Feed aggregator

UK Cyber Chief Warns Country 'Widely Underestimating' Risks From Cyberattacks

Slashdot - Tue, 2024-12-03 15:30
The cyber risks facing the United Kingdom are being "widely underestimated," the country's new cyber chief will warn on Tuesday as he launches the National Cyber Security Centre's (NCSC) annual review. From a report: In his first major speech since joining the NCSC -- part of the signals and cyber intelligence agency GCHQ -- Richard Horne will drive a shift in tone in how the cybersecurity agency communicates these risks. Despite some evidence showing cyberattacks growing year-on-year for half a decade, the NCSC has not previously confirmed the trend nor expressed alarm about it. "What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us," Horne will say, according to an advance preview of his speech on Tuesday. Citing the intelligence that NCSC has access to as an agency within GCHQ, Horne will warn that "hostile activity in UK cyberspace has increased in frequency, sophistication and intensity," adding that despite growing activity from Russian and Chinese threat actors, the agency believes British society as a whole is failing to appreciate the severity of the risk. The annual review reveals that the agency's incident management team handled a record number of cyber incidents over the past 12 months -- 430 compared to 371 last year -- 89 of which were considered nationally significant incidents.

Read more of this story at Slashdot.

Categories: Computer, News

India's EV Paradox: Highest Subsidies, Lowest Uptake

Slashdot - Tue, 2024-12-03 14:29
India, the world's fifth-largest economy, is offering the heftiest electric vehicle subsidies globally -- yet has achieved just 2% market penetration so far. From a report: India's total EV subsidies amount to 40-50% of vehicle prices when accounting for GST (goods and services tax), road tax benefits, state subsidies and production-linked incentives. For larger vehicles like the Grand Vitara, the effective subsidy reaches 61%. This dwarfs incentives in other major markets. China's subsidies represent about 10% of EV prices, while South Korea and Germany offer around 16-20%. The US provides roughly 26% through various federal and state programs. Yet India's EV penetration significantly lags these markets. China has reached 24% penetration, South Korea 18%, Germany 20%, and the US 8%. India's 2% looks particularly stark in comparison.

Read more of this story at Slashdot.

Categories: Computer, News

China Retaliates Over New US Chip Restrictions

Slashdot - Tue, 2024-12-03 12:38
China banned exports of minerals and metals used in semiconductor manufacturing and military applications to the United States on Tuesday, escalating tensions in the growing technology trade war between the world's two largest economies. The commerce ministry halted shipments of gallium, germanium, antimony and related compounds, citing national security concerns. These materials are crucial components in advanced electronics and military hardware, with China controlling 98% of global gallium production and 60% of germanium output, according to U.S. Geological Survey data. The move comes in direct response to Washington's new restrictions on semiconductor exports to China, including controls on high-bandwidth memory chips used in AI systems and limits on manufacturing equipment sales.

Read more of this story at Slashdot.

Categories: Computer, News

Australia Struggling With Oversupply of Solar Power

Slashdot - Tue, 2024-12-03 09:32
Mirnotoriety writes: Amid the growing warmth and increasingly volatile weather of an approaching summer, Australia passed a remarkable milestone this week. The number of homes and businesses with a solar installation clicked past 4 million -- barely 20 years since there was practically none anywhere in the country. It is a love affair that shows few signs of stopping. And it's a technology that is having ever greater effects, not just on the bills of its household users but on the very energy system itself. At no time of the year is that effect more obvious than spring, when solar output soars as the days grow longer and sunnier but demand remains subdued as mild temperatures mean people leave their air conditioners switched off. Such has been the extraordinary production of solar in Australia this spring, the entire state of South Australia has -- at various times -- met all of its electricity needs from the technology. [...] [T]here is, at times, too much solar power in Australia's electricity systems to handle.

Read more of this story at Slashdot.

Categories: Computer, News

CodeSOD: Layered Like Spaghetti

The Daily WTF - Tue, 2024-12-03 07:30

"We use a three tier architecture," said the tech lead on Cristian's new team. "It helps us keep concerns separated."

This statement, as it turned out, was half true. They did divide the application into three tiers- a "database layer", a "business layer", and a "presentation layer". The "database layer" was a bunch of Java classes. The "business layer" was a collection of Servlets. And the "presentation layer" was a pile of JSP files.

What they didn't do, however, was keep the concerns separated.

Here's some code from their database layer:

public synchronized StringBuffer getStocTotGest(String den, String gest) { StringBuffer sb = new StringBuffer("<table width=\"100%\" border=\"1\" cellspacing=\"1\" cellpadding=\"1\">" + "<tr bgcolor=\"#999999\">" + "<td>Denumire</td>" + "<td>Cant</td>" + "<td>PretVanz</td>" + "</tr>"); try { ResultSet rs = connectionManager .executeQuery("select (if(length(SUBSTRING(den,1,instr(den,'(')-1))>0,SUBSTRING(den,1,instr(den,'(')-1),den)) as den,um,pret_vinz,sum(stoc) as stoc from stmarfzi_poli where den like '" + den + "%' " + gest + " group by den order by den"); while (rs.next()) { sb.append("<tr><td>" + rs.getString("den") + "</td>"); sb.append("<td><div align=\"right\">" + threeDecimalPlacesFormat.format(rs.getDouble("stoc")) + " " + rs.getString("um") + "</div></td>"); sb.append("<td><div align=\"right\">" + teoDecimalPlacesFormat.format(rs.getDouble("pret_vinz")) + "</div></td></tr>"); } sb.append("</table>"); } catch (Exception ex) { ex.printStackTrace(); } return sb; }

I guess a sufficiently motivated programmer can write PHP in any language.

This just has a little bit of everything in it, doesn't it? There's the string-munged HTML generation in the database layer. The HTML is also wrong, as header fields are output with td tags, instead of th. There's the SQL injection vulnerability. There's the more-or-less useless exception handler. It's synchronized even though it's not doing anything thread unsafe. It's truly a thing of beauty, at least if you don't know what beauty is and thing it means something horrible.

This function was used in a few places. It was called from a few servlets in the "business layer", where the resulting StringBuffer was dumped into a session variable so that JSP files could access it. At least, that was for the JSP files which didn't invoke the function themselves- JSP files which mixed all the various layers together.

Cristian's first task in the code base was changing the background colors of all of the rendered table headers. Since, as you can see, they weren't using CSS to make this easy, that involved searching through the entire codebase, in every layer, to find all the places where maybe a table was generated.

Changing those colors was Cristian's first task in the code base. I assume that Cristian is still working on that, and will be working on that for some time to come.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!
Categories: Computer

Coinbase Expands Crypto Buying Reach With Apple Pay Integration

Slashdot - Tue, 2024-12-03 05:45
Major cryptocurrency exchange Coinbase has integrated Apple Pay into its Onramp service, enabling third-party apps to offer direct cryptocurrency purchases through Apple's payment system. The move significantly streamlines the traditionally complex process of converting traditional currencies to cryptocurrencies, eliminating multiple steps and extra fees previously required. It also marks a notable shift in Apple's historically cautious stance toward cryptocurrency, following years of restricting crypto-related features and removing major exchanges from its App Store in certain markets.

Read more of this story at Slashdot.

Categories: Computer, News

India Takes Out Giant Nationwide Subscription To 13,000 Journals

Slashdot - Tue, 2024-12-03 03:20
India has struck a landmark $715 million deal with 30 global academic publishers to provide nationwide free access to nearly 13,000 research journals. The "One Nation One Subscription" initiative, launching January 2025, will benefit an estimated 18 million students and researchers. The agreement, which surpasses similar arrangements in Germany and the UK, marks a significant shift in India's academic publishing landscape, despite the country's position as the world's third-largest producer of research papers. Science magazine: India's is expected to encompass some 6300 government-funded institutions, which produce almost half the country's research papers. Currently, only about 2300 of these institutions have subscriptions to 8000 journals. Under the new arrangement, "universities that aren't so well funded, and can't afford many journals, will gain," said Aniket Sule of the Homi Bhabha Centre for Science Education. Specialist institutes that only subscribe to journals relevant to their field will benefit from accessing work outside their silos, he added. Colleges that want to subscribe to journals not included under this initiative can use their own funds to do so. Some part of the $715 million will cover the fees some journals charge to publish papers open access, making them immediately free to read by anyone worldwide when published, Madalli told Science. Details of that component have not been worked out yet, but the amount will be calculated based on the country's current spending on these fees, known as article-processing charges (APCs), which are paid by authors or their institutions, Madalli says.

Read more of this story at Slashdot.

Categories: Computer, News

Mexican Cartels Lure Chemistry Students To Make Fentanyl

Slashdot - Tue, 2024-12-03 01:45
schwit1 writes: Recruiters approach students with tempting offers, often after observing them for weeks. Promising salaries of over $800 per month -- double the average pay for chemists in Mexican companies, along with potential bonuses like cars or housing -- recruiters capitalize on the financial struggles of young professionals. These "cooks" are tasked with improving fentanyl's addictive quality and finding alternative synthesis methods to mitigate supply chain disruptions caused by stricter chemical export controls from China and pandemic-induced bottlenecks. The Times interviewed seven drug "cooks," three university chemistry students recruited by the Sinaloa cartel, two agents, a recruiter, and a university professor -- all anonymously to avoid cartel retaliation. According to the recruiter, candidates must be passionate, discreet, and indifferent to the ethical consequences of their work. The university professor highlighted a disturbing trend: students openly expressed interest in synthesizing illicit drugs during lectures.

Read more of this story at Slashdot.

Categories: Computer, News

Nike-owned NFT Wearables Startup RTFKT is Winding Down

Slashdot - Tue, 2024-12-03 00:31
RTFKT, the NFT project most known for its attempt at making "digital shoes" a thing, is shutting down, according to a statement on Monday. From a report: The project, acquired by athletic wear juggernaut Nike in 2021 for an undisclosed sum, plans to fully unwind by the end of January, though its Ethereum-based tokens will remain accessible. Launched in 2020 amid the beginnings of the mania around NFTs and the metaverse, RTFKT quickly garnered a reputation as a fast-moving startup. It spun up "drops" with brands, including Nike, and collaborated with the likes of sneaker designer Jeff Staple and Japanese artist Takashi Murakami.

Read more of this story at Slashdot.

Categories: Computer, News

Company Claims 1,000% Price Hike Drove It From VMware To Open Source Rival

Slashdot - Mon, 2024-12-02 22:01
An anonymous reader shares a report: Companies have been discussing migrating off of VMware since Broadcom's takeover a year ago led to higher costs and other controversial changes. Now we have an inside look at one of the larger customers that recently made the move. According to a report from The Register today, Beeks Group, a cloud operator headquartered in the United Kingdom, has moved most of its 20,000-plus virtual machines (VMs) off VMware and to OpenNebula, an open source cloud and edge computing platform. Beeks Group sells virtual private servers and bare metal servers to financial service providers. It still has some VMware VMs, but "the majority" of its machines are currently on OpenNebula, The Register reported. Beeks' head of production management, Matthew Cretney, said that one of the reasons for Beeks migration was a VMware bill for "10 times the sum it previously paid for software licenses," per The Register. According to Beeks, OpenNebula has enabled the company to dedicate more of its 3,000 bare metal server fleet to client loads instead of to VM management, as it had to with VMware. With OpenNebula purportedly requiring less management overhead, Beeks is reporting a 200 percent increase in VM efficiency since it now has more VMs on each server.

Read more of this story at Slashdot.

Categories: Computer, News

The Casual Moviegoer is a Thing of the Past

Slashdot - Mon, 2024-12-02 21:05
U.S. movie theaters are struggling to attract casual moviegoers, who once made up a significant portion of box office revenues, as shorter theatrical runs and changing consumer habits reshape the industry. The domestic box office, which regularly exceeded $10 billion in annual ticket sales before COVID-19, is expected to reach only $8.5 billion this year. Films now average 32 days in theaters compared to 80 days pre-pandemic, limiting opportunities for audiences to discover movies spontaneously. Midtier films generating $50-100 million at the box office have become scarcer, particularly in genres like drama and romantic comedy. Theater chains are responding with enhanced experiences and loyalty programs to draw audiences back. "It's fair to say there is a missing billion dollars that, if we had the right movies, people would be going to see them," said Bruce Nash, founder of movie business site the Numbers, told LA Times. Frequent moviegoers comprise only 12-15% of box office revenue, according to Patrick Corcoran of theater consulting firm Fithian Group.

Read more of this story at Slashdot.

Categories: Computer, News

Getty Images CEO Says Content-Scraping AI Groups Use 'Pure Theft' For Profit

Slashdot - Mon, 2024-12-02 20:10
Getty Images CEO has criticized AI companies' stance on copyright, particularly pushing back against claims that all web content is fair use for AI training. The statement comes amid Getty's ongoing litigation against Stability AI for allegedly using millions of Getty-owned images without permission to train its Stable Diffusion model, launched in August 2022. Acknowledging AI's potential benefits in areas like healthcare and climate change, Getty's chief executive argued against the industry's "all-or-nothing" approach to copyright. He specifically challenged Microsoft AI CEO Mustafa Suleyman's assertion that web content has been "freeware" since the 1990s. The Getty chief advocated for applying fair use principles case-by-case, distinguishing between AI models for scientific advancement and commercial content generation. He also drew parallels to music streaming's evolution from Napster to licensed platforms like Spotify, suggesting AI companies could develop similar permission-based models. He adds: As litigation slowly advances, AI companies advance an argument that there will be no AI absent the ability to freely scrape content for training, resulting in our inability to leverage the promise of AI to solve cancer, mitigate global climate change, and eradicate global hunger. Note that the companies investing in and building AI spend billions of dollars on talent, GPUs, and the required power to train and run these models -- but remarkably claim compensation for content owners is an unsurmountable challenge. My focus is to achieve a world where creativity is celebrated and rewarded AND a world that is without cancer, climate change, and global hunger. I want the cake and to eat it. I suspect most of us want the same.

Read more of this story at Slashdot.

Categories: Computer, News

'Brain Rot' Named Oxford Word of the Year 2024

Slashdot - Mon, 2024-12-02 19:10
Oxford University Press: Following a public vote in which more than 37,000 people had their say, we're pleased to announce that the Oxford Word of the Year for 2024 is 'brain rot.' Our language experts created a shortlist of six words to reflect the moods and conversations that have helped shape the past year. After two weeks of public voting and widespread conversation, our experts came together to consider the public's input, voting results, and our language data, before declaring 'brain rot' as the definitive Word of the Year for 2024. 'Brain rot' is defined as "the supposed deterioration of a person's mental or intellectual state, especially viewed as the result of overconsumption of material (now particularly online content) considered to be trivial or unchallenging. Also: something characterized as likely to lead to such deterioration." Our experts noticed that 'brain rot' gained new prominence this year as a term used to capture concerns about the impact of consuming excessive amounts of low-quality online content, especially on social media. The term increased in usage frequency by 230% between 2023 and 2024.

Read more of this story at Slashdot.

Categories: Computer, News

ChatGPT Refuses To Say One Specific Name

Slashdot - Mon, 2024-12-02 18:24
An anonymous reader shares a report: ChatGPT users have spotted an unusual glitch that prevents the AI chatbot from saying the name 'David Mayer.' OpenAI's hugely popular AI tool responds to requests to write the name with an error message, stating: "I'm unable to produce a response." The chat thread is then ended, with people forced to open a new chat window in order to keep interacting with ChatGPT.

Read more of this story at Slashdot.

Categories: Computer, News

Employee Lawsuit Accuses Apple of Spying on Its Workers

Slashdot - Mon, 2024-12-02 17:01
A new lawsuit filed by a current Apple employee accuses the company of spying on its workers via their personal iCloud accounts and non-work devices. From a report: The suit, filed Sunday evening in California state court, alleges Apple employees are required to give up the right to personal privacy, and that the company says it can "engage in physical, video and electronic surveillance of them" even when they are at home and after they stop working for Apple. Those requirements are part of a long list of Apple employment policies that the suit contends violate California law. The plaintiff in the case, Amar Bhakta, has worked in advertising technology for Apple since 2020. According to the suit, Apple used its privacy policies to harm his employment prospects. For instance, it forbade Bhakta from participating in public speaking about digital advertising and forced him to remove information from his LinkedIn page about his job at Apple.

Read more of this story at Slashdot.

Categories: Computer, News

Intel CEO Gelsinger Exits as Chip Pioneer's Turnaround Falters

Slashdot - Mon, 2024-12-02 15:30
Intel CEO Pat Gelsinger has stepped down amid the company's continued struggles against rivals, with shares losing over half their value this year. The chipmaker announced Monday that Chief Financial Officer David Zinsner and Executive Vice President Michelle Johnston Holthaus will serve as interim co-CEOs while the board searches for a permanent replacement. Gelsinger, 63, was hired in 2021 to lead an ambitious turnaround aimed at reclaiming Intel's technological edge from competitors like Taiwan Semiconductor Manufacturing Co. His strategy included expanding Intel's factory network with new facilities in Ohio and transforming the company into a contract manufacturer for other firms. The plan faced significant headwinds as Nvidia dominated the AI chip market, with cloud computing companies increasingly favoring Nvidia's processors for AI development over Intel's Gaudi line. Intel's challenges culminated in an August earnings report showing a surprise loss, leading to dividend suspension and plans to cut over 15% of its 110,000-person workforce. Board Chairman Frank Yeary, now serving as interim executive chair, emphasized the need to prioritize Intel's product group to meet customer demands. The leadership change also impacts the Biden administration's semiconductor industry initiatives, as Intel was set to receive the largest grant under the $39 billion Chips Act program.

Read more of this story at Slashdot.

Categories: Computer, News

China Extends Dominance Over US in Critical Technology Race

Slashdot - Mon, 2024-12-02 15:17
China has overtaken the United States as the dominant force in critical technology research, according to a report from the Australian Strategic Policy Institute. The study found China now leads in 57 of 64 critical technologies, up from just three technologies in 2003-2007, while U.S. leadership dropped from 60 to seven technologies over the same period. China has made significant gains in quantum sensors, high-performance computing, and semiconductor chip manufacturing. The U.S. maintains its edge in quantum computing, vaccines, and natural language processing. The report identified 24 technologies at "high risk" of Chinese monopoly, including radar, advanced aircraft engines, and drone technology - nearly double from last year's assessment. India has also emerged as a rising power, ranking among the top five countries in 45 technologies and displacing the U.S. for second place in biological manufacturing and distributed ledgers.

Read more of this story at Slashdot.

Categories: Computer, News

Bluesky's Open API Means Anyone Can Scrape Your Data for AI Training. It's All Public

Slashdot - Mon, 2024-12-02 13:34
Bluesky says it will never train generative AI on its users' data. But despite that, "one million public Bluesky posts — complete with identifying user information — were crawled and then uploaded to AI company Hugging Face," reports Mashable (citing an article by 404 Media). "Shortly after the article's publication, the dataset was removed from Hugging Face," the article notes, with the scraper at Hugging Face posting an apology. "While I wanted to support tool development for the platform, I recognize this approach violated principles of transparency and consent in data collection. I apologize for this mistake." But TechCrunch noted the incident's real lesson. "Bluesky's open API means anyone can scrape your data for AI training," calling it a timely reminder that everything you post on Bluesky is public. Bluesky might not be training AI systems on user content as other social networks are doing, but there's little stopping third parties from doing so... Bluesky said that it's looking at ways to enable users to communicate their consent preferences externally, [but] the company posted: "Bluesky won't be able to enforce this consent outside of our systems. It will be up to outside developers to respect these settings. We're having ongoing conversations with engineers & lawyers and we hope to have more updates to share on this shortly!" Mashable notes Bluesky's response to 404Media — that Bluesky is like a website, and "Just as robots.txt files don't always prevent outside companies from crawling those sites, the same applies here." So "While many commentators said that data collection should be opt in, others argued that Bluesky data is publicly available anyway and so the dataset is fair use," according to SiliconRepublic.com.

Read more of this story at Slashdot.

Categories: Computer, News

Exxon Lobbyist Investigated Over 'Hack-and-Leak' of Environmentalist Emails

Slashdot - Mon, 2024-12-02 09:34
America's FBI "has been investigating a longtime Exxon Mobil consultant," reports Reuters, "over the contractor's alleged role in a hack-and-leak operation that targeted hundreds of the oil company's biggest critics, according to three people familiar with the matter." The operation involved mercenary hackers who successfully breached the email accounts of environmental activists and others, the sources told Reuters. The scheme allegedly began in late 2015, when U.S. authorities contend that the names of the hacking targets were compiled by the DCI Group, a public affairs and lobbying company working for Exxon at the time, one of the sources said. DCI provided the names to an Israeli private detective, who then outsourced the hacking, according to the source. In an effort to push a narrative that Exxon was the target of a political vendetta aimed at destroying its business, some of the stolen material was subsequently leaked to the media by DCI, Reuters determined. The Federal Bureau of Investigation found that DCI shared the information with Exxon before leaking it, the source said. Some environmental activists interviewed by Reuters say the hacking operation disrupted preparations for lawsuits by cities and state attorneys general against Exxon and other energy companies... The stolen material continues to be used today to counter litigation claiming the oil giant misled the public and its investors about the risks of climate change... The investigation into the hack-and-leak operation comes amid growing concern among law enforcement agencies worldwide about how such cyberespionage schemes threaten to taint judicial proceedings. The FBI has been investigating the broader use of mercenary hackers to tamper with lawsuits since early 2018, Reuters has previously reported. The Israeli private detective hired by DCI, Amit Forlit, was arrested this year at London's Heathrow Airport and is fighting extradition to the United States on charges of hacking and wire fraud... Federal prosecutors have secured a related conviction: that of Forlit's former business associate, private investigator Aviram Azari. Azari pleaded guilty in 2022 to wire fraud, conspiracy to commit hacking and aggravated identity theft, which included targeting the environmental activists.

Read more of this story at Slashdot.

Categories: Computer, News

CodeSOD: A Pair of Loops

The Daily WTF - Mon, 2024-12-02 07:30

Alexandra inherited a codebase that, if we're being kind, could be called "verbose". Individual functions routinely cross into multiple thousands of lines, with the longest single function hitting 4,000 lines of code.

Very little of this is because the problems being solved are complicated, and much more of it is because people don't understand how anything works.

For example, in this C++ code, they have a vector of strings. The goal is to create a map where the keys are the strings from the vector, and the values are more strings, derived from a function call.

Essentially, what they wanted was:

for (std::string val : invec) { umap[val] = lookupValue(val); }

This would have been the sane, obvious way to do things. That's not what they did.

unordered_map<string, string> func(vector<string> invec) { unordered_map<string, string> umap; vector<pair<string, string*> idxvec; for(string name : invec) { umap[name] = ""; idxvec.push_back(make_pair(name, &umap[name])); } for(auto thingy : idxvec) { //actual work, including assigning the string thingy.get<1>() = lookupValue(thingy.get<0>()); } return umap; }

I won't pick on names here, as they're clearly anonymized. But let's take a look at the approach they used.

They create their map, and then create a new vector- a vector which is a pair<string, string*>- a string and a pointer to a string. Already, I'm confused by why any of this is happening, but let's press on and hope it becomes clear.

We iterate across our input vector, which this I get. Then we create a key in the map and give it an empty string as a value. Then we create a pair out of our key and our pointer to that empty string. That's how we populate our idxvec vector.

Once we've looped across all the values once, we do it again. This time, we pull out those pairs, and set the value at the pointer equal to the string returned by lookup value.

Which leads us all to our favorite letter of the alphabet: WHY?

I don't know. I also am hesitant to comment to much on the memory management and ownership issues here, as with the anonymization, there may be some reference management that got lost. But the fact that we're using bare pointers certainly makes this code more fraught than it needed to be. And, given how complex the STL data structures can be, I think we can also agree that passing around bare pointers to memory inside those structures is a recipe for disaster, even in simple cases like this.

What I really enjoy is that they create a vector of pairs, without ever seeming to understand that a list of pairs is essentially what a map is.

In conclusion: can we at least agree that, from now on, we won't iterate across the same values twice? I think about 15% of WTFs would go away if we all followed that rule.

Oh, wait, no. People who could understand rules like that aren't the ones writing this kind of code. Forget I said anything.

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.
Categories: Computer

Pages