An anonymous reader quotes a report from MIT Technology Review: When computer science students and faculty at Carnegie Mellon University's Institute for Software Research returned to campus in the summer of 2020, there was a lot to adjust to. Beyond the inevitable strangeness of being around colleagues again after months of social distancing, the department was also moving into a brand-new building: the 90,000-square-foot, state-of-the-art TCS Hall. The hall's futuristic features included carbon dioxide sensors that automatically pipe in fresh air, a rain garden, a yard for robots and drones, and experimental super-sensing devices called Mites. Mounted in more than 300 locations throughout the building, these light-switch-size devices can measure 12 types of data -- including motion and sound. Mites were embedded on the walls and ceilings of hallways, in conference rooms, and in private offices, all as part of a research project on smart buildings led by CMU professor Yuvraj Agarwal and PhD student Sudershan Boovaraghavan and including another professor, Chris Harrison. "The overall goal of this project," Agarwal explained at an April 2021 town hall meeting for students and faculty, is to "build a safe, secure, and easy-to-use IoT [Internet of Things] infrastructure," referring to a network of sensor-equipped physical objects like smart light bulbs, thermostats, and TVs that can connect to the internet and share information wirelessly.

Not everyone was pleased to find the building full of Mites. Some in the department felt that the project violated their privacy rather than protected it. In particular, students and faculty whose research focused more on the social impacts of technology felt that the device's microphone, infrared sensor, thermometer, and six other sensors, which together could at least sense when a space was occupied, would subject them to experimental surveillance without their consent. "It's not okay to install these by default," says David Widder, a final-year PhD candidate in software engineering, who became one of the department's most vocal voices against Mites. "I don't want to live in a world where one's employer installing networked sensors in your office without asking you first is a model for other organizations to follow." All technology users face similar questions about how and where to draw a personal line when it comes to privacy. But outside of our own homes (and sometimes within them), we increasingly lack autonomy over these decisions. Instead, our privacy is determined by the choices of the people around us. Walking into a friend's house, a retail store, or just down a public street leaves us open to many different types of surveillance over which we have little control. Against a backdrop of skyrocketing workplace surveillance, prolific data collection, increasing cybersecurity risks, rising concerns about privacy and smart technologies, and fraught power dynamics around free speech in academic institutions, Mites became a lightning rod within the Institute for Software Research.

Voices on both sides of the issue were aware that the Mites project could have an impact far beyond TCS Hall. After all, Carnegie Mellon is a top-tier research university in science, technology, and engineering, and how it handles this research may influence how sensors will be deployed elsewhere. "When we do something, companies [and] other universities listen," says Widder. Indeed, the Mites researchers hoped that the process they'd gone through "could actually be a blueprint for smaller universities" looking to do similar research, says Agarwal, an associate professor in computer science who has been developing and testing machine learning for IoT devices for a decade. But the crucial question is what happens if -- or when -- the super-sensors graduate from Carnegie Mellon, are commercialized, and make their way into smart buildings the world over. The conflict is, in essence, an attempt by one of the world's top computer science departments to litigate thorny questions around privacy, anonymity, and consent. But it has deteriorated from an academic discussion into a bitter dispute, complete with accusations of bullying, vandalism, misinformation, and workplace retaliation. As in so many conversations about privacy, the two sides have been talking past each other, with seemingly incompatible conceptions of what privacy means and when consent should be required. Ultimately, if the people whose research sets the agenda for technology choices are unable to come to a consensus on privacy, where does that leave the rest of us?

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. KrebsOnSecurity reports: Sources tell KrebsOnsecurity the domain seizures coincided with "dozens" of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data. Active since 2018, Genesis Market's slogan has long been, "Our store sells bots with logs, cookies, and their real fingerprints." Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials.

But earlier today, multiple domains associated with Genesis had their homepages replaced with a seizure notice from the FBI, which said the domains were seized pursuant to a warrant issued by the U.S. District Court for the Eastern District of Wisconsin. But sources close to the investigation tell KrebsOnSecurity that law enforcement agencies in the United States, Canada and across Europe are currently serving arrest warrants on dozens of individuals thought to support Genesis, either by maintaining the site or selling the service bot logs from infected systems. The seizure notice includes the seals of law enforcement entities from several countries, including Australia, Canada, Denmark, Germany, the Netherlands, Spain, Sweden and the United Kingdom. [...]

One feature of Genesis that sets it apart from other bot shops is that customers can retain access to infected systems in real-time, so that if the rightful owner of an infected system creates a new account online, those new credentials will get stolen and displayed in the web-based panel of the Genesis customer who purchased that bot. "While some infostealers are designed to remove themselves after execution, others create persistent access," reads a March 2023 report from cybersecurity firm SpyCloud. "That means bad actors have access to the current data for as long as the device remains infected, even if the user changes passwords. SpyCloud says Genesis even advertises its commitment to keep the stolen data and the compromised systems' fingerprints up to date. "According to our research, Genesis Market had more than 430,000 stolen identities for sale as of early last year -- and there are many other marketplaces like this one," the SpyCloud report concludes.

Longtime Slashdot reader Esther Schindler writes: When you learn a new tool/technology, you need to create a sample application, which cannot use real in-house data. Why not use something fun for the sample application's data, such as a Star Wars API or a data collection about World Cup contests? Esther Schindler, Slashdot user #16185, assembled a groovy collection of datasets that may be useful but also may be a source of fascinating internet rabbit holes. For those interested in datasets, Esther also recommends the Data is Plural newsletter and the website ResearchBuzz, which shares dataset descriptions as well as archive-related news and tools.

"Google Research maintains a search site for test datasets, too, if you know what you're looking for," adds Esther. There's also, of course, Kaggle.com.

Google today promoted the Chrome 112 web browser to their stable channel on all supported platforms. Phoronix reports: Starting as an origin trial with Chrome 112 is WebAssembly (WASM) Garbage Collection support. Yes, garbage collection to allow for efficient support for high-level managed languages with WebAssembly. This trial support allows for compilers targeting WASM to integrate with a garbage collector in the host VM. Also on the WebAssembly front with today's Chrome browser update is making WebAssembly tail call support available out of the box. This adds explicit tail call and indirect tail call opcodes. This support is useful for correct/efficient implementations of languages that require tail call elimination, compilation of control constructs that can be implemented with it, and other computations being expressed as WASM functions.

Meanwhile by default in Chrome 112 is now CSS nesting support as the ability to nest CSS style rules inside other style rules for increasing modularity and maintainability of style sheets. Chrome 112 also adds support for the CSS animation-composition property. Behind a developer flag is also the background-blur feature that allows using a native platform's API for camera background segmentation. This is intended for use with web-based video conferencing applications running within the web browser to make use of native platform APIs. A full list of changes is available on the Chrome Releases blog.

An anonymous reader quotes a report from TechCrunch: Writing a report on the state of AI must feel a lot like building on shifting sands: by the time you hit publish, the whole industry has changed under your feet. But there are still important trends and takeaways in Stanford's 386-page bid to summarize this complex and fast-moving domain. The AI Index, from the Institute for Human-Centered Artificial Intelligence, worked with experts from academia and private industry to collect information and predictions on the matter. As a yearly effort (and by the size of it, you can bet they're already hard at work laying out the next one), this may not be the freshest take on AI, but these periodic broad surveys are important to keep one's finger on the pulse of industry.

This year's report includes "new analysis on foundation models, including their geopolitics and training costs, the environmental impact of AI systems, K-12 AI education, and public opinion trends in AI," plus a look at policy in a hundred new countries. But the report goes into detail on many topics and sub-topics, and is quite readable and non-technical. Only the dedicated will read all 300-odd pages of analysis, but really, just about any motivated body could.

For the highest-level takeaways, let us just bullet them here:

- AI development has flipped over the last decade from academia-led to industry-led, by a large margin, and this shows no sign of changing.
- It's becoming difficult to test models on traditional benchmarks and a new paradigm may be needed here.
- The energy footprint of AI training and use is becoming considerable, but we have yet to see how it may add efficiencies elsewhere.
- The number of "AI incidents and controversies" has increased by a factor of 26 since 2012, which actually seems a bit low.
- AI-related skills and job postings are increasing, but not as fast as you'd think.
- Policymakers, however, are falling over themselves trying to write a definitive AI bill, a fool's errand if there ever as one.
- Investment has temporarily stalled, but that's after an astronomic increase over the last decade.
- More than 70% of Chinese, Saudi, and Indian respondents felt AI had more benefits than drawbacks. Americans? 35%. The full report can be found here.

eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware. BleepingComputer reports: eFile.com was caught serving malware, as spotted by multiple users and researchers. The malicious JavaScript file in question is called 'popper.js'. The development comes at a crucial time when U.S. taxpayers are wrapping up their IRS tax returns before the April 18th due date. BleepingComputer can confirm, the malicious JavaScript file 'popper.js' was being loaded by almost every page of eFile.com, at least up until April 1st. As of today, the file is no longer seen serving the malicious code.

On March 17th, a Reddit thread surfaced where multiple eFile.com users suspected the website was "hijacked." At the time, the website showed an SSL error message that, some suspected, was fake and indicative of a hack. Turns out that's indeed the case. [...] The malicious JavaScript file 'update.js', further attempts to prompt users to download next stage payload, depending on whether they are using Chrome [update.exe - VirusTotal] or Firefox [installer.exe - VirusTotal]. Antivirus products have already started flagging these executables as trojans.

BleepingComputer has independently confirmed these binaries establish a connection to a Tokyo-based IP address, 47.245.6.91, that appears to be hosted with Alibaba. The same IP also hosts the illicit domain, infoamanewonliag[.]online associated with this incident. Security research group, MalwareHunterTeam further analyzed these binaries, and stated that these contain Windows botnets written in PHP -- a fact that the research group mocked. Additionally, the group called out eFile.com for leaving the malicious code on its website for weeks: "So, the website of [efile.com]... got compromised at least around middle of March & still not cleaned," writes MalwareHunterTeam.

A German court has ordered hosting provider Uberspace to take the website of the open-source youtube-dl software offline. The ruling is the result of a copyright infringement lawsuit, filed by Sony, Warner and Universal last year. Uberspace will appeal the verdict and, meanwhile, youtube-dl's code remains available on GitHub. TorrentFreak reports: After hearing both sides, the district court of Hamburg ruled on the matter last week, handing a clear win to the music companies. The verdict wasn't immediately made available to the public but the music companies were quick to claim the win in a press release, stating that Uberspace must take youtube-dl's website offline. According to Frances Moore, CEO of the global music industry group IFPI, the court's decision once again confirms that stream-ripping software is illegal.

"YouTube-DL's services have enabled users to stream rip and download copyrighted music without paying. The Hamburg Regional Court's decision builds on a precedent already set in Germany and underscores once again that hosting stream-ripping software of this type is illegal. "We continue to work globally to address the problem of stream ripping, which is draining revenue from those who invest in and create music," Moore adds. Interestingly, the open source youtube-dl code remains available on the Microsoft-owned developer platform GitHub. Whether the music companies have any plans to target the problem at this source is unknown.

Uberspace's legal representative German Society for Civil Rights (GFF) informs TorrentFreak that the decision doesn't come as a total surprise since the court already declared YouTube's "rolling cipher" to be an effective technical protection measure in an earlier case. That said, the defense believes that the order, which effectively amounts to a blanket ban on youtube-dl, failed to take the software's potentially legitimate uses into account. In addition, GFF believes that the court's decision severely restricts the hosting provider's freedom to operate. "If web hosts have to delete an entire website on demand of the rightsholders even in complex situations with no legal precedent, this poses a threat to the business model of web hosts and ultimately to the free flow of information on the Internet." Uberspace says it will appeal the judgement and GFF is confident the hosting provider will ultimately prevail.

An anonymous reader quotes a report from the Washington Post: Amazon has branded itself as a climate crusader, touting its commitment to renewable energy and sustainable practices. But in Oregon, it helped quietly quash a climate bill that would have regulated its data centers. The bill would have set a 100 percent carbon emissions reduction deadline of 2040 for high energy users. Its goal was to rein in industries with outsize carbon footprints, like cryptocurrency mines and data centers, of which Amazon is planning three more in the state that would be powered by fossil fuels. Though the bill would have matched the timeline of Amazon's own "Climate Pledge," which promises net-zero carbon emissions by 2040, the company helped kill it, said Oregon state Rep. Pam Marsh.

"Amazon's representatives were in the Capitol lobbying against the bill from the very first moment of discussion," said Marsh, chair of the Oregon House climate committee and sponsor of the bill, HB2816. Though Amazon did not testify publicly, Marsh said the company's lobbyists helped organize the opposition and "successfully nurtured fear that our energy requirements would drive away the development of data centers." "No one wants that," Marsh continued, "but we do want them to use energy in a responsible, sustainable manner."

In addition to the Climate Pledge, Amazon has set a goal of moving entirely to renewable energy by 2025; the company has spent millions on solar and wind energy projects and is the largest private purchaser of clean energy. From its $2 billion climate fund to the Climate Pledge, Amazon has invested heavily in creating the perception that it's an environmental leader. But its dealings in Oregon show that, behind the scenes, it wants to call the shots on how that transition happens. Amazon spokesperson David Ward said in a statement that "a number of organizations, including Amazon, oppose HB2816 because the bill does not address the build-out of electric infrastructure that is needed to bring more clean energy to the grid."

"Building new renewable projects requires infrastructure investments in the grid and today there are hurdles in key areas like permitting and interconnection," he continued. "Accelerating energy infrastructure permitting and interconnections for renewables like solar and wind would have a greater impact on reducing emissions, bringing more clean energy to the grid, and helping achieve our goal of accessing more clean energy in Oregon."

Oregon's biggest business organizations are all opposed to the bill, reports Government Technology. "That includes Oregon Business & Industry and the Technology Association of Oregon, and the national trade group TechNet." Aside from Amazon and its lobbying behind the scenes, no other major tech company has taken a position on the bill.

Amazon laid off about 100 employees in its video-game divisions as part of its broader cutbacks, affecting workers at Prime Gaming, Game Growth and the company's San Diego studio. From a report: "Our resources will be aligned to support our focus on content," Games Vice President Christoph Hartmann wrote in a memo to employees Tuesday. "Going forward, we will continue to invest in our internal development efforts, and our teams will continue to grow as our projects progress." Amazon has struggled to capitalize on its resources in gaming, including through its Crown channel, an entertainment show on the Twitch streaming service. Twitch recently cut about 400 positions. The company has canceled and even removed titles from sale since the division kicked off in 2012. Amazon has only released one internally developed game -- the online role-playing title New World, which suffered a steep decline in its player base after the September 2021 launch. The Irvine, California-based New World team will continue to grow, Hartmann said.

Virtual reality hasn't caught on with American teens, according to a new survey from Piper Sandler released on Tuesday. From a report: While 29% percent of teens polled owned a VR device -- versus 87% who own iPhones -- only 4% of headset owners used it daily, the investment firm found, and 14% used them weekly. In addition, teenagers didn't seem that interested in buying forthcoming VR headsets. Only 7% said they planned to purchase a headset, versus 52% of teens polled who were unsure or uninterested. The survey results suggest that virtual reality hardware and software has yet to catch on with the public despite billions of dollars in investment in the technology from Big Tech companies and a number of low-cost headsets on the market. Teenagers are often seen as early adopters of new technology and their preferences can provide a preview of where the industry is going.

Atlassian customers' eleven-year quest for custom domains continues, with the Australian upstart's proposed solution failing to satisfy. The Register: As The Register reported in 2022, Atlassian floated the idea of custom domains for its custom apps in 2011. Yes, 2011. The ticket for the change is called "CLOUD 6999" and has become infamous for the length of time it has remained unresolved. An unidentified wag has even made t-shirts bearing the CLOUD 6999 name. Atlassian promised last year to sort it out some time in 2023, and in February posted an update on its initial designs.

It hasn't gone down well. Atlassian's proposed solution requires "a company-branded domain name, a list of options for the 1st-level subdomain keyword, and a 2nd-level subdomain at your own choice." Atlassian cloud admin experience chap Luke Liu explained that structure as delivering URLs such as internal.support.acme.com or people.knowledge.acme.org. One of Atlassian's stated company values is "Don't #@!% the customer." But plenty of Atlassian customers feel well and truly #@!%ed by the custom domain plan. "The cloud roadmap specifically uses an example of 1 level," wrote one commenter on the 1,445-item thread discussing CLOUD 6999. "The team managing this seems to be completely lost and disconnected from the user base."

Virgin Orbit, founded by Richard Branson, filed for Chapter 11 bankruptcy on Tuesday after the satellite launching business struggled to secure long-term funding following a failed launch in January. From a report: The filing comes less than two years after Virgin Orbit first went public at a valuation of roughly $3 billion. But the January mishap left the company scrambling for new funding and forced it to halt operations. "We believe that the Chapter 11 process represents the best path forward to identify and finalize an efficient and value-maximizing sale," Virgin Orbit Chief Executive Dan Hart said in a statement. The company, which was spun off from space tourism firm Virgin Galactic in 2017, sends satellites into orbit using rockets launched from a modified Boeing 747 plane. The Long Beach, California-based company lodged the filing seeking a sale of its assets in a Delaware court days after announcing the layoff of roughly 85% of its 750 employees. Virgin Orbit listed assets of about $243 million and total debt at $153.5 million as of Sept. 30. The company went public in December 2021 through a blank-check merger, raising $255 million less than expected.

One of mathematics' most intriguing visual mysteries has finally been solved -- thanks to a hobbyist in England. From a report: The conundrum: is there a shape that can be arranged in a tile formation, interlocking with itself ad infinitum, without the resulting pattern repeating over and over again? In nature and on our bathroom walls, we typically see tile patterns that repeat in "a very predictable, regular way," says Dr Craig Kaplan, an associate professor of computer science at the University of Waterloo in Ontario. What mathematicians were interested in were shapes that "guaranteed non-periodicity" -- in other words, there was no way to tile them so that the overall pattern created a repeating grid. Such a shape would be known as an aperiodic monotile, or "einstein" shape, meaning, in roughly translated German, "one shape" (and conveniently echoing the name of a certain theoretical physicist).

"There's been a thread of beautiful mathematics over the last 60 years or so searching for ever smaller sets of shapes that do this," Kaplan says. "The first example of an aperiodic set of shapes had over 20,000 shapes in it. And of course, mathematicians worked to get that number down over time. And the furthest we got was in the 1970s," when the Nobel-prize winning physicist Roger Penrose found pairs of shapes that fit the bill. Now, mathematicians appear to have found what they were looking for: a 13-sided shape they call "the hat." The discovery was largely the work of David Smith of the East Riding of Yorkshire, who had a longstanding interest in the question and investigated the problem using an online geometry platform. Once he'd found an intriguing shape, he told the New York Times, he would cut it out of cardstock and see how he could fit the first 32 pieces together. "I am quite persistent but I suppose I did have a bit of luck," Smith told the Guardian in an email.

Google is backtracking on its decision to put a file creation cap on Google Drive. From a report: Around two months ago, the company decided to cap all Google Drive users to 5 million files, even if they were paying for extra storage. The company did this in the worst way possible, rolling out the limit as a complete surprise and with no prior communication. Some users logged in to find they were suddenly millions of files over the new limit and unable to upload new files until they deleted enough to get under the limit. Some of these users were businesses that had the sudden file cap bring down their systems, and because Google never communicated that the change was coming, many people initially thought the limitation was a bug.

Apparently, sunshine really is the best disinfectant. The story made the tech news rounds on Friday, and Ars got Google on the record saying that the file cap was not a bug and was actually "a safeguard to prevent misuse of our system in a way that might impact the stability and safety of the system." After the weekend reaction to "Google Drive's Secret File Cap!" Google announced on Twitter Monday night that it was rolling back the limit. [...] Google told us it initially rolled the limitation out to stop what it called "misuse" of Drive, and with the tweet saying Google wants to "explore alternate approaches to ensure a great experience for all," it sounds like we might see more kinds of Drive limitations in the future.

The newest startup accelerator from Amazon aims to attract companies building generative AI technologies. From a report: The Amazon Web Services accelerator, revealed Tuesday, is a 10-week program aims to "empower companies applying generative AI to solutions from legal and marketing, to software engineering, green energy, and life sciences, including drug discovery." It also provides up to $300,000 in AWS credits. The hybrid program is open to all startups, with two week-long in-person events in San Francisco. AWS does not take equity from participating companies. The accelerator is a way for Amazon to draw early-stage startups into its cloud ecosystem.

The stress on the financial sector caused by two bank failures in the United States last month is still a threat and should be addressed by a reimagining of the regulatory process, according to JPMorgan Chase CEO Jamie Dimon. From a report: "As I write this letter, the current crisis is not yet over, and even when it is behind us, there will be repercussions from it for years to come," the longtime CEO said in his annual letter to shareholders Tuesday. "But importantly, recent events are nothing like what occurred during the 2008 global financial crisis," he added. The recent banking issues in the U.S. began with the collapse of Silicon Valley Bank, which was closed by regulators on March 10 as depositors pulled tens of billions of dollars from the bank. The smaller Signature Bank was closed two days later. And in Europe, Swiss regulators brokered a purchase of Credit Suisse by UBS.

JPMorgan and other large banks stepped in to make $30 billion of deposits at First Republic, another regional lender that investors feared could become the next SVB. The stress on the regional banks has led investors and analysts to suggest that the too big to fail institutions would be a beneficiary of the crisis, but Dimon said JPMorgan wants to strengthen the smaller banks for the benefit of the whole financial system. "Any crisis that damages Americans' trust in their banks damages all banks -- a fact that was known even before this crisis. While it is true that this bank crisis 'benefited' larger banks due to the inflow of deposits they received from smaller institutions, the notion that this meltdown was good for them in any way is absurd," Dimon wrote. Dimon also cautioned against knee-jerk changes to the regulatory system. He wrote that most of the risks, including the potential losses from held-to-maturity bonds, were "hiding in plain sight." The interconnected network of SVB's deposit base was the unknown variable, he said. "The recent failures of Silicon Valley Bank (SVB) in the United States and Credit Suisse in Europe, and the related stress in the banking system, underscore that simply satisfying regulatory requirements is not sufficient. Risks are abundant, and managing those risks requires constant and vigilant scrutiny as the world evolves," Dimon wrote.

Microsoft has just officially unveiled the Surface Thunderbolt 4 Dock hours after the device leaked. From a report: Priced at $299.99, the new Surface dock will connect over USB-C instead of the proprietary Surface Connect port. Microsoft is planning to keep selling its Surface Dock 2, complete with the Surface Connect port that's designed for Surface devices that don't have USB-C or Thunderbolt 4. This new Surface Thunderbolt 4 Dock will support devices other than Surface for the first time. You can connect to it via USB-C, and it supports data transfer speeds of up to 40Gbps and 96W charging thanks to Thunderbolt 4. At the front, there is a single USB-C port alongside a USB-A port but sadly no SD card slot. The rear of the Surface Thunderbolt 4 Dock has two USB-C ports, two USB-A ports, a 2.5-gigabit ethernet port, an audio jack, and a security lock slot.

Apple said that some users are experiencing disruptions of its weather app on Tuesday, citing a data provider issue. From a report: The Cupertino, California-based company said on its website that issues for the app were reported at 11 p.m. New York time Monday and continued Tuesday. Apple said that precipitation forecasts for the next hour may be unavailable in Alaska "due to a data provider outage," but disruptions appear to be across various cities. All other services, such as the App Store, Apple TV and FaceTime, appear to be available and working without issue.

An annual report on AI progress has highlighted the increasing dominance of industry players over academia and government in deploying and safeguarding AI applications. From a report: The 2023 AI Index -- compiled by researchers from Stanford University as well as AI companies including Google, Anthropic, and Hugging Face -- suggests that the world of AI is entering a new phase of development. Over the past year, a large number of AI tools have gone mainstream, from chatbots like ChatGPT to image-generating software like Midjourney. But decisions about how to deploy this technology and how to balance risk and opportunity lie firmly in the hands of corporate players.

The AI Index states that, for many years, academia led the way in developing state-of-the-art AI systems, but industry has now firmly taken over. "In 2022, there were 32 significant industry-produced machine learning models compared to just three produced by academia," it says. This is mostly due to the increasingly large resource demands -- in terms of data, staff, and computing power -- required to create such applications.

Frank founder Charlie Javice was charged with fraud in the $175 million sale of her college financial planning site to JPMorgan Chase. The charges include conspiracy, wire fraud, bank fraud and securities fraud. From a report: JPMorgan, which acquired Frank in 2021, sued Javice and another executive, Olivier Amar, in federal court in Delaware in December, alleging they used fake customer accounts to lead the bank into completing the deal by vastly inflating the number of people using her site.

Patients diagnosed with conditions like anxiety and sleep disorders have become caught in the crosshairs of America's opioid crisis, as secret policies mandated by a national opioid settlement have turned filling legitimate prescriptions into a major headache. Bloomberg reports: In July, limits went into effect that flag and sometimes block pharmacies' orders of controlled substances such as Adderall and Xanax when they exceed a certain threshold. The requirement stems from a 2021 settlement with the US's three largest drug distributors -- AmerisourceBergen Corp., Cardinal Health Inc. and McKesson Corp. But pharmacists said it curtails their ability to fill prescriptions for many different types of controlled substances -- not just opioids. Independent pharmacists said the rules force them come up with creative workarounds. Sometimes, they must send patients on frustrating journeys to find pharmacies that haven't yet exceeded their caps in order to buy prescribed medicines. It's unclear how the thresholds are impacting major chain pharmacies.

The Drug Enforcement Administration regulates the manufacturing, distribution and sale of controlled substances, which can be dangerous when used improperly. Drugmakers and wholesalers were always supposed to keep an eye out for suspicious purchases and have long had systems to catch, report and halt these orders. The prescription opioid crisis, enabled by irresponsible drug company marketing and prescribing, led to a slew of lawsuits and tighter regulations on many parts of the health system, including monitoring of suspicious orders. One major settlement required the three largest distributors to set thresholds on orders of controlled substances starting last July.

The "suspicious order" terminology is a bit of a misnomer, pharmacists said. The orders themselves aren't suspicious, it's just that the pharmacy has exceeded its limit for a specific drug over a certain time period. Any order that puts the pharmacy over its limit can be stopped. As a result, patients with legitimate prescriptions get caught up in the dragnet. Adding to the confusion, the limits themselves are secret. Drug wholesalers are barred by the settlement agreement from telling pharmacists what the thresholds are, how they're determined or when the pharmacy is getting close to hitting them. The exact limit for each pharmacy is kept secret in order to prevent pharmacists from gaming the system, according to Krista Tongring, leader of the DEA compliance practice at Guidepost Solutions and a former agency attorney. The purpose, she said, is to keep pharmacies from manipulating "their ordering patterns so as to get around the thresholds." According to a Cardinal Health document, limits are "calculated on a daily, monthly, and quarterly basis," reports Bloomberg. "But without more detailed information, it's impossible for pharmacists to predict when they are going to have to turn patients away."

"Pharmacies can request increases to their thresholds, but those take time to adjudicate, leaving patients scrambling to find their daily medicines elsewhere in the meantime."

The U.S. National Institute on Aging (NIA) is funding a 6-year, up to $300 million project to build a massive Alzheimer's research database that can track the health of Americans for decades and enable researchers to gain new insights on the brain-wasting disease. Reuters reports: The NIA, part of the government's National Institutes of Health (NIH), aims to build a data platform capable of housing long-term health information on 70% to 90% of the U.S. population, officials told Reuters of the grant, which had not been previously reported. The platform will draw on data from medical records, insurance claims, pharmacies, mobile devices, sensors and various government agencies, they said.

Tracking patients before and after they develop Alzheimer's symptoms is seen as integral to making advances against the disease, which can start some 20 years before memory issues develop. The database could help identify healthy people at risk for Alzheimer's, which affects about 6 million Americans, for future drug trials. It also aims to address chronic underrepresentation of people of color and different ethnicities in Alzheimer's clinical trials and could help increase enrollment from outside of urban academic medical centers.

Once built, the platform could also track patients after they receive treatments such as Leqembi, which won accelerated U.S. approval in January, and is widely expected to receive traditional FDA approval by July 6. The U.S. Medicare health plan for older adults will likely require such tracking in a registry as a condition of reimbursement for Leqembi. [T]he data platform could also help researchers working in other disease areas understand which patients are most at risk and the impact of medications. The grant, which was posted on March 13, has been years in the making. The funding announcement sets its earliest start date at April 2024, with a goal to establish an Alzheimer's registry 21 months later.