Researchers from Cornell University have developed a novel urine collection and filtration system for spacesuits, designed to improve hygiene and comfort for astronauts during long spacewalks. This new system, inspired by the 'stillsuits' from the Dune franchise, recycles urine into potable water using a vacuum-based external catheter and a forward-reverse osmosis unit. It's expected to be tested for use in upcoming NASA moon and Mars missions. Phys.Org reports: [Researchers] have now designed a urine collection device, including an undergarment made of multiple layers of flexible fabric. This connects to a collection cup (with a different shape and size for women and men) of molded silicone, to fit around the genitalia. The inner face of the collection cup is lined with polyester microfiber or a nylon-spandex blend, to draw urine away from the body and towards the inner cup's inner face, from where it is sucked by a vacuum pump. A RFID tag, linked to an absorbent hydrogel, reacts to moisture by activating the pump. Once collected, the urine is diverted to the urine filtration system, where it gets recycled with an efficiency of 87% through a two-step, integrated forward and reverse osmosis filtration system. This uses a concentration gradient to remove water from urine, plus a pump to separate water from salt. The purified water is then enriched in electrolytes and pumped into the in-suit drink bag, again available for consumption. Collecting and purifying 500ml of urine takes only five minutes. The system, which integrates control pumps, sensors, and a liquid-crystal display screen, is powered by a 20.5V battery with a capacity of 40 amp-hours. Its total size is 38 by 23 by 23 cm, with a weight of approximately eight kilograms: sufficiently compact and light to be carried on the back of a spacesuit. Now that the prototype is available, the new design can be tested under simulated conditions, and subsequently during real spacewalks. The design has been published in the journal Frontiers in Space Technology.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Constellation Energy is in talks with the Pennsylvania governor's office and state lawmakers to help fund a possible restart of part of its Three Mile Island power facility, the site of a nuclear meltdown in the 1970s, three sources familiar with the discussions said on Tuesday. The conversations, which two sources described as "beyond preliminary," signal that Constellation is advancing plans to revive part of the southern Pennsylvania nuclear generation site, which operated from 1974 to 2019. The nuclear unit Constellation is considering restarting is separate from the one that melted down. The sources said that a shut Michigan nuclear plant, which was recently awarded a $1.5 billion conditional loan to restart from the administration of U.S. President Joe Biden, could serve as a private-public sector blueprint for Three Mile Island. The sources asked not to be named due to the sensitivity of the discussions. "Though we have determined it would be technically feasible to restart the unit, we have not made any decision on a restart as there are many economic, commercial, operational and regulatory considerations remaining," Constellation spokesperson Dave Snyder said in an email. Snyder did not comment on the specifics of discussions about reopening the Pennsylvania site. Last month, Constellation told Reuters that it had cleared an engineering study of Three Mile Island, though it was unknown if the Baltimore, Maryland-based energy company would move forward with plans to reopen the site. Constellation also said that given the current premium placed on nuclear energy, acquiring other sites was generally off the table and the company would instead look to expand its existing fleet. The Three Mile Island unit that could be restarted is different to the site's unit 2, which experienced a partial meltdown in 1979 in the most famous commercial nuclear accident in U.S. history. The report notes that "no U.S. nuclear power plant has been reopened after shutting." A restart will not only be costly, but it will be challenged over safety and environmental concerns.

Read more of this story at Slashdot.

OpenAI is close to a breakthrough with a new project called "Strawberry," which aims to enhance its AI models with advanced reasoning abilities. Reuters reports: Teams inside OpenAI are working on Strawberry, according to a copy of a recent internal OpenAI document seen by Reuters in May. Reuters could not ascertain the precise date of the document, which details a plan for how OpenAI intends to use Strawberry to perform research. The source described the plan to Reuters as a work in progress. The news agency could not establish how close Strawberry is to being publicly available. How Strawberry works is a tightly kept secret even within OpenAI, the person said. The document describes a project that uses Strawberry models with the aim of enabling the company's AI to not just generate answers to queries but to plan ahead enough to navigate the internet autonomously and reliably to perform what OpenAI terms "deep research," according to the source. This is something that has eluded AI models to date, according to interviews with more than a dozen AI researchers. Asked about Strawberry and the details reported in this story, an OpenAI company spokesperson said in a statement: "We want our AI models to see and understand the world more like we do. Continuous research into new AI capabilities is a common practice in the industry, with a shared belief that these systems will improve in reasoning over time." On Tuesday at an internal all-hands meeting, OpenAI showed a demo of a research project that it claimed had new human-like reasoning skills, according to Bloomberg, opens new tab. An OpenAI spokesperson confirmed the meeting but declined to give details of the contents. Reuters could not determine if the project demonstrated was Strawberry. OpenAI hopes the innovation will improve its AI models' reasoning capabilities dramatically, the person familiar with it said, adding that Strawberry involves a specialized way of processing an AI model after it has been pre-trained on very large datasets. Researchers Reuters interviewed say that reasoning is key to AI achieving human or super-human-level intelligence.

Read more of this story at Slashdot.

A 2023 red team exercise by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) at an unnamed federal agency exposed critical security failings, including unpatched vulnerabilities, inadequate incident response, and weak credential management, leading to a full domain compromise. According to The Register's Connor Jones, the agency failed to detect or remediate malicious activity for five months. From the report: According to the agency's account of the exercise, the red team was able to gain initial access by exploiting an unpatched vulnerability (CVE-2022-21587 - 9.8) in the target agency's Oracle Solaris enclave, leading to what it said was a full compromise. It's worth noting that CVE-2022-21587, an unauthenticated remote code execution (RCE) bug carrying a near-maximum 9.8 CVSS rating, was added to CISA's known exploited vulnerability (KEV) catalog in February 2023. The initial intrusion by CISA's red team was made on January 25, 2023. "After gaining access, the team promptly informed the organization's trusted agents of the unpatched device, but the organization took over two weeks to apply the available patch," CISA's report reads. "Additionally, the organization did not perform a thorough investigation of the affected servers, which would have turned up IOCs and should have led to a full incident response. About two weeks after the team obtained access, exploit code was released publicly into a popular open source exploitation framework. CISA identified that the vulnerability was exploited by an unknown third party. CISA added this CVE to its Known Exploited Vulnerabilities Catalog on February 2, 2023." [...] After gaining access to the Solaris enclave, the red team discovered they couldn't pivot into the Windows part of the network because missing credentials blocked their path, despite enjoying months of access to sensitive web apps and databases. Undeterred, CISA managed to make its way into the Windows network after carrying out phishing attacks on unidentified members of the target agency, one of which was successful. It said real adversaries may have instead used prolonged password-praying attacks rather than phishing at this stage, given that several service accounts were identified as having weak passwords. After gaining that access, the red team injected a persistent RAT and later discovered unsecured admin credentials, which essentially meant it was game over for the agency being assessed. "None of the accessed servers had any noticeable additional protections or network access restrictions despite their sensitivity and critical functions in the network," CISA said. CISA described this as a "full domain compromise" that gave the attackers access to tier zero assets -- the most highly privileged systems. "The team found a password file left from a previous employee on an open, administrative IT share, which contained plaintext usernames and passwords for several privileged service accounts," the report reads. "With the harvested Lightweight Directory Access Protocol (LDAP) information, the team identified one of the accounts had system center operations manager (SCOM) administrator privileges and domain administrator privileges for the parent domain. "They identified another account that also had administrative permissions for most servers in the domain. The passwords for both accounts had not been updated in over eight years and were not enrolled in the organization's identity management (IDM)." From here, the red team realized the victim organization had trust relationships with multiple external FCEB organizations, which CISA's team then pivoted into using the access they already had. The team "kerberoasted" one partner organization. Kerberoasting is an attack on the Kerberos authentication protocol typically used in Windows networks to authenticate users and devices. However, it wasn't able to move laterally with the account due to low privileges, so it instead used those credentials to exploit a second trusted partner organization. Kerberoasting yielded a more privileged account at the second external org, the password for which was crackable. CISA said that due to network ownership, legal agreements, and/or vendor opacity, these kinds of cross-organizational attacks are rarely tested during assessments. However, SILENTSHIELD assessments are able to be carried out following new-ish powers afforded to CISA by the FY21 National Defense Authorization Act (NDAA), the same powers that also allow CISA's Federal Attack Surface Testing (FAST) pentesting program to operate. It's crucial that these avenues are able to be explored in such exercises because they're routes into systems adversaries will have no reservations about exploring in a real-world scenario. For the first five months of the assessment, the target FCEB agency failed to detect or remediate any of the SILENTSHIELD activity, raising concerns over its ability to spot genuine malicious activity. CISA said the findings demonstrated the need for agencies to apply defense-in-depth principles. The cybersecurity agency recommended network segmentation and a Secure-by-Design commitment.

Read more of this story at Slashdot.

Mark Tyson reports via Tom's Hardware: The German Navy is searching for a new storage system to replace the aging 8-inch (20cm) floppy disks which are vital to the running of its Brandenburg class F123 frigates. According to an official tender document, the ideal answer to the German Navy's problems would be a drop-in floppy disk replacement based upon a storage emulation system, reports Golem.de. Germany's Brandenburg class F123 frigates were commissioned in the mid 1990s, so it is understandable that floppy disks were seen as a handy removable storage medium. These drives are part of the frigates' data acquisition system and, thus "central to controlling basic ship functions such as propulsion and power generation," according to the source report. The F123s are specialized in submarine hunting, and they are also being upgraded in terms of the weapon systems and weapon control systems. Swedish company Saab is the general contractor for the F123 modernizations. It won't be trivial to replace three decades old computer hardware seamlessly, while retaining the full functionality of the existing floppies. However, we note that other companies have wrestled similar problems in recent years. Moreover, there are plenty of emulator enthusiasts using technologies for floppy emulation solutions like Gotek drives which can emulate a variety of floppy drive standards and formats. There are other workable solutions already out there, but it all depends on who the German Navy chooses to deliver the project.

Read more of this story at Slashdot.

Southwest Airlines has signed a deal with Archer Aviation to develop plans for an on-demand eVTOL (electric vertical takeoff and landing) service in California. The Verge reports: The service will operate using Archer's battery-powered, four-passenger, tilt-rotor Midnight aircraft, which are designed to take off and land vertically from a landing strip like a helicopter. As part of the deal, the aircraft will get access to 14 California airports where Southwest operates. [...] Archer claims that trips that normally take 60-90 minutes by car can be done in 10-20 minutes in the company's air taxis. Archer came out of stealth in spring 2020 after having poached key talent from Wisk and Airbus' Vahana project. (That fact spurred a lawsuit from Wisk for alleged trade secret theft, which was finally settled last year.) The company has a $1 billion order from United Airlines for its eVTOL aircraft and a deal to mass-produce its eVTOL craft with global automaker Stellantis. Archer recently received a Part 135 air carrier certification from the Federal Aviation Administration, which the company will need to operate an on-demand air taxi service. Archer has said it plans on launching before the end of 2025. [...] As part of the deal, Archer will work with Southwest and its partners on the development of an air taxi network across California. That includes the unions of Southwest employees, like the Southwest Airlines Pilots Association.

Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media: John Binns, a U.S. citizen who has been incarcerated in Turkey, is linked to the massive data breach of metadata belonging to nearly all of AT&T's customers that the telecommunications giant announced on Friday, three sources independently told 404 Media. [...] As 404 Media reported in January, Binns has already been indicted for allegedly breaking into T-Mobile in 2021 and selling stolen data on more than 40 million people. Now, he is allegedly connected to the latest breach against AT&T, which the company said it detected in April. The AT&T data was lifted from a Snowflake instance, a data warehousing tool, AT&T told 404 Media. Snowflake has been at the center of a series of massive and high profile breaches, including Ticketmaster and Santander. In a blog post published in June which covered a threat actor targeting Snowflake instances, cybersecurity company Mandiant said the threat actor, which it dubs UNC5537, "comprises members based in North America, and collaborates with an additional member in Turkey." In its breach announcement, AT&T said authorities had already apprehended one of the people involved in the breach. Binns was recently arrested and detained in Turkey, The Desk reported in May. That report, which is the last public information about his whereabouts, says he was detained following an extradition request from the U.S. Before he was arrested, Binns told 404 Media in January that he had "reasons to not be concerned" about being extradited.

Read more of this story at Slashdot.

Amazon's AI chatbot Rufus is now live for all U.S. customers. Engadget's Lawrence Bonk reports: So what does it do? It's an Amazon chatbot so it helps with shopping. You can ask for lists of recommended products and ask what specific products do and stuff like that. I've tooled around with it a bit this morning and it seems fine, though a bit boring. I will say that I cross-referenced some of the recommended products with the web version and Rufus does not automatically list promoted items, at least for now. It spit out a seemingly random list of well-reviewed products on several occasions. That's fine by me, though I'm not about to buy something based on the word of a one-day old chatbot. You can also ask specific questions about products, but the answers seem to be pulled directly from the descriptions. As any regular Amazon customer knows, some of these descriptions are accurate and others aren't. The chatbot is tied to your personal account, so it can answer questions about upcoming deliveries and the like. Amazon says that the bot has been trained on its product catalog, along with customer reviews, community Q&As and public information found throughout the web. However, it hasn't disclosed what websites it pulled that public information from and to what end. It didn't even confirm that these were retail-adjacent websites. You can try Rufus by updating to the latest version of the Amazon Shopping app. It'll be available in the bottom navigation bar with a typical AI icon consisting of bubbles and sparkles/stars.

Read more of this story at Slashdot.

Jowi Morales reports via Tom's Hardware: There's a vast difference between hardware and software developers, which opens up pitfalls for those trying to coordinate the two teams. Arm and x86 researchers encountered it years ago -- and Linus Torvalds, the creator of Linux, fears RISC-V development may fall into the same chasm again. "Even when you do hardware design in a more open manner, hardware people are different enough from software people [that] there's a fairly big gulf between the Verilog and even the kernel, much less higher up the stack where you are working in what [is] so far away from the hardware that you really have no idea how the hardware works," he said (video here). "So, it's really hard to kind of work across this very wide gulf of things and I suspect the hardware designers, some of them have some overlap, but they will learn by doing mistakes -- all the same mistakes that have been done before." [...] "They'll have all the same issues we have on the Arm side and that x86 had before them," he says. "It will take a few generations for them to say, 'Oh, we didn't think about that,' because they have new people involved." But even if RISC-V development is still expected to make many mistakes, he also said it will be much easier to develop the hardware now. Linus says, "It took a few decades to really get to the point where Arm and x86 are competing on fairly equal ground because there was al this software that was fairly PC-centric and that has passed. That will make it easier for new architectures like RISC-V to then come in."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: SpaceX's workhorse Falcon 9 rocket was grounded by the U.S. Federal Aviation Administration (FAA) on Friday after one broke apart in space and doomed its payload of Starlink satellites, the first failure in more than seven years of a rocket relied upon by the global space industry. Roughly an hour after Falcon 9 lifted off from the Vandenberg Space Force Base in California on Thursday night, the rocket's second stage failed to reignite and deployed its 20 Starlink satellites on a shallow orbital path where they will soon reenter and burn up in Earth's atmosphere. The attempt to reignite the engine "resulted in an engine RUD for reasons currently unknown," SpaceX CEO Elon Musk wrote early on Friday on his social media platform X, using an industry acronym for Rapid Unscheduled Disassembly that usually means explosion. The Falcon 9 will be grounded until SpaceX investigates the cause of the failure, fixes the rocket and receives the agency's approval, the FAA said in a statement. That process could take several weeks or months, depending on the complexity of the failure and SpaceX's plan to fix it. Musk said SpaceX was updating the software of the Starlink satellites to force their on-board thrusters to fire harder than usual to avoid a fiery atmospheric re-entry. "Unlike a Star Trek episode, this will probably not work, but it's worth a shot," Musk said. The satellites' altitude is so shallow that Earth's gravity is pulling them 3 miles (5 km) closer toward the atmosphere with each orbit, SpaceX later said, confirming they would inevitably "re-enter Earth's atmosphere and fully demise." SpaceX said the second stage's failure occurred after engineers detected a leak of liquid oxygen, a propellant. The mishap occurred on Falcon 9's 354th mission. It was the first Falcon 9 failure since 2016, when a rocket exploded on a launch pad in Florida and destroyed its customer payload, an Israeli communications satellite. The failure "breaks a success streak of more than 300 straight missions," notes Reuters. "We knew this incredible run had to come to an end at some point," Tom Mueller, SpaceX's former vice president of propulsion who designed Falcon 9's engines. "... The team will fix the problem and start the cycle again."

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: A data breach at the phone surveillance operation mSpy has exposed millions of its customers who bought access to the phone spyware app over the past decade, as well as the Ukrainian company behind it. Unknown attackers stole millions of customer support tickets, including personal information, emails to support, and attachments, including personal documents, from mSpy in May 2024. While hacks of spyware purveyors are becoming increasingly common, they remain notable because of the highly sensitive personal information often included in the data, in this case about the customers who use the service. The hack encompassed customer service records dating back to 2014, which were stolen from the spyware maker's Zendesk-powered customer support system. mSpy is a phone surveillance app that promotes itself as a way to track children or monitor employees. Like most spyware, it is also widely used to monitor people without their consent. These kinds of apps are also known as "stalkerware" because people in romantic relationships often use them to surveil their partner without consent or permission. The mSpy app allows whoever planted the spyware, typically someone who previously had physical access to a victim's phone, to remotely view the phone's contents in real-time. As is common with phone spyware, mSpy's customer records include emails from people seeking help to surreptitiously track the phones of their partners, relatives, or children, according to TechCrunch's review of the data, which we independently obtained. Some of those emails and messages include requests for customer support from several senior-ranking U.S. military personnel, a serving U.S. federal appeals court judge, a U.S. government department's watchdog, and an Arkansas county sheriff's office seeking a free license to trial the app. Even after amassing several million customer service tickets, the leaked Zendesk data is thought to represent only the portion of mSpy's overall customer base who reached out for customer support. The number of mSpy customers is likely to be far higher. mSpy's owners, a Ukraine-based company called Brainstack, have yet to publicly disclose the breach. You can visit Have I Been Pwned to see if your email address was involved in a breach.

Read more of this story at Slashdot.

Aryan Kapoor, a high schooler from JRD Propulsion, successfully developed a model rocket with SpaceX-style vertical landing capabilities. The three-year effort was made possible by a thrust-vector control and clever landing gear design. Hackaday reports: He started in 2021 with none of the basic skills needed to pull off something like this, but it seems like he quickly learned the ropes. His development program was comprehensive, with static test vehicles, a low-altitude hopper, and extensive testing of the key technology: thrust-vector control. His rocket uses two solid-propellant motors stacked on top of each other, one for ascent and one for descent and landing. They both live in a 3D printed gimbal mount with two servos that give the stack plus and minus seven degrees of thrust vectoring in two dimensions, which is controlled by a custom flight computer with a barometric altimeter and an inertial measurement unit. The landing gear is also clever, using rubber bands to absorb landing forces and syringes as dampers. You can watch the first successful test flight and landing on YouTube.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: The amount of wind and solar power under construction in China is now nearly twice as much as the rest of the world combined, a report has found. Research published on Thursday by Global Energy Monitor (GEM), an NGO, found that China has 180 gigawatts (GW) of utility-scale solar power under construction and 15GW of wind power. That brings the total of wind and solar power under construction to 339GW, well ahead of the 40GW under construction in the US. The researchers only looked at solar farms with a capacity of 20MW or more, which feed directly into the grid. That means that the total volume of solar power in China could be much higher, as small scale solar farms account for about 40% of China's solar capacity. Between March 2023 and March 2024, China installed more solar than it had in the previous three years combined, and more than the rest of the world combined for 2023, the GEM analysts found. China is on track to reach 1,200GW of installed wind and solar capacity by the end of 2024, six years ahead of the government's target. "The unabated wave of construction guarantees that China will continue leading in wind and solar installation in the near future, far ahead of the rest of the world," the report said. Earlier analysis suggests that China will need to install between 1,600GW and 1,800GW of wind and solar energy by 2030 to meet its target of producing 25% of all energy from non-fossil sources. Between 2020 and 2023, only 30% of the growth in energy consumption was met by renewable sources, compared with the target of 50%.

Read more of this story at Slashdot.

Today, Amazon announced that it reached its 100% renewable energy goal seven years ahead of schedule. However, as Fast Company's Adele Peters reports, "a group of Amazon employees argues that the company's math is misleading." From the report: A report (PDF) from the group, Amazon Employees for Climate Justice, argues that only 22% of the company's data centers in the U.S. actually run on clean power. The employees looked at where each data center was located and the mix of power on the regional grids -- how much was coming from coal, gas, or oil versus solar or wind. Amazon, like many other companies, buys renewable energy credits (RECs) for a certain amount of clean power that's produced by a solar plant or wind farm. In theory, RECs are supposed to push new renewable energy to get built. In reality, that doesn't always happen. The employee research found that 68% of Amazon's RECs are unbundled, meaning that they didn't fund new renewable infrastructure, but gave credit for renewables that already existed or were already going to be built. As new data centers are built, they can mean that fossil-fuel-dependent grids end up building new fossil fuel power plants. "Dominion Energy, which is the utility in Virginia, is expanding because of demand, and Amazon is obviously one of their largest customers," says Eliza Pan, a representative from Amazon Employees for Climate Justice and a former Amazon employee. "Dominion's expansion is not renewable expansion. It's more fossil fuels." Amazon also doesn't buy credits that are specifically tied to the grids powering their data centers. The company might purchase RECs from Canada or Arizona, for example, to offset electricity used in Virginia. The credits also aren't tied to the time that the energy was used; data centers run all day and night, but most renewable energy is only available some of the time. The employee group argues that the company should follow the approach that Google takes. Google aims to use carbon-free energy, 24/7, on every grid where it operates.

Read more of this story at Slashdot.

Arm is launching its Arm Accuracy Super Resolution (ASR) upscaler that "can make games look better, while lowering power consumption on your phone," according to The Verge. "It's also making the upscaling technology available to developers under an MIT open-source license." From the reprot: Arm based its technology on AMD's FidelityFX Super Resolution 2 (FSR 2), which uses temporal upscaling to make PC games look better and boost frame rates. Unlike spatial upscaling, which upscales an image based on a single frame, temporal upscaling involves using multiple frames to generate a higher-quality image. You can see just how Arm ASR stacks up to AMD's FSR 2 and Qualcomm's GSR tech in [this chart] created by Arm. Arm claims ASR produced 53 percent higher frame rates than rendering at native resolution on a device with an Arm Immortalis-G720 GPU and 2800 x 1260 display, beating AMD FSR 2. It also tested ASR on a device using MediaTek's Dimensity 9300 chip and found that rendering at 540p and upscaling with ASR used much less power than running a game at native 1080p resolution.

Read more of this story at Slashdot.

Ancient Slashdot reader Alain Williams writes: Palestinians living abroad have accused Microsoft of closing their email accounts without warning -- cutting them off from crucial online services. They say it has left them unable to access bank accounts and job offers -- and stopped them using Skype, which Microsoft owns, to contact relatives in war-torn Gaza. Microsoft says they violated its terms of service -- a claim they dispute. He also said being cut off from Skype was a huge blow for his family. The internet is frequently disrupted or switched off there because of the Israeli military campaign - and standard international calls are very expensive. [...] With a paid Skype subscription, it is possible to call mobiles in Gaza cheaply -- and while the internet is down -- so it has become a lifeline to many Palestinians. Some of the people the BBC spoke to said they suspected they were wrongly thought to have ties to Hamas, which Israel is fighting, and is designated a terrorist organization by many countries. Microsoft did not respond directly when asked if suspected ties to Hamas were the reason for the accounts being shut. But a spokesperson said it did not block calls or ban users based on calling region or destination. "Blocking in Skype can occur in response to suspected fraudulent activity," they said, without elaborating.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica, written by Samuel Axon: In one of the most egregiously unethical uses of AI we've seen, a web advertising company has re-created some defunct, classic tech blogs like The Unofficial Apple Weblog (TUAW) and iLounge by mimicking the bylines of the websites' former writers and publishing AI-generated content under their names. The Verge reported on the fiasco in detail, including speaking to Christina Warren, a former writer for TUAW who now works at GitHub. Warren took to the social media platform Threads yesterday to point out that someone had re-launched TUAW at its original domain and populated it with fake content allegedly written by her and other past TUAW staff. Some of the content simply reworded articles that originally appeared on TUAW, while other articles tied real writers' names to new, AI-generated articles about current events. TUAW was shut down in 2015, but its intellectual property and domain name continued to be owned by Yahoo. A Hong Kong-based web advertising firm named Web Orange Limited claims to have purchased the domain and brand name but not the content. The domain name still carries some value in terms of Google ranking, so Web Orange Limited seems to have relaunched the site and then used AI summarization tools to reword the original content and publish it under the original authors' names. (It did the same with another classic Apple blog, iLounge.) The site also includes author bios, which are generic and may have been generated, and they are accompanied by author photos that don't look anything like the real writers. The Verge found that some of these same photos have appeared in other places, like web display ads for iPhone cases and dating websites. They may have been AI-generated, though the company has also been caught reusing photos of real people without permission in other contexts. At first, some of Web Orange Limited's websites named Haider Ali Khan, an Australian currently residing in Dubai, as the owner of the company. Khan's own website identified him as "an independent cyber security analyst" and "long-time advocate for web security" who also runs a web hosting company, and who "started investing in several technology reporting websites" and "manages and runs several news blogs such as the well-known Apple tech-news blog iLounge." However, mentions of his name were removed from the websites today, and the details on his personal website have apparently been taken offline. Warren emailed the company, threatening legal action. After she did that, the byline was changed to what we can only assume is a made-up name -- "Mary Brown." The same goes for many of the other author names on Web Orange Limited's websites. The company likely tried to use the original authors' names as part of an SEO play; Google tracks the names of authors and gives them authority rankings on specific topics as another layer on top of a website's own authority. That way, Google can try to respond to user queries with results written by people who have built strong reputations in the users' areas of interest. It also helps Google surface authors who are experts on a topic but who write for multiple websites, which is common among freelance writers. The websites are still operational, even though the most arguably egregious breach of ethics -- the false use of real people's names -- has been addressed in many cases.

Read more of this story at Slashdot.

snydeq shares a report from CSO Online, written by Lucian Constantin: A personal GitHub access token with administrative privileges to the official repositories for the Python programming language and the Python Package Index (PyPI) was exposed for over a year. The access token belonged to the Python Software Foundation's director of infrastructure and was accidentally included in a compiled binary file that was published as part of a container image on Docker Hub. [...] The incident shows that scrubbing access tokens from source code only, which some development tools do automatically, is not enough to prevent potential security breaches. Sensitive credentials can also be included in environment variables, configuration files and even binary artifacts as a result of automated build processes and developer mistakes. "Although we encounter many secrets that are leaked in the same manner, this case was exceptional because it is difficult to overestimate the potential consequences if it had fallen into the wrong hands -- one could supposedly inject malicious code into PyPI packages (imagine replacing all Python packages with malicious ones), and even to the Python language itself," researchers from security firm JFrog, who found and reported the token, wrote in a report.

Read more of this story at Slashdot.

The European Commission has approved Apple's commitments to open its "tap to pay" iPhone payment system to rivals, avoiding a potentially hefty fine. The Guardian reports: Regulators had accused Apple in 2022 of abusing its dominant position by limiting access to its mobile payment technology. Apple responded by proposing in January to allow third-party mobile wallet and payment service providers access to the contactless payment function in its iOS operating system. After Apple tweaked its proposals following testing and feedback, the commission said those "final commitments" would address its competition concerns. "Today's commitments end our Apple Pay investigation," Margrethe Vestager, the commission's executive vice-president for competition policy, told a press briefing in Brussels. "The commitments bring important changes to how Apple operates in Europe to the benefit of competitors and customers." Apple said in a prepared statement that it is "providing developers in the European Economic Area with an option to enable NFC [near-field communication] contactless payments and contactless transactions" for uses like car keys, corporate badges, hotel keys and concert tickets. [...] Apple must open up its payment system in the EU's 27 countries plus Iceland, Norway and Liechtenstein by July 25. "As of this date, developers will be able to offer a mobile wallet on the iPhone with the same 'tap-and-go' experience that so far has been reserved for Apple Pay," Vestager said. The changes will remain in force for a decade and will be monitored by a trustee. Breaches of EU competition law can draw fines worth up to 10% of a company's annual global revenue, which in Apple's case could have amounted to tens of billions of euros.

Read more of this story at Slashdot.