Neil Irwin reports via Axios: The dearth of productivity growth over the last couple of decades has held back incomes in the U.S. and other rich countries, according to a report out Wednesday from the McKinsey Global Institute, the research arm of the global consultancy. Productivity growth has been weak in the U.S. and Western Europe since the 2008 global financial crisis, but things looked better among many emerging markets. The McKinsey report finds that global labor productivity growth was 2.3% a year from 1997 to 2022, a rapid rate that has increased incomes and quality of life in large parts of the world. China and India account for the largest portion of that surge -- half of overall global productivity improvement, with other emerging markets accounting for another 25%, led by Central and Eastern Europe and emerging Asian economies.

In the U.S., the report finds that the decline in capital investment following the 2008 financial crisis has resulted in a $4,500 lower per-capita GDP in 2022 than it would have if pre-crisis trends had continued. Rapid advances in manufacturing technology, especially for electronics, petered out in the same time period, subtracting another $5,000 from per-capita GDP. "Digitization was much discussed as the main candidate to rev up productivity again, but its impact failed to spread beyond" the tech sector, the authors write. The authors are optimistic that a confluence of factors will make the years ahead different.

The rise in global interest rates and inflation are evidence of stronger global demand. Many countries are experiencing labor shortages that may incentivize more productivity-enhancing investment. And artificial intelligence and related technologies create big opportunities. "Inflationary pressure and rising interest rates could be signs that we are leaving behind secular stagnation and entering an era of higher demand and investment," the report finds. "In corporate boardrooms around the world right now, there's a tremendous amount of conversation associated with [generative] AI, and I think there's a broad acknowledgment that this could very much transform productivity at the company level," Olivia White, a McKinsey senior partner and co-author of the report, tells Axios. "Another thing that's happening right now is the conversation about labor. Labor markets in all advanced economies, and the U.S. is really sort of top of the heap, are very, very tight right now. So there's a lot of conversation around what do we do to make the people that we have as productive as they can be?"

Poland has fined Amazon close to $8 million for misleading consumers about the conclusion of sales contracts on its online marketplace. The sanction "also calls out the e-commerce giant for deceptive design elements which may inject a false sense of urgency into the purchasing process and mislead shoppers about elements like product availability and delivery dates," reports TechCrunch. From the report: The country's consumer and competition watchdog, the UOKiK, has been looking into complaints about Amazon's sales practices since September 2021, following complaints from shoppers, including some who did not receive their purchases. The authority opened a formal investigation into Amazon's practices in February 2023. Wednesday's sanction is the conclusion of that probe. The UOKiK found consumers who ordered products on Amazon could have their purchases subsequently cancelled by the tech giant as it does not treat the moment of purchase as the conclusion of a sales contract, despite sending consumers confirmation of their order -- even after consumers have paid for the product. For Amazon, the conclusion of a sales contract only occurs once it has sent information about the actual shipment. [...]

Its enforcement also calls out Amazon for using deceptive design to encourage shoppers to click buy by presenting misleading information about product availability and delivery windows -- such as by listing how many items were in stock to be purchased and providing a countdown clock to order an item in order to get it on a particular delivery date. Its investigation found Amazon does not always meet these deadlines for orders, nor ship products immediately as they may be out of stock despite claims to the contrary shown to consumers. "Amazon treats the data it provides on availability and shipping date as indicative but the way it is presented does not indicate this," the UOKiK noted, adding: "Consumers can only find out about this in the terms of sale on the platform."

While Amazon does offer a delivery guarantee -- offering a refund if items do not ship within the stated time -- the authority found it failed to provide consumers with information about the rules of this service before placing an order. It only offers details at the order summary stage. And then only "if the consumer decides to read the subsequent links specifying delivery details." Shoppers who did not follow the link to read more may not have been aware of their right to apply for and receive a refund from Amazon if there is a delay in shipment. It also found the e-commerce giant failed to provide information about the "Delivery Guarantee" in the purchase confirmation sent to shoppers. Amazon said it will appeal the fine. The company also writes: "Fast and reliable delivery across a wide selection of products is a top priority for us, and Amazon.pl has millions of items available with fast and free Prime delivery. Since launching Amazon.pl in 2021, we have continuously invested and worked hard to provide customers with a clear, reliable delivery promise at check out, and while the vast majority of our deliveries arrive on time, customers can contact us in the rare event that they experience a delay or order cancellation, and we will make it right.

Over the last year, we have collaborated with the Office of Competition and Consumer Protection (UOKiK), and proposed multiple voluntary amendments to continue to improve the customer experience on Amazon.pl. We strictly follow legal standards in all countries where we operate and we strongly disagree with the assessment and penalty issued by the UOKiK. We will appeal this decision."

The U.S. State Department has offered up to $10 million for information on the "Blackcat" ransomware gang who hit the UnitedHealth Group's tech unit and snarled insurance payments across America. From a report: "The ALPHV Blackcat ransomware-as-a-service group compromised computer networks of critical infrastructure sectors in the United States and worldwide," the department said in a statement announcing the reward offer.

UnitedHealth said last week it was beginning to clear a medical claims backlog of more than $14 billion as it brought its services back online following the cyberattack, which caused wide-ranging disruption starting in late February. UnitedHealth's tech unit, Change Healthcare, plays a critical role in processing payments from insurance companies to practitioners, and the outage caused by the cyberattack has in some cases left patients and doctors out of pocket. The toll on the community health centers that serve more than 30 million poor and uninsured patients has been especially harsh.

The amount of hydropower generated in the Western US last year was the lowest it's been in more than two decades -- and 2024 isn't looking much better. From a report: Hydropower generation in the region fell by 11 percent during the 2022-2023 water year compared to the year prior, according to preliminary data from the Energy Information Administration's Electricity Data Browser -- its lowest point since 2001. That includes states west of the Dakotas and Texas, where 60 percent of the nation's hydropower was generated. These also happen to be the states -- including California, Nevada, Arizona, and New Mexico -- that climate change is increasingly sucking dry. And in a reversal of fortunes, typically wetter states in the Northeast -- normally powerhouses for hydropower generation -- were the hardest hit. You can blame extreme heat and drought for the drop in hydropower last year. This creates a vicious cycle: drought reduces the amount of clean energy available from hydroelectric dams. To avoid energy shortfalls, utilities wind up relying on fossil fuels to make up the difference. That leads to more of the greenhouse gas emissions causing climate change, which makes droughts worse.

A British court has ruled that Julian Assange can't be extradited to the United States on espionage charges unless U.S. authorities guarantee he won't get the death penalty, giving the WikiLeaks founder a partial victory in his long legal battle over the site's publication of classified American documents. From a report: Two High Court judges said they would grant Assange a new appeal unless U.S. authorities give further assurances within three weeks about what will happen to him. The ruling means the legal saga, which has dragged on for more than a decade, will continue -- and Assange will remain inside London's high-security Belmarsh Prison, where he has spent the last five years. Judges Victoria Sharp and Jeremy Johnson said the U.S. must guarantee that Assange, who is Australian, "is afforded the same First Amendment protections as a United States citizen, and that the death penalty is not imposed."

Two of the world's largest credit card networks, Visa and Mastercard, as well as the banks that issue cards with them, have agreed to settle a decadeslong antitrust case brought upon by merchants. From a report: The settlement is set to lower swipe fees merchants pay when customers make purchases using their Visa or Mastercard by $30 billion over five years, according to a press release announcing the settlement Tuesday morning. The settlement, which only applies to US merchants, is the result of a lawsuit filed in 2005. However, nothing is considered finalized until it receives approval from the US District Court for the Eastern District of New York. Even then, the case can also be appealed in what could be a lengthy battle.

Typically, swipe fees cost merchants 2% of the total transaction a customer makes -- but can be as much as 4% for some premium rewards cards, according to the National Retail Federation. The settlement would lower those fees by at least 0.04 percentage point for a minimum of three years. Additionally, the settlement would require Visa and Mastercard to maintain the swipe fee rates that existed as of December 31, 2023 for five years.

An anonymous reader quotes a report from The Register: It's sanctions central at the US Treasury this week as a further 15 are slapped on organizations and individuals in Russia. The Treasury's Office of Foreign Assets Control (OFAC) designated 13 organizations and two individuals -- all concerning financial services organizations, including cryptocurrency exchanges that offered services to already-sanctioned dark web marketplaces in Russia, and those who helped run them. Five of the 13 freshly designated entities were also controlled by individuals who were already sanctioned. The latest round of trade restrictions were placed on those who are believed to have helped evade existing US sanctions.

"Many of the individuals and entities designated today facilitated transactions or offered other services that helped OFAC-designated entities evade sanctions," an OFAC statement read. "These designations build upon OFAC's February 23, 2024 action to target companies servicing Russia's core financial infrastructure and curtail Russia's use of the international financial system to further its war against Ukraine." They follow the initial seven sanctions announced on Monday, all relating to Chinese nationals and members of Beijing's APT31 offensive cyber outfit.

BrianFagioli shares a report from BetaNews: Canonical, the company behind the popular Ubuntu operating system, has announced a significant extension to the support lifecycle of its long-term support (LTS) releases. The new paid Legacy Support add-on for Ubuntu Pro subscribers will now provide security maintenance and support for an impressive 12 years, extending the previous 10-year commitment. This enhancement is available starting with Ubuntu 14.04 LTS and will benefit both enterprises and individual users who rely on the stability and security of Ubuntu for their critical systems. By default, Ubuntu LTS releases receive five years of standard security maintenance. However, with Ubuntu Pro, this is expanded to 10 years for both the main and universe repositories, offering access to a broader range of secure open-source software.

The Legacy Support add-on further extends this period by an additional two years, ensuring that organizations can maintain their systems with the latest security patches and support services without the immediate need to upgrade to a newer OS version. This is particularly beneficial for large, established production systems where transitioning to a new OS can be a complex and risky endeavor due to the potential need to update the entire software stack. The extended support includes continuous vulnerability management for critical, high, and medium Common Vulnerabilities and Exposures (CVEs) across all software packages shipped with Ubuntu. Canonical's security team actively backports crucial fixes to all supported Ubuntu LTS releases, providing peace of mind to users and enterprises. In addition to security maintenance, the Legacy Support add-on also offers phone and ticket support, enhancing Canonical's commitment to assisting customers with troubleshooting, break fixes, bug fixes, and guidance.

Earlier today, the U.S. and U.K. accused hackers linked to the Chinese state of being behind "malicious" cyber campaigns targeting political figures. The U.K. government also blamed China for a 2021 cyberattack that compromised the personal information of millions of U.K. voters. In response, PBS reports that the U.S. and British government announced sanctions against a company and two people linked to the Chinese government. From the report: Officials said those sanctioned are responsible for a hack that may have gained access to information on tens of millions of U.K. voters held by the Electoral Commission, as well as for cyberespionage targeting lawmakers who have been outspoken about the China threat. The Foreign Office said the hack of the election registers "has not had an impact on electoral processes, has not affected the rights or access to the democratic process of any individual, nor has it affected electoral registration." The Electoral Commission said in August that it identified a breach of its system in October 2022, though it added that "hostile actors" had first been able to access its servers since 2021. At the time, the watchdog said the data included the names and addresses of registered voters. But it said that much of the information was already in the public domain.

In Washington, the Treasury Department said it sanctioned Wuhan Xiaoruizhi Science and Technology Company Ltd., which it calls a Chinese Ministry of State Security front company that has "served as cover for multiple malicious cyberoperations." It named two Chinese nationals, Zhao Guangzong and Ni Gaobin, affiliated with the Wuhan company, for cyberoperations that targeted U.S. critical infrastructure sectors, "directly endangering U.S. national security." Separately, British cybersecurity officials said that Chinese government-affiliated hackers "conducted reconnaissance activity" against British parliamentarians who are critical of Beijing in 2021. They said no parliamentary accounts were successfully compromised.

Three lawmakers, including former Conservative Party leader Iain Duncan Smith, told reporters Monday they have been "subjected to harassment, impersonation and attempted hacking from China for some time." Duncan Smith said in one example, hackers impersonating him used fake email addresses to write to his contacts. The politicians are members of the Inter-Parliamentary Alliance on China, an international pressure group focused on countering Beijing's growing influence and calling out alleged rights abuses by the Chinese government.

The U.K. government has blamed China for a 2021 cyberattack that compromised the personal information of millions of U.K. voters. From a report: In a statement to lawmakers in Parliament on Monday, U.K. deputy prime minister Oliver Dowden attributed the 2021 data breach at the Electoral Commission to hackers working for the Chinese government. Dowden told lawmakers that the U.K. government "will not hesitate to take swift and robust actions wherever the Chinese government threatens the United Kingdom's interests."

It's the first time the United Kingdom has attributed the breach since the cyberattack was first disclosed in 2023. The Electoral Commission, which maintains copies of the U.K. register of citizens eligible to vote, said at the time hackers took the names and addresses of an estimated 40 million U.K. citizens, including those who were registered to vote between 2014 and 2022 and overseas voters. The data breach began as early as 2021 but wasn't detected until a year later. In a statement Monday, the U.K. National Cyber Security Centre (NCSC) said it is "highly likely" that the Chinese hackers accessed and exfiltrated emails and data from the electoral register during the hack.

Boeing announced a major leadership overhaul Monday, with CEO Dave Calhoun set to step down at the end of 2024 amid mounting pressure from airlines and regulators over quality and manufacturing issues. Chairman Larry Kellner will also resign and depart the board at Boeing's annual meeting in May, the company said. He will be replaced as chair by Steve Mollenkopf, a Boeing director since 2020. Stan Deal, president and CEO of Boeing Commercial Airplanes, is leaving the company effective immediately. Stephanie Pope, who recently became Boeing's Chief Operating Officer after leading Boeing Global Services, will take over Deal's role.

The shakeup comes as the aerospace giant faces increasing scrutiny following a series of production flaws and a recent incident involving a nearly new Boeing 737 Max 9, where a door plug blew out minutes into an Alaska Airlines flight on Jan. 5. Airlines and regulators have been calling for significant changes at Boeing to address these issues and restore confidence in the company's products. The leadership changes appear to be a response to these growing concerns.

An excerpt from a letter the CEO wrote to employees, also on Monday: As you all know, the Alaska Airlines Flight 1282 accident was a watershed moment for Boeing. We must continue to respond to this accident with humility and complete transparency. We also must inculcate a total commitment to safety and quality at every level of our company.

The eyes of the world are on us, and I know we will come through this moment a better company, building on all the learnings we accumulated as we worked together to rebuild Boeing over the last number of years.

The Los Angeles Times checks in on America's largest dam-removal project, which they say is now "revealing a stark landscape that had been underwater for generations."

"A thick layer of muddy sediment covers the sloping ground, where workers have been scattering seeds and leaving meandering trails of footprints. In the cracked mud, seeds are sprouting and tiny green shoots are appearing." With water passing freely through tunnels in three dams, the Klamath River has returned to its ancient channel and is flowing unhindered for the first time in more than a century through miles of waterlogged lands. Using explosives and machinery, crews began blasting and tearing into the concrete of one of the three dams earlier this month... The emptying of the reservoirs, which began in January, is estimated to have released as much as 2.3 million tons of sediment into the river, abruptly worsening its water quality and killing nonnative perch, bluegill and bass that had been introduced in the reservoirs for fishing. Downstream from the dams, the river's banks are littered with dead fish. But tribal leaders, biologists and environmentalists say that this was part of the plan, and that the river will soon be hospitable for salmon to once again swim upstream to spawn... [The dams] blocked salmon from reaching vital habitat and degraded the river's water quality, contributing to toxic algae blooms in the reservoirs and disease outbreaks that killed fish...

Workers have been drilling holes in the top of the Copco No. 1 Dam, placing dynamite and setting off blasts, then using machinery to chip away fractured concrete. The dam, which has been in place since 1918, is scheduled to be fully removed by the end of August. The smaller Copco No. 2 Dam was torn down last year as the project began. Two earthen dams, the Iron Gate and the John C. Boyle, remain to be dismantled starting in May. If the project goes as planned, the three dams will be gone sometime this fall, reestablishing a free-flowing stretch of river and enabling Chinook and coho salmon to swim upstream and spawn along about 400 miles of the Klamath and its tributaries. Meanwhile, teams of scientists and workers are focusing on restoring the landscape and natural vegetation on about 2,200 acres of denuded reservoir-bottom lands...

River restoration advocates are optimistic. They say undamming the Klamath will demonstrate the potential for restoring free-flowing rivers elsewhere in California, and point to initial plans to remove two dams on the Eel River as another promising opportunity.

The Baffler says a new publishing house launched earlier this month "brings Silicon Valley-style startup disruption to the business of books."

Authors Equity has "a tiny core staff, offloading its labor to a network of freelancers," and like a handful of other publishers "is upending the way that authors get paid, eschewing advances and offering a higher percentage of profits instead." It is worth watching because its team includes several of the most important publishing people of the twenty-first century. And if it works, it will offer a model for tightening the connection between book culture and capitalism, a leap forward for the forces of efficiency and the fantasies of frictionless markets, ushering in a world where literature succeeds if and only if it sells....

Authors Equity's website presents its vision in strikingly neoliberal corporatespeak. The company has four Core Principles: Aligned Incentives; Bespoke Teams; Flexibility and Transparency; and Long-Term Collaboration. What do they mean by these MBA keywords? Aligned Incentives is explained in the language of human capital: "Our profit-share model rewards authors who want to bet on themselves." Authors, that is, take on more of the financial risk of publication. At a traditional publishing house, advances provide authors with guaranteed cash early in the process that they can use to live off while writing. With Authors Equity, nothing is guaranteed and nothing given ahead of time; an author's pay depends on their book's profits.

In an added twist, "Profit participation is also an option for key members of the book team, so we're in a position to win together." Typically, only an author's agent's income is directly tied to an author's financial success, but at Authors Equity, others could have a stake. This has huge consequences for the logic of literary production. If an editor, for example, receives a salary and not a cut of their books' profits, their incentives are less immediately about profit, offering more wiggle room for aesthetic value. The more the people working on books participate in their profits, the more, structurally, profit-seeking will shape what books look like.

"Bespoke Teams" is a euphemism for gigification. With a tiny initial staff of six, Authors Equity uses freelance workers to make books, unlike traditional publishers, which have many employees in many departments... Their fourth Core Principle — Long-Term Collaboration — addresses widespread frustration with a systemic problem in traditional publishing: the fetishization of debut authors who receive decent or better advances, fail to earn out, and then struggle to have a career. It's a real problem and one where authors' interests and capitalist rationalization are, as it were, aligned. Authors Equity sees that everyone might profit when an author can build a readership and develop their skill.
The article concludes with this prediction. "It's not impossible that we'll look back in twenty years and see its founding as auguring the beginning of the startup age in publishing."

Food for thought... Pulp-fiction mystery writer Mickey Spillane once said, "I'm a writer, not an author. The difference is, a writer makes money."

"If you've ever jokingly wondered if your search or viewing history is going to 'put you on some kind of list,' your concern may be more than warranted," writes Mashable : In now unsealed court documents reviewed by Forbes, Google was ordered to hand over the names, addresses, telephone numbers, and user activity of Youtube accounts and IP addresses that watched select YouTube videos, part of a larger criminal investigation by federal investigators.

The videos were sent by undercover police to a suspected cryptocurrency launderer... In conversations with the bitcoin trader, investigators sent links to public YouTube tutorials on mapping via drones and augmented reality software, Forbes details. The videos were watched more than 30,000 times, presumably by thousands of users unrelated to the case. YouTube's parent company Google was ordered by federal investigators to quietly hand over all such viewer data for the period of Jan. 1 to Jan. 8, 2023...
"According to documents viewed by Forbes, a court granted the government's request for the information," writes PC Magazine, adding that Google was asked "to not publicize the request." The requests are raising alarms for privacy experts who say the requests are unconstitutional and are "transforming search warrants into digital dragnets" by potentially targeting individuals who are not associated with a crime based simply on what they may have watched online.
That quote came from Albert Fox-Cahn, executive director at the Surveillance Technology Oversight Project, who elaborates in Forbes' article. "No one should fear a knock at the door from police simply because of what the YouTube algorithm serves up. I'm horrified that the courts are allowing this."

Thanks to long-time Slashdot reader schwit1 for sharing the article.

Long-time Slashdot reader HanzoSpam shared an announcement from the University of California San Diego.

The school's researchers teamed with materials-science company Algenesis to show "that their plant-based polymers biodegrade — even at the microplastic level — in under seven months." "We're trying to find replacements for materials that already exist, and make sure these replacements will biodegrade at the end of their useful life instead of collecting in the environment," stated Professor of Chemistry and Biochemistry Michael Burkart, one of the paper's authors and an Algenesis co-founder. "That's not easy."

"When we first created these algae-based polymers about six years ago, our intention was always that it be completely biodegradable," said another of the paper's authors, Robert Pomeroy, who is also a professor of chemistry and biochemistry and an Algenesis co-founder. "We had plenty of data to suggest that our material was disappearing in the compost, but this is the first time we've measured it at the microparticle level...."

"This material is the first plastic demonstrated to not create microplastics as we use it," said Stephen Mayfield, a paper coauthor, School of Biological Sciences professor and co-founder of Algenesis. "This is more than just a sustainable solution for the end-of-product life cycle and our crowded landfills. This is actually plastic that is not going to make us sick."

Creating an eco-friendly alternative to petroleum-based plastics is only one part of the long road to viability. The ongoing challenge is to be able to use the new material on pre-existing manufacturing equipment that was originally built for traditional plastic, and here Algenesis is making progress. They have partnered with several companies to make products that use the plant-based polymers developed at UC San Diego, including Trelleborg for use in coated fabrics and RhinoShield for use in the production of cell phone cases.

"When we started this work, we were told it was impossible," stated Burkart. "Now we see a different reality. There's a lot of work to be done, but we want to give people hope. It is possible."

Long-time Slashdot reader theodp writes: Last month there was a special Google-funded edition of Highlights for Children, the 77-year-old magazine targetting children between the ages of 6 and 12. This edition was based on Google's "Be Internet Awesome" curriculum, and 1.25 million copies of the print magazine were distributed to children, schools, and other organizations. It's all part of a new partnership between Google and Highlights.

A Google.org blog post calls out the special issue's Goofus and Gallant cartoon, in which always-does-the-wrong-thing Goofus "promised Kayden he wouldn't share the silly photo, but he shares it anyway", while always-does-the-right-thing Gallant "asks others if it's OK to share their photos"...
theodp's orignal submission linked ironically to Slashdot's earlier story, "Google Hit With Lawsuit Alleging It Stole Data From Millions of Users To Train Its AI Tools."

But even beyond that, it's not always clear what the cartoon is teaching. (In one picture it looks like they're condemning Goofus for not intervening in a flame war between two other people — "Be Kind!")

Still, for me the biggest surprise is that Goofus and Gallant even have laptops. (How old are these kids, that they're already uploading photos of the other children onto the internet?!) Will 6- to 12-year-old children start demanding that their parents buy them their own laptop now — since even Goofus and Gallant already have them?

Slashdot reader christoban writes: In what may be an issue for Sun-obscuring strategies to combat global warming, it turns out that during solar eclipses, low level cumulus clouds rapidly disappear, reducing by a factor of 4, researchers have found. The news comes from the science magazine Eos (published by the nonprofit organization of atmosphere/ocean/space scientists, the American Geophysical Union). Victor J. H. Trees, a geoscientist at Delft University of Technology in the Netherlands, and his colleagues recently analyzed cloud cover data obtained during an annular eclipse in 2005, visible in parts of Europe and Africa. They mined visible and infrared imagery collected by two geostationary satellites operated by the European Organisation for the Exploitation of Meteorological Satellites. Going to space was key, Trees said. "If you really want to quantify how clouds behave and how they react to a solar eclipse, it helps to study a large area. That's why we want to look from space...." [T]hey tracked cloud evolution for several hours leading up to the eclipse, during the eclipse, and for several hours afterward.

Low-level cumulus clouds — which tend to top out at altitudes around 2 kilometers (1.2 miles) — were strongly affected by the degree of solar obscuration. Cloud cover started to decrease when about 15% of the Sun's face was covered, about 30 minutes after the start of the eclipse. The clouds started to return only about 50 minutes after maximum obscuration. And whereas typical cloud cover hovered around 40% in noneclipse conditions, less than 10% of the sky was covered with clouds during maximum obscuration, the team noted. "On a large scale, the cumulus clouds started to disappear," Trees said... The temperature of the ground matters when it comes to cumulus clouds, Trees said, because they are low enough to be significantly affected by whatever is happening on Earth's surface...

Beyond shedding light on the physics of cloud dissipation during solar eclipses, these new findings also have implications for future geoengineering efforts, Trees and his collaborators suggested. Discussions are underway to mitigate the effects of climate change by, for instance, seeding the atmosphere with aerosols or launching solar reflectors into space to prevent some of the Sun's light from reaching Earth. Such geoengineering holds promise for cooling our planet, researchers agree, but its repercussions are largely unexplored and could be widespread and irreversible.

These new results suggest that cloud cover could decrease with geoengineering efforts involving solar obscuration. And because clouds reflect sunlight, the efficacy of any effort might correspondingly decrease, Trees said. That's an effect that needs to be taken into account when considering different options, the researchers concluded.
Another article on the site warns that "Planting Trees May Not Be as Good for the Climate as Previously Believed."

"The climate benefits of trees storing carbon dioxide is partially offset by dark forests' absorption of more heat from the Sun, and compounds they release that slow the destruction of methane in the atmosphere."

Jessica Lyons reports via The Register: Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University. In a paper presented at the 2024 Network and Distributed System Security Symposium, associate professor Jeremy Daily and systems engineering graduate students Jake Jepson and Rik Chatterjee demonstrated how ELDs can be accessed over Bluetooth or Wi-Fi connections to take control of a truck, manipulate data, and spread malware between vehicles. "These findings highlight an urgent need to improve the security posture in ELD systems," the trio wrote [PDF].

The authors did not specify brands or models of ELDs that are vulnerable to the security flaws they highlight in the paper. But they do note there's not too much diversity of products on the market. While there are some 880 devices registered, "only a few tens of distinct ELD models" have hit the road in commercial trucks. A federal mandate requires most heavy-duty trucks to be equipped with ELDs, which track driving hours. These systems also log data on engine operation, vehicle movement and distances driven -- but they aren't required to have tested safety controls built in. And according to the researchers, they can be wirelessly manipulated by another car on the road to, for example, force a truck to pull over.

The academics pointed out three vulnerabilities in ELDs. They used bench level testing systems for the demo, as well as additional testing on a moving 2014 Kenworth T270 Class 6 research truck equipped with a vulnerable ELD. [...] For one of the attacks, the boffins showed how anyone within wireless range could use the device's Wi-Fi and Bluetooth radios to send an arbitrary CAN message that could disrupt of some of the vehicle's systems. A second attack scenario, which also required the attacker to be within wireless range, involved connecting to the device and uploading malicious firmware to manipulate data and vehicle operations. Finally, in what the authors described as the "most concerning" scenario, they uploaded a truck-to-truck worm. The worm uses the compromised device's Wi-Fi capabilities to search for other vulnerable ELDs nearby. After finding the right ELDs, the worm uses default credentials to establish a connection, drops its malicious code on the next ELD, overwrites existing firmware, and then starts the process over again, scanning for additional devices. "Such an attack could lead to widespread disruptions in commercial fleets, with severe safety and operational implications," the researchers warned.

Lindsay Clark reports via The Register: The UK Information Commissioner's Office has received a complaint detailing the mismanagement of personal data at the Nursing and Midwifery Council (NMC), the regulator that oversees worker registration. Employment as a nurse or midwife depends on enrollment with the NMC in the UK. According to whistleblower evidence seen by The Register, the databases on which the personal information is held lack rudimentary technical standards and practices. The NMC said its data was secure with a high level of quality, allowing it to fulfill its regulatory role, although it was on "a journey of improvement." But without basic documentation, or the primary keys or foreign keys common in database management, the Microsoft SQL Server databases -- holding information about 800,000 registered professionals -- are difficult to query and manage, making assurances on governance nearly impossible, the whistleblower told us.

The databases have no version control systems. Important fields for identifying individuals were used inconsistently -- for example, containing junk data, test data, or null data. Although the tech team used workarounds to compensate for the lack of basic technical standards, they were ad hoc and known by only a handful of individuals, creating business continuity risks should they leave the organization, according to the whistleblower. Despite having been warned of the issues of basic technical practice internally, the NMC failed to acknowledge the problems. Only after exhausting other avenues did the whistleblower raise concern externally with the ICO and The Register. The NMC stores sensitive data on behalf of the professionals that it registers, including gender, sexual orientation, gender identity, ethnicity and nationality, disability details, marital status, as well as other personal information.

The whistleblower's complaint claims the NMC falls well short of [the standards required under current UK law for data protection and the EU's General Data Protection Regulation (GDPR)]. The statement alleges that the NMC's "data management and data retrieval practices were completely unacceptable." "There is not even much by way of internal structure of the databases for self-documentation, such as primary keys, foreign keys (with a few honorable exceptions), check constraints and table constraints. Even fields that should not be null are nullable. This is frankly astonishing and not the practice of a mature, professional organization," the statement says. For example, the databases contain a unique ten-digit number (or PRN) to identify individuals registered to the NMC. However, the fields for PRNs sometimes contain individuals' names, start with a letter or other invalid data, or are simply null. The whistleblower's complaint says that the PRN problem, and other database design deficiencies, meant that it was nearly impossible to produce "accurate, correct, business critical reports ... because frankly no one knows where the correct data is to be found." A spokesperson for the NMC said the register was "organized and documented" in the SQL Server database. "For clarity, the register of all our nurses, midwives and nursing practitioners is held within Dynamics 365 which is our system of record. This solution and the data held within it, is secure and well documented. It does not rely on any SQL database. The SQL database referenced by the whistleblower relates to our data warehouse which we are in the process of modernizing as previously shared."

An anonymous reader quotes a report from KrebsOnSecurity: The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep's CEO to admit that he has founded dozens of people-search networks over the years. Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus. Launched in 2018 under the name Firefox Monitor, Mozilla Monitor also checks data from the website Have I Been Pwned? to let users know when their email addresses or password are leaked in data breaches. On March 14, KrebsOnSecurity published a story showing that Onerep's Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search services since 2010, including a still-active data broker called Nuwber that sells background reports on people. Onerep and Shelest did not respond to requests for comment on that story.

But on March 21, Shelest released a lengthy statement wherein he admitted to maintaining an ownership stake in Nuwber, a consumer data broker he founded in 2015 -- around the same time he launched Onerep. Shelest maintained that Nuwber has "zero cross-over or information-sharing with Onerep," and said any other old domains that may be found and associated with his name are no longer being operated by him. "I get it," Shelest wrote. "My affiliation with a people search business may look odd from the outside. In truth, if I hadn't taken that initial path with a deep dive into how people search sites work, Onerep wouldn't have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I'm aiming to do better in the future." The full statement is available here (PDF).

In a statement released today, a spokesperson for Mozilla said it was moving away from Onerep as a service provider in its Monitor Plus product. "Though customer data was never at risk, the outside financial interests and activities of Onerep's CEO do not align with our values," Mozilla wrote. "We're working now to solidify a transition plan that will provide customers with a seamless experience and will continue to put their interests first." KrebsOnSecurity also reported that Shelest's email address was used circa 2010 by an affiliate of Spamit, a Russian-language organization that paid people to aggressively promote websites hawking male enhancement drugs and generic pharmaceuticals. As noted in the March 14 story, this connection was confirmed by research from multiple graduate students at my alma mater George Mason University.

Shelest denied ever being associated with Spamit. "Between 2010 and 2014, we put up some web pages and optimize them -- a widely used SEO practice -- and then ran AdSense banners on them," Shelest said, presumably referring to the dozens of people-search domains KrebsOnSecurity found were connected to his email addresses (dmitrcox@gmail.com and dmitrcox2@gmail.com). "As we progressed and learned more, we saw that a lot of the inquiries coming in were for people." Shelest also acknowledged that Onerep pays to run ads on "on a handful of data broker sites in very specific circumstances." "Our ad is served once someone has manually completed an opt-out form on their own," Shelest wrote. "The goal is to let them know that if they were exposed on that site, there may be others, and bring awareness to there being a more automated opt-out option, such as Onerep."