Accidental missile attacks on commercial airliners have become the leading cause of aviation fatalities in recent years (Warning: source paywalled; alternative source), driven by rising global conflicts and the proliferation of advanced antiaircraft weaponry. Despite improvements in aviation safety overall, inconsistent risk assessments, political complexities, and rapid military escalations make protecting civilian flights in conflict zones increasingly difficult. The Wall Street Journal reports: The crash Wednesday of an Azerbaijan Airlines jetliner in Kazakhstan, if officially confirmed as a midair attack, would be the third major fatal downing of a passenger jet linked to armed conflict since 2014, according to the Flight Safety Foundation's Aviation Safety Network, a global database of accidents and incidents. The tally would bring to more than 500 the number of deaths from such attacks during that period. Preliminary results of Azerbaijan's investigation into the crash indicate the plane was hit by a Russian antiaircraft missile, or shrapnel from it, said people briefed on the probe.

"It adds to the worrying catalog of shootdowns now," said Andy Blackwell, an aviation risk adviser at security specialist ISARR and former head of security at Virgin Atlantic. "You've got the conventional threats, from terrorists and terrorist groups, but now you've got this accidental risk as well." No other cause of aviation fatalities on commercial airliners comes close to shootdowns over those years, according to ASN data. The deadliness of such attacks is a dramatic shift: In the preceding 10 years, there were no fatal shootdowns of scheduled commercial passenger flights, ASN data show. The trend highlights the difficulty -- if not impossibility -- of protecting civilian aviation in war zones, even for rigorous aviation regulators, because of the politics of war. Early last century similar woes plagued sea travel, when belligerents targeted ocean transport.

Increasing civilian aviation deaths from war also reflect both a growing number of armed conflicts internationally and the increasing prevalence of powerful antiaircraft weaponry. If a missile was indeed the cause of this week's disaster, it would mean that the three deadliest shootdowns of the past decade all involved apparently unintended targetings of passenger planes flying near conflict zones, by forces that had been primed to hit enemy military aircraft. Two of those incidents were linked to Russia: Wednesday's crash of an Embraer E190 with 67 people aboard, of whom 38 died, and the midair destruction in 2014 of a Malaysia Airlines Boeing 777 flying over a battle zone in Ukraine, on which all 298 people aboard died. The other major downing was the mistaken shooting in 2020 by Iranian forces of a Ukraine International Airlines Boeing 737 departing Tehran, killing all 176 people onboard. Iran's missile defense systems had been on alert for a potential U.S. strike at the time.

An anonymous reader quotes a report from Gizmodo: Once an icon of the 20th century seen as obsolete in the 21st, Encyclopedia Britannica -- now known as just Britannica -- is all in on artificial intelligence, and may soon go public at a valuation of nearly $1 billion, according to the New York Times.

Until 2012 when printing ended, the company's books served as the oldest continuously published, English-language encyclopedias in the world, essentially collecting all the world's knowledge in one place before Google or Wikipedia were a thing. That has helped Britannica pivot into the AI age, where models benefit from access to high-quality, vetted information. More general-purpose models like ChatGPT suffer from hallucinations because they have hoovered up the entire internet, including all the junk and misinformation.

While it still offers an online edition of its encyclopedia, as well as the Merriam-Webster dictionary, Britannica's biggest business today is selling online education software to schools and libraries, the software it hopes to supercharge with AI. That could mean using AI to customize learning plans for individual students. The idea is that students will enjoy learning more when software can help them understand the gaps in their understanding of a topic and stay on it longer. Another education tech company, Brainly, recently announced that answers from its chatbot will link to the exact learning materials (i.e. textbooks) they reference.

Britannica's CEO Jorge Cauz also told the Times about the company's Britannica AI chatbot, which allows users to ask questions about its vast database of encyclopedic knowledge that it collected over two centuries from vetted academics and editors. The company similarly offers chatbot software for customer service use cases. Britannica told the Times it is expecting revenue to double from two years ago, to $100 million.

Newsweek supplies some context After his arrest, merch — including T-shirts featuring Mangione's booking photos and others taken from his social media accounts — began popping up for sale on several sites. Websites, including Amazon, eBay and Etsy, have moved to take down products that glorify violence or the suspect. An eBay spokesperson told Newsweek that "items that glorify or incite violence, including those that celebrate the recent murder of UHC CEO Brian Thompson, are prohibited."
Inc. magazine adds: Separately, GoFundMe has shuttered several fundraising campaigns created for Mangione. The fundraising site's terms and conditions are pretty clear on the matter, NBC News reports, with a company spokesperson explaining they prohibit "fundraisers for the legal defense of violent crimes."
But one incident was different, according to a post from the law school of the University of British Columbia: To provide a quick summary, Rachel Kenaston, an artist selling merch on TeePublic received an e-mail from the platform regarding intellectual property claim by UnitedHealth Group Inc and decided to remove Kenaston's design from the merch store. Obviously, it is important to point out that it isn't quite clear who is filing those DMCA claims. While TeePublic, in the email, claimed that they have no say in the matter, [an article from 404 Media] goes on to explain that TeePublic has the right to refuse DMCA claims, but often choose not to in order to avoid headache. The design had nothing to do with UnitedHealthcare-it seems to be a picture of the Mangione in a heart frame. Meaning, whether it was UnitedHealthcare or not, the claim shouldn't hold any weight.

Consensus seems to be mostly leaning towards speculation that it is unlikely to be UnitedHealthcare actually filing those DMCA claims, but rather potential competitors... Regardless of whether or not it really was UnitedHealthcare that filed DMCA claims, I think the important point here is that the merch actually did get taken down. In fact, this would be more problematic if it was from a competitor using DMCA as a form of removing competition, because, then it really has nothing to do with intellectual property. I would assume that this happens quite frequently. Especially for YouTubers, it seems that copyright strikes are more than a mere pesky occurrence, but for many, something that affects livelihood...

The difficult part, as always, is finding the balance between protecting the rights of the copyright holders and ensuring that the mechanisms doesn't get abused.
The artist told Gizmodo she was filing a counterclaim to the copyright notice, adding that instead of a DMCA, "I honestly expected the design to be pulled for condoning violence or something..."

Gizmodo published the image — a watercolored rendition of a hostel surveillance-camera photo released by police — adding "UnitedHealth Group didn't respond to questions emailed on Monday [December 16] about how the company could possibly claim a copyright violation had occurred." And while Gizmodo promised they'd update the post if UnitedHealth responded — there has been no update since...

404 Media adds that the watercolor "is not the only United Healthcare or Luigi Mangione-themed artwork on the internet that has been hit with bogus DMCA takedowns in recent days. Several platforms publish the DMCA takedown requests they get on the Lumen Database, which is a repository of DMCA takedowns." On December 7, someone named Samantha Montoya filed a DMCA takedown with Google that targeted eight websites selling "Deny, Defend, Depose" merch that uses elements of the United Healthcare logo... Medium, one of the targeted websites, has deleted the page that the merch was hosted on...

Over the weekend, a lawyer demanded that independent journalist Marisa Kabas take down an image of Luigi Mangione and his family that she posted to Bluesky, which was originally posted on the campaign website of Maryland assemblymember Nino Mangione. The lawyer, Desiree Moore, said she was "acting on behalf of our client, the Doe Family," and claimed that "the use of this photograph is not authorized by the copyright owner and is not otherwise permitted by law..." In a follow-up email to Kabas, Moore said "the owner of the photograph has not authorized anyone to publish, disseminate, or otherwise use the photograph for any purpose, and the photograph has been removed from various digital platforms as a result," which suggests that other websites have also been threatened with takedown requests. Moore also said that her "client seeks to remain anonymous" and that "the photograph is hardly newsworthy."
404 Media believes the takedown request "shows that the Mangione family or someone associated with it is using the prospect of a copyright lawsuit to threaten journalists for reporting on one of the most important stories of the year..."

UPDATE: Long-time Slashdot reader destinyland notes there's an interesting precedent from 2007: [D]eep within the DMCA law is a counter-provision — 512(f), which states that misrepresenting yourself as a copyright owner has consequences. Any damage caused by harmful misrepresentation must be reimbursed. In 2004 the Electronic Frontier Foundation won a six-figure award from Diebold Election Systems, who had claimed a "copyright" on embarrassing internal memos which were published online.

Monday long-time Slashdot reader denelson83 wrote: The crowdsourced, widely-used map database OpenStreetMap has had a hardware failure at its upstream ISP in Amsterdam and has been put into a protective read-only mode to avoid loss or corruption of data. .
The outage had started Sunday December 15 at 4:00AM (GMT/UTC), but by Tuesday they'd posted a final update: Our new ISP is up and running and we have started migrating our servers across to it. If all goes smoothly we hope to have all services back up and running this evening...

We have dual redundant links via separate physical hardware from our side to our Tier 1 ISP. We unexpectedly discovered their equipment is a single point failure. Their extended outage is an extreme disappointment to us.

We are an extremely small team. The OSMF budget is tiny and we could definitely use more help. Real world experience... Ironically we signed a contract with a new ISP in the last few days. Install is on-going (fibre runs, modules & patching) and we expect to run old and new side-by-side for 6 months. Significantly better resilience (redundant ISP side equipment, VRRP both ways, multiple upstream peers... 2x diverse 10G fibre links).
OpenStreetMap celebrated its 20th anniversary in August, with a TechCrunch profile reminding readers the site gives developers "geographic data and maps so they can rely a little less on the proprietary incumbents in the space," reports TechCrunch, adding "Yes, that mostly means Google."

OpenStreetMap starts with "publicly available and donated aerial imagery and maps, sourced from governments and private organizations such as Microsoft" — then makes them better: Today, OpenStreetMap claims more than 10 million contributors who map out and fine-tune everything from streets and buildings, to rivers, canyons and everything else that constitutes our built and natural environments... Contributors can manually add and edit data through OpenStreetMap's editing tools, and they can even venture out into the wild and map a whole new area by themselves using GPS, which is useful if a new street crops up, for example...

OpenStreetMap's Open Database License allows any third-party to use its data with the appropriate attribution (though this attribution doesn't always happen). This includes big-name corporations such as Apple and VC-backed unicorns like MapBox, through a who's who of tech companies, including Uber and Strava... More recently, the Overture Maps Foundation — an initiative backed by Microsoft, Amazon, Meta and TomTom — has leaned heavily on OpenStreetMap data as part of its own efforts to build a viable alternative to Google's walled mapping garden.
The article notes that OpenStreetMap is now overseen by the U.K.-based nonprofit OpenStreetMap Foundation (supported mainly by donations and memberships), with just one employee — a system engineer — "and a handful of contractors who provide administrative and accounting support."

In August its original founder Steve Coast, returned to the site for a special blog post on its 20th anniversary: OpenStreetMap has grown exponentially or quadratically over the last twenty years depending on the metric you're interested in... The story isn't so much about the data and technology, and it never was. It's the people... OpenStreetMap managed to map the world and give the data away for free for almost no money at all. It managed to sidestep almost all the problems that Wikipedia has by virtue of only representing facts not opinions. The project itself is remarkable. And it's wonderful that so many are in love with it.
"Two decades ago, I knew that a wiki map of the world would work," Coast writes. "It seemed obvious in light of the success of Wikipedia and Linux..."

Nature magazine reports that "A study that stoked enthusiasm for the now-disproven idea that a cheap malaria drug can treat COVID-19 has been retracted — more than four-and-a-half years after it was published." Researchers had critiqued the controversial paper many times, raising concerns about its data quality and an unclear ethics-approval process. Its eventual withdrawal, on the grounds of concerns over ethical approval and doubts about the conduct of the research, marks the 28th retraction for co-author Didier Raoult, a French microbiologist, formerly at Marseille's Hospital-University Institute Mediterranean Infection (IHU), who shot to global prominence in the pandemic. French investigations found that he and the IHU had violated ethics-approval protocols in numerous studies, and Raoult has now retired.

The paper, which has received almost 3,400 citations according to the Web of Science database, is the highest-cited paper on COVID-19 to be retracted, and the second-most-cited retracted paper of any kind....

Because it contributed so much to the HCQ hype, "the most important unintended effect of this study was to partially side-track and slow down the development of anti-COVID-19 drugs at a time when the need for effective treatments was critical", says Ole Søgaard, an infectious-disease physician at Aarhus University Hospital in Denmark, who was not involved with the work or its critiques. "The study was clearly hastily conducted and did not adhere to common scientific and ethical standards...."

Three of the study's co-authors had asked to have their names removed from the paper, saying they had doubts about its methods, the retraction notice said.
Nature includes this quote from a scientific-integrity consultant in San Francisco, California. "This paper should never have been published — or it should have been retracted immediately after its publication."

"The report caught the eye of the celebrity doctor Mehmet Oz," the Atlantic reported in April of 2020 (also noting that co-author Raoult "has made news in recent years as a pan-disciplinary provocateur; he has questioned climate change and Darwinian evolution...")

And Nature points out that while the study claimed good results for the 20 patients treated with HCQ, six more HCQ-treated people in the study actually dropped out before it was finished. And of those six people, one died, while three more "were transferred to an intensive-care unit."

Thanks to Slashdot reader backslashdot for sharing the news.

Harvard University announced Thursday it's releasing a high-quality dataset of nearly one million public-domain books that could be used by anyone to train large language models and other AI tools. From a report: The dataset was created by Harvard's newly formed Institutional Data Initiative with funding from both Microsoft and OpenAI. It contains books scanned as part of the Google Books project that are no longer protected by copyright.

Around five times the size of the notorious Books3 dataset that was used to train AI models like Meta's Llama, the Institutional Data Initiative's database spans genres, decades, and languages, with classics from Shakespeare, Charles Dickens, and Dante included alongside obscure Czech math textbooks and Welsh pocket dictionaries. Greg Leppert, executive director of the Institutional Data Initiative, says the project is an attempt to "level the playing field" by giving the general public, including small players in the AI industry and individual researchers, access to the sort of highly-refined and curated content repositories that normally only established tech giants have the resources to assemble. "It's gone through rigorous review," he says.

Leppert believes the new public domain database could be used in conjunction with other licensed materials to build artificial intelligence models. "I think about it a bit like the way that Linux has become a foundational operating system for so much of the world," he says, noting that companies would still need to use additional training data to differentiate their models from those of their competitors.

An anonymous reader shared this report from Reuters: The rapid increase in satellites and space junk will make low Earth orbit unusable unless companies and countries cooperate and share the data needed to manage that most accessible region of space, experts and industry insiders said. A United Nations panel on space traffic coordination in late October determined that urgent action was necessary and called for a comprehensive shared database of orbital objects as well as an international framework to track and manage them. More than 14,000 satellites including some 3,500 inactive surround the globe in low Earth orbit, showed data from U.S.-based Slingshot Aerospace. Alongside those are about 120 million pieces of debris from launches, collisions and wear-and-tear of which only a few thousand are large enough to track... [T]here is no centralised system that all space-faring nations can leverage and even persuading them to use such a system has many obstacles. Whereas some countries are willing to share data, others fear compromising security, particularly as satellites are often dual-use and include defence purposes. Moreover, enterprises are keen to guard commercial secrets.

In the meantime, the mess multiplies. A Chinese rocket stage exploded in August, adding thousands of fragments of debris to low Earth orbit. In June, a defunct Russian satellite exploded, scattering thousands of shards which forced astronauts on the International Space Station to take shelter for an hour... Projections point to tens of thousands more satellites entering orbit in the coming years. The potential financial risk of collisions is likely to be $556 million over five years, based on a modelled scenario with a 3.13% annual collision probability and $111 million in yearly damages, said Montreal-based NorthStar Earth & Space...

[Aarti Holla-Maini, director of the U.N . Office for Outer Space Affairs], said the October panel aimed to bring together public- and private-sector experts to outline steps needed to start work on coordination. It will present its findings at a committee meeting next year. Global cooperation is essential to developing enforceable rules akin to those used by the International Civil Aviation Organization for air traffic, industry experts told Reuters. Such effort would involve the use of existing tools, such as databases, telescopes, radars and other sensors to track objects while improving coverage, early detection and data precision. Yet geopolitical tension and reluctance to share data with nations deemed unfriendly as well as commercial concerns over protecting proprietary information and competitive advantages remain significant barriers. That leaves operators of orbital equipment relying on informal or semi-formal methods of avoiding collisions, such as drawing on data from the U.S. Space Force or groups like the Space Data Association. However, this can involve issues such as accountability and inconsistent data standards.

"The top challenges are speed — as consensus-building takes time — and trust," Holla-Maini said. "Some countries simply can't communicate with others, but the U.N. can facilitate this process. Speed is our biggest enemy, but there's no alternative. It must be done."
Data from Slingshot Aerospace shows a 17% rise in close approaches per satellite over the past year, according to the article. (It adds that SpaceX data "showed Starlink satellites performed nearly 50,000 collision-avoidance manoeuvres in the first half of 2024, about double the previous six months...)

The European Space Agency, which has fewer spacecraft than SpaceX, said in 2021 its manoeuvres have increased to three or four times per craft versus a historical average of one."

Slashdot reader sciencehabit writes: Most orange cats are boys, a quirk of feline genetics that also explains why almost all calicos and tortoiseshells are girls. Scientists curious about those sex differences—or perhaps just cat lovers—have spent more than 60 years unsuccessfully seeking the gene that causes orange fur and the striking patchwork of colors in calicos and tortoiseshells. Now, two teams have independently found the long-awaited mutation and discovered a protein that influences hair color in a way never seen before in any animal... Using skin samples collected from various cats, the researchers were able to hone in a mutation on the X chromosome that impacts how much of a protein a gene called Arhgap36 produces. Increasing the amount of the Arhgap36 in pigment producing cells called melanocytes activates a molecular pathway that produces a light red pigment.
"Scanning a database of 188 cat genomes, Barsh's team found every single orange, calico, and tortoiseshell cat had the exact same mutation," writes Science magazine. "The group reports the discovery this month on the preprint server bioRxiv. A separate study, also posted to bioRxiv this month, confirms these findings... They also found that skin from calico cats had more Arghap36 RNA in orange regions than in brown or black regions." Arhgap36's inactivation pattern in calicos and tortoiseshells is typical of a gene on the X chromosome, says Carolyn Brown [a University of British Columbia geneticist who was not involved in either study], but it's unusual that a deletion mutation would make a gene more active, not less. "There is probably something special about cats." Experts are thrilled by the two studies. "It's a long-awaited gene," says Leslie Lyons, a feline geneticist at the University of Missouri. The discovery of a new molecular pathway for hair color was unexpected, she says, but she's not surprised how complex the interactions seem to be. "No gene ever stands by itself."

Lyons would like to know where and when the mutation first appeared: There is some evidence, she says, that certain mummified Egyptian cats were orange. Research into cat color has revealed all kinds of phenomena, she says, including how the environment influences gene expression. "Everything you need to know about genetics you can learn from your cat."

A security researcher discovered an unprotected database belonging to SL Data Services containing over 600,000 sensitive files, including criminal histories and background checks with names, addresses, and social media accounts. The Register reports: We don't know how long the personal information was openly accessible. Infosec specialist Jeremiah Fowler says he found the Amazon S3 bucket in October and reported it to the data collection company by phone and email every few days for more than two weeks. [The info service provider eventually closed up the S3 bucket, says Fowler, although he never received any response.] In addition to not being password protected, none of the information was encrypted, he told The Register. In total, the open bucket contained 644,869 PDF files in a 713.1 GB archive.

Some 95 percent of the documents Fowler saw were labeled "background checks," he said. These contained full names, home addresses, phone numbers, email addresses, employment, family members, social media accounts, and criminal record history belonging to thousands of people. In at least one of these documents, the criminal record indicated that the person had been convicted of sexual misconduct. It included case details, fines, dates, and additional charges. While court records and sex offender status are usually public records in the US, this exposed cache could be combined with other data points to make complete profiles of people -- along with their family members and co-workers -- providing everything criminals would need for targeted phishing and/or social engineering attacks.

An anonymous reader quotes a report from TheGamer: With thousands of cards available in Pokemon's "Pokemon Trading Card Game," it can be hard to remember what is what. After all, since first debuting in the mid 1990s to coincide with the games of the same name, the popular collectible has been going strong ever since, with new releases constantly filling store shelves. That said, one avid Pokemon fan took it upon themselves to archive the card game's unique artwork. After hundreds of hours of work, over 23,000 cards have been archived, along with an additional 2,000 pieces of artwork. The end result is one of the best fan creations around.

Meet Twitter user pkm_jp, who devoted hundreds of hours to learning how to program in order to make their dream of a one-stop shop of all available card art a reality. "I remember the joy of getting the first set page working, displaying a small collection of cards," they wrote on Twitter. "I knew it was just the beginning." The site, artofpkm.com, "is dedicated to bringing artists and fans together," the created said on X (formerly Twitter). They note that there is still "lots of artwork still to be added and labeled," among other features such as "custom lists, voting, and a proper blog."

An anonymous reader quotes a report from Nature: Google Scholar -- the largest and most comprehensive scholarly search engine -- turns 20 this week. Over its two decades, some researchers say, the tool has become one of the most important in science. But in recent years, competitors that use artificial intelligence (AI) to improve the search experience have emerged, as have others that allow users to download their data. The impact that Google Scholar -- which is owned by web giant Google in Mountain View, California -- has had on science is remarkable, says Jevin West, a computational social scientist at the University of Washington in Seattle who uses the database daily. But "if there was ever a moment when Google Scholar could be overthrown as the main search engine, it might be now, because of some of these new tools and some of the innovation that's happening in other places," West says.

Many of Google Scholar's advantages -- free access, breadth of information and sophisticated search options -- "are now being shared by other platforms," says Alberto Martin Martin, a bibliometrics researcher at the University of Granada in Spain. AI-powered chatbots such as ChatGPT and other tools that use large language models have become go-to applications for some scientists when it comes to searching, reviewing and summarizing the literature. And some researchers have swapped Google Scholar for them. "Up until recently, Google Scholar was my default search," says Aaron Tay, an academic librarian at Singapore Management University. It's still top of his list, but "recently, I started using other AI tools." Still, given Google Scholar's size and how deeply entrenched it is in the scientific community, "it would take a lot to dethrone," adds West. Anurag Acharya, co-founder of Google Scholar, at Google, says he welcomes all efforts to make scholarly information easier to find, understand and build on. "The more we can all do, the better it is for the advancement of science." Acharya says Google Scholar uses AI to rank articles, suggest further search queries and recommend related articles. What Google Scholar does not yet provide are AI-generated summaries of search query results. According to Acharya, the company has yet to find "an effective solution" for summarizing conclusions from multiple papers in a brief manner that preserves all the important context.

An anonymous reader quotes a report from 404 Media: Flock is one of the largest vendors of automated license plate readers (ALPRs) in the country. The company markets itself as having the goal to fully "eliminate crime" with the use of ALPRs and other connected surveillance cameras, a target experts say is impossible. [...] Flock and automated license plate reader cameras owned by other companies are now in thousands of neighborhoods around the country. Many of these systems talk to each other and plug into other surveillance systems, making it possible to track people all over the country.

"It went from me seeing 10 license plate readers to probably seeing 50 or 60 in a few days of driving around," [said Alabama resident and developer Will Freeman]. "I wanted to make a record of these things. I thought, 'Can I make a database of these license plate readers?'" And so he made a map, and called it DeFlock. DeFlock runs on Open Street Map, an open source, editable mapping software. He began posting signs for DeFlock (PDF) to the posts holding up Huntsville's ALPR cameras, and made a post about the project to the Huntsville subreddit, which got good attention from people who lived there. People have been plotting not just Flock ALPRs, but all sorts of ALPRs, all over the world. [...]

When I first talked to Freeman, DeFlock had a few dozen cameras mapped in Huntsville and a handful mapped in Southern California and in the Seattle suburbs. A week later, as I write this, DeFlock has crowdsourced the locations of thousands of cameras in dozens of cities across the United States and the world. He said so far more than 1,700 cameras have been reported in the United States and more than 5,600 have been reported around the world. He has also begun scraping parts of Flock's website to give people a better idea of where to look to map them. For example, Flock says that Colton, California, a city with just over 50,000 people outside of San Bernardino, has 677 cameras.

People who submit cameras to DeFlock have the ability to note the direction that they are pointing in, which can help people understand how these cameras are being positioned and the strategies that companies and police departments are using when deploying them. For example, all of the cameras in downtown Huntsville are pointing away from the downtown core, meaning they are primarily focused on detecting cars that are entering downtown Huntsville from other areas.

Friday "would have been his 38th birthday," writes the EFF, remembering Aaron Swartz as "a digital rights champion who believed deeply in keeping the internet open..." And they add that today the official web site for Aaron Swartz Day honored his memory with a special podcast "featuring those carrying on the work around issues close to his heart," including an appearance by Brewster Kahle, founder of the Internet Archive.

The first speaker is Ryan Shapiro, FOIA expert and co-founder of the national security transparency non-profit Property of the People. The Aaron Swartz Day site calls him "the researcher who discovered why the FBI had such an interest in Aaron in the years right before the JSTOR fiasco." (That web page calls it an "Al Qaeda phishing expedition that left Aaron with an 'International Terrorism Investigation' code in his FBI database file forever," as reported by Gizmodo.)

Other speakers on the podcast include:

• Nathan Dyer of SecureDrop, Newsroom Support Engineer for the Freedom of the Press Foundation with an update on SecureDrop

• Tracey Jaquith, Founding Coder and TV Architect at the Internet Archive, discussing "Microservices, Monoliths, and Operational Security — The Internet Archive in 2024."

• Tracy Rosenberg, co-founder of the Aaron Swartz Day Police Surveillance Project and Oakland Privacy, with "an update on the latest crop of surveillance battles."

• Ryan Sternlicht, VR developer, educator, researcher, advisor, and maker, on "The Next Layer of Reality: Social Identity and the New Creator Economy."

• Grant Smith Ellis, Chairperson of the Board, MassCann and Legal Intern at the Parabola Center, on "Jury Trials in the Age of Social Media."

• Michael "Mek" Karpeles, Open Library, Internet Archive, on "When it Rains at the Archive, Build an Ark — Book bans, Lawsuits, & Breaches."

The site also seeks to showcase SecureDrop and Open Library, projects started by Aaron before his death, as well as new projects "directly inspired by Aaron and his work."

spatwei writes: Google has used a large language model (LLM) agent called "Big Sleep" to discover a previously unknown, exploitable memory flaw in a widely used software for the first time, the company announced Friday.

The stack buffer underflow vulnerability in a development version of the popular open-source database engine SQLite was found through variant analysis by Big Sleep, which is a collaboration between Google Project Zero and Google DeepMind.

Big Sleep is an evolution of Project Zero's Naptime project, which is a framework announced in June that enables LLMs to autonomously perform basic vulnerability research. The framework provides LLMs with tools to test software for potential flaws in a human-like workflow, including a code browser, debugger, reporter tool and sandbox environment for running Python scripts and recording outputs.

The researchers provided the Gemini 1.5 Pro-driven AI agent with the starting point of a previous SQLIte vulnerability, providing context for Big Sleep to search for potential similar vulnerabilities in newer versions of the software. The agent was presented with recent commit messages and diff changes and asked to review the SQLite repository for unresolved issues.

Google's Big Sleep ultimately identified a flaw involving the function "seriesBestIndex" mishandling the use of the special sentinel value -1 in the iColumn field. Since this field would typically be non-negative, all code that interacts with this field must be designed to handle this unique case properly, which seriesBestIndex fails to do, leading to a stack buffer underflow.

A commercial military simulation software, originally inspired by Tom Clancy novels, has become an unexpected tool for military training across NATO forces and defense analysts worldwide. Command: Professional Edition, developed by Britain's Slitherine Software, has secured contracts with the U.S. Air Force and British Strategic Command, while Taiwanese analysts use it to war-game potential conflicts with China.

The software's success stems from its vast database of military equipment and capabilities, compiled through contributions from its million-strong user base. Marine Corps University's wargaming director Tim Barrick employs the software to train officers, noting its effectiveness in developing tactical creativity. "These are not simple problems," said Barrick, a retired Marine colonel, told WSJ.

A fascinating excerpt from the report: Command's British publisher, Slitherine Software, stumbled into popularity. The family business got started around 2000 selling retail CD-ROM games like Legion, involving ancient Roman military campaigns. When Defense Department officials in 2016 first contacted Slitherine, which is based in an old house in a leafy London suburb, its father-and-son managers were so stunned they thought the call might be a prank. "Are you taking the piss?" J.D. McNeil, the father, recalled asking near the end of the conversation.

A civil liberties group has filed a lawsuit in Virginia arguing that the widespread use of Flock's automated license plate readers violates the Fourth Amendment's protections against warrantless searches. 404 Media reports: "The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, photographed, and stored in an AI-assisted database that enables the warrantless surveillance of their every move. This civil rights lawsuit seeks to end this dragnet surveillance program," the lawsuit notes (PDF). "In Norfolk, no one can escape the government's 172 unblinking eyes," it continues, referring to the 172 Flock cameras currently operational in Norfolk. The Fourth Amendment protects against unreasonable searches and seizures and has been ruled in many cases to protect against warrantless government surveillance, and the lawsuit specifically says Norfolk's installation violates that. [...]

The lawsuit in Norfolk is being filed by the Institute for Justice, a civil liberties organization that has filed a series of privacy and government overreach lawsuits over the last few years. Two Virginia residents, Lee Schmidt and Crystal Arrington, are listed as plaintiffs in the case. Schmidt is a Navy veteran who alleges in the lawsuit that the cops can easily infer where he is going based on Flock data. "Just outside his neighborhood, there are four Flock Cameras. Lee drives by these cameras (and others he sees around town) nearly every day, and the Norfolk Police Department [NPD] can use the information they record to build a picture of his daily habits and routines," the lawsuit reads. "If the Flock Cameras record Lee going straight through the intersection outside his neighborhood, for example, the NPD can infer that he is going to his daughter's school. If the cameras capture him turning right, the NPD can infer that he is going to the shooting range. If the cameras capture him turning left, the NPD can infer that he is going to the grocery store. The Flock Cameras capture the start of nearly every trip Lee makes in his car, so he effectively cannot leave his neighborhood without the NPD knowing about it." Arrington is a healthcare worker who makes home visits to clients in Norfolk. The lawsuit alleges that it would be trivial for the government to identify her clients. "Fourth Amendment case law overwhelmingly shows that license plate readers do not constitute a warrantless search because they take photos of cars in public and cannot continuously track the movements of any individual," a Flock spokesperson said. "Appellate and federal district courts in at least fourteen states have upheld the use of evidence from license plate readers as Constitutional without requiring a warrant, as well as the 9th and 11th circuits. Since the Bell case, four judges in Virginia have ruled the opposite way -- that ALPR evidence is admissible in court without a warrant."

A post shared Saturday on social media acknowledges those admins and developers at the Internet Archive working "literally round the clock... They have taken no days off this past week. They are taking none this weekend... they are working with all of their energy and considerable talent."

It describes people "working so incredibly hard... putting their all in," with a top priority of "getting the site back secure and safe".

But there's new and continuing problems, reports The Verge's weekend editor: Early this morning, I received an email from "The Internet Archive Team," replying to a message I'd sent on October 9th. Except its author doesn't seem to have been the digital archivists' support team — it was apparently written by the hackers who breached the site earlier this month and who evidently maintain some level of access to its systems.

I'm not alone. Users on the Internet Archive subreddit are reporting getting the replies, as well. Here is the message I received:

It's dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.

As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018.

Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine — your data is now in the hands of some random guy. If not me, it'd be someone else.
The site BleepingComputer believes they know the larger context, starting with the fact that they've also "received numerous messages from people who received replies to their old Internet Archive removal requests... The email headers in these emails also pass all DKIM, DMARC, and SPF authentication checks, proving they were sent by an authorized Zendesk server."

BleepingComputer also writes that they'd "repeatedly tried to warn the Internet Archive that their source code was stolen through a GitLab authentication token that was exposed online for almost two years."

And that "the threat actor behind the actual data breach, who contacted BleepingComputer through an intermediary to claim credit for the attack," has been frustrated by misreporting. (Specifically, they insist there were two separate attacks last week — a DDoS attack and a separate data breach for a 6.4-gigabyte database which includes email addresses for the site's 33 million users.) The threat actor told BleepingComputer that the initial breach of Internet Archive started with them finding an exposed GitLab configuration file on one of the organization's development servers, services-hls.dev.archive.org. BleepingComputer was able to confirm that this token has been exposed since at least December 2022, with it rotating multiple times since then. The threat actor says this GitLab configuration file contained an authentication token allowing them to download the Internet Archive source code. The hacker say that this source code contained additional credentials and authentication tokens, including the credentials to Internet Archive's database management system. This allowed the threat actor to download the organization's user database, further source code, and modify the site.

The threat actor claimed to have stolen 7TB of data from the Internet Archive but would not share any samples as proof. However, now we know that the stolen data also included the API access tokens for Internet Archive's Zendesk support system. BleepingComputer attempted contact the Internet Archive numerous times, as recently as on Friday, offering to share what we knew about how the breach occurred and why it was done, but we never received a response.
"The Internet Archive was not breached for political or monetary reasons," they conclude, "but simply because the threat actor could...

"While no one has publicly claimed this breach, BleepingComputer was told it was done while the threat actor was in a group chat with others, with many receiving some of the stolen data. This database is now likely being traded amongst other people in the data breach community, and we will likely see it leaked for free in the future on hacking forums like Breached."

A new study counters the widely held belief that standing desks are good for your health, discovering that it does not reduce the risk of diseases such as stroke and heart failure. In fact, it "found that being on your feet for more than two hours a day may increase the risk of developing problems such as deep vein thrombosis and varicose veins," reports The Guardian. The findings have been published in the International Journal of Epidemiology. From the report: To establish if standing provided any health benefits, the researchers studied data from 83,013 adults who are part of the UK Biobank health records database. These people did not have heart disease at the start of the study and wore devices on their wrists to track movement. The team found that for every extra 30 minutes spent standing beyond two hours, the risk of circulatory disease increased by 11%. Standing was not found to reduce the risk of heart conditions such as stroke, heart failure and coronary heart disease, the researchers said. "The key takeaway is that standing for too long will not offset an otherwise sedentary lifestyle and could be risky for some people in terms of circulatory health," said Dr Matthew Ahmadi, of the University of Sydney's faculty of medicine and health. "We found that standing more does not improve cardiovascular health over the long-term and increases the risk of circulatory issues."

Longtime Slashdot reader mprindle shares a report from BleepingComputer: Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. [...] This statement comes after a well-known threat actor named "IntelBroker" said that he and two others called "EnergyWeaponUser and "zjj" breached Cisco on October 6, 2024, and stole a large amount of developer data from the company.

"Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!," reads the post to a hacking forum. IntelBroker also shared samples of the alleged stolen data, including a database, customer information, various customer documentation, and screenshots of customer management portals. However, the threat actor did not provide further details about how the data was obtained.

Though native Linux game servers have been scarce over the last two decades, "I've seen people using the Box64 emulator to play x86_64 games on ARM devices," writes Slashdot reader VennStone. "It got me thinking: why not apply this to game servers...?

"I thought it would be fun to see if I could build a super low-power Trackmania 2 server using a Raspberry Pi Zero 2 W."

They dubbed the experiment "Trackberry", and shared all the technical details in a blog post at Interfacing Linux (includinga video). For example, they installed PyEnv so it could create a virtual environment for the PyPlanet server controller. ("That's right, your little Pi Zero 2 W is about to compile some software, slowly....")

But ultimately "it turns out that the A53 can run not only the server but also the server controller, with minimal effort. Five players push one core to around 50% load, while the others handle the database and controller." WHY STOP THERE? There are a gang of x86 Linux servers that could potentially run with Box64. Imagine playing Pirraria, 7 Days to Pi, Counter-Pi 2, Pitorio, and countless others! Granted, you may need a more powerful device than a Raspberry Pi Zero 2 W. I'll leave that research up to you.

My main takeaway from this experiment? Box64 is straight-up Scandinavian witchcraft and is not to be trifled with. Not even a little bit.

That said, it introduces a compelling option for those of us looking to run dedicated game servers that don't require much in the way of system resources. Under load, TrackBerry averages 2.8 watts and, according to the scientific number digits below, ends up running just under $3.00 a year or $0.25 a month. I find the concept of having a stack of microSD cards, each holding a different game server, neat....

You can see TrackBerry in action every Tuesday and Friday on Twitch...