublica back to the association.

The Green Guides are meant to increase consumer trust in sustainable products. Though these guidelines are not laws, they serve as a national reference for companies and other government agencies for how to define terms like "compostable," "nontoxic" and "recyclable." [...] The current Green Guides allow companies to label products and packaging as "recyclable" if at least 60% of Americans have access to facilities that will take the material. As written, the guidelines don't specify whether it's enough for the facilities to simply collect and sort the items or if there needs to be a reasonable expectation that the material will be made into something new. "The Green Guides have long set forth that items labeled as 'recyclable' are those which are capable of being recycled," [Joseph Aquilina, the association's vice president and deputy general counsel] told ProPublica. "Any characterization suggesting Consumer Brands is pushing for a 'looser definition' is false." But the association seemed to disregard what the FTC said in a separate document released alongside the guides, which states that a truthful recyclable claim means that "a substantial majority of consumers or communities have access to facilities that will actually recycle, not accept and ultimately discard, the product."

In its comments to the FTC, the association pushed back on that idea. The U.S. recycling system is decentralized, and manufacturers have no control over economic factors that might lead a recycler to change its mind about how it handles a certain type of plastic, the association wrote, adding that it was unrealistic to force brands to predict which products will be "ultimately recycled." The association represents sellers and will naturally seek more flexibility in its positions, Jef Richards, a professor of advertising and public relations at Michigan State University, said in an email. The "problem with defining 'recyclable' as anything that MIGHT be recycled is that I seriously doubt that's how consumers define it." When consumer expectations fail to match what the advertiser is saying, "consumers are being deceived," he added. That deception has concrete impacts: Plastic bags that mistakenly end up at recycling centers can gum up machinery, start fires and contaminate bales of paper, which then can't be recycled. The problem could get worse if the FTC listens to the Consumer Brands Association and allows companies to market plastic bags as "recyclable."

Alorica — which runs customer-service centers around the world — has introduced an AI translation tool that lets its representatives talk with customers in 200 different languages. But according to the Associated Press, "Alorica isn't cutting jobs. It's still hiring aggressively." The experience at Alorica — and at other companies, including furniture retailer IKEA — suggests that AI may not prove to be the job killer that many people fear. Instead, the technology might turn out to be more like breakthroughs of the past — the steam engine, electricity, the internet: That is, eliminate some jobs while creating others. And probably making workers more productive in general, to the eventual benefit of themselves, their employers and the economy. Nick Bunker, an economist at the Indeed Hiring Lab, said he thinks AI "will affect many, many jobs — maybe every job indirectly to some extent. But I don't think it's going to lead to, say, mass unemployment.... "

[T]he widespread assumption that AI chatbots will inevitably replace service workers, the way physical robots took many factory and warehouse jobs, isn't becoming reality in any widespread way — not yet, anyway. And maybe it never will. The White House Council of Economic Advisers said last month that it found "little evidence that AI will negatively impact overall employment.'' The advisers noted that history shows technology typically makes companies more productive, speeding economic growth and creating new types of jobs in unexpected ways... The outplacement firm Challenger, Gray & Christmas, which tracks job cuts, said it has yet to see much evidence of layoffs that can be attributed to labor-saving AI. "I don't think we've started seeing companies saying they've saved lots of money or cut jobs they no longer need because of this,'' said Andy Challenger, who leads the firm's sales team. "That may come in the future. But it hasn't played out yet.''

At the same time, the fear that AI poses a serious threat to some categories of jobs isn't unfounded. Consider Suumit Shah, an Indian entrepreneur who caused a uproar last year by boasting that he had replaced 90% of his customer support staff with a chatbot named Lina. The move at Shah's company, Dukaan, which helps customers set up e-commerce sites, shrank the response time to an inquiry from 1 minute, 44 seconds to "instant." It also cut the typical time needed to resolve problems from more than two hours to just over three minutes. "It's all about AI's ability to handle complex queries with precision,'' Shah said by email. The cost of providing customer support, he said, fell by 85%....

Similarly, researchers at Harvard Business School, the German Institute for Economic Research and London's Imperial College Business School found in a study last year that job postings for writers, coders and artists tumbled within eight months of the arrival of ChatGPT.
On the other hand, after Ikea introduced a customer-service chatbot in 2021 to handle simple inquiries, it didn't result in massive layoffs according to the article. Instead Ikea ended up retraining 8,500 customer-service workers to handle other tasks like advising customers on interior design and fielding complicated customer calls.

Digital rights activists want device manufacturers to disclose a "guaranteed minimum support time" for devices — and federal regulations ensuring a product's core functionality will work even after its software updates stop.

Influential groups including Consumer Reports, EFF, the Software Freedom Conservancy, iFixit, and U.S. Pirg have now signed a letter to the head of America's Consumer Protection bureau (at the Federal Trade Commision), reports The Register: In an eight-page letter to the Commission (FTC), the activists mentioned the Google/Levis collaboration on a denim jacket that contained sensors enabling it to control an Android device through a special app. When the app was discontinued in 2023, the jacket lost that functionality. The letter also mentions the "Car Thing," an automotive infotainment device created by Spotify, which bricked the device fewer than two years after launch and didn't offer a refund...

Environmental groups and computer repair shops also signed the letter... "Consumers need a clear standard for what to expect when purchasing a connected device," stated Justin Brookman, director of technology policy at Consumer Reports and a former policy director of the FTC's Office of Technology, Research, and Investigation. "Too often, consumers are left with devices that stop functioning because companies decide to end support without little to no warning. This leaves people stranded with devices they once relied on, unable to access features or updates...."

Brookman told The Register that he believes this is the first such policy request to the FTC that asks the agency to help consumers with this dilemma. "I'm not aware of a previous effort from public interest groups to get the FTC to take action on this issue — it's still a relatively new issue with no clear established norms," he wrote in an email. "But it has certainly become an issue" that comes up more and more with device makers as they change their rules about product updates and usage.
"Both switching features to a subscription and 'bricking' a connected device purchased by a consumer in many cases are unfair and deceptive practices," the groups write, arguing that the practices "infringe on a consumer's right to own the products they buy." They're requesting clear "guidance" for manufacturers from the U.S. government. The FTC has a number of tools at its disposal to help establish standards for IoT device support. While a formal rulemaking is one possibility, the FTC also has the ability to issue more informal guidance, such as its Endorsement Guides12 and Dot Com Disclosures.13 We believe the agency should set norms...
The groups are also urging the FTC to:

• Encourage tools and methods that enable reuse if software support ends.

• Conduct an educational program to encourage manufacturers to build longevity into the design of their products.

• Protect "adversarial interoperability"... when a competitor or third-party creates a reuse or modification tool [that] adds to or converts the old device.

Thanks to long-time Slashdot reader Z00L00K for sharing the article.

The New York Times analyzed over 3.2 million Telegram messages from 16,220 channels. Their conclusion? Telegram "offers features that enable criminals, terrorists and grifters to organize at scale and to sidestep scrutiny from the authorities" — and that Telegram "has looked the other way as illegal and extremist activities have flourished openly on the app."

Or, more succinctly: "Telegram has become a global sewer of criminal activity, disinformation, child sexual abuse material, terrorism and racist incitement, according to a four-month investigation." Look deeper, and a dark underbelly emerges. Uncut lumps of cocaine and shards of crystal meth are for sale on the app. Handguns and stolen checks are widely available. White nationalists use the platform to coordinate fight clubs and plan rallies. Hamas broadcast its Oct. 7 attack on Israel on the site... The Times investigation found 1,500 channels operated by white supremacists who coordinate activities among almost 1 million people around the world. At least two dozen channels sold weapons. In at least 22 channels with more than 70,000 followers, MDMA, cocaine, heroin and other drugs were advertised for delivery to more than 20 countries.

Hamas, the Islamic State and other militant groups have thrived on Telegram, often amassing large audiences across dozens of channels. The Times analyzed more than 40 channels associated with Hamas, which showed that average viewership surged up to 10 times after the Oct. 7 attacks, garnering more than 400 million views in October. Telegram is "the most popular place for ill-intentioned, violent actors to congregate," said Rebecca Weiner, the deputy commissioner for intelligence and counterterrorism at the New York Police Department. "If you're a bad guy, that's where you will land...." [Telegram] steadfastly ignores most requests for assistance from law enforcement agencies. An email inbox used for inquiries from government agencies is rarely checked, former employees said...
"It is easy to search and find channels selling guns, illicit narcotics, prescription drugs and fraudulent ATM cards, called clone cards..." according to the article. The Times "found at least 50 channels openly selling contraband, including guns, drugs and fraudulent debit cards." In December 2022, Hayden Espinosa began serving a 33-month sentence in federal prison in Louisiana for buying and selling illegal firearms and weapon parts he made with 3D printers. That did not stop his business. Using cellphones that had been smuggled into prison, Espinosa continued his illicit trade on a Telegram channel... Espinosa's gun market on Telegram might never have been uncovered except that one of its members was Payton Gendron, who massacred 10 people at a supermarket in Buffalo, New York, in 2022. Investigators scouring his life online for motives for the shooting discovered the channel, which also featured racist and extremist views he had shared.
"Operating like a stateless organization, Telegram has long behaved as if it were above the law," the article concludes — though it adds that "In many democratic countries, patience with the app is wearing thin.

"The European Union is exploring new oversight of Telegram under the Digital Services Act, a law that forces large online platforms to police their services more aggressively, two people familiar with the plans said."

Slashdot reader echo123 shared a new article from Wired titled "Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It's Out to Prove Surveillance Capitalism Wrong." ("On its 10th anniversary, Signal's president wants to remind you that the world's most secure communications platform is a nonprofit. It's free. It doesn't track you or serve you ads. It pays its engineers very well. And it's a go-to app for hundreds of millions of people.") Ten years ago, WIRED published a news story about how two little-known, slightly ramshackle encryption apps called RedPhone and TextSecure were merging to form something called Signal. Since that July in 2014, Signal has transformed from a cypherpunk curiosity — created by an anarchist coder, run by a scrappy team working in a single room in San Francisco, spread word-of-mouth by hackers competing for paranoia points — into a full-blown, mainstream, encrypted communications phenomenon... Billions more use Signal's encryption protocols integrated into platforms like WhatsApp...

But Signal is, in many ways, the exact opposite of the Silicon Valley model. It's a nonprofit funded by donations. It has never taken investment, makes its product available for free, has no advertisements, and collects virtually no information on its users — while competing with tech giants and winning... Signal stands as a counterfactual: evidence that venture capitalism and surveillance capitalism — hell, capitalism, period — are not the only paths forward for the future of technology.

Over its past decade, no leader of Signal has embodied that iconoclasm as visibly as Meredith Whittaker. Signal's president since 2022 is one of the world's most prominent tech critics: When she worked at Google, she led walkouts to protest its discriminatory practices and spoke out against its military contracts. She cofounded the AI Now Institute to address ethical implications of artificial intelligence and has become a leading voice for the notion that AI and surveillance are inherently intertwined. Since she took on the presidency at the Signal Foundation, she has come to see her central task as working to find a long-term taproot of funding to keep Signal alive for decades to come — with zero compromises or corporate entanglements — so it can serve as a model for an entirely new kind of tech ecosystem...

Meredith Whittaker: "The Signal model is going to keep growing, and thriving and providing, if we're successful. We're already seeing Proton [a startup that offers end-to-end encrypted email, calendars, note-taking apps, and the like] becoming a nonprofit. It's the paradigm shift that's going to involve a lot of different forces pointing in a similar direction."
Key quotes from the interview:

• "Given that governments in the U.S. and elsewhere have not always been uncritical of encryption, a future where we have jurisdictional flexibility is something we're looking at."

• "It's not by accident that WhatsApp and Apple are spending billions of dollars defining themselves as private. Because privacy is incredibly valuable. And who's the gold standard for privacy? It's Signal."

• "We also see growth in response to things like what we call a Big Tech Fuckup, like when WhatsApp changed its terms of service. We saw a boost in desktop after Zoom announced that they were going to scan everyone's calls for AI. And we anticipate more of those."

• "AI is a product of the mass surveillance business model in its current form. It is not a separate technological phenomenon."

• "...alternative models have not received the capital they need, the support they need. And they've been swimming upstream against a business model that opposes their success. It's not for lack of ideas or possibilities. It's that we actually have to start taking seriously the shifts that are going to be required to do this thing — to build tech that rejects surveillance and centralized control — whose necessity is now obvious to everyone."

Long-time Slashdot reader theodp writes: The Contingency Contingent, is Leigh Claire La Berge's amazing tale of what she calls her "fake job in Y2K preparedness." La Berge offers an insider's view of the madness that ensued when Y2K panic gave rise to seemingly-limitless spending at mega-corporations for massive enterprise-wide Y2K remediation projects led by management consulting firms that left clients with little to show for their money. (La Berge was an analyst for consulting firm Arthur Andersen, where "the Andersen position was that 'Y2K is a documentation problem, not a technology problem'.... At a certain point all that had happened yesterday was our documenting, so then we documented that. Then, exponentially, we had to document ourselves documenting our own documentation."). In what reads like the story treatment for an Office Space sequel, La Berge writes that it was a fake job "because Andersen was faking it."
From the article: The firm spent the late 1990s certifying fraudulent financial statements from Enron, the Texas-based energy company that made financial derivatives a household phrase, until that company went bankrupt in a cloud of scandal and suicide and Andersen was convicted of obstruction of justice, surrendered its accounting licenses, and shuttered. But that was later.

Finally, it was a fake job because the problem that the Conglomerate had hired Andersen to solve was not real, at least not in the sense that it needed to be solved or that Andersen could solve it. The problem was known variously as Y2K, or the Year 2000, or the Y2K Bug, and it prophesied that on January 1, 2000, computers the world over would be unable to process the thousandth-digit change from 19 to 20 as 1999 rolled into 2000 and would crash, taking with them whatever technology they were operating, from email to television to air-traffic control to, really, the entire technological infrastructure of global modernity. Hospitals might have emergency power generators to stave off the worst effects (unless the generators, too, succumbed to the Y2K Bug), but not advertising firms.

With a world-ending scenario on the horizon, employment standards were being relaxed. The end of the millennium had produced a tight labor market in knowledge workers, and new kinds of companies, called dot-coms, were angling to dominate the emergent world of e-commerce. Flush with cash, these companies were hoovering up any possessors of knowledge they could find. Friends from my gradeless college whose only experience in business had been parking-lot drug deals were talking stock options.
Looking back, the author remembers being "surprised by how quickly Y2K disappeared from office discourse as though censored..."

Their upcoming book is called Fake Work: How I Began to Suspect Capitalism is a Joke.

"The Big Bang may not have been the beginning of the universe," writes LiveScience, citing "a theory of cosmology that suggests the universe can 'bounce' between phases of contraction and expansion."

The recent study suggests that dark matter could be composed of black holes formed before the Big Bang, during a transition from the universe's last contraction to the current expansion phase... In the new study, researchers explored a scenario where dark matter consists of primordial black holes formed from density fluctuations that occurred during the universe's last contraction phase, not long before the period of expansion that we observe now. They published their findings in June in the Journal of Cosmology and Astroparticle Physics ... In this "bouncing" cosmology, the universe contracted to a size about 50 orders of magnitude smaller than it is today. After the rebound, photons and other particles were born, marking the Big Bang. Near the rebound, the matter density was so high that small black holes formed from quantum fluctuations in the matter's density, making them viable candidates for dark matter.

"Small primordial black holes can be produced during the very early stages of the universe, and if they are not too small, their decay due to Hawking radiation [a hypothetical phenomenon of black holes emitting particles due to quantum effects] will not be efficient enough to get rid of them, so they would still be around now," Patrick Peter, director of research at the French National Centre for Scientific Research (CNRS), who was not involved in the study, told Live Science in an email. "Weighing more or less the mass of an asteroid, they could contribute to dark matter, or even solve this issue altogether."

The scientists' calculations show that this universe mode's properties, such as the curvature of space and the microwave background, match current observations, supporting their hypothesis.
"If this hypothesis holds, the gravitational waves generated during the black hole formation process might be detectable by future gravitational wave observatories, providing a way to confirm this dark matter generation scenario..."

The Wall Street Journal reports that long Covid "has pushed around one million Americans out of the labor force, economists estimate." More than 5% of adults in the U.S. have long Covid, and it is most prevalent among Americans in their prime working years. About 3.6 million people reported significantly modifying their activities because of the illness in a recent survey by the Centers for Disease Control and Prevention.

Long Covid is a chronic condition with symptoms lasting at least three months after a Covid infection, according to the CDC. Symptoms include fatigue, changes in memory, shortness of breath and trouble concentrating. Long Covid can make tasks as simple as responding to an email arduous, people with the condition say. They struggle to summon the right word or manage stress. Among its many symptoms is post-exertional malaise, which can worsen after even minor physical or mental activity. "People can't go back to work or have to significantly cut down on the amount of work that they can handle," said Akiko Iwasaki, an immunobiology professor at Yale School of Medicine.

Researchers don't know how long symptoms can last. Few people with long Covid have fully recovered within two years. Patients say their doctors have tried everything from antihistamines to blood thinners to physical therapy to acupuncture. Some people might live with the condition for the rest of their lives, said Dr. Paul Volberding, a professor emeritus at the University of California, San Francisco...

Some people with long Covid, which the federal government has classified as a disability, have stayed in their jobs. Human-resource managers have made accommodations including remote work, flexible hours or modified responsibilities, said Rue Dooley of the Society for Human Resource Management. "It's not going away," he said. "It's going to be one of another 100 conditions that we have to grapple with."

People were more likely to develop long Covid at the start of the pandemic, according to a study published in July in the New England Journal of Medicine. The proliferation of vaccines and changes to the virus have made people infected with Covid less likely to develop long Covid.

An anonymous reader shares a report: Newspaper giant Gannett is shutting down Reviewed, its product reviews site, effective November 1st, according to sources familiar with the decision. The site offers recommendations for products ranging from shoes to home appliances and employs journalists to test and review items -- but has also been at the center of questions around whether its work is actually produced by humans.

"After careful consideration and evaluation of our Reviewed business, we have decided to close the operation. We extend our sincere gratitude to our employees who have provided consumers with trusted product reviews," Reviewed spokesperson Lark-Marie Anton told The Verge in an email. But the site more recently has been the subject of scrutiny, at times by its own unionized employees. Last October, Reviewed staff publicly accused Gannett of publishing AI-generated product reviews on the site. The articles in question were written in a strange, stilted manner, and staff found that the authors the articles were attributed to didn't seem to exist on LinkedIn and other platforms. Some questioned whether they were real at all. In response to questions, Gannett said the articles were produced by a third-party marketing company called AdVon Commerce and that the original reviews didn't include proper disclosure. But Gannett denied that AI was involved.

Reuters reports that the Iranian hacking team which compromised the campaign of U.S. presidential candidate Donald Trump "is known for placing surveillance software on the mobile phones of its victims, enabling them to record calls, steal texts and silently turn on cameras and microphones, according to researchers and experts who follow the group." Known as APT42 or CharmingKitten by the cybersecurity research community, the accused Iranian hackers are widely believed to be associated with an intelligence division inside Iran's military, known as the Intelligence Organization of the Islamic Revolutionary Guard Corps or IRGC-IO. Their appearance in the U.S. election is noteworthy, sources told Reuters, because of their invasive espionage approach against high-value targets in Washington and Israel. "What makes (APT42) incredibly dangerous is this idea that they are an organization that has a history of physically targeting people of interest," said John Hultquist, chief analyst with U.S. cybersecurity firm Mandiant, who referenced past research that found the group surveilling the cell phones of Iranian activists and protesters... Hultquist said the hackers commonly use mobile malware that allows them to "record phone calls, room audio recordings, pilfer SMS (text) inboxes, take images off of a machine," and gather geolocation data...

APT42 also commonly impersonates journalists and Washington think tanks in complex, email-based social engineering operations that aim to lure their targeting into opening booby-trapped messages, which let them takeover systems. The group's "credential phishing campaigns are highly targeted and well-researched; the group typically targets a small number of individuals," said Josh Miller, a threat analyst with email security company Proofpoint. They often target anti-Iran activists, reporters with access to sources inside Iran, Middle Eastern academics and foreign-policy advisers. This has included the hacking of western government officials and American defense contractors. For example, in 2018, the hackers targeted nuclear workers and U.S. Treasury department officials around the time the United States formally withdrew from the Joint Comprehensive Plan of Action (JCPOA), said Allison Wikoff, a senior cyber intelligence analyst with professional services company PricewaterhouseCoopers.
"APT42 is still actively targeting campaign officials and former Trump administration figures critical of Iran, according to a blog post by Google's cybersecurity research team."

The Register's Connor Jones reports: The U.S. is suing one of its leading research universities over a litany of alleged failures to meet cybersecurity standards set by the Department of Defense (DoD) for contract awardees. Georgia Institute of Technology (GIT), commonly referred to as Georgia Tech, and its contracting entity, Georgia Tech Research Corporation (GTRC), are being investigated following whistleblower reports from insiders Christopher Craig and Kyle Koza about alleged (PDF) failures to protect controlled unclassified information (CUI). The series of allegations date back to 2019 and continued for years after, although Koza was said to have identified the issues as early as 2018.

Among the allegations is the suggestion that between May 2019 and February 2020, Georgia Tech's Astrolavos Lab -- ironically a group that focuses on cybersecurity issues affecting national security -- failed to develop and implement a cybersecurity plan that complied with DoD standards (NIST 800-171). When the plan was implemented in February 2020, the lawsuit alleges that it wasn't properly scoped -- not all the necessary endpoints were included -- and that for years afterward, Georgia Tech failed to maintain that plan in line with regulations. Additionally, the Astrolavos Lab was accused of failing to implement anti-malware solutions across devices and the lab's network. The lawsuit alleges that the university approved the lab's refusal to deploy the anti-malware software "to satisfy the demands of the professor that headed the lab," the DoJ said. This is claimed to have occurred between May 2019 and December 2021. Refusing to install anti-malware solutions at a contractor like this is not allowed. In fact, it violates federal requirements and Georgia Tech's own policies, but allegedly happened anyway.

The university and the GTRC also, it is claimed, submitted a false cybersecurity assessment score in December 2020 -- a requirement for all DoD contractors to demonstrate they're meeting compliance standards. The two organizations are accused of issuing themselves a score of 98, which was later deemed to be fraudulent based on various factors. To summarize, the issue centers around the claim that the assessment was carried out on a "fictitious" environment, so on that basis the score wasn't given to a system related to the DoD contract, the US alleges. The claims are being made under the False Claims Act (FCA), which is being utilized by the Civil Cyber-Fraud Initiative (CCFI), which was introduced in 2021 to punish entities that knowingly risk the safety of United States IT systems. It's a first-of-its-kind case being pursued as part of the CCFI. All previous cases brought under the CCFI were settled before they reached the litigation stage.

Android Authority's Mishaal Rahman reports: Security vulnerabilities are lurking in most of the apps you use on a day-to-day basis; there's just no way for most companies to preemptively fix every possible security issue because of human error, deadlines, lack of resources, and a multitude of other factors. That's why many organizations run bug bounty programs to get external help with fixing these issues. The Google Play Security Reward Program (GPSRP) is an example of a bug bounty program that paid security researchers to find vulnerabilities in popular Android apps, but it's being shut down later this month. Google announced the Google Play Security Reward Program back in October 2017 as a way to incentivize security searchers to find and, most importantly, responsibly disclose vulnerabilities in popular Android apps distributed through the Google Play Store. [...]

The purpose of the Google Play Security Reward Program was simple: Google wanted to make the Play Store a more secure destination for Android apps. According to the company, vulnerability data they collected from the program was used to help create automated checks that scanned all apps available in Google Play for similar vulnerabilities. In 2019, Google said these automated checks helped more than 300,000 developers fix more than 1,000,000 apps on Google Play. Thus, the downstream effect of the GPSRP is that fewer vulnerable apps are distributed to Android users.

However, Google has now decided to wind down the Google Play Security Reward Program. In an email to participating developers, such as Sean Pesce, the company announced that the GPSRP will end on August 31st. The reason Google gave is that the program has seen a decrease in the number of actionable vulnerabilities reported. The company credits this success to the "overall increase in the Android OS security posture and feature hardening efforts."

According to Bloomberg's Mark Gurman (paywalled), App Store vice president Matt Fischer is departing the company in October as Apple prepares for organizational changes in response to regulatory pressure. MacRumors reports: Apple plans to split its App Store group into two teams, one that handles the App Store and a second team that oversees alternative app distribution. As of earlier this year, Apple has supported iOS app downloads from alternative app stores and from websites in the European Union, a change that the company had to make to comply with the Digital Markets Act. To handle ongoing compliance with EU regulations for app distribution and alternative payment methods, App Store chief Phil Schiller is changing the App Store's hierarchy.

Fischer joined Apple in 2003 to oversee iTunes marketing, but he has served as the vice president of the App Store since 2010. In an email to Apple employees today, Fischer said that he had been thinking about leaving Apple for some time, and the reorganization provided the right opportunity. With Fischer leaving, App Store senior director Carson Oliver will oversee the App Store, and Ann Thai, a director who oversees App Store features, will head up the team that handles alternative app distribution.

Google has reached a groundbreaking deal with California lawmakers to contribute millions to local newsrooms, aiming to support journalism amid its decline as readers migrate online and advertising dollars evaporate. The agreement also includes a controversial provision for artificial intelligence funding. Politico reports: California emulated a strategy that other countries like Canada have used to try and reverse the journalism industry's decline as readership migrated online and advertising dollars evaporated. [...] Under the deal, the details of which were first reported by POLITICO on Monday, Google and the state of California would jointly contribute a minimum of $125 million over five years to support local newsrooms through a nonprofit public charity housed at UC Berkeley's journalism school. Google would contribute at least $55 million, and state officials would kick in at least $70 million. The search giant would also commit $50 million over five years to unspecified "existing journalism programs."

The deal would also steer millions in tax-exempt private dollars toward an artificial intelligence initiative that people familiar with the negotiations described as an effort to cultivate tech industry buy-in. Funding for artificial intelligence was not included in the bill at the core of negotiations, authored by Assemblymember Buffy Wicks. The agreement has drawn criticism from a journalists' union that had so far championed Wicks' effort. Media Guild of the West President Matt Pearce in an email to union members Sunday evening said such a deal would entrench "Google's monopoly power over our newsrooms." "This public-private partnership builds on our long history of working with journalism and the local news ecosystem in our home state, while developing a national center of excellence on AI policy," said Kent Walker, chief legal officer for Alphabet, the parent company of Google.

Media Guild of the West President Matt Pearce wasn't so chipper. He criticized the plan in emails with union members, calling it a "total rout of the state's attempts to check Google's stranglehold over our newsrooms."

Nothing, a British startup seeking to challenge Apple's smartphone dominance, is hauling its employees back to the office full-time in the quest for growth. From a report: In a lengthy email disparaging remote work, which had been a tenet of Nothing CEO Carl Pei's workplace policy since its creation four years ago, Pei explained why his 450 employees needed to come to the office five days a week. "Remote work is not compatible with a high ambition level plus high speed," Pei said in an email to staff, which he shared on LinkedIn.

Pei gave three reasons for the strict return-to-office mandate. First, he said, the logistics of developing a smartphone, where design, engineering, and manufacturing departments collaborate, weren't conducive to remote working. He added that creativity and innovation worked better in person, allowing the company to do more with fewer resources. Third, Pei said Nothing's ambitions to scale to become a "generation-defining company" wouldn't be achievable with remote work.

According to Pei's email, the new mandate will take effect in two months, and he intends to hold a town hall in London to answer employees' questions. In his email, the Nothing CEO also suggested that employees who could not commit to five days in the office look for other employment. "We know it's not the right type of setup for everybody, and that's okay. We should look for a mutual fit. You should find an environment where you thrive, and we need to find people who want to go the full mile with us in the decades ahead."