June, 2023: "Harvard Scholar Who Studies Honesty Is Accused of Fabricating Findings." November, 2024: "The Business-School Scandal That Just Keeps Getting Bigger." A senior editor at the Atlantic raises the possibility of systemic dishonesty-rewarding incentives where "a study must be even flashier than all the other flashy findings if its authors want to stand out," writing that "More than a year since all of this began, the evidence of fraud has only multiplied." And the suspect isn't just Francesca Gino, a Harvard Business School professor. One person deeply affected by all this is Gino's co-author, a business school professor from the University of California at Berkeley — Juliana Schroeder — who launched an audit of all 138 studies conducted by Francesca Gino (called "The Many Coauthors Project"): Gino was accused of faking numbers in four published papers. Just days into her digging, Schroeder uncovered another paper that appeared to be affected — and it was one that she herself had helped write... The other main contributor was Alison Wood Brooks, a young professor and colleague of Gino's at Harvard Business School.... If Brooks did conduct this work and oversee its data, then Schroeder's audit had produced a dire twist. The Many Co-Authors Project was meant to suss out Gino's suspect work, and quarantine it from the rest... But now, to all appearances, Schroeder had uncovered crooked data that apparently weren't linked to Gino.... Like so many other scientific scandals, the one Schroeder had identified quickly sank into a swamp of closed-door reviews and taciturn committees. Schroeder says that Harvard Business School declined to investigate her evidence of data-tampering, citing a policy of not responding to allegations made more than six years after the misconduct is said to have occurred... In the course of scouting out the edges of the cheating scandal in her field, Schroeder had uncovered yet another case of seeming science fraud. And this time, she'd blown the whistle on herself. That stunning revelation, unaccompanied by any posts on social media, had arrived in a muffled update to the Many Co-Authors Project website. Schroeder announced that she'd found "an issue" with one more paper that she'd produced with Gino... [Schroeder] said that the source of the error wasn't her. Her research assistants on the project may have caused the problem; Schroeder wonders if they got confused... What feels out of reach is not so much the truth of any set of allegations, but their consequences. Gino has been placed on administrative leave, but in many other instances of suspected fraud, nothing happens. Both Brooks and Schroeder appear to be untouched. "The problem is that journal editors and institutions can be more concerned with their own prestige and reputation than finding out the truth," Dennis Tourish, at the University of Sussex Business School, told me. "It can be easier to hope that this all just goes away and blows over and that somebody else will deal with it...." [Tourish also published a 2019 book decrying "Fraud, Deception and Meaningless Research," which the article notes "cites a study finding that more than a third of surveyed editors at management journals say they've encountered fabricated or falsified data."] Maybe the situation in her field would eventually improve, [Schroeder] said. "The optimistic point is, in the long arc of things, we'll self-correct, even if we have no incentive to retract or take responsibility." "Do you believe that?" I asked. "On my optimistic days, I believe it." "Is today an optimistic day?" "Not really."

Read more of this story at Slashdot.

Meta wants to force Apple and Google to verify the ages of people downloading apps from their app stores, reports the Washington Post — and now Meta's campaign "is picking up momentum" with legislators in the U.S. Congress. Federal and state lawmakers have recently proposed a raft of measures requiring that platforms such as Meta's Facebook and Instagram block users under a certain age from using their sites. The push has triggered fierce debate over the best way to ascertain how old users are online. Last year Meta threw its support behind legislation that would push those obligations onto app stores rather than individual app providers, like itself, as your regular host and Naomi Nix reported. While some states have considered the plan, it has not gained much traction in Washington. That could be shifting. Two congressional Republicans are preparing a new age verification bill that places the burden on app stores, according to two people familiar with the matter, who spoke on the condition of anonymity to discuss the plans... The bill would be the first of its kind on Capitol Hill, where lawmakers have called for expanding guardrails for children amid concerns about the risks of social media but where political divisions have bogged down talks. The measure would give parents the right to sue an app store if their child was exposed to certain content, such as lewd or sexual material, according to a copy obtained by the Tech Brief. App stores could be protected against legal claims, however, if they took steps to protect children against harms, such as verifying their ages and giving parents the ability to block app downloads. The article points out that U.S. lawmakers "have the power to set national standards that could override state efforts if they so choose..."

Read more of this story at Slashdot.

CNN reports that investigators "are trying to crack the mystery of how two undersea internet cables in the Baltic Sea were cut within hours of each other." But there's now two competing viewpoints, "with European officials saying they believe the disruption was an act of sabotage and U.S. officials suggesting it was likely an accident." The foreign ministers of Finland and Germany said in a joint statement that they were "deeply concerned" about the incident and raised the possibility that it was part of a "hybrid warfare," specifically mentioning Russia in their statement. Their assessment was not plucked out of thin air. Russia has been accused of waging a hybrid war against Europe after a string of suspicious incidents, arson attacks, explosions and other acts of sabotage across multiple European countries were traced back to Moscow. And the disruption to the cables came just weeks after the US warned that Moscow was likely to target critical undersea infrastructure. This followed months of suspicious movements of Russian vessels in European waters and the significant beefing up of a dedicated Russian secretive marine unit tasked with surveying the seabed... But two US officials familiar with the initial assessment of the incident told CNN on Tuesday the damage was not believed to be deliberate activity by Russia or any other nation. Instead, the two officials told CNN they believed it likely caused by an anchor drag from a passing vessel. Such accidents have happened in the past, although not in a quick succession like the two on Sunday and Monday. Cloudflare's blog also reminds readers that the two cable cuts resulted in little-to-no observable impact Cloudflare attributes this largely to "the significant redundancy and resilience of Internet infrastructure in Europe." (Their Cloudflare Radar graphs show that after the Sweden-Lithuania cable cut "there was no apparent impact to traffic volumes in either country at the time that the cables were damaged.") Telegeography's submarinecablemap.com illustrates, at least in part, the resilience in connectivity enjoyed by these two countries. In addition to the damaged cable, it shows that Lithuania is connected to neighboring Latvia as well as to the Swedish mainland. Over 20 submarine cables land in Sweden, connecting it to multiple countries across Europe. In addition to the submarine resilience, network providers in both countries can take advantage of terrestrial fiber connections to neighboring countries, such as those illustrated in a European network map from Arelion (formerly Telia), which is only one of the large European backbone providers. Less than a day later, the C-Lion1 submarine cable, which connects Helsinki, Finland and Rostock Germany was reportedly damaged during the early morning hours of Monday, November 18... In this situation as well, as the Cloudflare Radar graphs below show, there was no apparent impact to traffic volumes in either country at the time that the cables were damaged... Telegeography's submarinecablemap.com shows that both Finland and Germany also have significant redundancy and resilience from a submarine cable perspective, with over 10 cables landing in Finland, and nearly 10 landing in Germany, including Atlantic Crossing-1 (AC-1), which connects to the United States over two distinct paths. Terrestrial fiber maps from Arelion and eunetworks (as just two examples) show multiple redundant fiber routes within both countries, as well as cross-border routes to other neighboring countries, enabling more resilient Internet connectivity. See also Does the Internet Route Around Damage?

Read more of this story at Slashdot.

Slashdot reader jjslash shared this report from TechSpot: The SilverStone FLP01 made quite the impression when it was shared on X for April Fools' Day 2023. Loosely modeled after popular desktops from yesteryear like the NEC PC-9800 series, the chassis features dual 5.25-inch faux floppy bays that could stand to look a bit more realistic. Notably, the covers flip open to reveal access to a more modern (yet still legacy) optical drive and front I/O ports. Modern-looking fan grills can be found on either side of the desktop, serving as yet another hint that the chassis is not as old at it appears on first glance. The grills look to be removable, and probably hold washable dust filters. Like early desktops, the system doubles as a stand for your monitor. The use of a green power LED up front helps round out the retro look; a red LED is used as a storage activity indicator.

Read more of this story at Slashdot.

Instead of focusing on chatbots, a new study reveals an automated way to breach LLM-driven robots "with 100 percent success," according to IEEE Spectrum. "By circumventing safety guardrails, researchers could manipulate self-driving systems into colliding with pedestrians and robot dogs into hunting for harmful places to detonate bombs..." [The researchers] have developed RoboPAIR, an algorithm designed to attack any LLM-controlled robot. In experiments with three different robotic systems — the Go2; the wheeled ChatGPT-powered Clearpath Robotics Jackal; and Nvidia's open-source Dolphins LLM self-driving vehicle simulator. They found that RoboPAIR needed just days to achieve a 100 percent jailbreak rate against all three systems... RoboPAIR uses an attacker LLM to feed prompts to a target LLM. The attacker examines the responses from its target and adjusts its prompts until these commands can bypass the target's safety filters. RoboPAIR was equipped with the target robot's application programming interface (API) so that the attacker could format its prompts in a way that its target could execute as code. The scientists also added a "judge" LLM to RoboPAIR to ensure the attacker was generating prompts the target could actually perform given physical limitations, such as specific obstacles in the environment... One finding the scientists found concerning was how jailbroken LLMs often went beyond complying with malicious prompts by actively offering suggestions. For example, when asked to locate weapons, a jailbroken robot described how common objects like desks and chairs could be used to bludgeon people. The researchers stressed that prior to the public release of their work, they shared their findings with the manufacturers of the robots they studied, as well as leading AI companies. They also noted they are not suggesting that researchers stop using LLMs for robotics... "Strong defenses for malicious use-cases can only be designed after first identifying the strongest possible attacks," Robey says. He hopes their work "will lead to robust defenses for robots against jailbreaking attacks." The article includes a reaction from Hakki Sevil, associate professor of intelligent systems and robotics at the University of West Florida. He concludes that the "lack of understanding of context of consequences" among even advanced LLMs "leads to the importance of human oversight in sensitive environments, especially in environments where safety is crucial." But a long-term solution could be LLMs with "situational awareness" that understand broader intent. "Although developing context-aware LLM is challenging, it can be done by extensive, interdisciplinary future research combining AI, ethics, and behavioral modeling..." Thanks to long-time Slashdot reader DesertNomad for sharing the article.

Read more of this story at Slashdot.

"You can use any Linux distribution inside of the Windows Subsystem for Linux" Microsoft recently reminded Windows users, "even if it is not available in the Microsoft Store, by importing it with a tar file." But being an official distro "makes it easier for Windows Subsystem for Linux users to install and discover it with actions like wsl --list --online and wsl --install," Microsoft pointed out this week. And "We're excited to announce that Red Hat will soon be delivering a Red Hat Enterprise Linux WSL distro image in the coming months..." Thank you to the Red Hat team as their feedback has been invaluable as we built out this new architecture, and we're looking forwards to the release...! Ron Pacheco, senior director, Red Hat Enterprise Linux Ecosystem, Red Hat says: "Developers have their preferred platforms for developing applications for multiple operating systems, and WSL is an important platform for many of them. Red Hat is committed to driving greater choice and flexibility for developers, which is why we're working closely with the Microsoft team to bring Red Hat Enterprise Linux, the largest commercially available open source Linux distribution, to all WSL users." Read Pacheco's own blog post here. But in addition Microsoft is also releasing "a new way to make WSL distros," they announced this week, "with a new architecture that backs how WSL distros are packaged and installed." Up until now, you could make a WSL distro by either creating an appx package and distributing it via the Microsoft Store, or by importing a .tar file with wsl -import. We wanted to improve this by making it possible to create a WSL distro without needing to write Windows code, and for users to more easily install their distros from a file or network share which is common in enterprise scenarios... With the tar based architecture, you can start with the same .tar file (which can be an exported Linux container!) and just edit it to add details to make it a WSL distro... These options will describe key distro attributes, like the name of the distro, its icon in Windows, and its out of box experience (OOBE) which is what happens when you run WSL for the first time. You'll notice that the oobe_command option points to a file which is a Linux executable, meaning you can set up your full experience just in Linux if you wish.

Read more of this story at Slashdot.

"The past 15 years were unique in ways that might be a bad predictor of our future," writes the Washington Post, with a surge in the number of internet users since 2010, and everyone spending more time online. But today, "lots of smart people believe that artificial intelligence will upend how you find information. Googling is so yesterday." Sam Altman, the top executive overseeing ChatGPT, has said that AI has a good shot at shoving aside Google search. Bill Gates predicted that emerging AI will do tasks like researching your ideal running shoes and automatically placing an order so you'll "never go to a search site again." In defending itself from a judge's decision that it runs an illegal monopoly, Google says the company might be roadkill as AI and other new technologies change how you find information. (On Wednesday, the U.S. government asked the judge to overhaul Google to undo its monopoly.) But predictions of Google's looming obsolescence have been wrong before, which calls for humility in fortune-telling our collective technology habits. We're devilishly unpredictable.... Maybe it's right to extrapolate from how people are starting to use AI today. Or maybe that's the mistake that Jobs made when he said no one was searching on iPhones. It wasn't wrong in 2010, but it was within a few years. Or what if AI upends how billions of us find information and we still keep on Googling? "The notion that we can predict how these new technologies are going to evolve is silly," said David B. Yoffie, a Harvard Business School professor who has spent decades studying the technology industry. Amit Mehta, the judge overseeing the Google monopoly case, formed his own view on AI moving us away from searching Google. "AI may someday fundamentally alter search, but not anytime soon," he said.

Read more of this story at Slashdot.

An anonymous reader shared this report from CNET: Meta says it's taken down more than 2 million accounts this year linked to overseas criminal gangs behind scam operations that human rights activists say forced hundreds of thousands of people to work as scammers and cost victims worldwide billions of dollars. In a Thursday blog post, the parent of Facebook, Instagram and WhatsApp says the pig butchering scam operations — based in Myanmar, Laos, Cambodia, the United Arab Emirates and the Philippines — use platforms like Facebook and Instagram; dating, messaging, crypto and other kinds of apps; and texts and emails, to globally target people... [T]he scammers strike up an online relationship with their victims and gain their trust. Then they move their conversations to crypto apps or scam websites and dupe victims into making bogus investments or otherwise handing over their money, Meta said. They'll ask the victims to deposit money, often in the form of cryptocurrency, into accounts, sometimes even letting the victims make small withdrawals, in order to add a veneer of legitimacy. But once the victim starts asking for their investment back, or it becomes clear they don't have any more money to deposit, the scammer disappears and takes the money with them. And the people doing the scamming are often victims themselves. During the COVID-19 pandemic, criminal gangs began building scam centers in Southeast Asia, luring in often unsuspecting job seekers with what looked like amazing postings on local job boards and other platforms, then forcing them to work as scammers, often under the threat of physical harm. The scope of what's become a global problem is staggering. In a report issued in May, the US Institute of Peace estimates that at least 300,000 people are being forced to work, or are otherwise suffering human rights violations, inside these scam centers. The report also estimates global financial losses stemming from the scams at $64 billion in 2023, with the number of financial victims in the millions. Meta says it has focused on investigating and disrupting the scam operations for more than two years, working with nongovernmental organizations and other tech companies, like OpenAI, Coinbase and dating-app operator Match Group, along with law enforcement in both the US and the countries where the centers are located. Meta titled its blog post "Cracking Down On Organized Crime Behind Scam Centers," writing "We hope that sharing our insights will help inform our industry's defenses so we can collectively help protect people from criminal scammers."

Read more of this story at Slashdot.

Longtime Slashdot reader theodp writes: Past corporate-sponsored Hour of Code tutorials for the nation's schoolchildren have blurred the lines between coding lessons and product infomercials. So too is the case again with this year's newly-announced Hour of Code 2024 flagship tutorials, which include Microsoft Minecraft, Amazon Music, and Transformers One movie-themed intros to coding. The press release announcing the tutorials from tech-backed nonprofit Code.org, which organizes the Hour of Code and counts Microsoft and Amazon as $30+ million donors, boasts of its "decade of partnership with [Microsoft] Minecraft this year, reaching more than 300 million sessions of Minecraft Hour of Code since 2015!" Interestingly, The Transformers (Paramount Pictures, which released Transformers One in the U.S., is a $25,000+ Code.org donor) is cited as one of the OG's of children's Saturday morning cartoon advertising (aka 30-minute commercials) that prompted the Children's Television Act (CTA) of 1990, an act of Congress that ordered the FCC to put in place regulations to protect children from advertising. Throughout the 1980s, Action for Children's Television (ACT) criticized children's television programs that "blur(red) the distinction between program content and commercial speech."

Read more of this story at Slashdot.

Neuralink, the brain chip startup founded by Elon Musk, says it has received approval to launch its first clinical trial in Canada for a device designed to give paralysed individuals the ability to use digital devices simply by thinking. Reuters reports: [T]he Canadian study aims to assess the safety and initial functionality of its implant which enables people with quadriplegia, or paralysis of all four limbs, to control external devices with their thoughts. Canada's University Health Network hospital said in a separate statement that its Toronto facility had been selected to perform the complex neurosurgical procedure. Neuralink has successfully implanted the device in two patients in the United States. One of the patients has been using it to play video games and learn how to design 3D objects.

Read more of this story at Slashdot.

A team of undergraduate students from the University of Southern California's Rocket Propulsion Lab set multiple amateur spaceflight records with their rocket, Aftershock II. "The student-made missile soared 90,000 feet (27,400 meters) beyond the previous record-holder -- a rocket launched more than 20 years ago," reports Live Science. From the report: The students launched Aftershock II on Oct. 20 from a site in Black Rock Desert, Nevada. The rocket stood about 14 feet (4 meters) tall and weighed 330 pounds (150 kilograms). The rocket broke the sound barrier just two seconds after liftoff and reached its maximum speed roughly 19 seconds after launch, the RPL team wrote in a Nov. 14 paper summarizing the launch. The rocket's engine then burned out, but the craft continued to climb as atmospheric resistance decreased, enabling it to leave Earth's atmosphere 85 seconds after launch and then reach its highest elevation, or apogee, 92 seconds later. At this point, the nose cone separated from the rest of the rocket and deployed a parachute so it could safely reenter the atmosphere and touch down in the desert, where it was collected by the RPL team for analysis. The rocket's apogee was around 470,000 feet (143,300 m) above Earth's surface, which is "further into space than any non-governmental and non-commercial group has ever flown before," USC representatives wrote in a statement. The previous record of 380,000 feet (115,800 m) was set in 2004 by the GoFast rocket made by the Civilian Space Exploration Team. During the flight, Aftershock II reached a maximum speed of around 3,600 mph (5,800 km/h), or Mach 5.5 -- five and a half times the speed of sound. This was slightly faster than GoFast, which had also held the amateur speed record for 20 years. But elevation and speed were not the only records Aftershock II broke. "This achievement represents several engineering firsts," Ryan Kraemer, an undergraduate mechanical engineering student at USC and executive engineer of the RPL team who will soon join SpaceX's Starship team, said in the statement. "Aftershock II is distinguished by the most powerful solid-propellant motor ever fired by students and the most powerful composite case motor made by amateurs."

Read more of this story at Slashdot.

An anonymous reader quotes a report from VICE: It's early on a Sunday morning in late 1994, and you're shuffling your way through Fitzrovia in Central London, bloodstream still rushing after a long night at Bagley's. The sun comes up as you come down. You navigate side streets that you know like the back of your hand. But your hand's stamped with a party logo. And your brain's kaput. Coffee... yes, coffee. Good idea. Suddenly, you find yourself outside a teal blue cafe. Walking in is like entering an alien world; rows of club kids, tech heads, and game developers sit in front of desktops, lost in the primitive version of some new reality. Tentacular cables hang from the ceiling. Ambient techno reverberates from wall to wall. Cigarette smoke fills the air. Welcome to Cyberia, the world's first internet cafe. Which, if you're too young to remember, are basically cafes with computers in them. It all began when Eva Pascoe, a Polish computing student living in London, crossed paths with Tim Berners Lee and other early internet mavericks at the dawn of the 90s. "I was very interested in cyberfeminism and wanted to figure out how women could reclaim tech," she recalls. The internet was still in its infancy. Diabolically slow dial-up modems only emerged around 1992; the World Wide Web was a pipe dream until 1993 and hardly anyone had the internet at home. But there wasn't just a lack of javascript; Eva remembers there being no good java, either. "There were no coffee shops in London," she says, which today seems ludicrous. "Just greasy spoons and everyone drank tea. I wanted a European-style cafe." Linking up with like-minded pioneers David Rowe and husband and wife Keith and Gene Teare, Eva found a spot on the corner of Whitfield Street and launched Cyberia there in 1994. With Hackers-style aesthetics and futuristic furniture, it was based around a U-shaped layout that meant visitors could see each other's screens. "I wanted women to feel safe, because a lot of the stuff on the net was dodgy," she explains. Many of Eva's mates chipped in to help out -- architects, interior designers, graphic artists, publishers, and ravers among them. And then there was the Amish community in Pennsylvania. Eva had to fly out there to negotiate for the "Cyberia.com" domain name they had bought. "It was a proper barn with horse carts and a wall of modems as they were running a bulletin board and an early ecommerce company. Apparently, there was always one family nominated to be the tech support," she remembers. Back in London, Cyberia quickly became a hotspot. "Virtually the second we opened, we had three lines deep around the block," she says. It's hard to imagine, but nowhere else in the world was doing what they were doing. It was the world's first cybercafe. "If you wanted to collect your emails, we were the only place in town," Eva says. Cyberia opened around 20 cafes worldwide, including branches in Bangkok, Paris, and Rotterdam. "For a fleeting moment it became like a sexier version of Richard Branson's Virgin empire: there was Cyberia Records, Cyberia Channel (a pioneering streaming service), Cyberia Payments, the Cyberia magazine, a Cyberia show on UK TV -- even a Cyberia wedding," writes VICE's Kyle MacNeill. He attended Cyberia's 30th birthday party in September and spoke with some of the cafe's original innovators, "shooting the shit about the good times and the not-so-good coffee."

Read more of this story at Slashdot.

Longtime Slashdot reader mspohr shares a report from Gizmodo: Hackers for the Chinese government were able to deeply penetrate U.S. telecommunications infrastructure in ways that President Joe Biden's administration hasn't yet acknowledged, according to new reports from the Washington Post and New York Times. The hackers were able to listen to phone calls and read text messages, reportedly exploiting the system U.S. authorities use to wiretap Americans in criminal cases. The worst part? The networks are still compromised and it may take incredibly drastic measures to boot them from U.S. systems. The hackers behind the infiltration of U.S. telecom infrastructure are known to Western intelligence agencies as Salt Typhoon, and this particular breach of U.S. equipment was first reported in early October by the Wall Street Journal. But Sen. Mark Warner, a Democrat from Virginia, spoke with the Washington Post and New York Times this week to warn the public that this is so much worse than we initially thought, dubbing it "the worst telecom hack in our nation's history." And those articles based on Warner's warnings were published late Thursday. Hackers weren't able to monitor or intercept anything encrypted, according to the Times, which means that conversations over apps like Signal and Apple's iMessage were probably protected. But end-to-end encryption over texts between Apple devices and Android devices, for instance, aren't encrypted in the same way, meaning they were vulnerable to interception by Salt Typhoon, according to the Times. The details about how the hackers were able to push so deeply into U.S. systems are still scarce, but it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.

Read more of this story at Slashdot.

Longtime Slashdot reader Geoffrey.landis writes: Economist Phillip Kobernick makes the case that the emphasis on fast-charging stations for electric vehicles in the U.S. is misplaced. According to an article from CleanTechnica, he argues that, from an economic standpoint, what we should be doing is installing more slow chargers. All thing equal, who wouldn't choose a 10-minute charge over a 3-hour charge or a 10-hour charge? But all things are not equal. Superfast chargers are far more expensive than Level 2 chargers, and Level 2 chargers are also significantly more expensive than Level 1 charging infrastructure, which consists of normal electricity outlets. He points out that we get 4-7 times more charging capability installed for the same cost by going with Level 1 charging instead of Level 2. And given that people often just plug in their electric vehicles overnight, Level 1 charging can more than adequately provide what is needed in that time. The case is examined in a podcast on the site.

Read more of this story at Slashdot.

"Steven Adair, of cybersecurity firm Veloxity, revealed at the Cyberwarcon security conference how Russian hackers were able to daisy-chain as many as three separate Wi-Fi networks in their efforts to attack victims," writes Longtime Slashdot reader smooth wombat. Wired reports: Adair says that Volexity first began investigating the breach of its DC customer's network in the first months of 2022, when the company saw signs of repeated intrusions into the customer's systems by hackers who had carefully covered their tracks. Volexity's analysts eventually traced the compromise to a hijacked user's account connecting to a Wi-Fi access point in a far end of the building, in a conference room with external-facing windows. Adair says he personally scoured the area looking for the source of that connection. "I went there to physically run down what it could be. We looked at smart TVs, looked for devices in closets. Is someone in the parking lot? Is it a printer?" he says. "We came up dry." Only after the next intrusion, when Volexity managed to get more complete logs of the hackers' traffic, did its analysts solve the mystery: The company found that the hijacked machine which the hackers were using to dig around in its customer's systems was leaking the name of the domain on which it was hosted -- in fact, the name of another organization just across the road. "At that point, it was 100 percent clear where it was coming from," Adair says. "It's not a car in the street. It's the building next door." With the cooperation of that neighbor, Volexity investigated that second organization's network and found that a certain laptop was the source of the street-jumping Wi-Fi intrusion. The hackers had penetrated that device, which was plugged into a dock connected to the local network via Ethernet, and then switched on its Wi-Fi, allowing it to act as a radio-based relay into the target network. Volexity found that, to break into that target's Wi-Fi, the hackers had used credentials they'd somehow obtained online but had apparently been unable to exploit elsewhere, likely due to two-factor authentication. Volexity eventually tracked the hackers on that second network to two possible points of intrusion. The hackers appeared to have compromised a VPN appliance owned by the other organization. But they had also broken into the organization's Wi-Fi from another network's devices in the same building, suggesting that the hackers may have daisy-chained as many as three networks via Wi-Fi to reach their final target. "Who knows how many devices or networks they compromised and were doing this on," says Adair. Volexity had presumed early on in its investigation that the hackers were Russian in origin due to their targeting of individual staffers at the customer organization focused on Ukraine. Then in April, fully two years after the original intrusion, Microsoft warned of a vulnerability in Windows' print spooler that had been used by Russia's APT28 hacker group -- Microsoft refers to the group as Forest Blizzard -- to gain administrative privileges on target machines. Remnants left behind on the very first computer Volexity had analyzed in the Wi-Fi-based breach of its customer exactly matched that technique. "It was an exact one-to-one match," Adair says.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Google has sued one of its former engineers in Texas federal court, accusing him of stealing trade secrets related to its chip designs and sharing them publicly on the internet. The lawsuit, filed on Tuesday (PDF), said that Harshit Roy "touted his dominion" over the secrets in social media posts, tagging competitors and making threatening statements to the company including "I need to take unethical means to get what I am entitled to" and "remember that empires fall and so will you." Google hired Roy in 2020 to develop computer chips used in Google Pixel devices like smartphones. Google said in the lawsuit that Roy resigned in February and moved from Bangalore, India to the United States in August to attend a doctorate program at the University of Texas at Austin. According to the complaint, Roy began posting confidential Google information to his X account later that month along with "subversive text" directed at the company, such as "don't expect me to adhere to any confidentiality agreement." The posts included photographs of internal Google documents with specifications for Pixel processing chips. The lawsuit said that Roy ignored Google's takedown requests and has posted additional trade secrets to X and LinkedIn since October. Google alleged that Roy tagged competitors Apple and Qualcomm in some of the posts, "presumably to maximize the potential harm of his disclosure." Google's complaint also said that several news outlets have published stories with confidential details about Google's devices based on the information that Roy leaked. Google asked the court for an unspecified amount of monetary damages and court orders blocking Roy from using or sharing its secrets.

Read more of this story at Slashdot.

The latest Steam client drops support for operating systems older than Windows 10 or macOS 10.15 Catalina. "That means Mac users can't run 32-bit games anymore, as all macOS versions from Catalina onward only run 64-bit binaries," reports The Register. From the report: [I]f you have a well-specified older Mac, here is another reason to check out Open Core Legacy Patcher. For now, macOS 10.15 Catalina will do but we suspect it won't for long. This version of Steam uses the equivalent to Chrome 126: "Updated embedded Chromium build in Steam to 126.0.6478.183." However, versions since Chrome 128 require macOS 11 or newer. For now, Catalina will work -- but the next significant Steam update will update Chromium as well, and there's a high probability that that will drop support for 10.15. So, if you're using OCLP to install a newer macOS, you should probably go directly to Big Sur. In The Reg FOSS desk's testing, we found that Big Sur ran reasonably well on a machine with Intel HD 520 graphics, although the same hardware ran very poorly with macOS 12 Monterey. Unfortunately, the inevitable end is in sight for older Macs. That said, the November 2024 Steam client update brings several "wins," including a built-in Game Recording feature, an upgraded Chromium browser engine, and the new "Scout" Linux runtime environment for improved compatibility and performance, especially on the Steam Deck and Linux distros. Additionally, it delivers bug fixes and enhancements for modern OS users.

Read more of this story at Slashdot.

Baidu's new Apollo Go robotaxi brings significant advances in affordability and scalability that should make U.S. competitors like Waymo a bit nervous, according to The Verge's Andrew J. Hawkins. From the report: The RT6 is the sixth generation of Apollo Go's driverless vehicle, which made its official debut in May 2024. It's a purpose-built, Level 4 autonomous vehicle, meaning it's built without the need for a human driver. And here's the thing that should make US competitors nervous: adopting a battery-swapping solution, the price for one individual RT6 is "under $30,000," Baidu CEO Robin Li said in an earnings call. "All the strengths just mentioned above are driving us forward, paving the way to validate our business model," Li added. [...] We still don't know the net effect of Baidu's cost improvements. But bringing down the upfront cost of each individual vehicle to below $30,000 will go a long way toward improving the company's unit economics, in which each vehicle brings in more money than it costs. There are still a lot of outstanding costs to consider, such as hardware depreciation and fleet maintenance, but from what Baidu is signaling, things are on the right track. From the looks of it, the company is passing those savings along to its customers. Base fares start as low as 4 yuan (around 55 cents), compared with 18 yuan (around $2.48) for a taxi driven by a human, according to state media outlet Global Times. Apollo Go said it has provided 988,000 rides across all of China in Q3 2024 -- a year-over-year growth of 20 percent. And cumulative public rides reached 8 million in October.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: DirecTV is pulling out of an agreement to buy its satellite rival Dish after bondholders objected to terms of the deal. DirecTV issued an announcement last night saying "it has notified EchoStar of its election to terminate, effective as of 11:59 p.m., ET on Friday, November 22nd, 2024, the Equity Purchase Agreement (EPA) pursuant to which it had agreed to acquire EchoStar's video distribution business, Dish DBS." In the deal announced on September 30, DirecTV was going to buy the Dish satellite TV and Sling TV streaming business from EchoStar for a nominal fee of $1. DirecTV would have taken on $9.75 billion of Dish debt if the transaction moved ahead. The deal did not include the Dish Network cellular business. Dish bondholders quickly objected to terms requiring them to take a loss on the value of their debt. DirecTV had said Dish notes would be exchanged with "a reduced principal amount of DirecTV debt which will have terms and collateral that mirror DirecTV's existing secured debt." The principal amount would have been reduced by at least $1.568 billion. DirecTV last night said it is now exercising its right to terminate the acquisition because noteholders did not accept the exchange offer. "The termination of the Agreement follows Dish DBS noteholders' failure to agree to the proposed Exchange Debt Offer Terms issued by EchoStar, which was a condition of DirecTV's obligations to acquire Dish under the EPA," the press release said. DirecTV CEO Bill Morrow indicated his company wasn't willing to change the deal to satisfy Dish bondholders. "We have terminated the transaction because the proposed Exchange Terms were necessary to protect DirecTV's balance sheet and our operational flexibility," Morrow said.

Read more of this story at Slashdot.

Weeks after federal regulators announced a "click-to-cancel" rule for subscription businesses, a New York judge has ruled that SiriusXM made it too difficult for customers to end their service. Deadline: New York State Supreme Court Justice Lyle Frank's ruling, issued Thursday, upheld elements of a lawsuit filed against the satellite audio firm in 2023 by New York Attorney General Letitia James. In a post on X after Frank's ruling, she wrote that the company "illegally forced people to go through a long and burdensome process to simply cancel their subscriptions. We sued SiriusXM to protect people's wallets, and now, SiriusXM must simplify its cancellation process and stop taking advantage of New Yorkers."

Read more of this story at Slashdot.