A federal jury in Illinois on Wednesday said Amazon Web Services owes tech company Kove $525 million for violating three patents relating to its data-storage technology. From the report: The jury determined (PDF) that AWS infringed three Kove patents covering technology that Kove said had become "essential" to the ability of Amazon's cloud-computing arm to "store and retrieve massive amounts of data." An Amazon spokesperson said the company disagrees with the verdict and intends to appeal. Kove's lead attorney Courtland Reichman called the verdict "a testament to the power of innovation and the importance of protecting IP (intellectual property) rights for start-up companies against tech giants." Kove also sued Google last year for infringing the same three patents in a separate Illinois lawsuit that is still ongoing.

An anonymous reader quotes a report from Ars Technica: Hardware sold for years by the likes of Intel and Lenovo contains a remotely exploitable vulnerability that will never be fixed. The cause: a supply chain snafu involving an open source software package and hardware from multiple manufacturers that directly or indirectly incorporated it into their products. Researchers from security firm Binarly have confirmed that the lapse has resulted in Intel, Lenovo, and Supermicro shipping server hardware that contains a vulnerability that can be exploited to reveal security-critical information. The researchers, however, went on to warn that any hardware that incorporates certain generations of baseboard management controllers made by Duluth, Georgia-based AMI or Taiwan-based AETN are also affected.

BMCs are tiny computers soldered into the motherboard of servers that allow cloud centers, and sometimes their customers, to streamline the remote management of vast fleets of servers. They enable administrators to remotely reinstall OSes, install and uninstall apps, and control just about every other aspect of the system -- even when it's turned off. BMCs provide what's known in the industry as "lights-out" system management. AMI and AETN are two of several makers of BMCs. For years, BMCs from multiple manufacturers have incorporated vulnerable versions of open source software known as lighttpd. Lighttpd is a fast, lightweight web server that's compatible with various hardware and software platforms. It's used in all kinds of wares, including in embedded devices like BMCs, to allow remote administrators to control servers remotely with HTTP requests. [...] "All these years, [the lighttpd vulnerability] was present inside the firmware and nobody cared to update one of the third-party components used to build this firmware image," Binarly researchers wrote Thursday. "This is another perfect example of inconsistencies in the firmware supply chain. A very outdated third-party component present in the latest version of firmware, creating additional risk for end users. Are there more systems that use the vulnerable version of lighttpd across the industry?"

The vulnerability makes it possible for hackers to identify memory addresses responsible for handling key functions. Operating systems take pains to randomize and conceal these locations so they can't be used in software exploits. By chaining an exploit for the lighttpd vulnerability with a separate vulnerability, hackers could defeat this standard protection, which is known as address space layout randomization. The chaining of two or more exploits has become a common feature of hacking attacks these days as software makers continue to add anti-exploitation protections to their code. Tracking the supply chain for multiple BMCs used in multiple server hardware is difficult. So far, Binarly has identified AMI's MegaRAC BMC as one of the vulnerable BMCs. The security firm has confirmed that the AMI BMC is contained in the Intel Server System M70KLP hardware. Information about BMCs from ATEN or hardware from Lenovo and Supermicro aren't available at the moment. The vulnerability is present in any hardware that uses lighttpd versions 1.4.35, 1.4.45, and 1.4.51. "A potential attacker can exploit this vulnerability in order to read memory of Lighttpd Web Server process," Binarly researchers wrote in an advisory. "This may lead to sensitive data exfiltration, such as memory addresses, which can be used to bypass security mechanisms such as ASLR." Advisories are available here, here, and here.

DuckDuckGo, the privacy-focused web search and browser company, announced on today the launch of its first subscription service, Privacy Pro. The service, priced at $9.99 per month or $99.99 per year, includes a browser-based tool that automatically scans data broker websites for users' personal information and requests its removal. The service also includes DuckDuckGo's first VPN and an identity-theft-restoration service. Available initially only in the U.S.

An anonymous reader quotes a report from Reuters: Independent browser companies in the European Union are seeing a spike in users in the first month after EU legislation forced Alphabet's Google, Microsoft and Apple to make it easier for users to switch to rivals, according to data provided to Reuters by six companies. The early results come after the EU's sweeping Digital Markets Act, which aims to remove unfair competition, took effect on March 7, forcing big tech companies to offer mobile users the ability to select from a list of available web browsers from a "choice screen." [...]

Cyprus-based Aloha Browser said users in the EU jumped 250% in March -- one of the first companies to give monthly growth numbers since the new regulations came in. Founded in 2016, Aloha, which markets itself as a privacy focused alternative to browsers owned by big tech, has 10 million monthly average users and earns money through paid subscriptions, rather than selling ads by tracking users. "Before, EU was our number four market, right now it's number two," Aloha CEO Andrew Frost Moroz said in an interview. Norway's Vivaldi, Germany's Ecosia and U.S.-based Brave have also seen user numbers rise following the new regulation. U.S.-based DuckDuckGo, which has about 100 million users, and its bigger rival, Norway-based Opera (OPRA.O), opens new tab are also seeing growth in users, but said the choice screen rollout is still not complete. "We are experiencing record user numbers in the EU right now," said Jan Standal, vice president at Opera, which counts over 324 million global users.

Under the new EU rules, mobile software makers are required to show a choice screen where users can select a browser, search engine and virtual assistant as they set up their phones. Previously, tech companies such as Apple and Google loaded phones with default settings that included their preferred services, such as the voice assistant Siri for iPhones. Changing these settings required a more complicated process. Apple is now showing up to 11 browsers in addition to Safari in the choice screens curated for each of the 27 countries in the EU, and will update those screens once every year for each country. While DuckDuckGo and Opera are offered in Apple's list, opens new tab in all 27 countries, Aloha is in 26 countries, Ecosia is in 13 and Vivaldi in 8. Google is currently showing browser choices on devices made by the company and said new devices made by other companies running Android operating system will also display choice screen in the coming months. A Google spokesperson said they do not have data on choice screens to share yet.

Amazon will no longer pay developers to create applications for Alexa, scrapping a key element of the company's effort to build a flourishing app store for its voice-activated digital assistant. From a report: Amazon recently told participants of the Alexa Developer Rewards Program, which cut monthly checks to builders of popular Alexa apps, that the offering would end at the end of June. "Developers like you have and will play a critical role in the success of Alexa and we appreciate your continued engagement," said the notice, which was reviewed by Bloomberg. Amazon is also winding down a program that offered free credits for Alexa developers to power their programs with Amazon Web Services, according to a notice posted on a company website.

Despite losing the direct payments, developers can still monetize their efforts with in-app purchases. Alexa, which powers Echo smart speakers and other devices, helped popularize voice assistants when it debuted almost a decade ago, letting users summon weather and news reports, play games and more. The company has since sold millions of Alexa-powered gadgets, but the technology appears far from the cutting-edge amid an explosion in chatbots using generative artificial intelligence.

According to StatCounter, Linux on the desktop has continued to rise and remain above 4%. GamingOnLinux reports: First hitting over 4% in February, their March data is now in showing not just staying above 4% but rising a little once again showing the trend is clear that Linux use is rising. Slow and steady wins the race as they say. [Last March, Linux on the desktop was at 2.85%.]

Technically, ChromeOS is also Linux, and while people like to debate that if you do include Linux and ChromeOS together it would actually be 6.32%. A number that is getting steadily harder for developers of all kinds to ignore. It terms of overall percentage, it's still relatively small but when you think about how many people that actually is, it's a lot. Since StatCounter gets its data from web traffic, it's unlikely the rise is due to the Steam Deck and its SteamOS. "I doubt all that many browse the web regularly on Deck," writes GameOnLinux's Liam Dawe. "However, indirectly? Possible, I've seen lots and lots of posts about people enjoying Linux thanks to the Desktop Mode on the Steam Deck."

CNN revisits 2003's disastrous landing of the Space Shuttle Columbia tonight with two "immersive" specials co-produced by BBC and Mindhouse Productions "featuring exclusive interviews and revealing never-before-broadcast footage," according to an announcement — with two more specials airing next week.

You can watch a trailer here. Across four episodes, the story of the ticking-clock of Columbia's final mission is told in dramatic detail, beginning months before the troubled launch, unfolding across the sixteen days in orbit, and concluding with the investigation into the tragic loss of the seven astronauts' lives. Weaving together intimate footage shot by the astronauts themselves inside the orbiter, exclusive first-hand testimony from family members of the Shuttle's crew, key players at NASA — some of whom have never spoken before — and journalists who covered the story on the ground, the series paints an intimate portrait of the women and men onboard and uncovers in forensic detail the trail of events and missed opportunities that ultimately led to disaster.
CNN says the first two episodes will livestream tonight at 9 p.m. EST (time-delayed on the west coast until 9 p.m.PST) — and then be available on-demand starting Monday — "for pay TV subscribers via CNN.com, CNN connected TV and mobile apps." CNN's web site offers a "preview" of its live TV offerings here.

They're promising "the inside story of one America's most iconic institutions, uncovering how financial pressures and a culture of complacency may have contributed to the events of February 1, 2003. The series also reflects on the legacy of the Space Shuttle era, serving as a timely exploration of the challenges and inherent dangers that remain relevant to space travel today."

On its web site CNN has also published two companion articles — one by Rice history professor Douglas Brinkley arguing that NASA "was America's crown jewel. After the Columbia disaster it was never quite the same." Because other shuttle missions had returned safely with "shredded" surface tiles — and because the stalwart Columbia had brought astronauts home from 27 previous flights — many NASA officials were lulled into complacency. They went so far as to assure the pilot and commander via email that "there is no concern ... We have seen the same phenomenon on several other flights and there is absolutely no concern for entry."

NASA officials also decided against enlisting spy satellite photography to examine the shuttle damage more thoroughly. If they had, it's possible that the astronauts could have repaired the spaceplane or at least abandoned it for refuge on the International Space Station...

As the Columbia Accident Investigation Board (CAIB) noted in its final report, "the NASA organizational culture had as much to do with this accident as the foam." All of NASA's launches were suspended for two years. While the shuttles eventually flew again, post-Columbia, the program was stunted and curtailed.
The article notes that since then SpaceX, Blue Origin, and the United Launch Alliance (Lockheed Martin and Boeing) "are thriving today in the space industry," along with Virgin Galactic and Axiom Space. "NASA, far from feeling threatened, has encouraged many of the private companies with massive contracts. The agency already had a long history of dealing with sub-contractors, using its pocketbook to steer aerospace development; that tradition has adjusted seamlessly to the current space economy."

In the other article CNN Space & Science writer Jackie Wattles notes that when America later retired its Space Shuttle program in 2011, "no U.S. astronaut would travel to space on an American-made rocket for nearly a decade."

On Mozilla's blog, engineer Martin Thomson explores Google's "Privacy Sandbox" initiative (which proposes sharing a subset of private user information — but without third-party cookies).

The blog post concludes that Google's Protected Audience "protects advertisers (and Google) more than it protects you." But it's not all bad — in theory: The idea behind Protected Audience is that it creates something like an alternative information dimension inside of your (Chrome) browser... Any website can push information into that dimension. While we normally avoid mixing data from multiple sites, those rules are changed to allow that. Sites can then process that data in order to select advertisements. However, no one can see into this dimension, except you. Sites can only open a window for you to peek into that dimension, but only to see the ads they chose...

Protected Audience might be flawed, but it demonstrates real potential. If this is possible, that might give people more of a say in how their data is used. Rather than just have someone spy on your every action then use that information as they like, you might be able to specify what they can and cannot do. The technology could guarantee that your choice is respected. Maybe advertising is not the first thing you would do with this newfound power, but maybe if the advertising industry is willing to fund investments in new technology that others could eventually use, that could be a good thing.
But here's some of the blog post's key criticisms:

• "[E]ntities like Google who operate large sites, might rely less on information from other sites. Losing the information that comes from tracking people might affect them far less when they can use information they gather from their many services... [W]e have a company that dominates both the advertising and browser markets, proposing a change that comes with clear privacy benefits, but it will also further entrench its own dominance in the massively profitable online advertising market..."

• "[T]he proposal fails to meet its own privacy goals. The technical privacy measures in Protected Audience fail to prevent sites from abusing the API to learn about what you did on other sites.... Google loosened privacy protections in a number of places to make it easier to use. Of course, by weakening protections, the current proposal provides no privacy. In other words, to help make Protected Audience easier to use, they made the design even leakier..."

• "A lot of these leaks are temporary. Google has a plan and even a timeline for closing most of the holes that were added to make Protected Audience easier to use for advertisers. The problem is that there is no credible fix for some of the information leaks embedded in Protected Audience's architecture... In failing to achieve its own privacy goals, Protected Audience is not now — and maybe not ever — a good addition to the Web."

An anonymous reader quotes a report from Ars Technica: Will Google ever launch its "Find My" network? The Android ecosystem was supposed to have its own version of Apple's AirTags by now. Google has had a crowd-sourced device-tracking network sitting dormant on 3 billion Android phones since December 2022. Partners have been ready to go with Bluetooth tag hardware since May 2023! This was all supposed to launch a year ago, but Google has been in a holding pattern. The good news is we're finally seeing some progress after a year of silence. The reason for Google's lengthy delay is actually Apple. A week before Google's partners announced their Android network Bluetooth tags, Google and Apple jointly announced a standard to detect "unknown" Bluetooth trackers and show users alerts if their phone thinks they're being stalked. Since you can constantly see an AirTag's location, they can be used for stalking by just covertly slipping one into a bag or car; nobody wants that, so everyone's favorite mobile duopoly is teaming up.

Google did its half of this partnership and rolled out AirTag detection in July 2023. At the same time, Google also announced: "We've made the decision to hold the rollout of the Find My Device network until Apple has implemented protections for iOS." Surely Apple would be burning the midnight oil to launch iOS Android tag detection as soon as possible so that Google could start competing with AirTags. It looks like iOS 17.5 is the magic version Google is waiting for. The first beta was released to testers recently, and 9to5Mac recently spotted strings for detecting "unwanted" non-Apple tracking devices that were suddenly following you around. This 17.5 update still needs to ship, and the expectation is sometime in May. That would be 11 months after Google's release. [...]

With the impending iOS release, Google seems to be getting its ducks in a row as well. 9to5Google has a screenshot of the new Find My Device settings page that is appearing for some users, which gives them a chance to opt out of the anonymous tracking network. That report also mentions that some users received an email Thursday of an impending tracking network launch, saying: "You'll get a notification on your Android devices when this feature is turned on in 3 days. Until then, you can opt out of the network through Find My Device on the web." The vast majority of Android users have not gotten this email, though, suggesting maybe it was a mistake. It's very weird to announce a launch in "days remaining" rather than just saying what date something will launch, and this email went out Thursday, which would mean a bizarre Sunday launch when everyone is off for the weekend.

Meta is updating its AI-generated content policy and will add a "Made with AI" label beginning next month, the company announced. The policy will apply to content on Instagram, Facebook, and Threads. From a report: Acknowledging that its current policy is "too narrow," Meta says it will start labeling more video, audio, and image content as being AI-generated. Labels will be applied either when users disclose the use of AI tools or when Meta detects "industry standard AI image indicators," though the company didn't provide more detail about its detection system.

The changes are informed by recommendations and feedback from Meta's Oversight Board and update the manipulated media policy created in 2020. The old policy prohibits videos created or edited using AI tools that make a person say something they didn't but doesn't cover the wide range of AI-generated content that has recently flooded the web. "In the last four years, and particularly in the last year, people have developed other kinds of realistic AI-generated content like audio and photos, and this technology is quickly evolving," Meta wrote in a blog post. "As the Board noted, it's equally important to address manipulation that shows a person doing something they didn't do."

Google has introduced a new JPEG library called Jpegli, which reduces noise and improves image quality over traditional JPEGs. Proponents of the technology said it has the potential to make the Internet faster and more beautiful. InfoWorld reports: Announced April 3 and accessible from GitHub, Jpegli maintains high backward compatibility while offering enhanced capabilities and a 35% compression ratio at high-quality compression settings, Google said. Jpegli works by using new techniques to reduce noise and improve image quality. New or improved features include adaptive quantization heuristics from the JPEG XL reference implementation, improved quantization matrix selection, calculation of intermediate results, and the possibility to use more advanced colorspace.

The library provides an interoperable encoder and decoder complying with the original JPEG standard and its most convenient 8-bit formalism and API/ABI compatibility with libjeg-turbo and MozJPEG. When images are compressed or decompressed through Jpegli, more precise and psycho-visually effective computations are also performed; images will look clearer and have fewer observable artifacts. While improving on the density ratio of image quality and compression, Jpegli's coding speed is comparable to traditional approaches such as MozJPEG, according to Google. Web developers can thus integrate Jpegli into existing workflows without sacrificing coding speed, performance, or memory use.

Jpegli can be encoded with 10-plus bits per component. The 10-bit encoding happens in the original 8-bit formalism and the resulting images are interoperable with 8-bit viewers. The 10-bit dynamics are available as an API extension and application code changes are necessary to apply it. Also, Jpegli compresses images more efficiently than traditional JPEG codecs; this can save bandwidth and storage space and make web pages faster, Google said.

Plex is a multi-functional streaming platform that allows users to watch, organize, and curate their favorite media entertainment. Sharing Plex libraries is also an option; one that comes with piracy concerns. In an effort to "avoid the growth of piracy," Plex asked GitHub to remove a repository that allows people to reshare libraries that were not originally theirs. TorrentFreak reports: The Swiss company, which is headquartered in the U.S., asked GitHub to remove a "Plex Reshare" repository, alleging that it may contribute to its piracy problem. "Plex Reshare" doesn't host any copyright-infringing material and, as far as we've seen, it doesn't reference any either. Its main purpose is to allow Plex users to make shared Plex directories browsable on the web, which allows people to "reshare" them without being the original owner. "The reason behind this project is to make available your PLEX shares to other friends unrelated to the person who owns the original library," Plex Reshare developer Peter explains.

While the repository doesn't host or link to copyright-infringing material, Plex argues that it can be used to 'grow' piracy. "We have found infringing material in your website which indeed is OTHER 'Plex Server'. The material that is claimed to be infringing is to be removed or access to which is to be disabled immediately and avoid the growth of piracy," the takedown notice reads. The first part of the sentence is somewhat confusing. Plex-reshare is not a Plex server but the company may use "OTHER Plex Server" as an internal classification category. In any case, Plex alleges that the repository can contribute to the growth of piracy on its platform.

Citing the Online Copyright Infringement Liability Limitation Act, Plex urges GitHub to take immediate action, or else it may be held liable. It's not clear what this liability claim rests on, as there are no actual copyright infringements mentioned in the takedown notice. Despite the broad nature of this claim, GitHub has indeed taken the repository offline, replacing it with a DMCA takedown reference. This likely wasn't a straightforward decision as GitHub is known to put developers first with these types of issues. In this case, it took more than three weeks before GitHub took action, which is much longer than usual. This suggests that GitHub allowed the developer to respond and may have sought legal advice from in-house lawyers, to ensure that the rights of all parties are properly considered. The report notes that the Plex-reshare code is listed on Docker Hub as well, which means it may face a similar fate.

An anonymous reader quotes a report from 404 Media: Last week, Ernie Smith, the publisher of the website Tedium, got a "copyright infringement notice" from a law firm called Commonwealth Legal: "We're reaching out on behalf of the Intellectual Property division of a notable entity, in relation to an image connected to our client," it read. [...] In this case, though, the email didn't demand that the photo be taken down or specifically threaten a lawsuit. Instead, it demanded that Smith place a "visible and clickable link" beneath the photo in question to a website called "tech4gods" or the law firm would "take action." Smith began looking into the law firm. And he found that Commonwealth Legal is not real, and that the images of its "lawyers" are AI generated.

The threat to "activate the case No. 86342" is obviously nonsense. Beyond that, Commonwealth Legal's website looks generic and is full of stock photos, though I've seen a lot of generic template websites for real law firms. All of its lawyers have vacant, thousand-yard stares that are commonly generated by websites like This Person Does Not Exist, none of them come up in any attorney or LinkedIn searches, and the only reverse image search results for them are for a now-broken website called Generated.Photos, which offered a service to "use AI to generate people online that don't exist, change clothing and modify face and body traits. Download generated people in different postures." "All of the faces scanned were likely AI generated, most likely by a Generative Adversarial Network (GAN) model," Ali Shahriyari, cofounder and CTO of the AI detection startup Reality Defender told 404 Media. Commonwealth Legal's listed address is the fourth floor of a one-story building that looks nothing like the image on its website, and both of its phone numbers are disconnected. No one responded to the contact form that I filled out. Smith realized that what's happening here isn't a copyright enforcement or copyright trolling attempt at all. Instead, it's a backlink SEO scam, where a website owner tries to improve their Google ranking by asking, paying, or threatening someone to link to their website.

Tech4Gods.com is a gadget review website run by a man named Daniel Barczak, whose content is "complemented by AI writing assistants." In this case, the photo that Smith had "infringed" was a photo downloaded from the royalty free, free-to-use website Unsplash, which 404 Media also sometimes uses. The image was not taken by Barczak, and has nothing to do with him, he told me in an email: "I certainly don't own any images on the web," he said. The original photographer did not respond to a request for comment sent through Unsplash. Barczak told me that he had been previously buying backlinks to his website for SEO, but said he wasn't aware of who was doing this or why. "I have no idea; it certainly has nothing to do with me," he said. "However, recently, someone has been building spammy links against my site that I have been dealing with." "I have mastered on-page SEO, but unfortunately, I buy links due to a lack of time," he added. "In the past, I had a bad link builder. I wonder if it's him going mad at me for letting him go It's hard to say the web is massive, and everyone can link whenever they want." Link building is an SEO strategy devised to get outside websites to link to your website. He added that "bad links may damage [the site's] profile in Google's eyes." In this case, however, the "lawyers" were threatening a well-established tech blogger, and a link from Tedium would likely be treated as a positive in the search algorithm's eyes.

An anonymous reader writes: The massive GPU clusters needed to train Stability AI's popular text-to-image generation model Stable Diffusion are apparently also at least partially responsible for former CEO Emad Mostaque's downfall -- because he couldn't find a way to pay for them. According to an extensive expose citing company documents and dozens of persons familiar with the matter, it's indicated that the British model builder's extreme infrastructure costs drained its coffers, leaving the biz with just $4 million in reserve by last October. Stability rented its infrastructure from Amazon Web Services, Google Cloud Platform, and GPU-centric cloud operator CoreWeave, at a reported cost of around $99 million a year. That's on top of the $54 million in wages and operating expenses required to keep the AI upstart afloat.

What's more, it appears that a sizable portion of the cloudy resources Stability AI paid for were being given away to anyone outside the startup interested in experimenting with Stability's models. One external researcher cited in the report estimated that a now-cancelled project was provided with at least $2.5 million worth of compute over the span of four months. Stability AI's infrastructure spending was not matched by revenue or fresh funding. The startup was projected to make just $11 million in sales for the 2023 calendar year. Its financials were apparently so bad that it allegedly underpaid its July 2023 bills to AWS by $1 million and had no intention of paying its August bill for $7 million. Google Cloud and CoreWeave were also not paid in full, with debts to the pair reaching $1.6 million as of October, it's reported.

It's not clear whether those bills were ultimately paid, but it's reported that the company -- once valued at a billion dollars -- weighed delaying tax payments to the UK government rather than skimping on its American payroll and risking legal penalties. The failing was pinned on Mostaque's inability to devise and execute a viable business plan. The company also failed to land deals with clients including Canva, NightCafe, Tome, and the Singaporean government, which contemplated a custom model, the report asserts. Stability's financial predicament spiraled, eroding trust among investors, making it difficult for the generative AI darling to raise additional capital, it is claimed. According to the report, Mostaque hoped to bring in a $95 million lifeline at the end of last year, but only managed to bring in $50 million from Intel. Only $20 million of that sum was disbursed, a significant shortfall given that the processor titan has a vested interest in Stability, with the AI biz slated to be a key customer for a supercomputer powered by 4,000 of its Gaudi2 accelerators. The report goes on to mention further fundraising challenges, issues retaining employees, and copyright infringement lawsuits challenging the company's future prospects. The full expose can be read via Forbes (paywalled).

An anonymous reader shares a report: Echoing the past two years of Rust evangelism and C/C++ ennui, Google reports that Rust shines in production, to the point that its developers are twice as productive using the language compared to C++. Speaking at the Rust Nation UK Conference in London this week, Lars Bergstrom, director of engineering at Google, who works on Android Platform Tools & Libraries, described the web titan's experience migrating projects written in Go or C++ to the Rust programming language.

Bergstrom said that while Dropbox in 2016 and Figma in 2018 offered early accounts of rewriting code in memory-safe Rust - and doubts about productivity and the language have subsided - concerns have lingered about its reliability and security. "Even six months ago, this was a really tough conversation," he said. "I would go and I would talk to people and they would say, 'Wait, wait you have an `unsafe` keyword. That means we should all write C++ until the heat death of the Universe.'"

But there's been a shift in awareness across the software development ecosystem, Bergstrom argued, about the challenges of using non-memory safe languages. Such messaging is now coming from government authorities in the US and other nations who understand the role software plays in critical infrastructure. The reason is that the majority of security vulnerabilities in large codebases can be traced to memory security bugs. And since Rust code can largely if not totally avoid such problems when properly implemented, memory safety now looks a lot like a national security issue.

An anonymous reader quotes a report from Android Police, written by Dhruv Bhutani: As someone who is an early adopter of all things smart and has invested a significant amount of money in building a fancy smart home, it saddens me to say that I feel cheated by the thousands of dollars I've spent on smart devices. And it's not a one-off. Amazon's recent move to block off local ADB connections on Fire TV devices is the latest example in a long line of grievances. A brand busy wrestling away control from the consumer after they've bought the product, the software update gimps a feature that has been present on the hardware ever since it launched back in 2014. ADB-based commands let users take deep control of the hardware, and in the case of the Fire TV hardware, it can drastically improve the user experience. [...] A few years ago, I decided to invest in the NVIDIA Shield. The premium streamer was marketed as a utopia for streaming online and offline sources with the ability to plug in hard drives, connect to NAS drives, and more. At launch, it did precisely that while presenting a beautiful, clean interface that was a joy to interact with. However, subsequent updates have converted what was otherwise a clean and elegant solution to an ad-infested overlay that I zoom past to jump into my streaming app of choice. This problem isn't restricted to just the Shield. Even my Google TV running Chromecast has a home screen that's more of an advertising space for Google than an easy way to get to my content.

But why stop at streaming boxes? Google's Nest Hubs are equal victims of feature deterioration. I've spent hundreds of dollars on Nest Hubs and outfitted them in most of my rooms and washrooms. However, Google's consistent degradation of the user experience means I use these speakers for little more than casting music from the Spotify app. The voice recognition barely works on the best of days, and when it does, the answers tend to be wildly inconsistent. It wasn't always the case. In fact, at launch, Google's Nest speakers were some of the best smart home interfaces you could buy. You'd imagine that the experience would only improve from there. That's decidedly not the case. I had high hopes that the Fuchsia update would fix the broken command detection, but that's also not the case. And good luck to you if you decided to invest in Google Assistant-compatible displays. Google's announcement that it would no longer issue software or security updates to third-party displays like the excellent Lenovo Smart Display, right after killing the built-in web browser, is pretty wild. It boggles my mind that a company can get away with such behavior.

Now imagine the plight of Nest Secure owners. A home security system isn't something one expects to switch out for many many years. And yet, Google decided to kill the Nest Secure home monitoring solution merely three years after launching the product range. While I made an initial investment in the Nest ecosystem, I've since switched over to a completely local solution that is entirely under my control, stores data locally, and won't be going out of action because of bad decision-making by another company. "It's clear to me that smart home devices, as they stand, are proving to be very poor investments for consumers," Bhutani writes in closing. "Suffice it to say that I've paused any future investments in smart devices, and I'll be taking a long and hard look at a company's treatment of its current portfolio before splurging out more cash. I'd recommend you do the same."

An anonymous reader shares a report: Generative AI search engine Perplexity, which claims to be a Google competitor and recently snagged a $73.6 million Series B funding from investors like Jeff Bezos, is going to start selling ads, the company told ADWEEK. Perplexity uses AI to answer users' questions, based on web sources. It incorporates videos and images in the response and even data from partners like Yelp. Perplexity also links sources in the response while suggesting related questions users might want to ask.

These related questions, which account for 40% of Perplexity's queries, are where the company will start introducing native ads, by letting brands influence these questions, said company chief business officer Dmitry Shevelenko. When a user delves deeper into a topic, the AI search engine might offer organic and brand-sponsored questions. Perplexity will launch this in the upcoming quarters, but Shevelenko declined to disclose more specifics. While Perplexity touts on its site that search should be "free from the influence of advertising-driven models," advertising was always in the cards for the company. "Advertising was always part of how we're going to build a great business," said Shevelenko.

Google plans to destroy a trove of data that reflects millions of users' web-browsing histories, part of a settlement of a lawsuit that alleged the company tracked millions of users without their knowledge. WSJ: The class action, filed in 2020, accused Google of misleading users about how Chrome tracked the activity of anyone who used the private "Incognito" browsing option. The lawsuit alleged that Google's marketing and privacy disclosures didn't properly inform users of the kinds of data being collected, including details about which websites they viewed. The settlement details, filed Monday in San Francisco federal court, set out the actions the company will take to change its practices around private browsing. According to the court filing, Google has agreed to destroy billions of data points that the lawsuit alleges it improperly collected, to update disclosures about what it collects in private browsing and give users the option to disable third-party cookies in that setting.

The agreement doesn't include damages for individual users. But the settlement will allow individuals to file claims. Already the plaintiff attorneys have filed 50 in California state court. Attorney David Boies, who represents the consumers in the lawsuit, said the settlement requires Google to delete and remediate "in unprecedented scope and scale" the data it improperly collected. "This settlement is an historic step in requiring honesty and accountability from dominant technology companies," Boies said.

"Be it enacted by the Legislature of the State of Arizona..." reads the official text of House Bill #2,477. "PLUTO IS THE OFFICIAL STATE PLANET."

An anonymous reader shared this report from Capital Media Services: The governor signed legislation Friday designating Pluto as Arizona's "official state planet." It joins a list of other items the state has declared to be "official,'' ranging from turquoise as the state gemstone and copper as the state metal to the Sonorasaurus as the state dinosaur. "I am proud of Arizona's pioneering work in space discovery," governor Hobbs said.

What makes Pluto unique and ripe for claim by Arizona is that it is the only planet actually discovered in the United States, and the discovery was made in Flagstaff. Rep. Justin Wilmeth, a Phoenix Republican and self-described "history nerd,'' said that needed to be commemorated, starting with the legacy of astronomer Clyde Tombaugh. In 1930, Tombaugh was working at the Lowell Observatory in Flagstaff. "The whole story of Clyde is just amazing, just sitting there under the telescope'' looking for planets by taking photos over a period of time, said Wilmeth. "It was two different glass planes that had one little spec of light moving in a different direction,'' showing it wasn't just another star — and all by observation and not computers. "To me, that's something that's just mind boggling."
"The International Astronomical Union voted years ago to strip Pluto of its official status as a planet," the article points out, noting that its official definition specifies that planets "clear the neighboring region of other objects." (While Pluto "has such a small gravitational pull, it has not attracted and absorbed other space rocks in its orbit".)

So in 2006 Pluto was reclassified as a dwarf planet, according to a NASA web page. "Pluto is about 1/6 the width of Earth," and has a radius of 715 miles or 1,151 kilometers. "If Earth was the size of a nickel, Pluto would be about as big as a popcorn kernel."

Long-time Slashdot reader Baron_Yam called Arizona's new legislation "How to advertise you are ignorant. Scientists said something we don't like, so we'll make a law!" They can call it their "State Planet" all they want, but people who actually know about the skies will be mocking them for it. While there is nostalgia for the old classification, and the new one isn't perfect... it's certainly more meaningful when trying to divide up the objects of a planetary system for study.
Reached for a comment by Capital Media Services, Representative Wilmeth said "It might matter to some that are going to get picky or persnickety about stuff... There's several generations of Americans ... who believe that Pluto's a planet — or at least that's what we were taught. I'm never going to think differently. That's just my personal opinion." (The news site adds that "What is important, Wilmeth said, is remembering the history and promoting it.")

Five senators in Arizona's state legislatur did vote against the measure — though not all of them did so for scientific reasons, Senator Anthony Kern explained to Capital Media Services. "I did not want to discriminate against those who wanted Mars, Venus, Jupiter, or everyone's favorite, Uranus."

"Sail to a continent as mysterious as outer-space itself," the new web site urges.

"William Shatner saw Earth from the highest view," writes Scripps News Service. "Now he's heading to the bottom of it — and inviting you to join him." The 93-year-old is setting sail for Antarctica on Dec. 19, which will mark just over three years since the "Star Trek" actor returned from a trip to space in real life, not just as Captain James T. Kirk. Fellow space traveler NASA astronaut Scott Kelly will join Shatner on the 10-day Space2Sea expedition, and 260 others can too — if they pay for their $37,500 ticket.

The cheapest suite — priced at $35,500 — along with the top three most expensive ones — reaching $91,500 — are already sold out. Presented by Future of Space, the trip aboard the new "ultra-luxury" vessel is said to be full of "awe-inspiring experiences," including "intimate encounters" with penguins, visits to remote historical locations and evenings full of stories from "esteemed guests," like Shatner. Travelers can also kayak the waters or go down deep under the ice in submersibles, both for additional charges...

Shatner said he experienced something called the "overview effect" while viewing the Earth from space. The overview effect, coined by space philosopher and author Frank White, refers to a shift in how astronauts think about our life on the planet, described by White as "the feeling that the Earth itself is a whole system, and we're just a part of it." It's also realizing through experience that there are no borders or boundaries on Earth. It's often marked by feelings of increased appreciation of the planet's beauty. Shatner's invitation to "fellow explorers" for the Space2Sea expedition seem to echo this phenomenon, with the actor saying he didn't expect to be "captivated by the fragile, blue curve of our planet" when flying on Blue Origin's rocket.