Paramount Plus' subscriber count has ballooned to almost 40 million with the service gaining 6.8 million subscribers in the first quarter of 2022 alone, Paramount announced in its earnings report on Tuesday. The Verge reports: An increase in subscriber count led to more money for the company as well â" its direct-to-consumer revenue, which includes Paramount Plus and its free TV streaming service, Pluto TV, increased 82 percent year over year. While revenue from subscriptions for both Pluto TV and Paramount Plus grew 95 percent year over year, advertising revenue increased 59 percent. The company says Paramount Plus subscribers watched more shows for longer periods of time as well. This, along with a higher subscriber count, was mostly driven by the service strengthening its roster of shows.

Hot Hardware warns that on Tuesday, the Stable Channel for Chrome's desktop edition "had an update on April 26, 2022. That update includes 30 security fixes, some of them so bad that Google is urging all users to update immediately." The release notes for Google's Chrome v101.0.4951.41 for Windows, Mac, and Linux has a long list of bug fixes; you can view it here. However, there's also a key statement in that page.

"Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed...."

Effectively the the non-developer translation of the quote above is that something so significant was found, the details are being kept hidden.

Fedora project leader Matthew Miller spoke to TechRepublic's Jack Wallen this week, sharing some thoughts on the future of Linux — and on open source in general: Matthew Miller: I think it's a lost cause to try to "sell" our quirky technology interest to people who don't see it already. We need to take a different approach.... I think our message, at its root, has to be around open source.... [W]ith Linux, when you install an open-source distro, you're not just part of a fan community. You're part of a colossal, global effort that makes software more available to everyone, makes that software better and better, and makes the whole world better through sharing... Just by using it you're sharing in this amazing undertaking, part of a move away from scarcity to an economy based on abundance....

Jack Wallen: What's the biggest difference in Linux today vs. Linux of 10 years ago?

Matthew Miller: I think first we have to start with just the amazing ubiquity of it. Ten years ago, it was cute to find a TV that ran Linux. Now, not only is it definitely powering your TV, you've probably got Linux running on your lightbulbs! It's everywhere. And while Linux had pushed proprietary Unix from the server room, ten years ago Windows-based servers were pushing back. The cloud changed that — now, the cloud is Linux, almost completely. (Anything that isn't is a legacy app that it was too much trouble to port!) From tiny devices to the most powerful mainframes and supercomputers: Linux, Linux, Linux....

Jack Wallen: If Linux has an Achilles' heel, what is it?

Matthew Miller: Linux and the whole free and open-source software movement grew up with the rise of the internet as an open communication platform. We absolutely need that to continue in order to realize our vision, and I don't think we can take it for granted.

That's more general than an Achilles' heel, though, so right now let me highlight one thing that I think is troubling: Chrome becoming the dominant browser to the point where it's often the only way to make sites work. Chromium (the associated upstream project) is open source, but isn't really run as a community project, and, pointedly, very very few people run Chromium itself. I'd love to see that change, but I'd also like to see Firefox regain a meaningful presence.
Miller also said Fedora's next release is focused on simplicity. ("When the OS gets in the way, it drops from the conversation I want to have about big ideas to ... well, the boring technical details that people never want to deal with")

And he also shared his thoughts on what Linux needs most. "What I'd really like to see more of are more non-technical contributors. I mean, yes, we can always benefit from more packagers and coders and engineers, but I think what we really need desperately are writers, designers, artists, videographers, communicators, organizers and planners. I don't think big companies are likely to provide those things, at least, not for the parts of the Linux world which aren't their products."

"We need people who think the whole grand project I've been talking about is important, and who have the skills and interests to help make it real."

While Russia's "relentless digital assaults" on Ukraine might seem less damaging than anticipated, the attacks actually focused on a different goal with "chilling potential consequences," reports the Associated Press. "Data collection."

Even in an early February blog post, Microsoft said Russia's intelligence agency had tried "exfiltrating sensitive information" over the previous six months from military, government, military, judiciary and law enforcement agencies.

The AP reports: Ukrainian agencies breached on the eve of the February 24 invasion include the Ministry of Internal Affairs, which oversees the police, national guard and border patrol. A month earlier, a national database of automobile insurance policies was raided during a diversionary cyberattack that defaced Ukrainian websites. The hacks, paired with prewar data theft, likely armed Russia with extensive details on much of Ukraine's population, cybersecurity and military intelligence analysts say. It's information Russia can use to identify and locate Ukrainians most likely to resist an occupation, and potentially target them for internment or worse.

"Fantastically useful information if you're planning an occupation," Jack Watling, a military analyst at the U.K. think tank Royal United Services Institute, said of the auto insurance data, "knowing exactly which car everyone drives and where they live and all that."

As the digital age evolves, information dominance is increasingly wielded for social control, as China has shown in its repression of the Uyghur minority. It was no surprise to Ukrainian officials that a prewar priority for Russia would be compiling information on committed patriots. "The idea was to kill or imprison these people at the early stages of occupation," Victor Zhora, a senior Ukrainian cyber defense official, alleged.... There is little doubt political targeting is a goal. Ukraine says Russian forces have killed and kidnapped local leaders where they grab territory....

The Ukrainian government says the Jan. 14 auto insurance hack resulted in the pilfering of up to 80% of Ukrainian policies registered with the Motor Transport Bureau.
But the article also points out that Ukraine also "appears to have done significant data collection — quietly assisted by the U.S., the U.K., and other partners — targeting Russian soldiers, spies and police, including rich geolocation data." Serhii Demediuk [deputy secretary of Ukraine's National Security and Defense Council] said the country knows "exactly where and when a particular serviceman crossed the border with Ukraine, in which occupied settlement he stopped, in which building he spent the night, stole and committed crimes on our land."

"We know their cell phone numbers, the names of their parents, wives, children, their home addresses," who their neighbors are, where they went to school and the names of their teachers, he said.

Analysts caution that some claims about data collection from both sides of the conflict may be exaggerated. But in recordings posted online by Ukrainian Digital Transformation Minister Mikhailo Fedorov, callers are heard phoning the far-flung wives of Russian soldiers and posing as Russian state security officials to say parcels shipped to them from Belarus were looted from Ukrainian homes.

In one, a nervous-sounding woman acknowledges receiving what she calls souvenirs — a woman's bag, a keychain.

The caller tells her she shares criminal liability, that her husband "killed people in Ukraine and stole their stuff."

She hangs up.

An anonymous reader quotes a report from XDA Developers: Microsoft is testing a VPN-like service for its Edge browser, adding a new layer of security and privacy to the browsing experience. A recently-discovered support page on Microsoft's website details the "Microsoft Edge Secure Network" feature, which provides data encryption and prevents online tracking, courtesy of Cloudflare. While it isn't available yet, even if you have the latest Dev channel build, the Microsoft Edge Secure Network feature appears to be similar in nature to Cloudflare's 1.1.1.1 service. This is essentially a proxy or VPN service, which encrypts your browsing data so that it's safe from prying eyes, including your ISP. It also keeps your location private, so you can use it to access geo-restricted websites, or content that's blocked in your country.

Microsoft Edge's Secure Network mode will require you to be signed into your Microsoft account, and that's because the browser keeps track of how much data you've used in this mode. You get 1GB of free data per month, and that's tied to your Microsoft account. Most VPN services aren't free, so this shouldn't come as a surprise. Cloudflare itself doesn't keep any personally-identifiable user data, and any data related to browsing sessions is deleted every 25 hours. Information related to your data usage is also deleted at the end of each monthly period.

An anonymous reader shares a report: Was you or were you having your tea, dinner or supper last night? Before it, were you feeling clammish, clemmed, starving, hungry, leary or just plain clempt? Are you still whanging in Yorkshire? Haining in Somerset? Hocksing in Cambridgeshire? Hoying in Durham? Pegging in Cheshire? Pelting in Northamptonshire? Yarking in Leicestershire? Or do you throw now? How do you pronounce scone? Researchers from the University of Leeds are interested in answers to all such questions as they embark on a heritage project to help explore and preserve England's dialects. Details have been announced of how the university plans to use its prized archive of English life and language that was gathered by Leeds University fieldworkers in the 1950s and 1960s. The results remain the most famous and complete survey of dialects in England. The university said it was making its extensive library of English dialects accessible to the public through the launch of The Great Big Dialect Hunt. It said researchers would be searching for "new phrases and expressions to bring the archive into the 21st century and preserve today's language for future generations."

UK households could save an average of $183 per year by switching off so-called vampire devices, British Gas research suggests. From a report: These are electronics that drain power even when they are on standby. The figures are based on research conducted on appliances in 2019 but have been updated by British Gas to reflect recent price increases. The Energy Saving Trust (EST) said consumers need to consider which devices they leave switched on. It estimates households would save around $68.5 per year by switching off all their devices when not in use. The organisation, which promotes sustainability and energy efficiency, did not give exact details of how it came to this figure. "Stats or prices related to individual appliances depend on several factors, including model, functionality and individual usage," it said.

The U.S. National Security Agency has re-awarded a $10 billion cloud computing contract to Amazon Web Services after it was forced to review the contract. From a report: Code-named WildandStormy, the contract was initially awarded to AWS in August. Because the deal concerns national security, the full details are not known but it's believed to be part of the NSA's attempt to modernize its primary classified data repository. The repository itself is thought to be a data fusion environment into which the agency aggregates much of the intelligence information it collects. The stumbling block to AWS being awarded the contract came in October when the Government Accountability Office called on the NSA to reevaluate the proposals submitted by AWS and Microsoft Corp. after Microsoft challenged the awarding of the contract to AWS. The GAO said at the time that it "found certain aspects of the agency's evaluation to be unreasonable and, in light thereof, recommended that NSA reevaluate the proposals consistent with the decision and make a new source selection determination." In December, it was revealed that the GAO had ruled that the NSA improperly assessed technical proposals from Microsoft "in a way that was inconsistent with the terms of the solicitation." The GAO also recommended that the NSA reevaluate the proposal and potentially make a new source selection. The NSA did reevaluate the proposals and decided to re-award the contract to AWS anyway.

An anonymous reader quotes a report from Wired: For most of the world, the common practice of "rooting" or "jailbreaking" a phone allows the device's owner to install apps and software tweaks that break the restrictions of Apple's or Google's operating systems. For a growing number of North Koreans, on the other hand, the same form of hacking allows them to break out of a far more expansive system of control -- one that seeks to extend to every aspect of their lives and minds. On Wednesday, the North Korea-focused human rights organization Lumen and Martyn Williams, a researcher at the Stimson Center think tank's North Korea -- focused 38 North project, together released a report on the state of smartphones and telecommunications in the Democratic People's Republic of Korea, a country that restricts its citizens' access to information and the internet more tightly than any other in the world. The report details how millions of government-approved, Android-based smartphones now permeate North Korean society, though with digital restrictions that prevent their users from downloading any app or even any file not officially sanctioned by the state. But within that regime of digital repression, the report also offers a glimpse of an unlikely new group: North Korean jailbreakers capable of hacking those smartphones to secretly regain control of them and unlock a world of forbidden foreign content.

Learning anything about the details of subversive activity in North Korea -- digital or otherwise -- is notoriously difficult, given the Hermit Kingdom's nearly airtight information controls. Lumen's findings on North Korean jailbreaking are based on interviews with just two defectors from the country. But Williams says the two escapees both independently described hacking their phones and those of other North Koreans, roughly corroborating each others' telling. Other North Korea -- focused researchers who have interviewed defectors say they've heard similar stories. Both jailbreakers interviewed by Lumen and Williams said they hacked their phones -- government-approved, Chinese-made, midrange Android phones known as the Pyongyang 2423 and 2413 -- primarily so that they could use the devices to watch foreign media and install apps that weren't approved by the government. Their hacking was designed to circumvent a government-created version of Android on those phones, which has for years included a certificate system that requires any file downloaded to the device to be "signed" with a cryptographic signature from government authorities, or else it's immediately and automatically deleted. Both jailbreakers say they were able to remove that certificate authentication scheme from phones, allowing them to install forbidden apps, such as games, as well as foreign media like South Korean films, TV shows, and ebooks that North Koreans have sought to access for decades despite draconian government bans.

In another Orwellian measure, Pyongyang phones' government-created operating system takes screenshots of the device at random intervals, the two defectors say -- a surveillance feature designed to instill a sense that the user is always being monitored. The images from those screenshots are then kept in an inaccessible portion of the phone's storage, where they can't be viewed or deleted. Jailbreaking the phones also allowed the two defectors to access and wipe those surveillance screenshots, they say. The two hackers told Lumen they used their jailbreaking skills to remove restrictions from friends' phones, as well. They said they also knew of people who would jailbreak phones as a commercial service, though often for purposes that had less to do with information freedom than more mundane motives. Some users wanted to install a certain screensaver on their phone, for instance, or wipe the phone's surveillance screenshots merely to free up storage before selling the phone secondhand. As for how the jailbreaking was done, the report says both jailbreakers "described attaching phones to a Windows PC via a USB cable to install a jailbreaking tool."

"One mentioned that the Pyongyang 2423's software included a vulnerability that allowed programs to be installed in a hidden directory. The hacker says they exploited that quirk to install a jailbreaking program they'd downloaded while working abroad in China and then smuggled back into North Korea." The other hacker might've obtained his jailbreaking tool in a computer science group at Pyongyang's elite Kim Il Sung University where he attended.

An anonymous reader quotes a report from Phys.Org: Don't be fooled by the name. While 3D printers do print tangible objects (and quite well), how they do the job doesn't actually happen in 3D, but rather in regular old 2D. Working to change that is a group of former and current researchers from the Rowland Institute at Harvard. [...] The researchers present a method to help the printers live up to their names and deliver a "true" 3D form of printing. In a new paper in Nature, they describe a technique of volumetric 3D printing that goes beyond the bottom-up, layered approach. The process eliminates the need for support structures because the resin it creates is self-supporting.

The key component in their novel design is turning red light into blue light by adding what's known as an upconversion process to the resin, the light reactive liquid used in 3D printers that hardens into plastic. In 3D printing, resin hardens in a flat and straight line along the path of the light. Here, the researchers use nano capsules to add chemicals so that it only reacts to a certain kind of light -- a blue light at the focal point of the laser that's created by the upconversion process. This beam is scanned in three dimensions, so it prints that way without needing to be layered onto something. The resulting resin has a greater viscosity than in the traditional method, so it can stand support-free once it's printed.

"We designed the resin, we designed the system so that the red light does nothing," Congreve said. "But that little dot of blue light triggers a chemical reaction that makes the resin harden and turn into plastic. Basically, what that means is you have this laser passing all the way through the system and only at that little blue do you get the polymerization, [only there] do you get the printing happening. We just scan that blue dot around in three dimensions and anywhere that blue dot hits it polymerizes and you get your 3D printing." The researchers used their printer to produce a 3D Harvard logo, Stanford logo, and a small boat, a standard yet difficult test for 3D printers because of the boat's small size and fine details like overhanging portholes and open cabin spaces.

In a first-of-its-kind move -- and the latest sign that crypto-investing has gone mainstream -- Fidelity Investments announced Tuesday that 401(k) plan participants will soon be able to invest in Bitcoin via their retirement plan. Reader BeerFartMoron writes: The investing option should be available by mid-year, Fidelity, the nation's largest 401(k) plan provider, said in a press release. Employers will need to opt into the change, which may limit which employees actually have access to Bitcoin in their workplace retirement accounts. That could enable millions of people to invest in the digital asset without the need to set up a separate account on a cryptocurrency exchange. There are few details currently available about how exactly the account will work, but Fidelity says employees will be able to invest in Bitcoin via what the company is calling the Digital Assets Account, which will be part of the investor's 401(k). That account will also hold short-term money market investments to provide the liquidity for transactions.

A new breed of startups wants to formalise cattle trading. The Economist: Livestock fairs, where most animals are still bought and sold, can be expensive and chaotic. Farmers shell out entry fees to register their beasts. They must pay for labourers to load and unload the animals, as well as for transport to and from the fair. They worry about cattle thieves. Making a sales pitch to every prospective customer takes a toll in the heat. And if your cows find no buyers, you must go through the whole rigmarole again, complains Anil Renusay, another cattle farmer in Vajeghar. Then there is fraud, says Satish Birnale, who rears buffaloes in Sangli, a small western city. Some traders inject their animals with steroids. Horns are often polished "as if the cows have just been to a beauty parlour," he says. "It's like searching for a bride in an arranged marriage. We have to be careful and not go just by the looks."

Firms like Pashushala and Animall claim to have solved such problems with a system of checks, including a nod from a local veterinarian. Animall requires sellers to upload videos and pictures of their cattle, and provide details not just of breed or age, but also past pregnancies, how much milk they provide and so on. A team calls every user to verify the information. Ads with blurry photos or listings with pictures taken from the internet are swiftly removed. A close-up of the cow's udders is important. So are comments by the farmer about the animal's temperament. In one video a seller croons, "Beautiful! Oh, look at those singhs (horns)". It is not a new pitch. But it is now easier and cheaper to make.

SpaceX is starting to make deals with airlines to provide its Starlink satellite internet to sky travelers everywhere. From a report: It announced a deal on Monday with Hawaiian Airlines, and last week made a similar deal with charter carrier JSX. None of the involved parties shared the financial details of their deals, but both airlines did say they're planning to offer the in-flight Wi-Fi for free, which is both a semi-miraculous fact and a sign of hope that free Wi-Fi is becoming the industry standard. Delta meanwhile, confirmed last week that it's running "exploratory" Starlink tests. In-flight Wi-Fi has been on the minds of Team Starlink for a while. Jonathan Hofeller, SpaceX's VP of Starlink and commercial sales, said last year that the company was building an aviation product, and was "in talks with several of the airlines."

CNN profiles Bellingcat, a Netherlands-based investigative group specializing in "open-source intelligence". And investigator Christo Grozev tells CNN that authoritarian governments make their work easier, because "they love to gather data, comprehensive data, on ... what they consider to be their subjects, and therefore there's a lot of centralized data."

"And second, there's a lot of petty corruption ... within the law enforcement system, and this data market thrives on that." Billions have been spent on creating sophisticated encrypted communications for the military in Russia. But most of that money has been stolen in corrupt kickbacks, and the result is they didn't have that functioning system... It is shocking how incompetent they are. But it was to be expected, because it's a reflection of 23 years of corrupt government.
Interestingly there's apparently less corruption in China — though more whistleblowers. But Bellingcat's first investigation involved the 2014 downing of a Boeing 777 over eastern Ukraine that killed 283 passengers. (The Dutch Safety Board later concluded it was downed by a surface-to-air missile launched from pro-Russian separatist-controlled territory in Ukraine.) "At that time, a lot of public data was available on Russian soldiers, Russian spies, and so on and so forth — because they still hadn't caught up with the times, so they kept a lot of digital traces, social media, posting selfies in front of weapons that shoot down airliners. That's where we kind of perfected the art of reconstructing a crime based on digital breadcrumbs..."

"By 2016, it was no longer possible to find soldiers leaving status selfies on the internet because a new law had been passed in Russia, for example, banning the use of mobile phones by secret services and by soldiers. So we had to develop a new way to get data on government crime. We found our way into this gray market of data in Russia, which is comprised of many, many gigabytes of leaked databases, car registration databases, passport databases. Most of these are available for free, completely freely downloadable from torrent sites or from forums and the internet." And for some of them, they're more current. You actually can buy the data through a broker, so we decided that in cases when we have a strong enough hypothesis that a government has committed the crime, we should probably drop our ethical boundaries from using such data — as long as it is verifiable, as long as it is not coming from one source only but corroborated by at least two or three other sources of data. That's how we develop it. And the first big use case for this approach was the ... poisoning of Sergei and Yulia Skripal in 2018 (in the United Kingdom), when we used this combination of open source and data bought from the gray market in Russia to piece together who exactly the two poisoners were. And that worked tremendously....

It has been what I best describe as a multilevel computer game.... [W]hen we first learned that we can get private data, passport files and residence files on Russian spies who go around killing people, they closed the files on those people. So every spy suddenly had a missing passport file in the central password database. But that opened up a completely new way for us to identify spies, because we were just able to compare older versions of the database to newer versions. So that allowed us to find a bad group of spies that we didn't even know existed before.

The Russian government did realize that that's maybe a bad idea to hide them from us, so they reopened those files but just started poisoning data. They started changing the photographs of some of these people to similar looking, like lookalikes of the people, so that they confused us or embarrass us if we publish a finding but it's for the wrong guy. And then we'll learn how to beat that.
When asked about having dropped some ethical boundaries about data use, Grozev replies "everything changes. Therefore, the rules of journalism should change with the changing times." "And it's not common that journalism was investigating governments conducting government-sanctioned crimes, but now it's happening." With a country's ruler proclaiming perpetual supreme power, "This is not a model that traditional journalism can investigate properly. It's not even a model that traditional law enforcement can investigate properly." I'll give an example. When the British police asked, by international agreement, for cooperation from the Russian government to provide evidence on who exactly these guys were who were hanging around the Skripals' house in 2018, they got completely fraudulent, fake data from the Russian government....

So the only way to counter that as a journalist is to get the data that the Russian government is refusing to hand over. And if this is the only way to get it, and if you can be sure that you can prove that this is valid data and authentic data — I think it is incumbent on journalists to find the truth. And especially when law enforcement refuses to find the truth because of honoring the sovereign system of respecting other governments.
It was Bellingcat that identified the spies who's poisoned Russian opposition leader Alexey Navalny. CNN suggests that for more details on their investigation, and "to understand Vladimir Putin's stranglehold on power in Russia, watch the new film Navalny which premieres Sunday at 9 p.m. ET on CNN."

The movie's tagline? "Poison always leaves a trail."

More than a week after the U.S. tied one of the biggest heists in crypto to a North Korean hacking group, digital-asset exchange Binance said it was able to recover about $5.8 million worth of the stolen loot that had made its way onto its platform in disguised form. From a report: The details of how it achieved this serve as notice for those who attempt to cash out ill-gotten cryptocurrency gains: It may only get harder. The U.S. Treasury Department last week tied the North Korean hacking group Lazarus to the theft of more than $600 million in cryptocurrency from the Ronin software bridge, which is used by players of Axie Infinity to transfer crypto. The department identified an Ethereum wallet address tied to the group, adding it to its sanction list. Binance was able to trace stolen funds that were initially moved from the hackers' wallet to Tornado Cash -- a service that allows for anonymous token transfers on the Ethereum blockchain -- and then to its exchange by working with external firms.

The world's biggest technology companies could face billions of dollars in fines for breaches of new European Union legislation, details of which are expected to be agreed upon by lawmakers as soon as Friday. From a report: The landmark Digital Services Act is the EU's answer to what it sees as a failure by tech giants to combat illegal content on their platforms. Noncompliance could cost companies as much as 6% of their global annual sales when the rules go into effect as early as 2024.

Failures could be extremely costly. Based on their reported 2021 annual sales, Amazon, for instance, could face a theoretical fine of as much as 26 billion euros ($28 billion) for future noncompliance with the DSA, or Google as much 14 billion euros. Facebook whistle-blower Frances Haugen said the DSA could represent a "global gold standard" for regulating social media companies. After more than a year of internal wrangling, key rules expected to be announced include:

1. A ban on using sensitive data such as race or religion for targeting ads
2. A ban on targeting any ads to minors
3. A ban on so-called "dark patterns," specifically tactics to push people into consenting to online tracking.

While smartphones are having fun with the trend, PCs with foldable screens have yet to become mainstream, partially because there's only one option readily available. But with HP expected to enter the scene, it's possible 'foldable OLED' could become more common laptop lingo. From a report: Lenovo made the bold first step into foldable laptops with its 13.3-inch ThinkPad X1 Fold. According to South Korean electronics website TheElec, HP's take on foldable OLED will be bigger, with a 17-inch panel from LG Display that measures 11 inches when folded up. HP hasn't publicly announced or commented on the rumored PC, but a couple of details make the machine seem at least somewhat plausible. For one, LG Display confirmed work on a 17-inch foldable OLED laptop design in January. Most recently, TheElec on Monday reported that South Korean company SK IE Technology will make transparent polyimide films to cover the bendy 4K OLED panels. The publication also claimed that LG Display currently has plans to make up to "around 10,000" foldable OLED panels for HP, starting in Q3.

Citing an article from The Verge's Alex Heath, Fast Company breaks down "Meta's plan to shape the metaverse by building its own wildly ambitious augmented-reality hardware." From the report: eath's article, "Mark Zuckerberg's Augmented Reality," covers two codenamed products. "Project Nazere" is a high-end pair of AR glasses that don't require a smartphone, with the first version shipping in 2024, followed by upgraded ones in 2026 and 2028. Also due in 2024 is "Hypernova," a more economy-minded take on AR eyewear that does piggyback on a smartphone's connectivity and computing muscle. The piece is full of technical details, such as Nazere's use of custom waveguides and microLED projectors to fuse your view of the real with a digital overlay. Both Nazere and Hypernova will supposedly work with a wrist device that uses differential electromyography to detect electric neurons, allowing for input that feels akin to mind control.

But along with all the specifics in Heath's story, what's also striking is its discussion of how these planned products roll up into Meta's highest-level goals. They are, of course, an extension of Mark Zuckerberg's hopes, dreams, and aspirations: "If the AR glasses and the other futuristic hardware Meta is building eventually catch on, they could cast the company, and by extension Zuckerberg, in a new light. 'Zuck's ego is intertwined with [the glasses],' a former employee who worked on the project tells me. 'He wants it to be an iPhone moment.'"

Everybody's entitled to their own definition of an "iPhone moment." Presumably, it involves a product of truly epoch-shifting impact -- not necessarily the first in its field but an unprecedented blockbuster that defines the category by bringing it to the masses. Something like, well, you know, the iPhone. For a tech CEO such as Zuckerberg, creating an iPhone moment isn't just about selling something enormously successful; it also provides full control over an ecosystem. That lets a company chart its own destiny in a way it can never do if it's building on someone else's platform. Zuckerberg has long been bugged by the fact that Facebook/Meta's products have historically sat atop environments operated by other companies, such as Apple and Google. I know this because he told me so himself...

Long-time Slashdot reader wired_parrot writes: After the Ukrainian army captured one of Russia's Orlan-10 unmanned aerial vehicles, they decided to do a teardown of it. Their findings show a remarkable amount of jerry-rigged installations using off the shelf components, including the use of a Canon DSLR camera as the main image capturing sensor.
Petapixel notes it's a camera first launched in 2015 "with a retail price of $750 but which is currently worth about $300 to $400 on the used market... The camera is mounted to a board with a hook-and-loop fastener strip (commonly referred to as Velcro)."

The Ukranian Ministry of Defense posted a video showing one of one of its soldiers exploring the alleged Russian drone, and Petapixel shares more details and some screen grabs: The soldier notes how surprisingly low-tech the military drone is — observers quickly pointed out that certain aspects of it are more reminiscent of a hobbyist RC airplane project than a high-tech piece of military spying technology....

On the top of the drone, the fuel tank's cap suggests that it may have been made from some kind of plastic water bottle. Various parts of the drone are also fixed together with some kind of duct tape.

GitHub issued a security alert Friday.

GitHub's chief security officer wrote that on Tuesday, "GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm..."

We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems, because the tokens in question are not stored by GitHub in their original, usable formats. Following immediate investigation, we disclosed our findings to Heroku and Travis-CI on April 13 and 14...

Looking across the entire GitHub platform, we have high confidence that compromised OAuth user tokens from Heroku and Travis-CI-maintained OAuth applications were stolen and abused to download private repositories belonging to dozens of victim organizations that were using these apps. Our analysis of other behavior by the threat actor suggests that the actors may be mining the downloaded private repository contents, to which the stolen OAuth token had access, for secrets that could be used to pivot into other infrastructure.

We are sharing this today as we believe the attacks may be ongoing and action is required for customers to protect themselves.

The initial detection related to this campaign occurred on April 12 when GitHub Security identified unauthorized access to our npm production infrastructure using a compromised AWS API key. Based on subsequent analysis, we believe this API key was obtained by the attacker when they downloaded a set of private npm repositories using a stolen OAuth token from one of the two affected third-party OAuth applications described above. Upon discovering the broader theft of third-party OAuth tokens not stored by GitHub or npm on the evening of April 13, we immediately took action to protect GitHub and npm by revoking tokens associated with GitHub and npm's internal use of these compromised applications.

We believe that the two impacts to npm are unauthorized access to, and downloading of, the private repositories in the npm organization on GitHub.com and potential access to the npm packages as they exist in AWS S3 storage.

At this point, we assess that the attacker did not modify any packages or gain access to any user account data or credentials. We are still working to understand whether the attacker viewed or downloaded private packages.

npm uses completely separate infrastructure from GitHub.com; GitHub was not affected in this original attack. Though investigation continues, we have found no evidence that other GitHub-owned private repos were cloned by the attacker using stolen third-party OAuth tokens.

Once GitHub identified stolen third-party OAuth tokens affecting GitHub users, GitHub took immediate steps to respond and protect users. GitHub contacted Heroku and Travis-CI to request that they initiate their own security investigations, revoke all OAuth user tokens associated with the affected applications, and begin work to notify their own users.... GitHub is currently working to identify and notify all of the known-affected victim users and organizations that we discovered through our analysis across GitHub.com. These customers will receive a notification email from GitHub with additional details and next steps to assist in their own response within the next 72 hours. If you do not receive a notification, you and/or your organization have not been identified as affected.

You should, however, periodically review what OAuth applications you've authorized or are authorized to access your organization and prune anything that's no longer needed. You can also review your organization audit logs and user account security logs for unexpected or anomalous activity....

The security and trustworthiness of GitHub, npm, and the broader developer ecosystem is our highest priority. Our investigation is ongoing, and we will update this blog, and our communications with affected customers, as we learn more.