Apple will allow alternative iOS app stores and external payment systems in Brazil after settling an antitrust case with the country's competition authority, following a lawsuit brought by MercadoLibre back in 2022. Thurrott reports: Yesterday, Brazil's Conselho Administrativo de Defesa Economica (CADE) explained in its press release that it has approved a Term of Commitment to Cease (TCC) submitted by Apple. To settle the lawsuit, the iPhone maker has agreed to allow third-party iOS app stores in Brazil and to let developers use external payment systems. The company will also use neutral wording in the warning messages about third-party app stores and external payment systems that iOS users in Brazil will see.

As part of the settlement, Apple has 105 days to implement these changes to avoid a fine of up to $27.1 million. A separate report from Brazilian blog Tecnoblog revealed that Apple will still take a 5% "Core Technology Commission" fee on transactions going through alternative app stores. Additionally, the company will take a 15% cut on in-app purchases for App Store apps when developers redirect users to their own payment systems.

"Recent attacks show that hackers keep using the same tricks to sneak bad code into popular software registries," writes long-time Slashdot reader selinux geek, suggesting that "the real problem is how these registries are built, making these attacks likely to keep happening." After all, npm wasn't the only software library hit by a supply chain attack, argues the Linux Security blog. "PyPI and Docker Hub both faced their own compromises in 2025, and the overlaps are impossible to ignore." Phishing has always been the low-hanging fruit. In 2025, it wasn't just effective once — it was the entry point for multiple registry breaches, all occurring close together in different ecosystems... The real problem isn't that phishing happened. It's that there weren't enough safeguards to blunt the impact. One stolen password shouldn't be all it takes to poison an entire ecosystem. Yet in 2025, that's exactly how it played out...

Even if every maintainer spotted every lure, registries left gaps that attackers could walk through without much effort. The problem wasn't social engineering this time. It was how little verification stood between an attacker and the "publish" button. Weak authentication and missing provenance were the quiet enablers in 2025... Sometimes the registry itself offers the path in. When the failure is at the registry level, admins don't get an alert, a log entry, or any hint that something went wrong. That's what makes it so dangerous. The compromise appears to be a normal update until it reaches the downstream system... It shifts the risk from human error to systemic design.

And once that weakly authenticated code gets in, it doesn't always go away quickly, which leads straight into the persistence problem... Once an artifact is published, it spreads into mirrors, caches, and derivative builds. Removing the original upload doesn't erase all the copies... From our perspective at LinuxSecurity, this isn't about slow cleanup; it's about architecture. Registries have no universally reliable kill switch once trust is broken. Even after removal, poisoned base images replicate across mirrors, caches, and derivative builds, meaning developers may keep pulling them in long after the registry itself is "clean."
The article condlues that "To us at LinuxSecurity, the real vulnerability isn't phishing emails or stolen tokens — it's the way registries are built. They distribute code without embedding security guarantees. That design ensures supply chain attacks won't be rare anomalies, but recurring events."BR>
So in a world where "the only safe assumption is that the code you consume may already be compromised," they argue, developers should look to controls they can enforce themselves:

• Verify artifacts with signatures or provenance tools.
• Pin dependencies to specific, trusted versions.
• Generate and track SBOMs so you know exactly what's in your stack.
• Scan continuously, not just at the point of install.

With over 200 million people, Brazil is the world's fifth-largest country by population. Now it's testing a program that will allow Brazilians "to manage, own, and profit from their digital footprint," according to RestOfWorld.org — "the first such nationwide initiative in the world."

The government says it's partnering with California-based data valuation/monetization firm DrumWave to create "data savings account" to "transform data into economic assets, with potential for monetization and participation in the benefits generated by investing in technologies such as AI LLMs." But all based on "conscious and authorized use of personal information." RestOfWorld reports: Today, "people get nothing from the data they share," Brittany Kaiser, co-founder of the Own Your Data Foundation and board adviser for DrumWave, told Rest of World. "Brazil has decided its citizens should have ownership rights over their data...." After a user accepts a company's offer on their data, payment is cashed in the data wallet, and can be immediately moved to a bank account. The project will be "a correction in the historical imbalance of the digital economy," said Kaiser. Through data monetization, the personal data that companies aggregate, classify, and filter to inform many aspects of their operations will become an asset for those providing the data...

Brazil's project stands out because it brings the private sector and the government together, "so it has a better chance of catching on," said Kaiser. In 2023, Brazil's Congress drafted a bill that classifies data as personal property. The country's current data protection law classifies data as a personal, inalienable right. The new legislation gives people full rights over their personal data — especially data created "through use and access of online platforms, apps, marketplaces, sites and devices of any kind connected to the web." The bill seeks to ensure companies offer their clients benefits and financial rewards, including payment as "compensation for the collecting, processing or sharing of data." It has garnered bipartisan support, and is currently being evaluated in Congress...

If approved, the bill will allow companies to collect data more quickly and precisely, while giving users more clarity over how their data will be used, according to Antonielle Freitas, data protection officer at Viseu Advogados, a law firm that specializes in digital and consumer laws. As data collection becomes centralized through regulated data brokers, the government can benefit by paying the public to gather anonymized, large-scale data, Freitas told Rest of World. These databases are the basis for more personalized public services, especially in sectors such as health care, urban transportation, public security, and education, she said.
This first pilot program involves "a small group of Brazilians who will use data wallets for payroll loans," according to the article — although Pedro Bastos, a researcher at Data Privacy Brazil, sees downsides. "Once you treat data as an economic asset, you are subverting the logic behind the protection of personal data," he told RestOfWorld. The data ecosystem "will no longer be defined by who can create more trust and integrity in their relationships, but instead, it will be defined by who's the richest."

Thanks to Slashdot reader applique for sharing the news.

Google has announced that it will begin phasing out country code top-level domains (ccTLDs) such as google.ng and google.com.br, redirecting all traffic to google.com. The change comes after improvements in Google's localization capabilities rendered these separate domains unnecessary.

Since 2017, Google has provided identical local search experiences whether users visited country-specific domains or google.com. The transition will roll out gradually over the coming months, and users may need to re-establish search preferences during the migration.

An anonymous reader quotes a report from CoinTelegraph: Social media platform Meta has confirmed that its fact-checking feature on Facebook, Instagram and Threads will only be removed in the US for now, according to a Jan. 13 letter sent to Brazil's government. "Meta has already clarified that, at this time, it is terminating its independent Fact-Checking Program only in the United States, where we will test and refine the community notes [feature] before expanding to other countries," Meta told Brazil's Attorney General of the Union (AGU) in a Portuguese-translated letter.

Meta's letter followed a 72-hour deadline Brazil's AGU set for Meta to clarify to whom the removal of the third-party fact verification feature would apply. [...] Brazil has expressed dissatisfaction with Meta's removal of its fact check feature, Brazil Attorney-General Jorge Messias said on Jan. 10. "Brazil has rigorous legislation to protect children and adolescents, vulnerable populations, and the business environment, and we will not allow these networks to transform the environment into digital carnage or barbarity." Last Tuesday, Meta CEO Mark Zuckerberg announced an end to fact-checking on Facebook and Instagram -- a move he described as an attempt to restore free expression on its platforms. He likened his company's fact-checking process to a George Orwell novel, saying it "something out of 1984" and let to a broad belief that Meta fact-checkers "were too biased."

Brazil ended daylight saving time in 2019, reports the Washington Post, adding that some Brazilians loved the change, "particularly those who commute long distances and are no longer forced to leave their houses in pitch blackness." But "In the heavily populated southeast, the sky begins to brighten at the unconscionable hour of 4:30 a.m. during the summer, and by 8 a.m., it feels like high noon... Polls showed it ultimately lost majority support..."

And then "After several energy emergencies, and with the prospect of more to come as the effects of climate change intensify, the vanquished daylight saving time is suddenly looking a whole lot better than it once did to some in the Brazilian government." Authorities almost mandated the return of daylight saving — a portion of the calendar when clocks are turned forward to maximize seasonal daylight — late last year to conserve energy amid a historic drought that had threatened hydroelectric power generation and drove up light bills. The government is already laying the political groundwork to restore it as soon as this year...

Latin America's largest country is a global leader in green energy. An astounding 93 percent of its electricity comes from renewable sources, according to Brazil's Electric Energy Commercialization Chamber, the majority of which is hydropower. This strength, however, has also left it vulnerable to global warming. As temperatures have warmed and punishing droughts have grown more frequent, the country's water reserves have dropped precariously low at times, jeopardizing its primary source of energy. In 2021, an extended drought depleted the country's water stores, driving up light bills by an estimated 20 percent, according to the National Chamber of Electric Energy. Then came last year's drought, the worst in 70 years, and government officials started to look more seriously at daylight saving.

Alexandre Silveira [Brazil's mining and energy minister] said that month that the decision to eliminate daylight saving had been extravagance Brazil could scarcely afford. "It was massively irresponsible, without any basis in science," the energy official said. "We're living in a period of denial in Brazil in all aspects." José Sidnei Colombo Martini, an electrical engineer at the University of São Paulo, told The Washington Post that decision to end daylight saving amounted to a "national bet on whether it is going to rain." And the bet is expected to become increasingly risky as the years pass. "Brazil has always had a massive amount of available water compared to other countries — storing 12 percent of the planet's surface — but this is being altered," said Suely Araújo, public policy coordinator at the Climate Observatory. Estimates show "we could have a 40 percent reduction in our water availability in Brazil's principal hydro regions by 2040. Brazil has entered a new reality... "
Should other countries end Daylight Saving Time? "People and governments all over the world are having the same debate," the article points out, "often coming to conflicting conclusions." Countries including Azerbaijan, Mexico and Samoa have done away with daylight saving time. Meanwhile, Jordan, Namibia and Turkey have gone the opposite direction, opting for permanent daylight saving time. And Russia, discovering there's no way to tell time that pleases everyone, first tried permanent daylight saving time, then scuttled it.

Thomas Claburn reports via The Register: Meta allegedly tried to discredit university researchers in Brazil who had flagged fraudulent adverts on the social network's ad platform. Nucleo, a Brazil-based news organization, said it has obtained government documents showing that attorneys representing Meta questioned the credibility of researchers from NetLab, which is part of the Federal University of Rio de Janeiro (UFRJ). NetLab's research into Meta's ads contributed to Brazil's National Consumer Secretariat (Senacon) decision in 2023 to fine Meta $1.7 million (9.3 million BRL), which is still being appealed. Meta (then Facebook) was separately fined of $1.2 million (6.6 million BRL) related to Cambridge Analytica.

As noted by Nucleo, NetLab's report showed that Facebook, despite being notified about the issues, had failed to remove more than 1,800 scam ads that fraudulently used the name of a government program that was supposed to assist those in debt. In response to the fine, attorneys representing Meta from law firm TozziniFreire allegedly accused the NetLab team of bias and of failing to involve Meta in the research process. Nucleo says that it obtained the administrative filing through freedom of information requests to Senacon. The documents are said to date from December 26 last year and to be part of the ongoing case against Meta. A spokesperson for NetLab, who asked not to be identified by name due to online harassment directed at the organization's members, told The Register that the research group was aware of the Nucleo report. "We were kind of surprised to see the account of our work in this law firm document," the spokesperson said. "We expected to be treated with more fairness for our work. Honestly, it comes at a very bad moment because NetLab particularly, but also Brazilian science in general, is being attacked by far-right groups."

On Thursday, more than 70 civil society groups including NetLab published an open letter decrying Meta's legal tactics. "This is an attack on scientific research work, and attempts at intimidation of researchers and researchers who are performing excellent work in the production of knowledge from empirical analysis that have been fundamental to qualify the public debate on the accountability of social media platforms operating in the country, especially with regard to paid content that causes harm to consumers of these platforms and that threaten the future of our democracy," the letter says. "This kind of attack and intimidation is made even more dangerous by aligning with arguments that, without any evidence, have been used by the far right to discredit the most diverse scientific productions, including NetLab itself." The claim, allegedly made by Meta's attorneys, is that the ad biz was "not given the opportunity to appoint a technical assistant and present questions" in the preparation of the NetLabs report. This is particularly striking given Meta's efforts to limit research into its ad platform. A Meta spokesperson told The Register: "We value input from civil society organizations and academic institutions for the context they provide as we constantly work toward improving our services. Meta's defense filed with the Brazilian Consumer Regulator questioned the use of the NetLab report as legal evidence, since it was produced without giving us prior opportunity to contribute meaningfully, in violation of local legal requirements."

An anonymous reader quotes an op-ed from The Globe and Mail, written by Kate Robertson and Ron Deibert. Robertson is a senior research associate and Deibert is director at the University of Toronto's Citizen Lab. From the piece: A federal cybersecurity bill, slated to advance through Parliament soon, contains secretive, encryption-breaking powers that the government has been loath to talk about. And they threaten the online security of everyone in Canada. Bill C-26 empowers government officials to secretly order telecommunications companies to install backdoors inside encrypted elements in Canada's networks. This could include requiring telcos to alter the 5G encryption standards that protect mobile communications to facilitate government surveillance. The government's decision to push the proposed law forward without amending it to remove this encryption-breaking capability has set off alarm bells that these new powers are a feature, not a bug.

There are already many insecurities in today's networks, reaching down to the infrastructure layers of communication technology. The Signalling System No. 7, developed in 1975 to route phone calls, has become a major source of insecurity for cellphones. In 2017, the CBC demonstrated how hackers only needed a Canadian MP's cell number to intercept his movements, text messages and phone calls. Little has changed since: A 2023 Citizen Lab report details pervasive vulnerabilities at the heart of the world's mobile networks. So it makes no sense that the Canadian government would itself seek the ability to create more holes, rather than patching them. Yet it is pushing for potential new powers that would infect next-generation cybersecurity tools with old diseases.

It's not as if the government wasn't warned. Citizen Lab researchers presented the 2023 report's findings in parliamentary hearings on Bill C-26, and leaders and experts in civil society and in Canada's telecommunications industry warned that the bill must be narrowed to prevent its broad powers to compel technical changes from being used to compromise the "confidentiality, integrity, or availability" of telecommunication services. And yet, while government MPs maintained that their intent is not to expand surveillance capabilities, MPs pushed the bill out of committee without this critical amendment last month. In doing so, the government has set itself up to be the sole arbiter of when, and on what conditions, Canadians deserve security for their most confidential communications -- personal, business, religious, or otherwise. The new powers would only make people in Canada more vulnerable to malicious threats to the privacy and security of all network users, including Canada's most senior officials. [...] "Now, more than ever, there is no such thing as a safe backdoor," the authors write in closing. "A shortcut that provides a narrow advantage for the few at the expense of us all is no way to secure our complex digital ecosystem."

"Against this threat landscape, a pivot is crucial. Canada needs cybersecurity laws that explicitly recognize that uncompromised encryption is the backbone of cybersecurity, and it must be mandated and protected by all means possible."

"Aamrok 3.0, ported to Qt5/KDE Frameworks 5, has been released," writes Slashdot reader serafean. "With the heavy lifting being done, the Qt6/KF6 version is expected later in the year." Originally developed for Linux as part of the KDE desktop environment, Amarok is a free, cross-platform music player that supports various audio formats and a user interface that can be tailored to individual preferences. These are the main features/changes, as highlighted in a KDE blog post: FEATURES:
- Added a visual hint that context view applets can be resized in edit mode.
- Display missing metadata errors in Wikipedia applet UI.
- Add a button to stop automatic Wikipedia page updating. (BR 485813)

CHANGES:
- Replace defunct lyricwiki with lyrics.ovh as lyrics provider for now. (BR 455937)
- Show only relevant items in wikipedia applet right click menu (BR 323941), use monobook skin for opened links and silently ignore non-wikipedia links.
- Don't show non-functional play mode controls in dynamic mode (BR 287055) The changelog is available here. You can find the package on download.kde.org.

An anonymous reader quotes a report from TorrentFreak: Brazilian anti-piracy campaign 'Operation 404' has taken down many pirate sites and services over the past five years, but criminal prosecutions have been scarce. This week, anti-piracy group ALIANZA announced a "historic" victory: The operator of pirate IPTV service "Flash IPTV" was sentenced to more than five years in prison, marking the first criminal conviction of this kind in Brazil. [...] The operator of Flash IPTV, who is referred to by the initials A.W.A.P., was found guilty of criminal copyright infringement and sentenced to five years and four months in prison.

Flash IPTV was a relatively large IPTV service with 13,547 active users at its peak. According to local news reports, the service generated $912,000 in revenue over twelve months, before it was taken offline in 2020 as part of the second 'Operation 404' campaign. Speaking with TorrentFreak, ALIANZA says that this is a historic verdict, as it's the first criminal IPTV prosecution linked to 'Operation 404' in Brazil. "We appreciate the commitment of the police and judicial authorities in resolving this important case. The conviction of A.W.A.P. is a milestone that reinforces our commitment to defending the rights of creators and fighting against illegal practices that harm the creative economy," says Victor Roldan, ALIANZA's executive director.

While Operation 404 resulted in many arrests over the years, follow-up prosecutions have been rare in Brazil. Previously, ALIANZA did score a similar victory in Ecuador, where the operator of the pirate IPTV service IPTVlisto.com was sentenced to a year in prison. Last fall, Brazilian authorities conducted the sixth wave of Operation 404 and more are expected to follow in the future. These enforcement initiatives are broadly praised by rightsholders and the recent conviction will only strengthen their support.

An anonymous reader quotes a report from TorrentFreak: Brazil's telecoms regulator Anatel claims that during an operation last week, it successfully blocked around 80% of pirate 'TV boxes' in the country. Estimates from early 2023 suggest that seven million were active in Brazil. The operation, claimed to be the most significant ever carried out, arrives just weeks after Google & Cisco were criticized for "turning a blind eye" to the IPTV piracy problem. [...] Whatever the approach, if Anatel had somehow managed to prevent 80% of all TV boxes receiving pirated content in the space of a year, that would be an extraordinary achievement. Even a week would be astonishing but the claim of millions in a day seems either incredible, non-credible, or entirely dependent on more important information or nuance that isn't being reported. Another angle is that disruption on a large scale tends to register in search results and Google data on various related search terms doesn't seem to reflect millions of TV boxes suddenly going dark in Brazil last week. At least, not for any significant length of time.

"Meta, the parent firm of Facebook and Instagram, is working on a standalone, text-based social network app," reports the BBC.
BR> "It could rival both Twitter and its decentralised competitor, Mastodon." A spokesperson told the BBC: "We're exploring a standalone decentralized social network for sharing text updates...." According to MoneyControl, the new app is codenamed P92, and will allow users to log in through their existing Instagram credentials.

Meta's app will be based on a similar framework to the one that powers Mastodon, a Twitter-like service which was launched in 2016. The new app would be decentralised — it cannot be run at the whim of a single entity, bought or sold....

It was not immediately clear when Meta would roll out the new app.

Once part of the USSR, the nation of Georgia seceded in 1991. Still located on Russia's southern border — and on the eastern edge of the Black Sea — it's now part of a four-country system that plans to transmit wind-generated electricity from Azerbaijan (to Georgia's east, also located on Russia's southern border) across an undersea cable below the Black Sea, through Romania and then on to Hungary.

Expected to be completed within three or four years, it could become "a new power source for the European Union amid a crunch on energy supplies caused by the war in Ukraine," reports the Associated Press, with Hungary's foreign minister hailing it as a major step toward diversifying energy supplies and meeting carbon neutrality targets.

Finalized today, the deal comes as Hungary "is seeking additional sources for fossil fuels to reduce its heavy dependence on Russian oil and gas." Hungary's foreign minister, Peter Szijjarto, said in August that Azerbaijan would soon produce "large quantities of green electricity" with offshore wind farms, and that by signing on to the connector project which could bring that energy to Europe, Hungary was fulfilling a requirement that two EU member nations participate in order for the investment to receive funding from the bloc.... BR>
This week, Szijjarto met with officials from both Qatar and Oman on the potential future import of oil and natural gas to Hungary from the two Middle Eastern countries, a further sign that Hungary is taking steps to level down the 85% of its natural gas and more than 60% of its oil that it currently receives from Russia.
The article also points out that the country of Romania has also signed a deal with Azerbaijan's state oil company for natural gas deliveries starting on January 1.

The Browser Company's Chromium-based Arc browser "isn't perfect, and it takes some getting used to," writes the Verge. "But it's full of big new ideas about how we should interact with the web — and it's right about most of them." Arc wants to be the web's operating system. So it built a bunch of tools that make it easier to control apps and content, turned tabs and bookmarks into something more like an app launcher, and built a few platform-wide apps of its own. The app is much more opinionated and much more complicated than your average browser with its row of same-y tabs at the top of the screen. Another way to think about it is that Arc treats the web the way TikTok treats video: not as a fixed thing for you to consume but as a set of endlessly remixable components for you to pull apart, play with, and use to create something of your own. Want something to look better or have an idea for what to do with it? Go for it.

This is a fun moment in the web browser industry. After more than a decade of total Chrome dominance, users are looking elsewhere for more features, more privacy, and better UI. Vivaldi has some really clever features; SigmaOS is also betting on browsers as operating systems; Brave has smart ideas about privacy; even Edge and Firefox are getting better fast. But Arc is the biggest swing of them all: an attempt to not just improve the browser but reinvent it entirely....

Right now, Arc is only available for the Mac, but the company has said it's also working on Windows and mobile versions, both due next year. It's still in a waitlisted beta and is still very much a beta app, with some basic features missing, other features still in flux, and a few deeply annoying bugs. But Arc's big ideas are the right ones. I don't know if The Browser Company is poised to take on giants and win the next generation of the browser wars, but I'd bet that the future of browsers looks a lot like Arc....

In a way, Arc is more like ChromeOS than Chrome. It tries to expand the browser to become the only app you need because, in a world where all your apps are web apps and all your files are URLs, who really needs more than a browser?
The article describes Arc as a power user tool with vertical sidebar combining bookmarks, tabs, and apps. (And sets of these can apparently be combined into different "spaces".) These are enhanced with a hefty set of keyboard shortcuts (including tab searching), along with built-in media controls for Twitch/Spotify/Google Meet (as well as a picture-in-picture mode).
BR. Arc even has a shareable, collaborative whiteboard app "Easel". And it also offers powerful features like the ability to rewrite how your browser displays any site's CSS. ("I have one that removes the Trending sidebar from Twitter and another that cleans up my Gmail page.")

A new study published by the IMDEA Networks Institute shows just how common it is for government websites to install third-party cookies in visitors' web browsers. HotHardware reports: The study makes a distinction between third-party (TP) cookies and third-party tracking (TPT) cookies, because not all third-party cookies are "set by domains that are known to be tracking users for data collection purposes." The chart [here] shows the percentage of government websites for each country that install at least one third-party cookie, as well as the percentage of said cookies that are associated with domains that are known to be tracking users. Russia tops out the list with over 90% of its government websites installing third-party cookies in visitors' web browsers. Meanwhile, nearly 60% of US government websites install at least one third-party cookie. Germany sits at the bottom of the list with a little under 30% of government websites serving up third-party cookies.

Most of the third-party cookies installed by government websites are known tracking cookies, except in the case of Germany, where under 10% of third-party cookies are associated with domains that are known to track users. The researchers also found that, depending on the country, 20% to 60% of the third party cookies installed by government websites remain in visitors' browsers without expiring for a year or more. That's a long time for a tracker installed without your knowledge or consent to remain active. Beyond specifically tracking cookies, the researchers measured the number of trackers of any kind present on government websites. The Russian gov.ru has the most trackers out of any government website analyzed by the researchers, numbering 31 trackers in total. However, Brazil and Canada aren't far behind, with 25 trackers present on both investexportbrasil.gov.br and nac-cna.ca. The US government website with the most trackers is hhs.gov, which has 13.

The researchers point out that both third-party tracking cookies are automatically installed in visitors' web browsers without their consent. However, the researchers guess that web developers and administrators likely include third-party content without intending to add trackers to their websites. A great many websites now rely on third-party resources and include social content that come with trackers built-in.

Brazil's telecoms regulator Anatel has launched a public consultation on a proposal to make USB-C chargers mandatory for all smartphones sold in the country. The Verge reports: It's the latest example of lawmakers and regulators turning to USB-C as a common charging standard for phones. The EU passed a law on the matter earlier this month, making USB-C mandatory for a range of electronic gadgets (including smartphones) by the end of 2024, and in the US some Democrat politicians are pushing for similar legislation. "Aware of the aforementioned movements in the international market, Anatel's technical area evaluated the topic and presented a proposal with a similar approach for application in the Brazilian market," said Anatel in a blog post (English translation via Google Translate).

In documents supporting the public consultation, Anatel said the advantages for making USB-C mandatory were primarily reducing e-waste and increasing convenience for customers. Disadvantages included higher costs to enforce the regulation and the possibility the law would discourage companies from developing new, better standards. Anatel says its public consultation will run until August 26th.

On June 4 a 10-minute Blue Origin flight (using a reusable rocket and capsule) carried six more people on a visit to suborbital space, reports Space.com — the fifth human spaceflight mission for the Jeff Bezos-founded company, and the second one this year. But GeekWire points out that civil production engineer Victor Correa Hespanha had his seat funded by the Crypto Space Agency — that is, funded entirely by the NFT community through mint proceeds — after he was the winner of its lottery for a ride to space.

And they're not the only crypto community buying rides into space. CNET reports on MoonDAO: Over 8,000 people "minted" a "Ticket to Space" NFT on the Ethereum blockchain for free (plus a small transaction or "gas" fee), and...one of those NFT holders plus several alternates will be chosen at random for one of the seats to space. MoonDAO's members will also vote on a specific person from a list of predetermined nominees to gift the second ticket to. The two astronauts could fly as soon as the next Blue Origin launch in the coming weeks, but no target date has been announced....

"Our mission is to decentralize access to space research and exploration," co-founder Pablo Moncada-Larrotiz told me during an interview on stage at the DAODenver conference in February. In addition to sending people on a short trip to space, MoonDAO is also using funds from its treasury — it's raised millions worth of cryptocurrency through a crowdfunding platform called Juicebox — for community projects that include designing a small rocket and satellite. In other words, the ultimate vision is to build an organization something like SpaceX, but that's run as a community cooperative rather than in the traditional top-down corporate structure.

"We definitely need more capital to get to the level of competing directly with Virgin Galactic or SpaceX," Moncada-Larrotiz said via Discord direct message on May 26. "It's for sure a long term project and I think it'll be a matter of building the right type of organization where builders are free to just focus on making awesome things in a collaborative environment."
Unfortunately, MoonDAO's drawing Saturday experienced technical glitches, and after a two-hour livestream — no winner was chosen.

They promised a winner would be chosen by Sunday.

An anonymous reader quotes a report from ZDNet: A group of Brazilian researchers has created a web platform that is able to identify false information online in an automated manner. Developed by academics at the Center for Mathematical Sciences Applied to Industry (CeMEAI), the system uses a combination of statistical models and machine learning techniques to establish whether a specific content in Brazilian Portuguese is likely to be false. Initial tests suggest the platform is able to detect fake news with a 96% accuracy. The CeMEAI is a research center based in the mathematics and computer science department of the University of Sao Paulo, in the Sao Paulo state city of Sao Carlos. The center is supported by grants from the Sao Paulo Research Agency (FAPESP). In an interview with FAPESP's news agency, project coordinator and technology transfer director Francisco Louzada Neto said the goal of the project is "to offer society an additional tool to identify, not only subjectively, whether a news item is false or not."

The system uses statistical methods to analyze writing characteristics, such as words used or more frequently used grammatical classes. These are then fed into a machine learning-based classifier, which is able to distinguish patterns of language, vocabulary and semantics of fake and real news, and automatically infer whether the content submitted to the platform is false. The models were trained with a massive database of real and false news and were exposed to the vocabulary used in over 100,000 articles published over the last five years. The researchers will aim to use the false news related to the upcoming presidential elections, as well as content related to the Covid-19 pandemic to further calibrate the models. The researchers also commented on the potential risks of the system in the interview, including the potential that the system could be used by fake news creators to assess the potential for false content to pass for real before it is published. "That's a risk we're going to have to deal with," Louzada noted.

"First SolarWinds, now Kaseya. SaaS software heavily used by managed service providers (MSPs) has now been the target of two successful cyberattacks," writes Slashdot reader storagedude.

He shares a ChannelInsider article reporting the Kaseya ransomware attack compromised roughly 1,500 "downstream" businesses — and that now managed service providers "are reassessing their approaches to managing IT" after their own upstream vendors were breached: In many cases, rather than assuming the platforms that MSPs employ are secure, end customers will now require them to prove it via an audit of their software supply chains, says James Shank, Chief Architect of Community Services for Team Cymru, a provider of threat intelligence tools employed to conduct such audits. Shank, who also served on the Ransomware Task Force Committee set up by The Institute for Security and Technology, notes that MSPs should also assume attacks will only get worse before they get any better. "This is not the end or the middle," he says. "It's only the beginning."

Others, however, don't think there will be any widespread mandate to audit IT supply chains in the absence of any government requirement. Most organizations are simply not going to conduct or require extensive audits because of the time, effort, money and expertise required, says Mike Hamilton, chief information security officer (CISO) for Critical Insight, a provider of a managed detection and response platform.

"American companies are not going to do that unless someone holds their feet to the fire," he says.

The challenge that creates for MSPs and their customers is it may force them to continue to place too much trust in IT platforms provided to them by a vendor, says Chris Grove, technology evangelist for Nozomi Networks, a provider of security tools for monitoring networks. "These platforms are over-trusted," he says.

The decision many MSPs are specifically wrestling with is the degree to which they should continue to rely on IT service management (ITSM) platforms from an IT vendor that might be compromised by malware versus building and securing their own custom platform. The latter approach is not immune to malware but might be less of a target as cybercriminals increasingly focus their efforts on platforms that enable them to wreck greater downstream havoc. Alternatively, MSPs could switch to IT service management platforms provided by vendors that don't have enough market share to attract the attention of cybercriminals... Building an IT service management platform from scratch naturally requires a level of investment many MSPs lack the funding or expertise to make, notes Eldon Sprickerhoff, chief innovation officer for eSentire, a provider of a managed detection and response platform. "It's a difficult situation," he says.BR> The article points out that few small- to medium-sized businesses can afford their own internal IT security team.

Slashdot reader storagedude then suggests "on-premises installed and managed software could get another look as a result of the attacks," while vendors who can prove high levels of security "could gain a market advantage."

Artem S. Tashkinov shares a report from Ars Technica: Health regulators in Brazil say that doses of Russia's Sputnik V COVID-19 vaccine contain a cold-causing virus capable of replicating in human cells. The unintended presence of the virus in the vaccine can "lead to infections in humans and can cause damage and death, especially in people with low immunity and respiratory problems, among other health problems," Brazil's Health Regulatory Agency, Anvisa, said Wednesday in a translated statement. Russia has unequivocally denied the claim, lobbed legal threats at Anvisa, and accused the respected regulators of being politically motivated to reject the vaccine. Still, Brazil's findings raise serious questions about the quality and safety of the vaccine, which is now being used in many countries. The findings also support concerns of Slovak regulators, who said earlier this month that batches of Sputnik V they received did not "have the same characteristics and properties" as the Sputnik V vaccine that was described in a peer-reviewed publication and found to be 91.6 percent effective.

Moreover, quality-control issues weren't the end of Anvisa's concerns. In an overall evaluation of the Russian vaccine, Brazil's regulators found its safety and efficacy were based on insufficient, limited, and sometimes faulty data and analyses. "Flaws... were identified in all stages of clinical studies," Anvisa said. The agency also reported that its inspectors who traveled to Russia to assess the vaccine's production were barred from vaccine facilities at Gamaleya Institute, which developed Sputnik V. Russia touts that "the safety and efficacy of Sputnik V has been confirmed by 61 regulators in countries where the vaccine has been authorized." However, Brazil's regulators said that of the 51 countries it contacted, only 14 were using the vaccine, and most of those countries did not have a tradition of vigilant drug-safety monitoring.