News

sciencehabit shares a report from Science Magazine: A species of lungfish found in South America has claimed the title of the animal with the biggest genome sequenced so far. The DNA of Lepidosiren paradoxa comprises a staggering 91 billion chemical letters or "bases," 30 times as many as the human genome, researchers report today in Nature. However, those 91 billion bases of DNA only contain about the same number of genes that humans have -- roughly 20,000 -- with the rest consisting of noncoding, perhaps even "junk" DNA. By comparing this genome with those of other lungfishes, the researchers determined that L. paradoxa adds the equivalent of a human genome to its DNA every 10 million years.

Read more of this story at Slashdot.

According to Kaspersky, hackers linked to Chinese threat actors have targeted Russian state agencies and tech companies in a campaign named EastWind. The Record reports: [T]he attackers used the GrewApacha remote access trojan (RAT), an unknown PlugY backdoor and an updated version of CloudSorcerer malware, which was previously used to spy on Russian organizations. The GrewApacha RAT has been used by the Beijing-linked hacking group APT31 since at least 2021, the researchers said, while PlugY shares many similarities with tools used by the suspected Chinese threat actor known as APT27. According to Kaspersky, the hackers sent phishing emails containing malicious archives. In the first stage of the attack, they exploited a dynamic link library (DLL), commonly found in Windows computers, to collect information about the infected devices and load the additional malicious tools. While Kaspersky didn't explicitly attribute the recent attacks to APT31 or APT27, they highlighted links between the tools that were used. Although PlugY malware is still being analyzed, it is highly likely that it was developed using the DRBControl backdoor code, the researchers said. This backdoor was previously linked to APT27 and bears similarities to PlugX malware, another tool typically used by hackers based in China.

Read more of this story at Slashdot.

The IRS should reopen its Technology Retirement Office to effectively manage the retirement and replacement of legacy systems, according to a Treasury Inspector General for Tax Administration (TIGTA) audit. The Register reports: The report (PDF), from the Treasury Inspector General for Tax Administration (TIGTA), credits the IRS with fully implementing two out of four previous tech modernization recommendations, though argues the other two recommendations were ineffectively implemented. Those failures include the agency's decision in 2023 to scrap its own Technology Retirement Office, which stood up in 2021 "to strategically reduce the [IRS' IT] footprint." Without that office, "there is no enterprise-wide program to identify, prioritize, and execute the updating, replacing, or retiring of legacy systems" at the IRS, the inspector general declared, adding the unit should be reestablished or brought back in some similar form. The closure of the retirement office, in the eyes of the TIGTA, is part of the IRS's failure to properly identify and plan for shutting down legacy systems and possibly replacing them with something modern. According to the audit report, the IRS identified 107 of its 334 legacy systems as up for retirement, yet only two of those 107 have specific decommissioning plans. The TIGTA would like to see clear plans for all of those identified systems, and had hoped the retirement office (or similar) would provide them. Then there's the second incomplete recommendation, which the IG said is the IRS' failure to properly apply its own definition of a legacy system to all of its tech. [...] In its response to the IG report, the IRS said it had largely addressed the two incomplete recommendations, though not entirely as the Inspector General might want.

Read more of this story at Slashdot.

Microsoft says it will temporarily cease its contentious Windows 11 upgrade campaign following user backlash. The tech giant had been bombarding Windows 10 users with full-screen popups urging them to switch operating systems. Starting with April's security update, these intrusive notifications will be discontinued. Microsoft says it will unveil a revised upgrade strategy in the coming months, as Windows 10 support nears its October 2025 end date.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Intel is partnering with Karma Automotive to develop an all-new computing platform for vehicles. The new software-defined vehicle architecture should first appear in a high-end electric coupe from Karma in 2026. But the partners have bigger plans for this architecture, with talk of open standards and working with other automakers also looking to make the leap into the software-defined future. [...] In addition to advantages in processing power and weight savings, software-defined vehicles are easier to update over-the-air, a must-have feature since Tesla changed that paradigm. Karma and Intel say their architecture should also have other efficiency benefits. They give the example of security monitoring that remains active even when the vehicle is turned off; they move this to a low-powered device using "data center application orchestration concepts." Intel is also contributing its power management SoC to get the most out of inverters, DC-DC converters, chargers, and as you might expect, the domain controllers use Intel silicon as well, apparently with some flavor of AI enabled. [...] Karma's first car to use the software-defined vehicle architecture will be the Kayeva, a $300,000 two-door with 1,000 hp (745 kW) on tap, which is scheduled to arrive in two years. But Intel and Karma want to offer the architecture to others in the industry. "For Tier 1s and OEMs not quite ready to take the leap from the old way of doing things to the new, Karma Automotive will play as an ally, helping them make that transition," said [Karma President Marques McCammon]. "Together, we're harnessing the combined might of Intel's technological prowess and Karma's ultra-luxury vehicle expertise to co-develop a revolutionary software-defined vehicle architecture," said McCammon. "This isn't just about realizing Karma's full potential; it's about creating a blueprint for the entire industry. We're not just building exceptional vehicles, we're paving the way for a new era of automotive innovation and offering a roadmap for those ready to make the leap."

Read more of this story at Slashdot.

AltStore PAL, a third-party iOS app store available in the EU, has eliminated its annual 1.50-euro subscription fee after receiving a "MegaGrant" from Epic Games. This grant was awarded for "innovation in app distribution," allowing AltStore to cover Apple's Core Technology Fee without charging users. The Verge reports: Epic uses MegaGrants as a way to "sponsor the development of exciting projects that may not otherwise have enough funding to fully realize," the company says. The grants are typically meant for smaller teams using Epic's technologies to "bring bold, challenging, and insanely creative dreams to life," but in this case, Epic awarded the grant for "innovation in app distribution," according to AltStore. AltStore didn't share the dollar value of the grant. Current subscribers won't be charged when their renewal date rolls around, AltStore says. The AltStore team also plans to "show our appreciation for our existing subscribers in a future update" but didn't specify what that might look like.

Read more of this story at Slashdot.

The SAG-AFTRA actors' union has struck a deal with online talent marketplace Narrativ, allowing actors to sell advertisers the rights to replicate their voices using AI. "Not all members will be interested in taking advantage of the opportunities that licensing their digital voice replicas might offer, and that's understandable," SAG-AFTRA official Duncan Crabtree-Ireland said in a statement. "But for those who do, you now have a safe option." Reuters reports: Narrativ connects advertisers and ad agencies with actors to create audio ads using AI. Under the deal, an actor can set the price for an advertiser to digitally replicate their voice, provided it at least equals the SAG-AFTRA minimum pay for audio commercials. Brands must obtain consent from performers for each ad that uses the digital voice replica. The union hailed the pact with Narrativ as setting a standard for the ethical use of AI-generated voice replicas in advertising.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Wired: Professional cycling has, in its recent history, been prone to a shocking variety of cheating methods and dirty tricks.Performance-enhancing drugs.Tacks strewn on race courses. Even stealthy motors hidden inside of wheel hubs. Now, for those who fail to download a software patch for their gear shifters -- yes, bike components now get software updates -- there may be hacker saboteurs to contend with, too. At the Usenix Workshop on Offensive Technologies earlier this week, researchers from UC San Diego and Northeastern University revealed a technique that would allow anyone with a few hundred dollars of hardware to hack Shimano wireless gear-shifting systems (Warning: source may be paywalled; alternative source) of the kind used by many of the top cycling teams in the world, including in recent events like the Olympics and the Tour de France. Their relatively simple radio attack would allow cheaters or vandals to spoof signals from as far as 30 feet away that trigger a target bike to unexpectedly shift gears or to jam its shifters and lock the bike into the wrong gear. The trick would, the researchers say, easily be enough to hamper a rival on a climb or, if timed to certain intense moments of a race, even cause dangerous instability. "The capability is full control of the gears. Imagine you're going uphill on a Tour de France stage: If someone shifts your bike from an easy gear to a hard one, you're going to lose time," says Earlence Fernandes, an assistant professor at UCSD's Computer Science and Engineering department. "Or if someone is sprinting in the big chain ring and you move it to the small one, you can totally crash a person's bike like that." [...] The researchers' technique exploits the increasingly electronic nature of modern high-end bicycles, which now have digital components like power meters, wireless control of fork suspensions, and wireless shifters. "Modern bicycles are cyber-physical systems," the researchers note in their Usenix paper. Almost all professional cyclists now use electronic shifters, which respond to digital signals from shifter controls on the bike's handlebars to move a bicycle's chain from gear to gear, generally more reliably than mechanical shifting systems. In recent years, those wired electronic shifters have transitioned again to wireless versions that pair via a radio connection, such as the popular Di2 wireless shifters sold by the Japanese cycling component firm Shimano, which the researchers focused on. Shimano says it has developed a firmware update to patch the exploit but it won't be available widely until late August. The update is intended to improve wireless transmission across Shimano Di2 component platforms, though specific details about the fix and how it prevents the identified attacks have not been disclosed for security reasons.

Read more of this story at Slashdot.

Climate activists have broken into four German airport sites, briefly bringing air traffic to a halt at two of those before police made arrests. From a report: Protesters from Letzte Generation -- Germany's equivalent to Just Stop Oil -- gained access on Thursday to airfields in areas near the takeoff and landing strips of Cologne-Bonn, Nuremberg, Berlin Brandenburg and Stuttgart airports at dawn. Air traffic was suspended for a short time at Nuremberg and Cologne-Bonn due to police operations. The activists cut holes in fences with bolt cutters, glued themselves to the asphalt and unfurled banners reading "Oil kills" and "Sign the treaty," in reference to Letzte Generation's demand that the German government negotiate and sign an agreement for an international ban on the use of oil, gas and coal by 2030. The action was reminiscent of similar protests this summer and followed raids carried out a week ago on the homes of climate activists in five German cities, at which police collected DNA samples, in what Letzte Generation called "an attempt at intimidation." The interior minister, Nancy Faeser, condemned the protest and called for anyone convicted of involvement in Thursday's action to be given prison sentences. She wrote: "These criminal actions are dangerous and stupid. These anarchists are risking not only their own lives, but are also endangering others. We have recommended tough prison sentences. And we obligate airports to secure their facilities significantly better."

Read more of this story at Slashdot.

ISPs have asked the US Supreme Court to strike down a New York law that requires broadband providers to offer $15-per-month service to people with low incomes. From a report: On Monday, a Supreme Court petition challenging the state law was filed by six trade groups representing the cable, telecom, mobile, and satellite industries. Although ISPs were recently able to block the FCC's net neutrality rules, this week's petition shows the firms are worried about states stepping into the regulatory vacuum with various kinds of laws targeting broadband prices and practices. A broadband-industry victory over federal regulation could bolster the authority of New York and other states to regulate broadband. To prevent that, ISPs said the Supreme Court should strike down both the New York law and the FCC's broadband regulation, although the rulings would have to be made in two different cases. A situation in which the New York law is upheld while federal rules are struck down "will likely lead to more rate regulation absent the Court's intervention," ISPs told the Supreme Court. "Other States are likely to copy New York once the Attorney General begins enforcing the ABA [Affordable Broadband Act] and New York consumers can buy broadband at below-market rates. As petitioners' members have shown, New York's price cap will require them to sell broadband at a loss and deter them from investing in expanding their broadband networks. As rate regulation proliferates, those harms will as well, stifling critical investment in bringing broadband to unserved and underserved areas." The New York law was upheld in April by the US Court of Appeals for the 2nd Circuit, which reversed a 2021 District Court ruling. New York Attorney General Letitia James agreed last week not to enforce the $15 broadband law while the Supreme Court considers whether to take up the case.

Read more of this story at Slashdot.

Californians' driver's licenses are going digital as people will soon be able to carry them in their Apple or Google wallets. From a report: The governor's office says it's a secure and convenient tool that will allow users to more easily undergo ID verification, such as airport screenings. The virtual wallet capabilities, which are set to roll out "in the coming weeks," will allow users to add and access California driver's licenses and ID cards on their iPhones, Apple Watch and Android devices -- similar to credit cards. They will be authorized for use in TSA screenings, select apps and select businesses, such as Circle K. Participating airports in the state include SFO, SJC and LAX. The new format, which Gov. Gavin Newsom is expected to announce Thursday, is part of the DMV's broader mobile driver's license (mDL) pilot, which launched last year. "This is a big step in our efforts to better serve all Californians, meeting people where they're at and with technology people use every day," Newsom said in a statement shared first with Axios.

Read more of this story at Slashdot.

Microsoft is notifying folks that its AI services should not be taken too seriously, echoing prior service-specific disclaimers. From a report: In an update to the IT giant's Service Agreement, which takes effect on September 30, 2024, Redmond has declared that its Assistive AI isn't suitable for matters of consequence. "AI services are not designed, intended, or to be used as substitutes for professional advice," Microsoft's revised legalese explains. The changes to Microsoft's rules of engagement cover a few specific services, such as noting that Xbox customers should not expect privacy from platform partners. "In the Xbox section, we clarified that non-Xbox third-party platforms may require users to share their content and data in order to play Xbox Game Studio titles and these third-party platforms may track and share your data, subject to their terms," the latest Service Agreement says. There are also some clarifications regarding the handling of Microsoft Cashback and Microsoft Rewards. But the most substantive revision is the addition of an AI Services section, just below a passage that says Copilot AI Experiences are governed by Bing's Terms of Use. Those using Microsoft Copilot with commercial data protection get a separate set of terms. The tweaked consumer-oriented rules won't come as much of a surprise to anyone who has bothered to read the contractual conditions governing Microsoft's Bing and associated AI stuff. For example, there's now a Services Agreement prohibition on using AI Services for "Extracting Data."

Read more of this story at Slashdot.

An anonymous reader shares a report: Since last month's blue-screen deluge, CrowdStrike has published analyses of what went wrong and said it hired third-party security companies to review its product. Now, Germany's powerful cybersecurity agency is seizing the moment and hoping to rattle tech and cyber companies into altering their products to head off another mega-meltdown. In particular, the Bonn-based Federal Office for Information Security is taking aim at the access Microsoft gives security providers to its Windows kernel, a core part of its operating system. As well, the German agency is looking for fundamental changes in the way CrowdStrike and other cyber firms design their tools, in hopes of curbing that access. "The most important thing is to prevent [that] this can happen again," said Thomas Caspers, director general for technology strategy at the BSI, as the agency is known. Leveraging the dread that filled Silicon Valley following the July outage, the BSI is planning to organize a conference this year gathering major tech firms, where it hopes they will commit to restricting access to the kernel, a change Caspers says is crucial to stopping similar failures. "We expect each company to be very specific about what they will do based on what we agreed on," he said.

Read more of this story at Slashdot.

Roku has removed the Redbox app from its platform, effectively cutting off users' access to purchased content following Redbox parent company Chicken Soup for the Soul Entertainment's bankruptcy filing. The move signals the likely end of Redbox's digital streaming service, which launched in 2017 to complement its DVD rental kiosks. Customers attempting to use the Redbox app on Roku devices now receive an error message directing them to other streaming services. While the app remains downloadable on some platforms, including Apple's App Store and Google Play, its functionality is severely limited. The shutdown raises questions about the fate of content purchased through Redbox's streaming service and the company's remaining 24,000 physical kiosks.

Read more of this story at Slashdot.

Google's master software for some Android phones includes a hidden feature that is insecure and could be activated to allow remote control or spying on users, according to a security company that found it inside phones at a U.S. intelligence contractor. From a report: The feature appears intended to give employees at stores selling Pixel phones and other models deep access to the devices so they can demonstrate how they work, according to researchers at iVerify who shared their findings with The Washington Post. The discovery and Google's lack of explanation alarmed the intelligence contractor, data analysis platform vendor Palantir Technologies, to the extent that it has stopped issuing Android phones to employees, Palantir told The Post. "Mobile security is a very real concern for us, given where we're operating and who we're serving," Palantir Chief Information Security Officer Dane Stuckey said. "This was very deleterious of trust, to have third-party, unvetted insecure software on it. We have no idea how it got there, so we made the decision to effectively ban Androids internally." The security company said it contacted Google about its findings more than 90 days ago and that the tech giant has not indicated whether it would remove or fix the application. On Wednesday night, Google told The Post that it would issue an update to remove the application. "Out of an abundance of precaution, we will be removing this from all supported in-market Pixel devices with an upcoming Pixel software update," said company spokesperson Ed Fernandez. He said distributors of other Android phones would also be notified.

Read more of this story at Slashdot.

Eric Schmidt, ex-CEO and executive chairman at Google, walked back remarks in which he said his former company was losing the AI race because of its remote-work policies. From a report: "I misspoke about Google and their work hours," Schmidt said Wednesday in an email to The Wall Street Journal. "I regret my error." Schmidt, who left Google parent Alphabet's board more than five years ago, spoke earlier at a wide-ranging discussion at Stanford University. He criticized Google's remote-work policies in response to a question about Google competing with OpenAI. "Google decided that work-life balance and going home early and working from home was more important than winning," Schmidt said at Stanford. "The reason startups work is because the people work like hell." Video of Schmidt's talk was posted on YouTube this week by Stanford Online, a division of the university that offers online courses. The video, which had more than 40,000 views as of Wednesday afternoon, has since been set to private. Schmidt said he asked for the video to be taken down.

Read more of this story at Slashdot.

EmagGeek writes: Kim Dotcom, who is facing criminal charges relating to the defunct filesharing website Megaupload, is to be extradited to the US, the New Zealand justice minister says, which could end more than a decade of legal wrangling. German-born Dotcom has New Zealand residency and has been fighting extradition to the US since 2012 after an FBI-ordered raid on his Auckland mansion. The high court in New Zealand first approved his extradition in 2017, with an appeal court reaffirming the finding the year after. In 2020, the country's supreme court again affirmed the finding but opened the door for a fresh round of judicial review. Now, the justice minister, Paul Goldsmith, has signed an extradition order for Dotcom, a spokesperson said on Thursday. "I considered all of the information carefully, and have decided that Mr Dotcom should be surrendered to the US to face trial," Goldsmith said. "As is common practice, I have allowed Mr Dotcom a short period of time to consider and take advice on my decision. I will not, therefore, be commenting further at this stage."

Read more of this story at Slashdot.

Judge James Donato just made it crystal clear: Google will pay. From a report: Eight months after a federal jury unanimously decided that Google's Android app store is an illegal monopoly in Epic v. Google, Donato held his final hearing on remedies today. While we don't yet know what will happen, he repeatedly shut down any suggestion that Google shouldn't have to open up its store to rival stores, that it'd be too much work or cost too much, or that the proposed remedies go too far. "We're going to tear the barriers down, it's just the way it's going to happen," said Donato. "The world that exists today is the product of monopolistic conduct. That world is changing." Donato will issue his final ruling in a little over two weeks.

Read more of this story at Slashdot.

An anonymous reader quotes a report from SFGATE: Cisco Systems is laying off 7% of its workforce, the company announced in a filing with the Securities and Exchange Commission on Wednesday. It's the San Jose tech giant's second time slashing thousands of jobs this year. The networking and telecommunications company is vast, reporting to have 84,900 employees in July 2023 before it chopped at least 4,000 in February. That means the new 7% cut will likely affect at least 5,500 workers. Cisco spokesperson Robyn Blum said in an email to SFGATE that the layoff is meant to allow the company to invest in "key growth opportunities and drive more efficiency in our business." [...] More hints about the layoff's potential reasoning showed up in a Wednesday blog post from CEO Chuck Robbins. The executive wrote that Cisco plans to consolidate its networking, security and collaboration teams into one organization and said the company is still integrating Splunk; Cisco closed its $28 billion acquisition of San Francisco-based data security and management company in March. Cisco also announced its earnings for its last fiscal year on Wednesday. Total revenue was slightly down year over year, to $53.8 billion, but the company still reported a $10.3 billion profit during the same period.

Read more of this story at Slashdot.

Slate's Derek Heckman, an avid fan of Magic: The Gathering since the age of 10, expresses concern about the potential replacement of the game's distinctive hand-drawn art with generative AI -- and he's not alone. "I think we're all pretty afraid of what the potential is, given what we've seen from the generative image side," Sam, a YouTube creator who runs the channel Rhystic Studies, told him. "It's staggeringly powerful. And it's only in its infancy." "Magic's greatest asset has always been its commitment to create a new illustration for every new card," he said. He adds that if we sacrifice that commitment for A.I., "you'd get to a point pretty fast where it just disintegrates and becomes the ugliest definition of the word product." Here's an excerpt from his report: So far, Magic's parent company, Wizards of the Coast, has outwardly agreed with Sam, saying in an official statement in 2023 that Magic "has been built on the innovation, ingenuity, and hard work of talented people" and forbidding outside creatives from using A.I. in their work. However, a number of recent incidents -- from the accidental use of A.I. art in a Magic promotional image to a very intentional LinkedIn post for a "Principal AI Engineer," one that Wizards had to clarify was for the company's video game projects -- have left many players unsure whether Wizards is potentially evolving their stance, or merely trying to find their footing in an ever-changing A.I. landscape. In response to fan concerns, Wizards has created an "AI art FAQ" detailing, among other things, the new technologies it's invested in to detect A.I. use in art. Still, trust in the company has been damaged by this year's incidents. Longtime Magic artist David Rapoza even severed ties with the game this past January, citing this seeming difference between Wizards' words and actions when it comes to the use of A.I. Sam says the larger audience has likewise been left "cautiously suspicious," hoping to believe Wizards' official statements while also carefully noting the company's moves and mistakes with the technology. "I think what we want is for Wizards to commit hard to one lane and stay [with] what is tried and true," Sam says. "And that is prioritizing human work over shortcuts."

Read more of this story at Slashdot.