A Nobel Prize-winning labor market economist has cautioned younger generations against piling into studying science, technology, engineering, and mathematics (STEM) subjects, saying as "empathetic" and creative skills may thrive in a world dominated by artificial intelligence. From a report: Christopher Pissarides, professor of economics at the London School of Economics, said that workers in certain IT jobs risk sowing their "own seeds of self-destruction" by advancing AI that will eventually take the same jobs in the future. While Pissarides is an optimist on AI's overall impact on the jobs market, he raised concerns for those taking STEM subjects hoping to ride the coattails of the technological advances.

He said that despite rapid growth in the demand for STEM skills currently, jobs requiring more traditional face-to-face skills, such as in hospitality and healthcare, will still dominate the jobs market. "The skills that are needed now -- to collect the data, collate it, develop it, and use it to develop the next phase of AI or more to the point make AI more applicable for jobs -- will make the skills that are needed now obsolete because it will be doing the job," he said in an interview. "Despite the fact that you see growth, they're still not as numerous as might be required to have jobs for all those graduates coming out with STEM because that's what they want to do." He added, "This demand for these new IT skills, they contain their own seeds of self destruction."

"Navajo Nation President Buu Nygren has asked NASA to delay a scheduled launch to the Moon that could include cremated remains," reports Arizona Public Radio station KNAU: Nygren says he recently learned of the January 8 launch of the Vulcan Centaur carrying the Peregrine Mission One. The lander will carry some payloads from a company known to provide memorial services by shipping human cremated remains to the Moon. Nygren wants the launch delayed and the tribe consulted immediately. He noted the Moon is sacred to numerous Indigenous cultures and that depositing human remains on it is "tantamount to desecration."

NASA previously came under fire after the ashes of former geologist and planetary scientist Eugene Shoemaker were sent to the Moon in 1998. Then-Navajo Nation President Albert Hale said the action was a gross insensitivity to the beliefs of many Native Americans. NASA later apologized and promised to consult with tribes before authorizing any similar missions in the future.

The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data. From a report: Links to download the source code were shared on numerous channels, including Discord, a dark web website, and a Telegram channel that the hackers previously used to leak stolen Rockstar data. In a post to a Grand Theft Auto leak channel on Telegram, the channel owner known as 'Phil' posted links to the stolen source code, sharing a screenshot of one of the folders.

An anonymous reader shares a report: This year has been marked by many terrifying things, but perhaps the most surprising of the 2023 horrors was ... eye drops. The seemingly innocuous teeny squeeze bottle made for alarming headlines numerous times during our current revolution around the sun, with lengthy lists of recalls, startling factory inspections, and ghastly reports of people developing near-untreatable bacterial infections, losing their eyes and vision, and dying.

Recapping this unexpected threat to health, the Food and Drug Administration on Tuesday released an advisory titled "What You Should Know about Eye Drops" in hopes of keeping the dangers of this year from leaking into the next. Among the notable points from the regulator was this stark pronouncement: No one should ever use any homeopathic ophthalmic products, and every single such product should be pulled off the market. The point is unexpected, given that none of the high-profile infections and recalls this year involved homeopathic products. But, it should be welcomed by any advocates of evidence-based medicine.

Montana's first-of-its-kind state ban on TikTok has been blocked by a U.S. judge, saying it "oversteps state power and infringes on the constitutional rights of users." Reuters reports: TikTok, which is owned by China's ByteDance, did not immediately comment Thursday. The company sued Montana in May, seeking to block the U.S. state ban on several grounds, arguing that it violates the First Amendment free speech rights of the company and users. TikTok users in Montana also filed suit to block the ban. TikTok said in a court filing it "has not shared, and would not share, U.S. user data with the Chinese government, and has taken substantial measures to protect the privacy and security of TikTok users."

Molloy, who was appointed to the bench by Democratic President Bill Clinton, found merit to numerous arguments raised by TikTok in his opinion. During an October hearing, Molloy questioned why no other state had followed Montana in banning TikTok and asked if the state was being "paternalistic" in arguing the ban was necessary to protect the data of TikTok users. Montana could have imposed fines of $10,000 for each violation by TikTok in the state but the law did not impose penalties on individual TikTok users.

The New York Times reports: Meta has received more than 1.1 million reports of users under the age of 13 on its Instagram platform since early 2019 yet it "disabled only a fraction" of those accounts, according to a newly unsealed legal complaint against the company brought by the attorneys general of 33 states.

Instead, the social media giant "routinely continued to collect" children's personal information, like their locations and email addresses, without parental permission, in violation of a federal children's privacy law, according to the court filing. Meta could face hundreds of millions of dollars, or more, in civil penalties should the states prove the allegations. "Within the company, Meta's actual knowledge that millions of Instagram users are under the age of 13 is an open secret that is routinely documented, rigorously analyzed and confirmed," the complaint said, "and zealously protected from disclosure to the public...."

It also accused Meta executives of publicly stating in congressional testimony that the company's age-checking process was effective and that the company removed underage accounts when it learned of them — even as the executives knew there were millions of underage users on Instagram... The lawsuit argues that Meta elected not to build systems to effectively detect and exclude such underage users because it viewed children as a crucial demographic — the next generation of users — that the company needed to capture to assure continued growth.
More from the Wall Street Journal: An internal 2020 Meta presentation shows that the company sought to engineer its products to capitalize on the parts of youth psychology that render teens "predisposed to impulse, peer pressure, and potentially harmful risky behavior," the filings show... "Teens are insatiable when it comes to 'feel good' dopamine effects," the Meta presentation shows, according to the unredacted filing, describing the company's existing product as already well-suited to providing the sort of stimuli that trigger the potent neurotransmitter. "And every time one of our teen users finds something unexpected their brains deliver them a dopamine hit...."

"In December 2017, an Instagram employee indicated that Meta had a method to ascertain young users' ages but advised that 'you probably don't want to open this pandora's box' regarding age verification improvements," the states say in the suit. Some senior executives raised the possibility that cracking down on underage usage could hurt Meta's business... The states say Meta made little progress on automated detection systems or adequately staffing the team that reviewed user reports of underage activity. "Meta at times has a backlog of 2-2.5 million under-13 accounts awaiting action," according to the complaint...

The unredacted material also includes allegations that Meta Chief Executive Mark Zuckerberg instructed his subordinates to give priority to boosting its platforms' usage above the well being of users... Zuckerberg also repeatedly dismissed warnings from senior company officials that its flagship social-media platforms were harming young users, according to unsealed allegations in a lawsuit filed by Massachusetts earlier this month...

The complaint cites numerous other executives making public claims that were allegedly contradicted by internal documents. While Meta's head of global safety, Antigone Davis, told Congress that the company didn't consider profitability when designing products for teens, a 2018 internal email stated that product teams should keep in mind that "The lifetime value of a 13 y/o teen is roughly $270" when making product decisions.

New submitter Kiddo 9000 writes: Dbrand, a company known best for making cases for phones, game consoles, and laptops, has filed a lawsuit against case manufacturer CASETiFY over their "Inside Out" case lineup. Dbrand alleges that CASETiFY copied the designs from their Teardown skins and put them on their own products without permission. In a video published by JerryRigEverything, several easter eggs placed in the Teardown skins were found in the CASETiFY designs, alongside numerous tweaks and layout changes, and even Dbrand's logo.

Sunbird, the app that brings iMessage to Android, has temporarily shut down the service over "security concerns." From a report: In a notice to users, Sunbird says it has "decided to pause Sunbird usage for now" while it investigates reports that its messages aren't actually end-to-end encrypted. Sunbird launched in 2022 as a messaging app that attempts to put the blue versus green bubble battle to rest. It has only been available to those who sign up for its waitlist, touting numerous privacy features, like end-to-end encryption, no message data collection, and no ads.

Last week, Sunbird partnered with Nothing, the phone brand owned by OnePlus co-founder Carl Pei, on the launch of Nothing Chats. The Sunbird-powered messaging service is supposed to let owners of the Phone 2 send texts via iMessage, but it was pulled from the Google Play Store just one day after its launch. At the time, Nothing said it had to fix "several bugs" within the app. However, its removal from the Play Store came around the same time a post from Texts.blog revealed that messages sent via Sunbird may not be end-to-end encrypted.

Last week, Android smartphone manufacturer "Nothing" announced that it's bringing iMessage to its newest phone through a new "Nothing Chats" app powered by the messaging platform Sunbird. After launching Friday, the app was shut down within 24 hours and the Sunbird app, which Nothing Chat is a clone of, was put "on pause." The reason? It's a security nightmare. Ars Technica reports: The initial sales pitch for this app -- that it would log you into iMessage on Android if you handed over your Apple username and password -- was a huge security red flag that meant Sunbird would need an ultra-secure infrastructure to avoid disaster. Instead, the app turned out to be about as unsecure as you could possibly be. Here's Nothing's statement: "We've removed the Nothing Chats beta from the Play Store and will be delaying the launch until further notice to work with Sunbird to fix several bugs. We apologize for the delay and will do right by our users."

How bad are the security issues? Both 9to5Google and Text.com (which is owned by Automattic, the company behind WordPress) uncovered shockingly bad security practices. Not only was the app not end-to-end encrypted, as claimed numerous times by Nothing and Sunbird, but Sunbird actually logged and stored messages in plain text on both the error reporting software Sentry and in a Firebase store. Authentication tokens were sent over unencrypted HTTP so this token could be intercepted and used to read your messages. [...]

Despite being the cause of this huge catastrophe, Sunbird has been bizarrely quiet during this whole mess. The app's X (formerly Twitter) page still doesn't say anything about the shutdown of Nothing Chats or Sunbird. Maybe that's for the best because some of Sunbird's early responses to the security concerns raised on Friday do not seem like they came from a competent developer. [...] Nothing has always seemed like an Android manufacturer that was more hype than substance, but we can now add "negligent" to that list. The company latched on to Sunbird, reskinned its app, created a promo website and YouTube video, and coordinated a media release with popular YouTubers, all without doing the slightest bit of due diligence on Sunbird's apps or its security claims. It's unbelievable that these two companies made it this far -- the launch of Nothing Chats required a systemic security failure across two entire companies.

An anonymous reader quotes a report from 404 Media: Spread across four computer monitors arranged in a grid, a blue and green interface shows the location of more than 50 different surveillance cameras. Ordinarily, these cameras and others like them might be disparate, their feeds only available to their respective owners: a business, a government building, a resident and their doorbell camera. But the screens, overlooking a pair of long conference tables, bring them all together at once, allowing law enforcement to tap into cameras owned by different entities around the entire town all at once. This is a demonstration of Fusus, an AI-powered system that is rapidly springing up across small town America and major cities alike. Fusus' product not only funnels live feeds from usually siloed cameras into one central location, but also adds the ability to scan for people wearing certain clothes, carrying a particular bag, or look for a certain vehicle.

404 Media has obtained a cache of internal emails, presentations, memos, photos, and more which provide insight into how Fusus teams up with police departments to sell its surveillance technology. All around the country, city councils are debating whether they want to have a system that qualitatively changes what surveillance cameras mean for a town's residents and public agencies. While many have adopted Fusus, others have pushed back, and refused to have the hardware and software installed in their neighborhoods. In some ways, Fusus is deploying smart camera technology that historically has been used in places like South Africa, where experts warned about it creating an ever present blanket of surveillance. Now, tech with some of the same capabilities is being used across small town America.

Rather than selling cameras themselves, Fusus' hardware and software latches onto existing installations, which can include government-owned surveillance cameras as well as privately owned cameras at businesses and homes. It turns dumb cameras into smart ones. "In essence, the Fusus solution puts a brain into every camera connected with the system," one memorandum obtained by 404 Media reads. In addition to integrating with existing surveillance installations, Fusus' hardware, called SmartCORE, can turn cameras into automatic license plate readers (ALPRs). It can reportedly offer facial recognition features, too, although Fusus hasn't provided clear clarification on this matter.

The report says the system has been adopted by numerous police departments across the United States, with approximately 150 jurisdictions using Fusus. Orland Park police have called it a "game-changer." It's also being used internationally, launching in the United Kingdom.

Here's what Beryl Lipton, investigative researcher at the Electronic Frontier Foundation (EFF), had to say about it: "The lack of transparency and community conversation around Fusus exacerbates concerns around police access of the system, AI analysis of video, and analytics involving surveillance and crime data, which can influence officer patrols and priorities. In the absence of clear policies, auditable access logs, and community transparency about the capabilities and costs of Fusus, any community in which this technology is adopted should be concerned about its use and abuse."

An anonymous reader shared this report from Ars Technica: Following the passage of California's repair bill that Apple supported, requiring seven years of parts, specialty tools, and repair manual availability, Apple announced Tuesday that it would back a similar bill on a federal level. It would also make its parts, tools, and repair documentation available to both non-affiliated repair shops and individual customers, "at fair and reasonable prices."

"We intend to honor California's new repair provisions across the United States," said Brian Naumann, Apple's vice president for service and operation management, at a White House event Tuesday...

"I think most OEMs [Original Equipment Manufacturers] will realize they can save themselves a lot of trouble by making parts, tools, and other requirements of state laws already in NY, MN, CA, and CO available nationally," wrote Gay Gordon-Byrne, executive director of The Repair Association, to Ars... Gordon-Byrne noted that firms like HP, Google, Samsung, and Lenovo have pledged to comply with repair rules on a national level. The US Public Interest Research Group (PIRG) communicated a similarly hopeful note in its response to Tuesday's event, noting that "Apple makes a lot of products, and its conduct definitely influences other manufacturers." At the same time, numerous obstacles to repair access remain in place through copyright law — "Which we hope will be high on an agenda in the IP subcommittee this session," Gordon-Byrne wrote.
Besides strong support from President Biden, there's also strong support from America's Federal Trade Commission, reports TechCrunch: FTC chair Lina Khan commented on the pushback many corporations have given such legislation. Device and automotive manufacturers have argued that putting such choice in the hands of consumers opens them up to additional security risks. "We hear some manufacturers defend repair restrictions, claiming that they're needed for safety or security reasons," said Khan. "The FTC has found that all too often these claims are backed by limited evidence. Accordingly, the FTC has committed itself to using all of our enforcement and policy tools to fight for people's right to repair their own products."
A cautionary note from Ars Technica: Elizabeth Chamberlain, director of sustainability for iFixit, a parts vendor and repair advocate, suggested that Apple's pledge to extend California's law on a national level is "a strategic move." "Apple likely hopes that they will be able to negotiate out the parts of the Minnesota bill they don't like," Chamberlain wrote in an email, pointing specifically to the "fair and reasonable" parts provisioning measure that could preclude Apple's tendency toward pairing parts to individual devices. "[I]t's vital to get bulletproof parts pairing prohibitions passed in other states in 2024," Chamberlain wrote. "Independent repair and refurbishment depend on parts harvesting."
The Washington Post reports that currently repair shop owners and parts vendors "have had to find ways to reassure their customers they haven't made a mistake by choosing an independent fix." If the digital identifier tied to a replacement part doesn't match the one the phone expects to see, you'll start seeing those warnings and issues. "Only Apple pairs parts in an intrusive way where you get these messages pop up," said Jonathan Strange, owner of two XiRepair gadget repair shops in Montgomery, Alabama. To ward off those unnerving messages and restore full functionality, repair technicians are required to go through a "system configuration" process that authenticates the part after making the fix. Some small operations, like Strange's XiRepair shops, can do that in-store because they've gone through a process to become a certified Apple Independent Repair Providers. But that process can't happen at all in shops that haven't gone through that certification, or if more affordable parts like third-party replacements were used.
The Post also shares this reaction from Aaron Perzanowski, a repair researcher and law professor at the University of Michigan.

"The fact that companies want to use technology to essentially undo the notion of interchangeable parts is something we ought to find deeply disturbing."

Since disclosing a security breach of its support systems Friday, Okta has shed more than $2 billion from its market valuation "Okta shares slumped more than 11% Friday after the company said an unidentified hacking group was able to access client files through a support system," reports CNBC. "The company did not provide more details beyond a set of technical identifiers. The company's stock continued to fall in Monday trading, ultimately closing down 8.1%." From the report: Okta is a lesser-known name but forms a critical part of cybersecurity systems at major corporations. The identity management company boasts more than 18,000 customers who use its products to provide a single login point for many different platforms that a given company uses. Zoom, for example, uses Okta to give "seamless" access through a single login to the company's Google Workspace, ServiceNow, VMware and Workday platforms. Okta said it had communicated with all affected clients in Friday's announcement. At least one of those clients said it had alerted Okta about a potential breach weeks earlier. [...]

Okta has also been at the center of other higher-profile incidents. Earlier this year, for example, casino giants Caesars and MGM were both affected by hacks. Caesars was forced to pay millions in ransom to the hacking group, sources told CNBC. MGM had to shut down critical systems that the company acknowledged would have a material effect on its bottom line in an SEC filing. The direct and indirect losses from those incidents totaled over $100 million. Both those attacks targeted MGM and Caesars' Okta installations, using a sophisticated social engineering attack that went through IT help desks. Three other companies were also targeted by the hacking group, an Okta executive told Reuters.

Okta has also been a target before. A hacking group purportedly accessed numerous Okta systems in a March attempt. That group, Lapsus$, has been tied to hacking attacks at Uber and Grand Theft Auto maker Rockstar Games, a subsidiary of Take-Two Interactive, according to a report from the Cybersecurity and Infrastructure Security Agency.

An anonymous reader quotes a report from Ars Technica: When British naturalist Charles Darwin sketched out his theory of evolution in the 1859 book "On the Origin of Species" -- proposing that biological species change over time through the acquisition of traits that favor survival and reproduction -- it provoked a revolution in scientific thought. Now 164 years later, nine scientists and philosophers on Monday proposed a new law of nature that includes the biological evolution described by Darwin as a vibrant example of a much broader phenomenon, one that appears at the level of atoms, minerals, planetary atmospheres, planets, stars and more. It holds that complex natural systems evolve to states of greater patterning, diversity and complexity.

Titled the "law of increasing functional information," it holds that evolving systems, biological and non-biological, always form from numerous interacting building blocks like atoms or cells, and that processes exist -- such as cellular mutation -- that generate many different configurations. Evolution occurs, it holds, when these various configurations are subject to selection for useful functions. [...] The authors proposed three universal concepts of selection: the basic ability to endure; the enduring nature of active processes that may enable evolution; and the emergence of novel characteristics as an adaptation to an environment. Some biological examples of this "novelty generation" include organisms developing the ability to swim, walk, fly and think. Our species emerged after the human evolutionary lineage diverged from the chimpanzee lineage and acquired an array of traits including upright walking and increased brain size. The research has been published in the journal Proceedings of the National Academy of Sciences.

"Until now, China's influence campaigns have been focused on amplifying propaganda defending its policies on Taiwan and other subjects," reports the New York Times.

But a new piece co-authored by the newspaper's national security correspondent and its misinformation investigative reporter notes a new effort identified by researchers from Microsoft, the RAND Corporation, the University of Maryland, the intelligence company Recorded Future, and news-rating service NewsGuard. And that newly-discovered effort "suggests that Beijing is making more direct attempts to sow discord in the United States."

It began when, sensing an opportunity,"China's increasingly resourceful information warriors pounced" after high winds in Hawaii downed three power lines that sparked wildfires in Hawaii on August 8th... The disaster was not natural, they said in a flurry of false posts that spread across the internet, but was the result of a secret "weather weapon" being tested by the United States. To bolster the plausibility, the posts carried photographs that appeared to have been generated by artificial intelligence programs, making them among the first to use these new tools to bolster the aura of authenticity of a disinformation campaign... Recorded Future first reported that the Chinese government mounted a covert campaign to blame a "weather weapon" for the fires, identifying numerous posts in mid-August falsely claiming that MI6, the British foreign intelligence service, had revealed "the amazing truth behind the wildfire." Posts with the exact language appeared on social media sites across the internet, including Pinterest, Tumblr, Medium and Pixiv, a Japanese site used by artists. Other inauthentic accounts spread similar content, often accompanied with mislabeled videos, including one from a popular TikTok account, The Paranormal Chic, that showed a transformer explosion in Chile...

The Chinese campaign operated across many of the major social media platforms — and in many languages, suggesting it was aimed at reaching a global audience. Microsoft's Threat Analysis Center identified inauthentic posts in 31 languages, including French, German and Italian, but also in less prominent ones like Igbo, Odia and Guarani. The artificially generated images of the Hawaii wildfires identified by Microsoft's researchers appeared on multiple platforms, including a Reddit post in Dutch. "These specific A.I.-generated images appear to be exclusively used" by Chinese accounts used in this campaign, Microsoft said in a report. "They do not appear to be present elsewhere online."
The researchers "suggested that China was building a network of accounts that could be put to use in future information operations, including the next U.S. presidential election," according to the article. It adds that president Biden "has cut off China's access to the most advanced chips and the equipment made to produce them."

The article adds that the impact of China's misinformation campaign "is difficult to measure, though early indications suggest that few social media users engaged with the most outlandish of the conspiracy theories."

"Terraform, arguably the most popular Infrastructure as Code products, has been forked after the parent company HashiCorp changed its license from the Mozilla Public License (MPL) to the Business Source License v1.1 (BSL)," writes long-time Slashdot reader ochinko. "Our view is that we're actually not the fork because we're just changing the name but it's the same project under the same license," Sebastian Stadil, co-founder and CEO of DevOps automation biz Scalr told The Register. "Our position is that the fork is actually HashiCorp that has forked its own projects under a different license." From the report: HashiCorp's decision to issue new licensing terms for its software follows a path trodden by numerous other organizations formed around open source projects to limit what competitors can do with project code. As the biz acknowledged in its statement about the transition, firms like Cockroach Labs, Confluent Sentry, Couchbase, Elastic, MariaDB, MongoDB, and Redis Labs have similarly adopted less-permissive software licenses to create a barrier for competitors. You can see the OpenTF manifesto here.

This month the official Rust blog announced: For the 6th year in a row, the Rust Project conducted a survey on the Rust programming language, with participation from project maintainers, contributors, and those generally interested in the future of Rust. This edition of the annual State of Rust Survey opened for submissions on December 5 and ran until December 22, 2022... [W]e had 9,433 total survey completions and an increased survey completion rate of 82% vs. 76% in 2021...

- More people are using Rust than ever before! Over 90% of survey respondents identified as Rust users, and of those using Rust, 47% do so on a daily basis — an increase of 4% from the previous year.

- 30% of Rust user respondents can write simple programs in Rust, 27% can write production-ready code, and 42% consider themselves productive using Rust. Of the former Rust users who completed the survey, 30% cited difficulty as the primary reason for giving up while nearly 47% cited factors outside of their control.

- The growing maturation of Rust can be seen through the increased number of different organizations utilizing the language in 2022. In fact, 29.7% of respondents stated that they use Rust for the majority of their coding work at their workplace, which is a 51.8% increase compared to the previous year.

- There are numerous reasons why we are seeing increased use of Rust in professional environments. Top reasons cited for the use of Rust include the perceived ability to write "bug-free software" (86%), Rust's performance characteristics (84%), and Rust's security and safety guarantees (69%). We were also pleased to find that 76% of respondents continue to use Rust simply because they found it fun and enjoyable. (Respondents could select more than one option here, so the numbers don't add up to 100%.)

- Of those respondents that used Rust at work, 72% reported that it helped their team achieve its goals (a 4% increase from the previous year) and 75% have plans to continue using it on their teams in the future.

- But like any language being applied in the workplace, Rust's learning curve is an important consideration; 39% of respondents using Rust in a professional capacity reported the process as "challenging" and 9% of respondents said that adopting Rust at work has "slowed down their team". However, 60% of productive users felt Rust was worth the cost of adoption overall...

- Of those respondents who shared their main worries for the future of Rust, 26% have concerns that the developers and maintainers behind Rust are not properly supported — a decrease of more than 30% from the previous year's findings. One area of focus in the future may be to see how the Project in conjunction with the Rust Foundation can continue to push that number towards 0%.

- While 38% have concerns about Rust "becoming too complex", only a small number of respondents were concerned about documentation, corporate oversight, or speed of evolution. 34% of respondents are not worried about the future of Rust at all.

This year's survey reflects a 21% decrease in fears about Rust's usage in the industry since the last survey.