"The world's largest renewable energy and transmission project has received key approval from government officials," reports New Atlas.

Solar power from Australia will be carried 2,672 miles (4,300 kilometers) to Singapore over undersea cables in what's being called "the Australia-Asia Power Link project." Reuters reports that SunCable "aims to produce 6 gigawatts of electricity at a vast solar farm in Northern Australia and ship about a third of that to Singapore via undersea cable."

More from New Atlas: [The project] will start by constructing a mammoth solar farm in Australia's Northern Territory to transmit around-the-clock clean power to [the Australian city] Darwin, and also export "reliable, cost-competitive renewable energy" to Singapore... with a clean energy generation capacity of up to 10 gigawatts, plus utility scale onsite storage. [The recently-obtained environmental approval] also green lights an 800-km (~500-mile) overhead transmission line between the solar precinct and Murrumujuk near Darwin...

If all of the dominoes line up perfectly, supply of the first clean electricity is estimated to start in the early 2030s. An overview graphic on the project page shows that the eventual end game for the Powell Creek development appears to be the generation of up to 20 GW of peak solar power and have some 36-42 GWh of battery storage on site.
Thanks to long-time Slashdot reader AmiMoJo for sharing the news.

SC World reports: Several major end-to-end encrypted cloud storage services contain cryptographic flaws that could lead to loss of confidentiality, file tampering, file injection and more, researchers from ETH Zurich said in a paper published this month.

The five cloud services studied offer end-to-end encryption (E2EE), intended to ensure files can not be read or edited by anyone other than the uploader, meaning not even the cloud storage provider can access the files. However, ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong, who presented their findings at the ACM Conference on Computer and Communications Security (CCS) last week, found serious flaws in four out of the five services that could effectively bypass the security benefits provided by E2EE by enabling an attacker who managed to compromise a cloud server to access, tamper with or inject files.

The E2EE cloud storage services studied were Sync, pCloud, Seafile, Icedrive and Tresorit, which have a collective total of about 22 million users. Tresorit had the fewest vulnerabilities, which could enable some metadata tampering and use of non-authentic keys when sharing files. The other four services were found to have more severe flaws posing a greater risk to file confidentiality and integrity.
BleepingComputer reports that Sync is "fast-tracking fixes," while Seafile "promised to patch the protocol downgrade problem on a future upgrade." And SC World does note that all 10 of the tested exploits "would require the attacker to have already gained control of a server with the ability to read, modify and inject data.

"The authors wrote that they consider this to be a realistic threat model for E2EE services, as these services are meant to protect files even if such a compromise was to occur."

Thanks to Slashdot reader spatwei for sharing the article.

"After safely splashing down on Earth as part of NASA's SpaceX Crew-8 mission Friday, a NASA astronaut experienced a medical issue," NASA reported Friday.

But today there's an update: After an overnight stay at Ascension Sacred Heart Pensacola in Florida, the NASA astronaut was released and returned to NASA's Johnson Space Center in Houston Saturday. The crew member is in good health and will resume normal post-flight reconditioning with other crew members.

As part of NASA's SpaceX Crew-8 mission [SpaceX's eighth crew-rotation mission to the ISS], the astronaut was one of four crewmates who safely splashed down aboard their SpaceX Dragon spacecraft near Pensacola on October 25. The crew members completed a 235-day mission, 232 days of which were spent aboard the International Space Station conducting scientific research.

To protect the crew member's medical privacy, specific details on the individual's condition and identity will not be shared.

Slashdot reader samleecole writes: Privacy advocates gained access to a powerful tool bought by U.S. law enforcement agencies that can track smartphone locations around the world. Abortion clinics, places of worship, and individual people can all be monitored without a warrant.

An investigation into tracking tool Locate X shows in the starkest terms yet how it and others — based on smartphone location data sold to various U.S. government law enforcement agencies, including state entities — could be used to monitor abortion clinic patients. This comes as more states contemplate stricter or outright bans on abortion...

PV Magazine reports: Researchers in Australia and China have developed an innovative technology enabling direct lithium extraction from difficult-to-process sources like saltwater, which they say represents a substantial portion of the world's lithium potential.

Until now, up to 75% of the world's lithium-rich saltwater sources have remained untapped because of technical limitations, but given predictions that global lithium supply could fall short of demand as early as 2025, the researchers believe they have a game-changing solution. Their technology is a type of nanofiltration system that uses ethylenediaminetetraacetic acid, or EDTA, as a chelating agent to selectively separate lithium from other minerals, especially magnesium, which is often present in brines and difficult to remove.
"With some predicting global lithium supply could fall short of demand as early as 2025, the innovative technology sets a new standard in lithium processing," writes SciTechDaily: The work, co-led by Dr Zhikao Li, from the Monash Suzhou Research Institute and the Department of Chemical and Biological Engineering, and Professor Xiwang Zhang from the University of Queensland, promises to meet the surging demand for lithium and paves the way for more sustainable and efficient extraction practices... "Our technology achieves 90 percent lithium recovery, nearly double the performance of traditional methods, while dramatically reducing the time required for extraction from years to mere weeks," Dr. Li said.

The technology also turns leftover magnesium into a valuable, high-quality product that can be sold, reducing waste and its impact on the environment. Beyond its advanced efficiency, the EALNF system brings innovation to address major environmental concerns associated with lithium extraction. Unlike conventional methods that deplete vital water resources in arid regions, the technology produces freshwater as a by-product.

Dr Li said the system was flexible and ready for large-scale use, meaning it can quickly expand from testing to full industrial operations. "This breakthrough is crucial for avoiding a future lithium shortage, making it possible to access lithium from hard-to-reach sources and helping power the shift to clean energy."
"Our scalable process minimizes environmental impact while maximizing resource utilization," according to the researchers' article in Nature Sustainability, "thereby catalysing the shift toward a more sustainable future."

Thanks to long-time Slashdot reader schwit1 for sharing the news.

In 2004 Alaa Abd El Fattah answered questions from Slashdot's readers about organizing the first-ever Linux installfest in Egypt.

In 2014 he was arrested for organizing poltical protests without requesting authorization, according to Wikipedia, and then released on bail — but then sentenced to five years in prison upon retrial. He was released in late March of 2019, but then re-arrested again in September by the National Security Agency, convicted of "spreading fake news" and jailed for five years...

Wikipedia describes Abd El-Fattah as an "Egyptian-British blogger, software developer and a political activist" who has been "active in developing Arabic-language versions of software and platforms." But this week an EFF blog post noticed that his released date had recently passed — and yet he was still in prison: It's been 28 days since September 29, the day that should have seen British-Egyptian blogger, coder, and activist Alaa Abd El Fattah walk free. Egyptian authorities refused to release him at the end of his sentence, in contradiction of the country's own Criminal Procedure Code, which requires that time served in pretrial detention count toward a prison sentence. [Human Rights Watch says Egyptian authorities are refusing to count more than two years of pretrial detention toward his time served. Amnesty International has also called for his release.] In the days since, Alaa's family has been able to secure meetings with high-level British officials, including Foreign Secretary David Lammy, but as of yet, the Egyptian government still has not released Alaa...

Alaa deserves to finally return to his family, now in the UK, and to be reunited with his son, Khaled, who is now a teenager. We urge EFF supporters in the UK to write to their MP to place pressure on the UK's Labour government to use their power to push for Alaa's release.
Last month the EFF wrote:: Over 20 years ago Alaa began using his technical skills to connect coders and technologists in the Middle East to build online communities where people could share opinions and speak freely and privately. The role he played in using technology to amplify the messages of his fellow Egyptians — as well as his own participation in the uprising in Tahrir Square — made him a prominent global voice during the Arab Spring, and a target for the country's successive repressive regimes, which have used antiterrorism laws to silence critics by throwing them in jail and depriving them of due process and other basic human rights.

Alaa is a symbol for the principle of free speech in a region of the world where speaking out for justice and human rights is dangerous and using the power of technology to build community is criminalized...

It was originally created back in 2005 by Sun Microsystems for its proprietary Solaris Unix systems, "for troubleshooting kernel and application problems on production systems in real time," explains Wikipedia. "DTrace can be used to get a global overview of a running system, such as the amount of memory, CPU time, filesystem and network resources used by the active processes," explains its Wikipedia entry.

But this week, Gentoo announced: The real, mythical DTrace comes to Gentoo! Need to dynamically trace your kernel or userspace programs, with rainbows, ponies, and unicorns — and all entirely safely and in production?! Gentoo is now ready for that!

Just emerge dev-debug/dtrace and you're all set. All required kernel options are already enabled in the newest stable Gentoo distribution kernel...

Documentation? Sure, there's lots of it. You can start with our DTrace wiki page, the DTrace for Linux page on GitHub, or the original documentation for Illumos. Enjoy!
Thanks to Heraklit (Slashdot reader #29,346) for sharing the news.

Bitwarden describes itself as an "open source password manager for business." But it also made a change to its build requirement which led to an issue on the project's GitHub page titled "Desktop version 2024.10.0 is no longer free software."

In the week that followed Bitwarden's official account on X.com promised a fix was coming. "It seems a packaging bug was misunderstood as something more, and the team plans to resolve it. Bitwarden remains committed to the open source licensing model in place for years, along with retaining a fully featured free version for individual users." And Thursday Bitwarden followed through with new changes to address the concerns.

The Register reports the whole episode started because of a new build requirement added in a pull request a couple of weeks ago titled "Introduce SDK client." This SDK is required to compile the software from source — either the Bitwarden server or any of its client applications... [But the changed license had warned "You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK."]
Phoronix picks up the story: The issue of this effectively not making the Bitwarden client free software was raised in this GitHub issue... Bitwarden founder and CTO Kyle Spearrin has commented on the ticket... "Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug." The ticket was subsequently locked and limited to collaborators.
And Thursday it was Bitwarden founder and CTO Kyle Spearrin who again re-appeared in the Issue — first thanking the user who had highlighted the concerns. "We have made some adjustments to how the SDK code is organized and packaged to allow you to build and run the app with only GPL/OSI licenses included." The sdk-internal package references in the clients now come from a new sdk-internal repository, which follows the licensing model we have historically used for all of our clients (see LICENSE_FAQ.md for more info). The sdk-internal reference only uses GPL licenses at this time. If the reference were to include Bitwarden License code in the future, we will provide a way to produce multiple build variants of the client, similar to what we do with web vault client builds.

The original sdk repository will be renamed to sdk-secrets, and retains its existing Bitwarden SDK License structure for our Secrets Manager business products. The sdk-secrets repository and packages will no longer be referenced from the client apps, since that code is not used there.

An anonymous reader quotes a report from Reuters: Delta Air Lines on Friday sued cybersecurity firm CrowdStrike in a Georgia state court after a global outage in July caused mass flight cancellations, disrupted travel plans of 1.3 million customers and cost the carrier more than $500 million. Delta's lawsuit filed in Fulton County Superior Court called the faulty software update from CrowdStrike "catastrophic" and said the firm "forced untested and faulty updates to its customers, causing more than 8.5 million Microsoft Windows-based computers around the world to crash." [...]

Delta, which has purchased CrowdStrike products since 2022, said the outage forced it to cancel 7,000 flights, impacting 1.3 million passengers over five days. "If CrowdStrike had tested the faulty update on even one computer before deployment, the computer would have crashed," Delta's lawsuit says. "Because the faulty update could not be removed remotely, CrowdStrike crippled Delta's business and created immense delays for Delta customers." Delta said that as part of its IT-planning and infrastructure, it has invested billions of dollars "in licensing and building some of the best technology solutions in the airline industry."

Longtime Slashdot reader MattSparkes writes: NASA is working on plans to send another, much larger helicopter to Mars than Ingenuity. The "Chopper" craft would land itself after "screaming into" the planet's atmosphere at speed, before covering several kilometers a day while carrying scientific equipment. It would probably be the most graceful arrival on the red planet of any lander yet.

According to the Wall Street Journal, Boeing is weighing the sale of its space division. "The plans, which are reportedly at an early stage, could involve Boeing offloading the Starliner spacecraft and its projects supporting the International Space Station," reports The Verge. From the report: Boeing is facing a series of predicaments, including a fraud charge over 737 Max plane crashes and Starliner issues that left two astronauts at the ISS for months. Just this week, a Boeing-made satellite for Intelsat stopped working and fell apart suddenly after suffering an "anomaly."

"We're better off doing less and doing it better than doing more and not doing it well," Boeing CEO Kelly Ortberg said during an earnings call this week. "Clearly, our core of commercial airplanes and defense systems are going to stay with the Boeing Company for the long run. But there's probably some things on the fringe there that we can be more efficient with or that distract us from our main goal here."

However, sources tell the WSJ that Boeing will likely continue to oversee the Space Launch System, which will eventually help bring NASA astronauts back to the Moon. It's also reportedly expected to hang onto its commercial and military satellite businesses.

An anonymous reader quotes a report from TechCrunch: Ahead of the debut of Apple's private AI cloud next week, dubbed Private Cloud Compute, the technology giant says it will pay security researchers up to $1 million to find vulnerabilities that can compromise the security of its private AI cloud. In a post on Apple's security blog, the company said it would pay up to the maximum $1 million bounty to anyone who reports exploits capable of remotely running malicious code on its Private Cloud Compute servers. Apple said it would also award researchers up to $250,000 for privately reporting exploits capable of extracting users' sensitive information or the prompts that customers submit to the company's private cloud.

Apple said it would "consider any security issue that has a significant impact" outside of a published category, including up to $150,000 for exploits capable of accessing sensitive user information from a privileged network position. "We award maximum amounts for vulnerabilities that compromise user data and inference request data outside the [private cloud compute] trust boundary," Apple said. You can learn more about Apple's Private Cloud Computer service in their blog post. Its source code and documentation is available here.

Longtime Slashdot reader Baron_Yam writes: Memristors are the long-sought 4th fundamental circuit element. They promise analog computing capability in hardware, the ability to hold state without power, and to work with less power. A small cluster of them can replace a transistor using less space. Working and long term storage can blend together and neural networks can be implemented in hardware -- they are a game-changing innovation. Now, researchers are getting closer to putting these into production as they can now produce graphene-based memristors at wafer scale. "One of the key challenges in memristor development is device degradation, which graphene can help prevent," reports Phys.Org. "By blocking chemical pathways that degrade traditional electrodes, graphene could significantly extend the lifetime and reliability of these devices. Its remarkable transparency, transmitting 98% of light, also opens doors to advanced computing applications, particularly in AI and optoelectronics."

The findings have been published in the journal ACS Advanced Electronic Materials.

Apple was handed a victory today by a jury in Delware, which ruled that two of Masimo's smartwatches and chargers "willfully violated Apple's patent rights in smartwatch designs," according to Reuters. The reward? $250 in damages. 9to5Mac reports: Apple previously accused Masimo of using litigation to boost the launch of its own smartwatch product. In October 2022, Apple filed two patent infringement lawsuits against Masimo. The first lawsuit accused Masimo of copying the Apple Watch design. The second said that Masimo's technical features infringed on Apple patents covering technology used in the Apple Watch.

Reuters reports: "Apple convinced a federal jury on Friday that health monitoring tech company Masimo's smartwatches infringe two of its design patents. The jury, in Delaware, agreed with Apple that Masimo's W1 and Freedom watches and chargers willfully violated Apple's patent rights in smartwatch designs, awarding the tech giant $250 in damages. Apple's attorneys told the court the 'ultimate purpose' of its lawsuit was to win an injunction against sales of Masimo's smartwatches after an infringement ruling." The jury, however, also determined that Masimo's smartwatches "did not infringe on Apple patents covering smartwatch inventions that the tech giant had accused Masimo of copying." The two companies continue to battle it out over patent infringements regarding the Apple Watch's blood oxygen sensor.

Former Nvidia engineer Luke Durant, working with the Great Internet Mersenne Prime Search (GIMPS), recently discovered the largest known prime number: (2^136,279,841)-1 or M136279841 (where the number following the letter M represents the exponent). The achievement was detailed on Mersenne.org. Tom's Hardware reports: This is the largest prime number we've seen so far, with the last one, M82589933, being discovered six years prior. What makes this discovery particularly fascinating is that this is the first GIMPS discovery that used the power of data center GPUs. Mihai Preda was the first one to harness GPU muscle in 2017, says the GIMPS website, when he "wrote the GpuOwl program to test Mersenne numbers for primarilty, making his software available to all GIMPS users." When Luke joined GIMPS in 2023, they built the infrastructure needed to deploy Preda's software across several GPU servers available in the cloud.

While it took a year of testing, Luke's efforts finally bore fruit when an A100 GPU in Dublin, Ireland gave the M136279841 result last October 11. This was then corroborated by an Nvidia H100 located in San Antonio, Texas, which confirmed its primality with the Lucas-Lehmer test.

An anonymous reader quotes a report from InfoWorld: Select developers now are getting free access to JetBrains' WebStorm and Rider IDEs. The company on October 24 announced it has launched non-commercial licenses for its WebStorm JavaScript and TypeScript IDE and the Rider cross-platform .NET and game development IDE. As of now, developers using these IDEs for non-commercial purposes, such as open source project development or content creation, can use them for free. JetBrains views the move as expanding the availability of these IDEs to a broader swath of developer roles. More than two-thirds of developers code outside of work as a hobby and nearly 40% code for educational and learning purposes outside of work, the company said."Previously this year, JetBrains released other products under the same terms for non-commercial use, including RustRover, an IDE for Rust development, and Aqua, an IDE designed for test automation," notes InfoWorld. "JetBrains also provides community editions of IntelliJ and PyCharm, IDEs for Java and Python, respectively, which can be used to build proprietary and commercial software."

JetBrains has an FAQ section with additional details about the change.

The Browser Company is developing a new, much simpler browser distinct from Arc, which has proven too complex for mainstream adoption despite a strong following among power users. The Verge's David Pierce reports: Arc is not dying, [says CEO Josh Miller]. He says that over and over, in fact, even after I tell him the YouTube video the company just released sounds like the thing companies say right before they kill a product. It's just that Arc won't change much anymore. It'll get stability updates and bug fixes, and there's a team at The Browser Company dedicated to those. "In that sense," Miller says, "it feels like a complete-ish product." Most of the team's energy and time will now be dedicated to starting from scratch. "Arc was basically this front-end, tab management innovation," Miller says. "People loved it. It grew like a weed. Then it started getting slow and started crashing a lot, and we felt bad, and we had to learn how to make it fast. And we kind of lost sight, in some ways, of the fact that we've got to do the operating system part."

The plan this time is to build not just a different interface for a browser, but a different kind of browser entirely -- one that is much more proactive, more powerful, more AI-centric, more in line with that original vision. Call it the iPhone of web browsers, or the "internet computer," or whatever other metaphor you like. The idea is to turn the browser into an app platform. Miller still wants to do it, and he wants to do it for everyone. What does that look like? Miller is a bit vague on the details. The new browser, which Miller intimates could launch as soon as the beginning of next year, is designed to come with no switching costs, which means among other things that it will have horizontal tabs and fewer ideas about organization. The idea is to "make the first 90 seconds effortless" in order to get more people to switch. And then, slowly, to reveal what this new browser can do.

The Librarian of Congress has granted a DMCA exemption allowing independent repair of soft-serve machines, addressing the persistent issue of restricted repairs on McDonald's frequently malfunctioning machines. ExtremeTech reports: Section 1201 of the DMCA makes it illegal to bypass a digital lock protecting copyrighted work. That can be the DRM on a video file you download from iTunes, the carrier locks that prevent you from using a phone on other networks, or even the software running a McDonald's soft serve machine that refuses to accept third-party repairs. By locking down a product with DRM, companies can dictate when and how items are repaired under threat of legal consequences. This is an ongoing issue for people who want to fix all those busted ice cream machines.

Earlier this year, iFixit and Public Knowledge submitted their request for an exemption that would have covered a wide swath of industrial equipment. The request included everything from building management software to the aforementioned ice cream machines. Unfortunately, the Copyright Office was unconvinced on some of these points. However, the Librarian of Congress must be just as sick as the rest of us to hear the ice cream machine is broken. The office granted an exception for "retail-level food preparation equipment."

That means restaurant owners and independent repair professionals will be able to bypass the software locks that keep kitchen machinery offline until the "right" repair services get involved. This should lower prices and speed up repairs in such situations. Public Knowledge and iFixit express disappointment that the wider expansion was not granted, but they're still celebrating with some delicious puns (and probably ice cream). "There's nothing vanilla about this victory; an exemption for retail-level commercial food preparation equipment will spark a flurry of third-party repair activity and enable businesses to better serve their customers," said Meredith Rose, Senior Policy Counsel at Public Knowledge.

An anonymous reader quotes a report from Ars Technica: Earlier this year, we reported on the video game archivists asking for a legal DMCA exemption to share Internet-accessible emulated versions of their physical game collections with researchers. Today, the US Copyright Office announced once again that it was denying that request, forcing researchers to travel to far-flung collections for access to the often-rare physical copies of the games they're seeking.

In announcing its decision, the Register of Copyrights for the Library of Congress sided with the Entertainment Software Association and others who argued that the proposed remote access could serve as a legal loophole for a free-to-access "online arcade" that could harm the market for classic gaming re-releases. This argument resonated with the Copyright Office despite a VGHF study that found 87 percent of those older game titles are currently out of print. "While proponents are correct that some older games will not have a reissue market, they concede there is a 'healthy' market for other reissued games and that the industry has been making 'greater concerted efforts' to reissue games," the Register writes in her decision. "Further, while the Register appreciates that proponents have suggested broad safeguards that could deter recreational uses of video games in some cases, she believes that such requirements are not specific enough to conclude that they would prevent market harms."

A DMCA exemption for remote sharing already exists for non-video-game computer software that is merely "functional," as the Register notes. But the same fair use arguments that allow for that sharing don't apply to video games because they are "often highly expressive in nature," the Register writes. In an odd footnote, the Register also notes that emulation of classic game consoles, while not infringing in its own right, has been "historically associated with piracy," thus "rais[ing] a potential concern" for any emulated remote access to library game catalogs. That footnote paradoxically cites Video Game History Foundation (VGHF) founder and director Frank Cifaldi's 2016 Game Developers Conference talk on the demonization of emulation and its importance to video game preservation. "The moment I became the Joker is when someone in charge of copyright law watched my GDC talk about how it's wrong to associate emulation with piracy and their takeaway was 'emulation is associated with piracy,'" Cifaldi quipped in a social media post.

Joe Biden's administration is investigating alleged Chinese efforts to hack US telecoms infrastructure amid reports hackers had targeted the phones of former president Donald Trump and his running mate JD Vance. Financial Times: The FBI and the Cybersecurity and Infrastructure Security Agency said they were investigating "unauthorised access to commercial telecommunications infrastructure by actors affiliated with the People's Republic of China."

The statement followed a report in the New York Times that Chinese hackers had accessed US telecoms networks and targeted data on Trump and Vance's phones. The FBI declined to say if the hackers had targeted their phones.

Steven Cheung, Trump's campaign spokesperson, blamed the alleged attack on Kamala Harris, the US vice-president and Democratic presidential nominee. But he declined to say if US authorities had informed the campaign about the hacking effort.

Cheung said: "This is the continuation of election interference by Kamala Harris and Democrats who will stop at nothing, including emboldening China and Iran attacking critical American infrastructure, to prevent president Trump from returning to the White House. Their dangerous and violent rhetoric has given permission to those who wish to harm president Trump." Further reading:
Chinese Hackers Targeted Trump and Vance's Phone Data (CNN);

China Sought To Hack Trump, Vance and Campaign Phones, Officials Say (Washington Post);

Chinese Hackers Targeted Phones of Trump, Vance, and Harris Campaign (Wall Street Journal);

US Investigating Breach of Telecoms by China-Linked Hackers (Bloomberg);

Trump, Vance Potential Targets in Broad China-Backed Hacking Operation (CBS News);

Chinese Hackers Attempted To Breach Trump, Vance Cellphone Data: Report (Fox News);

Chinese Hackers Believed To Have Targeted Trump, Vance Cellphones: Sources (ABC News);

Chinese Hackers Targeted Cellphones Used by Trump, Vance (Associated Press).