An anonymous reader quotes a report from Ars Technica: In the decade since larger-than-life character Kim Dotcom founded Mega, the cloud storage service has amassed 250 million registered users and stores a whopping 120 billion files that take up more than 1,000 petabytes of storage. A key selling point that has helped fuel the growth is an extraordinary promise that no top-tier Mega competitors make: Not even Mega can decrypt the data it stores. On the company's homepage, for instance, Mega displays an image that compares its offerings to Dropbox and Google Drive. In addition to noting Mega's lower prices, the comparison emphasizes that Mega offers end-to-end encryption, whereas the other two do not. Over the years, the company has repeatedly reminded the world of this supposed distinction, which is perhaps best summarized in this blog post. In it, the company claims, "As long as you ensure that your password is sufficiently strong and unique, no one will ever be able to access your data on MEGA. Even in the exceptionally improbable event MEGA's entire infrastructure is seized!" (emphasis added). Third-party reviewers have been all too happy to agree and to cite the Mega claim when recommending the service.

Research published on Tuesday shows there's no truth to the claim that Mega, or an entity with control over Mega's infrastructure, is unable to access data stored on the service. The authors say that the architecture Mega uses to encrypt files is riddled with fundamental cryptography flaws that make it trivial for anyone with control of the platform to perform a full key recovery attack on users once they have logged in a sufficient number of times. With that, the malicious party can decipher stored files or even upload incriminating or otherwise malicious files to an account; these files look indistinguishable from genuinely uploaded data.

After receiving the researchers' report privately in March, Mega on Tuesday began rolling out an update that makes it harder to perform the attacks. But the researchers warn that the patch provides only an "ad hoc" means for thwarting their key-recovery attack and does not fix the key reuse issue, lack of integrity checks, and other systemic problems they identified. With the researchers' precise key-recovery attack no longer possible, the other exploits described in the research are no longer possible, either, but the lack of a comprehensive fix is a source of concern for them. "This means that if the preconditions for the other attacks are fulfilled in some different way, they can still be exploited," the researchers wrote in an email. "Hence we do not endorse this patch, but the system will no longer be vulnerable to the exact chain of attacks that we proposed." Mega has published an advisory here. However, the chairman of the service says that he has no plans to revise promises that the company cannot access customer data.

For one brief limited period of time, New Orleans locals "will have a chance to try the first craft beer created by an AI platform," according to a report from local station WGNO: The AI Blonde Ale will be released at a Launch Party at NOLA Brewery on June 20 to coincide with CVPR, the world's premier computer vision event. Derek Lintern, a brewer at NOLA Brewing said he is excited to have a helping hand when it comes to crafting beer.

"It's state-of-the-art technology with the traditional brewing methods, it's pretty unique and it's a recipe I would have never done normally but I really like how it tastes. Its very refreshing and very easy drinking I'm really happy with it," said Lintern....

The technology helps create the recipe, but the beer is still brewed manually.
The name of the company that brought the AI to the brewery? "Deep Liquid.

In 2019 SEO toolset provider Ahrefs announced it would build it's own search engine, remembers Search Engine Land. After investing $60 million of its own money, this month that search engine has finally launched with the name of "Yep", and Ahrefs "is positioning it as a Googe competitor.

"However, we've seen plenty of Google competitors and Google "killers" come and go over the past two decades. So for now, let's just call it a Google alternative... Yep will not collect personal information (e.g., geolocation, name, age, gender) by default. Your Yep search history will not be stored anywhere.

What Yep will rely on is aggregated search statistics to improve algorithms, spelling corrections, and search suggestions, the company said. "In other words, we do save certain data on searches, but never in a personally identifiable way," said Ahrefs CEO Dmytro Gerasymenko.... What Yep will use is a searcher's:

- Entered keywords.
- Language preference received from the browser.
- Approximate geographical area at the origin of the search at the scale of a region or a city (deduced from the IP address)....

AhrefsBot visits more than 8 billion webpages every 24 hours, which makes it the second most active crawler on the web, behind only Google, Ahrefs said. For 12 years, AhrefsBot has been crawling the web. They had just been using the AhrefsBot data to power its link database and SEO insights. The Yep search index is updated every 15 to 30 minutes. Daily, the company adds 30 million webpages and drops 20 million.

Ahrefs said its Singapore data center is powered by around 1,000 servers that store and process 100 petabytes of web data (webpages, links between them, and the search index). Each server uses at least 2x 100GB connections... Before the end of the year, Ahrefs plans to open a U.S.-based data center.
"It's a unique proposition," reports TechCrunch, "running its own search index, rather than relying on APIs from Google or Bing.

"As for the name? I dunno; Yep seems pretty daft to me, but I guess at least the name is one character shorter than Bing, the other major search engine I'll only ever use by accident." Name aside, Yep is taking a fresh new path through the world of internet advertising, claiming that it's giving 90% of its ad revenues to content creators. The pitch is pretty elegant:

"Let's say that the biggest search engine in the world makes $100B a year. Now, imagine if they gave $90B to content creators and publishers," the company paints a picture of the future it wants to live in. "Wikipedia would probably earn a few billion dollars a year from its content. They'd be able to stop asking for donations and start paying the people who polish their articles a decent salary."

It's an impressively quixotic windmill to fight for the bootstrapped company Ahrefs. Its CEO sheds some light on why this makes sense to him:

"Creators who make search results possible deserve to receive payments for their work...."

Perhaps it sounds a little idealistic, but damn it, that's what made me excited about Yep in the first place. It represents the faintest of echoes from a web more innocent and more hopeful than the social-media poisoned cesspool of chaos and fake news we often find ourselves in today.
Search Engine Land points out that DuckDuckGo, which launched in 2008, "gets as many searches per year (~15.7 billion) as Google gets in about two or three days. Even Microsoft Bing — which is owned by Microsoft, the third-largest company on the planet by market cap — has failed to make a significant dent in Google's search market share since 2009."

But they also quote Ahrefs CEO Dmytro Gerasymenko as saying in 2019, "If we succeed in our endeavors, Google will finally get some long overdue competition for search."

Crayta, a platform that lets players create, share, and play games with friends, is coming to Facebook Gaming's cloud-streaming service. The Verge reports: The collaborative game-building platform is built on Unreal Engine 4 and features a library of thousands of player-made games users can browse or add to with their own creations. While Crayta shares the element of game creation with Roblox, it also takes some cues from Fortnite, with the most obvious being its bright and cartoonish art. It also has rotating seasons, offers a battle pass, and lets users customize their own avatars. But probably one of the coolest -- and most unique -- things about Crayta is that it lets you share a game with just a single link, allowing your friend to hop right in from their browser. "A lot of times today, people think about the metaverse as 3D experiences you can have in virtual and augmented reality, but I think what Crayta shows is that you can both build and enjoy these kind of experiences really easily on all kinds of 2D environments including just within the Facebook App on phones and on computers," Mark Zuckerberg said in a video showing off Crayta's addition to its cloud gaming platform.

An anonymous reader quotes a report from XDA Developers: Google created Flutter a number of years ago, with the aim to make a cross-platform software framework. Flutter's biggest strength is that it can be used to build applications for Android, iOS, Linux, Windows, macOS, and even the web, and all from the same shared codebase. While building apps for Windows received stable support back in February, both macOS and Linux were still only in beta. Now that's changing, as Google has announced Flutter 3 at this year's Google I/O, complete with stable support for building apps for macOS and Linux.

Of course, cross-platform support for both of these new platforms requires more than just programs being able to run. They need to fit in with the rest of the experience, and they need to support specific features that may be unique, as well. That's why Google is highlighting two things: the first is that Linux support helped by Canonical (the publisher of Ubuntu) and Google collaborating in order to "offer a highly-integrated, best-of-breed option for development."

As Google puts it, Canonical is already developing with "Flutter for key shell experiences including installation and firmware updates." What's more, their Linux-specific packages "provide an idiomatic API for core operating system services including dbus, gsettings, networkmanager, Bluetooth and desktop notifications, as well as a comprehensive theme and widget set for Yaru, the Ubuntu look and feel." As for macOS, Google invested in supporting both Intel and Apple Silicon devices, with Universal Binary support that allows apps to package executables that run natively on both architectures. Tim Sneath, Director of Product and UX for Flutter & Dart, highlights all the new improvements in a Medium post.

An anonymous reader quotes a report from Motherboard: The anonymous message board app Yik Yak is designed in a way that it is possible to get the precise location of a user's post, and see users' unique IDs, potentially allowing someone to dox and stalk users, according to a researcher. Yik Yak is an anonymous social media network popular primarily on college campuses. It was launched in 2013. The app shut down completely in 2017, after it was accused of being a platform used to harass and cyberbully students, and even to post bomb threats. These allegations have followed the app since its very beginning. In 2014, the company blocked access to middle school and high school students because of reports of threats of violence and bullying. The app came back last year, a comeback no one was really asking for, as my colleague Gita Jackson pointed out at the time. Yik Yak does have so-called "community guardrails" to "to ensure everyone feels welcomed and stays safe." But students are still reporting the same old problems.

In April, David Teather, a computer science student, analyzed what kind of data Yik Yak exposes by intercepting data sent and received by his Yik Yak app using a free and open source tool called mitmproxy and by writing "code that pretended to be the Yik Yak app to extract information from it." By doing that, he realized that Yik Yak sent the precise GPS coordinates of every post to his app, as well as a user's unique ID -- nrCi213RA3SncY6mVLZzuGUIJ2T2 for example -- which could have allowed him to track users' posts by looking at where they posted over time, opening up the possibility to de-anonymize and stalk users, according to a blog post he published this week. Teather demonstrated the flaw in a video call to Motherboard, showing a post in his area, and its GPS coordinates.

After Teather alerted Yik Yak of this flaw on April 11, the company made some changes and pushed out new versions of the app on April 28, May 9, and May 10. Teather told Yik Yak that he was planning to publish his research on May 9, according to email correspondence that he shared with Motherboard. After Yik Yak pushed the new updated apps, the privacy issues are only partially fixed, according to Teather. Teather said that as of today, on the app's latest version, Yik Yak does not expose GPS locations, and the app doesn't display a user's unique ID when intercepting data the same way he did in April. But, Teather told Motherboard that he is still able to recover both coordinates and user ID by analyzing the app's API from previous app versions. What's worse, the app now shows the distance, in feet, between a user and other users' posts, according to Teather and Zach Edwards, an independent privacy researcher who analyzed the Yik Yak app for Motherboard. "Since the distance is in feet though it should be still possible to triangulate a particular user/post by changing your location until you can figure that out," Teather told Motherboard.

Edwards added: "you can still probably dox someone by merely spoofing your own location and recording the number of feet from the person posting."

GitHub, the code hosting platform used by tens of millions of software developers around the world, announced today that all users who upload code to the site will need to enable one or more forms of two-factor authentication (2FA) by the end of 2023 in order to continue using the platform. The Verge reports: The new policy was announced Wednesday in a blog post by GitHub's chief security officer (CSO) Mike Hanley, which highlighted the Microsoft-owned platform's role in protecting the integrity of the software development process in the face of threats created by bad actors taking over developers' accounts. "The software supply chain starts with the developer," Hanley wrote. "Developer accounts are frequent targets for social engineering and account takeover, and protecting developers from these types of attacks is the first and most critical step toward securing the supply chain."

Even though multi-factor authentication provides significant additional protection to online accounts, GitHub's internal research shows that only around 16.5 percent of active users (roughly one in six) currently enable the enhanced security measures on their accounts -- a surprisingly low figure given that the platform's user base should be aware of the risks of password-only protection. By steering these users towards a higher minimum standard of account protection, GitHub hopes to boost the overall security of the software development community as a whole, Hanley told The Verge. "GitHub is in a unique position here, just by virtue of the vast majority of open source and creator communities living on GitHub.com, that we can have a significant positive impact on the security of the overall ecosystem by raising the bar from a security hygiene perspective," Hanley said. "We feel like it's really one of the best ecosystem-wide benefits that we can provide, and we're committed to making sure that we work through any of the challenges or obstacles to making sure that there's successful adoption."

This week at the 2022 NAB Show Streaming Summit, Google launched in general availability Media CDN, a platform for delivering content using the same infrastructure that powers YouTube. From a report: With a presence in over 1,300 cities across 200 countries, Google says that Media CDN is designed to -- in the company's words -- "automate all facets" of "serving content [close to users]." The pandemic led to an explosion in demand for streaming content as business closures and shelter-in-place orders forced folks to stay home.

Media CDN, which joins Google's CDN portfolio for web and API acceleration, is by no stretch of the imagination the first of its kind. There's plenty of CDNs optimized to serve media. But Google touts ostensibly unique benefits like delivery protocols tailored to individual users and network conditions and "industry-leading" offload rates. "With multiple tiers of caching, we minimize calls to origin -- even for infrequently accessed content," Google VP Shailesh Shukla wrote in a blog post yesterday. "This alleviates performance or capacity stress in the content origin and saves costs." Media CDN also features tools for ad insertion, allowing customers to dynamically inject video content with ads. Moreover, the service is "built with AI/ML" to power interactive experiences, Google says, like real-time stats during sporting events and purchase links embedded in virtual billboards.

Roger Chen and Rui Max from Harvard Business Review explain how ByteDance became the world's most valuable startup. What's the secret? According to the editors, it's the company's shared-service platform, or SSP, which it uses to power innovation. From the report: Bytedance uses its SSP platform differently from most companies. The company's product teams or units don't control their own operating resources. Instead, many common business, technology, and operating functions (among them HR and legal) are centralized and organized into corresponding teams. The teams are highly specialized, so that the right people can be found and flexibly deployed as needed to each new venture. Cloud and shared operational tools, some of which have been developed in house, allow ByteDance to maintain this seemingly complex organizational setup. Product and related teams still focus on serving customer needs, but they rely on different SSP teams to accelerate development and growth. For example, when ByteDance tasks a new venture team with investigating user needs and market opportunities, the team can go to the user-research specialists at the SSP for data support, saving time on market analysis. In other companies, these tasks are undertaken by the product team, which is rarely best equipped for such information gathering. Subsequently, when a use case has been identified that justifies developing a new app or product feature, the product team is paired with engineers at the SSP level to develop the new product or feature.

In some cases, product teams customize existing technologies that have already been developed by the SSP. Algorithms are a case in point. Product teams at ByteDance work with SSP algorithm engineers to fine-tune their enormously powerful recommendation engines. The SSP has also brought together other important teams: user-growth teams, which help identify and acquire desired users; content teams, which establish partnerships to acquire new content; analytics teams, which help to develop deeper user insights; and sales teams, which drive monetization. As expected, because so many capabilities have been centralized into this large SSP, the actual product teams tend to be small and focused, especially in the exploration stage. Douyin, for example, began with just a handful of employees, and the education team began with just two. Importantly, the relationship between the SSP and market-facing teams is symbiotic and mutually beneficial. It's this virtuous loop of continued discovery and improvement that has enabled ByteDance's success.

Relying on its SSP, ByteDance has developed unique innovation and growth strategies. These strategies have five main characteristics: [broad exploration, rapid iteration, selective focus, maximum-capability cross-pollination, and productizing platform services]. [...] ByteDance's SSP strategy -- accelerate new projects by providing instant access to best in class technology and operations -- has been so successful that one would expect many other companies to have embraced it. Yet few companies have managed to replicate ByteDance's success with the strategy. Why? Because they have not put in the organizational enablers that helped ByteDance overcome fiefdom mindsets, which inhibit collaboration. Three of these organizational enablers are particularly important: [OKR system, explicitly flattened hierarchy, and data-driven culture]. [...]

ByteDance's SSP-based innovation strategy has clearly played a key role in its first decade of explosive growth. It has allowed the company to incubate rapidly and broadly and to scale efficiently, by using centralized but flexibly deployed technical and operational stacks. This strategy has served the company well in part because of the similarity among its various algorithm-driven products. ByteDance is now exploring other product categories and is refining its strategy to be more suitable for its evolving organizational model and processes, but no matter how the company evolves, its SSP-based innovation strategy is sure to play an important role.

AnandTech reports: It's no secret that Intel's enterprise processor platform has been stretched in recent generations. Compared to the competition, Intel is chasing its multi-die strategy while relying on a manufacturing platform that hasn't offered the best in the market. That being said, Intel is quoting more shipments of its latest Xeon products in December than AMD shipped in all of 2021, and the company is launching the next generation Sapphire Rapids Xeon Scalable platform later in 2022. Beyond Sapphire Rapids has been somewhat under the hood, with minor leaks here and there, but today Intel is lifting the lid on that roadmap.

Currently in the market is Intel's Ice Lake 3rd Generation Xeon Scalable platform, built on Intel's 10nm process node with up to 40 Sunny Cove cores. The die is large, around 660 mm2, and in our benchmarks we saw a sizeable generational uplift in performance compared to the 2nd Generation Xeon offering. The response to Ice Lake Xeon has been mixed, given the competition in the market, but Intel has forged ahead by leveraging a more complete platform coupled with FPGAs, memory, storage, networking, and its unique accelerator offerings. Datacenter revenues, depending on the quarter you look at, are either up or down based on how customers are digesting their current processor inventories (as stated by CEO Pat Gelsinger). Further reading: Intel Arc Update: Alchemist Laptops Q1, Desktops Q2; 4M GPUs Total for 2022.

An anonymous reader quotes a report from The Washington Post: With its $68.7 billion acquisition of mammoth embattled video game publisher Activision Blizzard, Microsoft will be taking on a lot. It will be absorbing a company criticized by its employees for its workplace culture, one that is embroiled in lawsuits alleging gender-based discrimination and sexual harassment. Microsoft will also be taking on game development studios that have inched closer to unionization over the past several months. But it will also be adding an element that newly minted CEO of Microsoft Gaming Phil Spencer sees as core to Microsoft's strategy for consumer acquisition: a slew of video games and long-abandoned franchises.

The games created by Activision Blizzard's developers provide the centerpiece of Microsoft's strategic thinking around the acquisition. The titles are some of the most popular in the world. And those Activision Blizzard properties extend well beyond Call of Duty, World of Warcraft and Candy Crush. In discussing some of the intellectual properties owned by Activision Blizzard, Spencer's excitement may have mirrored the enthusiasm of a "StarCraft" player noticing the long-dormant franchise's logo in Microsoft's acquisition announcement. "I was looking at the IP list, I mean, let's go!" Spencer said. " 'King's Quest,' 'Guitar Hero,' I should know this but I think they got 'HeXen.' " "HeXen," indeed an Activision Blizzard property, is a cult hit first-person game about using magic spells.

Microsoft's pending acquisition of Activision Blizzard also means owning the rights to many creations from gaming's past, including Crash Bandicoot, the original Sony PlayStation mascot. There's also the influential and popular Tony Hawk skateboard series and beloved characters like Spyro the Dragon. Toys for Bob, one of the studios working under the Activision Blizzard banner, successfully launched games like "Crash Bandicoot 4: It's About Time," but was later folded into supporting Call of Duty games. Spencer said the Xbox team will talk with developers about working on a variety of franchises from the Activision Blizzard vaults. "We're hoping that we'll be able to work with them when the deal closes to make sure we have resources to work on franchises that I love from my childhood, and that the teams really want to get," Spencer said. "I'm looking forward to these conversations. I really think it's about adding resources and increasing capability." Spencer said he's concerned about tech companies unfamiliar with the gaming industry barging in to the space, as opposed to the current, experienced competition against Nintendo and Sony. "They have a long history in video games," he said. "Nintendo's not going to do anything that damages gaming in the long run because that's the business they're in. Sony is the same and I trust them. [...] Valve's the same way. When we look at the other big tech competitors for Microsoft: Google has search and Chrome, Amazon has shopping, Facebook has social, all these large-scale consumer businesses. [...] The discussion we've had internally, where those things are important to those other tech companies for how many consumers they reach, gaming can be that for us."

He added: "I think we do have a unique point of view, which is not about how everything has to run on a single device or platform. That's been the real turning point for us looking at gaming as a consumer opportunity that could have similar impact on Microsoft that some of those other scale consumer businesses do for other big tech competitors. And it's been great to see the support we've had from the company and the board."

Android 12 is one of the platform's most ambitious updates in recent history, bringing a major design overhaul to every corner of the operating system. It has also been one of the rockiest Android OS launches in the past few years. From a report: Both Samsung and OnePlus paused the rollout of their stable Android 12-based updates amid reports of serious bugs. Google itself has addressed a laundry list of bug reports from Pixel 6 owners, just as it's trying to convince them it's finally figured out how to build a truly premium phone. What in the heck is going on? The short answer is that there are some unique complicating factors at play this year but also that Android is inherently a little bit messy -- that just comes with the territory when you're designing a delightful public park compared to Apple's walled garden. Despite a refreshed look and some appealing new high-end handsets, Android is still Android -- the good and the bad.

To try and figure out what the heck is going on, we talked to Mishaal Rahman, former editor-in-chief of XDA Developers, who's well known for digging into Android codebases and discovering Google's secrets. Speaking to the Pixel 6 bugs in particular, Rahman guesses that it has a lot to do with the unusually large size of the update. "Many people have called it, myself included, the biggest OS update to Android since Android 5.0 Lollipop, and that was many years ago. There are just so many massive changes to the interface and to the feature set." He also suggests that Google's commitment to issue a new Android update every year can make things worse when it's trying to do so much, and the self-imposed one-year development cycle doesn't leave much wiggle room in the timeline. "They started immediately after Android 11 was released to the public -- and they have a hard cutoff date... After that, they just focus on fixing bugs." Delay any longer, and they'd risk bumping into next year's development cycle.

It's also possible that the attempt to bring timely Android updates to non-Google devices wound up backfiring. Android phone owners have been asking for faster updates for a long time -- outside of Google's Pixel phones and pricey flagships, many devices face long waits for OS updates. Sure enough, the updates have come faster this year. Case in point: Samsung users are accustomed to waiting about three months after an Android stable release to get their finished One UI update with the new version of the OS, but this year, One UI 4.0 arrived just one and a half months after Android 12. But the way things have gone this year, many users would likely have opted for a slower, stable update rather than a fast one riddled with bugs.

The live, Clubhouse-like audio feature LinkedIn confirmed it was working on last year will debut later this month in beta as part of the company's new events platform, according to a company blog post. From a report: Microsoft-owned LinkedIn said last March that it was doing "early tests to create a unique audio experience connected to your professional identity," which was confirmed in the blog post by Jake Poses, LinkedIn lead for video, creators and events. "This month, we're taking a big step forward and building on the success of LinkedIn Live broadcasts by launching an entirely new interactive events experience that allows our members to more actively participate in the conversation," Poses writes in the post. Users cam participate in live conversations, join speakers "on stage" as part of the discussion, and, will be able to make connections with others at an event to network after the event ends.

The Register reports on a unique response to CES: Six right-to-repair advocates assembled on Friday morning to present Repair.org's second annual Worst in Show Awards, a selection of the "the least private, least secure, least repairable, and least sustainable gadgets at CES."

In a presentation streamed on YouTube, author and activist Cory Doctorow presided over the condemnation session. He said that he has been attending the Consumer Electronics Show for decades and vendors will gladly enumerate the supposed benefits of their products. "But what none of those people will ever do is tell you how it will fail," said Doctorow. "And that's kind of our job here today, to talk about the hidden or maybe not so hidden and completely foreseeable failure modes of these gadgets."

Kyle Wiens, co-founder of iFixit, gave the new Mercedes EQS EV the award for the worst product in terms of repairability. Showing a slide of the warning screen the car presents to its driver, he said, "You cannot open the hood of the car. It is locked, warning of accident, warning of injury if you open the hood. Mercedes' perspective is, 'Hey, this is an electric car. There's nothing the owner needs to do under the hood of this car."

Wiens said this is not the first time Mercedes has gone down this road, noting that a few years ago the company removed the dipstick from its C-class vehicles, arguing that only an authorized technician should change the oil.

"So this is everything that is wrong with the future," he said.
Some other higlights (via the Register)... Nathan Proctor, national campaign director for public interest non-profit USPIRG, gave the "worst in class for the environment" award to Samsung's new NFT Aggregation Platform, which he described as "a way to buy, sell and display your NFT artwork from your huge ginormous OLED Samsung TV."

Proctor added "If you don't know what an NFT is, I am honestly jealous of your life," calling it "sort of like a Beanie Baby craze for crypto tech bros — if Beanie Babies required massive continual energy consumption on a warming planet to remain corporeal."

And the Community Choice poll for Worst in Show went to John Deere — presumably for fighting right-to-repair laws in every single state legislature — while the tractor companywas also recognized by Paul Roberts, founder of securerepairs.org, for its industry-lagging bad outreach to the security community.

An anonymous reader quotes a report from Motherboard, written by Maxwell Strachan: A new tech startup plans to become "the stock market of litigation financing" by allowing everyday Americans to bet on civil lawsuits through the purchase (and trade) of associated crypto tokens. In doing so, the company hopes to provide funding to individuals who would otherwise not be able to pursue claims. "Ryval's goal is to make access to justice more affordable," said Kyle Roche, a trial lawyer and one of the startup's founders. "What I want to do is make the federal court system more accessible for all." [...] The way it works is a little like a crypto-infused and lawsuit-focused GoFundMe, if the crowd stood to profit from their investment. The company takes advantage of a rule created through former President Barack Obama's JOBS Act, which allowed a private company to crowdfund up to $5 million from Americans, regardless of their wealth. Using the Avalanche blockchain, Ryval will allow "all investors regardless of accreditation status" to purchase tokens associated with a specific case and then hold or trade them on the open market. Whoever owns the token at the time of a settlement or verdict then cashes in. The team has dubbed the sale of tokens an "initial litigation offering," and Roche has compared Ryval to Robinhood, but for the law. (A caveat: While wealthy and sophisticated "accredited investors" will be able to trade lawsuit tokens immediately, the non-rich will be legally required to agree to a year-long lockup period, according to Insider.)

The concept of litigation funding isn't unique. An industry built around the concept has been growing in popularity in recent years. Between June 2019 and June 2020, investors plowed $2.5 billion into the litigation funding sector, according to the finance advisory firm Westfleet Advisors. But up until now, only so-called "accredited" wealthy investors could put their money into the sector. Through the use of crypto tokens, Ryval claims, it can legally open up access to the industry to all. The tokenization of U.S. law will benefit users in a few other ways, including by providing the market with liquidity that previously wasn't available in litigation funding, Roche claims. If someone with a token needs money or believes a case is heading south, they can sell their token to the highest bidder and cash out. Such tradeability will also allow the value of a token to rise or fall as the case develops. "Let's say, the plaintiff gets a big ruling from the court -- not a win, but a big ruling. The price may go up," he said. Roche's law firm, Roche Freedman, has been working with the financial technology company Republic and smart contacts platform Ava Labs, which created the Avalanche blockchain and whose tagline is "Digitize All The World's Assets," to develop the Ryval. While still in the early going, Roche expects a full team will be announced in the first quarter of the year. [...]

Roche understands that messaging will be "very important" in the early going, which is why for the first few years, Ryval will be "focused on access to justice and taking on claims that we believe are good claims," he said. "But at the end of the day, I don't think anybody should be the gatekeeper to who has access to the courts. I think access to the court system, access to the legal justice system should be something that is given to as many people as the justice system can handle." Roche believes Ryval lawsuits will "run the full gamut" and include antitrust, securities claims, and wrongful termination. Asked if there were any types of cases Ryval would avoid, Roche replied, "I don't see anything that I wouldn't categorically not go near." To help novices navigate such a complex industry and decide where to place their bets, Ryval will provide users with the basic facts of the case and the procedural elements necessary in order to win, as well as other relevant information like how often a particular type of case is successful. "One of the real responsibilities we have in building this platform is to educate the market," Roche said. But Roche said retail investors stand to gain more than they stand to lose by entering the legal market. "These investments have been very lucrative over the course of the last five to 10 years," Roche said, adding that some top law firms average an "astronomical" annual percentage rate of 30-to-40 percent. He expects interest will be especially high in the event of a downturn, since litigation outcomes are largely "market agnostic," providing people with an alternative form of investment.

The UK National Crime Agency has shared a collection of more than 585 million compromised passwords it found during an investigation with Have I Been Pwned, a website that indexes data from security breaches. The Record reports: The NCA now becomes the second law enforcement agency to officially supply HIBP with hacked passwords after the US Federal Bureau of Investigations began a similar collaboration with the service back in May. In a blog post today, Troy Hunt, HIBP creator Troy Hunt said that 225 million of the compromised passwords found by the NCA were new and unique.

These passwords have been added to a section of the HIBP website called Pwned Passwords. This section allows companies and system administrators to check and see if their current passwords have been compromised in hacks and if they are likely to be part of public lists used by threat actors in brute-force and password-spraying attacks. Currently, the HIBP Pwned Passwords collection includes 5.5 billion entries, of which 847 million are unique. All these passwords are also available as a free download, so companies can check their passwords against the data set locally without connecting to Hunt's service.

In a statement shared by Hunt, the NCA said it found the compromised passwords, paired with email accounts, in an account at a UK cloud storage facility. The NCA said they weren't able to determine or attribute the compromised email and password combos to any specific platform or company.

An anonymous reader quotes a report from Decrypt: Today, the publisher behind Assassin's Creed and Just Dance revealed Ubisoft Quartz, a platform that lets players earn and purchase in-game items that are tokenized as NFTs on the Tezos blockchain. Quartz will launch first in the PC version of Tom Clancy's Ghost Recon Breakpoint, the latest online game in the long-running tactical shooter series. Quartz will launch in beta on December 9 in the United States, Canada, France, Germany, Spain, Italy, Belgium, Brazil, and Australia. Ghost Recon Breakpoint players who have reached XP level 5 in the game can access the NFT drops. Ubisoft's release says that players must be at least 18 years old to create a Tezos wallet for use with the game.

Ubisoft is referring to its NFT drops as "Digits" and plans to release free NFTs for early adopters on December 9, 12, and 15, with further drops planned for 2022. An infographic shows items such as weapon skins and unique armor and apparel, along with a message that teases future initiatives: "This is just the beginning" [...] Much of Ubisoft's announcement today highlights the difference in environmental impact between the proof-of-stake Tezos blockchain and the energy-intensive Bitcoin. Tezos claims that a single transaction on its network uses "more than 2 million times less energy" than Bitcoin, the leading cryptocurrency. It also suggests that a single Tezos transaction uses about as much energy as a 30-second streaming video, whereas a Bitcoin transaction is estimated to measure up to the environmental impact of a full, uninterrupted year of streaming video footage.

Facebook's parent company, Meta, has worked with the U.K.-based nonprofit Revenge Porn Helpline to build a tool that lets people prevent their intimate images from being uploaded to Facebook, Instagram and other participating platforms without their consent. From a report: The tool, which builds on a pilot program Facebook started in Australia in 2017, launched Thursday. It allows people who are worried that their intimate photos or videos have been or could be shared online, for example by disgruntled ex-partners, to submit the images to a central, global website called StopNCII.org, which stands for "Stop Non-Consensual Intimate Images."

"It's a massive step forward," said Sophie Mortimer, the helpline's manager. "The key for me is about putting this control over content back into the hands of people directly affected by this issue so they are not just left at the whims of a perpetrator threatening to share it." Karuna Nain, Meta's director of global safety policy, said the company had shifted its approach to use an independent website to make it easier for other companies to use the system and to reduce the burden on the victims of image-based abuse to report content to "each and every platform." During the submission process, StopNCII.org gets consent and asks people to confirm that they are in an image. People can select material on their devices, including manipulated images, that depict them nude or nearly nude. The photos or the videos will then be converted into unique digital fingerprints known as "hashes," which will be passed on to participating companies, starting with Facebook and Instagram.

NFTs are unique blockchain entries through which people can prove that they own something. However, the underlying images can be copied with a single click. This point is illustrated by The NFT Bay which links to a 19.5 Terabyte collection of 'all NFTs' on the Ethereum and Solana blockchains. (UPDATE: One NFT startup is claiming that the collection is mostly just zeroes, and does not in fact contain all of the NFTs.)

But the archive also delivered an important warning message too. TorrentFreak reports: "The Billion Dollar Torrent," as it's called, reportedly includes all the NFTs on the Ethereum and Solana blockchains. These files are bundled in a massive torrent that points to roughly 15 terabytes of data. Unpacked, this adds up to almost 20 terabytes. Australian developer Geoff is the brains behind the platform, which he describes as an art project. Speaking with TorrentFreak, he says that The Pirate Bay was used as inspiration for nostalgic reasons, which needs further explanation.

The NFT Bay is not just any random art project. It does come with a message, perhaps a wake-up call, for people who jump on the NFT bandwagon without fully realizing what they're spending their crypto profits on. "Purchasing NFT art right now is nothing more than directions on how to access or download an image. The image is not stored on the blockchain and the majority of images I've seen are hosted on Web 2.0 storage which is likely to end up as 404 meaning the NFT has even less value." The same warning is more sharply articulated in the torrent's release notes which are styled in true pirate fashion. "[T]his handy torrent contains all of the NFT's so that future generations can study this generation's tulip mania and collectively go..." it reads.

"It's Open Source. It's free," says a web page at Penpot.app.

Slashdot reader kxra writes: Penpot is a free-software, web-based vector design platform using .svg as a first-class filetype used as the underlying storage for all designs.

As more design teams around the world move to the convenience of multi-device synchronized and collaborative web apps, this is a welcome respite from proprietary vendor lock-in by the likes of Figma and Canva. Penpot has finally launched as Beta, with competitive features such as a template library that all creators can pull from.

It's created by Kaleidos Open Source, the same team behind the project management tool Taiga for Agile teams which is taking on the likes of JIRA and Confluence with FLOSS.
"Not having a free & open source UX/UI tool that would make devs participate in the design process and bridge the gap between UX/UI and code was a terrible itch for us..." explains the FAQ at Penpot.app. But it also answers the question: why Open Source? Software Technology has the unique advantage, compared to other industries and intellectual property, of having almost zero cost to replicate itself, thus providing a wonderful chance to massively distribute the tools for a more digitally sovereign society. Besides the pure license aspect of it and its legal framework, Open Source fosters more engaging communities where the lines between user and contributor are often blurred...

Penpot requires a browser, that's it. If you want to host your own Penpot instance, that's fine too. We plan to release a native app bundle later this year.

There is a theme here. Universal access. That's why we love to call our product Penpot, there's nothing more personal and yet more universal than a pot full of pens. It's all about choice.
Its GitHub repository already has 5,200 stars and 41 contributors.