An anonymous reader shared this report from the Associated Press: An investigation into a ransomware attack earlier this month on London hospitals by the Russian group Qilin could take weeks to complete, the country's state-run National Health Service said Friday, as concerns grow over a reported data dump of patient records. Hundreds of operations and appointments are still being canceled more than two weeks after the June 3 attack on NHS provider Synnovis, which provides pathology services primarily in southeast London... NHS England said Friday that it has been "made aware" that data connected to the attack have been published online. According to the BBC, Qilin shared almost 400GB of data, including patient names, dates of birth and descriptions of blood tests, on their darknet site and Telegram channel... According to Saturday's edition of the Guardian newspaper, records covering 300 million patient interactions, including the results of blood tests for HIV and cancer, were stolen during the attack. A website and helpline has been set up for patients affected.

Read more of this story at Slashdot.

In 2022, Red Hat announced plans to extend RHEL to the automotive industry through Red Hat In-Vehicle Operating System (providing automakers with an open and functionally-safe platform). And this week Red Hat announced it achieved ISO 26262 ASIL-B certification from exida for the Linux math library (libm.so glibc) — a fundamental component of that Red Hat In-Vehicle Operating System. From Red Hat's announcement: This milestone underscores Red Hat's pioneering role in obtaining continuous and comprehensive Safety Element out of Context certification for Linux in automotive... This certification demonstrates that the engineering of the math library components individually and as a whole meet or exceed stringent functional safety standards, ensuring substantial reliability and performance for the automotive industry. The certification of the math library is a significant milestone that strengthens the confidence in Linux as a viable platform of choice for safety related automotive applications of the future... By working with the broader open source community, Red Hat can make use of the rigorous testing and analysis performed by Linux maintainers, collaborating across upstream communities to deliver open standards-based solutions. This approach enhances long-term maintainability and limits vendor lock-in, providing greater transparency and performance. Red Hat In-Vehicle Operating System is poised to offer a safety certified Linux-based operating system capable of concurrently supporting multiple safety and non-safety related applications in a single instance. These applications include advanced driver-assistance systems (ADAS), digital cockpit, infotainment, body control, telematics, artificial intelligence (AI) models and more. Red Hat is also working with key industry leaders to deliver pre-tested, pre-integrated software solutions, accelerating the route to market for SDV concepts. "Red Hat is fully committed to attaining continuous and comprehensive safety certification of Linux natively for automotive applications," according to the announcement, "and has the industry's largest pool of Linux maintainers and contributors committed to this initiative..." Or, as Network World puts it, "The phrase 'open source for the open road' is now being used to describe the inevitable fit between the character of Linux and the need for highly customizable code in all sorts of automotive equipment."

Read more of this story at Slashdot.

The Linux Foundation's "Open Source Security Foundation" (or OpenSSF) is a cross-industry forum to "secure the development, maintenance, and consumption of the open source software". And now the OpenSSF has launched a new mailing list "which aims to monitor the threat landscape of open-source project vulnerabilities," reports I Programmer, "in order to provide real time alerts to anyone subscribed." The Record explains its origins: OpenSSF General Manager Omkhar Arasaratnam said that at a recent open source event, members of the community ran a tabletop exercise where they simulated a security incident involving the discovery of a zero-day vulnerability. They worked their way through the open source ecosystem — from cloud providers to maintainers to end users — clearly defining how the discovery of a vulnerability would be dealt with from top to bottom. But one of the places where they found a gap is in the dissemination of information widely. "What we lack within the open source community is a place in which we can convene to distribute indicators of compromise (IOCs) and threats, tactics and procedures (TTPs) in a way that will allow the community to identify threats when our packages are under attack," Arasaratnam said... "[W]e're going to be standing up a mailing list for which we can share this information throughout the community and there can be discussion of things that are being seen. And that's one of the ways that we're responding to this gap that we saw...." The Siren mailing list will encourage public discussions on security flaws, concepts, and practices in the open source community with individuals who are not typically engaged in traditional upstream communication channels... Members of the Siren email list will get real-time updates about emerging threats that may be relevant to their projects... OpenSSF has created a signup page for those interested and urged others to share the email list to other open source community members... OpenSSF ecyosystem strategist Christopher Robinson (also security communications director for Intel) told the site he expects government agencies and security researchers to be involved in the effort. And he issued this joint statement with OpenSSF ecosystem strategist Bennett Pursell: By leveraging the collective knowledge and expertise of the open source community and other security experts, the OpenSSF Siren empowers projects of all sizes to bolster their cybersecurity defenses and increase their overall awareness of malicious activities. Whether you're a developer, maintainer, or security enthusiast, your participation is vital in safeguarding the integrity of open source software. In less than a month, the mailing list has already grown to over 800 members...

Read more of this story at Slashdot.

An anonymous reader shared this report from Computer Weekly: Microsoft has admitted to Scottish policing bodies that it cannot guarantee the sovereignty of UK policing data hosted on its hyperscale public cloud infrastructure, despite its systems being deployed throughout the criminal justice sector. According to correspondence released by the Scottish Police Authority (SPA) under freedom of information (FOI) rules, Microsoft is unable to guarantee that data uploaded to a key Police Scotland IT system — the Digital Evidence Sharing Capability (DESC) — will remain in the UK as required by law. While the correspondence has not been released in full, the disclosure reveals that data hosted in Microsoft's hyperscale public cloud infrastructure is regularly transferred and processed overseas; that the data processing agreement in place for the DESC did not cover UK-specific data protection requirements; and that while the company has the ability to make technical changes to ensure data protection compliance, it is only making these changes for DESC partners and not other policing bodies because "no one else had asked". The correspondence also contains acknowledgements from Microsoft that international data transfers are inherent to its public cloud architecture. As a result, the issues identified with the Scottish Police will equally apply to all UK government users, many of whom face similar regulatory limitations on the offshoring of data. The recipient of the FOI disclosures, Owen Sayers — an independent security consultant and enterprise architect with over 20 years' experience in delivering national policing systems — concluded it is now clear that UK policing data has been travelling overseas and "the statements from Microsoft make clear that they 100% cannot comply with UK data protection law".

Read more of this story at Slashdot.

The artificial intelligence revolution will demand more electricity, warns the Washington Post. "Much more..." They warn that the "voracious" electricity consumption of AI is driving an expansion of fossil fuel use in America — "including delaying the retirement of some coal-fired plants." As the tech giants compete in a global AI arms race, a frenzy of data center construction is sweeping the country. Some computing campuses require as much energy as a modest-sized city, turning tech firms that promised to lead the way into a clean energy future into some of the world's most insatiable guzzlers of power. Their projected energy needs are so huge, some worry whether there will be enough electricity to meet them from any source... A ChatGPT-powered search, according to the International Energy Agency, consumes almost 10 times the amount of electricity as a search on Google. One large data center complex in Iowa owned by Meta burns the annual equivalent amount of power as 7 million laptops running eight hours every day, based on data shared publicly by the company... [Tech companies] argue advancing AI now could prove more beneficial to the environment than curbing electricity consumption. They say AI is already being harnessed to make the power grid smarter, speed up innovation of new nuclear technologies and track emissions.... "If we work together, we can unlock AI's game-changing abilities to help create the net zero, climate resilient and nature positive works that we so urgently need," Microsoft said in a statement. The tech giants say they buy enough wind, solar or geothermal power every time a big data center comes online to cancel out its emissions. But critics see a shell game with these contracts: The companies are operating off the same power grid as everyone else, while claiming for themselves much of the finite amount of green energy. Utilities are then backfilling those purchases with fossil fuel expansions, regulatory filings show... heavily polluting fossil fuel plants that become necessary to stabilize the power grid overall because of these purchases, making sure everyone has enough electricity. The article quotes a project director at the nonprofit Data & Society, which tracks the effect of AI and accuses the tech industry of using "fuzzy math" in its climate claims. "Coal plants are being reinvigorated because of the AI boom," they tell the Washington Post. "This should be alarming to anyone who cares about the environment." The article also summarzies a recent Goldman Sachs analysis, which predicted data centers would use 8% of America's total electricity by 2030, with 60% of that usage coming "from a vast expansion in the burning of natural gas. The new emissions created would be comparable to that of putting 15.7 million additional gas-powered cars on the road." "We all want to be cleaner," Brian Bird, president of NorthWestern Energy, a utility serving Montana, South Dakota and Nebraska, told a recent gathering of data center executives in Washington, D.C. "But you guys aren't going to wait 10 years ... My only choice today, other than keeping coal plants open longer than all of us want, is natural gas. And so you're going see a lot of natural gas build out in this country." Big Tech responded by "going all in on experimental clean-energy projects that have long odds of success anytime soon," the article concludes. "In addition to fusion, they are hoping to generate power through such futuristic schemes as small nuclear reactors hooked to individual computing centers and machinery that taps geothermal energy by boring 10,000 feet into the Earth's crust..." Some experts point to these developments in arguing the electricity needs of the tech companies will speed up the energy transition away from fossil fuels rather than undermine it. "Companies like this that make aggressive climate commitments have historically accelerated deployment of clean electricity," said Melissa Lott, a professor at the Climate School at Columbia University.

Read more of this story at Slashdot.

"A good portion of my home directory got deleted," complained a bug report for systemd filed last week. It requested an update to a flag for the systemd-tmpfiles tool which cleans up files and directories: "a huge warning next to --purge. This option is dangerous, so it should be made clear that it's dangerous." The Register explains: As long as five years ago, systemd-tmpfiles had moved on past managing only temporary files — as its name might suggest to the unwary. Now it manages all sorts of files created on the fly ... such as things like users' home directories. If you invoke the systemd-tmpfiles --purge command without specifying that very important config file which tells it which files to handle, version 256 will merrily purge your entire home directory. The bug report first drew a cool response from systemd developer Luca Boccassi of Microsoft: So an option that is literally documented as saying "all files and directories created by a tmpfiles.d/ entry will be deleted", that you knew nothing about, sounded like a "good idea"? Did you even go and look what tmpfiles.d entries you had beforehand? Maybe don't just run random commands that you know nothing about, while ignoring what the documentation tells you? Just a thought eh But the report then triggered "much discussion," reports Phoronix. Some excerpts: Lennart Poettering: "I think we should fail --purge if no config file is specified on the command line. I see no world where an invocation without one would make sense, and it would have caught the problem here." Red Hat open source developer Zbigniew JÄ(TM)drzejewski-Szmek: "We need to rethink how --purge works. The principle of not ever destroying user data is paramount. There can be commands which do remove user data, but they need to be minimized and guarded." Systemd contributor Betonhaus: "Having a function that declares irreplaceable files — such as the contents of a home directory — to be temporary files that can be easily purged, is at best poor user interfacing design and at worst a severe design flaw." But in the end, Phoronix writes, systemd-tmpfiles behavior "is now improved upon." "Merged Wednesday was this patch that now makes systemd-tmpfiles accept a configuration file when running purge. That way the user must knowingly supply the configuration file(s) to which files they would ultimately like removed. The documentation has also been improved upon to make the behavior more clear." Thanks to long-time Slashdot reader slack_justyb for sharing the news.

Read more of this story at Slashdot.

An anonymous reader shared this report from CNBC: Gilead's experimental twice-yearly medicine to prevent HIV was 100% effective in a late-stage trial, the company said Thursday. None of the roughly 2,000 women in the trial who received the lenacapavir shot had contracted HIV by an interim analysis, prompting the independent data monitoring committee to recommend Gilead unblind the Phase 3 trial and offer the treatment to everyone in the study. Other participants had received standard daily pills. The company expects to share more data by early next year, the article adds, and if its results are positive, the company could bring its drug to the market as soon as late 2025. (By Fridayt the company's stock price had risen nearly 12%.) There's already other HIV-preventing options, the article points out, but they're taken by "only a little more than one-third of people in the U.S. who could benefit...according to data from the Centers for Disease Control and Prevention." Part of the problem? "Daily pills dominate the market, but drugmakers are now focusing on developing longer-acting shots... Health policymakers and advocates hope longer-acting options could reach people who can't or don't want to take a daily pill and better prevent the spread of a virus that caused about 1 million new infections globally in 2022."

Read more of this story at Slashdot.

Where is dark matter, the invisible masses which must exist to bind galaxies together? Stephen Hawking postulated they could be hiding in "primordial" black holes formed during the big bang, writes CNN. "Now, a new study by researchers with the Massachusetts Institute of Technology has brought the theory back into the spotlight, revealing what these primordial black holes were made of and potentially discovering an entirely new type of exotic black hole in the process." Other recent studies have confirmed the validity of Hawking's hypothesis, but the work of [MIT graduate student Elba] Alonso-Monsalve and [study co-author David] Kaiser, a professor of physics and the Germeshausen Professor of the History of Science at MIT, goes one step further and looks into exactly what happened when primordial black holes first formed. The study, published June 6 in the journal Physical Review Letters, reveals that these black holes must have appeared in the first quintillionth of a second of the big bang: "That is really early, and a lot earlier than the moment when protons and neutrons, the particles everything is made of, were formed," Alonso-Monsalve said... "You cannot find quarks and gluons alone and free in the universe now, because it is too cold," Alonso-Monsalve added. "But early in the big bang, when it was very hot, they could be found alone and free. So the primordial black holes formed by absorbing free quarks and gluons." Such a formation would make them fundamentally different from the astrophysical black holes that scientists normally observe in the universe, which are the result of collapsing stars. Also, a primordial black hole would be much smaller — only the mass of an asteroid, on average, condensed into the volume of a single atom. But if a sufficient number of these primordial black holes did not evaporate in the early big bang and survived to this day, they could account for all or most dark matter. During the making of the primordial black holes, another type of previously unseen black hole must have formed as a kind of byproduct, according to the study. These would have been even smaller — just the mass of a rhino, condensed into less than the volume of a single proton... "It's inevitable that these even smaller black holes would have also formed, as a byproduct (of primordial black holes' formation)," Alonso-Monsalve said, "but they would not be around today anymore, as they would have evaporated already." However, if they were still around just ten millionths of a second into the big bang, when protons and neutrons formed, they could have left observable signatures by altering the balance between the two particle types. Professer Kaiser told CNN the next generation of gravitational detectors "could catch a glimpse of the small-mass black holes — an exotic state of matter that was an unexpected byproduct of the more mundane black holes that could explain dark matter today." Nico Cappelluti, an assistant professor in the physics department of the University of Miami (who was not involved with the study) confirmed to CNN that "This work is an interesting, viable option for explaining the elusive dark matter."

Read more of this story at Slashdot.

Slashdot reader DevNull127 writes: A free and open source ChatGPT clone — named LibreChat — is also letting its users choose which AI model to use, "to harness the capabilities of cutting-edge language models from multiple providers in a unified interface". This means LibreChat includes OpenAI's models, but also others — both open-source and closed-source — and its website promises "seamless integration" with AI services from OpenAI, Azure, Anthropic, and Google — as well as GPT-4, Gemini Vision, and many others. ("Every AI in one place," explains LibreChat's home page.) Plugins even let you make requests to DALL-E or Stable Diffusion for image generations. (LibreChat also offers a database that tracks "conversation state" — making it possible to switch to a different AI model in mid-conversation...) Released under the MIT License, LibreChat has become "an open source success story," according to this article, representing "the passionate community that's actively creating an ecosystem of open source AI tools." Its creator, Danny Avila, says it finally lets users own their own data, "which is a dying human right, a luxury in the internet age and even more so with the age of LLM's." Avila says he was inspired by the day ChatGPT leaked the chat history of some of its users back in March of 2023 — and LibreChat is "inherently completely private". From the article: With locally-hosted LLMs, Avila sees users finally getting "an opportunity to withhold training data from Big Tech, which many trade at the cost of convenience." In this world, LibreChat "is naturally attractive as it can run exclusively on open-source technologies, database and all, completely 'air-gapped.'" Even with remote AI services insisting they won't use transient data for training, "local models are already quite capable" Avila notes, "and will become more capable in general over time." And they're also compatible with LibreChat...

Read more of this story at Slashdot.

A report from BleepingComputer notes that ASUS "has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices." But there's more bad news: Taiwan's CERT has also informed the public about CVE-2024-3912 in a post yesterday, which is a critical (9.8) arbitrary firmware upload vulnerability allowing unauthenticated, remote attackers to execute system commands on the device. The flaw impacts multiple ASUS router models, but not all will be getting security updates due to them having reached their end-of-life (EoL). Finally, ASUS announced an update to Download Master, a utility used on ASUS routers that enables users to manage and download files directly to a connected USB storage device via torrent, HTTP, or FTP. The newly released Download Master version 3.1.0.114 addresses five medium to high-severity issues concerning arbitrary file upload, OS command injection, buffer overflow, reflected XSS, and stored XSS problems.

Read more of this story at Slashdot.

Researchers have devised a way to extract energy from the photosynthesis process of algae, according to an announcement from Concordia University. Suspended in a specialized solution, the algae forms part of a "micro photosynthetic power cell" that can actually generate enough energy to power low-power devices like Internet of Things (IoT) sensors. "Photosynthesis produces oxygen and electrons. Our model traps the electrons, which allows us to generate electricity," [says Kirankumar Kuruvinashetti, PhD 20, now a Mitacs postdoctoral associate at the University of Calgary.] "So more than being a zero-emission technology, it's a negative carbon emission technology: it absorbs carbon dioxide from the atmosphere and gives you a current. Its only byproduct is water." [...] Muthukumaran Packirisamy, professor in the Department of Mechanical, Industrial and Aerospace Engineering and the paper's corresponding author, admits the system is not yet able to compete in power generation with others like photovoltaic cells. The maximum possible terminal voltage of a single micro photosynthetic power cell is only 1.0V. But he believes that, with enough research and development, including artificial intelligence-assisted integration technologies, this technology has the potential to be a viable, affordable and clean power source in the future. It also offers significant manufacturing advantages over other systems, he says. "Our system does not use any of the hazardous gases or microfibres needed for the silicon fabrication technology that photovoltaic cells rely on. Furthermore, disposing of silicon computer chips is not easy. We use biocompatible polymers, so the whole system is easily decomposable and very cheap to manufacture." In the paper the researchers also described it as a âoemicrobial fuel cellâ...

Read more of this story at Slashdot.

"At the height of the COVID-19 pandemic, the U.S. military launched a secret campaign to counter what it perceived as China's growing influence in the Philippines..." reports Reuters. "It aimed to sow doubt about the safety and efficacy of vaccines and other life-saving aid that was being supplied by China, a Reuters investigation found." Reuters interviewed "more than two dozen current and former U.S officials, military contractors, social media analysts and academic researchers," and also reviewed posts on social media, technical data and documents about "a set of fake social media accounts used by the U.S. military" — some active for more than five years. Friday they reported the results of their investigation: Through phony internet accounts meant to impersonate Filipinos, the military's propaganda efforts morphed into an anti-vax campaign. Social media posts decried the quality of face masks, test kits and the first vaccine that would become available in the Philippines — China's Sinovac inoculation. Reuters identified at least 300 accounts on X, formerly Twitter, that matched descriptions shared by former U.S. military officials familiar with the Philippines operation. Almost all were created in the summer of 2020 and centered on the slogan #Chinaangvirus — Tagalog for China is the virus. "COVID came from China and the VACCINE also came from China, don't trust China!" one typical tweet from July 2020 read in Tagalog. The words were next to a photo of a syringe beside a Chinese flag and a soaring chart of infections. Another post read: "From China — PPE, Face Mask, Vaccine: FAKE. But the Coronavirus is real." After Reuters asked X about the accounts, the social media company removed the profiles, determining they were part of a coordinated bot campaign based on activity patterns and internal data. The U.S. military's anti-vax effort began in the spring of 2020 and expanded beyond Southeast Asia before it was terminated in mid-2021, Reuters determined. Tailoring the propaganda campaign to local audiences across Central Asia and the Middle East, the Pentagon used a combination of fake social media accounts on multiple platforms to spread fear of China's vaccines among Muslims at a time when the virus was killing tens of thousands of people each day. A key part of the strategy: amplify the disputed contention that, because vaccines sometimes contain pork gelatin, China's shots could be considered forbidden under Islamic law... A senior Defense Department official acknowledged the U.S. military engaged in secret propaganda to disparage China's vaccine in the developing world, but the official declined to provide details. A Pentagon spokeswoman... also noted that China had started a "disinformation campaign to falsely blame the United States for the spread of COVID-19." A senior U.S. military officer directly involved in the campaign told Reuters that "We didn't do a good job sharing vaccines with partners. So what was left to us was to throw shade on China's." At least six senior State Department officials for the region objected, according to the article. But in 2019 U.S. Defense Secretary Mark Esper signed "a secret order" that "elevated the Pentagon's competition with China and Russia to the priority of active combat, enabling commanders to sidestep the StateDepartment when conducting psyops against those adversaries." [A senior defense official] said the Pentagon has rescinded parts of Esper's 2019 order that allowed military commanders to bypass the approval of U.S. ambassadors when waging psychological operations. The rules now mandate that military commanders work closely with U.S. diplomats in the country where they seek to have an impact. The policy also restricts psychological operations aimed at "broad population messaging," such as those used to promote vaccine hesitancy during COVID... Nevertheless, the Pentagon's clandestine propaganda efforts are set to continue. In an unclassified strategy document last year, top Pentagon generals wrote that the U.S. military could undermine adversaries such as China and Russia using "disinformation spread across social media, false narratives disguised as news, and similar subversive activities [to] weaken societal trust by undermining the foundations of government." And in February, the contractor that worked on the anti-vax campaign — General Dynamics IT — won a $493 million contract. Its mission: to continue providing clandestine influence services for the military.

Read more of this story at Slashdot.

ASUS has suddenly agreed "to overhaul its customer support and warranty systems," writes the hardware review site Gamers Nexus — after a three-video series on its YouTube channel documented bad and "potentially illegal" handling of customer warranties for the channel's 2.2 million viewers. The Verge highlights ASUS's biggest change: If you've ever been denied a warranty repair or charged for a service that was unnecessary or should've been free, Asus wants to hear from you at a new email address. It claims those disputes will be processed by Asus' own staff rather than outsourced customer support agents.... The company is also apologizing today for previous experiences you might have had with repairs. "We're very sorry to anyone who has had a negative experience with our service team. We appreciate your feedback and giving us a chance to make amends." It started five weeks ago when Gamers Nexus requested service for a joystick problem, according to a May 10 video. First they'd received a response wrongly telling them their damage was out of warranty — which also meant Asus could add a $20 shipping charge for the requested repair. "Somehow that turned into ASUS saying the LCD needs to be replaced, even though the joystick is covered under their repair policies," the investigators say in the video. [They also note this response didn't even address their original joystick problem — "only that thing that they had decided to find" — and that ASUS later made an out-of-the-blue reference to "liquid damage."] The repair would ultimately cost $191.47, with ASUS mentioning that otherwise "the unit will be sent back un-repaired and may be disassembled." ASUS gave them four days to respond, with some legalese adding that an out-of-warranty repair fee is non-refundable, yet still "does not guarantee that repairs can be made." Even when ASUS later agreed to do a free "partial" repair (providing the requested in-warranty service), the video's investigators still received another email warning of "pending service cancellation" and return of the unit unless they spoke to "Invoice Quotation Support" immediately. The video-makers stood firm, and the in-warranty repair was later performed free — but they still concluded that "It felt like ASUS tried to scam us." ASUS's response was documented in a second video, with ASUS claiming it had merely been sending a list of "available" repairs (and promising that in the future ASUS would stop automatically including costs for the unrequested repair of "cosmetic imperfections" — and that they'd also change their automatic emails.) Gamers Nexus eventually created a fourth, hour-long video confronting various company officials at Computex — which finally led to them publishing a list of ASUS's promised improvements on Friday. Some highlights: ASUS promises it's "created a Task Force team to retroactively go back through a long history of customer surveys that were negative to try and fix the issues." (The third video from Gamers Nexus warned ASUS was already on the government's radar over its handling of warranty issues.) ASUS also announced their repairs centers were no longer allowed to claim "customer-induced damage" (which Gamers Nexus believes "will remove some of the financial incentive to fail devices" to speed up workloads). ASUS is creating a new U.S. support center allowing customers to choose either a refurbished board or a longer repair. Gamers Nexus says they already have devices at ASUS repair centers — under pseudonyms — and that they "plan to continue sampling them over the next 6-12 months so we can ensure these are permanent improvements." And there's one final improvement, according to Gamers Nexus. "After over a year of refusing to acknowledge the microSD card reader failures on the ROG Ally [handheld gaming console], ASUS will be posting a formal statement next week about the defect."

Read more of this story at Slashdot.

Long-time Slashdot reader theodp shared this warning from a long-time AI researcher arguing that data science "is due" for a reckoning over whether results can be reproduced. "Few technological revolutions came with such a low barrier of entry as Machine Learning..." Unlike Machine Learning, Data Science is not an academic discipline, with its own set of algorithms and methods... There is an immense diversity, but also disparities in skill, expertise, and knowledge among Data Scientists... In practice, depending on their backgrounds, data scientists may have large knowledge gaps in computer science, software engineering, theory of computation, and even statistics in the context of machine learning, despite those topics being fundamental to any ML project. But it's ok, because you can just call the API, and Python is easy to learn. Right...? Building products using Machine Learning and data is still difficult. The tooling infrastructure is still very immature and the non-standard combination of data and software creates unforeseen challenges for engineering teams. But in my views, a lot of the failures come from this explosive cocktail of ritualistic Machine Learning: - Weak software engineering knowledge and practices compounded by the tools themselves; - Knowledge gap in mathematical, statistical, and computational methods, encouraged black boxing API; - Ill-defined range of competence for the role of data scientist, reinforced by a pool of candidates with an unusually wide range of backgrounds; - A tendency to follow the hype rather than the science. - What can you do? - Hold your data scientists accountable using Science. - At a minimum, any AI/ML project should include an Exploratory Data Analysis, whose results directly support the design choices for feature engineering and model selection. - Data scientists should be encouraged to think outside-of-the box of ML, which is a very small box - Data scientists should be trained to use eXplainable AI methods to provide context about the algorithm's performance beyond the traditional performance metrics like accuracy, FPR, or FNR. - Data scientists should be held at similar standards than other software engineering specialties, with code review, code documentation, and architectural designs. The article concludes, "Until such practices are established as the norm, I'll remain skeptical of Data Science."

Read more of this story at Slashdot.

"SpaceX has received FCC clearance to operate a mysterious 'wireless module' device," PC Magazine reported earlier this week, speculating that the device "might be a new Starlink router." On Tuesday, the FCC issued an equipment authorization for the device, which uses the 2.4GHz and 5GHz Wi-Fi radio bands. A document in SpaceX's filing also says it features antennas along with Wi-Fi chips apparently from MediaTek. Another document calls the device by the codename "UTW-231," and defines it as a "wireless router" supporting IEEE 802.11b/g/n/ax for Wi-Fi 6 speeds up to 1,300Mbps. But perhaps the most interesting part is an image SpaceX attached, which suggests the router is relatively small and can fit in a person's open hand.... SpaceX CEO Elon Musk has said the "Starlink mini" dish is slated to arrive later this year and that it's small enough to fit in a backpack... On Wednesday, PCMag also spotted the official Starlink.com site referencing the name "Mini" in a specification page for the satellite internet system. Today saw some interesting speculation on the unoffical "Starlink Hardware" blog (written by Noah Clarke, who has a degree in electronics). Clarke guesses the product "will be aimed at portable use cases, such as camping, RV's, vans, hiking... designed to be easy to store, transport, and deploy". But he also notes Starlink updated their app today, with a new shopping page showing what he believes the upcoming product will look like. ("Very similar to the Standard dish, just smaller. It has a similar shape, and even a kickstand.") If you go into developer mode and play around with the Mini network settings, you notice something interesting. There is no separate router. Devices are connected to the dish itself... I'm guessing that, in order to make the Mini as portable as possible, Starlink decided it was best to simplify the system and limit the number of components. There are more Wifi details that have been revealed, and that is mesh compatibility. For those of you that might be interested in using the Mini at home, or for larger events where you need additional Wifi coverage, the Mini's built-in router will be compatible with Starlink mesh. You'll be able to wirelessly pair another Starlink router to the Mini.

Read more of this story at Slashdot.

In 2016, Phoronix remembered how the early days of Linux kernel mode-setting (KMS) had brought hopes for improved error messages. And one long-awaited feature was errors messages for "Direct Rendering Manager" (or DRM) drivers — something analgous to the "Blue Screen of Death" Windows gives for critical errors. Now Linux 6.10 is introducing a new DRM panic handler infrastructure enabling messages when a panic occurs, Phoronix reports today. "This is especially important for those building a kernel without VT/FBCON support where otherwise viewing the kernel panic message isn't otherwise easily available." With Linux 6.10 the initial DRM Panic code has landed as well as wiring up the DRM/KMS driver support for the SimpleDRM, MGAG200, IMX, and AST drivers. There is work underway on extending DRM Panic support to other drivers that we'll likely see over the coming kernel cycles for more widespread support... On Linux 6.10+ with platforms having the DRM Panic driver support, this "Blue Screen of Death" functionality can be tested via a route such as echo c > /proc/sysrq-trigger. The article links to a picture shared on Mastodon by Red Hat engineer Javier Martinez Canillas of the error message being generated on a BeaglePlay single board computer. Phoronix also points out that some operating systems have even considered QR codes for kernel error messages...

Read more of this story at Slashdot.

Wednesday the annual electric vehicle outlook report was released by market researcher BloombergNEF. And the analyst wrote that "Our long-term outlook for EVs remains bright," according to the Los Angeles Times: In 2023, EVs made up 18% of global passenger-vehicle sales. By 2030, according to the report, 45% will be EVs. That number jumps to 73% by 2040 — still short of what the world needs to reach net zero emissions in transportation, the firm says, but enough to achieve major reductions in climate-changing carbon emissions... [D]ifferent countries are moving at different speeds and with different levels of commitment. Today, "China, India and France are still showing signs of healthy growth, but the latest data from Germany, Italy and the U.S. is more concerning," BloombergNEF said. Global EV sales "are set to rise from 13.9 million in 2023 to over 30 million in 2027," despite the lagging U.S. [The article points out later that "For the first quarter in China, EV sales were up 37%, according to BloombergNEF. In India, it's 39%, and in France, 20%. The U.S. was a laggard, up just 4%."] Whatever the geography, consumer concerns about price, driving range, battery lifespan, and unreliable public charging continue to dampen many buyers' enthusiasm for EVs. BloombergNEF's findings are echoed by consulting firm McKinsey and the AAA motor club, in recent forecasts of their own. But EV prices are coming down, range is improving, and large numbers of public chargers are being installed, all of which could revive sales growth. Consumers around the planet are warming to the idea of buying an electric car, but they're moving slowly. According to McKinsey, 14% of 30,000 global survey respondents in 2021 said their next vehicle would be an EV. This year, it's 18%. In the U.S. it's a different story, where consumer interest in an EV purchase declined to 18% this year, according to AAA's survey, down from 23% in 2023. And nearly two-thirds reported they were unlikely to buy an EV next time they buy a car. Interest in hybrids is on the rise. One in three said they were likely to buy a hybrid, a vehicle that adds a small battery to an internal combustion engine to improve fuel efficiency. That's bad news for pure EV sales, at least in the immediate future, said Greg Brannon, head of automotive research at AAA. Early adopters already have their EVs, he said, while mainstream buyers remain skeptical. The article does note that major automakers "are losing billions of dollars in their EV division," with several cutting the EV goals for the U.S. (Though Hyundai and Kia are not.) And then there's this... A global survey conducted by consulting firm McKinsey, also released Wednesday, included this shocker: 29% of EV owners told McKinsey they plan to replace the EV they bought with a gasoline or diesel car, a figure that jumps to 38% for U.S. EV owners. Phillip Kampshoff, who leads McKinsey's Center for Future Mobility in the Americas, said he'd seen EV sales as "a one way street. Once you buy, you're hooked on an EV. But that's not what the data shows...." But the article points out that both BloombergNEF and McKinsey still remained bullish that adoption will increase in the future.

Read more of this story at Slashdot.

The Los Angeles Times reports that "The personal information of more than 200,000 people in Los Angeles County was potentially exposed after a hacker used a phishing email to steal the login credentials of 53 public health employees, the county announced Friday." Details that were possibly accessed in the February data breach include the first and last names, dates of birth, diagnoses, prescription information, medical record numbers, health insurance information, Social Security numbers and other financial information of Department of Public Health clients, employees and other individuals. "Affected individuals may have been impacted differently and not all of the elements listed were present for each individual," the agency said in a news release... The data breach happened between Feb. 19 and 20 when employees received a phishing email, which tries to trick recipients into providing important information such as passwords and login credentials. The employees clicked on a link in the body of the email, thinking they were accessing a legitimate message, according to the agency... The county is offering free identity monitoring through Kroll, a financial and risk advisory firm, to those affected by the breach. Individuals whose medical records were potentially accessed by the hacker should review them with their doctor to ensure the content is accurate and hasn't been changed. Officials say people should also review the Explanation of Benefits statement they receive from their insurance company to make sure they recognize all the services that have been billed. Individuals can also request credit reports and review them for any inaccuracies. From the official statement by the county's Public Health department: Upon discovery of the phishing attack, Public Health disabled the impacted e-mail accounts, reset and re-imaged the user's device(s), blocked websites that were identified as part of the phishing campaign and quarantined all suspicious incoming e-mails. Additionally, awareness notifications were distributed to all workforce members to remind them to be vigilant when reviewing e-mails, especially those including links or attachments. Law enforcement was notified upon discovery of the phishing attack, and they investigated the incident.

Read more of this story at Slashdot.

Bloomberg reports: A disease caused by a rare "flesh-eating bacteria" that can kill people within 48 hours is spreading in Japan after the country relaxed Covid-era restrictions. Cases of streptococcal toxic shock syndrome (STSS) reached 977 this year by June 2, higher than the record 941 cases reported for all of last year, according to the National Institute of Infectious Diseases, which has been tracking incidences of the disease since 1999. Group A Streptococcus (GAS) typically causes swelling and sore throat in children known as "strep throat," but some types of the bacteria can lead to symptoms developing rapidly, including limb pain and swelling, fever, low blood pressure, that can be followed by necrosis, breathing problems, organ failure and death. People over 50 are more prone to the disease. "Most of the deaths happen within 48 hours," said Ken Kikuchi, a professor in infectious diseases at Tokyo Women's Medical University. "As soon as a patient notices swelling in foot in the morning, it can expand to the knee by noon, and they can die within 48 hours...." At the current rate of infections, the number of cases in Japan could reach 2,500 this year, with a "terrifying" mortality rate of 30%, Kikuchi said.

Read more of this story at Slashdot.