Scientists identified a specific gene that doubles the risk of respiratory failure from Covid-19 and may go some way to explaining why some ethnic groups are more susceptible to severe disease than others. From a report: Researchers from the University of Oxford found that a higher-risk version of the gene most likely prevents the cells lining airways and the lungs from responding to the virus properly. About 60% of people with South Asian ancestry carry this version of the gene, compared with 15% of people with European heritage, according to the study published Thursday. The findings help explain why higher rates of hospitalization and death may have been seen in certain communities and on the Indian subcontinent. The authors cautioned that the gene cannot be used as a sole explanation as many other factors, such as socioeconomic conditions, play a role. Despite a significant impact from the virus to people with Afro-Caribbean ancestry, only 2% carry the higher-risk genotype. People with the gene, known as LZTFL1, would particularly benefit from vaccination, which remains the best method of protection, the authors said. The findings raise the possibility of research into treatments specific to patients with this gene, though no tailored drugs are currently available.

The eNaira is supposed to live within a mobile wallet, have the same value and be interchangeable with the physical naira for everyday transactions. Nigerians believe the eNaira, which is governed by a centralized blockchain, is part of the central bank's drive to discourage cryptocurrencies' popularity among Nigeria's youth, just like China's effort with the digital yuan. From a report: And so last week, Nigeria's central bank made two types of eNaira wallets available on Google and Apple stores: one for individuals, and another for merchants. But some users say parts of the wallet for individuals have not worked properly. Fisayo Fosudo, a Nigerian YouTuber who reviews gadgets and apps, said he and three friends initially got error messages that the eNaira app could not match their emails to their bank verification numbers. He would later register successfully but found broken links that did not lead to helpful support pages on the central bank's website. "Was really looking forward to reviewing the eNaira app but it's been hard to get it to work seamlessly. We wait," Fosudo said. After many users left poor reviews for the Android version of the eNaira app for individuals, it was taken down. It had been downloaded 100,000 times before that. The Apple Store version remained available at press time.

The Food and Drug Administration approved a virtual reality-based treatment for children with the visual disorder amblyopia, or lazy eye, the company behind the therapy announced today. The Verge reports: Luminopia's approach uses TV and movies to develop the weaker eye and train the eyes to work together. Patients watch the show or movie through a headset that shows the images to each eye separately. The images shown to the stronger eye have a lower contrast, and the images are presented with overlays that force the brain to use both eyes to see them properly. Kids using the therapy and wearing glasses had more improvement in their vision than a similar group of kids who did not use the therapy and just wore corrective glasses full time during a clinical trial of the technology. After 12 weeks watching the shows one hour per day, six days per week, 62 percent of kids using the treatment had a strong improvement in their vision. Only around a third of the kids in the comparison group had similar improvements over the course of the 12 weeks.

Luminopia has over 700 hours of programming in its library, and it partnered with kids' content distributors like Nelvana and Sesame Workshop to develop the tool. The authors of the clinical trial wrote that they think that the option to pick popular videos might be one reason users stuck to the program -- people followed the treatment plan 88 percent of the time. Less than 50 percent of patients stick to eye patches or blurring drops. With the approval, Luminopia joins only a handful of companies with clearance to offer a digital therapeutic as a prescription treatment for medical conditions. Last year, the FDA approved a prescription video game called EndeavorRx, which treats ADHD in kids between eight and 12 years old. Luminopia said in a statement that it plans to launch the treatment in 2022.

"Billy Mitchell always has a plan," said Billy Mitchell in the 2007 documentary about Donkey Kong high scores, The King of Kong.

And he tweeted the phrase again Wednesday. GameSpot explains why. "Billy Mitchell, the professional gamer and hot sauce purveyor who rose to fame for setting several retro video game high scores, is preparing for a return to court." As reported by Axios, the U.S. appeals court gave Mitchell permission to proceed with his defamation suit against Twin Galaxies, the online video game leaderboard website. In case you missed the legal tussle, the whole saga began when Twin Galaxies and Guinness World Records stripped Mitchell of his several of world records for Pac-Man and Donkey Kong after he was accused of using emulation devices to earn his scores instead of authentic arcade machines, as was required for these world record attempts. While Guinness would later reverse its decision, Twin Galaxies has so far refused to reinstate Mitchell's records.

Mitchell would file a defamation suit against Twin Galaxies in 2019, while the site itself fought back with an "anti-strategic lawsuit against public participation" — more commonly known as a SLAPP motion — response, a legal move designed to have frivolous lawsuits dismissed from court and prevent parties from being silenced, as spotted by Kotaku. This week's ruling by the State of California's Second court has stated that Mitchell and his legal team have enough material to continue the lawsuit.

Whether Mitchell and his team actually stand a chance of winning the case is another matter entirely...
Mitchell also tweeted the exact wording of the court's decision, starting with the words "Because Mitchell showed a probability of prevailing on his claims, the trial court properly denied the anti-SLAPP motion."

Stranded in Yemen's war zone, a decaying supertanker has more than a million barrels of oil aboard. If -- or when -- it explodes or sinks, thousands may die. From a report: Soon, a vast, decrepit oil tanker in the Red Sea will likely sink, catch fire, or explode. The vessel, the F.S.O. Safer -- pronounced "Saffer" -- is named for a patch of desert near the city of Marib, in central Yemen, where the country's first reserves of crude oil were discovered. In 1987, the Safer was redesigned as a floating storage-and-off-loading facility, or F.S.O., becoming the terminus of a pipeline that began at the Marib oil fields and proceeded westward, across mountains and five miles of seafloor. The ship has been moored there ever since, and recently it has degraded to the verge of collapse. More than a million barrels of oil are currently stored in its tanks. The Exxon Valdez spilled about a quarter of that volume when it ran aground in Alaska, in 1989.

The Safer's problems are manifold and intertwined. It is forty-five years old -- ancient for an oil tanker. Its age would not matter so much were it being maintained properly, but it is not. In 2014, members of one of Yemen's powerful clans, the Houthis, launched a successful coup, presaging a brutal conflict that continues to this day. Before the war, the Yemeni state-run firm that owns the ship -- the Safer Exploration & Production Operations Company, or sepoc -- spent some twenty million dollars a year taking care of the vessel. Now the company can afford to make only the most rudimentary emergency repairs. More than fifty people worked on the Safer before the war; seven remain. This skeleton crew, which operates with scant provisions and no air-conditioning or ventilation below deck -- interior temperatures on the ship frequently surpass a hundred and twenty degrees -- is monitored by soldiers from the Houthi militia, which now occupies the territory where the Safer is situated. The Houthi leadership has obstructed efforts by foreign entities to inspect the ship or to siphon its oil. The risk of a disaster increases every day.

A vessel without power is known as a dead ship. The Safer died in 2017, when its steam boilers ran out of fuel. A boiler is a tanker's heart, because it generates the power and the steam needed to run vital systems. Two diesel generators on deck now provide electricity for basic needs, such as laptop charging. But crucial processes driven by the boiler system have ceased -- most notably, "inerting," in which inert gases are pumped into the tanks where the crude is stored, to neutralize flammable hydrocarbons that rise off the oil. Before inerting became a commonplace safety measure, in the nineteen-seventies, tankers blew up surprisingly often, and with lethal consequences: in December, 1969, three of them exploded within seventeen days, killing four men. Since the boilers on the Safer stopped working, the ship has been a tinderbox, vulnerable to a static-electric spark, a discharged weapon, a tossed cigarette butt. [...] The Safer is not sinking. It is not on fire. It has not exploded. It is not leaking oil. Yet the crew of the ship, and every informed observer, expects disaster to occur soon. But how soon? A year? Six months? Two weeks? Tomorrow? In May, Ahmed Kulaib, the former executive at sepoc, told me that "it could be after five minutes."

An anonymous reader quotes a report from Ars Technica: Telegram patched another image self-destruction bug in its app earlier this year. This flaw was a different issue from the one reported in 2019. But the researcher who reported the bug isn't pleased with Telegram's months-long turnaround time -- and an offered $1,159 bounty award in exchange for his silence. In February 2021, Telegram introduced a set of such auto-deletion features in its 2.6 release: Set messages to auto-delete for everyone 24 hours or 7 days after sending; Control auto-delete settings in any of your chats, as well as in groups and channels where you are an admin; and To enable auto-delete, right-click on the chat in the chat list > Clear History > Enable Auto-Delete. But in a few days, mononymous researcher Dmitrii discovered a concerning flaw in how the Telegram Android app had implemented self-destruction.

Messages that should be auto-deleted from participants in private and private group chats were only 'deleted' visually [in the messaging window], but in reality, picture messages remained on the device [in] the cache," the researcher wrote in a roughly translated blog post published last week. Tracked as CVE-2021-41861, the flaw is rather simple. In the Telegram Android app versions 7.5.0 to 7.8.0, self-destructed images remain on the device in the /Storage/Emulated/0/Telegram/Telegram Image directory after approximately two to four uses of the self-destruct feature. But the UI appears to indicate to the user that the media was properly destroyed.

But for a simple bug like this, it wasn't easy to get Telegram's attention, Dmitrii explained. The researcher contacted Telegram in early March. And after a series of emails and text correspondence between the researcher and Telegram spanning months, the company reached out to Dmitrii in September, finally confirming the existence of the bug and collaborating with the researcher during beta testing. For his efforts, Dmitrii was offered a $1,159 bug bounty reward. Since then, the researcher claims he has been ghosted by Telegram, which has given no response and no reward. "I have not received the promised reward from Telegram in [$1,159] or any other," he wrote.

Car buyers are discovering that supply chain constraints "have thrusted prices upwards considerably for new and used vehicles alike," notes Jalopnik.

But while last month Fortune ran an article headlined "Chipmakers to carmakers: Time to get out of the semiconductor Stone Age," Jalopnik argues it's not that simple. The implication here is that the auto industry is far too reliant on archaic tech that isn't applicable to other consumer tech fields. It's now finally reckoning with its reluctance to change, and only a fool would invest in shops to pump out the outdated silicon cars require. But is that a fair assessment? As Fortune notes in its own piece, there are reasons why carmakers — some of the largest corporations in the world — choose the chips they do. The comparison to smartphones is moot... The potential ramifications of a glitch in a metal box traveling at many miles per hour are a little more severe. That's especially true if you're talking about modern vehicles with driver-assist functions...

I asked some auto industry veterans to weigh in... What automakers require is somewhat at odds with what chipmakers prefer and are tooled to produce: smaller, more densely packed chips, that can be manufactured at lower cost and yield more units.... However, to suggest as [Intel CEO] Gelsinger did that the burden to adapt should fall squarely on automakers simplifies the issue. General purpose chipmakers don't seem to grasp the unique challenges of the automotive sector — something that became clear to me after chatting with Jon M. Quigley, Society of Automotive Engineers member and columnist at Automotive Industries. "Qualifying a product, specifically testing activities, are costly and requires time, talent, and equipment," Quigley said. "Some of the test equipment requirements are expensive and often not on hand at the OEM but will require an external lab, and booking time at this lab can be a long lead time activity, and is necessary for certain product certifications. Depending upon the vehicle system commonality, this testing might have to be performed on multiple vehicle platforms. Making changes to an existing product, changing an integrated circuit that only has the difference in the manufacturing processes would still require this sort of testing. Unless there are some compelling associated cost improvements to recoup the investment, this is not very plausible."

It's easy for those of us on the outside to miss the many steps of validation automotive components are required to go through before they end up in what we drive. Ultimately, carmakers don't care how small or new a chip is; all that matters is that it works for its intended purpose and is properly vetted... Chipmakers want as much miniaturization as possible to maximize production efficiency, automakers need significant lead time to make sure a chip will work for them. Each industry has reasons for operating the way it does. That doesn't change the fact that someone's going to have to budge to address this shortfall....

Over time, the transition to newer technology may naturally happen, but certainly not quickly enough to Band-Aid the snags of the present moment. That doesn't give anyone a single, solitary scapegoat, and it's not the easy answer anyone likely wants to hear — not prospective shoppers, not automakers and not the CEO of Intel. But it's the most realistic answer nonetheless.
In the meantime, one analyst that Jalopnik spoke to predicted automakers will try strategic partnerships with chipmakers — that is, "find ways to own or control more of the chip supply base going forward by partnering with ASIC design companies who do similar design service for networking companies."

On Thursday, the California DMV issued autonomous deployment permits to Cruise and Waymo, "which is a necessary step if the robotaxis are to charge passengers for their rides," reports The Verge. From the report: San Franciscans might have to be night owls to catch a Cruise; the DMV's authorization gives Cruise permission to operate on surface streets within a geofenced area of San Francisco between the hours of 10 pm and 6 am. Cruise's autonomous vehicles are allowed to operate in light rain and light fog, but they aren't allowed to exceed 30 mph (48 km/h). Waymo is allowed to operate over a wider area; the DMV's authorization is "within parts of San Francisco and San Mateo counties." These robotaxis are also trusted to cope with light rain and light fog and are approved for speeds of up to 65 mph (105 km/h).

Both AV developers have had permission to test (as opposed to commercially deploy) their vehicles on Californian roads. Waymo was allowed to begin road tests in 2014, and to conduct them without a safety driver from 2018. Meanwhile, Cruise got permission to begin road testing with safety drivers in 2015 and driverless testing in 2020. However, there are still Is to be dotted and Ts to be crossed before either Waymo or Cruise can actually properly begin operating real commercial robotaxi services. Approval from the DMV is necessary, but not sufficient, as the California Public Utilities Commission must also approve such a service.

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published today technical guidance on properly securing VPN servers used by organizations to allow employees remote access to internal networks. From a report: The NSA said it put together the nine-page guide [PDF] after "multiple nation-state advanced persistent threat (APT) actors" weaponized vulnerabilities in common VPN servers as a way to breach organizations. "Exploitation of these CVEs [vulnerabilities] can enable a malicious actor to steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device," the NSA said today in a press release announcing the guide's publication. "If successful, these effects usually lead to further malicious access and could result in a large-scale compromise to the corporate network," the agency added.

Ford has issued a recall of 5,000 Mustang Mach-E electric SUVs in Canada over a risk of the glass roof and windshield potentially coming loose and falling off. Ironically, the automaker mocked Tesla for the same problem just a year ago. Electrek reports: The automaker just issued two recalls in Canada, and one of them is specifically about the risk of the glass roof coming off: "On certain vehicles, the glass panel of the panoramic sunroof may not be properly attached. Over time, the glass could become loose and separate from the vehicle."

Ford says that it affects 1,812 2021 Mustang Mach-E vehicles in Canada. On another 3,178 Mach-Es, Ford says that there's a similar problem that could result in the windshield coming off: "On certain vehicles, the windshield may not be properly attached. As a result, the glass can become loose and could separate from the vehicle in a crash." In both cases, Ford plans to notify the affected owners, check the roof and windshield, and reassemble them with more adhesive if needed. For now, it looks like the recalls are limited to Canadian Mach-Es, even though Ford produces all its electric SUVs at the same factory in Mexico.

Tesla's Big Battery, located in southern Australia, just got hit with a federal lawsuit for failing to provide the crucial grid support it once promised it could. Motherboard reports: Built by Tesla in 2017, the 150-megawatt battery supplies 189 megawatt-hours of storage and was designed to support the grid when it becomes overloaded. Now operated by French renewable energy producer Neoen, it supplies storage for the adjacent Hornsdale wind farm, using clean energy to fill gaps that coal power leaves behind. It made waves at the time of its construction for being the largest lithium-ion battery in the world -- though it's now been superseded by another Tesla battery, the 300-megawatt Victorian Big Battery, also in Australia, which caught fire in July. On Wednesday, the Australian Energy Regulator (AER), the body that oversees the country's wholesale electricity and gas markets, announced it had filed a federal lawsuit against the Hornsdale Power Reserve (HPR) -- the energy storage system that owns the Tesla battery -- for failing to provide "frequency control ancillary services" numerous times over the course of four months in the summer and fall of 2019. In other words, the battery was supposed to supply grid backup when a primary power source, like a coal plant, fails.

The HPR's alleged pattern of failures was first brought to light during a disruption to a nearby coal plant in 2019, according to the regulator. When the nearby Queensland's Kogan Creek power station tripped on October 9, 2019, the HPR was called on to offer grid backup, having made offers to the Australian Energy Market Operator (AEMO) to do so. But the power reserve failed to provide the level of grid support that AEMO expected, and, in fact, was never able to do so in the first place, the lawsuit alleges, despite making money off of offering them. Though HPR did step in eventually, and no outages were recorded, the incident spurred investigation into a number of similar failures over the course of July to November 2019. The reserve's failure to support the grid in the way it promised created "a risk to power system security and stability," a press release on the lawsuit says.

An anonymous reader shares a post: But what's at stake is not just employing people properly and/or paying them well -- what is often called the 'casualisation of work.' At the core of enabling, financing and founding this servant economy is something much less tangible but substantial: what kind of an economy do you want to produce with your decisions? How far do you want to push the division of labour between (elite) educated high earners and people providing menial services for this class?

The economy we are currently seeding is one where convenience for some is worth more than community and solidarity for all. It pits one class of unstably employed (gig) work 'entrepreneurs' against an often older, surely more established class blessed with safety and security, benefitting from a new choice of servant services.

The biggest frustration among new car owners is that they can't get their car and smartphone to talk to one another, a new J.D. Power study finds. From a report: Consumers want their digital lives to follow them seamlessly in the car, which is why Apple CarPlay and Android Auto have become so popular. But if the wireless connection is glitchy, such features don't work, leaving car owners unhappy. "Owners are caught in the middle when vehicle and phone technologies don't properly connect," says Dave Sargent, vice president of automotive quality at J.D. Power.

1 in 4 problems cited by car buyers in the first 90 days of ownership involves infotainment, according to the J.D. Power 2021 Initial Quality Study (IQS), released Tuesday. For the first time in a decade, voice recognition is not the top problem; instead, it's Apple CarPlay/Android Auto connectivity, which worsened significantly, especially for those trying to connect wirelessly. About one-third of new cars now come with a built-in WiFi hub, which may or may not be compatible with a phone's operating system.

"When residents of an affluent estate community in Alberta started hearing noise from a nearby power plant, they didn't expect their complaints of sleepless nights would lead to a months-long investigation that would find a bitcoin mining operation had set up shop without approval," reports the CBC: Now, Link Global, the company behind the site, is being ordered by the province's utility commission to shut down two plants until it can prove it's allowed to operate — a move the company says will cost jobs and cause the oil and gas infrastructure in which it operates to sit dormant....

Vancouver-based Link Global had set up four 1.25 MW gas generators at the site, pulling power from a dormant natural gas well owned by Calgary-based company MAGA Energy. The natural gas powers thousands of computer servers that run programs to "mine" digital currency... Work on the plant began in August 2020, and by fall — when neighbours started to get annoyed — it was operating at full capacity. There was just one problem: The company hadn't notified neighbours of its plans. Or the county. Or the provincial utilities commission — which allows power plants to be set up without approval if they meet several conditions, including only generating power for the company's own use and proving the plant has no adverse effects on people or the environment...

Alberta is littered with nearly 200,000 dormant or abandoned oil and gas wells, often because they're no longer economically viable. It has raised the spectre that landowners and taxpayers could be on the hook for the cleanup costs, which the province estimates could be up to $30 billion, as well as prompted a push to find other uses for the facilities, such as powering cryptocurrency operations. Stephen Jenkins, Link Global's CEO, said some of that abandoned energy infrastructure, is at risk of leaking methane — a greenhouse gas more potent than carbon dioxide. "We look at, OK, what can we do to use this in a beneficial way ... I don't want to say we're in the business of methane destruction, but we're in the business of beneficial use of that potential methane-generating source. You combust it properly. You don't flare it, and you control those emissions," Jenkins said...

And though the facility employs only four people, Jenkins said it's important to him to employ locally and give former oil and gas workers a path into other careers. The Sturgeon County plant's supervisor is a former pipefitter; he's now a bitcoin pro and an expert at keeping the plant online, Jenkins said. "It's a perfect use of people's skills," he said.

Of course, it's not all altruism. The company has said for every 10 MW of power, it can generate about 1.2 bitcoins per day.
Last Friday the Alberta Utilities Commission (AUC) ruled that the plant had indeed been violating their regulatory requirements, and would now also have to suffer a financial penalty which the CBC reported as "a $50,000 to $75,000 fine, reduced by up to 50% because Link Global admitted to breaking the rules..."

"More penalties could be on the way. The AUC will now review whether specific sanctions should be imposed against Link Global for operating without approval — a decision on that is expected this fall."

The CBC adds that another Link Global plant was also found to be "set up without the AUC's prior approval."

Dr. Zeynep Tufekci, an associate professor at the University of North Carolina, writing at The New York Times: The C.D.C. faces three major problems. The first is reality: a sustained campaign of misinformation against vaccines and other public health measures, originating mostly with right-wing commentators and politicians, and a new media environment that has upended traditional information flows.

Second, the C.D.C. is still mired in the fog of pandemic, with too little data, collected too slowly, leaving it chasing epidemic waves and trying to make sense of information from other countries. Epidemics spread exponentially, so delayed responses make problems much worse. If the response to a crisis comes after many people are already aware of it brewing, it leaves them confused and fearful if they look to the C.D.C. for guidance, and vulnerable to misinformation if they do not.

Third, the agency is simply not doing a good job at what the pamphlet advises: being first, right and credible, and avoiding mixed messaging, delays and confusion. It's hard not to have sympathy for its predicament. The previous administration undermined the C.D.C., and anti-vaxxers' deliberate misinformation assault has not made the agency's job any easier. The digital public sphere operates fast and furious, and that's difficult for traditional institutions to keep up with or to counter. All this makes it even more important that the C.D.C. properly handle what's under its control.

The response to the Delta variant has been too slow. Data from other countries made it clear months ago that it posed a great threat. Unfortunately, the United States already doesn't systematically collect the kind of data needed on many important indicators. Making things worse, in early May, the C.D.C. stopped tracking breakthrough infections among the vaccinated unless they were hospitalized or worse, even though the reason for continued surveillance is to see and understand changes in an outbreak as early as possible. June passed with little change in the government's response, despite multiple technical papers from Public Health England showing that the Delta variant was much more transmissible and possibly more severe and that it was able to cause more breakthrough infections among the vaccinated. Detailed contact tracing from Singapore also showed that some of the vaccinated were transmitting.

An anonymous reader quotes a report from Ars Technica: Cybersecurity at eight federal agencies is so poor that four of them earned grades of D, three got Cs, and only one received a B in a report issued Tuesday by a US Senate Committee. "It is clear that the data entrusted to these eight key agencies remains at risk," the 47-page report stated. "As hackers, both state-sponsored and otherwise, become increasingly sophisticated and persistent, Congress and the executive branch cannot continue to allow PII and national security secrets to remain vulnerable."

The report, issued by the Senate Committee on Homeland Security and Governmental Affairs, comes two years after a separate report found systemic failures by the same eight federal agencies in complying with federal cybersecurity standards. The earlier report (PDF) found that during the decade spanning 2008 to 2018, the agencies failed to properly protect personally identifiable information, maintain a list of all hardware and software used on agency networks, and install vendor-supplied security patches in a timely manner. The 2019 report also highlighted that the agencies were operating legacy systems that were costly to maintain and hard to secure. All eight agencies -- including the Social Security Administration and the Departments of Homeland Security, State, Transportation, Housing and Urban Development, Agriculture, Health and Human Services, and Education -- failed to protect sensitive information they stored or maintained.

Tuesday's report, titled Federal Cybersecurity: America's Data Still at Risk, analyzed security practices by the same agencies for 2020. It found that only one agency had earned a grade of B for its cybersecurity practices last year. "What this report finds is stark," the authors wrote. "Inspectors general identified many of the same issues that have plagued Federal agencies for more than a decade. Seven agencies made minimal improvements, and only DHS managed to employ an effective cybersecurity regime for 2020. As such, this report finds that these seven Federal agencies still have not met the basic cybersecurity standards necessary to protect America's sensitive data." State Department systems, the auditors found, frequently operated without the required authorizations, ran software (including Microsoft Windows) that was no longer supported, and failed to install security patches in a timely manner. The department's user management system came under particular criticism because officials couldn't provide documentation of user access agreements for 60 percent of sample employees that had access to the department's classified network. "This network contains data which if disclosed to an unauthorized person could cause 'grave damage' to national security," the auditors write. "Perhaps more troubling, State failed to shut off thousands of accounts after extended periods of inactivity on both its classified and sensitive but unclassified networks. According to the Inspector General, some accounts remained active as long as 152 days after employees quit, retired, or were fired. Former employees or hackers could use those unexpired credentials to gain access to State's sensitive and classified information, while appearing to be an authorized user. The Inspector General warned that without resolving issues in this category, 'the risk of unauthorized access is significantly increased.'"

Ars Technica adds that the Social Security Administration "suffered many of the same shortcomings, including a lack of authorization for many systems, use of unsupported systems, failure to Compile an Accurate and Comprehensive IT Asset Inventory, and Failure to Provide for the Adequate Protection of PII."

An anonymous reader quotes a report from The New York Times: Will civilization as we know it end in the next 100 years? Will there be any functioning places left? These questions might sound like the stuff of dystopian fiction. But if recent headlines about extreme weather, climate change, the ongoing pandemic and faltering global supply chains have you asking them, you're not alone. Now two British academics, Aled Jones, director of the Global Sustainability Institute at Anglia Ruskin University in Cambridge, England, and his co-author, Nick King, think they have some answers. Their analysis, published in July in the journal Sustainability, aims to identify places that are best positioned to carry on when or if others fall apart. They call these lucky places "nodes of persisting complexity."

The winner, tech billionaires who already own bunkers there will be pleased to know, is New Zealand. The runners-up are Tasmania, Ireland, Iceland, Britain, the United States and Canada. The findings were greeted with skepticism by other academics who study topics like climate change and the collapse of civilization. Some flat-out disagreed with the list, saying it placed too much emphasis on the advantages of islands and failed to properly account for variables like military power. And some said the entire exercise was misguided: If climate change is allowed to disrupt civilization to this degree, no countries will have cause to celebrate. "For his study, he built on the University of Notre Dame's Global Adaptation Initiative, which ranks 181 countries annually on their readiness to successfully adapt to climate change," the NYT adds. "He then added three additional measures: whether the country has enough land to grow food for its people; whether it has the energy capacity to 'keep the lights on,' as he put it in an interview; and whether the country is sufficiently isolated to keep other people from walking across its borders, as its neighbors are collapsing."

"New Zealand comes out on top in Professor Jones's analysis because it appears to be ready for changes in the weather created by climate change. It has plenty of renewable energy capacity, it can produce its own food and it's an island, meaning it scores well on the isolation factor, he said."

An anonymous reader writes: As reported by Motherboard, Emily Crose, a FOIA researcher, obtained emailed complaints showing how life at the NSA can be incredibly mundane:

"The cafe menu items and pricing are out of control! Weighing the food to get more money, the scales are not properly adjusted, ripping us off. They stopped serving fried eggs at the OPS1 breakfast bar because it's faster and cheaper to get them. Now if you go to the grill the price is inflated. What's the difference between the grilled chicken at the grill and the grilled chick at the chicken shack?"

A person who used to work in the intelligence community told that they could confirm that the NSA cafeteria is "depressingly bad." "Maybe not the worst cafeteria I've ever eaten in but worse than the time I ate at US run military base mess hall," they said, asking to remain anonymous.

Remote management software vendor Kaseya said this week it had obtained a universal decryptor for the REvil ransomware and is now in the process of helping customers recover their encrypted data following a major ransomware attack that targeted its on-premises VSA servers on July 2 this year. From a report: In a phone call today, a Kaseya spokesperson told The Record it obtained the decrypter from a "trusted third-party," but declined to elaborate further, for the moment. The company said it obtained the decryptor yesterday, verified that the decryption tool worked properly, and has begun shipping it to affected customers earlier today. In an update on July 6, the Kaseya CEO said that around 60 of its direct customers, users of VSA servers, were impacted in the July 2 attack. Hackers used a zero-day to gain access to Kaseya VSA on-premise servers and then pivoted to workstations managed through the VSA software, deploying a version of the REvil ransomware on those systems and encrypting their files.

An anonymous reader quotes a report from Ars Technica: Muse Group -- owner of the popular audio-editing app Audacity -- is in hot water with the open source community again. This time, the controversy isn't over Audacity -- it's about MuseScore, an open source application that allows musicians to create, share, and download musical scores (especially, but not only, in the form of sheet music). The MuseScore app itself is licensed GPLv3, which gives developers the right to fork its source and modify it. One such developer, Wenzheng Tang ("Xmader" on GitHub) went considerably further than modifying the app -- he also created separate apps designed to bypass MuseScore Pro subscription fees. After thoroughly reviewing the public comments made by both sides at GitHub, Ars spoke at length with Muse Group Head of Strategy Daniel Ray -- known on GitHub by the moniker "workedintheory" -- to get to the bottom of the controversy.

While Xmader did, in fact, fork MuseScore, that's not the root of the controversy. Xmader forked MuseScore in November 2020 and appears to have abandoned that fork entirely; it only has six commits total -- all trivial, and all made the same week that the fork was created. Xmader is also currently 21,710 commits behind the original MuseScore project repository. Muse Group's beef with Xmader comes from two other repositories, created specifically to bypass subscription fees. Those repositories are musescore-downloader (created November 2019) and musescore-dataset (created March 2020). Musescore-downloader describes itself succinctly: "download sheet music from musescore.com for free, no login or MuseScore Pro required." Musescore-dataset is nearly as straightforward: it declares itself "the unofficial dataset of all music sheets and users on musescore.com." In simpler terms: musescore-downloader lets you download things from musescore.com that you shouldn't be able to; musescore-dataset is those files themselves, already downloaded. For scores that are in the public domain or that users have uploaded under Creative Commons licenses, this isn't necessarily a problem. But many of the scores are only available by arrangement between the score owner and Muse Group itself -- and this has several important implications.

Just because you can access the score via the app or website doesn't mean you're free to access it anywhere, anyhow, or redistribute that score yourself. The distribution agreement between Muse Group and the rightsholder allows legitimate downloads, but only when using the site or app as intended. Those agreements do not give users carte blanche to bypass controls imposed on those downloads. Further, those downloads can often cost the distributor real money -- a free download of a score licensed to Muse Group by a commercial rightsholder (e.g., Disney) is generally not "free" to Muse Group itself. The site has to pay for the right to distribute that score -- in many cases, based on the number of downloads made. Bypassing those controls leaves Muse Group on the hook either for costs it has no way to monetize (e.g., by ads for free users) or for violating its own distribution agreements with rightsholders (by failing to properly track downloads).