In 1980 a 23-year-old woman was shot multiple times by an unknown assailant in a small county in central Kansas.

44 years later, the county sheriff made a Facebook post... Over the years, dozens of law enforcement officers looked at the case to no avail. In mid-2022 I was approached by Detective Sgt. Adam Hales to reopen the case using new techniques and technology that were now available at the time of the murder. In all honesty, it was with some degree of skepticism that I authorized the expenditure of manpower and resources... Many of the witnesses as well as law enforcement officers that were originally involved in the case had died and interviews were not possible.
A statement from the Kansas attorney general's office says the police investigation culminated with an interview with Steven Hanks, a neighbor of the woman, who admitted to the killing. Hanks (who is now 70 years old) was arrested and charged with murder and second-degree, according to the county sheriff's Facebook post: On a personal note, I was 18 years old and a senior in high school when this homicide occurred. I remember it well. By 1982 I had started with the Sheriff's Office as a reserve deputy and have been associated with the Barton County Sheriff's Office ever since. I worked for the four Sheriff's that preceded me and this homicide has haunted all of us. It bothers me that many of the people who were so affected by this tragic crime have since passed away prior to bringing the suspect to justice. I consider myself fortunate that I had the resources and the diligent personnel to close this case.
The Facebook post ends with a 1980 photo of 23-year-old Mary Robin Walter — who besides being a nursing school student was also a wife and mother — next to a booking photo of 70-year-old Steven Hanks.

Hanks has been sentenced to up to 25 years in prison

Ben Werdmuller, an entrepreneur who leads tech for ProPublica, writes on the trust crisis brewing in Meta's Threads app. He posted a quick comment about the Internet Archive's legal troubles, only to find it blew up in unexpected ways. Turns out, Threads' algorithm tossed his post to folks way outside his usual crowd, and they weren't happy about the lack of context. He writes: The comments that really surprised me were the ones that accused me of engagement farming. I've never received these before, and it made me wonder about the underlying assumptions. Why would this be engagement farming? Why would someone do this? Why would they assume that about me? Turns out, Meta's been secretly paying select "creators" up to $5,000 per viral post, turning the platform into a digital gold rush. Now, every post is suspect.

Acer has announced its first Steam Deck and Asus ROG Ally competitor, the Acer Nitro Blaze 7. The Verge's Sean Hollister reports: Like Asus -- but unlike most rivals -- it features a seven-inch 1080p variable refresh rate IPS screen to keep things smooth, one that refreshes slightly faster at 144Hz. (Acer tells The Verge it's a landscape-native screen.) It's also got a newer Ryzen 7 8840HS chip, albeit with the same Radeon 780M integrated GPU as most other Windows handhelds. With 16GB of 7500 MT/s memory and a 50 watt-hour battery, it's a step ahead of the original Ally's 6400 MT/s memory and 40Wh pack, and it comes with up to 2TB worth of SSD storage. But with 24GB of memory and an 80Wh pack, the $800 Asus ROG Ally X is currently the Windows handheld to beat, so I suspect this Acer will need to cost quite a bit less to compete.

The Nitro has no touchpads, but it also unusually has no back buttons; most PC handhelds now have at least two macro keys around back. But I suspect some people will be happy that it not only has two USB4 ports but that one of them is on the bottom. Hopefully, we'll get our choice of whether to charge and dock from top or bottom with this portable PC. Acer released a product launch video on YouTube but hasn't shared pricing or release information.

The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains brief physical access to it, researchers said Tuesday. ArsTechnica: The cryptographic flaw, known as a side channel, resides in a small microcontroller that's used in a vast number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven't tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contain the same vulnerability.

YubiKey-maker Yubico issued an advisory in coordination with a detailed disclosure report from NinjaLab, the security firm that reverse-engineered the YubiKey 5 series and devised the cloning attack. All YubiKeys running firmware prior to version 5.7 -- which was released in May and replaces the Infineon cryptolibrary with a custom one -- are vulnerable. Updating key firmware on the YubiKey isn't possible. That leaves all affected YubiKeys permanently vulnerable.

Long-time Slashdot reader theodp writes: The Contingency Contingent, is Leigh Claire La Berge's amazing tale of what she calls her "fake job in Y2K preparedness." La Berge offers an insider's view of the madness that ensued when Y2K panic gave rise to seemingly-limitless spending at mega-corporations for massive enterprise-wide Y2K remediation projects led by management consulting firms that left clients with little to show for their money. (La Berge was an analyst for consulting firm Arthur Andersen, where "the Andersen position was that 'Y2K is a documentation problem, not a technology problem'.... At a certain point all that had happened yesterday was our documenting, so then we documented that. Then, exponentially, we had to document ourselves documenting our own documentation."). In what reads like the story treatment for an Office Space sequel, La Berge writes that it was a fake job "because Andersen was faking it."
From the article: The firm spent the late 1990s certifying fraudulent financial statements from Enron, the Texas-based energy company that made financial derivatives a household phrase, until that company went bankrupt in a cloud of scandal and suicide and Andersen was convicted of obstruction of justice, surrendered its accounting licenses, and shuttered. But that was later.

Finally, it was a fake job because the problem that the Conglomerate had hired Andersen to solve was not real, at least not in the sense that it needed to be solved or that Andersen could solve it. The problem was known variously as Y2K, or the Year 2000, or the Y2K Bug, and it prophesied that on January 1, 2000, computers the world over would be unable to process the thousandth-digit change from 19 to 20 as 1999 rolled into 2000 and would crash, taking with them whatever technology they were operating, from email to television to air-traffic control to, really, the entire technological infrastructure of global modernity. Hospitals might have emergency power generators to stave off the worst effects (unless the generators, too, succumbed to the Y2K Bug), but not advertising firms.

With a world-ending scenario on the horizon, employment standards were being relaxed. The end of the millennium had produced a tight labor market in knowledge workers, and new kinds of companies, called dot-coms, were angling to dominate the emergent world of e-commerce. Flush with cash, these companies were hoovering up any possessors of knowledge they could find. Friends from my gradeless college whose only experience in business had been parking-lot drug deals were talking stock options.
Looking back, the author remembers being "surprised by how quickly Y2K disappeared from office discourse as though censored..."

Their upcoming book is called Fake Work: How I Began to Suspect Capitalism is a Joke.

Brussels is investigating whether Telegram breached EU digital rules by failing to provide accurate user numbers [non-paywalled source], as officials push to bring the controversial messaging app under stricter supervision. Financial Times: EU legal and data experts suspect that the app has understated its presence in the EU to stay under a 45mn user threshold, above which large online platforms are subject to a swath of Brussels regulations designed to check their influence. The EU probe comes alongside a wide-ranging French investigation into alleged criminal activity on Telegram that led to the arrest on Saturday of its founder, Russian-born billionaire Pavel Durov.

Telegram has said Durov, who is now a French-Emirati citizen, has "nothing to hide." Telegram said in February it had 41mn users in the EU. Under the EU's Digital Services Act (DSA), Telegram was supposed to provide an updated number this month but did not, only declaring it had "significantly fewer than 45mn average monthly active recipients in the EU."

The Register's Liam Proven reports: Microsoft's in-house professional networking site is moving to Microsoft's in-house Linux. This could mean that big changes are coming for the former CBL-Mariner distro. Ievgen Priadka's post on the LinkedIn Engineering blog, titled Navigating the transition: adopting Azure Linux as LinkedIn's operating system, is the visible sign of what we suspect has been a massive internal engineering effort. It describes some of the changes needed to migrate what the post calls "most of our fleet" from the end-of-life CentOS 7 to Microsoft Azure Linux -- the distro that grew out of and replaced its previous internal distro, CBL-Mariner.

This is an important stage in a long process. Microsoft acquired LinkedIn way back in 2016. Even so, as recently as the end of last year, we reported that a move to Azure had been abandoned, which came a few months after it laid off almost 700 LinkedIn staff -- the majority in R&D. The blog post is over 3,500 words long, so there's quite a lot to chew on -- and we're certain that this has been passed through and approved by numerous marketing and management people and scoured of any potentially embarrassing admissions. Some interesting nuggets remain, though. We enjoyed the modest comment that: "However, with the shift to CentOS Stream, users felt uncertain about the project's direction and the timeline for updates. This uncertainty created some concerns about the reliability and support of CentOS as an operating system." [...]

There are some interesting technical details in the post too. It seems LinkedIn is running on XFS -- also the RHEL default file system, of course -- with the notable exception of Hadoop, and so the Azure Linux team had to add XFS support. Some CentOS and actual RHEL is still used in there somewhere. That fits perfectly with using any of the RHELatives. However, the post also mentions that the team developed a tool to aid with deploying via MaaS, which it explicitly defines as Metal as a Service. MaaS is a Canonical service, although it does support other distros -- so as well as CentOS, there may have been some Ubuntu in the LinkedIn stack as well. Some details hint at what we suspect were probably major deployment headaches. [...] Some of the other information covers things the teams did not do, which is equally informative. [...]

An anonymous reader quotes a report from Bloomberg: People in a quiet neighborhood in Carthage, a town in Moore County, North Carolina, heard a series of six loud pops a few minutes before 8:00 p.m. on Dec. 3, 2022. A resident named Michael Campbell said he ducked at the sound. Another witness told police they thought they were hearing fireworks. The noise turned out to be someone shooting a rifle at a power substation next door to Campbell's home. The substation, operated by the utility Duke Energy Corp., consists of equipment that converts electricity into different voltages as it's transported to the area and then steered into individual houses. The shots hit the radiator of an electrical transformer, a sensitive piece of technology whose importance would likely be understood only by utility company employees. It began dumping a "vast amount" of oil, according to police reports. A subsequent investigation has pointed to a local right-wing group, one of a wave of attacks or planned attacks on power infrastructure.

By 8:10 the lights in Carthage went out. Minutes later, a security alarm went off at a Duke Energy substation 10 miles away, this one protected from view by large pine trees. When company personnel responded, they found that someone had shot its transformer radiator, too. Police found shell casings on the ground at the site and noticed someone had slashed the tires on nearby service trucks. The substations were designed to support each other, with one capable of maintaining service if the other went down. Knocking out both facilities prevented the company from rerouting power. Police described the two incidents as a coordinated attack. About 45,000 families and businesses remained dark for four days. This was a burden for area grocery stores and local emergency services. One woman, 87-year-old Karin Zoanelli, died in the hours after the shooting when the blackout caused her oxygen machine to stop operating. The North Carolina Medical Examiner's office classified the death as a homicide.

The attack on Duke's facilities in Moore County remains unsolved, but law enforcement officials and other experts suspect it's part of a rising trend of far-right extremists targeting power infrastructure in an attempt to sow chaos. The most ambitious of these saboteurs hope to usher in societal collapse, paving the way for the violent overthrow of the US government, according to researchers who monitor far-right communities. Damaging the power grid has long been a fixation of right-wing extremists, who have plotted such attacks for many years. They've been getting a boost recently from online venues such as "Terrorgram," a loose network of channels on the social media platform Telegram where users across the globe advocate violent white supremacism. In part, people use Terrorgram to egg one another on -- a viral meme shows a stick figure throwing a Molotov cocktail at electrical equipment. People on the forum have also seized on recent anti-immigration riots in the UK, inciting people there to clash with police. In June 2022, months before the Moore County shootings, users on the forum began offering more practical support in the form of a 261-page document titled "Hard Reset," which includes specific directions on how to use automatic weapons, explosives and mylar balloons to disrupt electricity. One of the document's suggestions is to shoot high-powered firearms at substation transformers.

An anonymous reader quotes a report from the Electronic Frontier Foundation (EFF): In a major decision on Friday, the federal Fifth Circuit Court of Appeals held (PDF) that geofence warrants are "categorically prohibited by the Fourth Amendment." Closely following arguments EFF has made in a number of cases, the court found that geofence warrants constitute the sort of "general, exploratory rummaging" that the drafters of the Fourth Amendment intended to outlaw. EFF applauds this decision because it is essential that every person feels like they can simply take their cell phone out into the world without the fear that they might end up a criminal suspect because their location data was swept up in open-ended digital dragnet. The new Fifth Circuit case, United States v. Smith, involved an armed robbery and assault of a US Postal Service worker at a post office in Mississippi in 2018. After several months of investigation, police had no identifiable suspects, so they obtained a geofence warrant covering a large geographic area around the post office for the hour surrounding the crime. Google responded to the warrant with information on several devices, ultimately leading police to the two defendants.

On appeal, the Fifth Circuit reached several important holdings. First, it determined that under the Supreme Court's landmark ruling in Carpenter v. United States, individuals have a reasonable expectation of privacy in the location data implicated by geofence warrants. As a result, the court broke from the Fourth Circuit's deeply flawed decision last month in United States v. Chatrie, noting that although geofence warrants can be more "limited temporally" than the data sought in Carpenter, geofence location data is still highly invasive because it can expose sensitive information about a person's associations and allow police to "follow" them into private spaces. Second, the court found that even though investigators seek warrants for geofence location data, these searches are inherently unconstitutional. As the court noted, geofence warrants require a provider, almost always Google, to search "the entirety" of its reserve of location data "while law enforcement officials have no idea who they are looking for, or whether the search will even turn up a result." Therefore, "the quintessential problem with these warrants is that they never include a specific user to be identified, only a temporal and geographic location where any given user may turn up post-search. That is constitutionally insufficient."

Unsurprisingly, however, the court found that in 2018, police could have relied on such a warrant in "good faith," because geofence technology was novel, and police reached out to other agencies with more experience for guidance. This means that the evidence they obtained will not be suppressed in this case.

An anonymous reader quotes a report from Ars Technica: Hackers delivered malware to Windows and Mac users by compromising their Internet service provider and then tampering with software updates delivered over unsecure connections, researchers said. The attack, researchers from security firm Volexity said, worked by hacking routers or similar types of device infrastructure of an unnamed ISP. The attackers then used their control of the devices to poison domain name system responses for legitimate hostnames providing updates for at least six different apps written for Windows or macOS. The apps affected were the 5KPlayer, Quick Heal, Rainmeter, Partition Wizard, and those from Corel and Sogou.

Because the update mechanisms didn't use TLS or cryptographic signatures to authenticate the connections or downloaded software, the threat actors were able to use their control of the ISP infrastructure to successfully perform machine-in-the-middle (MitM) attacks that directed targeted users to hostile servers rather than the ones operated by the affected software makers. These redirections worked even when users employed non-encrypted public DNS services such as Google's 8.8.8.8 or Cloudflare's 1.1.1.1 rather than the authoritative DNS server provided by the ISP. "That is the fun/scary part -- this was not the hack of the ISPs DNS servers," Volexity CEO Steven Adair wrote in an online interview. "This was a compromise of network infrastructure for Internet traffic. The DNS queries, for example, would go to Google's DNS servers destined for 8.8.8.8. The traffic was being intercepted to respond to the DNS queries with the IP address of the attacker's servers."

In other words, the DNS responses returned by any DNS server would be changed once it reached the infrastructure of the hacked ISP. The only way an end user could have thwarted the attack was to use DNS over HTTPS or DNS over TLS to ensure lookup results haven't been tampered with or to avoid all use of apps that deliver unsigned updates over unencrypted connections. As an example, the 5KPlayer app uses an unsecure HTTP connection rather than an encrypted HTTPS one to check if an update is available and, if so, to download a configuration file named Youtube.config. StormBamboo, the name used in the industry to track the hacking group responsible, used DNS poisoning to deliver a malicious version of the Youtube.config file from a malicious server. This file, in turn, downloaded a next-stage payload that was disguised as a PNG image. In fact, it was an executable file that installed malware tracked under the names MACMA for macOS devices or POCOSTICK for Windows devices. As for the hacked ISP, the security firm said "it's not a huge one or one you'd likely know."

"In our case the incident is contained but we see other servers that are actively serving malicious updates but we do not know where they are being served from. We suspect there are other active attacks around the world we do not have purview into. This could be from an ISP compromise or a localized compromise to an organization such as on their firewall."

In a note to clients, seen by Slashdot, brokerage house Jefferies writes: Netflix's last price hike on the standard plan was in Jan 2022, its ad- supported plan remains the cheapest (among major players) in the industry, and its move into live sports increases pricing power - for these 3 reasons we suspect a price hike in Q4 or December of this year could be coming on the standard plan.

As stated in the Q4 2023 letter (following the announcement of WWE Raw coming in 2025): "As we invest in and improve Netflix, we'll occasionally ask our members to pay a little extra to reflect those improvements, which in turn helps drive the positive flywheel of additional investment." We believe Netflix has been positioning itself throughout this year for a year-end price hike. December / 2025 will have major content releases supporting a pricing increase including the Christmas NFL game, Squid Game 2 on Dec. 26th (season 1 - the #1 watched NFLX show of all time), WWE Raw starting Jan 2025, and Stranger Things 5 coming in 2025 (season 3 / 4 in top 10 of all-time).

Something is pumping out large amounts of oxygen at the bottom of the Pacific Ocean, at depths where a total lack of sunlight makes photosynthesis impossible. Nature: The phenomenon was discovered in a region strewn with ancient, plum-sized formations called polymetallic nodules, which could play a part in the oxygen production by catalysing the splitting of water molecules, researchers suspect. The findings are published in Nature Geoscience. "We have another source of oxygen on the planet, other than photosynthesis," says study co-author Andrew Sweetman, a sea-floor ecologist at the Scottish Association for Marine Science in Oban, UK -- although the mechanism behind this oxygen production remains a mystery. The findings could also have implications for understanding how life began, he says, as well as for the possible impact of deep-sea mining in the region.

The observation is "fascinating," says Donald Canfield, a biogeochemist at the University of Southern Denmark in Odense. "But I find it frustrating, because it raises a lot of questions and not very many answers." Sweetman and his collaborators first noticed something amiss during field work in 2013. The researchers were studying sea-floor ecosystems in the Clarion-Clipperton Zone, an area between Hawaii and Mexico that is larger than India and a potential target for the mining of metal-rich nodules. During such expeditions, the team releases a module that sinks to the sea floor to perform automated experiments. Once there, the module drives cylindrical chambers down to close off small sections of the sea floor -- together with some seawater -- and create "an enclosed microcosm of the seafloor," the authors write. The lander then measures how the concentration of oxygen in the confined seawater changes over periods of up to several days.

Without any photosynthetic organisms releasing oxygen into the water, and with any other organisms consuming the gas, oxygen concentrations inside the chambers should slowly fall. Sweetman has seen that happen in studies he has conducted in areas of the Southern, Arctic and Indian oceans, and in the Atlantic. Around the world, sea-floor ecosystems owe their existence to oxygen carried by currents from the surface, and would quickly die if cut off. (Most of that oxygen originates in the North Atlantic and is carried to deep oceans around the world by a 'global conveyor belt.')

Jowi Morales reports via Tom's Hardware: There's a vast difference between hardware and software developers, which opens up pitfalls for those trying to coordinate the two teams. Arm and x86 researchers encountered it years ago -- and Linus Torvalds, the creator of Linux, fears RISC-V development may fall into the same chasm again. "Even when you do hardware design in a more open manner, hardware people are different enough from software people [that] there's a fairly big gulf between the Verilog and even the kernel, much less higher up the stack where you are working in what [is] so far away from the hardware that you really have no idea how the hardware works," he said (video here). "So, it's really hard to kind of work across this very wide gulf of things and I suspect the hardware designers, some of them have some overlap, but they will learn by doing mistakes -- all the same mistakes that have been done before." [...]

"They'll have all the same issues we have on the Arm side and that x86 had before them," he says. "It will take a few generations for them to say, 'Oh, we didn't think about that,' because they have new people involved." But even if RISC-V development is still expected to make many mistakes, he also said it will be much easier to develop the hardware now. Linus says, "It took a few decades to really get to the point where Arm and x86 are competing on fairly equal ground because there was al this software that was fairly PC-centric and that has passed. That will make it easier for new architectures like RISC-V to then come in."

An anonymous reader quotes a report from TechCrunch: As deep-pocketed companies like Amazon, Google and Walmart invest in and experiment with drone delivery, a phenomenon reflective of this modern era has emerged. Drones, carrying snacks and other sundries, are being shot out of the sky. Incidents are still rare. However, a recent arrest in Florida, in which a man allegedly shot down a Walmart drone, raises questions of what the legal ramifications are and whether those consequences could escalate if these events become more common. [...] While consumer drones have been proliferating for well over a decade, the question of legal ramifications hasn't been wholly clear. The Federal Aviation Administration (FAA) gave us a partial answer following a 2016 drone shooting in Arkansas. At the time, the FAA pointed interested parties to 18 U.S.C. 32. The law, titled "Aircraft Sabotage," is focused on the wanton destruction of "any aircraft in the special aircraft jurisdiction of the United States or any civil aircraft used, operated or employed in interstate, overseas, or foreign air commerce."

At first glance, the law appears primarily focused on manned aircraft, including a provision that "makes it a Federal offense to commit an act of violence against any person on the aircraft, not simply crew members, if the act is likely to endanger the safety of the aircraft." In responding to the Arkansas drone shooting, however, the FAA asserts that such protections can be interpreted to also include UAVs (unmanned aerial vehicles). The language does, indeed, appear broad enough to cover drones. That means, in turn, that the penalties are potentially as stiff. The subject was revived after a 2020 incident in Minnesota. In that case, the suspect was hit with felony charges relating to criminal damage and discharging a weapon within city limits. Those would likely also be the charges in most scenarios involving property, rather than bodily damage, drone or not. Even with these examples, there is not a rigid rule that predicts if or when prosecutors might also introduce a federal charge like 18 U.S.C. 32.

As the legal blog Above the Law notes, in most cases, the federal government has deferred to state law for enforcement. Meanwhile, in most cases where 18 U.S.C. 32 has been applied, if a human crew/passengers are involved, there could be other potential charges like murder. It certainly can be argued that shooting a large piece of hardware out of the sky in a heavily populated area invites its own potential for bodily harm, though it may not be prosecuted in the same manner. As drone delivery increases in the U.S., however, we may soon have an answer to the role federal legislation like 18 U.S.C. 32 will play in UAV shootings. Adding that into the picture brings penalties, including fines and up to 20 years in prison, potentially compounding those consequences. What is clear, though, is that the consequences can be severe, whether it is invoked.

Top Eurocops are appealing for help from lawmakers to undermine a privacy-enhancing technology (PET) they say is hampering criminal investigations -- and it's not end-to-end encryption this time. Not exactly. From a report: Europol published a position paper today highlighting its concerns around SMS home routing -- the technology that allows telcos to continue offering their services when customers visit another country. Most modern mobile phone users are tied to a network with roaming arrangements in other countries. EE customers in the UK will connect to either Telefonica or Xfera when they land in Spain, or T-Mobile in Croatia, for example.

While this usually provides a fairly smooth service for most roamers, Europol is now saying something needs to be done about the PETs that are often enabled in these home routing setups. According to the cops, they pointed out that when roaming, a suspect in a criminal case who's using a SIM from another country will have all of their mobile communications processed through their home network. If a crime is committed by a Brit in Germany, for example, then German police couldn't issue a request for unencrypted data as they could with a domestic operator such as Deutsche Telekom.

An anonymous reader quotes an op-ed written by Kenneth Roth, former executive director of Human Rights Watch (1993-2022) and a visiting professor at Princeton's School of Public and International Affairs: Julian Assange's lengthy detention has finally ended, but the danger that his prosecution poses to the rights of journalists remains. As is widely known, the U.S. government's pursuit of Assange under the Espionage Act threatens to criminalize common journalistic practices. Sadly, Assange's guilty plea and release from custody have done nothing to ease that threat. That Assange was indicted under the Espionage Act, a U.S. law designed to punish spies and traitors, should not be considered the normal course of business. Barack Obama's justice department never charged Assange because it couldn't distinguish what he had done from ordinary journalism. The espionage charges were filed by the justice department of Donald Trump. Joe Biden could have reverted to the Obama position and withdrawn the charges but never did.

The 18-count indictment filed under Trump accused Assange of having solicited secret U.S. government information and encouraged Chelsea Manning to provide it. Manning committed a crime when she delivered that information because she was a government employee who had pledged to safeguard confidential information on pain of punishment. But Assange's alleged solicitation of that information, and the steps he was said to have taken to ensure that it could be transferred anonymously, are common procedure for many journalists who report on national security issues. If these practices were to be criminalized, our ability to monitor government conduct would be seriously compromised. To make matters worse, someone accused under the Espionage Act is not allowed to argue to a jury that disclosures were made in the public interest. The unauthorized disclosure of secret information deemed prejudicial to national security is sufficient for conviction regardless of motive.

To justify Espionage Act charges, the Trump-era prosecutors stressed that Assange was accused of not only soliciting and receiving secret government information but also agreeing to help crack a password that would provide access to U.S. government files. That is not ordinary journalistic behavior. An Espionage Act prosecution for computer hacking is very different from a prosecution for merely soliciting and receiving secret information. Even if it would not withdraw the Trump-era charges, Biden's justice department could have limited the harm to journalistic freedom by ensuring that the alleged computer hacking was at the center of Assange's guilty plea. In fact, it was nowhere to be found. The terms for the proceeding were outlined in a 23-page "plea agreement" filed with the U.S. District Court for the Northern Mariana Islands, where Assange appeared by consent. Assange agreed to plead guilty to a single charge of violating the Espionage Act, but under U.S. law, it is not enough to plead in the abstract. A suspect must concede facts that would constitute an offense. "One effect of the guilty plea is that there will be no legal challenge to the prosecution, and hence no judicial decision on whether this use of the Espionage Act violates the freedom of the media as protected by the first amendment of the U.S. constitution," notes Roth. "That means that just as prosecutors overreached in the case of Assange, they could do so again."

"[M]edia protections are not limited to journalists who are deemed responsible. Nor do we want governments to make judgments about which journalists deserve First Amendment safeguards. That would quickly compromise media freedom for all journalists."

Roth concludes: "Imperfect journalist that he was, Assange should never have been prosecuted under the Espionage Act. It is unfortunate that the Biden administration didn't take available steps to mitigate that harm."

An anonymous reader quotes a report from Ars Technica: Temu -- the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it -- is "dangerous malware" that's secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit (PDF) filed Tuesday. Griffin cited research and media reports exposing Temu's allegedly nefarious design, which "purposely" allows Temu to "gain unrestricted access to a user's phone operating system, including, but not limited to, a user's camera, specific location, contacts, text messages, documents, and other applications."

"Temu is designed to make this expansive access undetected, even by sophisticated users," Griffin's complaint said. "Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place." Griffin fears that Temu is capable of accessing virtually all data on a person's phone, exposing both users and non-users to extreme privacy and security risks. It appears that anyone texting or emailing someone with the shopping app installed risks Temu accessing private data, Griffin's suit claimed, which Temu then allegedly monetizes by selling it to third parties, "profiting at the direct expense" of users' privacy rights. "Compounding" risks is the possibility that Temu's Chinese owners, PDD Holdings, are legally obligated to share data with the Chinese government, the lawsuit said, due to Chinese "laws that mandate secret cooperation with China's intelligence apparatus regardless of any data protection guarantees existing in the United States."

Griffin's suit cited an extensive forensic investigation into Temu by Grizzly Research -- which analyzes publicly traded companies to inform investors -- last September. In their report, Grizzly Research alleged that PDD Holdings is a "fraudulent company" and that "Temu is cleverly hidden spyware that poses an urgent security threat to United States national interests." As Griffin sees it, Temu baits users with misleading promises of discounted, quality goods, angling to get access to as much user data as possible by adding addictive features that keep users logged in, like spinning a wheel for deals. Meanwhile hundreds of complaints to the Better Business Bureau showed that Temu's goods are actually low-quality, Griffin alleged, apparently supporting his claim that Temu's end goal isn't to be the world's biggest shopping platform but to steal data. Investigators agreed, the lawsuit said, concluding "we strongly suspect that Temu is already, or intends to, illegally sell stolen data from Western country customers to sustain a business model that is otherwise doomed for failure." Seeking an injunction to stop Temu from allegedly spying on users, Griffin is hoping a jury will find that Temu's alleged practices violated the Arkansas Deceptive Trade Practices Act (ADTPA) and the Arkansas Personal Information Protection Act. If Temu loses, it could be on the hook for $10,000 per violation of the ADTPA and ordered to disgorge profits from data sales and deceptive sales on the app. In a statement to Ars, a Temu spokesperson discredited Grizzly Research's investigation and said that the company was "surprised and disappointed by the Arkansas Attorney General's Office for filing the lawsuit without any independent fact-finding."

"The allegations in the lawsuit are based on misinformation circulated online, primarily from a short-seller, and are totally unfounded," Temu's spokesperson said. "We categorically deny the allegations and will vigorously defend ourselves."

"We understand that as a new company with an innovative supply chain model, some may misunderstand us at first glance and not welcome us. We are committed to the long-term and believe that scrutiny will ultimately benefit our development. We are confident that our actions and contributions to the community will speak for themselves over time." Last year, Temu was the most downloaded app in the U.S. and has only become more popular as reports of security and privacy risks have come out.

The Ukraine cyber police, supported by information from the Dutch police, arrested a 28-year-old Russian man in Kyiv for aiding Conti and LockBit ransomware operations by making their malware undetectable and conducting at least one attack himself. He was arrested on April 18, 2024, as part of a global law enforcement operation known as "Operation Endgame," which took down various botnets and their main operators. "As the Conti ransomware group used some of those botnets for initial access on breached endpoints, evidence led investigators to the Russian hacker," reports BleepingComputer. From the report: The Ukrainian police reported that the arrested individual was a specialist in developing custom crypters for packing the ransomware payloads into what appeared as safe files, making them FUD (fully undetectable) to evade detection by the popular antivirus products. The police found that the man was selling his crypting services to both the Conti and LockBit cybercrime syndicates, helping them significantly increase their chances of success on breached networks. The Dutch police confirmed at least one case of the arrested individual orchestrating a ransomware attack in 2021, using a Conti payload, so he also operated as an affiliate for maximum profit.

"As part of the pre-trial investigation, police, together with patrol officers of the special unit "TacTeam" of the TOR DPP battalion, conducted a search in Kyiv," reads the Ukraine police announcement. "Additionally, at the international request of law enforcement agencies in the Netherlands, a search was conducted in the Kharkiv region." [...] The suspect has already been charged with Part 5 of Article 361 of the Criminal Code of Ukraine (Unauthorized interference in the work of information, electronic communication, information and communication systems, electronic communication networks) and faces up to 15 years imprisonment.

"The first European Space Agency instrument to land on the Moon has detected the presence of negative ions on the lunar surface produced through interactions with the solar wind," according to a statement from the agency, collecting over three hours of data, "three times more than what the science teams needed for mission success..." The solar wind is a constant flow of radiation and particles from the Sun. Earth's magnetic field acts as a shield. In contrast, the Moon has no magnetic field and a very tenuous atmosphere, called the exosphere. When the solar wind hits the Moon,âthe surface reacts, kicking up secondary particles... While the positively charged particles have been measured from orbit before, measuring negative particles was a challenge. Negative ions are short-lived and cannot make it to orbit.
The instrument was dropped off by China's Chang'e-6 lunar lander, and Europe's ground stations are also providing support for that mission. Futurism reports: Within just over 48 hours, China's Chang'e-6 lunar touched down on the far side of the Moon, successfully scooped up samples, and kicked off once again. It was an extraordinary feat, representing the first-ever samples ever collected from the side of the Moon that permanently faces away from us. During its brief visit, the lander also dropped off several scientific payloads on the lunar service, including the European Space Agency's Negative Ions at the Lunar Surface instrument.
The lander also unfurled China's red and gold flag for the first time on the far side of the moon, according to the Associated Press. And then... Its ascender lifted off Tuesday morning at 7:38 a.m. Beijing time, with its engine burning for about six minutes as it entered a preset orbit around the moon, the China National Space Administration said. The agency said the spacecraft withstood a high temperature test on the lunar surface, and acquired the samples using both drilling and surface collection before stowing them in a container inside the ascender of the probe as planned. The container will be transferred to a reentry capsule that is due to return to Earth in the deserts of China's Inner Mongolia region about June 25.
The samples "could help researchers figure out why the moon's two sides are so starkly different," writes Science News: Spacecraft observations of the farside show very little volcanic activity. Some scientists suspect that this is because the nearside crust is much thinner, which would have allowed more magma to come up from below the surface, says Kerri Donaldson Hanna, a planetary geologist at the University of Central Florida in Orlando.

There is evidence that some volcanism occurred in the South Pole-Aitken basin and in Apollo crater, though it appears this activity happened roughly 3.5 billion years ago. It's possible the impact that created both Aiken and Apollo weakened the lunar crust, forming fractures and allowing magma to flow. The samples onboard Chang'e-6 could contain clues as to whether or not this happened.

Both Chinese and international researchers will be able to study the material. Donaldson Hanna is looking forward to seeing what insights will be gleaned from Chang'e-6 as well as future landers, such as those in NASA's Commercial Lunar Payload Services program.
Thanks to Slashdot reader cusco for sharing the news.

An anonymous reader quotes a report from New Atlas: The universe is awash with strange radio signals, but astronomers have now detected a really bizarre one that repeats every hour, cycling through three different states. While they have some ideas about its origin it can't be explained by our current understanding of physics. The signal first appeared in data gathered by the ASKAP radio telescope in Australia, which watches a big swath of sky at once for transient pulses. Officially designated ASKAP J1935+2148, the signal seems to repeat every 53.8 minutes. Whatever it is, the signal cycles through three different states. Sometimes it shoots out bright flashes that last between 10 and 50 seconds and have a linear polarization, meaning the radio waves all "point" in the same direction. Other times, its pulses are much weaker with a circular polarization, lasting just 370 milliseconds. And sometimes, the object misses its cue and stays silent.

So what could be behind such a weird radio signal? Let's get it out of the way up front: it's not aliens (probably). The most likely explanation, according to the scientists who discovered it, is that it's coming from a neutron star or a white dwarf. But it's not a neat solution, since the signal's weird properties don't fit with our understanding of the physics of those two kinds of objects. Neutron stars and white dwarfs are fairly similar, but with some key differences. They're both born from the deaths of bigger stars, with the original mass dictating whether you end up with a neutron star or a white dwarf. Neutron stars are known to blast radio waves out regularly, so they're a prime suspect here. It's possible that signals this varied could be produced by interactions between their strong magnetic fields and complex plasma flows. But there's a major problem: they usually spin at speeds of seconds or fractions of a second per revolution. It should be physically impossible for one to spin as slow as once every 54 minutes. White dwarfs, on the other hand, would have no problem spinning that slowly, but as the team says, "we don't know of any way one could produce the radio signals we are seeing here." "It might even prompt us to reconsider our decades-old understanding of neutron stars or white dwarfs; how they emit radio waves and what their populations are like in our Milky Way galaxy," added Caleb.

The findings have been published in the journal Nature Astronomy.