Early termination fees are "a bit like heroin for Adobe," according to an Adobe executive quoted in the FTC's newly unredacted complaint against the company for allegedly hiding fees and making it too hard to cancel Creative Cloud. The Verge: "There is absolutely no way to kill off ETF or talk about it more obviously" in the order flow without "taking a big business hit," this executive said. That's the big reveal in the unredacted complaint, which also contains previously unseen allegations that Adobe was internally aware of studies showing its order and cancellation flows were too complicated and customers were unhappy with surprise early termination fees. In a short interview, Adobe's general counsel and chief trust officer, Dana Rao, pushed back on both the specific quote and the FTC's complaint more generally, telling me that he was "disappointed in the way they're continuing to take comments out of context from non-executive employees from years ago to make their case."

Read more of this story at Slashdot.

samleecole writes: A leaked document obtained by 404 Media shows company-wide effort at generative AI company Runway, where employees collected thousands of YouTube videos and pirated content for training data for its Gen-3 Alpha model. The model -- initially codenamed Jupiter and released officially as Gen-3 -- drew widespread praise from the AI development community and technology outlets covering its launch when Runway released it in June. Last year, Runway raised $141 million from investors including Google and Nvidia, at a $1.5 billion valuation. The spreadsheet of training data viewed by 404 Media and our testing of the model indicates that part of its training data is popular content from the YouTube channels of thousands of media and entertainment companies, including The New Yorker, VICE News, Pixar, Disney, Netflix, Sony, and many others. It also includes links to channels and individual videos belonging to popular influencers and content creators, including Casey Neistat, Sam Kolder, Benjamin Hardman, Marques Brownlee, and numerous others.

Read more of this story at Slashdot.

World temperature reached the hottest levels ever measured on Monday, beating the record that was set just one day before, data suggests. From a report: Provisional data published on Wednesday by the Copernicus Climate Change Service, which holds data that stretches back to 1940, shows that the global surface air temperature reached 62.87F (17.15C), compared with 62.76F (17.09C) on Sunday. Earlier this month, Copernicus found that global temperatures between July 2023 and July 2024 were the highest on record. The previous record before this week was set a year ago on 6 July. Before that, the previous recorded hottest day was in 2016, according to the Associated Press.

Read more of this story at Slashdot.

A little-known spyware maker based in Minnesota has been hacked, TechCrunch reports, revealing thousands of devices around the world under its stealthy remote surveillance. From the report: A person with knowledge of the breach provided TechCrunch with a cache of files taken from the company's servers containing detailed device activity logs from the phones, tablets, and computers that Spytech monitors, with some of the files dated as recently as early June. TechCrunch verified the data as authentic in part by analyzing some of the exfiltrated device activity logs that pertain to the company's chief executive, who installed the spyware on one of his own devices. The data shows that Spytech's spyware -- Realtime-Spy and SpyAgent, among others -- has been used to compromise more than 10,000 devices since the earliest-dated leaked records from 2013, including Android devices, Chromebooks, Macs, and Windows PCs worldwide. Spytech is the latest spyware maker in recent years to have itself been compromised, and the fourth spyware maker known to have been hacked this year alone, according to TechCrunch's running tally.

Read more of this story at Slashdot.

A NASA committee determined that the Chandra X-ray Observatory would have to cease operations under the proposed budget cuts in NASA's 2025 budget. The committee reviewed various options but found that only shutting down Chandra fit within the proposed budget, although alternatives could keep the observatory running with limited capabilities. SpaceNews reports: NASA established the Operations Paradigm Change Review (OPCR) committee this spring to look at ways of reducing the costs of operating Chandra and the Hubble Space Telescope as part of broader efforts to deal with a billion-dollar shortfall in agency science funding. The fiscal year 2025 budget proposal included a 40% cut in Chandra's budget, with further reductions through 2029, while cutting Hubble's budget by 10% in 2025. Astronomers strongly opposed the proposed cuts, particularly for Chandra. They argued that the reductions would effectively shut down the telescope, a conclusion backed by Patrick Slane, director of the Chandra X-Ray Center, in an open letter shortly after the release of the budget proposal. The OPCR concurred. "The committee agreed that the continuation of a scientifically viable Chandra mission is not possible within the funding guidance," said Rob Kennicutt, an astronomer from the University of Arizona and Texas A&M University who served on the review committee, in a July 23 presentation at a meeting of the Astrophysics Advisory Committee, or APAC. "This is a serious threat to the observatory." Shutting down Chandra was one of four options presented to the OPCR by the Chandra team and the only one, he said, that fit within NASA's proposed budget profile. Three others would keep Chandra going with reduced capabilities and with budgets higher than what NASA proposed but below current levels. "We think it's possible to run Chandra for less money" than today, he said, "but more than what they were given."

Read more of this story at Slashdot.

"Despite its domestic space program faltering even before sanctions due to its invasion of Ukraine, and at least one very public failure on a less ambitious project, Russia has announced it will begin construction of a Russian-only replacement for the ISS and place it in a more difficult-to-access polar orbit," writes longtime Slashdot reader Baron_Yam. "Russia is motivated by military and political demands to achieve this, but whether it has the means or not seems uncertain at best." Reuters reports: Russia is aiming to create the four-module core of its planned new orbital space station by 2030, its Roscosmos space agency said on Tuesday. The head of Roscosmos, Yuri Borisov, signed off on the timetable with the directors of 19 enterprises involved in creating the new station. The agency confirmed plans to launch an initial scientific and energy module in 2027. It said three more modules would be added by 2030 and a further two between 2031 and 2033. [...] Apart from the design and manufacture of the modules, Roscomos said the schedule approved by Borisov includes flight-testing a new-generation crewed spacecraft and building rockets and ground-based infrastructure. The new station will enable Russia to "solve problems of scientific and technological development, national economy and national security that are not available on the Russian segment of the ISS due to technological limitations and the terms of international agreements," it said.

Read more of this story at Slashdot.

Jaco's team had a problems with an embedded web server shutting down properly. Something about the shutdown process was deadlocking, so one of their "ninja Yoda coders" rockstarred their way to a solution.

private void stopServer() { try { if (webServer != null) { logger.debug("Shutdown webserver"); // This goes into a dead lock, therefore I've replaced it with // some voodoo stuff. logger.debug("Get listener field from web server."); Field listenerField = WebServer.class.getDeclaredField("listener"); listenerField.setAccessible(true); Thread listener = (Thread) listenerField.get(webServer); listenerField.set(webServer, null); logger.debug("Interrupt the listener thread."); listener.interrupt(); webServer = null; logger.debug("Shutdown webserver complete"); } else { logger.debug("No webserver to shutdown"); } } catch (Exception e) { logger.error(LoggerCodes.RPC_SERVER_SHUTDOWN_FAILURE, e, LoggerUtility.parameters("class", e.getClass().getSimpleName(), "message", e.getMessage())); } }

Allow me to translate the comment: "I don't know how to fix this so I did some bizarre nonsense to break things in a way that works."

So, let's trace through this Java code. It's not particularly magical, just… a collection of bad ideas.

The WebServer class has a private field called listener. So, we use getDeclaredField- a reflection method- to get the associated Field object for that private field. Once we have it, we can disable the private protections so that we can use this Field object to peek past the private protections.

And that's what we do- we use listenerField.get(webServer) to reach inside of the webServer and fetch its private field. We use set to set that private field to null. Since that listener is a thread, we can simply interrupt() it to break its execution. That is the correct way to stop a thread in Java, which is the first correct thing this code has done.

As a helpful tip: if you find yourself solving a problem and reach for reflection, you've likely misidentified your problem. If you're using reflection to peek past private protections, you've definitely misunderstood your problem.

.comment { border: none; } [Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

An anonymous reader quotes a report from The Guardian: A team of Australian scientists is genetically engineering a common fly species so that it can eat more of humanity's organic waste while producing ingredients for making everything from lubricants and biofuels to high-grade animal feeds. Black soldier flies are already being used commercially to consume organic waste, including food waste, but tweaking their genetics could widen the range of waste their larvae consume while, in the process, producing fatty compounds and enzymes. In a scientific paper, the team based at Sydney's Macquarie University outlined their hopes for the flies and how they could also cut the amount of planet-warming methane produced when organic waste breaks down. "We are heading towards a climate disaster, and landfill waste releases methane. We need to get that to zero," Dr Kate Tepper, a lead author of the paper, said. Dr Maciej Maselko runs an animal synthetic biology lab at Macquarie University where Tepper has already started engineering the flies. Maselko said insects would be the "next frontier" in dealing with the planet's waste management problem, which weighs in at about 1 billion tons a year in food waste alone. Black soldier flies are found in all continents except Antarctica. "If you've got a compost bin, then you've probably got some," Maselko said. The fly larvae can eat double their body weight a day and, like other insects, their larvae are used for animal feed. Maselko said the flies could already do the job of consuming waste faster than microbes. The university team has created a spin-off company, EntoZyme, to commercialize their work and hopes to have the first genetically engineered flies for use in waste facilities by the end of the year. [...] Creating a suite of genetically engineered flies would see them also produce enzymes used in animal feeds, textiles and pharmaceuticals, and fatty compounds that can be used to make biofuels and lubricants. Another proposed use is for some flies to be able to consume contaminated waste, which would then leave behind their poo that could be used as fertilizer. Tepper said flies can be engineered to deal with pollutants in several ways, including by breaking pollutants down into less toxic or inorganic compounds, evaporating them into the air or accumulating some pollutants into their bodies that can then be separated, leaving clean organic waste behind. The research has been published in the journal Communications Biology.

Read more of this story at Slashdot.

New Zealand has lodged a formal complaint with the International Olympic Committee (IOC) after a Canadian soccer "support staff member" allegedly flew a drone over their training session. The Canadian Olympic Committee has apologized, expressed shock and disappointment, and launched an investigation into the incident. ESPN reports: The COC said the individual has been detained by French authorities. "Team support members immediately reported the incident to police, leading to the drone operator, who has been identified as a support staff member of the wider Canadian Women's football team, to be detained," the NZOC said in a statement. "The NZOC has formally lodged the incident with the IOC integrity unit and has asked Canada for a full review. [...] For their part, Canada has said it was also stunned. The COC said it was made aware that a "non-accredited" member of its support team had used a drone to record the Silver Ferns' practice. "The Canadian Olympic Committee stands for fair-play and we are shocked and disappointed. We offer our heartfelt apologies to New Zealand Football, to all the players affected, and to the New Zealand Olympic Committee." It added it was "reviewing next steps" with the IOC, the Paris organizing committee and FIFA. The person responsible was Joseph Lombardi, an unaccredited analyst with Canada Soccer. As a result of these findings, Lombardi is being removed from the Canadian Olympic Team and sent home immediately. The same punishment will be applied to Jasmine Mander, the assistant coach to whom Mr. Lombardi sent information to. Furthermore, Head Coach Bev Priestman has removed herself from coaching the match against New Zealand on July 25th and the entire Canada Soccer staff will undergo mandatory ethics training.

Read more of this story at Slashdot.

In a blog post on Tuesday, security firm KnowBe4 revealed that a remote software engineer hire was a North Korean threat actor using a stolen identity and AI-augmented images. "Detailing a seemingly thorough interview process that included background checks, verified references and four video conference-based interviews, KnowBe4 founder and CEO Stu Sjouwerman said the worker avoided being caught by using a valid identity that was stolen from a U.S.-based individual," reports CyberScoop. "The scheme was further enhanced by the actor using a stock image augmented by artificial intelligence." From the report: An internal investigation started when KnowBe4's InfoSec Security Operations Center team detected "a series of suspicious activities" from the new hire. The remote worker was sent an Apple laptop, which was flagged by the company on July 15 when malware was loaded onto the machine. The AI-filtered photo, meanwhile, was flagged by the company's Endpoint Detection and Response software. Later that evening, the SOC team had "contained" the fake worker's systems after he stopped responding to outreach. During a roughly 25-minute period, "the attacker performed various actions to manipulate session history files, transfer potentially harmful files, and execute unauthorized software," Sjouwerman wrote in the post. "He used a [single-board computer] raspberry pi to download the malware." From there, the company shared its data and findings with the FBI and with Mandiant, the Google-owned cyber firm, and came to the conclusion that the worker was a fictional persona operating from North Korea. KnowBe4 said the fake employee likely had his workstation connected "to an address that is basically an 'IT mule laptop farm.'" They'd then use a VPN to work the night shift from where they actually reside -- in this case, North Korea "or over the border in China." That work would take place overnight, making it appear that they're logged on during normal U.S. business hours. "The scam is that they are actually doing the work, getting paid well, and give a large amount to North Korea to fund their illegal programs," Sjouwerman wrote. "I don't have to tell you about the severe risk of this." Despite the intrusion, Sjouwerman said "no illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems." He chalked up the incident to a threat actor that "demonstrated a high level of sophistication in creating a believable cover identity" and identified "weaknesses in the hiring and background check processes."

Read more of this story at Slashdot.

Ash Parrish reports via The Verge: More than 500 developers at Blizzard Entertainment who work on World of Warcraft have voted to form a union. The World of Warcraft GameMakers Guild, formed with the assistance of the Communication Workers of America (CWA), is composed of employees across every department, including designers, engineers, artists, producers, and more. Together, they have formed the largest wall-to-wall union -- or a union inclusive of multiple departments and disciplines -- at Microsoft. This news comes less than a week after the formation of the Bethesda Game Studios union, which, at the time of the announcement, was itself the largest wall-to-wall Microsoft union. [...] The World of Warcraft GameMakers Guild is made up of over 500 members across Blizzard offices in California and Massachusetts. Despite its size -- it is the second largest union at Microsoft overall behind Activision's 600-member QA union -- [Paul Cox, senior quest designer and Blizzard veteran] said that Microsoft's labor neutrality agreement helped get the organization ball rolling. In a statement to The Verge, Microsoft spokesperson Delaney Simmons said, "We continue to support our employees' right to choose how they are represented in the workplace, and we will engage in good faith negotiations with the CWA as we work towards a collective bargaining agreement."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: The prestigious Hugo awards for science fiction and fantasy writing has revealed that almost 400 votes -- about 10% of all votes cast in this year's awards -- were fraudulently paid for to help one finalist win. The Hugo administration subcommittee, which tallies the votes for the annual awards, issued a statement on Monday saying that they had determined that 377 votes had been cast by individuals with "obvious fake names and/or other disqualifying characteristics." These included voters with almost identical surnames, with just one letter changed and placed in alphabetical order, and some whose names were "translations of consecutive numbers." The voting pattern was "startlingly and obviously different" to anything the members of the current Hugo administration subcommittee had ever seen, and most of the votes favored one finalist, who the subcommittee called "Finalist A." "We have no evidence that Finalist A was at all aware of the fraudulent votes being cast for them, let alone in any way responsible for the operation. We are therefore not identifying them," the subcommittee said. Only members of the World Science Fiction Society (WSFS) can nominate works for the Hugos and vote on finalists, which costs a minimum of 45 pounds each year. Based on the Hugo administration subcommittee's tally, paying for 377 memberships would have cost at least $22,000. The Hugo administration subcommittee said they received "a confidential report that at least one person had sponsored the purchase of WSFS memberships by large numbers of individuals, who were refunded the cost of membership after confirming that they had voted as the sponsor wished." The subcommittee said the finalist has not been disqualified but didn't win their category without the invalid votes. "We want to reassure 2024 Hugo voters that the ballots cast were counted fairly," their statement said. "Most of all, we want to assure the winners of this year's Hugos that they have won fair and square, without any arbitrary or unexplained exclusion of votes or nominees and without any possibility that their award had been gained through fraudulent means." In February, the Hugo awards came under fire over censorship accusations that it was excluding several authors at its event in China.

Read more of this story at Slashdot.

Yesterday, GM announced it was delaying production of the Cruise Origin indefinitely, opting to use the Chevy Bolt as the main vehicle for its self-driving efforts. Introduced four years ago, the Cruise Origin embodied a futuristic vision with no steering wheels or pedals and 'campfire' seating for six passengers, all while providing wireless internet. However, as Fortune's Jessica Mathews writes, the company appears to have lost interest in that vision (source paywalled; alternative source) -- at least for now. From the report: To hear GM CEO and Cruise Chair Mary Barra, the demise of the Origin comes down to costs and regulation. GM's "per unit-costs will be much lower" by focusing on Bolts instead of Origin vehicles, Barra wrote in a quarterly letter to shareholders Tuesday. Barra discussed the regulatory challenges during the quarterly earnings call, explaining the company's view that deploying the Origin was going to require "legislative change." "As we looked at this, we thought it was better to get rid of that risk," Barra said. All robo-taxi companies have been waiting on the green light from regulators for the approvals needed to add these futuristic pedal-less cars into their commercial fleets. While the National Highway Traffic Safety Administration adjusted its rules so that carmakers could manufacture and deploy cars without pedals or steering, state DMVs still have many restrictions set in place when it comes to people riding in them. GM isn't completely swearing off the concept of steering-wheel free cars -- Barra noted that there could be an opportunity for a "vehicle like the Origin in the future."

Read more of this story at Slashdot.

Investigative journalist and cybersecurity expert Brian Krebs writes: The Chinese company in charge of handing out domain names ending in ".top" has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in ".com." On July 16, the Internet Corporation for Assigned Names and Numbers (ICANN) sent a letter to the owners of the .top domain registry. ICANN has filed hundreds of enforcement actions against domain registrars over the years, but in this case ICANN singled out a domain registry responsible for maintaining an entire top-level domain (TLD). Among other reasons, the missive chided the registry for failing to respond to reports about phishing attacks involving .top domains. "Based on the information and records gathered through several weeks, it was determined that .TOP Registry does not have a process in place to promptly, comprehensively, and reasonably investigate and act on reports of DNS Abuse," the ICANN letter reads (PDF). ICANN's warning redacted the name of the recipient, but records show the .top registry is operated by a Chinese entity called Jiangsu Bangning Science & Technology Co. Ltd. Representatives for the company have not responded to requests for comment. Domains ending in .top were represented prominently in a new phishing report released today by the Interisle Consulting Group, which sources phishing data from several places, including the Anti-Phishing Working Group (APWG), OpenPhish, PhishTank, and Spamhaus. Interisle's newest study examined nearly two million phishing attacks in the last year, and found that phishing sites accounted for more than four percent of all new .top domains between May 2023 and April 2024. Interisle said .top has roughly 2.76 million domains in its stable, and that more than 117,000 of those were phishing sites in the past year.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Angry T-Mobile customers have filed a class action lawsuit over the carrier's decision to raise prices on plans that were advertised as having a lifetime price guarantee. "Based upon T-Mobile's representations that the rates offered with respect to certain plans were guaranteed to last for life or as long as the customer wanted to remain with that plan, each Plaintiff and the Class Members agreed to these plans for wireless cellphone service from T-Mobile," said the complaint (PDF) filed in US District Court for the District of New Jersey. "However, in May 2024, T-Mobile unilaterally did away with these legacy phone plans and switched Plaintiffs and the Class to more expensive plans without their consent." The complaint, filed on July 12, has four named plaintiffs who live in New Jersey, Georgia, Nevada, and Pennsylvania. They are seeking to represent a class of all US residents "who entered into a T-Mobile One Plan, Simple Choice plan, Magenta, Magenta Max, Magenta 55+, Magenta Amplified or Magenta Military Plan with T-Mobile which included a promised lifetime price guarantee but had their price increased without their consent and in violation of the promises made by T-Mobile and relied upon by Plaintiffs and the proposed class." The complaint seeks "restitution of all amounts obtained by Defendant as a result of its violation," plus interest. It also seeks statutory and punitive damages, and an injunction to prevent further "wrongful, unlawful, fraudulent, deceptive, and unfair conduct." The report notes that the lawsuit centers around T-Mobile's broken "Un-contract" promise made in January 2017, which assured customers that their T-Mobile One plan prices would never increase unless they decided to change their plans. Despite the guarantee, T-Mobile included a significant caveat in a FAQ on its website, stating they would only cover the final month's bill if the price was raised and the customer decided to cancel. Many customers missed this caveat, leading to confusion and frustration when prices were later hiked. The lawsuit also addresses the transition from the "Un-contract" to a new "Price Lock" guarantee, which initially offered more protection but was later weakened, causing further dissatisfaction. The FCC said it has received around 1,600 complaints regarding these price hikes by late June.

Read more of this story at Slashdot.

Malaysia's digital minister said today he has asked global tech firms Microsoft and CrowdStrike to consider compensating companies that suffered losses during last week's global tech outage. From a report: Five government agencies and nine companies operating in aviation, banking and healthcare were among those affected in Malaysia, minister Gobind Singh Deo told reporters. "If there are any damages or losses, where there have been any parties that have made such claims, I've asked them to consider those claims and see to what extent they are able to help resolve the issue," Gobind said, adding that the government would also assist on the claims where possible. The total amount of losses incurred has not yet been determined, he said. The outage will cost Fortune 500 companies $5.4 billion, according to estimates from insurers. The projected financial losses exclude Microsoft.

Read more of this story at Slashdot.

Meta CEO Mark Zuckerberg has advocated for open-source AI development, asserting it as a strategic advantage for the United States against China. In a blog post, Zuckerberg argued that closing off AI models would not effectively prevent Chinese access, given their espionage capabilities, and would instead disadvantage U.S. allies and smaller entities. He writes: Our adversaries are great at espionage, stealing models that fit on a thumb drive is relatively easy, and most tech companies are far from operating in a way that would make this more difficult. It seems most likely that a world of only closed models results in a small number of big companies plus our geopolitical adversaries having access to leading models, while startups, universities, and small businesses miss out on opportunities. Plus, constraining American innovation to closed development increases the chance that we don't lead at all. Instead, I think our best strategy is to build a robust open ecosystem and have our leading companies work closely with our government and allies to ensure they can best take advantage of the latest advances and achieve a sustainable first-mover advantage over the long term.

Read more of this story at Slashdot.

Researchers at Check Point have uncovered a clandestine network of approximately 3,000 "ghost" accounts on GitHub, manipulating the platform to promote malicious content. Since June 2023, a cybercriminal dubbed "Stargazer Goblin" has been exploiting GitHub's community features to boost malicious repositories, making them appear legitimate and popular. Antonis Terefos, a malware reverse engineer at Check Point, discovered the network's activities, which include "starring," "forking," and "watching" malicious pages to increase their visibility and credibility. The network, named "Stargazers Ghost Network," primarily targets Windows users, offering downloads of seemingly legitimate software tools while spreading various types of ransomware and info-stealer malware.

Read more of this story at Slashdot.

AI is increasingly being employed in job interviews across China and India, marking a significant shift in recruitment practices in the region. This follows a similar practice making inroads in the U.S. Rest of World adds: A 2023 survey of 1,000 human-resources workers by the U.S. firm ResumeBuilder found that 10% of companies were already using AI in the hiring process, and another 30% planned to start the following year. The research firm Gartner listed natural-language chatbots as one of 2023's key innovations for the recruiting industry, designating the technology as experimental but promising. Companies like Meituan, Siemens, and Estee Lauder are using AI-powered interviews, with platforms such as MoSeeker, Talently.ai, and Instahyre leading the charge in AI recruitment solutions.

Read more of this story at Slashdot.

Google is now the only search engine that can surface results from Reddit, making one of the web's most valuable repositories of user generated content exclusive to the internet's already dominant search engine. 404 Media: If you use Bing, DuckDuckGo, Mojeek, Qwant or any other alternative search engine that doesn't rely on Google's indexing and search Reddit by using "site:reddit.com," you will not see any results from the last week. DuckDuckGo is currently turning up seven links when searching Reddit, but provides no data on where the links go or why, instead only saying that "We would like to show you a description here but the site won't allow us." Older results will still show up, but these search engines are no longer able to "crawl" Reddit, meaning that Google is the only search engine that will turn up results from Reddit going forward. Searching for Reddit still works on Kagi, an independent, paid search engine that buys part of its search index from Google. The news shows how Google's near monopoly on search is now actively hindering other companies' ability to compete at a time when Google is facing increasing criticism over the quality of its search results. The news follows Google signing a $60 million deal with Reddit early this year to use the social network's content to train its LLMs.

Read more of this story at Slashdot.