pedroapero

In instructions to Google, Judge Rossignoli says that the company must “adopt the necessary technical means to immediately uninstall from Android systems that report IP addresses in the territory of the Argentine Republic (which can be verified by the IP addresses assigned to this country), the application named Magis TV.”

"What was achieved is an unprecedented court order, which is in the process of being analyzed by Google – we understand that they cannot deny it – which is to uninstall, through the Android operating system update, the application on all devices that have an IP address in Argentina,” [prosecuter Alejandro] Musso says.

A hacker has gained access to internal tools used by the location tracking company Tile, including one that processes location data requests for law enforcement, and stolen a large amount of customer data, such as their names, physical addresses, email addresses, and phone numbers, 404 Media reports. From the report:

The stolen data itself does not include the location of Tile devices, which are small pieces of hardware users attach to their keys or other items to monitor remotely. But it is still a significant breach that shows how tools intended for internal use by company workers can be accessed and then leveraged by hackers to collect sensitive data en masse. It also shows that this type of company, one which tracks peoples' locations, can become a target for hackers. "Basically I had access to everything," the hacker told 404 Media in an online chat. The hacker says they also demanded payment from Tile but did not receive a response.

Tile sells various tracking devices which can be located through Tile's accompanying app. Life360, another location data focused company, acquired Tile in November 2021. The hacker says they obtained login credentials for a Tile system that they believe belonged to a former Tile employee. One tool specifically says it can be used to "initiate data access, location, or law enforcement requests." Users can then lookup Tile customers by their phone number or another identifier, according to a screenshot of the tool.

Abstract credit: https://slashdot.org/story/429499

Starting from 2030, Mastercard will no longer require Europeans to enter their card numbers manually when checking out online -- no matter what platform or device they're using. Mastercard will announce Tuesday in a fireside chat with CNBC that, by 2030, all cards it issues on its network in Europe will be tokenized. In other words, instead of the 16-digit card number we're all accustomed to using for transactions, this will be replaced with a randomly generated "token."

The firm says it's been working with banks, fintechs, merchants and other partners to phase out manual card entry for e-commerce by 2030 in Europe, in favor of a one-click button across all online platforms. This will ensure that consumers' cards are secure against fraud attempts, Mastercard says. Users won't have to keep entering passwords every time they try to make a payment, as Mastercard is introducing passkeys that replace passwords.

Visa is rolling out new technology that will allow the payments giant to share more information about customers' preferences [non-paywalled source] based on their shopping history with retailers as it seeks to remain a top player in the competitive e-commerce space. From a report:

The data will be shared via the payments giant's proprietary "tokens," which provide an added layer of security between a consumer's bank information and a merchant. Shopping inclinations and other information based on past transactions -- such as preferred categories, like movies or golf -- will be shared via token with retailers with the consent of consumers.

"It's almost entirely blind to almost all consumers," Visa Chief Executive Officer Ryan McInerney said in an interview of the company's token technology. "They just know their payments work better." The sharing of shopping data via token is one of a handful of innovations Visa unveiled at a conference in San Francisco, where it's based. Visa, one of the largest e-commerce technology companies in the world, is finding itself increasingly fending off competitors seeking larger slices of the fees merchants must pay to carry out consumer transactions.

Abstract credit: https://slashdot.org/story/428471

The blog Its FOSS has 15,000 followers for its Mastodon account — which they think is causing problems:

When you share a link on Mastodon, a link preview is generated for it, right? With Mastodon being a federated platform (a part of the Fediverse), the request to generate a link preview is not generated by just one Mastodon instance. There are many instances connected to it who also initiate requests for the content almost immediately. And, this "fediverse effect" increases the load on the website's server in a big way.

Sure, some websites may not get overwhelmed with the requests, but Mastodon does generate numerous hits, increasing the load on the server. Especially, if the link reaches a profile with more followers (and a broader network of instances)... We tried it on our Mastodon profile, and every time we shared a link, we were able to successfully make our website unresponsive or slow to load.

It's Foss blog says they found three GitHub issues about the same problem — one from 2017, and two more from 2023. And other blogs also reported the same issue over a year ago — including software developer Michael Nordmeyer and legendary Netscape programmer Jamie Zawinski.

And back in 2022, security engineer Chris Partridge wrote:

[A] single roughly ~3KB POST to Mastodon caused servers to pull a bit of HTML and... an image. In total, 114.7 MB of data was requested from my site in just under five minutes — making for a traffic amplification of 36704:1. [Not counting the image.]

Its Foss reports Mastodon's official position that the issue has been "moved as a milestone for a future 4.4.0 release. As things stand now, the 4.4.0 release could take a year or more (who knows?)."

They also state their opinion that the issue "should have been prioritized for a faster fix... Don't you think as a community-powered, open-source project, it should be possible to attend to a long-standing bug, as serious as this one?"

Abstract credit: https://slashdot.org/story/428030

cross-posted from: https://lemmy.smeargle.fans/post/145396

HN Discussion

Hello, I noticed some of my early posts (less than a year ago) disappeared. I did not receive notification about the removal. Hence I suppose it could be due to one of those:

• the instance hosting the community got defederated
• the community I posted in was removed
• there is some automatic cleanup job of old posts on Lemmy.ml

This is not mentioned in Lemmy.ml's presentation section. Does this instance implement pruning? (if so; what is the retention duration?) Is it possible to check the retention policy of a Lemmy instance?

"Researchers have successfully transformed CO2 into methanol," reports SciTechDaily, "by shining sunlight on single atoms of copper deposited on a light-activated material, a discovery that paves the way for creating new green fuels."

Tara LeMercier, a PhD student who carried out the experimental work at the University of Nottingham, School of Chemistry, said: "We measured the current generated by light and used it as a criterion to judge the quality of the catalyst. Even without copper, the new form of carbon nitride is 44 times more active than traditional carbon nitride. However, to our surprise, the addition of only 1 mg of copper per 1 g of carbon nitride quadrupled this efficiency. Most importantly the selectivity changed from methane, another greenhouse gas, to methanol, a valuable green fuel."

Professor Andrei Khlobystov, School of Chemistry, University of Nottingham, said: "Carbon dioxide valorization holds the key for achieving the net-zero ambition of the UK. It is vitally important to ensure the sustainability of our catalyst materials for this important reaction. A big advantage of the new catalyst is that it consists of sustainable elements — carbon, nitrogen, and copper — all highly abundant on our planet." This invention represents a significant step towards a deep understanding of photocatalytic materials in CO2 conversion. It opens a pathway for creating highly selective and tuneable catalysts where the desired product could be dialed up by controlling the catalyst at the nanoscale.

Abstract credit: https://science.slashdot.org/story/24/03/30/049239/researchers-develop-new-material-that-converts-co2-into-methanol-using-sunlight

"To prevent disinformation from eroding democratic values worldwide, the U.S. must establish a global watermarking standard for text-based AI-generated content," writes retired U.S. Army Col. Joe Buccino in an opinion piece for The Hill. While President Biden's October executive order requires watermarking of AI-derived video and imagery, it offers no watermarking requirement for text-based content. "Text-based AI represents the greatest danger to election misinformation, as it can respond in real-time, creating the illusion of a real-time social media exchange," writes Buccino. "Chatbots armed with large language models trained with reams of data represent a catastrophic risk to the integrity of elections and democratic norms."

Joe Buccino is a retired U.S. Army colonel who serves as an A.I. research analyst with the U.S. Department of Defense Defense Innovation Board. He served as U.S. Central Command communications director from 2021 until September 2023. Here's an excerpt from his report:

Watermarking text-based AI content involves embedding unique, identifiable information -- a digital signature documenting the AI model used and the generation date -- into the metadata generated text to indicate its artificial origin. Detecting this digital signature requires specialized software, which, when integrated into platforms where AI-generated text is common, enables the automatic identification and flagging of such content. This process gets complicated in instances where AI-generated text is manipulated slightly by the user. For example, a high school student may make minor modifications to a homework essay created through Chat-GPT4. These modifications may drop the digital signature from the document. However, that kind of scenario is not of great concern in the most troubling cases, where chatbots are let loose in massive numbers to accomplish their programmed tasks. Disinformation campaigns require such a large volume of them that it is no longer feasible to modify their output once released.

The U.S. should create a standard digital signature for text, then partner with the EU and China to lead the world in adopting this standard. Once such a global standard is established, the next step will follow -- social media platforms adopting the metadata recognition software and publicly flagging AI-generated text. Social media giants are sure to respond to international pressure on this issue. The call for a global watermarking standard must navigate diverse international perspectives and regulatory frameworks. A global standard for watermarking AI-generated text ahead of 2024's elections is ambitious -- an undertaking that encompasses diplomatic and legislative complexities as well as technical challenges. A foundational step would involve the U.S. publicly accepting and advocating for a standard of marking and detection. This must be followed by a global campaign to raise awareness about the implications of AI-generated disinformation, involving educational initiatives and collaborations with the giant tech companies and social media platforms.

In 2024, generative AI and democratic elections are set to collide. Establishing a global watermarking standard for text-based generative AI content represents a commitment to upholding the integrity of democratic institutions. The U.S. has the opportunity to lead this initiative, setting a precedent for responsible AI use worldwide. The successful implementation of such a standard, coupled with the adoption of detection technologies by social media platforms, would represent a significant stride towards preserving the authenticity and trustworthiness of democratic norms.

Exerp credit: https://slashdot.org/story/423285

A programmer in northern China has been ordered to pay more than 1 million yuan to the authorities for using a virtual private network (VPN), in what is thought to be the most severe individual financial penalty ever issued for circumventing China's "great firewall." The programmer, surnamed Ma, was issued with a penalty notice by the public security bureau of Chengde, a city in Hebei province, on August 18. The notice said Ma had used "unauthorised channels" to connect to international networks to work for a Turkish company. The police confiscated the 1.058m yuan ($145,092) Ma had earned as a software developer between September 2019 and November 2022, describing it as "illegal income," as well as fining him 200 yuan ($27).

Charlie Smith (a pseudonym), the co-founder of GreatFire.org, a website that tracks internet censorship in China, said: "Even if this decision is overturned in court, a message has been sent and damage has been done. Is doing business outside of China now subject to penalties?"

Abstract credit: https://slashdot.org/story/420019

A compilation of declassified nuclear incidents, by Derek Muller (Veritasium).

Or on youtube directly: https://www.youtube.com/watch?v=ILgSesWMUEI

The next release of the Linux kernel, 6.6 [will] include the KSMBD in-kernel server for the SMB networking protocol, developed by Samsung's Namjae Jeon.

it has faced considerable security testing and as a result it is no longer marked as experimental.

It's compatible with existing Samba configuration files.

But why is KSMBD important? First off, it promises considerable performance gains and better support for modern features such as Remote Direct Memory Access (RDMA)... KSMBD also adds enhanced security, considerably better performance for both single and multi-thread read/write, better stability, and higher compatibility. In the end, hopefully, this KSMBD will also mean easier share setups in Linux without having to jump through the same hoops one must with the traditional Samba setup.