An anonymous reader quotes a report from Interesting Engineering: A student has successfully developed a small nuclear fusion reactor as part of his A-Levels. The 17-year-old built the reactor to generate neutrons as part of his Extended Project Qualification (EPQ). Notably, Cesare Mencarini's work is claimed to be the only nuclear reactor built in a school environment. Showcased at the Cambridge Science Festival recently, the nuclear reactor achieved plasma a few months ago. It also gave Mencarini an A* in his A-Level results, according to reports. [...] Mencarini maintained that the goal of the reactor is to create conditions that are required for fusion. However, the project couldn't get same pressure that's generated by the Sun due to its own gravity. Therefore, to make atoms hot enough, the teen used high voltage. The reactor achieved plasma in June. "Two days ago I achieved plasma, which was brilliant and I'm massively happy about this," wrote Mencarini in a LinkedIn post. "The system is running thanks to a Leybold Trivac E2 roughing pump, which allows me to achieve a minimum pressure of 8E-3 Torr." At that time, he mentioned that Pfeiffer TPH062 would be used later to achieve fusion. "This turbomolecular pump is currently isolated by a VAT Throttling Valve." "The grid is then attached to a 30kV rated High Voltage Feedthrough connected to a 5kV Unilab power supply, which allows me to use the fusor in my school (It is limited to a 2mA output). While running the fusor I experimented with 2 grids which you can see in the images," added Mencarini in the post.

Read more of this story at Slashdot.

Security researcher Brian Krebs writes: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers and in some cases email addresses for more than 272 million people (including many who are now deceased). NPD acknowledged the intrusion on Aug. 12, saying it dates back to a security incident in December 2023. In an interview last week, USDoD blamed the July data leak on another malicious hacker who also had access to the company's database, which they claimed has been floating around the underground since December 2023. Following last week's story on the breadth of the NPD breach, a reader alerted KrebsOnSecurity that a sister NPD property -- the background search service recordscheck.net -- was hosting an archive that included the usernames and password for the site's administrator. A review of that archive, which was available from the Records Check website until just before publication this morning (August 19), shows it includes the source code and plain text usernames and passwords for different components of recordscheck.net, which is visually similar to nationalpublicdata.com and features identical login pages. The exposed archive, which was named "members.zip," indicates RecordsCheck users were all initially assigned the same six-character password and instructed to change it, but many did not. According to the breach tracking service Constella Intelligence, the passwords included in the source code archive are identical to credentials exposed in previous data breaches that involved email accounts belonging to NPD's founder, an actor and retired sheriff's deputy from Florida named Salvatore "Sal" Verini. Reached via email, Mr. Verini said the exposed archive (a .zip file) containing recordscheck.net credentials has been removed from the company's website, and that the site is slated to cease operations "in the next week or so." "Regarding the zip, it has been removed but was an old version of the site with non-working code and passwords," Verini told KrebsOnSecurity. "Regarding your question, it is an active investigation, in which we cannot comment on at this point. But once we can, we will [be] with you, as we follow your blog. Very informative." The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment. CreationNext.com's homepage features a positive testimonial from Sal Verini.

Read more of this story at Slashdot.

Waymo has unveiled its sixth-generation robotaxi, an electric minivan made by Chinese automaker Zeekr. While the company claims it's more advanced than previous generations, it features fewer sensors to help reduce costs. The Verge reports: [W]ithin its high-powered computer, it contains all the learnings of the previous five generations of Waymo's autonomous vehicles, meaning it won't have to do as much real-world testing as past models before it can be rolled out to the public. But looming over Waymo's assertion that its new robotaxi will be cheaper to produce is the possibility that it could also be subject to costly new tariffs against Chinese-made electric vehicles. Earlier this year, the Biden administration said it would quadruple tariffs on EVs from China to 100 percent, from the current 25 percent, as a way to "protect American workers and American companies from China's unfair trade practices." [...] Waymo says the sixth-gen robotaxi will feature a streamlined sensor suite of "16 cameras, 5 lidar, 6 radar, and an array of external audio receivers (EARs)." These sensors will help provide "overlapping fields of view, all around the vehicle, up to 500 meters away, day and night, and in a range of weather conditions." That's the equivalent of over five football fields of visible range. Waymo's use of multiple sensors is important for redundancy, in which multiple sensors and cameras can ensure the vehicle can continue to detect and respond to its surroundings if something fails. It's unclear where and when the new sixth-gen robotaxis will first appear. "Waymo currently operates in Phoenix, San Francisco, and Los Angeles, with plans to launch commercial service in Austin, Texas," notes the report. "The company has been manually testing the Zeekr-made minivans on public roads, with the goal of adding them to its commercial fleet sometime soon."

Read more of this story at Slashdot.

Hyundai Motor Group, which includes Kia and Genesis, accounted for 10% of the U.S. EV market through the first seven months of 2024, outpacing Ford (7.4%) and GM (6.3%). Electrek reports: Although IONIQ 5 and 6 sales slipped last month, they are still up 25% and 54% year-to-date, respectively. Meanwhile, sister company Kia continued its record-setting performance in July after EV sales nearly doubled YTD. Kia's new EV9, its first three-row electric SUV, is a major part of its growth. According to Kelley Blue Book, Kia EV9 sales outpaced the Toyota bZ4X, VW ID.4, Nissan Ariya, Rivian R1T, and Tesla Model S in the US through the first half of 2024. It even topped Kia's Niro EV sales. Hyundai's luxury brand, Genesis, remains a dark horse in the US EV market. Genesis is quickly expanding in the US. After adding 21 dedicated retailers in the US this year, including in eight new states, Genesis recently announced it now has 56 standalone facilities. "In two short years, Genesis' retail footprint has grown rapidly from one dedicated retail facility in Louisiana to 56 retail facilities nationwide," Genesis North America COO Claudia Marquez said.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Voters in Wyoming's capital city on Tuesday are faced with deciding whether to elect a mayoral candidate who has proposed to let an artificial intelligence bot run the local government. Earlier this year, the candidate in question -- Victor Miller -- filed for him and his customized ChatGPT bot, named Vic (Virtual Integrated Citizen), to run for mayor of Cheyenne, Wyoming. He has vowed to helm the city's business with the AI bot if he wins. Miller has said that the bot is capable of processing vast amounts of data and making unbiased decisions. In what AI experts say is a first for US political campaigns, Miller and Vic have told local news outlets in interviews that their form of proposed governance is a "hybrid approach." The AI bot told Your Wyoming Link that its role would be to provide data-driven insights and innovative solutions for Cheyenne. Meanwhile, Vic said, the human elected office contender, Miller, would serve as the official mayor if chosen by voters and would ensure that "all actions are legally and practically executed." "It's about blending AI's capabilities with human judgment to effectively lead Cheyenne," the bot said. The bot said it did not have political affiliations -- and its goal is to "focus on data-driven practical solutions that benefit the community." During a meet-and-greet this summer, the Washington Post reported that the AI bot was asked how it would go about making decisions "according to human factor, involving humans, and having to make a decision that affects so many people." "Making decisions that affect many people requires a careful balance of data-driven insights and human empathy," the AI bot responded, according to an audio recording obtained and published by the Washington Post. Vic then ran through a multi-part plan that suggested using AI technology to gather data on public opinion and feedback from the community, holding town hall meetings to listen to residents' concerns, consulting experts in relevant fields, evaluating the human impact of the decision and providing transparency about the decision-making. According to Wyoming Public Media, Miller has also pledged that he would donate half the mayoral salary to a non-profit if he is elected. The other half could be used to continually improve the AI bot, he said. Miller has faced some pushback since announcing his mayoral campaign. Wyoming's Secretary of State, Chuck Gray, launched an investigation to determine if the AI bot could legally appear on the ballot, citing state law that says only real people that are registered to vote can run for office. City officials clarified that Miller is the actual candidate, so he was allowed to continue. However, Laramie County ruled that only Miller's name would appear on the ballot, not the bot's. OpenAI later shut down Miller's account, but he quickly created a new one and continued his campaign.

Read more of this story at Slashdot.

Apple's Podcasts app is now available on all major web browsers, allowing you to stream episodes directly from the web at www.podcasts.apple.com. TechCrunch reports: The new dedicated web experience aims to make it easier for anyone with a web browser on any device to access podcasts. Web listening has been available for some time; however, in order to listen to an episode, users had to look up a show on a search engine and go to the show's Apple Podcasts Preview page. Now Apple Podcasts on the web has launched a new interface, allowing users to access features that were previously only available on the app. These include browsing millions of shows, accessing sections like Library and Top Charts, purchasing premium podcast subscriptions, and more. Listeners can sync their Apple Accounts to be able to pause a podcast and save their play progress to listen to later, as well as see their followed shows and subscriptions. Users without an Apple Account can also use the web experience but can only browse and listen. You can try it out by listening to the latest episode of the SourceForge Podcast!

Read more of this story at Slashdot.

The Department of Justice has amended its antitrust lawsuit against Ticketmaster and Live Nation, alleging that Ticketmaster's introduction of nontransferable tickets and the SafeTix system was primarily intended to stifle competition from rival platforms like StubHub and SeatGeek, rather than merely to reduce ticket fraud. "The complaint, which was amended on Monday after 10 states joined the DOJ's lawsuit, cites internal Ticketmaster documents obtained during the legal process," notes The Verge. From the report: In 2019, Ticketmaster rolled out SafeTix, which replaced static barcodes on electronic tickets with encrypted barcodes that refresh every 15 seconds. Ticketmaster marketed SafeTix as a way of reducing ticket fraud, but the complaint claims reducing competition was "a primary motivation" for the new ticketing system. [...] The amended complaint includes new information about Ticketmaster's dominance of the events market. One internal Live Nation document cited in the complaint notes that Ticketmaster is the primary ticketer for approximately 80 percent of arenas across the country that host NBA or NHL teams. As of 2022, Live Nation-promoted events accounted for 70 percent of all amphitheater shows across the country, according to internal Live Nation events mentioned in the complaint. The DOJ alleges that because of Ticketmaster's conduct, consumers have "paid more and continue to pay more for fees relating to tickets to live events than they would have paid in a free and open competitive market." The exact amount of monetary harm is still unknown, the complaint claims, and will require discovery from Ticketmaster and Live Nation's books, as well as from its third-party competitors.

Read more of this story at Slashdot.

Smonster writes: The maker of the Snoo, a popular high-tech bassinet, touched off a firestorm of outrage after requiring a paid subscription to use several key features. Most new parents are looking for a way to reclaim even a hint of the sleep they used to get pre-infant. So a smart bassinet that uses sensors to detect when a crying baby needs pacifying, simulating the sounds and rhythms of the womb, offers an irresistible promise to sleep-strapped parents: another hour or two of shut-eye. The dream doesn't come cheap: One of the more popular models, the Snoo retails for $1,700, though enterprising parents can score one secondhand from friends, neighbors or relatives whose own children have outgrown it. But last month, that hand-me-down network was dealt a blow when Happiest Baby, the company that makes Snoo, began charging for access to some of the bassinet's premium features -- features that used to be available to Snoo users indefinitely, at no extra cost. Now, access to the app needed to lock in the bassinet's rocking level, to track the baby's sleep and to use the so-called weaning mode, among other features, will cost parents $20 a month. The change has angered secondhand users and original buyers alike. On Reddit, the new subscription model has prompted review bombs, group brainstorms for collective action and detailed instructions for outraged parents seeking recourse. Some have taken to filing complaints with the Federal Trade Commission, Better Business Bureau and state-run consumer protection offices.

Read more of this story at Slashdot.

Longtime Slashdot reader whoever57 writes: A powerful storm sank the "Bayesian," a superyacht that was carrying Mike Lynch and some guests. In total, there is one confirmed death and another six missing, including Mike lynch and his daughter. It is believed that the yacht is effectively owned by Lynch. The 56-meter yacht had an aluminum hull and could carry 12 guests and a crew of up to 10. "Lynch co-founded Autonomy, a software firm that became one of the shining lights of the UK tech scene, in the mid-90s," notes The Guardian. "Once described as Britain's Bill Gates, Lynch spent much of the last decade in court defending his name against allegations of fraud related to the sale of Autonomy to the U.S. tech company Hewlett-Packard for $11 billion. The 59-year-old was acquitted by a jury in San Francisco in June, after he had spent more than a year living in effect under house arrest." "He was awarded an OBE for services to enterprise in 2006, and appointed in 2011 to the science and technology council of the then prime minister, David Cameron. He was elected as a fellow to the Royal Academy of Engineering in 2008 and the Royal Society in 2014."

Read more of this story at Slashdot.

An anonymous reader shares a report: The tech review world has been full of murky deals between companies and influencers for years, but it appears Google finally crossed a line with the Pixel 9. The company's invite-only Team Pixel program -- which seeds Pixel products to influencers before public availability -- stipulated that participating influencers were not allowed to feature Pixel products alongside competitors, and those who showed a preference for competing phones risked being kicked out of the program. For those hoping to break into the world of tech reviews, the new terms meant having to choose between keeping access or keeping their integrity. The Verge has independently confirmed screenshots of the clause in this year's Team Pixel agreement for the new Pixel phones, which various influencers began posting on X and Threads last night. The agreement tells participants they're "expected to feature the Google Pixel device in place of any competitor mobile devices." It also notes that "if it appears other brands are being preferred over the Pixel, we will need to cease the relationship between the brand and the creator." The link to the form appears to have since been shut down.

Read more of this story at Slashdot.

Microsoft has finally patched a workaround exploited by users seeking an upgrade path for Windows 11 that dodged the company's hardware requirements. From a report: The tweak arrived without fanfare in the Windows Insider build 27686. There were a few neat tweaks in the build, including updates to the Windows Sandbox Client preview and a much-needed bump from 32 GB to 2 TB for FAT32 when running the command line format function. However, the documentation did not mention an apparent end to one workaround that bypasses Microsoft's requirements check for Windows 11. According to X user @TheBobPony, the "setup.exe /product server" workaround is not supported in the latest build. The Register contacted Microsoft to understand its intentions with the change. The switch still works in the Windows 24H2 update, but the hardware check appears to no longer be bypassed in the latest Canary channel build (27686). The company has yet to respond.

Read more of this story at Slashdot.

Concerns over the environmental impact of datacenters in the US state of Virginia are being raised again amid claims their water consumption has stepped up by almost two-thirds since 2019, and AI could make it worse. From a report: Virginia is described as the datacenter capital of the world, particularly Northern Virginia where it is understood there are about 300 facilities. According to the Financial Times, water consumption by bit barns in some areas has increased markedly over the past five years by almost two-thirds. It cites data gathered by freedom of information requests to claim that more than 1.85 billion US gallons was used in 2023, up from 1.13 billion gallons in 2019. Those figures came from water authorities in Northern Virginia in Fairfax, Loudoun, Prince William, and Fauquier counties. Water is typically used in datacenters for cooling, and the FT points to anxiety over expected increases in demand for computing infrastructure due to AI, which is particularly power intensive during processing for training of large models. It reported that some existing facilities are in water-stressed regions, including parts of Virginia suffering from droughts.

Read more of this story at Slashdot.

Google is denying a recent report that it is no longer making Fitbit smartwatches. From a report: A company spokesperson told Ars Technica today that Google has no current plans to discontinue the Fitbit Sense or Fitbit Versa product lines. On Sunday, TechRadar published an article titled "RIP Fitbit smartwatches -- an end we could see coming a mile away." The article noted last week's announcement of the new Google Pixel Watch 3. Notably, the watch from Google, which acquired Fitbit in 2019, gives users free access to the Daily Readiness Score, a feature that previously required a Fitbit Premium subscription (Pixel Watch 3 owners also get six free months of Fitbit Premium). The publication said that Fitbit has been "consigned to wearable history" and reported: "Google quietly confirmed that there would never be another Fitbit Sense or Versa model produced. From now on, Fitbit-branded devices will be relegated to Google's best fitness trackers: the Fitbit Inspire, Luxe, and Charge ranges. The smartwatch form factor would be exclusively reserved for the Pixel Watch line."

Read more of this story at Slashdot.

Dozens of VPN apps have vanished from Brazil's Apple App Store, including popular services NordVPN, ExpressVPN, and Surfshark. Simone Magliano, Head of Research at Top10VPN, reports that at least 30 VPN apps have become unavailable, though their store listings remained visible. Proton VPN, a major free VPN provider, confirmed the App Store issues, speculating it could be "a bug, or Apple implementing a secret censorship order." The move follows X, formerly Twitter, announcing over the weekend that it was shutting its Brazil operations, citing a "secret order" to arrest its legal representative if X didn't "comply with his [Brazilian Supreme Court Justice Alexandre de Morae] censorship orders."

Read more of this story at Slashdot.

General Motors is cutting around 1,000 software workers around the world in a bid to focus on more "high-priority" initiatives like improving its Super Cruise driver assistance system, the quality of its infotainment platform and exploring the use of AI. From a report: The job cuts are not about cost cutting or individual performance, GM spokesperson Stuart Fowle told TechCrunch. Rather, they are meant to help the company move more quickly as it tries to compete in the world of "software-defined vehicles." For example, Fowle said, that could mean moving away from developing many different infotainment features and instead focusing on ones that matter most to consumers. The shuffle comes after GM has struggled with recent software problems. The automaker temporarily halted sales of its new Blazer EV in late 2023 after early vehicles encountered glitches. In June, GM promoted two former Apple executives to run its software and services division. The promotions were meant to fill the gap left by Mike Abbott, another Apple veteran who had joined GM as its executive vice president of software and services. Abbott left GM in March for health reasons.

Read more of this story at Slashdot.

An anonymous reader shares a report: Many Procreate users can breathe a sigh of relief now that the popular iPad illustration app has taken a definitive stance against generative AI. "We're not going to be introducing any generative AI into our products," Procreate CEO James Cuda said in a video posted to X. "I don't like what's happening to the industry, and I don't like what it's doing to artists." The creative community's ire toward generative AI is driven by two main concerns: that AI models have been trained on their content without consent or compensation, and that widespread adoption of the technology will greatly reduce employment opportunities. Those concerns have driven some digital illustrators to seek out alternative solutions to apps that integrate generative AI tools, such as Adobe Photoshop. "Generative AI is ripping the humanity out of things. Built on a foundation of theft, the technology is steering us toward a barren future," Procreate said on the new AI section of its website. "We think machine learning is a compelling technology with a lot of merit, but the path generative AI is on is wrong for us."

Read more of this story at Slashdot.

Raspberry Pi, the British computer manufacturer, unveiled a new 2GB variant of its flagship Raspberry Pi 5 single-board computer on Monday, priced at $50. Raspberry Pi CEO Eben Upton said the company aims to "bring high-performance general-purpose computing to the widest possible audience" with the new offering. The 2GB Raspberry Pi 5 utilizes a cost-optimized D0 stepping of the BCM2712 application processor, which removes non-essential functionality to reduce manufacturing costs. Upton stated the chip is "functionally identical" to users compared to higher-memory variants. While the reduced RAM may limit multitasking capabilities, Raspberry Pi's optimized OS allows for efficient resource usage. The company expects the 2GB model to suffice for many users' needs, while power users may opt for 4GB or 8GB versions priced at $60 and $80 respectively. The Raspberry Pi 5, launched in October 2023, features a quad-core Arm Cortex-A76 CPU running at 2.4GHz, dual 4K display output, and support for PCIe SSDs. Upton noted the latest model is "about 150 times as powerful" as the original Raspberry Pi from 2012.

Read more of this story at Slashdot.

AMD agreed to buy server maker ZT Systems in a cash and stock transaction valued at $4.9 billion, adding data center technology that will bolster its efforts to challenge Nvidia. From a report: ZT Systems, based in Secaucus, New Jersey, will become part of AMD's Data Center Solutions Business Group, according to a statement Monday. AMD will retain the business's design and customer teams and look to sell the manufacturing division. Closely held ZT has extensive experience making server computers for owners of large data centers -- the kind of customers that are pouring billions into new AI capabilities. The acquisition will "significantly strengthen our data center AI systems," AMD Chief Executive Officer Lisa Su said in the statement.

Read more of this story at Slashdot.

From a paper on the National Bureau of Economic Research: We investigate the relationship between physical attractiveness and the time people devote to video/computer gaming. Average American teenagers spend 2.6% of their waking hours gaming, while for adults this figure is 2.7%. Using the American Add Health Study, we show that adults who are better-looking have more close friends. Arguably, gaming is costlier for them, and they thus engage in less of it. Physically attractive teens are less likely to engage in gaming at all, whereas unattractive teens who do game spend more time each week on it than other gamers. Attractive adults are also less likely than others to spend any time gaming; and if they do, they spend less time on it than less attractive adults. Using the longitudinal nature of the Add Health Study, we find supportive evidence that these relationships are causal for adults: good looks decrease gaming time, not vice-versa.

Read more of this story at Slashdot.

Security Week brings news about CI/CD workflows using GitHub Actions in build processes. Some workflows can generate artifacts that "may inadvertently leak tokens for third party cloud services and GitHub, exposing repositories and services to compromise, Palo Alto Networks warns." [The artifacts] function as a mechanism for persisting and sharing data across jobs within the workflow and ensure that data is available even after the workflow finishes. [The artifacts] are stored for up to 90 days and, in open source projects, are publicly available... The identified issue, a combination of misconfigurations and security defects, allows anyone with read access to a repository to consume the leaked tokens, and threat actors could exploit it to push malicious code or steal secrets from the repository. "It's important to note that these tokens weren't part of the repository code but were only found in repository-produced artifacts," Palo Alto Networks' Yaron Avital explains... "The Super-Linter log file is often uploaded as a build artifact for reasons like debuggability and maintenance. But this practice exposed sensitive tokens of the repository." Super-Linter has been updated and no longer prints environment variables to log files. Avital was able to identify a leaked token that, unlike the GitHub token, would not expire as soon as the workflow job ends, and automated the process that downloads an artifact, extracts the token, and uses it to replace the artifact with a malicious one. Because subsequent workflow jobs would often use previously uploaded artifacts, an attacker could use this process to achieve remote code execution (RCE) on the job runner that uses the malicious artifact, potentially compromising workstations, Avital notes. Avital's blog post notes other variations on the attack — and "The research laid out here allowed me to compromise dozens of projects maintained by well-known organizations, including firebase-js-sdk by Google, a JavaScript package directly referenced by 1.6 million public projects, according to GitHub. Another high-profile project involved adsys, a tool included in the Ubuntu distribution used by corporations for integration with Active Directory." (Avital says the issue even impacted projects from Microsoft, Red Hat, and AWS.) "All open-source projects I approached with this issue cooperated swiftly and patched their code. Some offered bounties and cool swag." "This research was reported to GitHub's bug bounty program. They categorized the issue as informational, placing the onus on users to secure their uploaded artifacts." My aim in this article is to highlight the potential for unintentionally exposing sensitive information through artifacts in GitHub Actions workflows. To address the concern, I developed a proof of concept (PoC) custom action that safeguards against such leaks. The action uses the @actions/artifact package, which is also used by the upload-artifact GitHub action, adding a crucial security layer by using an open-source scanner to audit the source directory for secrets and blocking the artifact upload when risk of accidental secret exposure exists. This approach promotes a more secure workflow environment... As this research shows, we have a gap in the current security conversation regarding artifact scanning. GitHub's deprecation of Artifacts V3 should prompt organizations using the artifacts mechanism to reevaluate the way they use it. Security defenders must adopt a holistic approach, meticulously scrutinizing every stage — from code to production — for potential vulnerabilities. Overlooked elements like build artifacts often become prime targets for attackers. Reduce workflow permissions of runner tokens according to least privilege and review artifact creation in your CI/CD pipelines. By implementing a proactive and vigilant approach to security, defenders can significantly strengthen their project's security posture. The blog post also notes protection and mitigation features from Palo Alto Networks....

Read more of this story at Slashdot.