Samba is "a free software re-implementation of the SMB networking protocol," according to Wikipedia. And now the Samba project "has secured significant funding (€688,800.00) from the German Sovereign Tech Fund to advance the project," writes Jeremy Allison — Sam (who is Slashdot reader #8,157 — and also a long standing member of Samba's core team): The investment was successfully applied for by [information security service provider] SerNet. Over the next 18 months, Samba developers from SerNet will tackle 17 key development subprojects aimed at enhancing Samba's security, scalability, and functionality. The Sovereign Tech Fund is a German federal government funding program that supports the development, improvement, and maintenance of open digital infrastructure. Their goal is to sustainably strengthen the open source ecosystem. The project's focus is on areas like SMB3 Transparent Failover, SMB3 UNIX extensions, SMB-Direct, Performance and modern security protocols such as SMB over QUIC. These improvements are designed to ensure that Samba remains a robust and secure solution for organizations that rely on a sovereign IT infrastructure. Development work began as early as September the 1st and is expected to be completed by the end of February 2026 for all sub-projects. All development will be done in the open following the existing Samba development process. First gitlab CI pipelines have already been running and gitlab MRs will appear soon! Back in 2000, Jeremy Allison answered questions from Slashdot readers about Samba. Allison is now a board member at both the GNOME Foundation and the Software Freedom Conservancy, a distinguished engineer at Rocky Linux creator CIQ, and a long-time free software advocate.

Read more of this story at Slashdot.

An anonymous Slashdot reader writes: Haiku (the MIT-licensed operating system, inspired by BeOS) has released its fifth beta for Haiku R1. Some new features include improved UI color management, improved dark mode coloring, Tracker improvements, TUN/TAP support for VPN connections, TCP throughput improvements, performance optimizations, UFS2 (BSD's filesystem) read-only support, new FAT filesystem driver, improved hardware support, improved POSIX compliance, improved performance, and more. Slashdot has been covering the fate of the BeOS since 2000 (as well as the short-lived derivative project ZETA — and Haiku). And now "With a history of over two decades and previously known as OpenBeOS, today's Haiku is pushing forward..." writes the site NotebookCheck: Haiku is a spiritual successor to BeOS, with a focus on a clean and user-friendly design paired with low system requirements. The minimum system requirements are still an Intel Pentium II/AMD Athlon CPU or better, at least 384 MB RAM, an 800x600 screen, and at least 3GB storage. It works on both 32-bit and 64-bit x86 PCs, and the 32-bit version can run many unmodified BeOS applications. It might be the best desktop open-source operating system not based on Linux or Unix... It works well in a virtual machine like VirtualBox or UTM.

Read more of this story at Slashdot.

"A two-day AI Labor Summit between AFL-CIO leaders and Microsoft executives this week reflects the tech giant's revamped approach to unions," writes GeekWire, "which includes a pledge by the company to incorporate feedback from labor unions and their members into the development of artificial intelligence." But just two days later, "Microsoft Gaming CEO Phil Spencer announced it was game over for the jobs of another 650 Microsoft staffers (on top of an earlier 1,900 employee staff reduction)," writes long-time Slashdot reader theodp, "cuts that Spencer made clear were related to Microsoft's $69B acquisition of Activision Blizzard in 2023." Interestingly, Microsoft's Smith in October 2023 affirmed a "groundbreaking neutrality agreement" with the Communications Workers of America union (CWA) — designed to go into effect if Microsoft was successful in its acquisition of Activision Blizzard — in which Microsoft acknowledged the rights of its employees to unionize and pledged to work constructively with any who did. At the same time, Microsoft made it clear that it hoped its employees wouldn't feel the need to form or join unions, saying they would "never need to organize to have a dialogue with Microsoft's leaders." In July 2023, the AFL-CIO applauded Microsoft's Activision Blizzard acquisition and the Microsoft-CWA agreement, which AFL-CIO union federation president Liz Shuler said "sets a new standard for respecting workers' rights in the video game industry and the larger technology sector." And in December 2023, Shuler thanked Smith for Microsoft's "absolutely historic partnership" on AI and the Future of the Workforce, which Shuler suggested "can be mutually beneficial for workers, for businesses, and for our country as a whole." Thursday the CWA union issued critical remarks about the layoffs at Microsoft Gaming (which were later retweeted by the @AFLCIO Twitter account). "While we would hope that a company like Microsoft with $88 billion in profits last year could achieve 'long-term success' without destroying the livelihoods of 650 of our colleagues, heartless layoffs like these have become all too common."

Read more of this story at Slashdot.

Redmonk's latest programming language ranking (attempting to gauge "potential future adoption trends") has found evidence of "a landscape resistant to change." Outside of CSS moving down a spot and C++ moving up one, the Top 10 was unchanged. And even in the back half of the rankings, where languages tend to be less entrenched and movement is more common, only three languages moved at all... There are a few signs of languages following in TypeScript's footsteps and working their way up the path, both in the Top 20 and at the back end of the Top 100 as we'll discuss shortly, but they're the exception that proves the rule. It's possible that we'll see more fluid usage of languages, and increased usage of code assistants would theoretically make that much more likely, but at this point it's a fairly static status quo. With that, some results of note: - TypeScript (#6): technically TypeScript didn't move, as it was ranked sixth in our last run, but this is the first quarter in which is has been the sole occupant of that spot. CSS, in this case, dropped one place to seven leaving TypeScript just outside the Top 5. It will be interesting to see whether or not it has more momentum to expend or whether it's topped out for the time being. - Kotlin (#14) / Scala (#14): both of these JVM-based languages jumped up a couple of spots — two spots in Scala's case and three for Kotlin. Scala's rise is notable because it had been on something of a downward trajectory from a one time high of 12th, and Kotlin's placement is a mild surprise because it had spent three consecutive runs not budging from 17, only to make the jump now. The tie here, meanwhile, is interesting because Scala's long history gives it an accretive advantage over Kotlin's more recent development, but in any case the combination is evidence of the continued staying power of the JVM. - Objective C (#17): speaking of downward trajectories and the 17th placement on this list, Objective C's slide that began in mid-2018 continued and left the language with its lowest placement in these rankings to date at #17. That's still an enormously impressive achievement, of course, and there are dozens of languages that would trade their usage for Objective C's, but the direction of travel seems clear. - Dart (#19) / Rust (#19): while once grouped with Kotlin as up and coming languages driven by differing incentives and trends, Dart and Rust have not been able to match the ascent of their counterpart with five straight quarters of no movement. That's not necessarily a negative; as with Objective C, these are still highly popular languages and communities, but it's worth questioning whether new momentum will arrive and from where, particularly because the communities are experiencing some friction in growing their usage. It's important to remember Redmonk's methodology. "We extract language rankings from GitHub and Stack Overflow, and combine them for a ranking that attempts to reflect both code (GitHub) and discussion (Stack Overflow) traction. The idea is not to offer a statistically valid representation of current usage, but rather to correlate language discussion and usage in an effort to extract insights into potential future adoption trends." Having said that, here's the current top ten in Redmonk's ranking: JavaScript Python Java PHP C# TypeScript CSS C++ Ruby C Their announcement also notes that at the other end of the list, the programming language Bicep "jumped eight spots to #78 and Zig 10 to #87. That progress pales next to Ballerina, however, which jumped from #80 to #61 this quarter. The general purpose language from WS02, thus, is added to the list of potential up and comers we're keeping an eye on."

Read more of this story at Slashdot.

The Washingon Post reports that a regulatory dispute in Ohio may help answer a big question about America's power grid: who will pay for the huge upgrades needed to meet soaring energy demand "from the data centers powering the modern internet and artificial intelligence revolution?" Google, Amazon, Microsoft and Meta are fighting a proposal by an Ohio power company to significantly increase the upfront energy costs they'll pay for their data centers, a move the companies dubbed "unfair" and "discriminatory" in documents filed with Ohio's Public Utility Commission last month. American Electric Power Ohio said in filings that the tariff increase was needed to prevent new infrastructure costs from being passed on to other customers such as households and businesses if the tech industry should fail to follow through on its ambitious, energy-intensive plans. The case could set a national precedent that helps determine whether and how other states force tech firms to be accountable for the costs of their growing energy consumption... The energy demands of data centers have created similar concerns in other hot spots such as Northern Virginia, Atlanta and Maricopa County, Arizona, leaving experts concerned that the U.S. power grid may not be capable of dealing with the combined needs of the green energy transition and the computing boom that artificial intelligence companies say is coming... Energy customers must sometimes make a monthly payment to a utility that is a percentage of the maximum amount of electricity they predict that they could need. In Ohio, data center companies had agreed to pay 60 percent of the projected amount. But in May, the power company proposed a new, 10-year fee structure raising the charges to 90 percent of the expected load, even if they don't end up using that much. The major tech companies — all of whom are increasing spending on data center infrastructure to compete in AI — strenuously opposed the proposed contract in documents filed last month... According to testimony from AEP Ohio Vice President Lisa Kelso, there are 50 pending requests from data center customers seeking electric service at more than 90 sites, a potential 30,000 megawatts of additional load — enough to power more than 20 million households. That additional demand would more than triple the utility's previous peak load in 2023, she said. Between 2020 and 2024, the data center energy load in central Ohio increased sixfold, from 100 to 600 megawatts, her testimony reads. By 2030, that amount will reach 5,000 megawatts, according to the utility's signed agreements, she testified... Meeting that demand will require AEP Ohio to build new transmission lines, an expensive and time-consuming process... Chief among the power company's concerns, according to the documents, is what will happen if it invests billions of dollars into new grid infrastructure only for the data centers to leave for greener pastures, or for the AI bubble to burst and the facilities to need much less power than initially projected. If the power company spends big on new infrastructure but the power demand it was built to serve doesn't materialize, other customers — including business and residential payers — will be stuck with the bill, the utility said... AEP Ohio's testimony in the case also questions whether data centers bring as much to local communities as factories or other high-energy-load businesses. Since 2019, non-data center businesses have created approximately 25 jobs for every megawatt of power requested, while data centers have created less than one job per megawatt, according to Kelso's testimony. The tech companies rejected this criticism, saying the number of jobs they create is not relevant to how much power they have a right to purchase, and highlighted their other contributions to local economies... Amazon said in filings that it pays fees as high as 75 percent of projected demand in some states but that Ohio's proposal to bill it 90 percent goes too far. "Should the Ohio tariff be approved, Microsoft and Google both threatened in their testimony to leave Ohio." (Although at the same time, "pressure on the electric grid is mounting all over the country...") And the article points out that on Thursday, "the White House announced measures intended to speed up data center construction for AI projects, including by accelerating permitting."

Read more of this story at Slashdot.

Ars Technica's Stephen Clark reports: A panel of independent experts reported this week that NASA lacks funding to maintain most of its decades-old facilities, could lose its engineering prowess to the commercial space industry, and has a shortsighted roadmap for technology development. "NASA's problem is it always seems to have $3 billion more program than it has of funds," said Norm Augustine, chair of the National Academies panel chartered to examine the critical facilities, workforce, and technology needed to achieve NASA's long-term strategic goals and objectives. Augustine said a similar statement could sum up two previous high-level reviews of NASA's space programs that he chaired in 1990 and 2009. But the report released Tuesday put NASA's predicament in stark terms. "In NASA's case, the not-uncommon tendency in a constrained budget environment to prioritize initiating new missions as opposed to maintaining and upgrading existing support assets has produced an infrastructure that would not be viewed as acceptable under most industrial standards," the panel wrote in its report. "In fact, during its inspection tours, the committee saw some of the worst facilities many of its members have ever seen." All of NASA's centers have facilities the agency considers marginal, but Johnson Space Center in Houston has the facilities with the worst average score. Johnson oversees astronaut training and is home to NASA's Mission Control Center for the International Space Station and future Artemis lunar missions. The Jet Propulsion Laboratory in California, which develops and operates many of NASA's robotic interplanetary probes, and Stennis Space Center in Mississippi, used for rocket engine testing, are the only centers without a poor infrastructure score. These ratings cover things like buildings and utilities, not the specific test rigs or instruments inside them. "You can have a world-class microscope and materials lab, but if the building goes down, that microscope is useless to you," [Erik Weiser, NASA's director of facilities and real estate] told the National Academies panel in a meeting last year. The panel recommended that Congress direct NASA to establish an annually replenished revolving working capital fund to pay for maintenance and infrastructure upgrades. Other government agencies use similar funds for infrastructure support. "This is something that will require federal legislation," said Jill Dahlburg, a member of the National Academies panel and former superintendent of the space science division at the Naval Research Laboratory.

Read more of this story at Slashdot.

Longtime Slashdot reader davidwr writes: Winners of the 34th First Annual Ig Nobel Prizes included studies on hair swirling (natural, not from grade-school bathroom torture), mammals that breath through their anal orifices, and a study on pigeon-guided missiles. There were also prizes for the study of the swimming abilities of a formerly-living trout. "Honors" were also bestowed for research in coin-flipping (no, it's not 50/50), why cows spew milk, and drunken worms, among other topics. Prizes included $10,000,000,000 (in now-worthless Zimbabwe dollars) and items related to Murphy's Law. Media coverage includes AP, CNN, Gizmodo, Ars Technica, and by the time you read this, probably much more.

Read more of this story at Slashdot.

An anonymous reader quotes a report from CBC News: Stranded astronauts Butch Wilmore and Suni Williams said Friday it was hard to watch their Boeing capsule return to Earth without them. It was their first public comments since last week's return of the Boeing Starliner capsule that took them to the International Space Station in June. They remained behind after NASA determined the problem-plagued capsule posed too much risk for them to ride back in. "That's how it goes in this business," said Williams, adding that "you have to turn the page and look at the next opportunity." Wilmore and Williams are now full-fledged station crew members, chipping in on routine maintenance and experiments. They, along with seven others on board, welcomed a Soyuz spacecraft carrying two Russians and an American earlier this week, temporarily raising the station population to 12, a near record. NASA astronauts Butch Wilmore and Suni Williams spoke to the press on Friday for the first time since their Boeing Starliner capsule returned to Earth without them. The two, who have been on the International Space Station since June 6, said they are taking the mission's unexpected extension into 2025 in stride -- even if it means they've had to change their voting plans. The transition to station life was "not that hard" since both had previous stints there, said Williams, who will soon take over as station commander. "This is my happy place. I love being up here in space," she said. The two Starliner test pilots -- both retired U.S. navy captains and longtime NASA astronauts — will stay at the orbiting laboratory until late February. They have to wait for a SpaceX capsule to bring them back. That spacecraft is due to launch later this month with a reduced crew of two, with two empty seats for Wilmore and Williams for the return leg. The duo said they appreciated all the prayers and well wishes from strangers back home. Wilmore said he will miss out on family milestones such as being around for his youngest daughter's final year of high school. The astronauts, who prepared for eight days in space, will now be up there for eight months, which could have a greater impact on the body. "It is a bit of a change from a sprint to a marathon," said Dr. Adam Sirek of the Canadian Society of Aerospace Medicine.

Read more of this story at Slashdot.

23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. BleepingComputer reports: The proposed class action settlement (PDF), filed Thursday in a San Francisco federal court and awaiting judicial approval, includes cash payments for affected customers, which will be distributed within ten days of final approval. "23andMe believes the settlement is fair, adequate, and reasonable," the company said in a memorandum filed (PDF) Friday. 23andMe has also agreed to strengthen its security protocols, including protections against credential-stuffing attacks, mandatory two-factor authentication for all users, and annual cybersecurity audits. The company must also create and maintain a data breach incident response plan and stop retaining personal data for inactive or deactivated accounts. An updated Information Security Program will also be provided to all employees during annual training sessions. "23andMe denies the claims and allegations set forth in the Complaint, denies that it failed to properly protect the Personal Information of its consumers and users, and further denies the viability of Settlement Class Representatives' claims for statutory damages," the company said in the filed preliminary settlement. "23andMe denies any wrongdoing whatsoever, and this Agreement shall in no event be construed or deemed to be evidence of or an admission or concession on the part of 23andMe with respect to any claim of any fault or liability or wrongdoing or damage whatsoever."

Read more of this story at Slashdot.

Gemini Live is rolling out its Live Voice Mode for all Android users, allowing them to hold real-time, interactive voice conversations with Gemini. "Previously locked into conventional text-based input and responses, Gemini Live Voice Mode gives hands-free ways to explore ideas, brainstorm, and talk through topics in real-time," reports Tom's Guide. From the report: This new voice feature is integrated into the Android Gemini app, so users need to update their app or download it from the Google Play Store if they haven't already done so. Once installed, users can turn on Live Voice Mode and start talking directly to Gemini. Do you want to get your thoughts sorted out or chat? It's fast and interactive, and no typing is required in this mode. Users can have voice conversations on virtually anything. Suppose one is stuck with a complex project and needs a fresh perspective or researching a new hobby or course of study and wants to flesh out the subject by talking it out with Gemini. It promises to offer rich insight and ideas through conversation so that one's productivity and creativity are enhanced in ways that, up until now, have been possible only with human dialogue. [...] The main advantage of Gemini Live Voice Mode is that it is interactive. A voice assistant would respond to a question you pose in voice, while with the live voice mode in Gemini, the dialogue sounds and feels more natural, with a tone that takes on that of the discussion and facilitates a back-and-forth interaction style. You can ask follow-up questions, clarify misunderstandings, or refine your ideas as you speak, making it more like a collaboration than a simple Q&A.

Read more of this story at Slashdot.

The Biden administration is proposing new rules to limit the "de minimis" exemption, which some Chinese e-commerce companies like Shein and Temu use to ship low-cost goods under $800 to U.S. customers without tariffs. The changes would subject certain shipments to closer inspection and tariffs, aiming to protect American consumers and businesses by ensuring a level playing field against Chinese platforms that have exploited this loophole. The Verge reports: Under the proposed rules, the US will prevent companies from claiming the de minimis exemption if their goods are covered by Section 301, Section 232, and Section 201 tariffs, which apply to products from China, steel, and aluminum, as well as washing machines and solar panels. In addition to slapping these shipments with tariffs, the rule change would subject them to closer inspection by US Customs and Border Protection. The Biden administration said the proposal would help "protect consumers from goods that do not meet regulatory health and safety standards." Even though Shein is headquartered in Singapore, it's known for cheap fast fashion that's mainly manufactured in China. The China-based Temu sells clothes, household items, electronics, and a variety of other goods made in the country as well.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Researchers still don't know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries. Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they can be updated with additional malware at any time by command-and-control servers. Google representatives said the infected devices are running operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version restricted to licensed device makers. Although Doctor Web has a thorough understanding of Vo1d and the exceptional reach it has achieved, company researchers say they have yet to determine the attack vector that has led to the infections. "At the moment, the source of the TV boxes' backdoor infection remains unknown," Thursday's post stated. "One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges. Another possible vector could be the use of unofficial firmware versions with built-in root access." The following device models infected by Vo1d are: [R4, TV BOX, KJ-SMART4KVIP]. One possible cause of the infections is that the devices are running outdated versions that are vulnerable to exploits that remotely execute malicious code on them. Versions 7.1, 10.1, and 12.1, for example, were released in 2016, 2019, and 2022, respectively. What's more, Doctor Web said it's not unusual for budget device manufacturers to install older OS versions in streaming boxes and make them appear more attractive by passing them off as more up-to-date models. Further, while only licensed device makers are permitted to modify Google's AndroidTV, any device maker is free to make changes to open source versions. That leaves open the possibility that the devices were infected in the supply chain and were already compromised by the time they were purchased by the end user. "These off-brand devices discovered to be infected were not Play Protect certified Android devices," Google said in a statement. "If a device isn't Play Protect certified, Google doesn't have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety." Users can confirm if their device runs Android TV OS via this link and following the steps here.

Read more of this story at Slashdot.

Former FTX CEO Sam Bankman-Fried's legal team has filed an appeal challenging his conviction on seven felony counts and his 25-year prison sentence. They argue that he was not presumed innocent, that the jury received incomplete information about FTX user funds, and that the prosecution's narrative was biased. CoinTelegraph reports: In a Sept. 13 filing in the United States Court of Appeals for the Second Circuit, SBF's lawyers filed a 102-page brief claiming that the former FTX CEO was "never presumed innocent," subject to scrutiny that allegedly affected prosecutors, the presiding judge, and treatment by the media. Bankman-Fried's legal team announced in April -- a few weeks after a federal judge sentenced him to 25 years in prison -- that they intended to appeal. According to the appeal, SBF's lawyers alleged the jury was "only allowed to see half the picture" with FTX user funds, claiming prosecutors had "presented a false narrative" that the money was permanently lost and Bankman-Fried intentionally caused that loss. They also claimed that counsel for the FTX debtors worked with the US government in a way that was above and beyond "cooperation," providing information allegedly as an "arm of the prosecution." "From day one, the prevailing narrative -- initially spun by the lawyers who took over FTX, quickly adopted by their contacts at the US Attorney's Office -- was that Bankman-Fried had stolen billions of dollars of customer funds, driven FTX to insolvency, and caused billions in losses," said the appeal. "Now, nearly two years later, a very different picture is emerging -- one confirming FTX was never insolvent, and in fact had assets worth billions to repay its customers. But the jury at Bankman-Fried's trial never got to see that picture." The legal team requested the appellate court grant SBF a new trial with a different judge. It's unclear whether the Second Circuit could rule to affirm Bankman-Fried's conviction in the US District Court for the Southern District of New York or reverse the decision and set the groundwork for a new trial.

Read more of this story at Slashdot.

iFixit has created its own USB-C soldering iron and portable power station called FixHub, "designed to allow all types of users to handle soldering work wherever they may be," reports MacRumors. From the report: The Portable Power Station serves as the command and power center for FixHub, including a 55-watt-hour battery to support over eight hours of continuous soldering on a single charge. The power supply delivers up to 100 watts to a pair of USB-C ports, allowing it to run two soldering irons simultaneously, and the fact that it's simply a USB-C power output device means you can also use it to power or recharge an array of devices like phones. The solidly built power station includes a handy display to show the status of your soldering iron, along with a convenient dial for adjusting the power being delivered to the iron, supporting temperatures up to 400C (750F). A flip-up bracket raises the front of the power station a bit to make the display easier to see while in use, while attachment points on the left and right side allow you to clip on the soldering iron's cap for convenient access as a stand. A USB-C port on the rear of the power station allows for up to 45 watts of input to recharge the station, and iFixit says it is safe to leave continuously connected to power so it's ready whenever you need it. [...] iFixit is of course known for more than just hardware, and it has hundreds of free soldering guides on its website, ranging from the basics of soldering to specific repair projects. It also wouldn't be an iFixit product without repairability being front of mind, so the FixHub system is designed to allow for easy repairs and iFixit will be releasing a number of guides to help users replace batteries, repair parts, and more. Supplementing the FixHub is an optional Portable Soldering Toolkit, which provides an extensive set of tools and consumables to get you going on soldering projects. The USB Smart Soldering Iron and Portable Soldering Station are priced at $79.95 and $249.95, respectively.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Wired: You can tell a lot about someone from their eyes. They can indicate how tired you are, the type of mood you're in, and potentially provide clues about health problems. But your eyes could also leak more secretive information: your passwords, PINs, and messages you type. Today, a group of six computer scientists are revealing a new attack against Apple's Vision Pro mixed reality headset where exposed eye-tracking data allowed them to decipher what people entered on the device's virtual keyboard. The attack, dubbed GAZEploit and shared exclusively with WIRED, allowed the researchers to successfully reconstruct passwords, PINs, and messages people typed with their eyes. "Based on the direction of the eye movement, the hacker can determine which key the victim is now typing," says Hanqiu Wang, one of the leading researchers involved in the work. They identified the correct letters people typed in passwords 77 percent of the time within five guesses and 92 percent of the time in messages. To be clear, the researchers did not gain access to Apple's headset to see what they were viewing. Instead, they worked out what people were typing by remotely analyzing the eye movements of a virtual avatar created by the Vision Pro. This avatar can be used in Zoom calls, Teams, Slack, Reddit, Tinder, Twitter, Skype, and FaceTime. The researchers alerted Apple to the vulnerability in April, and the company issued a patch to stop the potential for data to leak at the end of July. It is the first attack to exploit people's "gaze" data in this way, the researchers say. The findings underline how people's biometric data -- information and measurements about your body -- can expose sensitive information and beused as part of the burgeoning surveillance industry. The GAZEploit attack consists of two parts, says Zhan, one of the lead researchers. First, the researchers created a way to identify when someone wearing the Vision Pro is typing by analyzing the 3D avatar they are sharing. For this, they trained a recurrent neural network, a type of deep learning model, with recordings of 30 people's avatars while they completed a variety of typing tasks. When someone is typing using the Vision Pro, their gaze fixates on the key they are likely to press, the researchers say, before quickly moving to the next key. "When we are typing our gaze will show some regular patterns," Zhan says. Wang says these patterns are more common during typing than if someone is browsing a website or watching a video while wearing the headset. "During tasks like gaze typing, the frequency of your eye blinking decreases because you are more focused," Wang says. In short: Looking at a QWERTY keyboard and moving between the letters is a pretty distinct behavior. The second part of the research, Zhan explains, uses geometric calculations to work out where someone has positioned the keyboard and the size they've made it. "The only requirement is that as long as we get enough gaze information that can accurately recover the keyboard, then all following keystrokes can be detected." Combining these two elements, they were able to predict the keys someone was likely to be typing. In a series of lab tests, they didn't have any knowledge of the victim's typing habits, speed, or know where the keyboard was placed. However, the researchers could predict the correct letters typed, in a maximum of five guesses, with 92.1 percent accuracy in messages, 77 percent of the time for passwords, 73 percent of the time for PINs, and 86.1 percent of occasions for emails, URLs, and webpages. (On the first guess, the letters would be right between 35 and 59 percent of the time, depending on what kind of information they were trying to work out.) Duplicate letters and typos add extra challenges.

Read more of this story at Slashdot.

Have you ever been in a high-stakes situation in which you needed to perform but completely bombed? You're not alone. Experiments in monkeys reveal that 'choking' under pressure is linked to a drop in activity in the neurons that prepare for movement. Nature: "You see it across the board, you see it in sports, in all kinds of different sports and outside of sports as well." says Steven Chase, a neuroscientist at Carnegie Mellon University in Pittsburgh, Pennsylvania. Chase and his colleagues investigated what happens in the brain that causes performance to plummet, and published their findings in Neuron on 12 September. Choking under pressure is not unique to humans. In the same way that a tennis player might miss a match-winning shot, monkeys can also underperform in high-reward situations. The team set up a computer task in which rhesus monkeys received a reward after quickly and accurately moving a cursor over a target. Each trial gave the monkeys cues as to whether the reward would be small, medium-sized, large or 'jackpot'. Jackpot rewards were rare and unusually big, creating a high-stakes, high-reward situation. Using a tiny, electrode-covered chip implanted into the monkeys' brains, the team watched how neuronal activity changed between reward scenarios. The chip was situated on the motor cortex, an area of the frontal lobe that controls movement. The researchers found that, in jackpot scenarios, the activity of neurons associated with motor preparation decreased. Motor preparation is the brain's way of making calculations about how to complete a movement -- similar to lining up an arrow on a target before unleashing it. The drop in motor preparation meant that the monkey's brains were underprepared, and so they underperformed. The results "help us understand how reward-outcome-mediated behaviour is not linear," says Bita Moghaddam, a behavioural neuroscientist at Oregon Health & Science University in Portland. To a certain extent, "you just don't perform better as the reward increases," Moghaddam says. It would also be interesting to see how other brain regions respond in jackpot-reward situations, she adds, because multiple regions could be involved.

Read more of this story at Slashdot.

Dell and HP executives have acknowledged a delay in the anticipated commercial PC refresh cycle. Michael Dell, speaking at the Citi 2024 Global TMT conference, stated that the refresh cycle "has been delayed for sure." The Register adds: Without offering any reasons for postponement -- and not being pressed for one by the analyst interviewing him -- the billionaire reckoned the size of the refresh is "going to be even bigger" because of it. "So first of all we have a certain date with Windows 10 end-of-life and we're almost within a one year window of that, and as you get in that one-year window, the enterprise IT people start screwing around and saying, 'Oh, we better do something about this'," said Dell. Enrique Lores, CEO at rival PC maker HP, who spoke at the Goldman Sachs Communacopia + Technology conference this week, agreed enterprises are also about to invest in new lines. "First of all there is a large and aging installed base on PCs. Many of these PCs were bought during COVID and now we are four [or] five years after they were bought and they will have to be replaced. "We also see an opportunity driven by the Windows 11 refresh that is only starting now... this is what is behind some of the strength that we see on the commercial side. Microsoft⦠will start discontinuing their support for the previous versions, and this always ties the replacement and upgrade," he said, adding "this is going to be driving demand in the coming quarters."

Read more of this story at Slashdot.

OpenAI's latest models have "meaningfully" increased the risk that AI will be misused to create biological weapons [non-paywalled link], the company has acknowledged. From a report: The San Francisco-based company announced its new models, known as o1, on Thursday, touting their new abilities to reason, solve hard maths problems and answer scientific research questions. OpenAI's system card, a tool to explain how the AI operates, said the new models had a "medium risk" for issues related to chemical, biological, radiological and nuclear (CBRN) weapons -- the highest risk that OpenAI has ever given for its models. The company said it meant that the technology has "meaningfully improved" the ability of experts to create bioweapons. AI software with more advanced capabilities, such as the ability to perform step-by-step reasoning, pose an increased risk of misuse in the hands of bad actors, according to experts.

Read more of this story at Slashdot.

Japan is overhauling how its ubiquitous 24-hour mini-police stations are operated nationwide as more crime fighting moves from the streets to the web. From a report: Called koban in Japanese, officers at these small police boxes handle a variety of tasks from responding to crime and patrolling neighborhoods to handling lost items. There are also chuzaisho outposts where police officers live full-time. The National Police Agency will update operational rules on Friday to allow some outposts to shut down at night if necessary. It will also allow greater flexibility on the use of mobile or temporary outposts, depending on local needs and staffing considerations. Prefectural police will decide on changes involving specific outposts. Japan's koban system dates back to 1874 and is believed to have started operating around the clock in the 1880s. There were 6,215 kobans and 5,923 live-in outposts across Japan as of April. They have inspired countries like Singapore and Brazil to set up similar outposts focused on community policing. The change comes amid shifting crime patterns. Roughly 700,000 crime cases were reported in 2023, down more than 70% from the post-World War II peak in 2002. Street crime, like purse-snatching and car break-ins, were down around 80% to 240,000 cases. Instead, online and phone-based crimes, like impersonation scams and romance scams, are on the rise.

Read more of this story at Slashdot.

Apple unveiled a multitrack recording feature for Voice Memos at its recent iPhone event, exclusive to the iPhone 16 Pro. The feature allows users to layer vocals over guitar tracks without headphones, utilizing advanced microphone technology and machine learning algorithms to reduce ambient noise. Engadget argues the feature's exclusivity to the new $1,000+ model is unnecessary, given modern smartphones' processing power far exceeds that of early digital audio workstations. They contend that basic multitrack recording functionality could be implemented on older iPhone models. Apple's decision to limit this feature contradicts its inclusion of GarageBand on all iPhones and the availability of Audio Mix on base iPhone 16 models, which offers similar noise reduction capabilities. The story adds: Why is this particular feature walled behind the iPhone 16 Pro? It's a simple multitrack recording function. From the ad, it looks like the app can't even layer more than two tracks at a time. This can't exactly be taxing that A18 Pro chip, especially when the phone can also handle 4K/120 FPS video recording in Dolby Vision.

Read more of this story at Slashdot.