India has once again pushed back a contentious plan to limit major technology companies' control of the nation's digital payments system, extending a regulatory uncertainty that has weighed on the sector for years. From a report: The National Payments Corporation of India said on Tuesday it would extend the deadline for implementing a 30% cap on any individual app's share of transactions on the Unified Payments Interface, or UPI, the country's ubiquitous digital payments network, to December 31, 2026.

The decision provides temporary relief to Walmart-backed PhonePe and Google Pay, which together handle more than 85% of transactions on UPI. The network, which processes over 13 billion transactions monthly, has become the backbone of India's digital economy since its launch eight years ago.

Researchers have uncovered widespread manipulation of GitHub's star-rating system, with over 3.1 million fraudulent stars identified across 15,835 repositories, according to a new study by Socket, Carnegie Mellon University, and North Carolina State University.

The research team analyzed 20TB of data from GHArchive, spanning 6 billion GitHub events from 2019 to 2024, using their "StarScout" detection tool. The tool identified 278,000 accounts engaging in coordinated inauthentic behavior to artificially boost repository rankings.

GitHub uses stars, similar to social media likes, to rank projects and recommend content to users. The platform has previously encountered malicious exploitation of this system, including the "Stargazers Ghost Network" malware operation discovered last summer. Approximately 91% of flagged repositories and 62% of suspicious accounts were removed by October 2024.

An anonymous reader shared this report from the Washington Post: Archer is aiming to launch its first commercially operated [and electrically-powered] flights with a pilot and passengers within a year in Abu Dhabi. A competitor, Joby Aviation, says it is aiming to launch passenger service in Dubai as soon as late 2025. Advancements in batteries and other technologies required for the futuristic tilt-rotor craft are moving so fast that they could soon move beyond the novelty stage and into broader commercial use in a matter of years. Both companies are laying plans to operate at the 2028 Olympics in Los Angeles...

Scaling the industry from a novelty ride for the wealthy to a broadly available commuter option will take billions more in start-up money, executives said, including building out a network of takeoff and landing areas (called vertiports) and charging stations. Some high-profile ventures have already faltered. A plan for air taxis to transport spectators around the Paris Olympics fizzled... Still, investors, including big names like Stellantis and Toyota, have poured money into Silicon Valley companies like Archer and Joby. Boeing and Airbus are developing their own versions. All are betting that quieter, greener and battery-powered aircraft can revolutionize the way people travel. Major U.S. airlines including American, Delta, Southwest and United also are building relationships and planting seeds for deals with air taxi companies.
Two interesting quotes from the article:

• "It feels like the modern-day American Dream, where you can invent a technology and actually bring it to market even [if it's] as crazy as what some people call flying cars."
  
  — Adam Goldstein, CEO of Archer Aviation.

• "They have created these amazing new aircraft that really 10 or 15 years ago would've been unimaginable. I think there's something innately attractive about being able to leapfrog all of your terrestrial obstacles. Who hasn't wished that if you live in the suburbs that, you know, something could drop into your cul-de-sac and 15 minutes later you're at the office."
  
  — Roger Connor, curator of the vertical flight collection at the Smithsonian's National Air and Space Museum.

It had a 4.8-inch display. Introduced in 1991, Hewlett-Packard's (DOS-based) HP 95LX Palmtop PC — a collaboration with Lotus — was finally discontinued back in 2003.

But one found its way to long-time Slashdot reader Shayde (who in November repaired a 48-year-old handheld videogame console from Mattel). "I really wanted to get this HP95LX talking to the internet at large," they told Slashdot, " but network stacks for DOS in 1991 were pretty limited, and this machine didn't even have the hardware for a network connection.

"It did have a serial port though — a flat 4-pin custom interface. I did a bunch of research and learned how to custom-build an RS-232 hookup for this port, and using an external Wifi module, got it online — and talking to the retrocomputing BBS!"

There's a video documenting the whole experience. (Along the way he uses 20-gauge hook-up wire from Amazon, a zip tie, solder cups, and an internet modem (the WiFi232 Hayes modem emulator). The whole thing is powered by two AA batteries — it has 512K of memory, and about half a meg of storage. My favorite technical detail?

"Conveniently, the HP 95 [Palmtop PC] uses the exact same pinout as the HP 48GX handheld graphing calculator. So looking up on the Internet, we can determine what pins we need to map from the HP unit over to what would be a DB25 serial port..."

Accidental missile attacks on commercial airliners have become the leading cause of aviation fatalities in recent years (Warning: source paywalled; alternative source), driven by rising global conflicts and the proliferation of advanced antiaircraft weaponry. Despite improvements in aviation safety overall, inconsistent risk assessments, political complexities, and rapid military escalations make protecting civilian flights in conflict zones increasingly difficult. The Wall Street Journal reports: The crash Wednesday of an Azerbaijan Airlines jetliner in Kazakhstan, if officially confirmed as a midair attack, would be the third major fatal downing of a passenger jet linked to armed conflict since 2014, according to the Flight Safety Foundation's Aviation Safety Network, a global database of accidents and incidents. The tally would bring to more than 500 the number of deaths from such attacks during that period. Preliminary results of Azerbaijan's investigation into the crash indicate the plane was hit by a Russian antiaircraft missile, or shrapnel from it, said people briefed on the probe.

"It adds to the worrying catalog of shootdowns now," said Andy Blackwell, an aviation risk adviser at security specialist ISARR and former head of security at Virgin Atlantic. "You've got the conventional threats, from terrorists and terrorist groups, but now you've got this accidental risk as well." No other cause of aviation fatalities on commercial airliners comes close to shootdowns over those years, according to ASN data. The deadliness of such attacks is a dramatic shift: In the preceding 10 years, there were no fatal shootdowns of scheduled commercial passenger flights, ASN data show. The trend highlights the difficulty -- if not impossibility -- of protecting civilian aviation in war zones, even for rigorous aviation regulators, because of the politics of war. Early last century similar woes plagued sea travel, when belligerents targeted ocean transport.

Increasing civilian aviation deaths from war also reflect both a growing number of armed conflicts internationally and the increasing prevalence of powerful antiaircraft weaponry. If a missile was indeed the cause of this week's disaster, it would mean that the three deadliest shootdowns of the past decade all involved apparently unintended targetings of passenger planes flying near conflict zones, by forces that had been primed to hit enemy military aircraft. Two of those incidents were linked to Russia: Wednesday's crash of an Embraer E190 with 67 people aboard, of whom 38 died, and the midair destruction in 2014 of a Malaysia Airlines Boeing 777 flying over a battle zone in Ukraine, on which all 298 people aboard died. The other major downing was the mistaken shooting in 2020 by Iranian forces of a Ukraine International Airlines Boeing 737 departing Tehran, killing all 176 people onboard. Iran's missile defense systems had been on alert for a potential U.S. strike at the time.

The implementation of the Corporate Transparency Act -- a law aimed at getting shell companies to disclose their true ownership -- was paused again just days before a reporting deadline was set to take effect, as a federal appeals court handed the case to a panel for further consideration. From a report: In a court filing late Thursday, the Fifth Circuit Court of Appeals vacated a stay on a national injunction the court had issued Monday that reinstated the Jan. 1 reporting deadline for millions of companies. The lifting of the stay means the January filing deadline will be postponed once again and bars the government and the Treasury Department from enforcing the law, pending oral arguments before the court's so-called merits panel, a group of judges tasked with considering appeals.

The Corporate Transparency Act, a bipartisan law passed in 2021 to curtail the use of anonymous shell companies and help track flows of illicit money, would require companies to file beneficial ownership information with the Treasury's Financial Crimes Enforcement Network or face the possibility of penalties such as fines and jail time. The law could cover more than 32 million small businesses nationwide.

Japan Airlines said it was hit by a cyberattack Thursday, causing delays to more than 20 domestic flights but the carrier said there was no impact on flight safety. From a report: JAL said the problem started Thursday morning when the company's network connecting internal and external systems began malfunctioning. The airline said the cyberattack had delayed 24 domestic flights for more than 30 minutes, and the impact could expand later in the day.

An AI system has outperformed human experts in distinguishing between American whiskey and Scotch, achieving 100% accuracy by identifying subtle differences in the chemical composition of the spirits. New Scientist reports: Andreas Grasskamp at the Fraunhofer Institute for Process Engineering and Packaging IVV in Germany and his colleagues trained an AI molecular odor prediction algorithm called OWSum on descriptions of different whiskies. Then, in a study involving 16 samples -- nine types of Scotch whisky and seven types of American bourbon or whiskey -- they tasked OWSum with telling drinks from the two nations apart based on keyword descriptions of their flavors, such as flowery, fruity, woody or smoky. Using these alone, the AI could tell which country a drink came from with almost 94 per cent accuracy.

Because the complex aroma of these spirits is determined by the absence or presence of many chemical compounds, the researchers also fed the AI a reference dataset of 390 molecules commonly found in whiskies. When they gave the AI data from gas chromatography -- mass spectrometry showing which molecules were present in the sample spirits, it boosted OWSum's ability to differentiate American from Scotch drams to 100 percent. Compounds such as menthol and citronellol were a dead giveaway for American whiskey, while the presence of methyl decanoate and heptanoic acid pointed to Scotch.

The researchers also tested both OWSum and a neural network on their ability to predict the top five odor keywords based on the chemical contents of a whisky. On a score from 1 for perfect accuracy to 0 for consistent inaccuracy, OWSum achieved 0.72. The neural network achieved 0.78 and human whisky expert test participants achieved only 0.57. The study has been published in the journal Nature Communications Chemistry.

An anonymous reader quotes a report from TorrentFreak: In a landmark ruling, the Court of Milan has ordered (PDF) Cloudflare to block pirate streaming services that offer Serie A football matches. The court found that Cloudflare's services are instrumental in facilitating access to live pirate streams, undermining Italy's 'Piracy Shield' legislation. The order, which applies in Italy, affects Cloudflare's CDN, DNS resolver, WARP and proxy services. It also includes a broad data disclosure section. [...]

The Court of Milan's decision prohibits Cloudflare from resolving domain names and routing internet traffic to IP addresses of all services present on the "Piracy Shield" system. This also applies to future domains and aliases used by these pirate services. The order applies to Cloudflare's content delivery network (CDN), DNS services, and reverse proxy services. The order also mentions Cloudflare's free VPN among the targets, likely referring to the WARP service. If any of the targeted pirate streaming providers use Cloudflare's services to infringe on Serie A's copyrights, the company Cloudflare must stop providing CDN, authoritative DNS, and reverse proxy services to these customers. (Note: This is an Italian court order and Cloudflare previously used geotargeting to block sites only in Italy. It may respond similarly here, but terminating customer accounts only in Italy might be more complicated. )

Finally, the order further includes a data disclosure component, under which Cloudflare must identify customers who use Cloudflare's services to offer pirated streams. This should help Serie A to track down those responsible. The data disclosure section also covers information related to the 'VPN' and alternative public DNS services, where these relate to the IPTV platforms identified in the case. That covers traffic volume and connection logs, including IP-addresses and timestamps. In theory, that could also cover data on people who accessed these services using Cloudflare's VPN and DNS resolver. [...] The court ordered Cloudflare to cover the costs of the proceeding and if it doesn't implement the blocking requirements in time, an additional fine of 10,000 euros per day will apply.

An anonymous reader quotes a report from Ars Technica: On Thursday, a large group of university and private industry researchers unveiled Genesis, a new open source computer simulation system that lets robots practice tasks in simulated reality 430,000 times faster than in the real world. Researchers also plan to introduce an AI agent to generate 3D physics simulations from text prompts. The accelerated simulation means a neural network for piloting robots can spend the virtual equivalent of decades learning to pick up objects, walk, or manipulate tools during just hours of real computer time.

"One hour of compute time gives a robot 10 years of training experience. That's how Neo was able to learn martial arts in a blink of an eye in the Matrix Dojo," wrote Genesis paper co-author Jim Fan on X, who says he played a "minor part" in the research. Fan has previously worked on several robotics simulation projects for Nvidia. [...] The team also announced they are working on the ability to generate what it calls "4D dynamic worlds" -- perhaps using "4D" because they can simulate a 3D world in motion over time. The system will reportedly use vision-language models (VLMs) to generate complete virtual environments from text descriptions (similar to "prompts" in other AI models), utilizing Genesis's own simulation infrastructure APIs to create the worlds.

The Consumer Financial Protection Bureau is suing America's three largest banks, accusing the institutions of failing to protect customers from fraud on Zelle, the payment platform they co-own. From a report: According to the suit, which also targets Early Warning Services LLC, Zelle's official operator, Zelle users have lost more than $870 million over the network's seven-year existence due to these alleged failures. "The nation's largest banks felt threatened by competing payment apps, so they rushed to put out Zelle," said CFPB Director Rohit Chopra in a statement. "By their failing to put in place proper safeguards, Zelle became a gold mine for fraudsters, while often leaving victims to fend for themselves."

Among the charges:
1. Poor identity verification methods, which have allowed bad actors to quickly create accounts and target Zelle users.
2. Allowing repeat offenders to continue to gain access to the platform
3. Ignoring and failing to report instances of fraud
4. Failing to properly investigate consumer complaints

The CFPB's suit seeks to change the platform's operations, as well as obtain a civil money penalty, that would be paid into the CFPB's victims relief fund.

Teenagers using Meta's virtual reality headsets to cheat at the popular game Gorilla Tag are unknowingly selling access to their home internet connections to potential cybercriminals, cybersecurity researchers found. The players have been side-loading Big Mama VPN, a free Android app, onto their VR headsets to create lag that makes it easier to win the tag-based game. However, the app simultaneously operates as a residential proxy service, selling access to users' IP addresses on a marketplace frequented by cybercriminals.

Cybersecurity firm Trend Micro discovered VR headsets were the third most common devices using Big Mama VPN, after Samsung and Xiaomi devices. The company's proxy services have been promoted on cybercrime forums and were linked to at least one cyberattack, according to research from security firms Trend Micro and Kela.

An anonymous reader quotes a report from Gizmodo: Hackers aligned with the Chinese government have infiltrated U.S. telecommunications infrastructure so deeply that it allowed the interception of unencrypted communications on a number of people, according to reports that first emerged in October. The operation, dubbed Salt Typhoon, apparently allowed hackers to listen to phone calls and nab text messages, and the penetration has been so extensive they haven't even been booted from the telecom networks yet. The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance this week on best practices for protecting "highly targeted individuals," which includes a new warning (PDF) about text messages.

"Do not use SMS as a second factor for authentication. SMS messages are not encrypted—a threat actor with access to a telecommunication provider's network who intercepts these messages can read them. SMS MFA is not phishing-resistant and is therefore not strong authentication for accounts of highly targeted individuals," the guidance, which has been posted online, reads. Not every service even allows for multi-factor authentication and sometimes text messages are the only option. But when you have a choice, it's better to use phishing-resistant methods like passkeys or authenticator apps. CISA prefaces its guidance by insisting it's only really speaking about high-value targets. The telecommunications hack mentioned above has been called the "worst hack in our nation's history," according to Sen. Mark Warner (D-VA).

An anonymous reader quotes a report from PCWorld: Smart home devices compatible with the Matter standard have garnered most of our attention lately, but the compelling features in the latest generation of Z-Wave chips convinced the IoT developer Shelly Group to build no fewer than 11 new products powered by Z-Wave technology. The new collection includes a smart plug, in-wall dimmers, relays, and various sensors aimed at DIYers, installers, and commercial builders. Citing the ability of Z-Wave 800 (aka Z-Wave Long Range or LR) chips to operate IoT devices over extremely long range -- up to 1 mile, line of sight -- while running on battery power for up to 10 years, Shelly Group CTO Leon Kralj said "Shelly is helping break down smart home connectivity barriers, empowering homeowners, security installers, and commercial property owners and managers with unmatched range, scalability, and energy efficiency to redefine their automation experience."

[...] While most homeowners won't need to worry about the number of IoT devices their networks can support, commercial builders will appreciate the scalability of Z-Wave 800-powered devices -- namely, you can deploy as many as 4,000 nodes on a single mesh network. That's a 20x increase over what was possible with previous generations of the chip. And since Z-Wave LR is backward compatible with those previous generations, there should be no worries about integrating the new devices into existing networks. Shelly says all 11 of its new Z-Wave 800-powered IoT devices will be available in the first half of 2025. The new Shelly devices will be available in the U.S. in the first half of 2025.

Here's a list of the devices enhanced with the new long-range capabilities:
- Shelly Wave Plug US
- Shelly Wave Door/Window
- Shelly Wave H&T
- Shelly Wave Motion
- Shelly Wave Dimmer
- Shelly Wave Pro Dimmer 1 PM
- Shelly Wave Pro Dimmer 2 PM
- Shelly Wave 1
- Shelly Wave 1 PM
- Shelly Wave 2 PM
- Shelly Wave Shutter

Nebraska's attorney general has sued Change Healthcare over a massive data breach that exposed sensitive medical information of more than 100 million Americans following a February ransomware attack. The lawsuit alleges the UnitedHealth-owned company failed to implement basic security measures, including multi-factor authentication, allowing hackers to breach its systems using credentials from a customer support employee that were posted on Telegram.

The Russian-speaking ALPHV ransomware group accessed personal health records, financial data and treatment information across Change Healthcare's poorly segmented network, according to the complaint filed by Attorney General Mike Hilgers.

The Department of Homeland Security (DHS) believes that China, Russia, Iran, and Israel are the "primary" countries exploiting security holes in telecommunications networks to spy on people inside the United States, which can include tracking their physical movements and intercepting calls and texts, according to information released by Senator Ron Wyden. 404 Media: The news provides more context around use of SS7, the exploited network and protocol, against phones in the country. In May, 404 Media reported that an official inside DHS's Cybersecurity Insurance and Security Agency (CISA) broke with his department's official narrative and publicly warned about multiple SS7 attacks on U.S. persons in recent years. Now, the newly disclosed information provides more specifics on where at least some SS7 attacks are originating from.

The information is included in a letter the Department of Defense (DoD) wrote in response to queries from the office of Senator Wyden. The letter says that in September 2017 DHS personnel gave a presentation on SS7 security threats at an event open to U.S. government officials. The letter says that Wyden staff attended the event and saw the presentation. One slide identified the "primary countries reportedly using telecom assets of other nations to exploit U.S. subscribers," it continues.

Cloudflare's 2024 internet traffic report highlights a 17.2% global increase in traffic, with Google maintaining its position as the most visited service and the U.S. responsible for 34.6% of bot traffic. The Register reports: One surprise (or perhaps not) is that IPv6 traffic is actually down as a percentage of the packets that passed through Cloudflare's network. It says that 28.5 percent of global traffic was IPv6 during 2024, whereas last year's report put this figure at 33.75 percent. The company also reveals that a fifth of all TCP connections (20.7 percent) are unexpectedly terminated before any useful data can be exchanged. Causes of this could vary from DoS attacks, quirky client behavior, or a network interrupting a connection to filter content.

Coudflare says about half of these incidents were connections closed "Post SYN" -- after its server has received a client's SYN packet, but before a subsequent acknowledgement (ACK) or any useful data. These can be attributed to DoS attacks or internet scanning, while Post-ACK or Post-PSH anomalies are more often associated with connection tampering activity such as filtering, especially if they occur at high rates in specific networks. Mobile device traffic accounted for about 41.3 percent of the total, which is roughly the same as last year. This is largely split between the Apple and Android ecosystems, with iOS on almost a third and Android accounting for two-thirds. [...]

Google's Chrome appears to be the most popular browser by far, accounting for 65.8 percent of all requests during 2024. Just 15.5 percent came from Apple's Safari browser, which leads the way on iOS devices, naturally. Microsoft's Edge accounted for 6.9 percent of browsing, while Mozilla Firefox stood at 4 percent. For search engines, Google also claimed the top spot, with a greater than 88 percent share of all search traffic that passed through Cloudflare. Yandex and Baidu were next with 3.1 percent and 2.7 percent, respectively, while Bing trailed with 2.6 percent. DuckDuckGo accounted for 0.9 percent of searches. You can read Cloudflare's full Year in Review here.

The Washington Post reports: Years before the internet was created and the first smartphones buzzed to life, an educational platform called PLATO offered a glimpse of the digital world to come. Launched in 1960 at the University of Illinois at Urbana-Champaign [UIUC], it was the first generalized, computer-based instructional system, and grew into a home for early message boards, emails, chatrooms, instant messaging and multiplayer video games.

The platform's developer, Donald Bitzer, was a handball-playing, magic-loving electrical engineer who opened his computer lab to practically everyone, welcoming contributions from Illinois undergrads as well as teenagers who were still in high school. Dr. Bitzer, who died Dec. 10 at age 90, spent more than two decades working on PLATO, managing its growth and development while also pioneering digital technologies that included the plasma display panel, a forerunner of the ultrathin screens used on today's TVs and tablets. "All of the features you see kids using now, like discussion boards or forums and blogs, started with PLATO," he said during a 2014 return to Illinois, his alma mater. "All of the social networking we take for granted actually started as an educational tool."
Long-time Slashdot reader theodp found another remembrance online. "Ray Ozzie, whose LinkedIn profile dedicates more space to describing his work as a PLATO developer as a UIUC undergrad than it does to his later successes as a creator of Lotus Notes and as Microsoft's Chief Software Architect, offers his own heartfelt mini-obit." Ozzie writes: It's difficult to adequately convey how much impact he had on so many, and I implore you to take a few minutes to honor him by reading a bit about him and his contributions. Links below. As an insecure young CS student at UIUC in 1974, Paul Tenczar, working for/with Don, graciously gave me a chance as a jr. systems programmer on the mind-bogglingly forward thinking system known as PLATO. A global, interactive system for learning, collaboration, and community like no other at the time. We were young and in awe of how Don led, inspired, and managed to keep the project alive. I was introverted; shaking; stage fright. Yeah I could code. But how could such a deeply technical engineer assemble such a strong team to execute on such a totally novel and inspirational vision, secure government funding, and yet also demo the product on the Phil Donahue show?

"Here's to the crazy ones. The misfits. The rebels. The troublemakers. The ones who see things differently. They're not fond of rules." You touched so many of us and shaped who we became and the risks we would take, having an impact well beyond that which you created. You made us think and you made us laugh. I hope we made you proud."

Epic Games has partnered with Telefonica to pre-install its mobile game storefront on millions of Android devices. Engadget reports: As such, those who buy a phone from a Telefonica network such as O2 or Movistar in Spain, the UK, Germany and Spanish-speaking Latin America will immediately have the app, which offers access to Fortnite, Fall Guys and Rocket League Sideswipe. Epic will bring third-party games to the storefront as well, while the partners plan to offer mobile gamers on Telefonica's networks extra perks over the next year or so. Telefonica has more than 392 million customers. As such, this deal could bring Fortnite and Fall Guys to an even bigger audience.

Google unveiled Gemini 2.0 yesterday, almost exactly one year after Google's initial Gemini launch. The new release offers enhanced multimodal capabilities like native image and audio output, real-time tool use, and advanced reasoning to enable agentic experiences, such as acting as a universal assistant or research companion. VentureBeat reports: During a recent press conference, Tulsee Doshi, director of product management for Gemini, outlined the system's enhanced capabilities while demonstrating real-time image generation and multilingual conversations. "Gemini 2.0 brings enhanced performance and new capabilities like native image and multilingual audio generation," Doshi explained. "It also has native intelligent tool use, which means that it can directly access Google products like search or even execute code."

The initial release centers on Gemini 2.0 Flash, an experimental version that Google claims operates at twice the speed of its predecessor while surpassing the capabilities of more powerful models. This represents a significant technical achievement, as previous speed improvements typically came at the cost of reduced functionality. Perhaps most significantly, Google introduced three prototype AI agents built on Gemini 2.0's architecture that demonstrate the company's vision for AI's future. Project Astra, an updated universal AI assistant, showcased its ability to maintain complex conversations across multiple languages while accessing Google tools and maintaining contextual memory of previous interactions. [...]

For developers and enterprise customers, Google introduced Project Mariner and Jules, two specialized AI agents designed to automate complex technical tasks. Project Mariner, demonstrated as a Chrome extension, achieved an impressive 83.5% success rate on the WebVoyager benchmark for real-world web tasks -- a significant improvement over previous attempts at autonomous web navigation. Supporting these advances is Trillium, Google's sixth-generation Tensor Processing Unit (TPU), which becomes generally available to cloud customers today. The custom AI accelerator represents a massive investment in computational infrastructure, with Google deploying over 100,000 Trillium chips in a single network fabric.