An anonymous reader quotes a report from The Verge: The Senate passed the Kids Online Safety Act (KOSA) and the Children and Teens' Online Privacy Protection Act (also known as COPPA 2.0), the first major internet bills meant to protect children to reach that milestone in two decades. A legislative vehicle that included both KOSA and COPPA 2.0 passed 91-3. Senate Majority Leader Chuck Schumer (D-NY) called it "a momentous day" in a speech ahead of the vote, saying that "the Senate keeps its promise to every parent who's lost a child because of the risks of social media." He called for the House to pass the bills "as soon as they can." KOSA is a landmark piece of legislation that a persistent group of parent advocates played a key role in pushing forward -- meeting with lawmakers, showing up at hearings with tech CEOs, and bringing along photos of their children, who, in many cases, died by suicide after experiencing cyberbullying or other harms from social media. These parents say that a bill like KOSA could have saved their own children from suffering and hope it will do the same for other children. The bill works by creating a duty of care for online platforms that are used by minors, requiring they take "reasonable" measures in how they design their products to mitigate a list of harms, including online bullying, sexual exploitation, drug promotion, and eating disorders. It specifies that the bill doesn't prevent platforms from letting minors search for any specific content or providing resources to mitigate any of the listed harms, "including evidence-informed information and clinical resources." The legislation faces significant opposition from digital rights, free speech, and LGBTQ+ advocates who fear it could lead to censorship and privacy issues. Critics argue that the duty of care may result in aggressive content filtering and mandatory age verification, potentially blocking important educational and lifesaving content. The bill may also face legal challenges from tech platforms citing First Amendment violations.

Read more of this story at Slashdot.

AmiMoJo writes: Wind turbines and solar panels have overtaken fossil fuels to generate 30% of the European Union's electricity in the first half of the year, a report has found. Power generation from burning coal, oil and gas fell 17% in the first six months of 2024 compared with the same period the year before, according to climate thinktank Ember. It found the continued shift away from polluting fuels has led to a one-third drop in the sector's emissions since the first half of 2022. Chris Rosslowe, an analyst at Ember, said the rise of wind and solar was narrowing the role of fossil fuels. "We are witnessing a historic shift in the power sector, and it is happening rapidly." The report found EU power plants burned 24% less coal and 14% less gas from the first half of 2023 to the first half of 2024. The shift comes despite a small uptick in electricity demand that has followed two years of decline linked to the pandemic and Ukraine war.

Read more of this story at Slashdot.

Microsoft has revealed that the global computer outage caused by a faulty CrowdStrike software update, which impacted numerous major corporations, affected far more devices than initially reported, with the tech giant stating that the previously announced figure of 8.5 million affected Windows machines represents only a "subset" of the total impact. Microsoft has refrained from providing a revised estimate of the full scope of the disruption. The revelation comes as the technology sector continues to grapple with the fallout from the incident, which occurred 10 days ago and led to widespread disruptions across various industries, prompting Microsoft to face criticism despite the root cause being traced back to a third-party cybersecurity provider's error. Microsoft clarified that the initial 8.5 million figure was derived solely from devices with enabled crash reporting features, suggesting that the true extent of the outage could be substantially higher, given that many systems do not have this optional feature activated. Further reading: Delta Seeks Damages From CrowdStrike, Microsoft After Outage.

Read more of this story at Slashdot.

Logitech, the Swiss-American computer peripherals manufacturer, is considering the development of a long-lasting mouse that could potentially serve customers "forever," according to CEO Hanneke Faber. In a recent interview, Faber revealed that the company's innovation center has presented her with a prototype of such a device. The concept mouse, described as slightly heavier than standard models, would rely on software updates and services to maintain its functionality over time. Faber likened it to a quality watch that doesn't require frequent replacement.

Read more of this story at Slashdot.

Goals to stop the decline of nature and clean up the air and water in England are slipping out of reach, a new report has warned. From a report: An audit of the Environmental Improvement Plan (EIP), which is the mechanism by which the government's legally binding targets for improving nature should be met, has found that plans for thriving plants and wildlife and clean air are deteriorating. This plan was supposed to replace the EU-derived environmental regulations the UK used until the Environment Act was passed in 2021 after Brexit. The report found that there was no data to measure many of the metrics such as habitat creation for wildlife and the status of sites of special scientific interest. It also highlighted that the government was off track to meet its woodland creation targets, and that water leakage from pipes had in fact increased since the targets were set. The Labour party announced on Tuesday that it would overhaul these goals. The environment secretary, Steve Reed, said the government would lay out detailed delivery plans for each target, such as tree planting and air quality, working with environment groups to do so.

Read more of this story at Slashdot.

Russian lawmakers passed a bill on Tuesday that will allow businesses to use crypto currencies in international trade, as part of efforts to skirt Western sanctions imposed after Russia's invasion of Ukraine. From a report: The law is expected to go into force in September, and Russian central bank Governor Elvira Nabiullina, one of the backers of the new law, said the first transactions in cryptocurrencies will take place before the end of the year. Russia has faced significant delays in international payments with major trading partners such as China, India and the United Arab Emirates after banks in those countries, under pressure from Western regulators, became more cautious. "We are taking a historic decision in the financial sphere," the head of the Duma lower house of parliament, Anatoly Aksakov, told lawmakers. Under the new law, the central bank will create a new "experimental" infrastructure for cryptocurrency payments. Details of the infrastructure have yet to be announced.

Read more of this story at Slashdot.

Spain's competition watchdog said Tuesday it had slapped online travel agency Booking.com with a record $446.7 million fine for "abusing its dominant position" during the past five years. From a report: "These practices have affected hotels located in Spain and other online travel agencies that compete with the platform. Its terms and conditions create an inequitable imbalance in the commercial relationship with hotels located in Spain," the CNMC said in a statement. "By better positioning hotels with more bookings on Booking.com, other online agencies have been prevented from entering the market or expanding," it added. This is the largest fine ever imposed by the CNMC, a spokeswoman for the authority told AFP. The CNMC said Booking.com's market share in Spain, the world's second most visited country after France, during the period under investigation was between 70 percent and 90 percent. Booking.com, whose parent company Booking Holdings is headquartered in the United States, is a dominant player with a market share in Europe of more than 60 percent. In May, the European Union added the travel agency to its list of digital companies big enough to fall under tougher competition rules, giving the firm six months to prepare for compliance with the landmark Digital Markets Act (DMA).

Read more of this story at Slashdot.

HealthEquity is notifying 4.3 million people following a March data breach that affects their personal and protected health information. From a report: In its data breach notice, filed with Maine's attorney general, the Utah-based healthcare benefits administrator said that although the compromised data varies by person, it largely consists of sign-up information for accounts and information about benefits that the company administers. HealthEquity said the data may include customer names, addresses, phone numbers, their Social Security number, information about the person's employer and the person's dependent (if any), and some payment card information. HealthEquity provides employees at companies across the United States access to workplace benefits, like health savings accounts and commuter options for public transit and parking. At its February earnings, HealthEquity said it had more than 15 million total customer accounts.

Read more of this story at Slashdot.

Amazon is responsible for hazardous products sold by third-party sellers on its platform under the federal safety law and bears legal responsibility for their recall, the U.S. consumer protection authority said on Tuesday. From a report: The Consumer Product Safety Commission (CPSC) said it has issued an order for the e-commerce giant to propose remediation plans to notify consumers about these products and to remove them from consumers' homes by encouraging returns or destruction. More than 400,000 products are subject to this order, the CPSC said, noting in particular faulty carbon monoxide detectors, hairdryers without electrocution protection, and children's sleepwear that violated flammability standards. The CPSC has determined that Amazon was a "distributor" of such defective products as they are listed on its website, even though they are sold by third-party sellers under the "Fulfilled by Amazon" program.

Read more of this story at Slashdot.

An anonymous reader shares a report: Once upon a time, the vulture was an abundant and ubiquitous bird in India. The scavenging birds hovered over sprawling landfills, looking for cattle carcasses. Sometimes they would alarm pilots by getting sucked into jet engines during airport take-offs. But more than two decades ago, India's vultures began dying because of a drug used to treat sick cows. By the mid-1990s, the 50 million-strong vulture population had plummeted to near zero because of diclofenac, a cheap non-steroidal painkiller for cattle that is fatal to vultures. Birds that fed on carcasses of livestock treated with the drug suffered from kidney failure and died. Since the 2006 ban on veterinary use of diclofenac, the decline has slowed in some areas, but at least three species have suffered long-term losses of 91-98%, according to the latest State of India's Birds report. And that's not all, according to a new peer-reviewed study. The unintentional decimation of these heavy, scavenging birds allowed deadly bacteria and infections to proliferate, leading to the deaths of about half a million people over five years, says the study [PDF] published in the American Economic Association journal. "Vultures are considered nature's sanitation service because of the important role they play in removing dead animals that contain bacteria and pathogens from our environment - without them, disease can spread," says the study's co-author, Eyal Frank, an assistant professor at University of Chicago's Harris School of Public Policy. "Understanding the role vultures play in human health underscores the importance of protecting wildlife, and not just the cute and cuddly. They all have a job to do in our ecosystems that impacts our lives."

Read more of this story at Slashdot.

Microsoft is calling on Congress to pass a comprehensive law to crack down on images and audio created with AI -- known as deepfakes -- that aim to interfere in elections or maliciously target individuals. From a report: Noting that the tech sector and nonprofit groups have taken steps to address the problem, Microsoft President Brad Smith on Tuesday said, "It has become apparent that our laws will also need to evolve to combat deepfake fraud." He urged lawmakers to pass a "deepfake fraud statute to prevent cybercriminals from using this technology to steal from everyday Americans." The company also is pushing for Congress to label AI-generated content as synthetic and for federal and state laws that penalize the creation and distribution of sexually exploitive deepfakes. The goal, Smith said, is to safeguard elections, thwart scams and protect women and children from online abuses. Congress is currently mulling several proposed bills that would regulate the distribution of deepfakes.

Read more of this story at Slashdot.

apcyberax shares a report: Microsoft is investigating an ongoing and widespread outage blocking access to some Microsoft 365 and Azure services. "We're currently investigating access issues and degraded performance with multiple Microsoft 365 services and features. More information can be found under MO842351 in the admin center," Redmond said. However, many users report having issues connecting to the Microsoft 365 admin center and opening the Service Health Status page, which should provide real-time information on issues impacting Microsoft Azure and the Microsoft 365/Power Platform admin centers. For the moment, the company says this incident is only affecting users in Europe and only a subset of its services.

Read more of this story at Slashdot.

The World Wide Web Consortium (W3C) has expressed disappointment with Google's decision to retain third-party cookies, stating it undermines collaborative efforts. Google's reversal follows a five-year initiative to develop privacy-focused ad technology. While some advertising industry representatives welcomed the move, the W3C's criticism highlights the ongoing debate over online privacy and advertising practices. W3C writes: Third-party cookies are not good for the web. They enable tracking, which involves following your activity across multiple websites. They can be helpful for use cases like login and single sign-on, or putting shopping choices into a cart -- but they can also be used to invisibly track your browsing activity across sites for surveillance or ad-targeting purposes. This hidden personal data collection hurts everyone's privacy. We aren't the only ones who are worried. The updated RFC that defines cookies says that third-party cookies have "inherent privacy issues" and that therefore web "resources cannot rely upon third-party cookies being treated consistently by user agents for the foreseeable future." We agree. Furthermore, tracking and subsequent data collection and brokerage can support micro-targeting of political messages, which can have a detrimental impact on society, as identified by Privacy International and other organizations. Regulatory authorities, such as the UK's Information Commissioner's Office, have also called for the blocking of third-party cookies. The job of the TAG as stewards of the architecture of the web has us looking at the big picture (the whole web platform) and the details (proposed features and specs). We try to provide guidance to spec authors so that their new technologies fill holes that need to be filled, don't conflict with other parts of the web, and don't set us up for avoidable trouble in the future. We've been working with Chrome's Privacy Sandbox team (as well as others in the W3C community) for several years, trying to help them create better approaches for the things that third-party cookies do. While we haven't always agreed with the Privacy Sandbox team, we have made substantial progress together. This announcement came out of the blue, and undermines a lot of the work we've done together to make the web work without third-party cookies. The unfortunate climb-down will also have secondary effects, as it is likely to delay cross-browser work on effective alternatives to third-party cookies. We fear it will have an overall detrimental impact on the cause of improving privacy on the web. We sincerely hope that Google reverses this decision and re-commits to a path towards removal of third-party cookies.

Read more of this story at Slashdot.

An anonymous reader quotes a report from CNBC: Delta Air Lines has hired prominent attorney David Boies to seek damages from CrowdStrike and Microsoft following an outage this month that caused millions of computers to crash, leading to thousands of flight cancellations. CrowdStrike shares fell as much as 5% in extended trading on Monday after CNBC's Phil Lebeau reported on Delta's hiring of Boies, chairman of Boies Schiller Flexner. Microsoft was little changed. [...] While no suit has been filed, Delta plans to seek compensation from Microsoft and CrowdStrike, Lebeau reported. The outages cost Delta an estimated $350 million to $500 million. Delta is dealing with over 176,000 refund or reimbursement requests after almost 7,000 flights were canceled. Boies is known for representing the U.S. government in its landmark antitrust case against Microsoft and for helping win a decision that overturned California's ban on gay marriage. He also worked with Harvey Weinstein, the imprisoned former Hollywood mogul, and Theranos founder Elizabeth Holmes, who is currently serving a prison sentence for defrauding investors. Insurance startup Parametrix estimated that the CrowdStrike incident resulted in a total loss of $5.4 billion for Fortune 500 companies, not including Microsoft.

Read more of this story at Slashdot.

China has proposed issuing "cyberspace IDs" to its citizens in order to protect their personal information, regulate the public service for authentication of cyberspace IDs, and accelerate the implementation of the trusted online identity strategy. The Register reports: The ID will take two forms: one as a series of letter and numbers, and the other as an online credential. Both will correspond to the citizen's real-life identity, but with no details in plaintext -- presumably encryption will be applied. A government national service platform will be responsible for authenticating and issuing the cyberspace IDs. The draft comes from the Ministry of Public Security and the Cyberspace Administration of China (CAC). It clarifies that the ID will be voluntary -- for now -- and eliminate the need for citizens to provide their real-life personal information to internet service providers (ISPs). Those under the age of fourteen would need parental consent to apply. China is one of the few countries in the world that requires citizens to use their real names on the internet. [...] Relying instead on a national ID means "the excessive collection and retention of citizens' personal information by internet service providers will be prevented and minimized," reasoned Beijing. "Without the separate consent of a natural person, an internet platform may not process or provide relevant data and information to the outside without authorization, except as otherwise provided by laws and administrative regulations," reads the draft.

Read more of this story at Slashdot.

Dan B is working on software which interacts with a bank. We'll get the REAL WTF out of the way right at the top: "The bank has requested that we send them an email containing the total of all the transactions…"

Yes, core financial business functions being handled over email. I imagine some readers are probably thinking about drinking something stronger than coffee at the thought of it. A lot of readers, on the other hand, are already onto something stronger than coffee and going, "Oh, yeah, seen that before. Hell, I'm pretty sure that EDI explicitly supports email as a delivery mechanism."

Let's dig into Dan's more specific challenge. The program he was supporting needed to take an input from their backend- a mainframe style, flat-file with fixed-width fields, and convert it into the format the bank wanted. Their input file tracked the value of each transaction as a zero-padded number in cents. E.g., a ten dollar transaction would be "0001000". The bank wanted a roll-up of all the line items, where the currency was represented as dollars and cents, e.g. "10.00". The email alert that needed to go out simply needed to be a summary of the file processed.

Now, there's an obvious way to do this, even when we're worried about things like floating point rounding errors. There's also a wrong way to do this. Let's look at that one.

def create_message_body_from_file(path): def to_dec(s): return Decimal('{}.{}'.format(s[:-2], s[len(s)-2:])) with path.open() as f: # 28:39 contains the transaction amount trans_amount_lines = [line[28:39] for line in f][2:-2] decimal_converted_lines = list() for line in trans_amount_lines: s = line.lstrip('0') decimal_converted_lines.append(to_dec(s)) summed_lines = sum(decimal_converted_lines) todays_date = date.today() body_format = { 'file_name': path.name, 'summed_lines': str(summed_lines), 'todays_date': str(todays_date) } body = ''' The ACH file has been successfully transmitted the file {file_name} with a total ACH amount of {summed_lines} to the bank on {todays_date}. '''.format(**body_format) return body

We start with the to_dec inner function. Here, we take a string and split it up, then reformat it and then convert it to a decimal type. Because string munging is always the best way to separate dollars and cents.

Then we pull out the field we care about- all the characters from 28:39 in every line. For every line in the file, we make a list of those fields, and then we use [2:-2] to skip the first two and last two lines in the file (headers and footers, I assume?).

Once we've got the lines parsed out, we then strip the leading zeroes, then run it through the to_dec function. Which, it's worth noting, converts the string to a numeric value- thus stripping the leading zeroes without doing string munging.

Finally, we sum it up, build our format, and output our body.

In total, we iterate across every row three times (once to read from the file, once to convert to decimal, once more to sum). For each row, generate a new string once when we strip and once again when we convert to decimal. Then two more, just for fun, when we create our body_format and format the string.

As Dan puts it: "While not incorrect, this is just… convoluted, hard to read, and a memory hog." The only good news is that "we're not processing too many transaction, yet…"

Ah, the best news for any business with bad code: "at least we're not generating a lot of sales". I'm sure this will be fine.

.comment { border: none} [Advertisement] Continuously monitor your servers for configuration changes, and report when there's configuration drift. Get started with Otter today!

An anonymous reader quotes a report from Ars Technica: The death of the US government's Affordable Connectivity Program (ACP) is starting to result in disconnection of Internet service for Americans with low incomes. On Friday, Charter Communications reported a net loss of 154,000 Internet subscribers that it said was mostly driven by customers canceling after losing the federal discount. About 100,000 of those subscribers were reportedly getting the discount, which in some cases made Internet service free to the consumer. The $30 monthly broadband discounts provided by the ACP ended in May after Congress failed to allocate more funding. The Biden administration requested (PDF) $6 billion to fund the ACP through December 2024, but Republicans called the program "wasteful." Republican lawmakers' main complaint was that most of the ACP money went to households that already had broadband before the subsidy was created. FCC Chairwoman Jessica Rosenworcel warned that killing the discounts would reduce Internet access, saying (PDF) an FCC survey found that 77 percent of participating households would change their plan or drop Internet service entirely once the discounts expired. Charter's Q2 2024 earnings report provides some of the first evidence of users dropping Internet service after losing the discount. "Second quarter residential Internet customers decreased by 154,000, largely driven by the end of the FCC's Affordable Connectivity Program subsidies in the second quarter, compared to an increase of 70,000 during the second quarter of 2023," Charter said. Across all ISPs, there were 23 million US households enrolled in the ACP. Research released in January 2024 found that Charter was serving over 4 million ACP recipients and that up to 300,000 of those Charter customers would be "at risk" of dropping Internet service if the discounts expired. Given that ACP recipients must meet low-income eligibility requirements, losing the discounts could put a strain on their overall finances even if they choose to keep paying for Internet service. [...] Light Reading reported that Charter attributed about 100,000 of the 154,000 customer losses to the ACP shutdown. Charter said it retained most of its ACP subscribers so far, but that low-income households might not be able to continue paying for Internet service without a new subsidy for much longer.

Read more of this story at Slashdot.

In an incident report today, DigiCert says it discovered that some CNAME-based validations did not include the required underscore prefix, affecting about 0.4% of their domain validations. According to CA/Browser Forum (CABF) rules, certificates with validation issues must be revoked within 24 hours, prompting DigiCert to take immediate action. DigiCert says impacted customers "have been notified." New submitter jdastrup first shared the news, writing: Due to a mistake going back years that has recently been discovered, DigiCert is required by the CABF to revoke any certificate that used the improper Domain Control Validation (DCV) CNAME record in 24 hours. This could literally be thousands of SSL certs. This could take a lot of time and potentially cause outages worldwide starting July 30 at 19:30 UTC. Be prepared for a long night of cert renewals. DigiCert support line is completely jammed.

Read more of this story at Slashdot.

Despite multiple methods available across major operating systems for installing and updating applications, there remains "no real clear answer to 'which is best,'" reports The Next Web. Each system faces unique challenges such as outdated packages, high fees, and policy restrictions. Enter Homebrew. "Initially created as an option for developers to keep the dependencies they often need for developing, testing, and running their work, Homebrew has grown to be so much more in its 15-year history." Created in 2009, Homebrew has become a leading solution for macOS, integrating with MDM tools through its enterprise-focused extension, Workbrew, to balance user freedom with corporate security needs, while maintaining its open-source roots under the guidance of Mike McQuaid. In an interview with The Next Web's Chris Chinchilla, project leader Mike McQuaid talks about the challenges and responsibilities of maintaining one of the world's largest open-source projects: As with anything that attracts plenty of use and attention, Homebrew also attracts a lot of mixed and extreme opinions, and processing and filtering those requires a tough outlook, something that Mike has spoken about in numerous interviews and at conferences. "As a large project, you get a lot of hate from people. Either people are just frustrated because they hit a bug or because you changed something, and they didn't read the release notes, and now something's broken," Mike says when I ask him about how he copes with the constant influx of communication. "There are a lot of entitled, noisy users in open source who contribute very little and like to shout at people and make them feel bad. One of my strengths is that I have very little time for those people, and I just insta-block them or close their issues." More crucially, an open-source project is often managed and maintained by a group of people. Homebrew has several dozen maintainers and nearly one thousand total contributors. Mike explains that all of these people also deserve to be treated with respect by users, "I'm also super protective of my maintainers, and I don't want them to be treated that way either." But despite these features and its widespread use, one area Homebrew has always lacked is the ability to work well with teams of users. This is where Workbrew, a company Mike founded with two other Homebrew maintainers, steps in. [...] Workbrew ties together various Homebrew features with custom glue to create a workflow for setting up and maintaining Mac machines. It adds new features that core Homebrew maintainers had no interest in adding, such as admin and reporting dashboards for a computing fleet, while bringing more general improvements to the core project. Bearing in mind Mike's motivation to keep Homebrew in the "traditional open source" model, I asked him how he intended to keep the needs of the project and the business separated and satisfied. "We've seen a lot of churn in the last few years from companies that made licensing decisions five or ten years ago, which have now changed quite dramatically and have generated quite a lot of community backlash," Mike said. "I'm very sensitive to that, and I am a little bit of an open-source purist in that I still consider the open-source initiative's definition of open source to be what open source means. If you don't comply with that, then you can be another thing, but I think you're probably not open source." And regarding keeping his and his co-founder's dual roles separated, Mike states, "I'm the CTO and co-founder of Workbrew, and I'm the project leader of Homebrew. The project leader with Homebrew is an elected position." Every year, the maintainers and the community elect a candidate. "But then, with the Homebrew maintainers working with us on Workbrew, one of the things I say is that when we're working on Workbrew, I'm your boss now, but when we work on Homebrew, I'm not your boss," Mike adds. "If you think I'm saying something and it's a bad idea, you tell me it's a bad idea, right?" The company is keeping its early progress in a private beta for now, but you can expect an announcement soon. As for what's happening for Homebrew? Well, in the best "open source" way, that's up to the community and always will be.

Read more of this story at Slashdot.

According to Reuters, Hewlett Packard Enterprise (HPE) is expected to secure unconditional EU antitrust approval for its $14 billion acquisition of networking gear maker Juniper Networks. From the report: HPE announced the deal in January, underscoring the rush by companies to upgrade and develop new products amid a sharp rise in artificial intelligence-driven services. The European Commission, which is scheduled to decide on the deal by Aug. 1, declined to comment. HPE was expected to underline the power of market leader and Juniper rival Cisco to allay any possible European Union competition concerns, other people with direct knowledge of the matter had previously told Reuters. The deal is also being assessed by Britain's antitrust enforcer, with a decision due on Aug. 14.

Read more of this story at Slashdot.