echo123 shares a report from SciTechDaily: Researchers have discovered that graphene naturally allows proton transport, especially around its nanoscale wrinkles. This finding could revolutionize the hydrogen economy by offering sustainable alternatives to existing catalysts and membranes. [...] In a recent publication in the journal Nature, a joint effort between the University of Warwick, spearheaded by Prof. Patrick Unwin, and The University of Manchester, led by Dr. Marcelo Lozada-Hidalgo and Prof. Andre Geim, presented their findings on this matter. Using ultra-high spatial resolution measurements, they conclusively demonstrated that perfect graphene crystals indeed allow proton transport. In a surprising twist, they also found that protons are strongly accelerated around nanoscale wrinkles and ripples present in the graphene crystal.

This groundbreaking revelation carries immense significance for the hydrogen economy. The current mechanisms for generating and using hydrogen often rely on costly catalysts and membranes, some of which have notable environmental impacts. Replacing these with sustainable 2D crystals like graphene could play a pivotal role in advancing green hydrogen production, subsequently reducing carbon emissions and aiding the shift towards a Net Zero carbon environment. [...] The team is optimistic about how this discovery can pave the way for novel hydrogen technologies. Dr. Lozada-Hidalgo said, "Exploiting the catalytic activity of ripples and wrinkles in 2D crystals is a fundamentally new way to accelerate ion transport and chemical reactions. This could lead to the development of low-cost catalysts for hydrogen-related technologies."

An anonymous reader quotes a report from Ars Technica: A federal judge yesterday granted Google's motion to dismiss a lawsuit filed by the Republican National Committee (RNC), which claims that Google intentionally used Gmail's spam filter to suppress Republicans' fundraising emails. An order (PDF) dismissing the lawsuit was issued yesterday by US District Judge Daniel Calabretta. The RNC is seeking "recovery for donations it allegedly lost as a result of its emails not being delivered to its supporters' inboxes," Calabretta noted. But Google correctly argued that the lawsuit claims are barred by Section 230 of the Communications Decency Act, the judge wrote. The RNC lawsuit was filed in October 2022 in US District Court for the Eastern District of California.

"While it is a close case, the Court concludes that... the RNC has not sufficiently pled that Google acted in bad faith in filtering the RNC's messages into Gmail users' spam folders, and that doing so was protected by Section 230. On the merits, the Court concludes that each of the RNC's claims fail as a matter of law for the reasons described below," he wrote. Calabretta, a Biden appointee, called it "concerning that Gmail's spam filter has a disparate impact on the emails of one political party, and that Google is aware of and has not yet been able to correct this bias." But he noted that "other large email providers have exhibited some sort of political bias" and that if Google did not filter spam, it would harm its users by subjecting them "to harmful malware or harassing messages. On the whole, Google's spam filter, though in this instance imperfect, is not morally blameworthy."

The RNC was given leave to amend another claim that alleged intentional interference with prospective economic relations under California law. The judge dismissed the claim as follows: "The RNC argues that Google's conduct was independently wrongful because '(1) it is political discrimination against the RNC, (2) it is dishonest to Google's users and the public, and (3) Google repeatedly lied about it.' As established above, political discrimination is not prohibited by California anti-discrimination laws and so Google's alleged discrimination would not be unlawful. The latter two reasons do not provide a 'determinable legal standard' under which the Court could find the conduct wrongful; they rest on a 'nebulous' theory of wrongfulness which other courts have rejected." The RNC "has failed to establish that Defendant's alleged interference constituted a separate, independently 'wrongful act' that would be an appropriate predicate offense" but "will be granted leave to amend this claim to establish that Defendant's conduct was unlawful by some legal measure," Calabretta wrote. Google said in a statement: "We welcome the Court's finding that there are no plausible allegations that Gmail's spam filters discriminate for political purposes. We will continue investing in spam-filtering technologies that protect people from unwanted emails while still allowing senders to reach the inboxes of users who want their messages."

An anonymous reader quotes a report from the Associated Press: Pennsylvania's Supreme Court ruled Tuesday that the state police can't hide from the public its policy on how it monitors social media. Advocates for civil liberties cheered the decision. The law enforcement agency had argued that fully disclosing its policy for using software to monitor online postings may compromise public safety. All four Democratic justices supported the majority decision, which said the lower Commonwealth Court went beyond its authority in trying to give the state police another attempt to justify keeping details of the policy a secret. Tuesday's order appears to end a six-year legal battle.

Justifying what the majority opinion described as heavy or complete redactions on every page of the nine-page regulation, the head of the state police's bureau of criminal investigations argued that greater transparency about the policy would make its investigations less effective. The state Office of Open Records held a private review of the blacked out material and and ruled that making the policy public would not be likely to harm investigations, calling the social media policy processes strictly internal and administrative in nature. Redacted sections addressed the use of open sources, what approval is required, when to go undercover and use an online alias and how to verify information. State police also blacked out the entire section on using social media for employment background investigations.

A panel of three Republican Commonwealth Court judges reversed the Office of Open Records' ruling that the policy should be disclosed without redactions, saying in May 2018 that the state police investigations chief based his analysis about the risk of exposure on his own extensive experience. The majority decision issued Tuesday said Commonwealth Court should not have given the state police a new opportunity to lay out the supposed public safety risks. The majority ruled that Pennsylvania's Right-to-Know Law does not permit Commonwealth Court to order additional fact-finding not sought by state police. Andrew Christy, a lawyer with the ACLU of Pennsylvania, said the ruling "sort of puts law enforcement on the same playing field as all government agencies. If they have a legal justification to keep something secret, then they have to put forth sufficient evidence to justify that."

"Ultimately that relies on the voters understanding what law enforcement is doing so that then, through their elected representatives, they can rein them in when they're acting in a way that doesn't comport with what the public wants," Christy said.

The "vast majority of battery-powered and hybrid cars" don't have a spare tire, reports the Los Angeles Times.

Honda told one complaining customer that "if the vehicle is in an accident, the spare tire can cause damage to the electric battery which could cause a failure in the battery." But according to the Times, "car design experts said that explanation was plausible but far-fetched." There's a simpler explanation for the move away from spare tires: They're too big and heavy, and people don't really need them anymore... Car manufacturers have been ridding their sedans and smaller SUVs of full-sized spares for some time. In 2018, Consumer Reports said, 60% of the vehicles it had tested over the previous five years came with small-sized temporary tires ("doughnuts"), and only 10% came with full-sized spares... The best-selling models of electric sedans and SUVs — Teslas, the Chevy Bolt, the Volkswagen ID.4, the Ford Mustang Mach-E, the Hyundai Ioniq 5, the BMW i4 and the Mercedes EQS — have no spare of any kind, even if they come with a premium price tag. Ditto for hybrids; the Toyota Prius, for example, hasn't included a spare since 2016.

That's not because people magically stopped having flat tires. U.S. drivers suffer 94 million flat tires a year, according to LookupAPlate.com, a site that collects reports about bad drivers... Finding space for a spare is particularly challenging for a car powered by something other than gasoline, designers say. "Pushing the range of EVs requires batteries, electrical systems control units or hydrogen tanks to encroach into the traditional places that spare tires are found: under the trunk floor," said Geoff Wardle, executive director of transportation systems and design at the ArtCenter College of Design. The space crunch is worse for hybrids, which require room for both a battery system and an internal combustion engine, said Scott Grasman, dean of the College of Engineering at Kettering University in Flint, Mich.
The extra weight always made it a little harder to meet fuel efficiency requirements — but spare tires also increase manufacturing costs, the article notes. "And tires for an EV may be more expensive than those for a gas-powered vehicle of the same size. That's because EVs tend to be heavier than their gas-fueled counterparts, so they require sturdier tires. And with comparatively quiet engines, they need tires that don't generate as much road noise."

But Gil Tal, director of the Electric Vehicle Research Center at UC Davis, also pointed out to the Times that today's tires are just much better and more durable than they used to be: And because federal regulations require new cars to have tire pressure indicators, he said, drivers are alerted as soon as their tires need air. "In most cases, flat tires ... are the outcome of long low-pressure driving," he said. "And if you drive a modern car, it will tell you [that] you have low pressure long before you get into the catastrophic failure" of a flat.
So what are car manufacturers doing now? According to the article...

• Some manufacturers swap in inflatable spares that take up just a third of the space.

• Some cars ship with puncture kits since, the article points out, many people don't know how to change a tire anyways, and will probably just call a tow truck. "For these drivers, carmakers may safely assume that a can of Fix-a-Flat will be more useful..." (Others like Tesla and GM offer roadside assistance programs.)

Some car manufacturers are also using self-sealing or run-flat tires — but Wardle tells the Times these are "good if it is just a puncture from a nail but useless if you hit a pothole and split the rim and sidewall."

Nearly seven decades after he died, James Dean "has been cast as the star in a new, upcoming movie," reports the BBC: A digital clone of the actor — created using artificial intelligence technology similar to that used to generate deepfakes — will walk, talk and interact on screen with other actors in the film...

This is the second time Dean's digital clone has been lined up for a film. In 2019, it was announced he would be resurrected in CGI for a film called Finding Jack, but it was later cancelled. Travis Cloyd, chief executive of immersive media agency WorldwideXR (WXR), confirmed to BBC, however, that Dean will instead star in Back to Eden, a science fiction film in which "an out of this world visit to find truth leads to a journey across America with the legend James Dean". The digital cloning of Dean also represents a significant shift in what is possible. Not only will his AI avatar be able to play a flat-screen role in Back to Eden and a series of subsequent films, but also to engage with audiences in interactive platforms including augmented reality, virtual reality and gaming.

The technology goes far beyond passive digital reconstruction or deepfake technology that overlays one person's face over someone else's body. It raises the prospect of actors — or anyone else for that matter — achieving a kind of immortality that would have been otherwise impossible, with careers that go on long after their lives have ended. But it also raises some uncomfortable questions. Who owns the rights to someone's face, voice and persona after they die? What control can they have over the direction of their career after death — could an actor who made their name starring in gritty dramas suddenly be made to appear in a goofball comedy or even pornography? What if they could be used for gratuitous brand promotions in adverts...? Dean's image is one of hundreds represented by WRX and its sister licensing company CMG Worldwide — including Amelia Earhart, Bettie Page, Malcolm X and Rosa Parks...

Voice actors, in particular, have been leading the conversation and working across acting guilds to form a unified front in protecting the rights and careers of actors... Cloyd acknowledges the potential for fewer acting opportunities but offers a "glass-half-full" perspective toward employing dead actors. "At the end of the day, it creates lots of jobs," he says, referring to the other technical and film industry jobs the technology could generate. "So even though it could be jeopardising one person's role or job, at the same time, it's creating hundreds of jobs in regards to what it takes to do this at a high level."

If the dead — or rather, their digital clones — are damned to an eternity of work, who benefits financially? And do the dead have any rights? Simply put, the rules are murky and, in some regions of the world, non-existent.
In June Rolling Stone published this advice from Samuel L. Jackson. "Future actors should do what I always do when I get a contract and it has the words 'in perpetuity' and 'known and unknown' on it: I cross that shit out. It's my way of saying, 'No, I do not approve of this.'"

Amazon said on Tuesday its online pharmacy will automatically apply manufacturer-sponsored coupons to more than 15 insulin and diabetes medicines to help patients access discounts pledged by the drug industry. From a report: With the new program, patients using Amazon Pharmacy will no longer have to search for and manually enter coupons from the three largest insulin makers, Novo Nordisk, Eli Lilly, and Sanofi, to lower the cost of their insulin to as little as $35 for a month's supply, the company said.

Novo, Lilly and Sanofi announced in March that they would slash their insulin prices by at least 70% by or in 2024, but a report from Senator Elizabeth Warren released last month said some patients were finding it difficult to get already discounted generic insulin from pharmacies at the promised lower price. Despite Lilly lowering the list price of its Insulin Lispro to $25 per vial in May, patients were still being quoted as much as $330 for the medicine, were not being told about cheaper options when they went to pharmacies, and were finding it difficult to use Lilly's savings program, Warren's report found. Vin Gupta, Amazon Pharmacy's Chief Medical Officer, said the report highlighted the need to make it easier for patients to get their insulin at the lowest possible prices.

What to make of the news that early research appears unable to duplicate the much-ballyhooed claims for the LK99 superconductor?

"The episode revealed the intense appetite in Silicon Valley for finding the next big thing," argues the Washington Post, "after years of hand-wringing that the tech world has lost its ability to come up with big, world-changing innovations, instead channeling all its money and energy into building new variations of social media apps and business software..." [M]any tech leaders are nervous that the current focus on consumer and business software has led to stagnation. A decade ago, investors prophesied that self-driving cars would take over the roads by the mid-2020s — but they are still firmly in the testing phase, despite billions of dollars of investment. Cryptocurrencies and blockchain technology have had multiple hype cycles of their own, but have yet to fundamentally change any industry, besides crime and money laundering. Tech meant to help mitigate climate change, like carbon capture and storage, has lagged without major advances in years. Meanwhile, Big Tech companies used their huge cash hoards to snap up smaller competitors, with antitrust regulators only recently beginning to clamp down on consolidation. Over the last year, as higher interest rates have cut into the amount of venture capital and slowing growth has caused companies to pull back spending, a massive wave of layoffs has swept the industry, and companies such as Google that previously said they'd invest some of their profits in big, risky ideas have turned away from such "moonshots..."

Room-temperature superconductors would be especially relevant to the tech industry right now, which is busy burning billions of dollars on new computer chips and the energy costs to run them to train the AI models behind tools like ChatGPT and Google's Bard. For years, computer chips have gotten smaller and more efficient, but that progress has run up against the limits of the physical world as transistors get so small some are now just one atom thick.

An anonymous reader quotes a report from the New York Times: Rex Heuermann, the meticulous architectural consultant who the authorities say murdered three women and buried them on a Long Island beach more than a decade ago, may have been among the last of the dying breed of American serial killers. Even as serial killers came to inhabit a central place in the nation's imagination -- inspiring hit movies, television shows, books, podcasts and more -- their actual number was dwindling dramatically. There were once hundreds at large, and a spike in the 1970s and '80s terrified the country. Now only a handful at most are known to be active, researchers say. The techniques that led to the arrest of Mr. Heuermann, who has pleaded not guilty to the crimes, help explain the waning of serial killing, which the F.B.I. defines as the same person killing two or more victims in separate events at different times.

It is harder to hide. Rapid advances in investigative technology, video and other digital surveillance tools, as well as the ability to analyze mountains of information, quickly allow the authorities to find killers who before would have gone undetected. At the same time, Americans have adopted more cautious habits in their everyday lives -- hitchhiking, for example, is less common, and children are driven to and from school. That reduces easy targets. And, some theorize, those bent on killing now opt for spectacular mass murders. "The 'perfect crime' concept is more of a concept than it ever has been before," said Adam Scott Wandt, an assistant professor at John Jay College of Criminal Justice. More than a decade ago, prosecutors said, Mr. Heuermann tried to cover his digital tracks by communicating with victims using so-called burner phones, prepaid units purchased anonymously for temporary use. But thanks to exponential progress in technology since 2010, investigators were able not only to chart Mr. Heuermann's decade-old movements; they could also monitor exactly what he was searching online in recent months. They saw that he was using an anonymous account for internet queries like "Why could law enforcement not trace the calls made by the long island serial killer," prosecutors said. He had also been visiting massage parlors and contacting women working as escorts, they said.

The ubiquity of technology has made it harder to get away with murder, Mr. Wandt said. The amount of data people create in their daily lives is more than many can conceptualize, he said. Just by walking outside, people are now tracked by ever-present cameras, from Amazon's Ring units outside homes to surveillance at banks and retail stores, he said. Every use of a phone or computer creates streams of data that are collected directly on devices or immortalized on servers, he said. A concerted effort by the federal government to ensure that even the smallest police departments can use technology to their benefit has also helped give investigators an upper hand, Mr. Wandt said. In 1987, there were 198 known active serial killers -- people connected to at least two murders -- and 404 known victims across the United States, according to a report published three years ago by researchers who run Radford University and Florida Gulf Coast University's Serial Killer Database. By 2018, there were only 12 known serial killers and 44 victims, according to the report. "The big question is: Are they going underground and finding other techniques?â said Terence Leary, an associate professor in the psychology department at Florida Gulf Coast University and the team leader for the database.

He said that some serial murderers have killed for discrete periods before taking prolonged breaks: "Maybe they decided to give it up. Who knows?"

When Spin ceased operations of its scooter rental service in Seattle, abandoned scooters were found throughout the city, each housing a Raspberry Pi 4B. Tom's Hardware reports: This discovery was recently shared to social media where Pi enthusiasts are simultaneously befuddled and ready to book their tickets to Seattle. Legally speaking, if the scooters are abandoned then snagging one for the Pi inside is fair game but it's currently not clear if Spin has plans to recover their remaining assets.

As of writing, it's not clear what the Raspberry Pi 4 Bs were actually used for inside the scooter. At first glance, it seems like an overpowered option for something like an electric scooter but without exact confirmation of its purpose, we can only speculate. No doubt it requires much more power than something smaller like a Raspberry Pi Zero. In the meantime, residents have taken to finding these scooters and exploring their insides for the hardware left behind. We can see the Pi 4 is attached to a HAT and has something resembling a NoIR connected to the camera module port. Again, the exact purpose of each component and how it was implemented is unclear.

Even Zoom is now telling its 8,400 employees to stop working remotely at least two days a week and return to the office. The policy applies to employees within 50 miles of a Zoom office ith a Zoom spokesperson calling this hybrid approach the "most effective".

Business Insider quips that Zoom making the move means "The remote work revolution is officially dead."

And earlier this week The Los Angeles Times argues that "After watching and waiting, some chaotic back-and-forth and a few false starts, the white-collar American workforce appears to be settling — for now — in a hybrid mode." Even as more corporations are moving to call workers back to the office, arguing it's better for preserving company culture and decision-making, few employers have required employees to work on-site five days a week. Most are like Meta and Los Angeles-based Farmers Group, which recently announced that most employees who had been working remotely will have to come in three days a week starting in September.

Some firms have backtracked in favor of a more flexible system, or put return-to-office plans on ice, because of worker resistance and other changes wrought by the pandemic... [M]any other companies have stayed silent on the issue of remote work, maintaining vague or largely unenforced policies as they wait to see where the struggle ends. More unions, including the guild at the Los Angeles Times, are wrestling with management over remote work, which has become a top labor issue. For all these reasons, the overall amount of work done from home has held remarkably steady this year at about 28%, according to monthly surveys of thousands of workers by WFH Research, a group including Stanford and the University of Chicago. That's way up from roughly 5% of work done at home before COVID-19.

And there are some signs that employers are giving workers greater flexibility in their work schedules and when they can work from home. In a nationwide survey conducted last month for The Times by polling firm Leger, 27% of full-time workers said their employers had become more lenient over the last year about working remotely. Only 15% said their employers got stricter. Most of the rest said there was no change. Leger's survey showed that 11% of full-time employees work 100% from home, and 31% work a hybrid schedule, with most saying they choose which days to come into the office. The remainder said that they work fully on company premises or that their jobs aren't compatible with at-home work. These results line up almost exactly with WFH data...

Rob Sadow, chief executive at Scoop Technologies, a firm specializing in flexible-work software and research, says the percentages of employers that are fully remote and fully in-office have both declined since the start of the year. What's grown in their place is a "structured" hybrid model in which employees and employers have essentially split the difference. "This two to three days a week is starting to feel like a pretty decent, happy medium," Sadow said. "Executives and employees are finding somewhat of a truce in terms of how much time is spent in the office and at home."
The article also points out that "Some employees have quit and moved to more remote-work friendly firms."

An anonymous reader quotes a report from ProPublica: The Environmental Protection Agency approved a component of boat fuel made from discarded plastic that the agency's own risk formula determined was so hazardous, everyone exposed to the substance continually over a lifetime would be expected to develop cancer. Current and former EPA scientists said that threat level is unheard of. It is a million times higher than what the agency usually considers acceptable for new chemicals and six times worse than the risk of lung cancer from a lifetime of smoking. Federal law requires the EPA to conduct safety reviews before allowing new chemical products onto the market. If the agency finds that a substance causes unreasonable risk to health or the environment, the EPA is not allowed to approve it without first finding ways to reduce that risk. But the agency did not do that in this case. Instead, the EPA decided its scientists were overstating the risks and gave Chevron the go-ahead to make the new boat fuel ingredient at its refinery in Pascagoula, Mississippi. Though the substance can poison air and contaminate water, EPA officials mandated no remedies other than requiring workers to wear gloves, records show.

ProPublica and the Guardian in February reported on the risks of other new plastic-based Chevron fuels that were also approved under an EPA program that the agency had touted as a "climate-friendly" way to boost alternatives to petroleum-based fuels. That story was based on an EPA consent order, a legally binding document the agency issues to address risks to health or the environment. In the Chevron consent order, the highest noted risk came from a jet fuel that was expected to create air pollution so toxic that 1 out of 4 people exposed to it over a lifetime could get cancer. In February, ProPublica and the Guardian asked the EPA for its scientists' risk assessment, which underpinned the consent order. The agency declined to provide it, so ProPublica requested it under the Freedom of Information Act. The 203-page risk assessment revealed that, for the boat fuel ingredient, there was a far higher risk that was not in the consent order. EPA scientists included figures that made it possible for ProPublica to calculate the lifetime cancer risk from breathing air pollution that comes from a boat engine burning the fuel. That calculation, which was confirmed by the EPA, came out to 1.3 in 1, meaning every person exposed to it over the course of a full lifetime would be expected to get cancer.

Another serious cancer risk associated with the boat fuel ingredient that was documented in the risk assessment was also missing from the consent order. For every 100 people who ate fish raised in water contaminated with that same product over a lifetime, seven would be expected to develop cancer -- a risk that's 70,000 times what the agency usually considers acceptable. When asked why it didn't include those sky-high risks in the consent order, the EPA acknowledged having made a mistake. This information "was inadvertently not included in the consent order," an agency spokesperson said in an email. [...] The risk assessment makes it clear that cancer is not the only problem. Some of the new fuels pose additional risks to infants, the document said, but the EPA didn't quantify the effects or do anything to limit those harms, and the agency wouldn't answer questions about them. Some of these newly approved toxic chemicals are expected to persist in nature and accumulate in living things, the risk assessment said. That combination is supposed to trigger additional restrictions under EPA policy, including prohibitions on releasing the chemicals into water. Yet the agency lists the risk from eating fish contaminated with several of the compounds, suggesting they are expected to get into water. When asked about this, an EPA spokesperson wrote that the agency's testing protocols for persistence, bioaccumulation and toxicity are "unsuitable for complex mixtures" and contended that these substances are similar to existing petroleum-based fuels. The EPA did address the concerns in June when it proposed a rule that "would require companies to contact the agency before making any of 18 fuels and related compounds listed in the Chevron consent order," notes ProPublica. "The EPA would then have the option of requiring tests to ensure that the oil used to create the new fuels doesn't contain unsafe contaminants often found in plastic, including certain flame retardants, heavy metals, dioxins and PFAS. If approved, the rule will require Chevron to undergo such a review before producing the fuels, according to the EPA."

An anonymous reader quotes a report from Wired: Jordi Van DenBussche used to devote every waking hour to building his presence on social media. The gaming creator, better known as Kwebbelkop, would labor 24/7 onhis YouTube channelcoming up with video ideas, shooting them, distributing them. He did this while courting brand deals and doing the other work integral to his survival on the platform. Five years ago, he ran into a problem. "Every time I wanted to take a holiday or I needed some time for myself, I couldn't really do that, because my entire business would stop," he says. It's an issue known as the "key person problem." Without Van Den Bussche on camera, the entire Kwebbelkop enterprise didn't work. He was too busy making videos to think about how to scale his business, and too tired to create videos. He needed a break: Around 2018, like many other YouTubers, he experienced significant burnout.

The burnout sparked a change in mindset. He began thinking about what would benefit him and what would benefit the creator industry -- which often relies on milking the on-camera presence of an individual until they reach a breaking point, then finding another person seeking fame and fortune. He came up with a solution: a series of AI tools designed to create and upload videos, practically without his involvement. "I'm retired from being an influencer," he says. "I've had a lovely career. I had a lot of fun. I want to take things to the next level. And that means making this brand live on forever."

Van Den Bussche's AI influencer platform, which launched this week after a suitably excitable level of hype on Twitter from its creator, is his attempt to make that happen. It comprises two versions of an AI tool. The first is trained on a creator's likeness -- their on-camera performances and what they say in videos -- and is used to create new content. It appears to be similar to Forever Voices,the controversial AI tool behind the CarynAI virtual influencer, which outsourced maintaining connections with fans on behalf of creators. The other involves simplifying the act of creation as much as possible by taking simple prompts -- such as "turn this article into a video formatted like an interview involving two people" -- and producing the end result. (The latter is similar toa tool called QuickVid, which has seen some early adoption.) Van Den Bussche won't reveal much about how the tools were built, but regardless of their origins they're coming at a critical time for generative AI and its impacts on how people work. And Van Den Bussche's way of doing things could have lasting impacts on creators on YouTube and beyond.

An anonymous reader quotes a report from Wired: Travel rewards programslike those offered by airlines and hotels tout the specific perks of joining their club over others. Under the hood, though, the digital infrastructure for many of these programs -- including Delta SkyMiles, United MileagePlus, Hilton Honors, and Marriott Bonvoy -- is built on the same platform. The backend comes from the loyalty commerce company Points and its suite of services, including an expansive application programming interface (API).But new findings, published today by a group of security researchers, show that vulnerabilities in the Points.com API could have been exploited to expose customer data, steal customers' "loyalty currency" (like miles), or even compromise Points global administration accounts to gain control of entire loyalty programs. The researchers -- Ian Carroll, Shubham Shah, and Sam Curry -- reported a series of vulnerabilities to Points between March and May, and all the bugs have since been fixed.

"The surprise for me was related to the fact that there is a central entity for loyalty and points systems, which almost every big brand in the world uses," Shah says. "From this point, it was clear to me that finding flaws in this system would have a cascading effect to every company utilizing their loyalty backend. I believe that once other hackers realized that targeting Points meant that they could potentially have unlimited points on loyalty systems, they would have also been successful in targeting Points.com eventually." One bug involved a manipulation that allowed the researchers to traverse from one part of the Points API infrastructure to another internal portion and then query it for reward program customer orders. The system included 22 million order records, which contain data like customer rewards account numbers, addresses, phone numbers, email addresses, and partial credit card numbers. Points.com had limits in place on how many responses the system could return at a time, meaning an attacker couldn't simply dump the whole data trove at once. But the researchers note that it would have been possible to look up specific individuals of interest or slowly siphon data from the system over time.

Another bug the researchers found was an API configuration issue that could have allowed an attacker to generate an account authorization token for any user with just their last name and rewards number. These two pieces of data could potentially be found through past breaches or could be taken by exploiting the first vulnerability. With this token, attackers could take over customer accounts and transfer miles or other rewards points to themselves, draining the victim's accounts. The researchers found two vulnerabilities similar to the other pair of bugs, one of which only impacted Virgin Red while the other affected just United MileagePlus. Points.com fixed both of these vulnerabilities as well. Most significantly, the researchers found a vulnerability in the Points.com global administration website in which an encrypted cookie assigned to each user had been encrypted with an easily guessable secret -- the word "secret" itself. By guessing this, the researchers could decrypt their cookie, reassign themselves global administrator privileges for the site, reencrypt the cookie, and essentially assume god-mode-like capabilities to access any Points reward system and even grant accounts unlimited miles or other benefits.

Environmental campaigners have called on the government to learn from its own successes after official figures showed the use of single-use supermarket plastic bags had fallen 98% since retailers in England began charging for them in 2015. From a report: Annual distribution of plastic carrier bags by seven leading grocery chains plummeted from 7.6bn in 2014 to 133m last year, the Department for Environment, Food and Rural Affairs (Defra) said on Monday. Rebecca Pow, the minister for environmental quality and resilience, said the policy had "helped to stop billions of single-use carrier bags littering our neighbourhoods or heading to landfill." The government claimed the average person in England now bought just two single-use carrier bags a year from major retailers.

Campaigners welcomed the finding but said the statistic did not account for all types of plastic bag . They also questioned the timing of the announcement, made as experts said plans for 100 new North Sea oil and gas wells, announced the same day by the prime minister would "send a wrecking ball through the UK's climate commitments." A 5p charge for carrier bags was introduced in English supermarkets in 2015. In 2021, the charge was increased to 10p and extended to all businesses. Since then, the number of plastic bags used across all retailers had fallen 35%, from 627m in 2019-20 to 406m in 2022-23, Defra said. Wales had introduced a 5p charge in 2011, Northern Ireland followed suit in 2013 and Scotland did so in 2014. Scotland and Northern Ireland have since raised their charges to 10p and 25p respectively.

Long-time Slashdot reader lpq shares a report from Fortune: We're now finding out the damaging consequences of the mandated return to office. And it's not a pretty picture. A trio of compelling reports -- the Greenhouse Candidate Experience report, the Federal Reserve's Survey of Household Economics and Decisionmaking (SHED), and Unispace's Returning for Good report -- collectively paint a stark picture of this brewing storm. Unispace found that nearly half (42%) of companies with return-to-office mandates witnessed a higher level of employee attrition than they had anticipated. And almost a third (29%) of companies enforcing office returns are struggling with recruitment. In other words, employers knew the mandates would cause some attrition, but they weren't ready for the serious problems that would result.

Meanwhile, a staggering 76% of employees stand ready to jump ship if their companies decide to pull the plug on flexible work schedules, according to the Greenhouse report. Moreover, employees from historically underrepresented groups are 22% more likely to consider other options if flexibility comes to an end. In the SHED survey, the gravity of this situation becomes more evident. The survey equates the displeasure of shifting from a flexible work model to a traditional one to that of experiencing a 2% to 3% pay cut.

Flexible work policies have emerged as the ultimate edge in talent acquisition and retention. The Greenhouse, SHED, and Unispace reports, when viewed together, provide compelling evidence to back this assertion. Greenhouse finds that 42% of candidates would outright reject roles that lack flexibility. In turn, the SHED survey affirms that employees who work from home a few days a week greatly treasure the arrangement. Interestingly, Unispace throws another factor into the mix: choice. According to its report, overall, the top feelings employees revealed they felt toward the office were happy (31%), motivated (30%), and excited (27%). However, all three of these feelings decrease for those with mandated office returns (27%, 26%, and 22%, respectively). In other words, staff members were more open to returning to the office if it was out of choice, rather than forced.

Apple's Screen Time controls are failing parents. From a report: The company's cloud-based Family Sharing system is designed in part for parents to remotely schedule off-limits time and restrict apps and adult content on their children's iPhones, iPads and iPod Touch models. Trouble is, parents are finding that when they use their iPhones to set restrictions on their kids' devices, the changes don't stick. "We are aware that some users may be experiencing an issue where Screen Time settings are unexpectedly reset," an Apple spokeswoman said. "We take these reports very seriously and we have been, and will continue, making updates to improve the situation."

Downtime, found in Settings under Screen Time, is the tool parents use to define the hours each day that a kid's device is limited or completely unusable. But when they check the setting lately, they often see the times they scheduled have reverted to a previous setting, or they see no restrictions at all. This can go unnoticed for days or weeks -- and kids don't always report back when they get extra time for games and social media. Apple previously acknowledged the bug, calling it "an issue where Screen Time settings may reset or not sync across all devices." However, the company had reported the issue fixed with iOS 16.5, which came out in May. In our testing the bug persists, even with the new public beta of iOS 17.

Katie Malone writes via Engadget: "Tor" evokes an image of the dark web; a place to hire hitmen or buy drugs that, at this point, is overrun by feds trying to catch you in the act. The reality, however, is a lot more boring than that -- but it's also more secure. The Onion Router, now called Tor, is a privacy-focused web browser run by a nonprofit group. You can download it for free and use it to shop online or browse social media, just like you would on Chrome or Firefox or Safari, but with additional access to unlisted websites ending in .onion. This is what people think of as the "dark web," because the sites aren't indexed by search engines. But those sites aren't an inherently criminal endeavor.

"This is not a hacker tool," said Pavel Zoneff, director of strategic communications at The Tor Project. "It is a browser just as easy to use as any other browser that people are used to." That's right, despite common misconceptions, Tor can be used for any internet browsing you usually do. The key difference with Tor is that the network hides your IP address and other system information for full anonymity. This may sound familiar, because it's how a lot of people approach VPNs, but the difference is in the details. VPNs are just encrypted tunnels hiding your traffic from one hop to another. The company behind a VPN can still access your information, sell it or pass it along to law enforcement. With Tor, there's no link between you and your traffic, according to Jed Crandall, an associate professor at Arizona State University. Tor is built in the "higher layers" of the network and routes your traffic through separate tunnels, instead of a single encrypted tunnel. While the first tunnel may know some personal information and the last one may know the sites you visited, there is virtually nothing connecting those data points because your IP address and other identifying information are bounced from server to server into obscurity.

Accessing unindexed websites adds extra perks, like secure communication. While a platform like WhatsApp offers encrypted conversations, there could be traces that the conversation happened left on the device if it's ever investigated, according to Crandall. Tor's communication tunnels are secure and much harder to trace that the conversation ever happened. Other use cases may include keeping the identities of sensitive populations like undocumented immigrants anonymous, trying to unionize a workplace without the company shutting it down, victims of domestic violence looking for resources without their abuser finding out or, as Crandall said, wanting to make embarrassing Google searches without related targeted ads following you around forever.

Forbes' senior writer on cybersecurity writes on the "warrantless monitoring of citizens en masse" in the United States.

Here's how county police armed with a "powerful new AI tool" identified the suspicious driving pattern of a grey Chevy owned by David Zayas: Searching through a database of 1.6 billion license plate records collected over the last two years from locations across New York State, the AI determined that Zayas' car was on a journey typical of a drug trafficker. According to a Department of Justice prosecutor filing, it made nine trips from Massachusetts to different parts of New York between October 2020 and August 2021 following routes known to be used by narcotics pushers and for conspicuously short stays. So on March 10 last year, Westchester PD pulled him over and searched his car, finding 112 grams of crack cocaine, a semiautomatic pistol and $34,000 in cash inside, according to court documents. A year later, Zayas pleaded guilty to a drug trafficking charge.

The previously unreported case is a window into the evolution of AI-powered policing, and a harbinger of the constitutional issues that will inevitably accompany it... Westchester PD's license plate surveillance system was built by Rekor, a $125 million market cap AI company trading on the NASDAQ. Local reporting and public government data reviewed by Forbes show Rekor has sold its ALPR tech to at least 23 police departments and local governments across America, from Lauderhill, Florida to San Diego, California. That's not including more than 40 police departments across New York state who can avail themselves of Westchester County PD's system, which runs out of its Real-Time Crime Center... It also runs the Rekor Public Safety Network, an opt-in project that has been aggregating vehicle location data from customers for the last three years, since it launched with information from 30 states that, at the time, were reading 150 million plates per month. That kind of centralized database with cross-state data sharing, has troubled civil rights activists, especially in light of recent revelations that Sacramento County Sheriff's Office was sharing license plate reader data with states that have banned abortion...

The ALPR market is growing thanks to a glut of Rekor rivals, including Flock, Motorola, Genetec, Jenoptik and many others who have contracts across federal and state governments. They're each trying to grab a slice of a market estimated to be worth at least $2.5 billion... In pursuit of that elusive profit, the market is looking beyond law enforcement to retail and fast food. Corporate giants have toyed with the idea of tying license plates to customer identities. McDonalds and White Castle have already begun using ALPR to tailor drive-through experiences, detecting returning customers and using past orders to guide them through the ordering process or offer individualized promotion offers. The latter restaurant chain uses Rekor tech to do that via a partnership with Mastercard.
A senior staff attorney at the ACLU tells Forbes that "The scale of this kind of surveillance is just incredibly massive."

Thanks to long-time Slashdot reader Geek_Cop for sharing the article.

Last weekend in Portland, Oregon, the Software Freedom Conservancy hosted a new conference called the Free and Open Source Software Yearly.

And long-time free software activist Bradley M. Kuhn (currently a policy fellow/hacker-in-residence for the Software Freedom Conservancy) hosted a lively panel discussion on "the recent change" to public source code releases for Red Hat Enterprise Linux which shed light on what may happen next. The panel also included:

• benny Vasquez, the Chair of the AlmaLinux OS Foundation
• Jeremy Alison, Samba co-founder and software engineer at CIQ (focused on Rocky Linux). Allison is also Jeremy Allison - Sam Slashdot reader #8,157.
• James (Jim) Wright, Oracle's chief architect for Open Source policy/strategy/compliance/alliances

"Red Hat themselves did not reply to our repeated requests to join us on this panel... SUSE was also invited but let us know they were unable to send someone on short notice to Portland for the panel."

One interesting audience question for the panel came from Karsten Wade, a one-time Red Hat senior community architect who left Red Hat in April after 21 years, but said he was "responsible for bringing the CentOS team onboard to Red Hat." Wade argued that CentOS "was always doing a clean rebuild from source RPMS of their own..." So "isn't all of this thunder doing Red Hat's job for them, of trying to get everyone to say, 'This thing is not the equivalent to RHEL.'"

In response Jeremy Alison made a good point. "None of us here are the arbiters of whether it's good enough of a rebuild of Red Hat Linux. The customers are the arbiters." But this led to an audience member asking a very forward-looking question: what are the chances the community could adopt a new (and open) enterprise Linux standard that distributions could follow. AlmaLinux's Vasquez replied, "Chances are real high... I think everyone sees that as the obvious answer. I think that's the obvious next step. I'll leave it at that." And Oracle's Wright added "to the extent that the market asks us to standardize? We're all responsive."

When asked if they'd consider adding features not found in RHEL ("such as high-security gates through reproducible builds") AlmaLinux's Vasquez said "100% -- yeah. One of the things that we're kind of excited about is the opportunities that this opens for us. We had decided we were just going to focus on this north star of 1:1 Red Hat no matter what -- and with that limitation being removed, we have all kinds of options." And CIQ's Alison said "We're working on FIPS certification for an earlier version of Rocky, that Red Hat, I don't believe, FIPS certified. And we're planning to release that."

AlmaLinux's Vasquez emphasized later that "We're just going to build Enterprise Linux. Red Hat has done a great job of establishing a fantastic target for all of us, but they don't own the rights to enterprise Linux. We can make this happen, without forcing an uncomfortable conversation with Red Hat. We can get around this."

And Alison later applied a "Star Wars" quote to Red Hat's predicament. "The more things you try and grab, the more things slip through your fingers." That is, "The more somebody tries to exert control over a codebase, the more the pushback will occur from people who collaborate in that codebase." AlmaLinux's Vasquez also said they're already "in conversations" with independent software vendors about the "flow of support" into non-Red Hat distributions -- though that's always been the case. "Finding ways to reduce the barrier for those independent software vendors to add official support for us is, like, maybe more cumbersome now, but it's the same problem that we've had..."

Early in the discussion Oracle's Jim Wright pointed out that even Red Hat's own web site defines open source code as "designed to be publicly accessible — anyone can see, modify, and distribute the code as they see fit." ("Until now," Wright added pointedly...) There was some mild teasing of Oracle during the 50-minute discussion -- someone asked at one point if they'd re-license their proprietary implementation of ZFS under the GPL. But at the end of the panel, Oracle's Jim Wright still reminded the audience that "If you want to work on open source Linux, we are hiring."

Read Slashdot's transcript of highlights from the discussion.

An anonymous reader quotes a report from Wired: Who owns thedata generated by your car? And who controls access to it? For almost a decade, right-to-repair activists, automakers, parts manufacturers, auto repair shop owners, technicians, and regular people who own cars have fought over those questions. How they are answered could radically change the cost and convenience of owning a modern camera-studded and cloud-enabled car -- and, some say, the future of the increasingly tech-heavy auto industry. Last week, a few trade groups announced they had finally figured it all out. In a letter (PDF) to the US Congress, three industry organizations that together represent the major automakers and thousands of repair shops said they had signed a "memorandum of understanding" on the right to repair. In the agreement, the automakers commit to giving independent car repair shops access to the data, tools, and information necessary to diagnose and repair vehicles -- the data, tools, and information provided to the automakers' own dealership networks. "Competition is alive and well in the auto repair industry," the letter said.

Right-to-repair advocates -- who contend that consumers should be able to fix the products they buy -- aren't so sure. They say the agreement doesn't give car owners full and unfettered control of the streams of data generated by the latest cars' cameras and other sensors, which log data on location, speed, acceleration, and how a vehicle's hardware and software are performing. The advocates worry the new agreement gives automakers and automaker-associated repairers room to squeeze out smaller, independent shops and at-home tinkerers in the future, making it more difficult for car owners to find places to quickly and affordably fix their cars. And they say there are no enforcement mechanisms to guarantee automakers follow through on their promises. Notably, the new agreement didn't include the Auto Care Association, the largest US trade group for independent repair shops and aftermarket parts suppliers. The group's chair, Corey Bartlett, says the agreement doesn't address some of the major barriers facing consumers looking to get a tech-heavy car repaired.

Smaller and especially rural repair shops sometimes can't fix the newest models, because they can't pay for the expensive tools, subscriptions, and training needed, which can cost hundreds of thousands of dollars. As cars get more complex, and move more services into apps and onto the internet, they fear access will shrink. [...] Many repair shops, especially those who opt in and pay to be part of those certified networks, say they have no trouble finding the information they need to fix cars, even before this week's agreement. [...] Other repairers worry that without an industry-wide overhaul that forces automakers to standardize and open up their data, car companies will find ways to limit access to repair information, or push customers towards their own dealership networks to boost profits. They say that if auto owners had clear and direct ownership over the data generated by their vehicles -- without the involvement of automakers' specialized tools or systems -- they could use it themselves to diagnose and repair a car, or authorize the repair shop of their choice to do the work. "My fear, if no one gives some stronger guidelines, is that I know automakers are going to monetize car data in a way that's unaffordable for us to gain access," says Dwayne Myers, co-owner of Dynamic Automotive, an auto repair business with several locations in Maryland.