An anonymous reader quotes a report from TechCrunch: A U.S. online gift card store has secured an online storage server that was publicly exposing hundreds of thousands of customer government-issued identity documents to the internet. A security researcher, who goes by the online handle JayeLTee, found the publicly exposed storage server late last year containing driving licenses, passports, and other identity documents belonging to MyGiftCardSupply, a company that sells digital gift cards for customers to redeem at popular brands and online services. MyGiftCardSupply's website says it requires customers to upload a copy of their identity documents as part of its compliance efforts with U.S. anti-money laundering rules, often known as "know your customer" checks, or KYC. But the storage server containing the files had no password, allowing anyone on the internet to access the data stored inside. JayeLTee alerted TechCrunch to the exposure last week after MyGiftCardSupply did not respond to the researcher's email about the exposed data. [...] According to JayeLTee, the exposed data -- hosted on Microsoft's Azure cloud -- contained over 600,000 front and back images of identity documents and selfie photos of around 200,000 customers. It's not uncommon for companies subject to KYC checks to ask their customers to take a selfie while holding a copy of their identity documents to verify that the customer is who they say they are, and to weed out forgeries. MyGiftCardSupply founder Sam Gastro told TechCrunch: "The files are now secure, and we are doing a full audit of the KYC verification procedure. Going forward, we are going to delete the files promptly after doing the identity verification." It's not known how long the data was exposed or if the company would commit to notifying affected individuals.

Read more of this story at Slashdot.

Microsoft plans to spend $80 billion in fiscal 2025 on the construction of data centers that can handle AI workloads, the company said in a Friday blog post. From a report: Over half of the expected AI infrastructure spending will take place in the U.S., Microsoft Vice Chair and President Brad Smith wrote. Microsoft's 2025 fiscal year ends in June.

Read more of this story at Slashdot.

NetEase has reversed 100-year bans imposed on "Marvel Rivals" players using Linux and Mac compatibility tools in December 2024, following intervention from CodeWeavers' CEO and player complaints. The game's anti-cheat system had banned players until 2124 for using Proton and CrossOver software on Steam Deck and Apple devices. The company stated on Discord it "will not ban players who are playing fairly and without cheating" but has made no broader commitments regarding compatibility tools.

Read more of this story at Slashdot.

Box office returns have started to stabilize. But nine of the top 10 box office hits this year were sequels [non-paywalled link]. And the 10th was "Wicked." From a report: A year ago, Hollywood's creative community was celebrating the apparent decline of corporate, paint-by-numbers sequels and remakes. Blockbuster ticket sales for movies like "Oppenheimer," "Sound of Freedom" and "Barbie" had shown -- or so it seemed -- that audiences were finally hungry for fresh stories. You could almost hear the relief emanating from franchise-fatigued writers, directors and producers. "Everything Everywhere All at Once," the wildly inventive Oscar-winning art film that broke out in cinemas in 2022, had not been a fluke! Alas. Mass moviegoing swung squarely back to the predictable this past year, with sequels filling nine of the top 10 slots at the North American box office. The ennead consisted of "Inside Out 2," "Despicable Me 4," "Deadpool & Wolverine," "Moana 2," "Dune: Part Two," "Beetlejuice Beetlejuice," "Kung Fu Panda 4," "Twisters" and the 38th Godzilla movie, "Godzilla x Kong: The New Empire." "Wicked," a song-by-song adaptation of the first half of the long-running Broadway musical, was the only top-10 outlier, counting as original, if only by a witchy whisker. (In the alternative reality of Hollywood, a movie can be "original" even if it is derivative of something else. What matters is whether the source material has previously been used for a stand-alone theatrical movie.)

Read more of this story at Slashdot.

Meta's AI-generated social media profiles, which sparked controversy this week following comments by executive Connor Hayes about plans to expand AI characters across Facebook and Instagram, have largely failed to gain user engagement since their 2023 launch, 404 Media reported Friday. The profiles, introduced at Meta's Connect event in September 2023, stopped posting content in April 2024 after widespread user disinterest, with 15 of the original 28 accounts already deleted, Meta spokesperson Liz Sweeney told 404 Media. The AI characters, including personas like "Liv," a Black queer mother, and "Grandpa Brian," a retired businessman, generated minimal engagement and were criticized for posting stereotypical content. Washington Post columnist Karen Attiah reported that one AI profile admitted its purpose was "data collection and ad targeting." Meta is now removing these accounts after identifying a bug preventing users from blocking them, Sweeney said, adding that Hayes' recent Financial Times interview discussed future AI character plans rather than announcing new features.

Read more of this story at Slashdot.

A federal judge in Connecticut refused to dismiss a long-running lawsuit accusing the former Nestle Waters North America of defrauding consumers by labeling its Poland Spring bottled water as "spring water." From a report: While rejecting some claims in the proposed class action, U.S. District Judge Jeffrey Alker Meyer in New Haven called it an open question whether Poland Spring qualified as spring water under the laws of Connecticut, Maine, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania and Rhode Island. Poland Spring is now owned by Tampa, Florida-based Primo Brands, following multiple corporate transactions. Consumers sued Nestle Waters, then owned by Nestle, in 2017, saying it deceived them into overpaying for Poland Spring with labels declaring it to be "Natural Spring Water" or "100% Natural Spring Water." The plaintiffs said "not one drop" of the 1 billion gallons sold annually in the United States came from a natural spring, and that the actual Poland Spring in Maine "ran dry" two decades before Nestle bought the brand in 1992. In seeking a dismissal, Nestle Waters said geologists and officials in the eight states agreed that Poland Spring complied with a U.S. Food and Drug Administration rule defining spring water, and each state authorized its sale as "spring water."

Read more of this story at Slashdot.

The U.S. surgeon general has issued an advisory calling for a warning about the risk of cancer to be included on alcoholic beverages. From a report: "Given the conclusive evidence on the cancer risk from alcohol consumption and the Office of the Surgeon General's responsibility to inform the American public of the best available scientific evidence, the Surgeon General recommends an update to the Surgeon General's warning label for alcohol-containing beverages to include a cancer risk warning," Dr. Vivek Murthy said in the advisory Friday. The advisory notes that alcohol is the third leading preventable cause of cancer in the country, after tobacco and obesity. "Alcohol is a well-established, preventable cause of cancer responsible for about 100,000 cases of cancer and 20,000 cancer deaths annually in the United States -- greater than the 13,500 alcohol-associated traffic crash fatalities per year in the U.S. -- yet the majority of Americans are unaware of this risk," Murthy said in a news release. The advisory also says more than 740,000 cancer cases globally could be attributed to alcohol use in 2020.

Read more of this story at Slashdot.

Boeing is conducting more surprise inspections at its factories as part of a broader plan to prevent manufacturing snafus like the one that led to a jet-panel blowout on an Alaska Air flight a year ago. From a report: The jet maker outlined on Friday more than a dozen steps it has taken in recent months to tackle a manufacturing quality crisis that has forced Boeing to slow production and has put it under the microscope of federal regulators. Some of the steps have been previously reported. Boeing restarted production at its 737 factory in December after a machinists strike stopped work for several months. The company is still producing far fewer 737 MAXs per month than it was in the months before the Alaska Airlines accident. Among the new procedures are another layer of random quality checks where plane parts are commonly removed and then put back. In the case of the MAX involved in last January's incident, workers failed to replace bolts needed to hold a door-plug in place. The plug had been opened to repair faulty rivets.

Read more of this story at Slashdot.

Researchers from Inria and Microsoft have developed a system to automatically convert specific types of C programming code into memory-safe Rust code, addressing growing cybersecurity concerns about memory vulnerabilities in software systems. The technique, detailed in a new paper, requires programmers to use a restricted version of C called "Mini-C" that excludes features like pointer arithmetic. The researchers successfully tested their conversion system on two major code libraries, including the 80,000-line HACL* cryptographic library. Parts of the converted code have already been integrated into Mozilla's NSS and OpenSSH security systems, according to the researchers. Memory safety errors account for 76% of Android vulnerabilities in 2019.

Read more of this story at Slashdot.

China will expand consumption subsidies to cover smartphones and other electronics, in a step to promote domestic spending as external headwinds pick up. From a report: A national trade-in program that currently applies to home appliances and cars will broaden this year to include personal devices like phones, tablets and smartwatches, officials from the nation's top economic planning agency said in a briefing Friday. Chinese consumers in the post-Covid era have begun holding onto their smartphones longer, given a lack of exciting new features and general belt-tightening. As with cars and washing machines, investors hope incentives will revive the world's largest smartphone market and drive sales for not just brands such as Huawei and Xiaomi, but also galvanize business on platforms popular with device fans like Alibaba Group and JD.com.

Read more of this story at Slashdot.

China's sulfur dioxide emissions have fallen by more than two-thirds over the past 15 years through strict coal plant regulations and desulfurization technology, according to Community Emissions Data System data. Emissions peaked in mid-2000s after steep rises in the 1980s-90s, with the reduction significantly improving air quality in major cities.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Hollywood Reporter: A trio of major music publishers suing Anthropic over the use of lyrics to train its AI system have reached a deal with the Amazon-backed company to resolve some parts of a pending preliminary injunction. U.S. District Judge Eumi Lee on Thursday signed off on an agreement between the two sides mandating Anthropic to maintain existing guardrails that prevent its Claude AI chatbot from providing lyrics to songs owned by the publishers or create new song lyrics based on the copyrighted material. In a statement, Anthropic said Claude "isn't designed to be used for copyright infringement, and we have numerous processes in place designed to prevent such infringement." It added, "Our decision to enter into this stipulation is consistent with those priorities. We continue to look forward to showing that, consistent with existing copyright law, using potentially copyrighted material in the training of generative AI models is a quintessential fair use." [...] Under the agreement, Anthropic will apply already-implemented guardrails in the training of new AI systems. The deal also provides an avenue for music publishers to intervene if the guardrails aren't working as intended. "Publishers may notify Anthropic in writing that its Guardrails are not effectively preventing output that reproduces, distributes, or displays, in whole or in part, the lyrics to compositions owned or controlled by Publishers, or creates derivative works based on those compositions," the filing states. "Anthropic will respond to Publishers expeditiously and undertake an investigation into those allegations, with which Publishers will cooperate in good faith." Anthropic has maintained in court filings that existing guardrails make it unlikely that any future user could prompt Claude to produce any material portion of the works-in-suit. They consist of a "range of technical and other measures -- at all levels in the development lifecycle -- that aim to prevent users from simply prompting Claude to regurgitate training data," said a company spokesperson. The court is expected to issue a ruling in the coming months on whether to issue preliminary injunction that would bar Anthropic from training future models on lyrics owned by the publishers.

Read more of this story at Slashdot.

More than half-a-dozen VPN apps, including Cloudflare's widely-used 1.1.1.1, have been pulled from India's Apple App Store and Google Play Store following intervention from government authorities, TechCrunch reported Friday. From the report: The Indian Ministry of Home Affairs issued removal orders for the apps, according to a document reviewed by TechCrunch and a disclosure made by Google to Lumen, Harvard University's database that tracks government takedown requests globally.

Read more of this story at Slashdot.

Xiaomi has further restricted bootloader unlocking to just one device per user per year, significantly hindering custom ROM development and reinforcing user dependence on its proprietary HyperOS ecosystem. Android Police reports: Roughly a year ago, Xiaomi introduced a policy limiting users to three unlocked devices per account, providing only a limited time window for unlocking, and demanding waiting periods before doing so. It's now gone even further, limiting users to unlocking the bootloader of just a single device throughout the year. Unlocking the bootloader changes the way a phone works by preventing automated software updates, among other things, and isn't a good idea for most users. Power users love it for complete customization of their devices, and unlocked bootloaders are critical to the creation and installation of privately developed operating systems, or custom ROMs. Custom ROMs usually (but not always) derive from pre-existing OSs like Android or Xiaomi's HyperOS. To write operating software that works on a certain device, you need to develop it on that specific device. Consequently, individuals and teams throughout the enthusiast phone sphere constantly add to their collections of bootloader-unlocked phones. The new unlocking restrictions could place undue hardship on resource-limited development teams, reducing the number of custom ROMs produced moving forward. Xiaomi first tightened restrictions roughly a year ago, following the enforcement of a Chinese law requiring certain pre-installed software behaviors. But Xiaomi's business plan and sales models indicate a couple of other motivations for insisting users stick with its first-party HyperOS. Some of the motives include preventing scalping, avoiding accidental bricking, and preserving advertising-driven revenue. However, these measures come at the cost of user freedom and may stifle innovation within the enthusiast developer community.

Read more of this story at Slashdot.

ZipNada shares a report from Phys.org: In a paper published today in Nature, a team led by Columbia Engineering researchers and collaborators report that they have invented new nanoscale sensors of force. They are luminescent nanocrystals that can change intensity and/or color when you push or pull on them. These "all-optical" nanosensors are probed with light only and therefore allow for fully remote read-outs -- no wires or connections are needed. They have 100 times better force sensitivity than the existing nanoparticles that utilize rare-earth ions for their optical response, and an operational range that spans more than four orders of magnitude in force, a much larger range -- 10-100 times larger -- than any previous optical nanosensor. "We expect our discovery will revolutionize the sensitivities and dynamic range achievable with optical force sensors, and will immediately disrupt technologies in areas from robotics to cellular biophysics and medicine to space travel," said Jim Schuck, associate professor of mechanical engineering. "The importance of developing new force sensors was recently underscored by Ardem Patapoutian, the 2021 Nobel Laureate who emphasized the difficulty in probing environmentally sensitive processes within multiscale systems -- that is to say, in most physical and biological processes," Schuck notes. "We are excited to be part of these discoveries that transform the paradigm of sensing, allowing one to sensitively and dynamically map critical changes in forces and pressures in real-world environments that are currently unreachable with today's technologies."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Constellation Energy has been awarded a record $1 billion in contracts to supply nuclear power to the U.S. government over the next decade, the company said on Thursday. Constellation, the country's largest operator of nuclear power plants, will deliver electricity to more than 13 federal agencies as part of the agreements with the U.S. General Services Administration. The deal is the biggest energy purchase in the history of the GSA, which constructs and manages federal buildings, and is among the first major climate-focused energy agreement by the U.S. government to include electricity generated from existing nuclear reactors. The GSA estimated that the contracts, set to begin on April 25, will comprise over 10 million megawatt-hours over 10 years and provide electricity equivalent to powering more than 1 million homes annually. The procurement will deliver electricity to 80 federal facilities located throughout the PJM Interconnection, a regional transmission operator with service covering more than 65 million people. The U.S. Department of Transportation, the Federal Reserve Board of Governors and the Army Corps of Engineers are some of the facilities that will receive the power. [...] Constellation said the deal will enable it to extend the licenses of existing nuclear plants and invest in new equipment and technology that will increase output by about 135 megawatts. "The investments we make as a result of this contract will keep these plants operating reliably for decades to come and put new, clean nuclear energy on the grid while making the best use of taxpayer dollars," Constellation CEO Joe Dominguez said in a release.

Read more of this story at Slashdot.

Despite Microsoft's push for Windows 11, Windows 10 continues to dominate the desktop OS market, rising to 62.7% market share in December 2024. The Register reports: Figures for December 2024 from Statcounter -- used because Microsoft rarely shares usage data unless it has something to boast about -- confirm Windows 10's market share has inched up to 62.7 percent compared to the previous month while Windows 11's share fell back to 34.12 percent (from 34.94 percent in November 2024). Even though Windows 11's percentage of the pie is still bigger than it was this time last year (when Statcounter pegged it at 26.54 percent), the fact the new OS is still nowhere near to overtaking Windows 10 may alarm some Microsoft executives. [...] Canalys analyst, Kieren Jessop, noted that when looking at the more than 230 countries and regions tracked by Statcounter, Windows 10 share had actually only increased in just under a quarter of them, but that increase made an outsized impacted. Jessop cited the example of the US, where Windows 10 market share had gone from 58 percent in October 2024 to 67 percent in December. [...] Many editions of Windows 10 are due to drop out of free support on October 14, 2025. Affected users will then have the option to purchase Extended Security Updates (ESU) to keep the lights on a little longer or keep using the operating system and risk falling foul of unpatched vulnerabilities. Further reading: Ex-Microsoft Designer Reveals Windows 11's Dynamic Wallpapers That May Have Been Shelved

Read more of this story at Slashdot.

Samsung is set to debut its new Odyssey 3D monitor at CES 2025, reviving the glasses-free 3D experience that manufacturers pushed on consumers over a decade ago. While details remain limited, the monitor reportedly utilizes a lenticular lens, stereo cameras, and AI to convert 2D content into lifelike 3D visuals, with a focus on appealing to gamers for broader adoption. Ars Technica reports: According to the South Korean company's announcement, the monitor's use of a lenticular lens that is "attached to the front of the panel and its front stereo camera" means that you don't have to wear glasses to access the monitor's "customizable 3D experience." Lenticular lenses direct different images to each eye to make images look three-dimensional. This is a notable advancement from the first 3D monitor that Samsung released in 2009. That display used Nvidia software and Nvidia shutter glasses to allow users to toggle between a 2D view and a 3D view through a few button presses and supported content. Another advancement is the Odyssey 3D's claimed ability to use artificial intelligence "to analyze and convert 2D video into 3D." We've recently seen similar technology from brands like Acer, which announced portable monitors in 2022 and then announced laptops that could convert 2D content into stereoscopic 3D in 2023. Those displays also relied on AI, as well as a specialized optical lens and a pair of eye-tracking cameras, to create the effect. But unlike Acer's portable monitors, Samsung claims that its monitor can make 2D content look like 3D even if that content doesn't officially support 3D. [...] Interestingly, Samsung's announcement today only mentioned the release of a 27-inch, 4K resolution 3D monitor, despite Samsung teasing a 37-inch version in August. It's possible that the larger version didn't work as well and/or that demand for the larger size would be too small, considering the high price and limited demand implications of a glasses-free 3D monitor aimed at gamers. Further reading: Samsung, Asus, MSI Unveil First 27-inch 4K OLED 240Hz Gaming Monitors

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Record: Cybersecurity researchers have uncovered dozens of attacks that involve malicious updates for Chrome browser extensions, one week after a security firm was compromised in a similar incident. As of Wednesday, a total of 36 Chrome extensions injected with data-stealing code have been detected, mostly related to artificial intelligence (AI) tools and virtual private networks (VPNs), according to a report by ExtensionTotal, a platform that analyzes extensions listed on various marketplaces and public registries. These extensions, collectively used by roughly 2.6 million people, include third-party tools such as ChatGPT for Google Meet, Bard AI Chat, YesCaptcha Assistant, VPNCity and Internxt VPN. Some of the affected companies have already addressed the issue by removing the compromised extensions from the store or updating them, according to ExtensionTotal's analysis. [...] It remains unclear whether all the compromised extensions are linked to the same threat actor. Security researchers warn that browser extensions "shouldn't be treated lightly," as they have deep access to browser data, including authenticated sessions and sensitive information. Extensions are also easy to update and often not subjected to the same scrutiny as traditional software. ExtensionTotal recommends that organizations use only pre-approved versions of extensions and ensure they remain unchanged and protected from malicious automatic updates. "Even when we trust the developer of an extension, it's crucial to remember that every version could be entirely different from the previous one," researchers said. "If the extension developer is compromised, the users are effectively compromised as well -- almost instantly."

Read more of this story at Slashdot.

Britain recorded its cleanest electricity generation in 2024, with carbon dioxide emissions falling to 124g per kilowatt hour, down from 419g in 2014, according to analysis by Carbon Brief released Thursday. Renewables, including wind, solar and biomass, provided 45% of the country's power, while total low-carbon sources reached 58%. Gas remained the largest single source at 28% of generation, slightly ahead of wind at 26%.

Read more of this story at Slashdot.