Submission + - Insurance Firm Lemonade Says API Glitch Exposed Some Driver's License Numbers (securityweek.com)

An anonymous reader writes: Insurance firm Lemonade is notifying roughly 190,000 individuals that their driver’s license numbers were likely exposed due to a technical glitch. Copies of the notification letter that were submitted to regulators in several states show that the incident involved an online application that enables individuals to obtain car insurance quotes and purchase policies. According to the company, a vulnerability in the car insurance quote flow resulted in the exposure of certain driver’s license numbers for identifiable individuals. The vulnerability has been addressed, Lemonade says.

Between April 2023 and September 2024, the platform transmitted the information unencrypted, which the company says allowed driver’s license numbers to be accessed without authorization. “We have no evidence to suggest that your driver’s license number has been misused but we are providing this notice as a precaution to inform potentially affected individuals and share some steps you can take to help protect yourself,” the company’s notification letter reads. The insurer is providing the impacted individuals with 12 months of free credit monitoring and identity protection services.

Submission + - Figma Sent a Cease-and-Desist Letter To Lovable Over the Term 'Dev Mode' (techcrunch.com)

An anonymous reader writes: Figma has sent a cease-and-desist letter to popular no-code AI startup Lovable, Figma confirmed to TechCrunch. The letter tells Lovable to stop using the term “Dev Mode” for a new product feature. Figma, which also has a feature called Dev Mode, successfully trademarked that term last year, according to the U.S. Patent and Trademark office. What’s wild is that “dev mode” is a common term used in many products that cater to software programmers. It’s like an edit mode. Software products from giant companies like Apple’s iOS, Google’s Chrome, Microsoft’s Xbox have features formally called “developer mode” that then get nicknamed “dev mode” in reference materials.

Even “dev mode” itself is commonly used. For instance Atlassian used it in products that pre-date Figma’s copyright by years. And it’s a common feature name in countless open source software projects. Figma tells TechCrunch that its trademark refers only to the shortcut “Dev Mode” – not the full term “developer mode.” Still, it’s a bit like trademarking the term “bug” to refer to “debugging.” Since Figma wants to own the term, it has little choice but send cease-and-desist letters. (The letter, as many on X pointed out, was very polite, too.) If Figma doesn’t defend the term, it could be absorbed as a generic term and the trademarked becomes unenforceable.

Some on the internet argue that this term is already generic, should never have been allowed to be trademarked, and say Lovable should fight. (Loveable has not yet responded to our request for comment about that.) However, taking on an international legal battle might be pricey for the early-stage Swedish startup. For Lovable, which raised a $15 million seed round in February, changing the feature name to “developer mode” or some other term would certainly be a less expensive option. What’s more interesting is that Lovable is one of the rising stars of so-called “vibe coding.” That’s where users can describe what they want in a text prompt and the product builds it – complete with code. Its “dev mode” feature was launched a few weeks ago to allow users to edit that code.

Submission + - US paedophile jailed in Wales (telegraph.co.uk)

Bruce66423 writes: The good news is that the evil man got caught. The worrying question is: 'How'. it appears the UK police got involved after a 'tip off from the US'. The question is; 'How did they know this evil was going on?' Would the evidence against him have survived in a US court? And should we welcome a case of where a 'will nobody think of the children' driven action has produced an apparently positive result.

Submission + - US tariffs causing Sony to raise PS5 price substantially in UK and Europe? (theverge.com)

An anonymous reader writes: Sony has raised the price of most of its PlayStation 5 console hardware in the UK, Europe, Australia, and New Zealand by 10-15 percent, blaming âoea challenging economic environment.â With rising US import costs thanks to tariffs likely a contributing factor, an equivalent price rise in the US is probably on the way.

Sony manufactures the majority of its PlayStation 5 hardware in China, now subject to 145 percent tariffs on imports into the US, and game consoles arenâ(TM)t included in the pause on some tech tariffs announced Friday. A price increase in other markets may be a way of limiting how sharply prices will need to rise in the US, which is a key market for Sony.

Sonyâ(TM)s blog post announcing the change blamed it on âoehigh inflation and fluctuating exchange rates,â though made no mention of Trumpâ(TM)s tariffs or increased import costs into the US, where prices are remaining the same â" for now. Analyst Serkan Toto told CNBC that he âoewould be very surprised if Sony was able to keep the PlayStation prices in the US stable,â calling now âoethe ârightâ(TM) timeâ for the company to raise prices.

Submission + - Arguing Against CALEA (schneier.com)

Mirnotoriety writes: At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought:

Submission + - Llama 2 LLM on DOS (yeokhengmeng.com)

yeokm1 writes: Conventional wisdom states that running LLMs locally will require computers with high performance specifications especially GPUs with lots of VRAM. But is this actually true?

Thanks to an open-source llama2.c project, I ported it to work so vintage machines running DOS can actually inference Llama 2 LLM models. Of course there are severe limitations but the results will surprise you.

Submission + - Hertz Says Customers' Personal Data, Driver's Licenses Stolen In Data Breach (techcrunch.com)

An anonymous reader writes: Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver’s licenses. The rental company, which also owns the Dollar and Thrifty brands, said in notices on its website that the breach relates to a cyberattack on one of its vendors between October 2024 and December 2024. The stolen data varies by region, but largely includes Hertz customer names, dates of birth, contact information, driver’s licenses, payment card information, and workers’ compensation claims. Hertz said a smaller number of customers had their Social Security numbers taken in the breach, along with other government-issued identification numbers.

Notices on Hertz’s websites disclosed the breach to customers in Australia, Canada, the European Union, New Zealand, and the United Kingdom. Hertz also disclosed the breach with several U.S. states, including California and Maine. Hertz said at least 3,400 customers in Maine were affected but did not list the total number of affected individuals, which is likely to be significantly higher. Emily Spencer, a spokesperson for Hertz, would not provide TechCrunch with a specific number of individuals affected by the breach but said it would be “inaccurate to say millions” of customers are affected. The company attributed the breach to a vendor, software maker Cleo, which last year was at the center of a mass-hacking campaign by a prolific Russia-linked ransomware gang.

Submission + - Chinese Robotaxis Have Government Black Boxes, Approach US Quality (forbes.com)

An anonymous reader writes: Robotaxi development is speeding at a fast pace in China, but we don’t hear much about it in the USA, where the news focuses mostly on Waymo, with a bit about Zoox, Motional, May, trucking projects and other domestic players. China has 4 main players with robotaxi service, dominated by Baidu (the Chinese Google.) A recent session at last week’s Ride AI conference in Los Angeles revealed some details about the different regulatory regime in China, and featured a report from a Chinese-American Youtuber who has taken on a mission to ride in the different vehicles.

Zion Maffeo, deputy general counsel for Pony.AI, provided some details on regulations in China. While Pony began with U.S. operations, its public operations are entirely in China, and it does only testing in the USA. Famously it was one of the few companies to get a California “no safety driver” test permit, but then lost it after a crash, and later regained it. Chinese authorities at many levels keep a close watch over Chinese robotaxi companies. They must get approval for all levels of operation which control where they can test and operate, and how much supervision is needed. Operation begins with testing with a safety driver behind the wheel (as almost everywhere in the world,) with eventual graduation to having the safety driver in the passenger seat but with an emergency stop. Then they move to having a supervisor in the back seat before they can test with nobody in the vehicle, usually limited to an area with simpler streets.

The big jump can then come to allow testing with nobody in the vehicle, but with full time monitoring by a remote employee who can stop the vehicle. From there they can graduate to taking passengers, and then expanding the service to more complex areas. Later they can go further, and not have full time remote monitoring, though there do need to be remote employees able to monitor and assist part time. Pony has a permit allowing it to have 3 vehicles per remote operator, and has one for 15 vehicles in process, but they declined comment on just how many vehicles they actually have per operator. Baidu also did not respond to queries on this. [...] In addition, Chinese jurisdictions require that the system in a car independently log any “interventions” by safety drivers in a sort of “black box” system. These reports are regularly given to regulators, though they are not made public. In California, companies must file an annual disengagement report, but they have considerable leeway on what they consider a disengagement so the numbers can’t be readily compared. Chinese companies have no discretion on what is reported, and they may notify authorities of a specific objection if they wish to declare that an intervention logged in their black box should not be counted.

There are strong arguments against such strict reporting. Safety drivers are told to intervene when they have any doubt, which means they will frequently intervene when not necessary. Because companies with mandatory reporting of all interventions want to keep their number down, they may, even unconsciously, discourage interventions. They also don’t want to have to count things like bathroom breaks which have no bearing on safety, leading to the wrong incentive. On the other hand, giving companies full leeway on what counts led to essentially useless reports in California. The right answer is hard. This more strict regulation reportedly also has its own Chinese “flavor” and personal relationships are also important to get permits and deploy. Even so, it’s not slowing things down much, if at all.

Submission + - China Halts Rare Earth Exports to U.S. (thegatewaypundit.com)

AmiMoJo writes: China has halted exports of seven critical rare earth elements to the United States, a move that threatens to disrupt supply chains across key American industries, including automotive, semiconductor, and aerospace sectors. China’s Ministry of Commerce recently added seven rare earth elements—including dysprosium, terbium, and lutetium—to its restricted export list. These elements are essential for manufacturing high-performance magnets used in electric vehicles, advanced weaponry, and consumer electronics.

Additionally: US chipmakers outsourcing manufacturing will escape China's tariffs

U.S. chipmakers that outsource manufacturing will be exempt from China's retaliatory tariffs on U.S. imports, according to a notice by the main Chinese semiconductor association on Friday.
Given the highly specialized and multi-country nature of chip supply chains, there was uncertainty within the industry about how tariffs would be applied to chip imports.
"For all integrated circuits, whether packaged or unpackaged, the declared country of origin for import customs purchases is the location of the wafer fabrication plant," the state-backed China Semiconductor Industry Association (CSIA), which represents the country's largest chip companies, said in an "urgent notice" on its WeChat account.
For U.S. chip designers such as Qualcomm and AMD that outsource manufacturing to Taiwanese chipmaking giant TSMC 2330.TW, Chinese customs authorities will classify these chips' place of origin as Taiwan, according to EETop, an information platform and forum for Chinese chipmakers.
This means China-based companies importing such chips will not be forced to pay China's retaliatory tariffs on U.S. imports, EETop said on its WeChat account.

https://www.reuters.com/techno...

Submission + - Overvaluing Things Considered Hard-To-Do Considered Harmful

theodp writes: In Three Stories About How CS is Overwhelming, and Ideas for How We Can Do Better", Univ. of Michigan CS Prof Mark Guzdial tackles the problem of how computer science's if-it-ain't-considered-hard-it-ain't-considered-important attitude dissuades students and educators alike from pursuing certain areas of study and research.

"We overly value things that are hard to do," Guzdial explains, "which leads us to undervalue things that are interesting, valuable, or useful but are not necessarily hard to do (e.g., studying how people build in Excel is interesting and valuable, even if it’s not as 'hard' as studying programmers building million LOC systems). I have heard this sentiment voiced lots of times. 'The study was really not that much. I don’t see why it’s interesting.' 'The system wasn’t hard to do. Anyone could have built it. It’s not really a contribution.' 'Anyone could have thought of that.' An academic contribution should be judged by what we learn, not by how hard it was to do or invent. That focus on being hard is part of what drives students away from computer science."

Submission + - DOJ Creates National Security Program to Protect Americans' Sensitive Data (justice.gov)

An anonymous reader writes: The Justice Department took significant steps to move forward with implementing a critical program to prevent China, Russia, Iran, and other foreign adversaries from using commercial activities to access and exploit U.S. government-related data and Americans’ sensitive personal data to commit espionage and economic espionage, conduct surveillance and counterintelligence activities, develop AI and military capabilities, and otherwise undermine our national security.

Submission + - Three million child deaths linked to drug resistance, study shows (bbc.co.uk) 1

Bruce66423 writes: 'More than three million children around the world are thought to have died in 2022 as a result of infections that are resistant to antibiotics, according to a study by two leading experts in child health.

'Children in Africa and South East Asia were found to be most at risk.

'Antimicrobial resistance — known as AMR — develops when the microbes that cause infections evolve in such a way that antibiotic drugs no longer work.

'It has been identified as one of the biggest public health threats facing the world's population.'

We've been hearing about the threat of this for decades. The news that it's now actually killing a lot of people is scary.

Submission + - Japanese train station shelter replaced overnight with 3D printed structure (arstechnica.com)

cusco writes: Hatsushima station serves the town of Arida of about 25,000, and around 530 passengers a day board there. Because the population is shrinking when it came time to replace the aging wooden shelter the new structure could be smaller, presenting West Japan Railway with the opportunity to try something new. The company commissioned a new 3D printed shelter from Serendix, who printed the structure in four parts over seven days. The parts were shipped by rail to Hatsushima and a crew assembled them in around six hours, finishing before the first train of the morning at 5:45.

The structure itself is made of mortar, layered like dull-green frosting by a 3D-printing nozzle, reinforced by steel and framed at its edges by concrete. The result is a building that has "earthquake resistance similar to that of reinforced concrete houses," according to West Japan Railway (JR West), and costing about half of what the shelter would cost to build with traditional reinforced concrete. It also has a mandarin orange and scabbardfish [local products] embossed into its sides.


Submission + - Trump backpedals on China imports that US cannot produce domestically (cnn.com)

Mr. Dollar Ton writes: Smartphones and computers are now exempt from Trump’s latest tariffs.

Electronics imported to the United States will be exempt from President Donald Trump’s reciprocal tariffs, according to a US Customs and Border Protection notice posted late Friday.

Smartphones, computer monitors and various electronic parts are among the exempted products. The exemption applies to products entering the United States or removed from warehouses as early as April 5, according to the notice.

Submission + - Microsoft now pushing advertising through Windows (techradar.com)

sinij writes:

The notification is labelled âsuggestedâ(TM) and is for the Avowed Premium Edition, urging me to âforge my destinyâ(TM) and click a button that says âBuy Nowâ(TM) (or alternatively, thereâ(TM)s a button to âDismissâ(TM)).

This happens on all versions of Windows, including Pro. Zero surprise that Microsoft is finding creative ways to abuse paid customers.

Submission + - How Much Time Does Needless Red Tape Add to Coding Changes?

theodp writes: In what will likely have both government and private sector software developers nodding knowingly, Newsweek reports that a change to reposition a logon button on an IRS web page — originally estimated to take at least 103 days to deploy — was instead completed in 71 minutes after DOGE worked with an IRS engineer to cut through the red tape.

A DOGE post on X explains: "On the http://irs.gov/ website, the 'log in' button was not in the top right on the navbar like it is on most websites. It was weirdly placed in the middle of the page below the fold. An IRS engineer explained that the *soonest* this change could get deployed is July 21st... 103 days from now. This engineer worked with the DOGE team to delete the red tape and accomplished the task in 71 minutes. See before/after pictures below. There are great people at the IRS, who are simply being strangled by bureaucracy."

So, does this strike a chord with those of you who have to jump through the hoops of various oversight boards at your organization? How much time do well-intentioned but needlessly onerous requirements of Agile, Risk, Audit, Compliance, Security, Architecture, Governance, Change Control and other groups add to coding changes?

Submission + - RFK Jr pledges to find the cause of autism by September (bbc.com)

skam240 writes: US Health Secretary Robert F Kennedy Jr has pledged "a massive testing and research effort" to determine the cause of autism in five months.

Experts cautioned that finding the causes of autism spectrum disorder – a complex syndrome that has been studied for decades – will not be straightforward, and called the effort misguided and unrealistic.

Kennedy, who has promoted debunked theories suggesting autism is linked to vaccines, said during a cabinet meeting on Thursday that a US research effort will "involve hundreds of scientists from around the world."

"By September, we will know what has caused the autism epidemic and we'll be able to eliminate those exposures," Kennedy said.

Submission + - Harvard Scientist's Wild 'Martian Nuclear Blasts' Claim Gets New Life (dailymail.co.uk) 1

alaskana writes: In 2014 Harvard Scientist Dr. John Brandenburg published a paper that claims there is evidence of past non-natural nuclear explosions on and above the surface of Mars resulting in the eradication of a primitive civilization that once resided there. In the paper's abstract it states:

"On Mars, the nearest Earthlike planet in the cosmos, the concentration of 129Xe in the Martian atmosphere, the evidence from 80Kr abundance of intense 1014/cm2 flux over the Northern young part of Mars, and the detected pattern of excess abundance of Uranium and Thorium on Mars surface, relative to Mars meteorites, can be explained as due to two large thermonuclear explosions on Mars in the past."

This claim has recently been thrust back into the limelight due to the appearance of philosophy PhD and science fiction writer Reza Jorjani on the Danny Jones Podcast. On it he stated: "Every planet has a certain amount of isotopes of different materials on it, and apparently the isotopic ratio of Xenon 129 is consistent across the entire solar system, except for on Mars." Jorjani further states that according to the paper "the isotopic signature was equivalent to ' Empire State building's worth of our thermonuclear warheads".

Adding further intrigue (and natural skepticism) to this story is the author's linking of his hypothesis to the 'face on Mars' and Mars' Cydonia region, with elevated levels of Xenon 129 found there suggesting that an ancient Martian civilization once thrived there and was subsequently wiped out by the explosions. The paper's abstract finishes with: "Taken together, the evidence suggests that Mars was the locale of a planetary nuclear massacre."

Is this fodder for tabloids or does the Harvard stamp give this claim some room to breath?


Submission + - Some companies adding tariff surcharges to pass along costs (cbsnews.com) 3

smooth wombat writes: With the implementation of tariffs on nearly every country which does business with the U.S., some companies are already raising prices to account for the increaesed cost of products. Other companies have not yet implemented price increasd, but are warning customers to expect higher prices in the near future. As a result, companies are now adding a "tariff surcharge" to all purchases.

Dame, a sexual wellness brand that makes adult toys and personal care products, has implemented a $5 "Trump tariff surcharge" that is automatically added to customers' online shopping carts at checkout.

Dame CEO Alexandra Fine said the fee doesn't cover all of its extra costs and that the company is analyzing its pricing given that most of its products are made in China. "Our whole industry is in China, so we've already seen the impact," she told CBS MoneyWatch.

Fine also said she wants to be transparent with customers about what is happening, rather than quietly inflating prices.

"The intention of adding the Trump tariff surcharge as a line item at checkout was to remind people that this is an extra tax on us. I wanted people to understand why it's more expensive — that it's because of political decisions that were made," she said.

Submission + - Social Security Administration will only communicate through Twitter (X) (federalnewsnetwork.com)

smooth wombat writes: The Social Security Administration has announced the only method it will communicate with the public or media is through posts on Twitter (X). This change took place after large numbers of communications staff were either fired or reassigned, sometimes to less senior positions. SSA Midwest-West (MWW) Regional Commissioner Linda Kerr-Davis told employees in a call Thursday that those regional offices will no longer issue press releases or “Dear Colleague” letters to advocate groups.

SSA is centralizing its process for responding to all inquiries, except those coming from members of Congress. For non-congressional inquiries, SSA regional offices will send their draft responses to SSA’s deputy commissioner of operations for review.

The Washington Post reported Wednesday that SSA technicians received an email that read: “Effective immediately, do not respond directly to any public or congressional inquiries.”

Slashdot Top Deals