Meta has confirmed that it may use images analyzed by its Ray-Ban Meta AI smart glasses for AI training. The policy applies to users in the United States and Canada who share images with Meta AI, according to the company. While photos captured on the device are not used for training unless submitted to AI, any image shared for analysis falls under different policies, potentially contributing to Meta's AI model development. Further reading: Meta's Smart Glasses Repurposed For Covert Facial Recognition.

Read more of this story at Slashdot.

Google is rolling out ads in AI Overviews, which means you'll now start seeing products in some of the search engine's AI-generated summaries. From a report: Let's say you're searching for ways to get a grass stain out of your pants. If you ask Google, its AI-generated response will offer some tips, along with suggestions for products to purchase that could help you remove the stain. The products will appear beneath a "sponsored" header, and Google spokesperson Craig Ewer told The Verge they'll only show up if a question has a "commercial angle."

Read more of this story at Slashdot.

Microsoft gives its Edge web browser an unfair advantage and EU antitrust regulators should subject it to tough EU tech rules, three rival browsers and a group of web developers said in a letter to the European Commission. From a report: The move by Vivaldi, Waterfox, Wavebox and the Open Web Advocacy could boost Norwegian browser company Opera which in July took the European Commission to court for exempting Edge from the Digital Markets Act (DMA). [...] "Unfair practices are currently allowed to persist on the Windows' ecosystem with respect to Edge, unmitigated by the choice screens that exist on mobile," they said, pointing to Edge set as the default browser on all Windows computers. "No platform independent browser can aspire to match Edge's unparalleled distribution advantage on Windows. Edge is, moreover, the most important gateway for consumers to download an independent browser on Windows PCs."

Read more of this story at Slashdot.

WhatsApp and its parent Meta asked a judge to award them a total win against spyware maker NSO Group as punishment for discovery violations in a years-long case accusing the Israeli company of violating anti-hacking laws. From a report: NSO Group violated the Federal Rules of Civil Procedure, repeatedly ignoring the court's orders and its discovery obligations, according to a motion for sanctions filed Wednesday in the US District Court for the Northern District of California. "NSO's discovery violations were willful, and unfairly skew the record on virtually every key issue in the case, from the merits, to jurisdiction, to damages, making a full and fair trial on the facts impossible," they said. Judge Phyllis J. Hamilton should award the companies judgment as a matter of law or, "if the court finds that the limited discovery produced in this case does not suffice," enter default judgment against NSO, WhatsApp and Meta wrote. The social media platforms first filed their complaint in October 2019, accusing NSO of using WhatsApp to install NSO spyware on the phones of about 1,400 WhatsApp users. The move follows Apple asking a court last month to dismiss its three-year-old hacking lawsuit against spyware pioneer NSO Group, arguing that it might never be able to get the most critical files about NSO's Pegasus surveillance tool and that its own disclosures could aid NSO and its increasing number of rivals.

Read more of this story at Slashdot.

OpenAI has a $4 billion revolving line of credit, bringing its total liquidity to more than $10 billion, CNBC reported Thursday. From the report: It follows news on Wednesday that OpenAI closed its recent funding round at a valuation of $157 billion, including the $6.6 billion the company raised from an extensive roster of investment firms and big tech companies. JPMorgan Chase, Citi, Goldman Sachs, Morgan Stanley, Santander, Wells Fargo, SMBC, UBS, and HSBC all participated. The base credit line is $4 billion, with an option to increase it by an additional $2 billion. The loan is unsecured and can be tapped over the course of three years. OpenAI's interest rate is equal to the Secured Overnight Financing Rate (SOFR) plus 100 basis points. SOFR, a measure of the cost of borrowing cash overnight, sat at just over 5% as of early this week, meaning OpenAI would be paying roughly 6% on money that it borrows right away.

Read more of this story at Slashdot.

PayPal completed its first business payment using its proprietary stablecoin as a way to demonstrate how digital currencies can be used to improve often-clunky commercial transactions. From a report: PayPal paid an invoice to Ernst & Young LLP on Sept. 23 using PYUSD, the stablecoin the firm launched last year, relying on an SAP SE platform to complete the transaction. SAP's platform, known as the digital currency hub, allows enterprises to send and receive digital payments instantly, around the clock. The invoice amount wasn't disclosed. Stablecoins are cryptocurrencies usually designed to track traditional currencies one-to-one. PYUSD, which has a current market capitalization of almost $700 million, tracks the US dollar. While the consumer-facing benefits of stablecoins often dominate conversations, this payment demonstrates other use cases for the digital currency, according to Jose Fernandez da Ponte, PayPal's senior vice president of its blockchain, cryptocurrency and digital currency group.

Read more of this story at Slashdot.

WP Engine, a major web hosting provider, has filed a federal lawsuit against WordPress [PDF] co-founder Matt Mullenweg and Automattic, alleging libel and attempted extortion. The suit stems from a public dispute over WordPress trademark usage and open-source licensing. WP Engine, which hosts over 200,000 websites, accuses Mullenweg and Automattic of "abuse of power, extortion, and greed." The conflict escalated after Mullenweg called WP Engine a "cancer to WordPress" on his blog, prompting a cease-and-desist letter. Automattic subsequently demanded 8% of WP Engine's monthly revenue as royalties for alleged trademark infringement. The lawsuit includes 11 complaints, ranging from slander to violations of the Computer Fraud and Abuse Act.

Read more of this story at Slashdot.

Private equity firms are using US public sector workers' retirement savings to fund fossil fuel projects pumping more than a billion tonnes of greenhouse gas emissions into the atmosphere every year, according to an analysis. From a report: They have ploughed more than $1tn into the energy sector since 2010, often buying into old and new fossil fuel projects and, thanks to exemptions from many financial disclosures, operating them outside the public eye, the researchers say. In many cases they are mortgaging workers' futures by taking the money they have put away for old age and investing it in assets that risk serious damage to the climate, the report claims. "Public sector workers' money, through national, state, and retirement pensions, provides much of the capital for private equity firms' energy investments, but there is limited disclosure to the pension fund managers that the deferred earnings of their beneficiaries have potential climate impacts," it says. Researchers at Americans for Financial Reform Education Fund, Global Energy Monitor and Private Equity Stakeholder Project assessed the holdings of 21 private equity firms, overseeing a combined $6tn in assets under management. Together, the analysis found that the 21 firms were funding projects responsible for releasing more than 1.17bn tons of CO2 equivalent (tCO2e) a year.

Read more of this story at Slashdot.

"Job hopping as a way to boost your earnings may not be as profitable as it was in 2022," writes Slashdot reader NoWayNoShapeNoForm. "Data from ADP, based on payroll data of almost 10 million employees, suggests the salary gain between 'stay' and 'jump' has definitely narrowed across all age groups, gender classes, industries, and company sizes." Yahoo Finance reports: New data from ADP released Wednesday showed that the median year-over-year pay increase for job switchers fell to 6.6% in September, down from 7.3% in August and the lowest growth rate since April 2021. The gap between pay gains for job changers and those of job stayers, which grew at a 4.7% pace in August, is at its narrowest since January and a far cry from 2022-2023 levels during the "Great Resignation." ADP chief economist Nela Richardson said that the narrowing gap in pay gains is a sign the labor market is "less tight ... less dynamic." "The payoff for job changing is not quite as complex as it was earlier this year," Richardson added. "That points to some stability in this labor market."

Read more of this story at Slashdot.

New submitter ae4ax writes: North American buyers of JuiceBox EVSEs (chargers) received an email today declaring the imminent closure of Enel X Way USA, LLC, the maintainers of the software infrastructure behind their EVSEs. Customer support has already shut down, and apps will be deactivated and removed by October 11, 2024. The company claims economic headwinds from lackluster EV sales and high interest rates as the motivation for the closure. Enel X Way properties outside North America are not affected, they say. "An experienced third-party firm will be appointed to manage the company's affairs and ensure that the closure is handled with the utmost care and professionalism," the company said in a statement. "The appointed firm will be responsible for managing the remaining obligations and communicating directly with customers and partners regarding the closure." Customers will still be able to charge vehicles but all their connectivity features -- the Enel X Way app and all other Enel e-mobility apps in North America -- will stop working. Commercial charging stations will also lose functionality. "So If you own a JuiceBox, you just got nine days' warning that your home charger can no longer be configured," reports Electrek. Electrek's Michael Bower, who uses a JuiceBox to charge his Chevy Bolt, said: "I'm disappointed that Enel X Way is removing their apps -- and thus the ability to change the amperage -- for their EVSEs. I live in a condo with a 100A panel, so the ability to lower the amperage from 40 to 32 or 16 was beneficial when charging my EV while drawing power for laundry or the central A/C in the summer. It just shows how 'smart' EVSEs are too reliant on their respective apps."

Read more of this story at Slashdot.

Alexander doesn't usually ask "why are you hiring for this position?" during an interview. But when a small public library is paying your rather high contracting rate, one can't help but wonder. Fortunately, the library offered their reasoning without Alexander asking: "We hired a new staff member, so we need a programmer to add them to our home page."

Alexander assumed that he was dealing with a client who couldn't figure out how to navigate their CMS, and scheduled an afternoon to do the work. It turned out to be a bit more complicated.

The site had an "email a staff member" form. Select a staffer from a drop down, type into a text box, and hit send. Not a single staff member had ever received an email through the interface, but they all agreed it was a good feature to have, even if no one used it.

The relationship between staff members and email addresses was stored in a database. I'm kidding, why would you use a database for that? It was stored in a PHP file called mail_addresses.php:

/* please maintain alphabetical order */ $name=array('Alex'=>'alex@library.com', /* snip a few lines here */ 'Maria'=>'maria@library.com', 'Neil'=>'neil@library.com', /* snip a few lines here */ , 'zoe'=>'zoe@library.com');

This is why they felt that they needed a programmer to make changes. No one was comfortable editing PHP code.

While he was poking at it, Alexander also took a look at how those emails got sent:

function send_mail($receiver, $subject, $message) { include('mail_addresses.php'); $name=array(); $name=$name[$receiver]; mail($name, $subject, $message); }

Well, it became quickly obvious why they never received an email- after loading the array by includeing mail_addresses.php they immediately overwrite the array with $name=array().

Fixing that issue was easy, even if it wasn't part of the contract. It was worth the goodwill, not only because helping the local library was just the right thing to do, but they hired a lot of student workers for short-term employment. The mail_addresses.php file changed a lot, and they always needed a programmer to edit it.

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise. -->

An anonymous reader quotes a report from Ars Technica: Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn. The vulnerability, tracked as CVE-2024-45519, resides in the Zimbra email and collaboration server used by medium and large organizations. When an admin manually changes default settings to enable the postjournal service, attackers can execute commands by sending maliciously formed emails to an address hosted on the server. Zimbra recently patched the vulnerability. All Zimbra users should install it or, at a minimum, ensure that postjournal is disabled. On Tuesday, Security researcher Ivan Kwiatkowski first reported the in-the-wild attacks, which he described as "mass exploitation." He said the malicious emails were sent by the IP address 79.124.49[.]86 and, when successful, attempted to run a file hosted there using the tool known as curl. Researchers from security firm Proofpoint took to social media later that day to confirm the report. On Wednesday, security researchers provided additional details that suggested the damage from ongoing exploitation was likely to be contained. As already noted, they said, a default setting must be changed, likely lowering the number of servers that are vulnerable. [...] Proofpoint has explained that some of the malicious emails used multiple email addresses that, when pasted into the CC field, attempted to install a webshell-based backdoor on vulnerable Zimbra servers. The full cc list was wrapped as a single string and encoded using the base64 algorithm. When combined and converted back into plaintext, they created a webshell at the path: /jetty/webapps/zimbraAdmin/public/jsp/zimbraConfig.jsp. Proofpoint went on to say: "Once installed, the webshell listens for inbound connection with a pre-determined JSESSIONID Cookie field; if present, the webshell will then parse the JACTION cookie for base64 commands. The webshell has support for command execution via exec or download and execute a file over a socket connection."

Read more of this story at Slashdot.

After fifteen years of fighting to make the web safer and more accessible, the World Wide Web Foundation is shutting down. From a report: In a letter shared via the organization's website, co-founders Sir Tim Berners-Lee -- inventor of the World Wide Web -- and Rosemary Leith explain that the organization's mission has been somewhat accomplished and a new battle needs to be waged. When the foundation was founded in 2009, just over 20 percent of the world had access to the web and relatively few organizations were trying to change that, say Sir Tim and Leith. A decade and a half later, with nearly 70 percent of the world online, there are many similar non-governmental organizations trying to make the web more accessible and affordable. The two founders thank their supporters over the years who "have enabled us to move the needle in a big way" with regard to access and affordability. But the issues facing the web have changed, they insist, and the foundation believes other advocacy groups can take it from here. Chief among the more pressing problems, claim Sir Tim and Leith, is the social media business model that commoditized user data and concentrates power with platforms, contrary to Sir Tim's original vision for the web. To address that threat, Sir Tim intends to dismantle his foundation so he can focus on decentralized technology. "We, along with the Web Foundation board, have been asking ourselves where we can have the most impact in the future," the authors say. "The conclusion we have reached is that Tim's passion on restoring power over and control of data to individuals and actively building powerful collaborative systems needs to be the highest priority going forward. In order to best achieve this, Tim will focus his efforts to support his vision for the Solid Protocol and other decentralized systems."

Read more of this story at Slashdot.

Law enforcement from 12 countries arrested four individuals linked to the LockBit ransomware gang, including a developer and a bulletproof hosting administrator. The operation also resulted in the seizure of LockBit infrastructure and involved sanctions targeting affiliates of both LockBit and Evil Corp. BleepingComputer reports: According to Europol, a suspected LockBit ransomware developer was arrested in August 2024 at the request of French authorities while on holiday outside of Russia. The same month, the U.K.'s National Crime Agency (NCA) arrested two more individuals linked to LockBit activity: one believed to be associated with a LockBit affiliate, while the second was apprehended on suspicion of money laundering. In a separate action, at Madrid airport, Spain's Guardia Civil arrested the administrator of a bulletproof hosting service used to shield LockBit's infrastructure. Today, Australia, the United Kingdom, and the United States also revealed sanctions against an individual the UK NCA believes is a prolific LockBit ransomware affiliate linked to Evil Corp. The United Kingdom sanctioned 15 more Russian nationals involved in Evil Corp's criminal activities, while the United States sanctioned six individuals and Australia targeted two. "These actions follow the massive disruption of LockBit infrastructure in February 2024, as well as the large series of sanctions and operational actions that took place against LockBit administrators in May and subsequent months," Europol said.

Read more of this story at Slashdot.

Novelist Christopher Farnsworth has filed a class-action lawsuit (PDF) against Meta, accusing the company of using his and other authors' pirated books to train its Llama AI model. Farnsworth seeks damages and an order to stop the alleged copyright infringement, joining a growing group of creators suing tech companies over unauthorized AI training. Reuters reports: Farnsworth said in the lawsuit on Tuesday that Meta fed Llama, which powers its AI chatbots, thousands of pirated books to teach it how to respond to human prompts. Other authors including Ta-Nehisi Coates, former Arkansas governor Mike Huckabee and comedian Sarah Silverman have brought similar class-action claims against Meta in the same court over its alleged use of their books in AI training. [...] Several groups of copyright owners including writers, visual artists and music publishers have sued major tech companies over the unauthorized use of their work to train generative AI systems. The companies have argued that their AI training is protected by the copyright doctrine of fair use and that the lawsuits threaten the burgeoning AI industry.

Read more of this story at Slashdot.

Cisco is exiting the LoRaWAN market for IoT device connectivity, with no migration plans for customers. "LoRaWAN is a low power, wide area network specification, specifically designed to connect devices such as sensors over relatively long distances," notes The Register. "It is built on LoRa, a form of wireless communication that uses spread spectrum modulation, and makes use of license-free sub-gigahertz industrial, scientific, and medical (ISM) radio bands. The tech is overseen by the LoRa Alliance." From the report: Switchzilla made this information public in a notice on its website announcing the end-of-sale and end-of-life dates for Cisco LoRaWAN. The last day customers will be able to order any affected products will be January 1, 2025, with all support ceasing by the end of the decade. The list includes Cisco's 800 MHz and 900 MHz LoRaWAN Gateways, plus associated products such as omni-directional antennas and software for the Gateways and Interface Modules. If anyone was in any doubt, the notification spells it out: "Cisco will be exiting the LoRaWAN space. There is no planned migration for Cisco LoRaWAN gateways."

Read more of this story at Slashdot.

An anonymous reader quotes a report from NPR: A New Jersey appeals court says a couple cannot sue Uber over a life-altering car accident because of the app's terms and conditions, even though they say it was their daughter who agreed to those terms while placing an Uber Eats order. John and Georgia McGinty -- a Mercer County couple both in their 50s -- filed a lawsuit against the ride-hailing company in February 2023, nearly a year after suffering "serious physical, psychological, and financial damages" when the Uber they were riding in crashed into another car, according to court filings. "There are physical scars, mental scars, and I don't think that they will ever really be able to go back to their full capacity that they were at before," says their attorney, Mike Shapiro. Uber responded by filing a motion to dismiss the complaint and compel arbitration, which would require the parties to resolve their differences outside court instead -- ostensibly benefiting the company by lowering legal costs and keeping proceedings private. Uber argued that Georgia McGinty, a longtime customer of Uber Rides and Uber Eats, had agreed to arbitrate any disputes with the company when she signed off on the language in the app's terms of use on three occasions over the years. The McGintys fought back, saying it was actually their daughter -- who was and remains a minor -- who had most recently agreed to the terms when she used Georgia's phone to order food on their behalf. A lower court initially sided with the couple, denying Uber's motion to compel arbitration in November 2023. Uber appealed the decision, and late last month, the appeals court ruled in its favor. "We hold that the arbitration provision contained in the agreement under review, which Georgia or her minor daughter, while using her cell phone agreed to, is valid and enforceable," the three-judge panel wrote in September. "We, therefore, reverse the portion of the order denying arbitration of the claims against Uber." Shapiro told NPR that the couple "100%" wants to keep pursuing their case and are mulling their options, including asking the trial court to reconsider it or potentially trying to bring it to the New Jersey Supreme Court. "Uber has just been extremely underhanded in their willingness to open the same cabinets that they're forcing the McGintys to open up and have to peek around in," Shapiro says. "It's unfortunate that that's the way that they're carrying on their business, because this is truly something that subjects millions and millions of Americans and people all over the world to a waiver of their hard-fought rights." "While the plaintiffs continue to tell the press that it was their daughter who ordered Uber Eats and accepted the Terms of Use, it's worth noting that in court they could only 'surmise' that that was the case but could not recall whether 'their daughter ordered food independently or if Georgia assisted,'" Uber said in a statement. The report cites another recent case where Disney "tried to block a man's wrongful death lawsuit on behalf of his wife -- who died following an allergic reaction after eating at a Disney World restaurant -- because he had signed up for a trial of Disney+." After negative media coverage, the company backtracked on its push for arbitration.

Read more of this story at Slashdot.

The Verge's Gaby Del Valle reports: New York City Mayor Eric Adams, who was indicted last week on charges including fraud, bribery, and soliciting donations from foreign nationals, told federal investigators he forgot his phone password before handing it over, according to charging documents. That was almost a year ago, and investigators still can't get into the phone, prosecutors said Wednesday. During a federal court hearing, prosecutor Hagan Scotten said the FBI's inability to get into Adams' phone is a "significant wild card," according to a report from the New York Post. The FBI issued a search warrant for Adams' devices in November 2023. Adams initially handed over two phones but didn't have his personal device on him. The indictment does not mention what type of device Adams uses. When Adams turned in his personal cellphone the following day, charging documents say, he said he had changed the password a day prior -- after learning about the investigation -- and couldn't remember it. Adams told investigators he changed the password "to prevent members of his staff from inadvertently or intentionally deleting the contents of his phone," the indictment alleges. The FBI just needs the right tools. When investigators failed to break into the Trump rally shooter's phone in July, they sent the device to the FBI lab in Quantico, Virginia, where agents used an unreleased tool from the Israeli company Cellebrite to crack it in less than an hour.

Read more of this story at Slashdot.

schwit1 shares a report from The Independent: Thousands of Bank of America customers reported trouble accessing their bank accounts Wednesday afternoon as the financial institution faced a widespread outage. On social media, customers said they could not view their account balances. Those who could view their accounts said they were met with an alarming $0 balance. For many, a "Connection Error" message popped up while trying to log into the banking app. The message said it was "unable to complete your request" and asked the user to "try again later." By 1:15 p.m. Eastern Time, nearly 20,000 customers said they were having trouble, according to Downdetector, which reports web outages. That number dropped before rising again around 2:45 p.m. ET. It is unclear what caused the outage

Read more of this story at Slashdot.

The small town of Spruce Pine, North Carolina, which supplies high-purity quartz essential for semiconductor production, is reeling from the damage caused by Tropical Storm Helene. An anonymous reader quotes a report from Axios: Spruce Pine is one of the only places in the world to mine high-purity quartz. The mineral is an essential ingredient of chips in countless products, including medical devices, solar panels, cellphones and the chips powering the latest tech craze: artificial intelligence. It's difficult to underscore the significance of Spruce Pine -- a town of about 2,000 people, known for its charming downtown and blossoming arts scene -- to the global economy. Economics editor Ed Conway put it best in his 2023 book "Material World," writing: "It is rare, unheard of almost, for a single site to control the global supply of a crucial material. Yet if you want to get high-purity quartz -- the kind you need to make those crucibles without which you can't make silicon wafers -- it has to come from Spruce Pine." The Quartz Corp and Sibelco both export high-purity quartz from Spruce Pine. While there are other places to find the material, such as Russia and Brazil, this mountain town has the highest quantity of the highest purity, says Conway. A few weeks of shutdown is not the end of the world, Conway tells Axios. However, longer than that could put the industry into "another crisis." The semiconductor industry would need to find alternatives. [...] The mines in Spruce Pine are still accounting for their workers and families, the international companies stated. The level of destruction at the sites is unknown. However, even if the facilities are intact, the railroads that move the quartz will likely need drastic repairs. The Quartz Corp and Sibelco temporarily halted operations on Sept. 26 and haven't said when they might reopen. "This is second order of priority," The Quartz Corp said in a statement. "Our top priority remains the health and safety of our employees and their families."

Read more of this story at Slashdot.