Millions of storage devices are being shredded each year, even though they could be reused. "You don't need an engineering degree to understand that's a bad thing," says Jonmichael Hands. From a report: He is the secretary and treasurer of the Circular Drive Initiative (CDI), a partnership of technology companies promoting the secure reuse of storage hardware. He also works at Chia Network, which provides a blockchain technology. Chia Network could easily reuse storage devices that large data centres have decided they no longer need. In 2021, the company approached IT Asset Disposition (ITAD) firms, who dispose of old technology for businesses that no longer need it. The answer came back: "Sorry, we have to shred old drives."

"What do you mean, you destroy them?" says Mr Hands, relating the story. "Just erase the data, and then sell them! They said the customers wouldn't let them do that. One ITAD provider said they were shredding five million drives for a single customer." Storage devices are typically sold with a five-year warranty, and large data centres retire them when the warranty expires. Drives that store less sensitive data are spared, but the CDI estimates that 90% of hard drives are destroyed when they are removed. The reason? "The cloud service providers we spoke to said security, but what they actually meant was risk management," says Mr Hands. "They have a zero-risk policy. It can't be one in a million drives, one in 10 million drives, one in 100 million drives that leaks. It has to be zero."

Moderators of Stack Overflow have announced a strike in protest of the company's ban on moderating AI-generated content, claiming that this policy allows incorrect information and plagiarism to proliferate on the platform. Gizmodo reports: Last week in a post -- which has been downvoted at least 283 times -- Stack Overflow announced its new moderation policy that will only remove AI-generated content in specific instances, claiming that over-moderation of posts made with artificial intelligence was turning away human contributors. The company also said in its post that a strict standard of evidence needed to be used moving forward in order to manage AI content, and that that standard of evidence hasn't applied to most suspensions issued by moderators thus far. This directive was also communicated to the platform's moderation team privately before being posted publicly. The moderators of the website are claiming that this directive will allow AI content, which can frequently be incorrect, to run rampant on the forum while expressing discontent with Stack Overflow for not communicating this new policy more effectively.

"Stack Overflow, Inc. has decreed a near-total prohibition on moderating AI-generated content in the wake of a flood of such content being posted to and subsequently removed from the Stack Exchange network, tacitly allowing the proliferation of incorrect information ("hallucinations") and unfettered plagiarism on the Stack Exchange network. This poses a major threat to the integrity and trustworthiness of the platform and its content," the mods write in their letter to Stack Overflow. "Stack Overflow, Inc. has decreed a near-total prohibition on moderating AI-generated content in the wake of a flood of such content being posted to and subsequently removed from the Stack Exchange network, tacitly allowing the proliferation of incorrect information ("hallucinations") and unfettered plagiarism on the Stack Exchange network. This poses a major threat to the integrity and trustworthiness of the platform and its content," the mods write in their letter to Stack Overflow.

Stack Overflow moderators, like those at Wikipedia, are volunteers tasked with maintaining the integrity of the platform. The moderators say that they tried to express their concerns with the company's new policy through proper channels, but their anxieties fell on deaf ears. The mods plan to strike indefinitely, and will cease all actions including closing posts, deleting posts, flagging answers, and other tasks that help with website upkeep until AI policy has been retracted.

"It's worth questioning the status quo of technology," argues the Washington Post's Tech Friend newsletter, "including apps as we know them."

Then they tout the benefits of the "non-app app... a hybrid of a website and a conventional app, with features of each" — the unappreciated Progressive Web App (which many still don't know can be installed on your phone's home screen): Web apps look and function pretty much like the conventional apps for your phone or computer, but they clog less space on your device and are less pushy about surveilling you. People who make web apps also say they are easier to create and update than conventional apps... But web apps have been around for years, and most people don't know they exist...

[Traditional apps] come with profound downsides, including Big Tech control, privacy compromises and high development costs. It would be healthy if there were palatable alternative paths to our current app system. Web apps might be part of the solution... At their core, web apps are "the web with an app-like cover," said Rob Kochman, senior product manager for Google's Chrome. Kochman and other web app fans say these apps are less demanding and less intrusive than a conventional app. The web app for Starbucks, for example, takes up just 429 kilobytes of storage on my phone — or less than 1 percent of the storage taken by the standard Starbucks Android app...

And by design, once a conventional app is on your phone, it can access your phone's guts and peek under the hood of your internet network. Web apps are stingier about access, Kochman and other experts told me. "If you're worried about installing some app, you'd probably prefer that as a web app," said a veteran tech executive who helped develop the original technology for web apps. He referred to a web app as "just a website that took all the right vitamins...."

It's difficult to figure out which companies make web apps or find them. There's not an app store for web apps, although there are some attempts like Store.App and Appscope. They're not ideal... Some technologists told me that Apple has held back web apps by limiting their capabilities for Apple devices. The company has said that's not true. And this year, Apple added iPhone feature options for web apps...

We should keep challenging what can feel like immutable parts of digital life, including apps. We have to keep asking: What if there's something better?
It's as easy as "press the three-dot icon, then select 'Add to home screen.'" But it'd be interesting to hear the perspective of Slashdot readers. So share your thoughts and experiences in the comments.

Are you using progressive web apps?

ARM has joined the Linux Foundation's Open Programmable Infrastructure project, "a community-driven initiative focused on creating a standards-based open ecosystem for next-generation architectures and frameworks" based on programmable processor technologies like DPUs (Data Processing Units) and IPUs (Infrastructure Processing Units).

From the Linux Foundation's announcement: Launched in June 2021 under the Linux Foundation, the project is focused on utilizing open software and standards, as well as frameworks and toolkits, to enable the rapid adoption of DPUs. Arm joins other premier members including Dell Technologies, F5, Intel, Keysight Technologies, Marvell, Nvidia, Red Hat, Tencent, and ZTE. These member companies work together to create an ecosystem of blueprints and standards to ensure that compliant DPUs work with any server.

DPUs are used today to accelerate networking, security, and storage tasks. In addition to performance benefits, DPUs help improve data center security by providing physical isolation for running infrastructure tasks. DPUs also help to reduce latency and improve performance for applications that require real-time data processing. As DPUs create a logical split between infrastructure compute and client applications, the manageability of workloads within different development and management teams is streamlined.

"Arm has been contributing to the OPI Project for a while now," said Kris Murphy, Chair of the OPI Project Governing Board and Senior Principal Software Engineer at Red Hat. "Now, as a premier member, we are excited that they're bringing their leadership to the Governing Board and expertise to the technical steering committee and working groups. Their participation will help to ensure that the DPU components are optimized for programmable infrastructure solutions."

"Across network, storage, and security applications, DPUs are already proving the power efficiency and capex benefits of specialized processing technology," said Marc Meunier, director of ecosystem development, Infrastructure Line of Business, Arm and member of OPI Governing Board. "As a premier member of the OPI project, we look forward to contributing our expertise in heterogeneous computing and working with other leaders in the industry to create solution blueprints and standards that pave the way for successful deployments."

"The DPU market offers an opportunity for us to change how infrastructure services can be deployed and managed," Arpit Joshipura, General Manager, Networking, Edge, and IoT, the Linux Foundation. "With collaboration across software and hardware vendors representing silicon devices and the entire DPU software stack, the OPI Project is creating an open ecosystem for next generation data centers, private clouds, and edge deployments."

Swiss start-up Sun-Ways has developed a concept to install solar panels between train tracks, using a specially built train to "unroll" the panels during the night when fewer trains are running. Fast Company reports: As wild as it all sound, Sun-Ways actually has two competitors. Greenrail and Bankset Energy, respectively located in Italy and England, are already testing similar concepts. But Sun-Ways stands out in two ways. For one, it uses standard-size panels, whereas the others use smaller panels that are placed on top of crossties. And unlike its competitors, Sun-ways doesn't require manual installation. It has a train for that!

Sun-ways is putting this idea to the test during a $560,000 pilot project in Western Switzerland. The pilot, which is slated for this summer, will trial a version of the mechanism using a regular train that's been retrofitted for the occasion. Running on a 140-foot stretch near the city of Neuchatel, the train will install about 60 solar panels, turning the gap between train tracks into a reflective black ribbon.

For now, 100% of the electricity generated by the solar panels will go straight to the grid to power nearby households. But eventually, the team is planning to use some of that electricity to power the very trains that run above the panels. According to Danichert, 5,000 kilometers of "solar rails" (which is the current length of the entire Swiss railroad network) can generate 1 gigawatt of energy per year, or enough energy to power about 750,000 homes. Considering there are over 1 million kilometers of railway tracks worldwide, the potential could be huge, even if the system can't be installed on every one of those tracks. But most importantly, it wouldn't take up any space from farmland or forests, and it wouldn't ruin any landscapes.

Amazon has been talking with wireless carriers about offering low-cost or possibly free nationwide mobile phone service to Prime subscribers, Bloomberg News reported Friday, citing people familiar with the situation. From a report: The company is negotiating with Verizon, T-Mobile US and Dish Network to get the lowest possible wholesale prices. That would let it offer Prime members wireless plans for $10 a month or possibly for free and bolster loyalty among its biggest spending customers, the people said, who requested anonymity to discuss a private matter. The talks have been going on for six to eight weeks and have also included AT&T at times, but the plan may take several more months to launch and could be scrapped, one person said.

The Pentagon has announced that it will purchase Starlink satellite internet terminals from SpaceX to provide communication capabilities to Ukraine as it defends itself against a full-scale Russian invasion. "We continue to work with a range of global partners to ensure Ukraine has the satellite and communication capabilities they need. Satellite communications constitute a vital layer in Ukraine's overall communications network and the department contracts with Starlink for services of this type," the Pentagon said in a statement to CNBC. "For operational security reasons and due to the critical nature of these systems -- we do not have additional information regarding specific capabilities, contracts or partners to provide at this time," the statement added. From the report: The first Starlink terminals in Ukraine arrived four days after Russian troops poured over the nation's border in what became the largest air, land and sea assault in Europe since World War II. Ukraine digital minister Mykhailo Fedorov, who had previously asked Musk for the capability on Twitter, posted that Starlink was "here" in Ukraine -- with a photo showing more than two dozen boxes in the back of a truck. Musk said in October that SpaceX wouldn't be able to continue funding use of Starlink terminals in the country out of its own coffers "indefinitely," after a report from CNN said the company had asked the Pentagon to cover the cost.

Western officials have previously hailed Musk's decision to equip Ukraine with Starlink internet, citing the colossal and indiscriminate Russian shelling on civilian infrastructure that has left large swaths of the country without communications. Musk reportedly told the Pentagon in October he would no longer finance the Starlink terminals in Ukraine as the country prepared to fight through the harsh winter months. However, the billionaire reversed course and did continue to fund the service.

Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. From a report: The delivery of the message exploits a vulnerability that leads to code execution without requiring any user interaction, leading to the download of additional malicious from the attackers' server. Subsequently, the message and attachment are wiped from the device. At the same time, the payload stays behind, running with root privileges to collect system and user information and execute commands sent by the attackers.

Kaspersky says the campaign started in 2019 and reports the attacks are still ongoing. The cybersecurity firm has named the campaign "Operation Triangulation" and is inviting anyone who knows more about it to share information. [...] In a statement coinciding with Kaspersky's report, Russia's FSB intelligence and security agency claims that Apple deliberately provided the NSA with a backdoor it can use to infect iPhones in the country with spyware. The FSB alleges that it has discovered malware infections on thousands of Apple iPhones belonging to officials within the Russian government and staff from the embassies of Israel, China, and several NATO member nations in Russia. Despite the seriousness of the allegations, the FSB has provided no proof of its claims.

Seattle-based startup Hubble Network plans to launch a constellation of 300 satellites to create a global satellite network that any Bluetooth-enabled device can connect to, anywhere in the world. The network aims to provide real-time updates for devices equipped with Bluetooth low energy (BLE) chips, offering connectivity to over a billion devices. TechCrunch reports: Hubble Network CEO Alex Haro says the company has engineered "technical tricks" to make this scale of connectivity possible for the first time, like lowering the bitrate, or the amount of data transferred per second. Hubble has also rethought the design of the satellite antenna. Instead of sticking a single antenna on the side of a satellite bus, the company is using hundreds of antennae per satellite. This means that each satellite can support millions of connected devices. The result is a radio signal that can be detected around 1,000 kilometers away -- or almost 10 orders of magnitude longer than what can be detected from a Bluetooth chip over terrestrial networks.

Hubble Network plans to launch an initial batch of four satellites on SpaceX's Transporter-10 rideshare mission in January 2024, and onboard early pilot customers after. The startup is fully funded through this mission, Haro said, thanks to a $20 million Series A round that closed in March. That round was led by Transpose Platform, with additional participation from 11.2 Capital, Y Combinator, Yes.VC, Convective Capital, Seraphim Space, Type One Ventures, Soma, AVCF5, Space.VC, Jett McCandless, John Kim, Chris Nguyen, Alan Keating and Don Dodge.

After launching four satellites next January, Hubble plans to build out its constellation to 68 satellites total over the next two-and-a-half years. While the first four satellites will provide global coverage on their own, Haro said that it will be about a six-hour gap until devices can update on the ground. Increasing the constellation to 68 birds means that a satellite will be overhead every 15 minutes or so -- an update rate that is sufficient for "the vast majority" of customer use cases, Haro said. While Hubble is clearly targeting existing Bluetooth devices -- of which billions exist all over the world already -- Haro is confident that the company's network will solicit developers to build applications that don't even exist yet.

An anonymous reader quotes a report from France 24: The scale of plastic pollution is growing, relentlessly. The world is producing twice as much plastic waste as two decades ago, reaching 353 million tonnes in 2019, according to OECD figures. The vast majority goes into landfills, gets incinerated or is "mismanaged," meaning left as litter or not correctly disposed of. Just 9 percent of plastic waste is recycled. Ramping up plastic recycling might seem like a logical way to transform waste into a resource. But recent studies suggest that recycling plastic poses its own environmental and health risks, including the high levels of microplastics and harmful toxins produced by the recycling process that can be dangerous for people, animals and the environment. [...]

The share of plastic waste that is recycled globally is expected to rise to 17 percent by 2060, according to figures from the OECD. But recycling more will not address a major issue: after being recycled once or twice, most plastics come to a dead end. "There's a myth with plastic recycling that if the quality is good enough the plastics can be recycled back into plastic bottles," says Natalie Fee, the founder of City to Sea, a UK-based environmental charity. "But as it goes through the system, it becomes lower- and lower-grade plastic. It's down-cycled into things like drain pipes or sometimes fleece clothing. But those items can't be recycled afterwards."

It is therefore difficult to make the case that recycled plastic is a sustainable material, said Graham Forbes, Global Plastics Campaign leader at Greenpeace USA, in a statement this week. "Plastics have no place in a circular economy. It's clear that the only real solution to ending plastic pollution is to massively reduce plastic production." And it is impossible for increased recycling to keep pace with the amount of plastic waste being produced -- which is expected to almost triple by 2060. "There's no way that we can recycle our way out of this," added [Therese Karlsson, science and technical adviser at the International Pollutants Elimination Network (IPEN)]. "Not as it works today. Because today, plastic recycling is not working." "More than two-thirds of UN member states agreed in March last year to develop a legally binding agreement on plastic pollution by 2024, and the second round of meetings to draw up the treaty began on Monday in Paris and will run through Friday," notes the report. "UN Environment Program (UNEP), which is hosting the talks, released a roadmap to reduce plastic waste by 80 percent by 2040."

Karlsson is attending the talks, and she sees reason for hope. "The plastics treaty is an incredible opportunity to protect human health and the environment from plastic pollution. Doing that would mean phasing out toxic chemicals from plastics, ensuring transparency across the plastic life cycle and also decreasing plastic production."

The United States "won't tolerate" China's effective ban on purchases of Micron Technology memory chips and is working closely with allies to address such "economic coercion," U.S. Commerce Secretary Gina Raimondo said on Saturday. From a report: Raimondo told a news conference after a meeting of trade ministers in the U.S.-led Indo-Pacific Economic Framework talks that the U.S. "firmly opposes" China's actions against Micron. These "target a single U.S. company without any basis in fact, and we see it as plain and simple economic coercion and we won't tolerate it, nor do we think it will be successful." China's cyberspace regulator said on May 21 that Micron, the biggest U.S. memory chip maker, had failed its network security review and that it would block operators of key infrastructure from buying from the company, prompting it to predict a revenue reduction.

Slashdot reader Zapotek brings an update from the Ecsypno skunkworks, where they've been busy with R&D for distributed computing systems: Armed with Cuboid, Qmap was built, which tackled the handling of nmap in a distributed environment, with great results. Afterwards, an iterative clean-up process led to a template of sorts, for scheduling most applications in such environments.

With that, Peplum was born, which allows for OS applications, Ruby code and C/C++/Rust code (via Ruby extensions) to be distributed across machines and tackle the processing of neatly grouped objects.

In essence, Peplum:

- Is a distributed computing solution backed by Cuboid.
- Its basic function is to distribute workloads and deliver payloads across multiple machines and thus parallelize otherwise time consuming tasks.
- Allows you to combine several machines and built a cluster/supercomputer of sorts with great ease.

After that was dealt with, it was time to port Qmap over to Peplum for easier long-term maintenance, thus renamed Peplum::Nmap.

We have high hopes for Peplum as it basically means easy, simple and joyful cloud/clustering/super-computing at home, on-premise, anywhere really. Along with the capability to turn a lot of security oriented apps into super versions of themselves, it is quite the infrastructure.
Yes, this means there's a new solution if you're using multiple machines for "running simulations, to network mapping/security scans, to password cracking/recovery or just encoding your collection of music and video" -- or anything else: Peplum is a F/OSS (MIT licensed) project aimed at making clustering/super-computing affordable and accessible, by making it simple to setup a distributed parallel computing environment for abstract applications... TLDR: You no longer have to only imagine a Beowulf cluster of those, you can now easily build one yourself with Peplum.
Some technical specs: It is written in the Ruby programming language, thus coming with an entire ecosystem of libraries and the capability to run abstract Ruby code, execute external utilities, run OS commands, call C/C++/Rust routines and more...

Peplum is powered by Cuboid, a F/OSS (MIT licensed) abstract framework for distributed computing — both of them are funded by Ecsypno Single Member P.C., a new R&D and Consulting company.

The two Koreas are elevating a space race aimed at modernizing how each country monitors the other's improving military firepower. From a report: As hopes for a diplomatic breakthrough have dimmed in recent years, North and South Korea have grown more antagonistic toward one another and upped their displays of military might. They have traded missile tests. Pyongyang has sent drones that flew over downtown Seoul. South Korea has sharpened security and defense ties with the U.S. and Japan. The rise in tensions has elevated the importance -- and need -- for spy-satellite technology that neither country now has. South Korea cleared a significant technological marker on Thursday, launching multiple commercial satellites aboard a homegrown rocket for the first time. North Korea's Kim Jong Un regime stands poised to soon fly its first military reconnaissance satellite.

Nuri, South Korea's three-stage liquid-fuel rocket, blasted off at 6:24 p.m. local time Thursday from the Naro Space Center in Goheung, a city on the country's southern coast. The 200-ton rocket launched into space and deployed eight satellites into orbit about 342 miles above Earth, about 13 minutes after liftoff. Seoul has the clear technological advantage, weapons analysts say, though Pyongyang has been quick to advance its sanctioned missile program to develop long-range rockets that can carry satellites. Both nations remain years away from having a full-fledged network of spy satellites. But attaining the technology would allow the countries to identify military targets to precisely launch strikes during potential conflict without relying on their allies' satellite technology for information. In North Korea's case, space-based satellite technology is essential for its nuclear strategy. Having eyes in the sky would serve as an additional asset to launching nuclear strikes with better accuracy, said Yang Uk, a military expert at the Asan Institute for Policy Studies, a think tank in Seoul. Should the technology progress enough, North Korea could potentially identify nuclear strike targets in the U.S., he added.

Ford CEO Jim Farley said Tesla's Superchargers may become the standard for EV charging in the U.S., a day after the Michigan-based company struck a deal allowing Ford owners to gain access to the rival charging stations in North America. From a report: "I think there's a chance you know," Farley said on Friday in response to a question on CNBC on whether Tesla Superchargers will become the standard for EV charging. Farley told CNBC that General Motors and other automakers are going to "have a big choice to make" in selecting between Tesla's EV chargers and the Combined Charging System (CCS). CCS is one of several competing charging plug standards for DC fast charging. "The CCS standard plays a crucial role in establishing an extensive network of fast charging stations across North America," General Motors said. Since 2012, Tesla has developed and deployed its own high-speed vehicle charger, called Supercharger, which can add up to 322 miles (518 km) of range in just 15 minutes. Farley told CNBC on Friday that Ford had about 10,000 fast chargers and the agreement with Tesla will "double that."

Portugal has banned companies from 'high-risk' countries and jurisdictions from supplying equipment for its fifth-generation phone network, becoming the latest western nation to effectively block China's Huawei from its market. From a report: The country will prohibit the use of equipment in its 5G wireless network from suppliers based outside the European Union or from states that don't belong to the North Atlantic Treaty Organization or the Organization for Economic Co-operation and Development, according to a government statement posted online Thursday.

An anonymous reader quotes a report from Ars Technica: Researchers have uncovered malware designed to disrupt electric power transmission and may have been used by the Russian government in training exercises for creating or responding to cyberattacks on electric grids. Known as CosmicEnergy, the malware has capabilities that are comparable to those found in malware known as Industroyer and Industroyer2, both of which have been widely attributed by researchers to Sandworm, the name of one of the Kremlin's most skilled and cutthroat hacking groups.

Researchers from Mandiant, the security firm that found CosmicEnergy, wrote: "COSMICENERGY is the latest example of specialized OT malware capable of causing cyber physical impacts, which are rarely discovered or disclosed. What makes COSMICENERGY unique is that based on our analysis, a contractor may have developed it as a red teaming tool for simulated power disruption exercises hosted by Rostelecom-Solar, a Russian cyber security company. Analysis into the malware and its functionality reveals that its capabilities are comparable to those employed in previous incidents and malware, such as INDUSTROYER and INDUSTROYER.V2, which were both malware variants deployed in the past to impact electricity transmission and distribution via IEC-104. The discovery of COSMICENERGY illustrates that the barriers to entry for developing offensive OT capabilities are lowering as actors leverage knowledge from prior attacks to develop new malware. Given that threat actors use red team tools and public exploitation frameworks for targeted threat activity in the wild, we believe COSMICENERGY poses a plausible threat to affected electric grid assets. OT asset owners leveraging IEC-104 compliant devices should take action to preempt potential in the wild deployment of COSMICENERGY."

Right now, the link is circumstantial and mainly limited to a comment found in the code suggesting it works with software designed for training exercises sponsored by the Kremlin. Consistent with the theory that CosmicEnergy is used in so-called Red Team exercises that simulate hostile hacks, the malware lacks the ability to burrow into a network to obtain environment information that would be necessary to execute an attack. The malware includes hardcoded information object addresses typically associated with power line switches or circuit breakers, but those mappings would have to be customized for a specific attack since they differ from manufacturer to manufacturer. "For this reason, the particular actions intended by the actor are unclear without further knowledge about the targeted assets," Mandiant researchers wrote.

The Tesla Model Y has become the world's best-selling car in the first quarter of 2023, according to industry analyst JATO Dynamics, making it the first time an electric vehicle (EV) has achieved this milestone. Electrek reports: The Model Y has dethroned the Toyota Corolla as the world's best-selling car in Q1 and looks like it may well maintain this position for the full year. JATO Dynamics analyst Felipe Munoz compiled the data for Motor1, showing that the Model Y had 267,200 sales in Q1, according to data from 53 markets and projections/estimates for the rest of the world. This put it ahead of the Corolla at 256,400 sales for the same period and significantly ahead of the other top-five cars, the Hilux, RAV4, and Camry, all from Toyota.

While we don't know if this placing will continue for the rest of the year, Model Y sales have been continually growing, whereas Corolla sales are trending slightly downward. One model is new and based on new technology, and the other is an old standard -- though the current iteration of both models came out in a similar time frame, 2018 for the Corolla and 2019 for Model Y. And given Tesla's massive price cuts this year on Model Y, this will surely make the car accessible to more people compared to 2022.

Indeed, Model Y sales are already growing compared to last year. In 2022, Tesla had two of the top ten cars in the world, with Model Y achieving 759k sales. That gives it an average quarterly run rate of 189k, and this year's Q1 number is a significant increase from that. If Model Y continues at this rate or sales continue to grow at all for the rest of this year, it will exit 2023 with over 1 million sales. The only other vehicle in the world to sell 1 million units last year was the Toyota Corolla, at 1.12 million. So it might be close at year's end, but we think it's likely that Model Y will maintain its position. "The achievement is even more impressive given Model Y's pricing and availability," adds Electrek. "While the Model Y does have broad availability in the world's largest markets, the Corolla is available everywhere. And despite recent price cuts, the Model Y at ~$40k (after credits) is still significantly more expensive than a base-model Corolla at $21k."

In other EV news, Ford and Tesla announced a partnership that will allow Ford owners access to more than 12,000 Tesla Superchargers across the U.S. and Canada starting early next year. "And, Ford's next-generation of EVs -- expected by mid-decade -- will include Tesla's charging plug, allowing owners of Ford vehicles to charge at Tesla Superchargers without an adapter, making Ford among the first automakers to explicitly tie into the network," reports CNBC.

The PyPI blog: In March and April 2023, the Python Software Foundation (PSF) received three (3) subpoenas for PyPI user data. All three subpoenas were issued by the United States Department of Justice. The PSF was not provided with context on the legal circumstances surrounding these subpoenas. In total, user data related to five (5) PyPI usernames were requested. The data request was:

"Names (including subscriber names, user names, and screen names);"
"Addresses (including mailing, residential addresses, business addresses, and email addresses);"
"Connection records;"
"Records of session times and durations, and the temporarily assigned network address (such as Internet Protocol addresses) associated with those sessions;"
"Length of service (including start date) and type of services utilized;"
"Telephone or instrument numbers (including the registration Internet Protocol address);"
"Means and source of payment of any such services (including any credit card or bank account number) and billing records;"
"Records of all Python Package Index (PyPI) packages uploaded by..." given usernames
"IP download logs of any Python Package Index (PyPI) packages uploaded by..." given usernames

The privacy of PyPI users is of utmost concern to PSF and the PyPI Administrators, and we are committed to protecting user data from disclosure whenever possible. In this case, however, PSF determined with the advice of counsel that our only course of action was to provide the requested data. I, as Director of Infrastructure of the Python Software Foundation, fulfilled the requests in consultation with PSF's counsel.

We have waited for the string of subpoenas to subside, though we were committed from the beginning to write and publish this post as a matter of transparency, and as allowed by the lack of a non-disclosure order associated with the subpoenas received in March and April 2023.

Facebook owner Meta was hit by a record $1.3 billion European Union privacy fine and given a deadline to stop shipping users' data to the US after regulators said it failed to protect personal information from the prying eyes of American security services. Bloomberg News: The social network giant's continued data transfers to the US didn't address "the risks to the fundamental rights and freedoms" of people whose data was being transfered across the Atlantic, according to a decision by the Irish Data Protection Commission announced on Monday. On top of the fine, which eclipses a $806 million EU privacy penalty previously doled out to Amazon, Meta was given five months to "suspend any future transfer of personal data to the US" and six months to stop "the unlawful processing, including storage, in the US" of transferred personal EU data. A data-transfers ban for Meta was widely expected and once prompted the US firm to threaten a total withdrawal from the EU. But its impact has now been muted by the transition phase given in the decision and the prospect of a new EU-US data flows agreement that could already be operational by the middle of this year.

"Multiple lines of Android devices came with preinstalled malware," reports Ars Technica, "that couldn't be removed without users taking heroic measures."

Their article cites two reports released Thursday — one from Trend Micro and one from TechCrunch: Trend Micro researchers following up on a presentation delivered at the Black Hat security conference in Singapore reported that as many as 8.9 million phones comprising as many as 50 different brands were infected with malware... ["It's highly likely that more devices have been preinfected," the report clarified, "but have not exchanged communication with the Command & Control server, have not been used or activated by the threat actor, or have yet to be distributed to the targeted country or market... The threat actor has spread this malware over the last five years. "]

"Guerrilla" opens a backdoor that causes infected devices to regularly communicate with a remote command-and-control server to check if there are any new malicious updates for them to install. These malicious updates collect data about the users that the threat actor, which Trend Micro calls the Lemon Group, can sell to advertisers. Guerrilla then surreptitiously installs aggressive ad platforms that can deplete battery reserves and degrade the user experience... Guerrilla is a massive platform with nearly a dozen plugins that can hijack users' WhatsApp sessions to send unwanted messages, establish a reverse proxy from an infected phone to use the network resources of the affected mobile device, and inject ads into legitimate apps...

TechCrunch detailed several lines of Android-based TV boxes sold through Amazon that are laced with malware. The TV boxes, reported to be T95 models with an h616, report to a command-and-control server that, just like the Guerrilla servers, can install any application the malware creators want. The default malware preinstalled on the boxes is known as a clickbot. It generates advertising revenue by surreptitiously tapping on ads in the background...

Android devices that come with malware straight out of the factory box are, unfortunately, nothing new. Ars has reported on such incidents at least five times in recent years (here, here, here, here, and here). All the affected models were in the budget tier.

People in the market for an Android phone should steer toward known brands like Samsung, Asus, or OnePlus, which generally have much more reliable quality assurance controls on their inventory. To date, there have never been reports of higher-end Android devices coming with malware preinstalled. There are similarly no such reports for iPhones.