On Friday, long-time Slashdot reader NewtonsLaw wrote: Manufacturers of drones made after 16 September 2022 must, from today (16 December), ensure that those drones are "Standard Remote ID" compliant. This means that the drones must broadcast packets of data once per second (using Bluetooth or Wifi) that contain the position speed and path of the drone, a unique identifier and the operator's position including height above ground....

Already, several companies have announced their intention to build networks of receivers that will create a realtime database of all drone activity in the USA, showing the positions of the drones and their operators and flagging any non-compliant craft.

By September 16, 2023, all U.S. hobbyists must fit "broadcast remote ID" modules to their RC model aircraft or older drones which also make them Remote ID compliant (unless they are under 250g in mass or are flown in pre-approved areas called FRIAs)....

Drone and radio-controlled model aircraft users must register with the FAA [unless they weigh less than 0.55 pounds], sit (and pass) a knowledge test and soon have this Remote ID technology installed on all their craft.
"Remote ID helps the FAA, law enforcement, and other federal agencies find the control station when a drone appears to be flying in an unsafe manner or where it is not allowed to fly," argues an FAA web page. This week the top intelligence official at the U.S. Department of Defense told reporters that drones, including drones operated by amateur hobbyists and by foreign adversaries, account for many of the reports of Unidentified Flying Objects, according to the Washington Post.

They quote Sean Kirkpatrick, the director of America's new UFO-tracking agency, as saying that "Some of these things almost collide with planes. We see that on a regular basis...."

IBM has quietly announced it's planning a 24-core Power 10 processor, seemingly to make one of its servers capable of running Oracle's database in a cost-effective fashion. From a report: A hardware announcement dated December 13 revealed the chip in the following "statement of general direction" about Big Blue's Power S1014 technology-based server: "IBM intends to announce a high-density 24-core processor for the IBM Power S1014 system (MTM 9105-41B) to address application environments utilizing an Oracle Database with the Standard Edition 2 (SE2) licensing model. It intends to combine a robust compute throughput with the superior reliability and availability features of the IBM Power platform while complying with Oracle Database SE2 licensing guidelines."

Google this week released OSV-Scanner -- an open source vulnerability scanner linked to the OSV.dev database that debuted last year. From a report: Written in the Go programming language, OSV-Scanner is designed to scan open source applications to assess the security of any incorporated dependencies -- software libraries that get added to projects to provide pre-built functions so developers don't have to recreate those functions on their own. Modern applications can have a lot of dependencies. For example, researchers from Mozilla and Concordia University in Canada recently created a single-page web application with the React framework using the create-react-app command. The result was a project with seven runtime dependencies and nine development dependencies.

But each of these direct dependencies had other dependencies, known as transitive dependencies. The react package includes loose-envify as a transitive dependency -- one that itself depends on other libraries. All told, this basic single-page "Hello world" app required a total of 1,764 dependencies. As Rex Pan, a software engineer on Google's Open Source Security Team, observed on Tuesday in a blog post, vetting thousands of dependences isn't something developers can do on their own.

An anonymous reader quotes a report from The Guardian: Genomics England is to test whether sequencing babies' genomes at birth could help speed up the diagnosis of about 200 rare genetic diseases, and ensure faster access to treatment. The study, which will sequence the genomes of 100,000 babies over the next two years, will explore the cost-effectiveness of the approach, as well as how willing new parents are to accept it. Although researchers will only search babies' genomes for genetic conditions that surface during early childhood, and for which an effective treatment already exists, their sequences will be held on file. This could open the door to further tests that could identify untreatable adult onset conditions, or other genetically determined traits, in the future.

The study aims to recruit 100,000 newborn children to undergo voluntary whole genome sequencing over the next two years, to assess the feasibility and effectiveness of the technology – including whether it could save the NHS money by preventing serious illness. It will also explore how researchers might access an anonymized version of this database to study people as they grow older, and whether a person's genome might be used throughout their lives to inform future healthcare decisions. For instance, if someone develops cancer when they are older, there may be an opportunity to use their stored genetic information to help diagnose and treat them. Dr Richard Scott, chief medical officer at Genomics England, said: "At the moment, the average time to diagnosis in a rare disease is about five years. This can be an extraordinary ordeal for families, and it also puts pressure on the health system. The question this program is responding to is: 'is there a way that we can get ahead of this?'"

"The bottom line here is about us taking a cautious approach, and developing a view jointly nationally about what the right approach is, and what the right safeguards are," he added.

The U.S. Supreme Court on Monday asked the Biden administration to weigh in on song-lyric website Genius' attempt to revive a lawsuit over Google's alleged theft of its work. From a report: The justices are considering whether to hear ML Genius Holdings LLC's bid to overturn a U.S. appeals court's ruling that its case against Google LLC was preempted by federal copyright law. The Supreme Court often asks for the solicitor general's input on cases in which the U.S. government may have an interest.

Genius, formerly known as Rap Genius, keeps a database of song lyrics and annotations maintained by volunteers. It sued Google and its partner LyricFind in New York state court in 2019 for allegedly posting its lyric transcriptions at the top of Google search results without permission. Genius argued Google violated its terms of service by stealing its work and reposting it on Google webpages, decreasing traffic to Genius' site. The 2nd U.S. Circuit Court of Appeals in March affirmed a decision to dismiss the case, finding Genius' breach-of-contract claims were based on copyright concerns and should have been brought under copyright law.

An anonymous reader quotes a report from KrebsOnSecurity: On Dec. 10, 2022, the relatively new cybercrime forum Breached featured a bombshell new sales thread: The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members. The FBI's InfraGard program is supposed to be a vetted Who's Who of key people in private sector roles involving both cyber and physical security at companies that manage most of the nation's critical infrastructures -- including drinking water and power utilities, communications and financial services firms, transportation and manufacturing companies, healthcare providers, and nuclear energy firms. "InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks," the FBI's InfraGard fact sheet reads.

KrebsOnSecurity contacted the seller of the InfraGard database, a Breached forum member who uses the handle "USDoD" and whose avatar is the seal of the U.S. Department of Defense. USDoD said they gained access to the FBI's InfraGard system by applying for a new account using the name, Social Security Number, date of birth and other personal details of a chief executive officer at a company that was highly likely to be granted InfraGard membership. The CEO in question -- currently the head of a major U.S. financial corporation that has a direct impact on the creditworthiness of most Americans -- did not respond to requests for comment. USDoD told KrebsOnSecurity their phony application was submitted in November in the CEO's name, and that the application included a contact email address that they controlled -- but also the CEO's real mobile phone number. "When you register they said that to be approved can take at least three months," USDoD said. "I wasn't expected to be approve[d]." But USDoD said that in early December, their email address in the name of the CEO received a reply saying the application had been approved. While the FBI's InfraGard system requires multi-factor authentication by default, users can choose between receiving a one-time code via SMS or email. "If it was only the phone I will be in [a] bad situation," USDoD said. "Because I used the person['s] phone that I'm impersonating."

USDoD said the InfraGard user data was made easily available via an Application Programming Interface (API) that is built into several key components of the website that help InfraGard members connect and communicate with each other. USDoD said after their InfraGard membership was approved, they asked a friend to code a script in Python to query that API and retrieve all available InfraGard user data. "InfraGard is a social media intelligence hub for high profile persons," USDoD said. "They even got [a] forum to discuss things." USDoD acknowledged that their $50,000 asking price for the InfraGard database may be a tad high, given that it is a fairly basic list of people who are already very security-conscious. Also, only about half of the user accounts contain an email address, and most of the other database fields -- like Social Security Number and Date of Birth -- are completely empty. [...] While the data exposed by the infiltration at InfraGard may be minimal, the user data might not have been the true end game for the intruders. USDoD said they were hoping the imposter account would last long enough for them to finish sending direct messages as the CEO to other executives using the InfraGuard messaging portal.

A Japanese billionaire picked his crewmates for the first-ever artist-centered mission. Space.com reports: Yusaku Maezawa, who made his fortune as an online fashion retailer, announced the eight people who would be flying with him on the dearMoon mission, which aims to use a SpaceX Starship to fly around the moon as soon as next year. "I hope each and every one will recognize the responsibility that comes with leaving the Earth, travelling to the moon and back," Maezawa says in the video in Japanese, with a translation provided in-video.

Riding along with Maezawa will be:
- Steve Aoki, D.J., producer and electronic dance music artist with several Billboard-charting studio albums;
- Tim Dodd, YouTube creator of the "Everyday Astronaut" channel (Dodd has interviewed SpaceX founder Elon Musk multiple times on camera);
- Yemi A.D., artist and choreographer known for his work with JAD Dance Company and with Ye (formerly Kanye West);
- Karim Iliya, photographer whose publications include National Geographic Magazine;
- Rhiannon Adam, a photographer who has been supported by the BBC/Royal Geographical Society and won multiple awards, according to their website;
- Brendan Hall, filmmaker on projects such as the two-hour documentary "Blood Sugar Rising" about diabetes in the United States, according to the Internet Movie Database;
- Dev Joshi, an "Indian television actor known for portraying the role of Baal Veer in Sony Sab's Baal Veer and Baalveer Returns," according to the Internet Movie Database;
- T.O.P., a South Korean rapper known as the lead for the boy band Big Bang;
- Two backup members: dancer Miyu, and snowboarder Kaitlyn Farrington.

Each member of the dearMoon crew was briefly quoted in a video from the dearMoon YouTube channel, and the announcement was confirmed on Dodd's and Maezawa's Twitter feeds.

DeepMind's new artificial intelligence system called AlphaCode was able to "achieve approximately human-level performance" in a programming competition. The findings have been published in the journal Science. Slashdot reader sciencehabit shares a report from Science Magazine: AlphaCode's creators focused on solving those difficult problems. Like the Codex researchers, they started by feeding a large language model many gigabytes of code from GitHub, just to familiarize it with coding syntax and conventions. Then, they trained it to translate problem descriptions into code, using thousands of problems collected from programming competitions. For example, a problem might ask for a program to determine the number of binary strings (sequences of zeroes and ones) of length n that don't have any consecutive zeroes. When presented with a fresh problem, AlphaCode generates candidate code solutions (in Python or C++) and filters out the bad ones. But whereas researchers had previously used models like Codex to generate tens or hundreds of candidates, DeepMind had AlphaCode generate up to more than 1 million.

To filter them, AlphaCode first keeps only the 1% of programs that pass test cases that accompany problems. To further narrow the field, it clusters the keepers based on the similarity of their outputs to made-up inputs. Then, it submits programs from each cluster, one by one, starting with the largest cluster, until it alights on a successful one or reaches 10 submissions (about the maximum that humans submit in the competitions). Submitting from different clusters allows it to test a wide range of programming tactics. That's the most innovative step in AlphaCode's process, says Kevin Ellis, a computer scientist at Cornell University who works AI coding.

After training, AlphaCode solved about 34% of assigned problems, DeepMind reports this week in Science. (On similar benchmarks, Codex achieved single-digit-percentage success.) To further test its prowess, DeepMind entered AlphaCode into online coding competitions. In contests with at least 5000 participants, the system outperformed 45.7% of programmers. The researchers also compared its programs with those in its training database and found it did not duplicate large sections of code or logic. It generated something new -- a creativity that surprised Ellis. The study notes the long-term risk of software that recursively improves itself. Some experts say such self-improvement could lead to a superintelligent AI that takes over the world. Although that scenario may seem remote, researchers still want the field of AI coding to institute guardrails, built-in checks and balances.

America's Transportation Security Administration "has been quietly testing controversial facial recognition technology for passenger screening at 16 major domestic airports — from Washington to Los Angeles," reports the Washington Post.

Their article adds that the agency "hopes to expand it across the United States as soon as next year." Kiosks with cameras are doing a job that used to be completed by humans: checking the photos on travelers' IDs to make sure they're not impostors.... You step up to the travel document checker kiosk and stick your ID into a machine. Then you look into a camera for up to five seconds and the machine compares your live photo to the one it sees on your ID. They call this a "one to one" verification system, comparing one face to one ID. Even though the software is judging if you're an impostor, there's still a human agent there to make the final call (at least for now).

So how accurate is it? The TSA says it's been better at verifying IDs than the manual process. "This technology is definitely a security enhancement," said [TSA program manager Jason] Lim. "We are so far very satisfied with the performance of the machine's ability to conduct facial recognition accurately...." But the TSA hasn't actually released hard data about how often its system falsely identifies people, through incorrect positive or negative matches. Some of that might come to light next year when the TSA has to make its case to the Department of Homeland Security to convert airports all over the United States into facial recognition systems....

The TSA says it doesn't use facial recognition for law-enforcement purposes. It also says it minimizes holding on to our face data, so it isn't using the scans to build out a new national database of face IDs. "The scanning and match is made and immediately overwritten at the Travel Document Checker podium. We keep neither the live photo nor the photo of the ID," said Lim. But the TSA did acknowledge there are cases in which it holds on to the data for up to 24 months so its science and technology office can evaluate the system's effectiveness....

"None of this facial recognition technology is mandated," said Lim. "Those who do not feel comfortable will still have to present their ID — but they can tell the officer that they do not want their photo taken, and the officer will turn off the live camera." There are also supposed to be signs around informing you of your rights.
Here's the TSA's web page about the program. Thanks to long-time Slashdot reader SonicSpike for sharing the article.

An anonymous reader quotes a report from BleepingComputer: A previously undocumented data wiper named CryWiper is masquerading as ransomware, but in reality, destroys data beyond recovery in attacks against Russian mayor's offices and courts. CryWiper was first discovered by Kaspersky this fall, where they say the malware was used in an attack against a Russian organization. [...] CryWiper is a 64-bit Windows executable named 'browserupdate.exe' written in C++, configured to abuse many WinAPI function calls. Upon execution, it creates scheduled tasks to run every five minutes on the compromised machine.

Next, it contacts a command and control server (C2) with the name of the victim's machine. The C2 responds with either a "run" or "do not run" command, determining whether the wiper will activate or stay dormant. Kaspersky reports seeing execution delays of 4 days (345,600 seconds) in some cases, likely added in the code to help confuse the victim as to what caused the infection. CryWiper will stop critical processes related to MySQL, MS SQL database servers, MS Exchange email servers, and MS Active Directory web services to free locked data for destruction.

Next, the malware deletes shadow copies on the compromised machine to prevent the easy restoration of the wiped files. CryWiper also modifies the Windows Registry to prevent RDP connections, likely to hinder intervention and incident response from remote IT specialists. Finally, the wiper will corrupt all enumerated files except for ".exe", ".dll", "lnk", ".sys", ".msi", and its own ".CRY", while also skipping System, Windows, and Boot directories to prevent rendering the computer completely unusable. After this step, CryWiper will generate ransom notes named 'README.txt,' asking for 0.5 Bitcoin (approximately $8,000) in exchange for a decrypter. Unfortunately, this is a false promise, as the corrupted data cannot be restored.

"Rust is awesome, for certain things. But think twice before picking it up for a startup that needs to move fast," Matt Welsh, co-founder and chief executive of Fixie.ai and former Google engineering director, writes in a blog post. From the post: I hesitated writing this post, because I don't want to start, or get into, a holy war over programming languages. (Just to get the flame bait out of the way, Visual Basic is the best language ever!) But I've had a number of people ask me about my experience with Rust and whether they should pick up Rust for their projects. So, I'd like to share some of the pros and cons that I see of using Rust in a startup setting, where moving fast and scaling teams is really important. Right up front, I should say that Rust is very good at what it's designed to do, and if your project needs the specific benefits of Rust (a systems language with high performance, super strong typing, no need for garbage collection, etc.) then Rust is a great choice. But I think that Rust is often used in situations where it's not a great fit, and teams pay the price of Rust's complexity and overhead without getting much benefit.

My primary experience from Rust comes from working with it for a little more than 2 years at a previous startup. This project was a cloud-based SaaS product that is, more-or-less, a conventional CRUD app: it is a set of microservices that provide a REST and gRPC API endpoint in front of a database, as well as some other back-end microservices (themselves implemented in a combination of Rust and Python). Rust was used primarily because a couple of the founders of the company were Rust experts. Over time, we grew the team considerably (increasing the engineering headcount by nearly 10x), and the size and complexity of the codebase grew considerably as well. As the team and codebase grew, I felt that, over time, we were paying an increasingly heavy tax for continuing to use Rust. Development was sometimes sluggish, launching new features took longer than I would have expected, and the team was feeling a real productivity hit from that early decision to use Rust. Rewriting the code in another language would have, in the long run, made development much more nimble and sped up delivery time, but finding the time for the major rewrite work would have been exceedingly difficult.

So we were kind of stuck with Rust unless we decided to bite the bullet and rewrite a large amount of the code. Rust is supposed to be the best thing since sliced bread, so why was it not working so well for us? [...] Despite being some of the smartest and most experienced developers I had worked with, many people on the team (myself included) struggled to understand the canonical ways to do certain things in Rust, how to grok the often arcane error messages from the compiler, or how to understand how key libraries worked (more on this below). We started having weekly "learn Rust" sessions for the team to help share knowledge and expertise. This was all a significant drain on the team's productivity and morale as everyone felt the slow rate of development. As a comparison point of what it looks like to adopt a new language on a software team, one of my teams at Google was one of the first to switch entirely from C++ to Go, and it took no more than about two weeks before the entire 15-odd-person team was quite comfortably coding in Go for the first time.

hondo77 writes: Two years ago, Disney Research Studios developed AI-powered tools that could generate face swap videos with enough quality and resolution to be used for professional filmmaking (instead of as questionably low-res GIFs shared around the internet). This year, the researchers are demonstrating a new tool that leverages AI tricks to make actors look older or younger, minus the weeks of work usually needed to perfect those kinds of shots.

Using neural networks and machine learning to age or de-age a person has already been tried, and while the results are convincing enough when applied to still images, they hadn't produce photorealistic results on moving video, with temporal artifacts that appear and disappear from frame to frame, and the person's appearance occasionally becoming unrecognizable as the altered video plays. To make an age-altering AI tool that was ready for the demands of Hollywood and flexible enough to work on moving footage or shots where an actor isn't always looking directly at the camera, Disney's researchers, as detailed in a recently published paper, first created a database of thousands of randomly generated synthetic faces. Existing machine learning aging tools were then used to age and de-age these thousands of non-existent test subjects, and those results were then used to train a new neural network called FRAN (face re-aging network).

Coinsquare, one of Canada's largest cryptocurrency exchanges, may have been breached, but the company claims customer assets are "secure in cold storage and are not at risk." CoinDesk reports: The exchange, which touts itself as "Canada's trusted platform to securely buy, sell and trade Bitcoin, Ethereum, and more," emailed customers Friday to report a "data incident" in which an unauthorized third party accessed a customer database containing personal information. According to the email, the breach exposed "customer names, email addresses, residential addresses, phone numbers, dates of birth, device IDs, public wallet addresses, transaction history, and account balances." Although the email was sent Friday, Coinsquare discovered the breach last week and notified customers via Twitter. "No passwords were exposed. We have no evidence any of this information was viewed by the bad actor," the email stated.

Coinsquare suspended activities on its platform after detecting the vulnerability last week, triggering speculation of possible liquidity issues, given the momentous implosion of multi-billion-dollar crypto exchange, FTX, earlier this month. Full service was restored on Friday, according to a tweet. "We want to reiterate that 100% of client funds are safely held in cold storage and are not used for business activities," the company tweeted.

An anonymous reader shares a report: Fifteen years after the release of the iPhone, it's easy to overlook the role early innovators like Palm played in popularizing the smartphone. By the time HP unceremoniously shut down the company in 2011, Palm had struggled for a few years to carve out a niche for itself among Apple and Google. But ask anyone who had a chance to use a Palm PDA in the late '90s or early 2000s and they'll tell you how fondly they remember the hardware and software that made the company's vision possible. Now, it's easier than ever to see what made Palm OS so special back in its day.

Last week, archivist Jason Scott uploaded a database of Palm OS apps to the Internet Archive. In all, there are about 560 programs to check out, including old favorites like DopeWars and SpaceTrader. Even if you don't have any nostalgia for Palm, it's well worth spending a few minutes with the collection to see how much -- or, in some cases, little -- things have changed since Palm OS was a dominant player in the market. For instance, there's an entire section devoted to shareware and it's interesting to see just how much some developers thought it was appropriate to pay for their software. Want to use the full version of StockCalc? Just send $15 by post to DDT Investments in Plaistow, New Hampshire.

An anonymous reader quotes a report from TechCrunch: When Stable Diffusion, the text-to-image AI developed by startup Stability AI, was open sourced earlier this year, it didn't take long for the internet to wield it for porn-creating purposes. Communities across Reddit and 4chan tapped the AI system to generate realistic and anime-style images of nude characters, mostly women, as well as non-consensual fake nude imagery of celebrities. But while Reddit quickly shut down many of the subreddits dedicated to AI porn, and communities like NewGrounds, which allows some forms of adult art, banned AI-generated artwork altogether, new forums emerged to fill the gap. By far the largest is Unstable Diffusion, whose operators are building a business around AI systems tailored to generate high-quality porn. The server's Patreon -- started to keep the server running as well as fund general development -- is currently raking in over $2,500 a month from several hundred donors.

"In just two months, our team expanded to over 13 people as well as many consultants and volunteer community moderators," Arman Chaudhry, one of the members of the Unstable Diffusion admin team, told TechCrunch in a conversation via Discord. "We see the opportunity to make innovations in usability, user experience and expressive power to create tools that professional artists and businesses can benefit from." Unsurprisingly, some AI ethicists are as worried as Chaudhry is optimistic. While the use of AI to create porn isn't new [...] Unstable Diffusion's models are capable of generating higher-fidelity examples than most. The generated porn could have negative consequences particularly for marginalized groups, the ethicists say, including the artists and adult actors who make a living creating porn to fulfill customers' fantasies.

Unstable Diffusion got its start in August -- around the same time that the Stable Diffusion model was released. Initially a subreddit, it eventually migrated to Discord, where it now has roughly 50,000 members. [...] Today, the Unstable Diffusion server hosts AI-generated porn in a range of different art styles, sexual preferences and kinks. [...] Users in these channels can invoke the bot to generate art that fits the theme, which they can then submit to a "starboard" if they're especially pleased with the results. Unstable Diffusion claims to have generated over 4,375,000 images to date. On a semiregular basis, the group hosts competitions that challenge members to recreate images using the bot, the results of which are used in turn to improve Unstable Diffusion's models. As it grows, Unstable Diffusion aspires to be an "ethical" community for AI-generated porn -- i.e. one that prohibits content like child pornography, deepfakes and excessive gore. Users of the Discord server must abide by the terms of service and submit to moderation of the images that they generate; Chaudhry claims the server employs a filter to block images containing people in its "named persons" database and has a full-time moderation team. "Chaudhry sees Unstable Diffusion evolving into an organization to support broader AI-powered content generation, sponsoring dev groups and providing tools and resources to help teams build their own systems," reports TechCrunch. "He claims that Equilibrium AI secured a spot in a startup accelerator program from an unnamed 'large cloud compute provider' that comes with a 'five-figure' grant in cloud hardware and compute, which Unstable Diffusion will use to expand its model training infrastructure."

In addition to the grant, Unstable Diffusion will launch a Kickstarter campaign and seek venture funding, Chaudhry says.

"We plan to create our own models and fine-tune and combine them for specialized use cases which we shall spin off into new brands and products," Chaudhry added.

Microsoft has released SQL Server 2022, the latest version of its database software, which originally launched more than 33 years ago. From a report: Microsoft describes this release as the "most Azure-enabled release of SQL Server yet" and with connections to Azure Synapse Link for enabling real-time analytics over the database, Azure Purview for data governance and disaster recovery with the help of Azure SQL Managed Instance, this release is, in many ways, the culmination of the cloud-connection groundwork the team started quite a few years ago. "From the very beginning, the vision [for SQL Server] really was about -- databases were very complex -- how do you make that extremely simple? And in many ways, I think that has been a key reason why it lasted for so long and how we've evolved it as well," Rohan Kumar, Microsoft's corporate VP for Azure Data, told me. "One of the big things that I think about with SQL Server 2022 is that we've made it completely cloud-connected to Azure."

He noted that while the migration of on-prem workloads is happening, Microsoft's customers are all moving at very different speeds and some, for a multitude of reasons, may never move to the cloud at all. That, he argues, is why the company always bet on a hybrid approach, but it is also why a lot of customers started asking about how they could get the value of being in the cloud without actually having to move all of their data to it. "That was really the key thesis of why we invested in making this into a cloud release," Kumar said. A good example here is the new disaster recovery function that allows users to replicate their data in SQL Managed Instance on Azure and use that as a backup for their main on-premises SQL Server, which should make it easy to fail over to that when the main server goes down.

Global banking giants are starting a 12-week digital dollar pilot with the Federal Reserve Bank of New York, the participants announced on Tuesday. From a report: Citigroup, HSBC, Mastercard and Wells Fargo are among the financial companies participating in the experiment alongside the New York Fed's innovation center, they said in a statement. The project, which is called the regulated liability network, will be conducted in a test environment and use simulated data, the New York Fed said. The pilot will test how banks using digital dollar tokens in a common database can help speed up payments.

A new global tracker created by the nonprofit Climate Trace is helping to make clear exactly where major greenhouse gas emissions are originating. According to NPR, the interactive map "uses a combination of satellites, sensors and machine learning to measure the top polluters worldwide." From the report: It observes how much greenhouse gases -- carbon dioxide, methane and nitrous oxide -- are being emitted at specific locations, such as power plants and oil refineries. Former Vice President Al Gore, who is a founding member of the initiative, said it is meant to serve as a more reliable and accurate alternative to companies self-reporting their emissions estimates. "Cheating is impossible with this artificial intelligence method, because they would have to somehow falsify multiple sets of data," he told NPR's Michel Martin on All Things Considered.

The emissions tool employs over 300 satellites; sensors on land, planes and ships; as well as artificial intelligence to build models of emission estimates. Right now, it tracks about 72,000 of the highest emitting greenhouse gas sources. That includes every power plant, large ship and large plane in the entire world, Gore said. And that's just the beginning. By next year, Gore hopes to be tracking millions of major emitting sites. "We will have essentially all of them," he said. Gore said 75% of the world's greenhouse emissions come from countries that have made pledges to become carbon-neutral by 2050. "Now that they know exactly where it's coming from, they have tools that will enable them to reduce their emissions," he told NPR.

He added that the database, which is free and accessible online, can help inform countries about how much pollution is being emitted by the companies they are working with or considering working with. It is not enough for companies to self-report, he said. For instance, Climate Trace found that the oil and gas industry has been significantly underreporting its emissions. That doesn't mean companies were intentionally cheating, Gore added. However, he said underreporting prevents governments and the public from staying on track with their net-zero pledge. Six regional governments in Mexico, Europe and Africa have already entered into working agreements for using the tool, Gore said.

Long-time Slashdot reader destinyland shares this announcement from the EFF's DeepLinks blog:

This weekend, EFF is celebrating the life and work of programmer, activist, and entrepreneur Aaron Swartz by participating in the 2022 Aaron Swartz Day and Hackathon. This year, the event will be held in person at the Internet Archive in San Francisco on Nov. 12 and Nov. 13. It will also be livestreamed; links to the livestream will be posted each morning.

Those interested in attending in-person or remotely can register for the event here.

Aaron Swartz was a digital rights champion who believed deeply in keeping the internet open. His life was cut short in 2013, after federal prosecutors charged him under the Computer Fraud and Abuse Act (CFAA) for systematically downloading academic journal articles from the online database JSTOR. Facing the prospect of a long and unjust sentence, Aaron died by suicide at the age of 26....

Those interested in working on projects in Aaron's honor can also contribute to the annual hackathon, which this year includes several projects: SecureDrop, Bad Apple, the Disability Technology Project (Sat. only), and EFF's own Atlas of Surveillance. In addition to the hackathon in San Francisco, there will also be concurrent hackathons in Ecuador, Argentina, and Brazil. For more information on the hackathon and for a full list of speakers, check out the official page for the 2022 Aaron Swartz Day and Hackathon.
Speakers this year include Chelsea Manning and Cory Doctorow, as well as Internet Archive founder Brewster Kahle, EFF executive director Cindy Cohn, and Creative Commons co-founder Lisa Rein.

Kaspersky is stopping the operation and sales of its VPN product, Kaspersky Secure Connection, in the Russian Federation, with the free version to be suspended as early as November 15, 2022. BleepingComputer reports: As the Moscow-based company informed on its Russian blog earlier this week, the shutdown of the VPN service will be staged, so that impact on customers remains minimal. Purchases of the paid version of Kaspersky Secure Connection will remain available on both the official website and mobile app stores until December 2022. Customers with active subscriptions will continue to enjoy the product's VPN service until the end of the paid period, which cannot go beyond the end of 2023 (one-year subscription).

Russian-based users of the free version of Kaspersky Secure Connection will not be able to continue using the product after November 15, 2022, so they will have to seek alternatives. BleepingComputer emailed Kaspersky questions regarding its decision to stop offering VPN products in Russia, but a spokesperson has declined to provide more information. Russia's telecommunications watchdog, Roskomnadzor, announced VPN bans in June 2021 and then again in December 2021. "The reason for banning 15 VPNs in the country was because their vendors refused to connect their services to the FGIS database, which would apply government-imposed censorship in VPN connections, and would also make user traffic and identity subject to state scrutiny," reports BleepingComputer.

"Ever-increasing controls are strangling VPN usage in Russia. On Tuesday, the Ministry of Digital Transformation requested all state-owned companies to declare what VPN products they use, for what purposes, and in what locations."