An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: Two security professionals who were arrested in 2019 after performing an authorized security assessment of a county courthouse in Iowa will receive $600,000 to settle a lawsuit they brought alleging wrongful arrest and defamation. The case was brought by Gary DeMercurio and Justin Wynn, two penetration testers who at the time were employed by Colorado-based security firm Coalfire Labs. The men had written authorization from the Iowa Judicial Branch to conduct "red-team" exercises, meaning attempted security breaches that mimic techniques used by criminal hackers or burglars.

The objective of such exercises is to test the resilience of existing defenses using the types of real-world attacks the defenses are designed to repel. The rules of engagement for this exercise explicitly permitted "physical attacks," including "lockpicking," against judicial branch buildings so long as they didn't cause significant damage. [...] DeMercurio and Wynn's engagement at the Dallas County Courthouse on September 11, 2019, had been routine. A little after midnight, after finding a side door to the courthouse unlocked, the men closed it and let it lock. They then slipped a makeshift tool through a crack in the door and tripped the locking mechanism. After gaining entry, the pentesters tripped an alarm alerting authorities.

Within minutes, deputies arrived and confronted the two intruders. DeMercurio and Wynn produced an authorization letter -- known as a "get out of jail free card" in pen-testing circles. After a deputy called one or more of the state court officials listed in the letter and got confirmation it was legit, the deputies said they were satisfied the men were authorized to be in the building. DeMercurio and Wynn spent the next 10 or 20 minutes telling what their attorney in a court document called "war stories" to deputies who had asked about the type of work they do. When Sheriff Leonard arrived, the tone suddenly changed. He said the Dallas County Courthouse was under his jurisdiction and he hadn't authorized any such intrusion. Leonard had the men arrested, and in the days and weeks to come, he made numerous remarks alleging the men violated the law. A couple months after the incident, he told me that surveillance video from that night showed "they were crouched down like turkeys peeking over the balcony" when deputies were responding. I published a much more detailed account of the event here. Eventually, all charges were dismissed.

"The Rust Foundation is dedicated to ensuring a healthy Rust ecosystem," according to a new announcement today, " which depends on a growing pool of well-trained developers to thrive." The latest SlashData Developer Nation survey found Rust to be the fastest-growing programming language, doubling its users over the past two years. As Rust's adoption continues to accelerate, the demand for a multifaceted ecosystem of quality training will too.
Their blog post highlights three examples of the Rust community "creating new pathways for learning Rust" and "addressing the critical need for Rust training in academic settings..." Rust-Edu operates as a non-profit through Portland State University, with funding from Futurewei. Their mission is to "spread Rust use and development through academic curricula and communities throughout the world, making Rust the language of choice for 'systems programming' in its broadest sense through shared efforts of faculty, students and the Rust community." They focus on three main areas: curriculum development, educational tools, and language improvements...

teach-rs, pronounced "teachers," is a modular and reusable university course designed for in-person teaching in Rust. Its mission is to introduce Rust in higher education and ensure that more students enter the job market with considerable Rust experience. The teach-rs project provides ready-to-use Rust teaching materials, including slide decks and exercises that can be adapted to various teaching contexts... As an open source permissively licensed project, teach-rs enables educators to share and improve resources, making introducing Rust instruction into their programs more accessible. Many institutions now use teach-rs in their courses, including the Slovak University of Technology, RustIEC (a collaboration between Vrije Universiteit Brussel and KU Leuven), and the University Politehnica of Bucharest. At the time of this writing, teach-rs has nearly 3000 stars on GitHub...

Under the guidance of The Rust Foundation's Global Rust Coordinator and Rust Nation UK's organizer Ernest Kissiedu, Mordecai Etukudo (Mart) has developed a guide to help educational institutions adopt Rust in their systems. This resource walks organizations through the entire implementation process, from initial assessment to community engagement.

An anonymous reader quotes a report from The Intercept: Less than a year after OpenAI quietly signaled it wanted to do business with the Pentagon, a procurement document obtained by The Intercept shows U.S. Africa Command, or AFRICOM, believes access to OpenAI's technology is "essential" for its mission. The September 30 document lays out AFRICOM's rationale for buying cloud computing services directly from Microsoft as part of its $9 billion Joint Warfighting Cloud Capability contract, rather than seeking another provider on the open market. "The USAFRICOM operates in a dynamic and evolving environment where IT plays a critical role in achieving mission objectives," the document reads, including "its vital mission in support of our African Mission Partners [and] USAFRICOM joint exercises."

The document, labeled Controlled Unclassified Information, is marked as FEDCON, indicating it is not meant to be distributed beyond government or contractors. It shows AFRICOM's request was approved by the Defense Information Systems Agency. While the price of the purchase is redacted, the approval document notes its value is less than $15 million. Like the rest of the Department of Defense, AFRICOM -- which oversees the Pentagon's operations across Africa, including local military cooperation with U.S. allies there -- has an increasing appetite for cloud computing. The Defense Department already purchases cloud computing access from Microsoft via the Joint Warfighting Cloud Capability project. This new document reflects AFRICOM's desire to bypass contracting red tape and buy immediatelyMicrosoft Azure cloud services, including OpenAI software, without considering other vendors. AFRICOM states that the "ability to support advanced AI/ML workloads is crucial. This includes services for search, natural language processing, [machine learning], and unified analytics for data processing." And according to AFRICOM, Microsoft's Azure cloud platform, which includes a suite of tools provided by OpenAI, is the only cloud provider capable of meeting its needs.

Microsoft began selling OpenAI's GPT-4 large language model to defense customers in June 2023. Earlier this year, following the revelation that OpenAI had changed its mind on military work, the company announced a cybersecurity collaboration with DARPA in January and said its tools would be used for an unspecified veteran suicide prevention initiative. In April, Microsoft pitched the Pentagon on using DALL-E, OpenAI's image generation tool, for command and control software. But the AFRICOM document marks the first confirmed purchase of OpenAI's products by a U.S. combatant command whose mission is one of killing. OpenAI's stated corporate mission remains "to ensure that artificial general intelligence benefits all of humanity." The AFRICOM document marks the first confirmed purchase of OpenAI's products by a U.S. combatant command whose mission is one of killing. "Without access to Microsoft's integrated suite of AI tools and services, USAFRICOM would face significant challenges in analyzing and extracting actionable insights from vast amounts of data," reads the AFRICOM document. "This could lead to delays in decision-making, compromised situational awareness, and decreased agility in responding to dynamic and evolving threats across the African continent." The document contains little information about how exactly the OpenAI tools will be used.

A 2023 red team exercise by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) at an unnamed federal agency exposed critical security failings, including unpatched vulnerabilities, inadequate incident response, and weak credential management, leading to a full domain compromise. According to The Register's Connor Jones, the agency failed to detect or remediate malicious activity for five months. From the report: According to the agency's account of the exercise, the red team was able to gain initial access by exploiting an unpatched vulnerability (CVE-2022-21587 - 9.8) in the target agency's Oracle Solaris enclave, leading to what it said was a full compromise. It's worth noting that CVE-2022-21587, an unauthenticated remote code execution (RCE) bug carrying a near-maximum 9.8 CVSS rating, was added to CISA's known exploited vulnerability (KEV) catalog in February 2023. The initial intrusion by CISA's red team was made on January 25, 2023. "After gaining access, the team promptly informed the organization's trusted agents of the unpatched device, but the organization took over two weeks to apply the available patch," CISA's report reads. "Additionally, the organization did not perform a thorough investigation of the affected servers, which would have turned up IOCs and should have led to a full incident response. About two weeks after the team obtained access, exploit code was released publicly into a popular open source exploitation framework. CISA identified that the vulnerability was exploited by an unknown third party. CISA added this CVE to its Known Exploited Vulnerabilities Catalog on February 2, 2023." [...]

After gaining access to the Solaris enclave, the red team discovered they couldn't pivot into the Windows part of the network because missing credentials blocked their path, despite enjoying months of access to sensitive web apps and databases. Undeterred, CISA managed to make its way into the Windows network after carrying out phishing attacks on unidentified members of the target agency, one of which was successful. It said real adversaries may have instead used prolonged password-praying attacks rather than phishing at this stage, given that several service accounts were identified as having weak passwords. After gaining that access, the red team injected a persistent RAT and later discovered unsecured admin credentials, which essentially meant it was game over for the agency being assessed. "None of the accessed servers had any noticeable additional protections or network access restrictions despite their sensitivity and critical functions in the network," CISA said.

CISA described this as a "full domain compromise" that gave the attackers access to tier zero assets -- the most highly privileged systems. "The team found a password file left from a previous employee on an open, administrative IT share, which contained plaintext usernames and passwords for several privileged service accounts," the report reads. "With the harvested Lightweight Directory Access Protocol (LDAP) information, the team identified one of the accounts had system center operations manager (SCOM) administrator privileges and domain administrator privileges for the parent domain. "They identified another account that also had administrative permissions for most servers in the domain. The passwords for both accounts had not been updated in over eight years and were not enrolled in the organization's identity management (IDM)." From here, the red team realized the victim organization had trust relationships with multiple external FCEB organizations, which CISA's team then pivoted into using the access they already had.

The team "kerberoasted" one partner organization. Kerberoasting is an attack on the Kerberos authentication protocol typically used in Windows networks to authenticate users and devices. However, it wasn't able to move laterally with the account due to low privileges, so it instead used those credentials to exploit a second trusted partner organization. Kerberoasting yielded a more privileged account at the second external org, the password for which was crackable. CISA said that due to network ownership, legal agreements, and/or vendor opacity, these kinds of cross-organizational attacks are rarely tested during assessments. However, SILENTSHIELD assessments are able to be carried out following new-ish powers afforded to CISA by the FY21 National Defense Authorization Act (NDAA), the same powers that also allow CISA's Federal Attack Surface Testing (FAST) pentesting program to operate. It's crucial that these avenues are able to be explored in such exercises because they're routes into systems adversaries will have no reservations about exploring in a real-world scenario. For the first five months of the assessment, the target FCEB agency failed to detect or remediate any of the SILENTSHIELD activity, raising concerns over its ability to spot genuine malicious activity. CISA said the findings demonstrated the need for agencies to apply defense-in-depth principles. The cybersecurity agency recommended network segmentation and a Secure-by-Design commitment.

Meta Platforms is making its artificial intelligence large language model, Llama 2, available for commercial use through partnerships with major cloud providers including Microsoft. Bloomberg: Meta isn't charging for access or usage of the model it developed, the company said. Instead, by opening up the technology to other companies, Meta says it will benefit from improvements that can be made when more developers use, stress test and identify problems with it. Making the large language model, or LLM, more widely accessible, also establishes Meta alongside other tech giants as having a key contribution to the AI arms race. Meta is spending record amounts on AI infrastructure, and Chief Executive Officer Mark Zuckerberg has said incorporating AI improvements into all the company's products and algorithms is a priority.

Meta took on the cost of training the models. Cloud providers including Microsoft, Amazon and Hugging Face are hosting the tools and providing the computing power to run them. The commercial rollout of Llama 2 is the first project to debut out of the company's generative AI group, a new team assembled in February. To prepare the new model for release, Meta employees and third-parties ran safety tests called "red-teaming exercises." It's a separate model from the one Meta uses for its own products.

New submitter terrorubic shares a report from Reuters: The United States said it will stop providing Russia some notifications required under the New START arms control treaty from Thursday, including updates on its missile and launcher locations, to retaliate for Moscow's 'ongoing violations' of the accord. In a fact sheet on its website, the State Department said it would also stop giving Russia telemetry information - remotely gathered data about a missile's flight - on launches of U.S. intercontinental and submarine-launched ballistic missiles.

Russian President Vladimir Putin has not formally withdrawn from the treaty, which limits deployed strategic nuclear arsenals. On Feb. 21, he said Russia would suspend participation, imperiling the last pillar of U.S.-Russian arms control. Signed in 2010 and due to expire in 2026, the New START treaty caps the number of strategic nuclear warheads that the countries can deploy. Under its terms, Moscow and Washington may deploy no more than 1,550 strategic nuclear warheads and 700 land- and submarine-based missiles and bombers to deliver them. "The State Department said it continues to notify Russia of intercontinental ballistic missile (ICBM) and submarine ballistic missile (SLBM) launches in accordance with the 1988 Ballistic Missile Launch Notifications Agreement, and of strategic exercises in accordance with a separate 1989 accord," notes Reuters.

Microsoft plans to cut thousands of jobs with some roles expected to be eliminated in human resources and engineering divisions, according to media reports on Tuesday. From a report: The expected layoffs would be the latest in the U.S. technology sector, where companies including Amazon.com and Meta have announced retrenchment exercises in response to slowing demand and a worsening global economic outlook. Microsoft's move could indicate that the tech sector may continue to shed jobs.

"From a big picture perspective, another pending round of layoffs at Microsoft suggests the environment is not improving, and likely continues to worsen," Morningstar analyst Dan Romanoff said. U.K broadcaster Sky News reported, citing sources, that Microsoft plans to cut about 5% of its workforce, or about 11,000 roles.

One of the latest trends in boutique fitness is electrifying. Literally. From a report: Called whole-body electrical muscle stimulation, or EMS, the technique requires users to wear an electrode-studded suit that attaches to a machine. The suit delivers electrical impulses that make each exercise more difficult as muscles fight against the impulses. The result is a more efficient way to build muscle mass and strength, say proponents, who claim that one 20-minute session of whole-body zapping achieves the same benefits as two and half hours of conventional strength training.

In the U.S., the workouts are offered by about 400 fitness centers, spas and other outlets, and do-it-yourself home training kits are proliferating online. Yet whole-body EMS isn't a shortcut to a Marvel hero's physique, scientists say. Regulators have warned the equipment can be dangerous, with risks including muscle damage or burns. Whole-body EMS is attracting more attention from researchers studying whether the technique might benefit people who don't or can't exercise. Some doctors are investigating whether it can decrease inflammation in the obese and frailty in older people. A small study presented at an American Heart Association conference in November suggested that whole-body EMS might benefit the heart.

Twenty-four young, healthy adults who did 20 minutes a week of squats, lunges and bicep curls using electrical stimulation recorded greater improvements in waist and hip measurements, cholesterol levels, aerobic capacity and other indicators of cardiac health than a second group that did the same exercises without stimulation, according to the findings, which haven't been published in a scientific journal. Small studies like this suggest the approach might hold promise as a supplemental treatment for cardiac patients who don't get the exercise they need, says Jaskanwal Sara, the Mayo Clinic doctor who conducted the research.

Linux 6.1 (released last month) included what Linus Torvalds described as "initial Rust scaffolding," remembers this update from SD Times But now, "work has already been done since the 6.1 release to add more infrastructure for Rust in the kernel, though still none of the code interacts with any C code."

And there's still no actual Rust code in Linux: "You need to get all those things that can make sure that Rust can compile, and you can do the debugging and all these things," explained Joel Marcey, director of advocacy and operations for the Rust Foundation, "and make sure that the memory safety is there and all that sort of stuff. And that has to happen first before you can actually write any real code in Rust for the Linux kernel itself."

Marcey explained that Linux is going to be doing this inclusion very piecemeal, with lots of little integrations here and there over time so they can see how it is working. "I would imagine that over the next year, you're going to see more small incremental changes to the kernel with Rust, but as people are seeing that it's actually kind of working out, you'll be able to maybe, for example, write Linux drivers or whatever with Rust," said Marcey....

According to Bec Rumbul, executive director of the Rust Foundation, Rust being added to the kernel is an "enormous vote of confidence in the Rust programming language." She explained that in the past other languages have been planned to make it into the kernel and ended up not getting put in. "I think having someone with the kind of intellectual gravity of Linus Torvalds saying 'No, it's going in there,' that kind of says an awful lot about how reliable Rust already is and how much potential there is for the future as well," she said.

Rumbul believes that there will be an increased interest in the language, which is still relatively new (It first made its debut in 2010) compared to some of the other languages out there to choose from. "I suspect that because Rust is now in the kernel, and it's just being talked about much ... more widely, that it will seem like an attractive prospect to a lot of people that are looking to develop their skills and their knowledge," she said. Rumbul hopes people will also be inspired to participate in the language as contributors and maintainers, because those are some of the less popular roles within open source, but are extremely critical to the health of a language, she explained.
The Rust Foundation also launched a new security team in September to ensure best practices (including a dedicated security engineer). Their first initiative will be a security audit and threat modeling exercises. "We want to basically shore up," Rust operations director Marcey tells SD Times, "to ensure that Rust itself is actually as secure as we always say it is."

In this year's Stack Overflow Developer Survey, 86.73% of developers said they love Rust.

Long-time Slashdot reader theodp writes: "What is your biggest pain point?", North Carolina State University PhD student Samim Mirhosseini and Microsoft Researchers Austin Z. Henley & Chris Parnin asked 32 computer science instructors at universities and community colleges. Their feedback is summed up in a just-posted paper that will be presented at SIGCSE 2023.

Instructors cited understanding what students are struggling with, answering students' questions, limited teaching assistant (TA) support, grading & feedback, course material preparation, and administrative tasks as challenges, pain points, and things they wish they could change. Interestingly, instructors indicated that some of the attempts to address pain points — including the increased use of TA's, interactive textbooks/exercises, automated grading, "flipped" classrooms [where lectures are assigned as video homework, with classtime reserved for interaction], and peer instruction — aren't always what they're cracked up to be.

- "Some TAs are not mature programmers," instructors noted. "TAs sometimes only run the unit tests and never read the code, [so] two submissions that were nearly identical, but one got [high] marks and the other got [low] marks."

- Automation brings its own challenges, instructors added, citing the problem of interactive textbooks that give grades but deduct points even if there is only a whitespace difference with the solution ("My students struggle so much with it and they spend hours trying to get the white space correct in their program when in reality that's not what I want them spending time on").

- Instructors also cited struggles with "how to design 'Copilot-proof' assignments, to prevent students from completing homework assignments in seconds with little conceptual knowledge.

- Regarding the flipped classroom, one instructor confessed, "I've checked and there's very few people watching these videos."

While grading was cited as "probably the biggest burden of the courses" and "an impossible task," one instructor still noted a preference to grade things themselves even if they have TAs "because [of] the feedback I can get from [...] their homework and assignments." Along the same lines, another noted that while they also wish for more automation of mundane tasks, they are strongly opposed to automating feedback to students because "I think this is the wrong direction for education. Striping away community and humanity from learning."

An anonymous reader quotes a report from Ars Technica: The US Army released (PDF) its climate change strategy this week, and it's a lengthy document that shows how the largest and oldest branch of the military will not only prepare for climate change but will also zero out emissions from most of its operations and activities. The Army says that the goal isn't just to eliminate greenhouse gas emissions -- though that's a key outcome -- but also to make the force more resilient by "adapting infrastructure and natural environments to climate change risks." The strategy takes a multipronged approach toward addressing the climate threat, including overhauling the Army's installations and its acquisitions and logistics practices.

On just the facilities side, the Army buys more than $740 million of electricity every year, producing over 4.1 million metric tons of carbon pollution. To bring those numbers down while also improving its ability to operate when the grid goes down, the Army says it will install microgrids at each of its more than 130 installations by 2035. Already, 25 microgrids are "scoped and planned" through 2024. Microgrids are usually connected to the wider grid, though they can be easily cut off without losing power, allowing operations to continue if the connection is severed or the grid goes down. Currently, the Army is looking into solar, wind, and batteries to power microgrids.

On bases, myriad vehicles support day-to-day operations, and the new plan calls for the nontactical vehicle fleet to be all-electric by 2035. That includes everything from light trucks like Chevrolet Tahoes and Ford F-150s to massive prime movers like the "Dragon Wagon" and the HEMTT. Light-duty vehicles like the Tahoe are scheduled to be all-electric by 2027. Tactical vehicles, though, will take a bit longer. The Army hopes to hybridize them by 2035 before moving to all-electric in 2050. The plan doesn't spell out what it considers to be tactical vehicles, though the designation likely includes things like Humvees and MRAPs. Currently, there's no concrete plan for all-electric tanks and self-propelled artillery. The Army's plan is also requiring it to "proactively train its people and prepare a force that is ready to operate in a climate-altered world," the document says.

Furthermore, a "Climate 101" course has been rolled out "to introduce fundamentals of climate science to base architects and garrison commanders, and it says it will update all of its training modules, exercises, and simulations to consider the impacts of climate change by 2028," adds Ars Technica. "The goal is to prepare the entire force for whatever conditions climate change presents, from severe weather to a thawing Arctic."

The Drive reports on an "unprecedent exercise" which included a Russian nuclear submarine firing a torpedo underneath Arctic ice, which it calls "a bold statement of Russia's presence and capabilities in the increasingly tense Arctic region." Three Russian ballistic missile submarines surfaced next to each other from beneath the ice near the North Pole as part of a recent major Arctic exercise. The head of the country's Navy said that event was a first for his service. It also underscores the growing geopolitical competition in this highly strategic region... A pair of MiG-31 Foxhound interceptors, supported by an Il-78 aerial refueling tanker, also flew over the North Pole and troops have been conducting maneuvers on the ground in extreme cold weather conditions as part of Umka-2021. Average temperatures in the exercise area, at present, are ranging between -13 and -22 degrees Fahrenheit, with winds gusting up to just over 70 miles per hour, according to state-run media outlet TASS....

[A]ll of this is magnified by the ever-increasing strategic significance of the Arctic and growing geopolitical competition there, as a result. Much of this has been driven by the emergence of new economic opportunities as global climate change has caused ice in the region to recede. This has made the prospect of sending commercial shipping via the Northern Sea Route more viable and offers the possibility of greater access to untapped natural resources, including oil and natural gas. Just this week, Russia's state nuclear agency Rosatom has been promoting the Northern Sea Route as an alternative to traditional routes in light of the very serious situation in the Suez Canal...

The Umka-2021 drills come as Russia and the United States, among others, are working to expand their abilities to project military power into the Arctic. Russia has been working particularly hard to build new facilities and expand existing ones, especially air bases, in the region. The U.S. military, in cooperation with Canada, just recently demonstrated its ability to conduct more routine combat aviation operations out of the strategic Thule Air Base in Greenland, as well.
The article notes that U.S. Navy also conducts Ice Exercises each year with submarines surfacing from under Arctic the ice, "though not with ballistic missile boats. However, this particular drill is, nevertheless, a significant show of force and general demonstration of the Russian Navy's strategic capabilities...."

"We're in competition... and to be competitive with Russia and China, specifically in the Arctic, you have to be on the field," said the U.S. Air Force general who heads NORAD in remarks to Congress last week. The Drive quotes him as saying "And, so it's crucial that we do that and we continue producing capabilities that will allow us to be in the Arctic." The Russian Navy sending three ballistic missile submarines punching through the Arctic ice together in a row near the North Pole provides a very clear look at this competition and more such displays are likely to come as the geopolitical friction in the region continues to increase.

An anonymous reader quotes a report from NBC News: The U.S. has issued an emergency warning after Microsoft said it caught China hacking into its mail and calendar server program, called Exchange. The perpetrator, Microsoft said in a blog post, is a hacker group that the company has "high confidence" is working for the Chinese government and primarily spies on American targets. The latest software update for Exchange blocks the hackers, prompting the U.S. Cybersecurity and Infrastructure Security Agency to issue a rare emergency directive that requires all government networks do so.

CISA, the U.S.'s primary defensive cybersecurity agency, rarely exercises its authority to demand the entire U.S. government take protective steps to protect its cybersecurity. The move was necessary, the agency announced, because the Exchange hackers are able "to gain persistent system access." All government agencies have until noon Friday to download the latest software update. In a separate blog post, Microsoft Vice President Tom Burt wrote that the hackers have recently spied on a wide range of American targets, including disease researchers, law firms and defense contractors. There was no immediate indication that the hack led to significant exploitation of U.S. government computer networks. But the announcement marks the second instance in recent months that the U.S. scrambled to address a widespread hacking campaign believed be the work of foreign government spies.

Florida Senator Marco Rubio said he hopes that UFOs are extraterrestrials and not advanced Chinese aircraft. From a report: In a July 16 interview with CBS reporter Jim DeFede about a range of topics, including the government's Covid-19 response and the possible existence of extraterrestrial life. "We have things flying over our military bases and places where we're conducting military exercises and we don't know what it is and it isn't ours," Rubio said. "Frankly, if it's something outside this planet that might actually be better than the fact that we've seen some sort of technological leap from the Chinese or Russians or some other adversary that allows them to conduct this sort of activity," Rubio said. "That to me is a national security risk and one we should be looking into."

Just like tech companies that have struggled to tackle misinformation on their platforms, Amazon has proven unable or unwilling to effectively police third-party sellers on its site. The Wall Street Journal: Many of the millions of people who shop on Amazon.com see it as if it were an American big-box store, a retailer with goods deemed safe enough for customers. In practice, Amazon has increasingly evolved like a flea market. It exercises limited oversight over items listed by millions of third-party sellers, many of them anonymous, many in China, some offering scant information. A Wall Street Journal investigation found 4,152 items for sale on Amazon.com's site that have been declared unsafe by federal agencies, are deceptively labeled or are banned by federal regulators -- items that big-box retailers' policies would bar from their shelves. Among those items, at least 2,000 listings for toys and medications lacked warnings about health risks to children.

The Journal identified at least 157 items for sale that Amazon had said it banned, including sleeping mats the Food and Drug Administration warns can suffocate infants. The Journal commissioned tests of 10 children's products it bought on Amazon, many promoted as "Amazon's Choice." Four failed tests based on federal safety standards, according to the testing company, including one with lead levels that exceeded federal limits. Of the 4,152 products the Journal identified, 46% were listed as shipping from Amazon warehouses. After the Journal brought the listings to Amazon's attention, 57% of the 4,152 listings had their wording altered or were taken down. Amazon said that it reviewed and addressed the listings the Journal provided and that company policies require all products to comply with laws and regulations.

"Learn to build quantum algorithms from the ground up with a quantum computer simulated in your browser," suggests a new online course.

"The very concept of a quantum computer can be daunting, let alone programming it, but Microsoft thinks it can offer a helping hand," reports Engadget: Microsoft is partnering with Alphabet's X and Brilliant on an online curriculum for quantum computing. The course starts with basic concepts and gradually introduces you to Microsoft's Q# language, teaching you how to write 'simple' quantum algorithms before moving on to truly complicated scenarios. You can handle everything on the web (including quantum circuit puzzles), and there's a simulator to verify that you're on the right track.
The course "features Q# programming exercises with Python as the host language," explains Microsoft's press release.

The course's web page promises that by the end of the course, "you'll know your way around the world of quantum information, have experimented with the ins and outs of quantum circuits, and have written your first 100 lines of quantum code -- while remaining blissfully ignorant about detailed quantum physics."

"Stratolaunch, the aerospace venture founded by the late Microsoft co-founder Paul Allen, sent the world's biggest airplane into the air today for its first flight test," report GeekWire. The twin-fuselage plane, which incorporates parts from two Boeing 747 jumbo jets and has a world-record wingspan of 385 feet, took off from Mojave Air and Space Port in California for a flight that lasted two and a half hours. For more than seven years, Stratolaunch has been working with Mojave-based Scaled Composites on the project, which aims to use the plane as a flying launch pad for orbital-class rockets. The first flight test had been anticipated for months. "We finally did it," Stratolaunch CEO Jean Floyd said today during a briefing.

Stratolaunch's plane, which has been nicknamed Roc after a giant mythical bird, took off at 6:58 a.m. PT and went through a series of in-flight maneuvers, including roll doublets, yawing maneuvers, pushovers and pull-ups, steady heading side slips and simulated landing approach exercises. Stratolaunch said it reached a maximum speed of 189 mph and maximum altitude of 17,000 feet.... The plan ahead calls for further tests over the next 12 to 18 months, with the aim of getting the plane fully certified by the Federal Aviation Administration. Stratolaunch has already struck a deal to use Northrop Grumman's Pegasus XL rocket to send payloads weighing as much as 816 pounds (370 kilograms) to low Earth orbit...

Stratolaunch's air-launch system is designed to carry multiple rockets up to an altitude of about 40,000 feet, and then drop them into the air to fire up their rocket engines. The advantage of such a system is that it can take off from any runway that's long enough to accommodate the plane, fly around bad weather if need be, and launch a satellite into any orbital inclination.
Stratolaunch CEO Jean Floyd said their team had dedicated the flight to Paul Allen.

"[A]s the plane lifted gracefully from the runway, I did whisper a 'thank you' to Paul for allowing me to be part of this remarkable achievement."

The creator of the year's biggest game is facing a slew of lawsuits over its alleged use of famous dance moves. But will courts tap to the same tune? From a report: Fresh Prince of Bel-Air star Alfonso Ribeiro alleges that Fornite used his Carlton Dance, devised for a memorable episode of the hit US sitcom, without permission or credit. And earlier this week, Russell Horning, AKA the Backpack Kid, launched his own lawsuit claiming Epic breached copyright laws for including his signature dance move "The Floss." So while the copyright disco fills up and solicitors perform their (wallet) stretching exercises, the big question is: can you realistically copyright a dance move? The answer is yes. Kind of. It's complicated.

"A dance can be protected under copyright law in England under the protection afforded to literary, dramatic or musical works (section 3 (2) of the Copyright, Design and Patents Act)," says Alex Tutty of specialist entertainment law firm Sheridans. "But copyright can subsist in it only when it is recorded in writing or otherwise. It doesn't just exist because you did the dance; it needs to be written down or filmed" This is handy for the Fortnite complainants, because there is video evidence of all of them performing their respective moves. However, it's not quite that easy. "There are all kinds of complexities in practice," says entertainment and tech industry lawyer, Jas Purewal of Purewal & Partners. "For example, who owns the dance -- the original creator, the dancers or the choreographer? How can they prove they actually created something new? How can they show that someone else actually infringed their dance and didn't independently come up with it? The law is pretty archaic, too. It's just not been an area that has had a lot of attention."

Facebook owns many other apps and services, including the Oculus virtual-reality platform, which collects incredibly detailed information about where users are looking and how they're moving. Since most of the discussion about how Facebook handles user information is focused on the social network itself, The Verge's Adi Robertson looks into the link between Facebook and Oculus: A VR platform like Oculus offers lots of data points that could be turned into a detailed user profile. Facebook already records a "heatmap" of viewer data for 360-degree videos, for instance, flagging which parts of a video people find most interesting. If it decided to track VR users at a more detailed level, it could do something like track overall movement patterns with hand controllers, then guess whether someone is sick or tired on a particular day. Oculus imagines people using its headsets the way they use phones and computers today, which would let it track all kinds of private communications. The Oculus privacy policy has a blanket clause that lets it share and receive information from Facebook and Facebook-owned services. So far, the company claims that it exercises this option in very limited ways, and none of them involve giving data to Facebook advertisers. "Oculus does not share people's data with Facebook for third-party advertising," a spokesperson tells The Verge.

Oculus says there are some types of data it either doesn't share or doesn't retain at all. The platform collects physical information like height to calibrate VR experiences, but apparently, it doesn't share any of it with Facebook. It stores posts that are made on the Oculus forums, but not voice communications between users in VR, although it may retain records of connections between them. The company also offers a few examples of when it would share data with Facebook or vice versa. Most obviously, if you're using a Facebook-created VR app like Spaces, Facebook gets information about what you're doing there, much in the same way that any third-party app developer would. You can optionally link your Facebook account to your Oculus ID, in which case, Oculus will use your Facebook interests to suggest specific apps or games. If you've linked the accounts, any friend you add on Facebook will also become your friend on Oculus, if they're on the platform. Oculus does, however, share data between the two services to fight certain kinds of banned activity. "If we find someone using their account to send spam on one service, we can disable all of their accounts," an Oculus spokesperson says. "Similarly, if there's 'strange activity' on a specific Oculus account, they can share the IP address it's coming from with Facebook," writes Robertson. "The biggest problem is that there's nothing stopping Facebook and Oculus from choosing to share more data in the future."

Drones are stirring up public annoyance in the U.K. as the number of complaints to police are said to have soared twelvefold over the past two years -- including allegations of snooping neighbors, burglary "scoping" exercises, prison smuggling and near-misses with aircraft. From a report: Last year incidents rose to 3,456 (about 10 a day), almost tripling the 2015 figure of 1,237. In 2014, the number of incidents was only 283, indicating that the commercial success of the devices has brought with it a growing public nuisance. The findings were a result of a freedom of information request submitted by the Press Association to show the number of incidents logged by police around the country between 2014 and 2016. Their timely release follows several reports of near-misses with passenger planes and drones, and the arrest of Daniel Kelly, 27, last year, who became the first person in the U.K. to be jailed for smuggling items into prisons. But the actual total of cases is thought to be much higher, as not all police forces were able to submit data on the drone cases.