An anonymous reader shares a report: In May this year, Alexis Hancock's daughter got a children's tablet for her birthday. Being a security researcher, Hancock was immediately worried. "I looked at it kind of sideways because I've never heard of Dragon Touch," Hancock told TechCrunch, referring to the tablet's maker. As it turned out, Hancock, who works at the Electronic Frontier Foundation, had good reasons to be concerned. Hancock said she found that the tablet had a slew of security and privacy issues that could have put her daughter's and other children's data at risk.

The Dragon Touch KidzPad Y88X contains traces of a well-known malware, runs a version of Android that was released five years ago, comes pre-loaded with other software that's considered malware and a "potentially unwanted program" because of "its history and extensive system level permissions to download whatever application it wants," and includes an outdated version of an app store designed specifically for kids, according to Hancock's report, which was released on Thursday and seen by TechCrunch ahead of its publication. Hancock said she reached out to Dragon Touch to report these issues, but the company never responded. Dragon Touch did not respond to TechCrunch's questions either. After TechCrunch reached out to the company, Walmart removed the listing from its website, while Amazon said it's looking into the matter.

Rick Lane reports via PC Gamer: KeeperFX has been in the process of rescuing Dungeon Keeper for a decade and a half. The project originally started in 2008, and experienced something of a bumpy road up until 2016. Since then, though, it has gradually added support for Windows 7, 10, and 11, support for hi-res and 4k screens, modernized controls, and even additional campaigns. With this latest version, KeeperFX's developers say "all original Dungeon Keeper code has been rewritten, establishing KeeperFX as a true open-source standalone game." 1.0 also introduces some new features, such as higher framerates, AI that is better at digging and less likely to "instantly" throw its entire army at you, and "higher quality landview speeches" for the additional campaigns. That refers to the introductions and epilogues to missions which, in the game's original campaign, were voiced by Richard Ridings, aka Daddy Pig.

Perhaps most intriguing of all, KeeperFX's 1.0 adds a couple of new units to play with. First up is the Druid, a sort-of color-flipped version of the Warlock who uses ice spells rather than fire. The other unit is the excitingly named Time Mage, a recolor of the Wizard who can cast teleport and speed spells, and also turn enemy units into chickens (presumably through rapid devolution). You won't find these units in the original campaign, but you will encounter them in the custom campaigns bundled with the 1.0 version. You can download KeeperFX here, although it still requires you to own Dungeon Keeper "for copyright reasons."

For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. ArsTechnica: Underscoring the importance of their discovery, the researchers used their findings to calculate the private portion of almost 200 unique SSH keys they observed in public Internet scans taken over the past seven years. The researchers suspect keys used in IPsec connections could suffer the same fate. SSH is the cryptographic protocol used in secure shell connections that allows computers to remotely access servers, usually in security-sensitive enterprise environments. IPsec is a protocol used by virtual private networks that route traffic through an encrypted tunnel.

The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host. While the percentage is infinitesimally small, the finding is nonetheless surprising for several reasons -- most notably because most SSH software in use has deployed a countermeasure for decades that checks for signature faults before sending a signature over the Internet. Another reason for the surprise is that until now, researchers believed that signature faults exposed only RSA keys used in the TLS -- or Transport Layer Security -- protocol encrypting Web and email connections. They believed SSH traffic was immune from such attacks because passive attackers -- meaning adversaries simply observing traffic as it goes by -- couldn't see some of the necessary information when the errors happened.

Scary play lets people -- and other animals -- rehearse coping skills for disturbing challenges in the real world. Scientific American: Our desire to experience fear, it seems, is rooted deep in our evolutionary past and can still benefit us today. Scary play, it turns out, can help us overcome fears and face new challenges -- those that surface in our own lives and others that arise in the increasingly disturbing world we all live in. The phenomenon of scary play surprised Charles Darwin. In The Descent of Man, he wrote that he had heard about captive monkeys that, despite their fear of snakes, kept lifting the lid of a box containing the reptiles to peek inside. Intrigued, Darwin turned the story into an experiment: He put a bag with a snake inside it in a cage full of monkeys at the London Zoological Gardens. A monkey would cautiously walk up to the bag, slowly open it, and peer down inside before shrieking and racing away. After seeing one monkey do this, another monkey would carefully walk over to the bag to take a peek, then scream and run. Then another would do the same thing, then another.

The monkeys were "satiating their horror," as Darwin put it. Morbid fascination with danger is widespread in the animal kingdom -- it's called predator inspection. The inspection occurs when an animal looks at or even approaches a predator rather than simply fleeing. This behavior occurs across a range of animals, from guppies to gazelles. At first blush, getting close to danger seems like a bad idea. Why would natural selection have instilled in animals a curiosity about the very things they should be avoiding? But there is an evolutionary logic to these actions. Morbid curiosity is a powerful way for animals to gain information about the most dangerous things in their environment. It also gives them an opportunity to practice dealing with scary experiences.

When you consider that many prey animals live close to their predators, the benefits of morbidly curious behavior such as predator inspection become clear. For example, it's not uncommon for a gazelle to cross paths with a cheetah on the savanna. It might seem like a gazelle should always run when it sees a cheetah. Fleeing, however, is physiologically expensive; if a gazelle ran every time it saw a cheetah, it would exhaust precious calories and lose out on opportunities for other activities that are important to its survival and reproduction. Consider the perspective of the predator, too. It may seem like a cheetah should chase after a gazelle anytime it sees one. But for a cheetah, it's not easy to just grab a bite; hunting is an energetically costly exercise that doesn't always end in success.

An anonymous reader quotes a report from TechCrunch: The government of Maine has confirmed over a million state residents had personal information stolen in a data breach earlier this year by a Russia-linked ransomware gang. In a statement published Thursday, the Maine government said hackers exploited a vulnerability in its MOVEit file-transfer system, which stored sensitive data on state residents. The hackers used the vulnerability to access and download files belonging to certain state agencies between May 28 and May 29, the statement read. The Maine government said it was disclosing the incident and notifying affected residents as its assessment of the impacted files "was recently completed."

Maine said that the stolen information may include a person's name, date of birth, Social Security number, driver's license and other state or taxpayer identification numbers. Some individuals had medical and health insurance information taken. The statement said the state holds information about residents "for various reasons, such as residency, employment, or interaction with a state agency," and that the data it holds varies by person. According to the state's breakdown of which agencies are affected, more than half of the stolen data relates to Maine's Department of Health and Human Services, with up to about a third of the data affecting the Maine's Department of Education. The remaining data affects various other agencies, including Maine's Bureau of Motor Vehicles and Maine's Department of Corrections, though the government notes that the breakdown of information is subject to change. More than 1.3 million people live in the state of Maine, according to the U.S. Census Bureau.

Jennifer Pattison Tuohy reports via The Verge: The Chamberlain Group -- owners of the MyQ smart garage door controller tech -- has announced it's shut off all "unauthorized access" to its APIs. The move breaks the smart home integrations of thousands of users who relied on platforms such as Homebridge and Home Assistant to do things like shut the garage door when they lock their front door or flash a light if they leave their door open for 10 minutes, or whatever other control or automation they wanted to do with the device they bought and paid for.

The move comes a year after Chamberlain discontinued its official Apple HomeKit integration and a few months after it finally killed support for Google Assistant. It's sadly another example of how the company continues to be hostile to the interoperable smart home. Last week, in a blog post, Dan Phillips, chief technology officer of Chamberlain, explained the reasons behind its latest move: "Chamberlain Group recently made the decision to prevent unauthorized usage of our myQ ecosystem through third-party apps. This decision was made so that we can continue to provide the best possible experience for our 10 million+ users, as well as our authorized partners who put their trust in us. We understand that this impacts a small percentage of users, but ultimately this will improve the performance and reliability of myQ, benefiting all of our users." When asked what customers that relied on these now-defunct integrations do, a spokesperson for the company said: "We have a number of authorized partners that we will be happy for people to use," pointing to its partner webpage.

"However, those partners are primarily smart security companies with monthly subscriptions (such as Alarm.com and Vivint) and car manufacturers," notes The Verge. Some alternatives to a MyQ smart garage controller are mentioned in the report, such as Tailwind's $90 iQ3 Pro smart garage controller, Meross' $60 Smart Wi-Fi Garage Door Opener, iSmartgate's $40 iSmartgate Mini, and Ratgdo's $30 Wi-Fi control board.

The moral for smart home users, as summed up by Home Assistant founder Paulus Schoutsen, is: "Buy products that work locally and won't stop functioning when management wants an additional revenue stream."

An anonymous reader quotes a report from 404 Media: Attendees at a conference for Bored Ape NFT owners are reporting waking up in the middle of the night following laser and blacklight-heavy performances with extreme eye pain and vision loss. Yuga Labs, the parent company of Bored Ape Yacht Club, hosted ApeFest in Hong Kong from November 3-5. The event was open to holders of Bored Ape NFTs, a crypto project that peaked in 2021 and recently crashed to a two-year low, costing many investors thousands of dollars.

"I woke up at 04:00 and couldn't see anymore. Had so much pain and my whole skin is burned. Needed to go to the hospital," one attendee posted on the last day of the event. "The doctor told me the uv of the lightning of the stage did it. It has the same effect as sunlight. Still can not see normally.." "Same here for me and +1. I had eyeglasses, so was a bit spared, but skin is burned and +1 had the same degree of issues with eyes," someone replied. "The toilets may have been great, but what happened to our eyeballs last night at #ApeFest?" another attendee wrote, as a follow-up to a photo of him sitting on a toilet with his pants around his ankles in a room bathed in intense blacklights. "Been to lots of concerts, festivals, Burning Man, and never have I ever experienced fucked eyes like this."

Even as they woke up in the middle of the night with blinding eye pain, some attendees still praised the organizers for the event. "Thanks for great apefest logistiscs guys @yugalabs & @BoredApeYC. Incredible event and met plenty of amazing people," one wrote. "Still, as dozens of others, I've almost lost sight this night." They suggested others get their eyes checked like they did, and said their eyes were burned by UV. "To the organisers: For the communication & awareness reasons, it would be fair to put together an official statement with recommendations what to do, as dozens of people you care about were exposed to serious health hazards and lots of suffering," they continued. "You're good guys so it should be easy for you to recognise the seriousness of it." Photos and videos from the event show crowds of young men doing some of the worst moshing I've ever seen to performances and conference rooms soaked in blacklight and lasers. Where in the venue the damage was done is still unclear. Bored Ape Yacht Club acknowledged the issue in a post early Monday morning: "Apes, we are aware of the eye-related issues that affected some of the attendees of ApeFest and have been proactively reaching out to individuals since yesterday to try and find the potential root causes," the official account tweeted. "Based on our estimates, we believe that much less than 1% of those attending and working the event had these symptoms. While nearly everyone has indicated their symptoms have improved, we encourage anybody who feels them to seek medical attention just in case."

"More developers are looking for or are open to a new job now compared to the last two years," writes Stack Overflow's senior analyst for market research and insights — citing the results of their latest survey of developers in 107 different countries.

"More than 1,000 developers responded to this year's survey about jobs and 79% are at least considering new opportunities if not actively looking." New insights from these survey results show that new tech talent and late-career developers are both more likely to be looking. New developers have increasingly switched jobs compared to early- and mid-career developers in the last three years... Interest in looking for a new job drops as developers get older for new to mid-career (44 and younger) respondents (86% to 74%), but picks back up for those 55 to 64 (88%). Late-career developers acknowledge curiosity about other companies as their second top reason to look for a new job this year behind "better salary," which all age groups rank as their top reason. Curiosity grew in importance for late-career developers since last year more than all other age groups (32% vs. 22%) and is more important to this group than reasons other groups ranked higher such as working with new technology and growth opportunities...

In our 2023 Developer Survey, we started asking about AI and the sentiment around it in our developer community; results were very similar when we checked in again through this pulse survey (70% are using AI or planning to). Developers may also feel less enthusiastic about learning opportunities now that AI tools are rapidly developing to help many be more productive in their jobs (30% cite this as the top benefit).
Other interesting findings from the survey:

• Compared to the 2023 Developer Survey, 8% of developers have exited the technology industry and are increasingly filling roles in manufacturing and supply chain companies (11% vs. 7%)

• Technology is the industry most developers currently work in (46%), followed by manufacturing/supply chain (14%) and financial services (13%)

• New tech talent is onboarding at as many jobs by 24 as those up to 10 years their senior and this rapid experience cycle could rival the knowledge and experience of those they report to.

An anonymous reader shared this report from Ars Technica: Following the passage of California's repair bill that Apple supported, requiring seven years of parts, specialty tools, and repair manual availability, Apple announced Tuesday that it would back a similar bill on a federal level. It would also make its parts, tools, and repair documentation available to both non-affiliated repair shops and individual customers, "at fair and reasonable prices."

"We intend to honor California's new repair provisions across the United States," said Brian Naumann, Apple's vice president for service and operation management, at a White House event Tuesday...

"I think most OEMs [Original Equipment Manufacturers] will realize they can save themselves a lot of trouble by making parts, tools, and other requirements of state laws already in NY, MN, CA, and CO available nationally," wrote Gay Gordon-Byrne, executive director of The Repair Association, to Ars... Gordon-Byrne noted that firms like HP, Google, Samsung, and Lenovo have pledged to comply with repair rules on a national level. The US Public Interest Research Group (PIRG) communicated a similarly hopeful note in its response to Tuesday's event, noting that "Apple makes a lot of products, and its conduct definitely influences other manufacturers." At the same time, numerous obstacles to repair access remain in place through copyright law — "Which we hope will be high on an agenda in the IP subcommittee this session," Gordon-Byrne wrote.
Besides strong support from President Biden, there's also strong support from America's Federal Trade Commission, reports TechCrunch: FTC chair Lina Khan commented on the pushback many corporations have given such legislation. Device and automotive manufacturers have argued that putting such choice in the hands of consumers opens them up to additional security risks. "We hear some manufacturers defend repair restrictions, claiming that they're needed for safety or security reasons," said Khan. "The FTC has found that all too often these claims are backed by limited evidence. Accordingly, the FTC has committed itself to using all of our enforcement and policy tools to fight for people's right to repair their own products."
A cautionary note from Ars Technica: Elizabeth Chamberlain, director of sustainability for iFixit, a parts vendor and repair advocate, suggested that Apple's pledge to extend California's law on a national level is "a strategic move." "Apple likely hopes that they will be able to negotiate out the parts of the Minnesota bill they don't like," Chamberlain wrote in an email, pointing specifically to the "fair and reasonable" parts provisioning measure that could preclude Apple's tendency toward pairing parts to individual devices. "[I]t's vital to get bulletproof parts pairing prohibitions passed in other states in 2024," Chamberlain wrote. "Independent repair and refurbishment depend on parts harvesting."
The Washington Post reports that currently repair shop owners and parts vendors "have had to find ways to reassure their customers they haven't made a mistake by choosing an independent fix." If the digital identifier tied to a replacement part doesn't match the one the phone expects to see, you'll start seeing those warnings and issues. "Only Apple pairs parts in an intrusive way where you get these messages pop up," said Jonathan Strange, owner of two XiRepair gadget repair shops in Montgomery, Alabama. To ward off those unnerving messages and restore full functionality, repair technicians are required to go through a "system configuration" process that authenticates the part after making the fix. Some small operations, like Strange's XiRepair shops, can do that in-store because they've gone through a process to become a certified Apple Independent Repair Providers. But that process can't happen at all in shops that haven't gone through that certification, or if more affordable parts like third-party replacements were used.
The Post also shares this reaction from Aaron Perzanowski, a repair researcher and law professor at the University of Michigan.

"The fact that companies want to use technology to essentially undo the notion of interchangeable parts is something we ought to find deeply disturbing."

VentureBeat reports: Thursday San Francisco-based Oxide, a startup founded by computing experts from Joyent and Dell, launched what it calls the world's first "commercial cloud computer," a rack-scale system that enterprises can own to reap the benefits and flexibility of cloud computing on-premises, right within their data center. The company believes the new offering can finally put an end to the "cloud vs on-prem" dilemma enterprises face while setting up their infrastructure...

It also announced $44 million in a series A round of funding, led by Eclipse VC with participation from Intel Capital, Riot Ventures, Counterpart Ventures and Rally Ventures. Oxide plans to use this money to accelerate the adoption of its cloud computer, giving teams a new, better option to serve their customers... The round brings Oxide's total financing raised to date to $78 million.
Since 2019 Oxide has thrown a team of 60 technologists at the problem — and Thursday, Oxide also revealed an impressive list of current customers: There's the U.S. Department of Energy — specifically its Idaho National Laboratory (which has historically been involved in nuclear research) — as well as "a well-known financial services firm". Oxide also announced that within just a few months, there'll be additional installments at multiple Fortune 1000 companies. And beyond that, Oxide is also boasting that they now have "a long wait list of customers ready to install once production catches up with demand...."

Will Coffield, a partner at Riot Ventures, quipped that Oxide had "essentially wrapped all the hopes and dreams of a software engineer, IT manager, and a CFO into a single box...." Steve Tuck, CEO and co-founder of Oxide, pointed out that cloud computing "remains restricted to a centralized, rental-only model." There are many reasons why an enteprise might want to own their infrastructure — security, reliability, cost, and response time/latency issues — and as Tuck sees it, "the rental-only model has denied them modern cloud capabilities for these use cases.

"We are changing that."
Earlier this year on the Software Engineering Daily podcast, CTO/co-founder Bryan Cantrill remembered that when doing their compliance testing, "The folks at the compliance lab — they see a lot of servers — and they're like, 'Are you sure it's on?' Because it's so quiet!" (This June article notes that later on the podcast Cantrill argued that the acoustics of today's data centers are "almost like an odor. It is this visceral reminder that this domain has suffered for lack of real systemic holistic thinking...")

Oxide's press packet lays out other advantages for their servers. "Power usage is 2x efficient, takes up half the space, and can be up and running in just four hours instead of three months."

Bitcoin has surged past $33,000 per coin on Monday, rising nearly 11% in 24 hours. According to CoinGecko, the coin is up more than 17% in the past seven days. Decrypt reports: Bulls have flooded the space as talk about a spot Bitcoin ETF has investors hopeful that the long-awaited crypto product will soon get approval from the U.S. Securities and Exchange Commission. A Monday CoinShares report showed that institutional investors are pouring money into the space; JPMorgan analysts said last week that a spot Bitcoin ETF could be approved by Christmas.

High-profile investment firms that have applied to the SEC for a spot ETF are fine tuning their applications in the hope that the regulator will give them the green light. Investors have been hungry for a spot Bitcoin ETF for the best part of a decade but Wall Street's biggest regulator experts say has denied applications for such a product, mostly citing the potential for market manipulation as one of the main reasons.

But analysts are now more optimistic than ever before: BlackRock, world's biggest fund manager, applied for a Bitcoin ETF of its own. Not long after, manager Grayscale scored a victory against the SEC when a federal judge sided with the firm over its application to convert its flagship Bitcoin fund into an ETF.

The bar for taking a sick day is getting lower, and some bosses say that's a problem. From a report: U.S. workers have long viewed an unwillingness to take sick days as a badge of honor. That's a laurel workers care much less about these days. The number of sick days Americans take annually has soared since the pandemic, employee payroll data show. Covid-19 and a rise in illnesses such as RSV, which can require days away from work, are one reason. Managers and human-resources executives also attribute the jump to a bigger shift in the way many Americans relate to their jobs.

For one, more workers are using up sick time often for reasons such as mental health. And unlike older workers, who might have been loath to call in sick for fear of seeming weak or unreliable, younger workers feel more entitled to take full advantage of the benefits they've been given, executives and recruiters say. That confidence has only grown as record low unemployment persists. So far this year, 30% of white-collar workers with access to paid leave have taken sick time, up from 21% in 2019, according to data from payroll and benefits software company Gusto. Employees between ages 25 and 34 are taking sick days most often, with their use rates jumping 45% from before the pandemic.

[...] Younger workers used to follow the example of their older peers and come in even when under the weather, says Crystal Williams, chief human resources officer at global business payments company Fleetcor, which has around 5,000 U.S. employees. She suspects early-career employees aren't taking cues from older co-workers in the same way now that five days a week at the office is no longer the norm. Prepandemic, Fleetcor workers in their 20s and 30s took one or two sick days a year, she says. Now, it's more like three to five.

This week Bloomberg explored so-called "zombie viruses" — that is, long-dormant microbes which they call "yet another risk that climate change poses to public health" as ground that's been frozen for "milleniums" suddenly starts thawing — for example, in the Arctic, which they write is warming "faster than any other area on earth." With the planet already 1.2C warmer than pre-industrial times, scientists are predicting the Arctic could be ice-free in summers by 2030s. Concerns that the hotter climate will release trapped greenhouse gases like methane into the atmosphere as the region's permafrost melts have been well-documented, but dormant pathogens are a lesser explored danger. Last year, virologist Jean-Michel Claverie's team published research showing they'd extracted multiple ancient viruses from the Siberian permafrost, all of which remained infectious...

Ways in which this could present a threat are still emerging. A heat wave in Siberia in the summer of 2016 activated anthrax spores, leading to dozens of infections, killing a child and thousands of reindeer. In July this year, a separate team of scientists published findings showing that even multicellular organisms could survive permafrost conditions in an inactive metabolic state, called cryptobiosis. They successfully reanimated a 46,000-year-old roundworm from the Siberian permafrost, just by re-hydrating it...

Claverie first showed "live" viruses could be extracted from the Siberian permafrost and successfully revived in 2014. For safety reasons his research focused only on viruses capable of infecting amoebas, which are far enough removed from the human species to avoid any risk of inadvertent contamination. But he felt the scale of the public health threat the findings indicated had been under-appreciated or mistakenly considered a rarity. So, in 2019, his team proceeded to isolate 13 new viruses, including one frozen under a lake more than 48,500 years ago, from seven different ancient Siberian permafrost samples — evidence to their ubiquity. Publishing the findings in a 2022 study, he emphasized that a viral infection from an unknown, ancient pathogen in humans, animals or plants could have potentially "disastrous" effects.

"50,000 years back in time takes us to when Neanderthal disappeared from the region," he says. "If Neanderthals died of an unknown viral disease and this virus resurfaces, it could be a danger to us."

"The gap between C# and Java never has been so small," according to October's update for TIOBE's "Programming Community Index".

"Currently, the difference is only 1.2%, and if the trends remain this way, C# will surpass Java in about 2 month's time." Java shows the largest decline of -3.92% and C# the largest gain of +3.29% of all programming languages (annually).

The two languages have always been used in similar domains and thus have been competitors for more than 2 decades now. Java's decline in popularity is mainly caused by Oracle's decision to introduce a paid license model after Java 8. Microsoft took the opposite approach with C#. In the past, C# could only be used as part of commercial tool Visual Studio. Nowadays, C# is free and open source and it's embraced by many developers.

There are also other reasons for Java's decline. First of all, the Java language definition has not changed much the past few years and Kotlin, its fully compatible direct competitor, is easier to use and free of charge.
"Java remains a critical language in enterprise computing," argues InfoWorld, "with Java 21 just released last month and Java 22 due next March. And free open source binaries of Java still are available via OpenJDK." InfoWorld also notes TIOBE's ranking is different than other indexes. TIOBE's top 10:

1. Python (14.82%)
2. C (12.08%)
3. C++ (10.67%)
4. Java (8.92%)
5. C# (7.71%)
6. JavaScript (2.91%)
7. Visual Basic (2.13%)
8. PHP (1.9%)
9. SQL (1.78%)
10. Assembly (1.64%)

And here's the Pypl Popularity of Programming Language (based on searches for language tutorials on Google):

1. Python, with a 28.05% share
2. Java (15.88%)
3. JavaScript (9.27%)
4. C# (6.79%)
5. C/C++ (6.59%)
6. PHP (4.86%)
7. R (4.45%)
8. TypeScript (2.93%)
9. Swift (2.69%)
10. Objective-C (2.29%)

Valve says it has no plans for a macOS version of the recently released game Counter-Strike 2, the follow-up title replacing the hugely popular FPS Counter-Strike: Global Offensive. From a report: Valve confirmed its decision and gave its reasons in a newly published Steam support FAQ: "As technology advances, we have made the difficult decision to discontinue support for older hardware, including DirectX 9 and 32-bit operating systems. Similarly, we will no longer support macOS. Combined, these represented less than one percent of active CS:GO players. Moving forward, Counter-Strike 2 will exclusively support 64-bit Windows and Linux."

Windows 10 may be just shy of two years away from the ax, but its successor, Windows 11, appears to be as unpopular as ever. From a report: The end of Windows 10 support is getting closer. Unless the company blinks, October 14, 2025, will be the end of the line for the Home and Pro editions of the operating system, yet users seem reluctant to move on to Windows 11. There was a marked reluctance by users to move from Windows 7, back in the day, but some of the reasons for hesitancy this time are different. The move to Windows 10 usually required the purchase of new hardware. It tended to be unavoidable -- 7 could run on far lower-spec devices than later versions. The move from Windows 10 to Windows 11 will also require new hardware, but for different reasons.

Infamously, Microsoft axed support for a raft of hardware with Windows 11, including older Intel CPUs, on security grounds. The result was that hardware that will run Windows 10 perfectly well will not accept the new operating system. And this is not due to performance problems (who remembers trying to run Vista on XP hardware?) but rather because of Microsoft's edict. The result? A collective shrug from PC users. Windows 10 does the job. Why upgrade? The figures speak for themselves. Windows 10 dominates the desktop. According to Statcounter, the worldwide Windows version desktop market share puts Windows 10 at 71.64 percent, with Windows 11 trailing at 23.61 percent.

An algorithm that takes just seconds to scan a paper for duplicated images racks up more suspicious images than a person. Nature: Scientific-image sleuth Sholto David blogs about image manipulation in research papers, a pastime that has exposed him to many accounts of scientific fraud. But other scientists "are still a little bit in the dark about the extent of the problem," David says. He decided he needed some data. The independent biologist in Pontypridd, UK, spent the best part of several months poring over hundreds of papers in one journal, looking for any with duplicated images. Then he ran the same papers through an artificial-intelligence (AI) tool. Working at two to three times David's speed, the software found almost all of the 63 suspect papers that he had identified -- and 41 that he'd missed. David described the exercise last month in a preprint, one of the first published comparisons of human versus machine for finding doctored images.

The findings come as academic publishers reckon with the problem of image manipulation in scientific papers. In a 2016 study, renowned image-forensics specialist Elisabeth Bik, based in San Francisco, California, and her colleagues reported that almost 4% of papers she had visually scanned in 40 biomedical-science journals contained inappropriately duplicated images. Not all image manipulation is done with nefarious intent. Authors might tinker with images by accident, for aesthetic reasons or to make a figure more understandable. But journals and others would like to catch images with alterations that cross the line, whatever the authors' motivation. And now they are turning to AI for help.

Some 200 universities, publishers and scientific societies already rely on Imagetwin, the tool that David used for his study. The software compares images in a paper with more than 25 million images from other publications -- the largest such database in the image-integrity world, according to Imagetwin's developers. Bik has been using Imagetwin regularly to supplement her own skills and calls it her "standard tool," although she emphasizes that the AI has weaknesses as well as strengths -- for instance, it can miss duplications in images with low contrast.

Long-time Slashdot reader theodp spotted a Reddit Ask Me Anything (AMA) this week with the Microsoft engineering team that created Python in Excel, a new feature that makes it possible to natively combine Python and Excel analytics in Excel workbooks. (Copilot integration is coming soon). Redditors expressed a wish to be able to run Python in environments other than the confines of the locked down, price-to-be-determined Microsoft Azure cloud containers employed by Python in Excel.

But "There were three main reasons behind starting with the cloud (as a GDPR Compliant Microsoft 365 Connected experience) first," MicrosoftExcelTeam explained:

1. Running Python securely on a local machine is a difficult problem. We treat all Python code in the workbook as untrusted, so we execute it in a hypervisor-isolated container on Azure that does not have any outbound network access. Python code and the data that it operates on is sent to be executed in the container. The Microsoft-licensed Python environment in the container is provided by Anaconda and was prepared using their stringent security practices as documented here.

2. Sharing Excel workbooks with others is a really important scenario. We wanted to ensure that the Python code in a workbook you share behaves the same when your teammates open it â" without requiring them to install and manage Python.

3. We need to ensure that the Python in Excel feature always works for our customers. The value of Python is in its ecosystem of libraries, not just in providing a Python interpreter. But managing a local Python environment is challenging even for the most experienced developers. By running on Azure, we remove the need for users or their systems administrators to maintain a local installation of Python on every machine that uses the feature in their organization...


So, how does one balance tradeoffs between increased security and ease-of-maintenance with the loss of functionality and increased costs when it comes to programming language use? Is it okay to just give up on making certain important basic functionality available, as Microsoft is doing here with Python and has done in the past by not supporting Excel VBA in the Cloud and no longer making BASIC available on PCs and Macs?
Microsoft's team added at one point that "For our initial release, we are targeting data analytics scenarios, and bringing the power of Python analytics libraries into Excel.

"We believe the approach weâ(TM)ve taken will appeal to analysts who use both Excel and Python Notebooks in their workflows. Today, these users need to import/export data and have no way of creating a self-contained artifact that can be easily and securely shared with their colleagues."

A company that acquires and sells zero-day exploits -- flaws in software that are unknown to the affected developer -- is now offering to pay researchers $20 million for hacking tools that would allow its customers to hack iPhones and Android devices. From a report: On Wednesday, Operation Zero announced on its Telegram accounts and on its official account on X, formerly Twitter, that it was increasing payments for zero-days in those platforms tenfold, from $200,000 to $20 million. "By increasing the premium and providing competitive plans and bonuses for contract works, we encourage the developer teams to work with our platform," the company wrote.

Operation Zero, which is based in Russia and launched in 2021, also added that "as always, the end user is a non-NATO country." On its official website, the company says that "our clients are Russian private and government organizations only." When asked why they only sell to non-NATO countries, Operation Zero CEO Sergey Zelenyuk declined to say. "No reasons other than obvious ones," he said. Zelenyuk also said that the bounties Operation Zero offer right now may be temporary, and a reflection of a particular time in the market, and the difficulty of hacking iOS and Android.

Stanford's president and a high-profile physicist are among those taken down by a growing wave of volunteers who expose faulty or fraudulent research papers. WSJ: An award-winning Harvard Business School professor and researcher spent years exploring the reasons people lie and cheat. A trio of behavioral scientists examining a handful of her academic papers concluded her own findings were drawn from falsified data. It was a routine takedown for the three scientists -- Joe Simmons, Leif Nelson and Uri Simonsohn -- who have gained academic renown for debunking published studies built on faulty or fraudulent data. They use tips, number crunching and gut instincts to uncover deception. Over the past decade, they have come to their own finding: Numbers don't lie but people do.

"Once you see the pattern across many different papers, it becomes like a one in quadrillion chance that there's some benign explanation," said Simmons, a professor at the Wharton School of the University of Pennsylvania and a member of the trio who report their work on a blog called Data Colada. Simmons and his two colleagues are among a growing number of scientists in various fields around the world who moonlight as data detectives, sifting through studies published in scholarly journals for evidence of fraud. At least 5,500 faulty papers were retracted in 2022, compared with 119 in 2002, according to Retraction Watch, a website that keeps a tally. The jump largely reflects the investigative work of the Data Colada scientists and many other academic volunteers, said Dr. Ivan Oransky, the site's co-founder. Their discoveries have led to embarrassing retractions, upended careers and retaliatory lawsuits.

Neuroscientist Marc Tessier-Lavigne stepped down last month as president of Stanford University, following years of criticism about data in his published studies. Posts on PubPeer, a website where scientists dissect published studies, triggered scrutiny by the Stanford Daily. A university investigation followed, and three studies he co-wrote were retracted. Stanford concluded that although Tessier-Lavigne didn't personally engage in research misconduct or know about misconduct by others, he "failed to decisively and forthrightly correct mistakes in the scientific record."