An anonymous reader quotes a report from TechCrunch: In recent years, tools such as Figma, TLDraw, Apple's Freeform and Arc browser's Easel functionality have tried to sell the idea of using an "infinite canvas" for capturing and sharing ideas. French startup Kosmik is building on that general concept with a knowledge-capturing tool that doesn't require the user to switch between different windows or apps to capture information. Kosmik was founded in 2018 by Paul Rony and Christophe Van Deputte. Prior to that, Rony worked at a video production company as a junior director, and he wanted a single whiteboard-type canvas instead of file and folders where he could put videos, PDFs, websites, notes and drawings. And that's when he started to build Kosmic, Rony told TechCrunch, drawing on a prior background in computing history and philosophy.

"It took us almost three years to make a working product to include baseline features like data encryption, offline-first mode and build a spatial canvas-based UI," Rony explained. "We have built all of this on IPFS, so when two people collaborate everything is peer-to-peer rather than relying on a server-based architecture." Kosmik offers an infinite canvas interface where you can insert text, images, videos, PDFs and links, which can be opened and previewed in a side panel. It also features a built-in browser, saving users from having to switch windows when they need to find a relevant website link. Additionally, the platform sports a PDF reader, which lets the user extract elements such as images and text.

The tool is useful for designers, architects, consultants, and students to build boards of information for different projects. The tool is useful for them as they don't need to open up a bunch of Chrome tabs and put details into a document, which is not a very visual medium for various media types. Some retail investors are using the app to monitor stock prices and consultants are using them for their project boards. Available via the web, Mac, and Windows, Kosmik ships with a basic free tier, though this has a limit of 50MB of files and 5GB of storage with 500 canvas "elements." For more storage and unlimited elements, the company offers a $5.99 monthly subscription, with plans in place to eventually offer a "pay-once" model for those who only want to use the software on a single device.

"The Ministry of Justice is consulting on digitizing and then throwing away about 100 million paper originals of the last wills and testaments of British people dating back more than 150 years in an effort to save 4.5 million pounds a year," reports Robert Booth via The Guardian. Leading historians are calling these plans "sheer vandalism" and "insane." From the report: Ministers believe digitisation will speed up access to the papers, but the proposal has provoked a backlash among historians and archivists who took to X to decry it as "bananas" and "a seriously bad idea." The government is proposing to keep the originals of some wills of "famous people" -- likely including those of Charles Darwin, Charles Dickens and Diana, Princess of Wales -- but others would be destroyed after 25 years and only a digital copy would be kept. It is feared that wills of ordinary people, some of whom may become historically significant in the future, risk being lost.

Wills are considered essential documents, particularly for social historians and genealogists, as they capture what people considered important at the time and reveal unknown family links. The proposal comes amid growing concern at the fragility of digital archives, after a cyber-attack on the British Library left the online catalogue and digitized documents unavailable to users since late October. "We are advocates of digitization but not at the cost of destroying originals," says Natalie Pithers, interim co-chief executive of the Society of Genealogists. "In any digitization projects mistakes get made. We don't know what further information could be gained in the future from the original documents. There could be somebody in there who did something extraordinary."

An anonymous reader shared this report from CNN: "(The rocks) in the box right now are about 1,600 degrees Celsius," Andrew Ponec said, standing next to a thermal battery the size of a small building. That is nearly 3,000 degrees Fahrenheit, "Hotter than the melting point of steel," he explained.

But what makes his box of white-hot rocks so significant is they were not heated by burning tons of coal or gas, but by catching sunlight with the thousands of photovoltaic solar panels that surround his prototype west of Fresno. If successful, Ponec and his start-up Antora Energy could be part of a new, multi-trillion-dollar energy storage sector that simply uses sun or wind to make boxes of rocks hot enough to run the world's biggest factories. "People sometimes feel like they're insulting us by saying, 'Hey, that sounds really simple," Ponec laughed. "And we say, 'No, that's exactly the point'... The problem is you can't shut down your factory when the sun goes behind a cloud or the wind stops blowing, and that's exactly the problem that we focused on."

While the word "battery" most likely evokes the chemical kind found in cars and electronics in 2023, hot rocks currently store ten times as much energy as lithium ion around the world, thanks to an invention from the 1800s known as Cowper stoves. Often found in smelting plants, these massive towers of stacked bricks absorb the wasted heat of a blast furnace until it heats to nearly 3,000 degrees Fahrenheit, and then provides over 100 megawatts of heat energy for about 20 minutes. The process can be repeated 24 times a day for 30 years, and Antora is among the startups experimenting with different kinds of rocks in insulated boxes or molten salt in cylinders to find the most efficient combination...

Antora has managed to raise $80 million in seed money from investors that include Bill Gates, but their main competitor is another Bay Area startup called Rondo that uses abundant refractory brick, which is cheaper than carbon by weight but not as energy dense. Rondo has attracted even more funding than Antora and its first battery is producing commercial power for an ethanol plant in California... Tesla recently predicted a carbon-free world will need an astonishing 240 terawatt-hours of energy storage — more than 340 times the amount of storage built with lithium-ion batteries in 2022. Rondo CEO John O'Donnell predicts more than half of all that new capacity will come in the form of heat batteries, simply because the raw ingredients are so readily available.

By plugging their factories into as many thermal batteries as they need, manufacturers won't have to wait in a years-long line for grid connections and upgrades.
Ponec tells CNN that when it comes to de-carbonizing today, "we have the tools we need. We just need to deploy them.

"The transition is inevitable. It's going to happen. And if you talk behind closed doors to most of the people in the fossil fuel industry, they'll say the same thing."

Intel launched its Intel Core Ultra processors for AI-powered PCs at its AI Everywhere event today. From a report: The big chip maker said these processors spearhead a new era in computing, offering unparalleled power efficiency, superior compute and graphics performance, and an unprecedented AI PC experience to mobile platforms and edge devices. Available immediately, these processors will be used in over 230 AI PCs coming from renowned partners like Acer, ASUS, Dell, Gigabyte, and more.

The Intel Core Ultra processors represent an architectural shift for Intel, marking its largest design change in 40 years. These processors harness the Intel 4 process technology and Foveros 3D advanced packaging, leveraging leading-edge processes for optimal performance and capabilities. The processors boast a performance-core (P-core) architecture enhancing instructions per cycle (IPC). Efficient-cores (E-cores) and low-power Efficient-cores (LP E-cores). They deliver up to 11% more compute power compared to competitors, ensuring superior CPU performance for ultrathin PCs.

Features of Intel Core Ultra
Intel Arc GPU: Featuring up to eight Xe-cores, this GPU incorporates AI-based Xe Super Sampling, offering double the graphics performance compared to prior generations. It includes support for modern graphics features like ray tracing, mesh shading, AV1 encode and decode, HDMI 2.1, and DisplayPort 2.1 20G.
AI Boost NPU: Intel's latest NPU, Intel AI Boost, focuses on low-power, long-running AI tasks, augmenting AI processing on the CPU and GPU, offering 2.5x better power efficiency compared to its predecessors.
Advanced Performance Capabilities: With up to 16 cores, 22 threads, and Intel Thread Director for optimized workload scheduling, these processors boast a maximum turbo frequency of 5.1 GHz and support for up to 96 GB DDR5 memory capacity.
Cutting-edge Connectivity: Integrated Intel Wi-Fi 6E and support for discrete Intel Wi-Fi 7 deliver blazing wireless speeds, while Thunderbolt 4 ensures connectivity to multiple 4K monitors and fast storage with speeds of 40 Gbps.
Enhanced AI Performance: OpenVINO toolkits, ONNX, and ONNX Runtime offer streamlined workflow, automatic device detection, and enhanced AI performance.

A jury in San Francisco unanimously found (PDF) that Google violated California and federal antitrust laws through deals that stifled competition for its mobile app store. "The verdict delivers the first significant US courtroom loss for big tech in the years-long campaign by rivals, regulators, and prosecutors to tame the power of internet gatekeepers," reports Wired. From the report: The lawsuit next moves to a remedies phase, meaning a judge as soon as the coming weeks will hear arguments about and decide whether to order changes to Google's business practices. Users of devices powered by Google's Android operating system could find more app options to choose from, at lower prices, if Google is forced to allow downloads of rival app stores from Play or share a greater portion of sales with developers selling digital items inside their apps.

The ruling came in a case first filed in 2020 by Epic Games, known for its blockbuster game Fortnite and tools for developers, and argued before a jury since early November. The jury of nine -- a 10th juror dropped out early in the trial -- deliberated for three hours before reaching its verdict. They faced 11 questions such as defining product and geographic markets and whether Google engaged in anticompetitive conduct in those areas. Epic had accused Google of restricting smartphone makers, wireless carriers, and app developers from providing any competition to the Play store, which accounts for over 95 percent of all downloads onto Android phones in the US. Google had denied any wrongdoing, saying that its sole aim was to provide a safe and attractive experience to users, especially as it faced competition from Apple, its iPhone, and its App Store.

An anonymous reader quotes a report from TechCrunch: Kentucky-based nonprofit healthcare system Norton Healthcare has confirmed that hackers accessed the personal data of millions of patients and employees during an earlier ransomware attack. Norton operates more than 40 clinics and hospitals in and around Louisville, Kentucky, and is the city's third-largest private employer. The organization has more than 20,000 employees, and more than 3,000 total providers on its medical staff, according to its website. In a filing with Maine's attorney general on Friday, Norton said that the sensitive data of approximately 2.5 million patients, as well as employees and their dependents, was accessed during its May ransomware attack.

In a letter sent to those affected, the nonprofit said that hackers had access to "certain network storage devices between May 7 and May 9," but did not access Norton Healthcare's medical record system or Norton MyChart, its electronic medical record system. But Norton admitted that following a "time-consuming" internal investigation, which the organization completed in November, Norton found that hackers accessed a "wide range of sensitive information," including names, dates of birth, Social Security numbers, health and insurance information and medical identification numbers. Norton Healthcare says that, for some individuals, the exposed data may have also included financial account numbers, driver licenses or other government ID numbers, as well as digital signatures. It's not known if any of the accessed data was encrypted.

Norton says it notified law enforcement about the attack and confirmed it did not pay any ransom payment. The organization did not name the hackers responsible for the cyberattack, but the incident was claimed by the notorious ALPHV/BlackCat ransomware gang in May, according to data breach news site DataBreaches.net, which reported that the group claimed it exfiltrated almost five terabytes of data. TechCrunch could not confirm this, as the ALPHV website was inaccessible at the time of writing.

Google Drive recently lost user files, with some reporting missing documents since May 2023. Google said this month that it has posted a fix, but its description of a "syncing issue" doesn't seem to capture the problem based on user reports of web files disappearing, ArsTechnica notes.

The company hasn't fully explained the cause or its recovery solution, which involves desktop app options and command line file recovery, the report asserts. This opaque handling, along with Google shutting down the Drive user forum that allowed people to share fixes, adds to perception that the company prioritizes PR over assisting users, the report adds.

An anonymous reader quotes a report from The Guardian: Sellafield, Europe's most hazardous nuclear site, has a worsening leak from a huge silo of radioactive waste that could pose a risk to the public, the Guardian can reveal. Concerns over safety at the crumbling building, as well as cracks in a reservoir of toxic sludge known as B30, have caused diplomatic tensions with countries including the US, Norway and Ireland, which fear Sellafield has failed to get a grip of the problems. The leak of radioactive liquid from one of the "highest nuclear hazards in the UK" -- a decaying building at the vast Cumbrian site known as the Magnox swarf storage Silo (MSSS) -- is likely to continue to 2050. That could have "potentially significant consequences" if it gathers pace, risking contaminating groundwater, according to an official document. Cracks have also developed in the concrete and asphalt skin covering the huge pond containing decades of nuclear sludge, part of a catalogue of safety problems at the site. These concerns have emerged in Nuclear Leaks, a year-long Guardian investigation into problems spanning cyber hacking, radioactive contamination and toxic workplace culture at the vast nuclear dump. "We are proud of our safety record at Sellafield and we are always striving to improve," said a Sellafield spokesperson in a statement. "The nature of our site means that until we complete our mission, our highest hazard facilities will always pose a risk. We continuously measure and report on nuclear, radiological, and conventional safety. Employees are empowered to raise issues and challenge when things aren't right."

According to China Daily, China has become the world's first nation to deploy a commercial data center underwater. Interesting Engineering reports: China's attempts to set up a commercial data center underwater are the result of a public-private enterprise involving the China Offshore Oil Engineering Co., the country's largest Engineering, Procurement, Construction, and Installation (EPCI) company in the country, and Highlander, a private data center company. Although details of the computing hardware have not been shared, Highlander has claimed that each of its underwater modules is capable of processing over four million high-definition (HD) images in just 30 seconds.

The computing hardware is packed inside a watertight storage module and together weighs 1,300 tons. The module is being submerged about 115 feet (35 m) under the water, a process that takes about three hours. Although work on installing the first module has begun, Highlander has ambitious plans to install 100 such modules at the site and build a capacity of nearly six million computers working at a time. Such a staggering number of computers will also generate a lot of heat which will be naturally cooled by the surrounding sea water. This alone is expected to save 122 million kilowatt-hours of electricity that would have otherwise been spent on cooling if the facility were located on land.

Additionally, the facility, which is expected to be in place by 2025, will also save 732,000 square feet (68,000 square meters) of terrestrial land that can be used for other purposes and 105,000 tons of fresh water, which would be used for cooling efforts. The modules have been built to last 25 years, but a lot remains unknown about how the construction will be impacted by corrosive seawater and underwater ecosystems. Highlander's experience in setting these centers up is fairly limited to the tests it carried out in January of 2021 in the Guangdong port of Zhuhai.

You probably keep a backup of important personal files, photos, and videos on a flash drive or external hard drive. In the not-too-distant future, you might store that data in DNA instead. French company Biomemory wants to bring personal DNA-based data storage to the public. From a report: Today, the company announced the availability of wallet-sized cards that store one kilobyte of text data each -- the equivalent of a short email -- using DNA as the storage medium. At $1,000 for two identical cards, the price isn't exactly comparable to a memory stick. At least not yet. Erfane Arwani, CEO of Biomemory, sees his firm's offering as an experiment of sorts. "We wanted to demonstrate that our process is ready to be shown to the world," he says.

[...] One major benefit of DNA is that it is a far denser storage medium than current electronics. The Wyss Institute at Harvard estimates that a single gram of DNA can hold around 36 million copies of the Avengers: Endgame movie. It's also stable over time and requires less energy than the solid state drives and hard disk drives used in today's data centers. Once information is encoded into DNA, it doesn't require energy use until it's retrieved using a DNA sequencer. Biomemory is promising a minimum lifespan of 150 years -- a lot longer than current digital data storage methods. Hard disk drives last about five years, while flash drives last for around 10 years.

Slashdot reader XXongo writes: Nuclear power plants have historically been built at gigawatt scale. Recently, however, there has been a new dawn seeing multiple projects to build Small Modular Reactors ("SMRs"), both funded by billionaires and by the U.S. Department of Energy.

Recently one of the players farthest ahead in the development, NuScale Power, canceled their headline project, but many other projects continue. In a lengthy analysis, Michael Barnard thinks that's crazy, and attributes the drive toward small reactors to "a tangled web that includes Bill Gates, Silicon Valley, desperate coal towns, desperate nuclear towns, the inability of the USA to build big infrastructure, the U.S. Department of Energy's budget, magical thinking and more." Due to thermal inefficiencies, small reactors are more expensive per unit of power generated, he points out, and the SMR projects ignore most of the field's history's lessons about both the scale of reactors for commercial success and the conditions needed for success.

They are relying on Wright's Law, that each doubling of the number of manufactured items in production manufacturing would bring cost per item down by 20% to 27%, but Barnard points out that the number of reactors needed to achieve enough economy of scale in production to make the reactors make economic sense is unrealistically optimistic. He concludes that only government programs can meet the conditions for successful deployment of nuclear power.
At one point Barnard characters SMRs as "a bunch of lab technologies that have been around for decades that depend on uranium from Russia, that don't have the physical characteristics for cheap nuclear generation and don't have the conditions for success for nuclear generation will be the saviours of the nuclear industry and a key wedge in fighting climate change...

"I like nuclear generation. I know it's safe enough. I'm not concerned about radiation... I just know that it doesn't have the conditions for success to be built and scaled economically in the 21st Century, and wind, water, solar, transmission and storage do."

Tuesday the New York Times reported that while hosting the global climate summit, the United Arab Emirates also hoped to lobby for oil and gas deals around the world.

But Friday the United Arab Emirates announced that they'd also started a $30 billion climate fund, reports Reuters, and that fund "aims to attract $250 billion of investment by the end of the decade."

The New York Times notes the fund started just months ago, and "at least 20 percent of the funds, would be earmarked for projects in the developing world, where it is especially difficult to finance clean energy projects because interest rates are high and lenders shy away from what they perceive as risky investments."

The Washington Post notes that "It immediately becomes one of the world's largest climate-focused investment funds." "This is a big deal," said Mona Dajani, global head of renewables, energy and infrastructure at the law firm Shearman and Sterling. "We have seen other programs previously, but not at this level. They were too scattered, too small, not aligned to the broader financial sector."

The lack of cash feeds into other challenges that can make it impossible to scale up clean energy in some countries. Without a steady pipeline of projects, there are no established supply chains, and nations find themselves locked out of markets for key components that are in high demand elsewhere, such as solar cells and critical minerals used to make giant batteries that store renewable power. The Global South will need an immense amount of such battery storage by the end of the decade, according to the Rockefeller Foundation, enough to store about as much power as is produced by 90 large nuclear plants. The storage is used to bottle wind and solar power and distribute it back into grids after dark and when the wind dies down.
The Post also reports that "the money to fund the projects will come largely from oil revenue." While the UAE framed its initiative as a call to global action, it is at least partly geared toward generating returns. It is one of several forays the UAE is making into clean-energy finance as it seeks to diversify its economy amid predictions the demand for oil will slump in coming years... The new initiative puts a spotlight on the UAE's evolving role in the fight against climate change. The country is at once one of the world's biggest contributors to warming, pumping massive amounts of oil into the global economy, while also using its fossil fuel wealth to put itself on the vanguard of energy innovation.

Tesla's new Cybertruck is more than their first new model since 2020, reports the Verge: Tesla announced a new "Powershare" vehicle-to-load charging capability, only available on the new Cybertruck. The feature will allow Cybertruck owners to power their camping equipment, power tools, or even their entire home during a blackout, just by using their electric truck as a mobile generator.

The truck also features a 240-volt outlet in the rear bed that can be used to charge other EVs. An image on Tesla's website shows the Cybertruck charging a Model Y.

The Cybertruck can put out as much as 11.5kW, which is more than the Ford F-150 Lightning's 9.6kW of onboard power or the GMC Sierra Denali EV's 10.2kW. Tesla has been talking about manufacturing vehicles with bidirectional charging capabilities for several years now, first teasing the feature at its Battery Day event in 2020. Since then, many of its competitors have adopted the feature for their EVs, including Ford, GM, Hyundai, Kia, and others...

In essence, it treats high-capacity lithium-ion batteries not only as tools to power EVs but also as backup storage cells to charge other electric devices, an entire home, or even to send power to the electrical grid for possible energy savings... Customers who want to take advantage of the Powershare feature in their homes will need a Tesla Powerwall (of course) and a Wall Connector for the most seamless connection.
Tesla held a launch event for the vehicle on Thursday, and demand appears to be high. Jalopnik reports Tesla is now offering people who'd reserved a Cybertruck a $1,000 discount if they'll instead order another Tesla model.

An anonymous reader shares a report: In late September, an arsonist set fire to a storage shed at Memorial Park used by the Santa Monica Pickleball Club, torching thousands of dollars worth of nets, rackets, balls, and other pickleball equipment. "Unknown suspect(s) caused a fire that damaged city property (Tennis Court Gate)," a police report I obtained using a public records request says. The report adds that there is body camera footage of the incident and police-shot photos, but the city refused to release them to me because there is an ongoing investigation. The arsonist is still at large.

We still don't know the motive behind the arson, but the news caught my attention because it happened while I was in the midst of trying to understand what I've been calling the pickleball wars. For the last few months I've been trying to understand what's been happening behind-the-scenes in cities large and small by filing public records requests aimed at learning how common beefs about pickleball are, and what's causing them.

If you don't already know about "the fastest growing sport," Pickleball is kind of like tennis, but played on a court a quarter of the size using a plastic ball similar to a wiffle ball and a hard racket. The smaller court, hard ball, and hard racket means that pickleball is louder than tennis, a fact that is brought up very often by homeowners and homeowner associations who claim, somewhat dubiously, that the noise from pickleball drives down their home values. My hypothesis going into researching this article was that people who live in cities are mad at the noise created during the act of playing pickleball and they have probably complained to the government about it. What I found was surprisingly more complex: Thousands of pages of documents I've reviewed show that pickleball's surging popularity is overwhelming under-resourced parks departments in city governments all over the country.

An anonymous reader quotes a report from Ars Technica: A prolific espionage hacking group with ties to China spent over two years looting the corporate network of NXP, the Netherlands-based chipmaker whose silicon powers security-sensitive components found in smartphones, smartcards, and electric vehicles, a news outlet has reported. The intrusion, by a group tracked under names including "Chimera" and "G0114," lasted from late 2017 to the beginning of 2020, according to Netherlands national news outlet NRC Handelsblad, which cited "several sources" familiar with the incident. During that time, the threat actors periodically accessed employee mailboxes and network drives in search of chip designs and other NXP intellectual property. The breach wasn't uncovered until Chimera intruders were detected in a separate company network that connected to compromised NXP systems on several occasions. Details of the breach remained a closely guarded secret until now.

NRC cited a report published (and later deleted) by security firm Fox-IT, titled Abusing Cloud Services to Fly Under the Radar. It documented Chimera using cloud services from companies including Microsoft and Dropbox to receive data stolen from the networks of semiconductor makers, including one in Europe that was hit in "early Q4 2017." Some of the intrusions lasted as long as three years before coming to light. NRC said the unidentified victim was NXP. "Once nested on a first computer -- patient zero -- the spies gradually expand their access rights, erase their tracks in between and secretly sneak to the protected parts of the network," NRC reporters wrote in an English translation. "They try to secrete the sensitive data they find there in encrypted archive files via cloud storage services such as Microsoft OneDrive. According to the log files that Fox-IT finds, the hackers come every few weeks to see whether interesting new data can be found at NXP and whether more user accounts and parts of the network can be hacked."

NXP did not alert customers or shareholders to the intrusion, other than a brief reference in a 2019 annual report. It read: "We have, from time to time, experienced cyber-attacks attempting to obtain access to our computer systems and networks. Such incidents, whether or not successful, could result in the misappropriation of our proprietary information and technology, the compromise of personal and confidential information of our employees, customers, or suppliers, or interrupt our business. For instance, in January 2020, we became aware of a compromise of certain of our systems. We are taking steps to identify the malicious activity and are implementing remedial measures to increase the security of our systems and networks to respond to evolving threats and new information. As of the date of this filing, we do not believe that this IT system compromise has resulted in a material adverse effect on our business or any material damage to us. However, the investigation is ongoing, and we are continuing to evaluate the amount and type of data compromised. There can be no assurance that this or any other breach or incident will not have a material impact on our operations and financial results in the future."

A first-of-its-kind geothermal project is now up and running in Nevada, where it will help power Google's data centers with clean energy. From a report: Google is partnering with startup Fervo, which has developed new technology for harnessing geothermal power. Since they're using different tactics than traditional geothermal plants, it is a relatively small project with the capacity to generate 3.5 MW. For context, one megawatt is enough to meet the demand of roughly 750 homes. The project will feed electricity into the local grid that serves two of Google's data centers outside of Las Vegas and Reno.

It's part of Google's plan to run on carbon pollution-free electricity around the clock by 2030. To reach that goal, it'll have to get more sources of clean energy online. And it sees geothermal as a key part of the future electricity mix that can fill in whenever wind and solar energy wane. "If you think about how much we advanced wind and solar and lithium ion storage, here we are -- this is kind of the next set of stuff and we feel like companies have a huge role to play in advancing these technologies," says Michael Terrell, senior director of energy and climate at Google.

An anonymous reader quotes a report from Ars Technica: [L]ast week, researchers at Blackwing Intelligence published an extensive document showing how they had managed to work around some of the most popular fingerprint sensors used in Windows PCs. Security researchers Jesse D'Aguanno and Timo Teras write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft's own Surface Pro Type Covers. These are just three laptop models from the wide universe of PCs, but one of these three companies usually does make the fingerprint sensor in every laptop we've reviewed in the last few years. It's likely that most Windows PCs with fingerprint readers will be vulnerable to similar exploits.

Blackwing's post on the vulnerability is also a good overview of exactly how fingerprint sensors in a modern PC work. Most Windows Hello-compatible fingerprint readers use "match on chip" sensors, meaning that the sensor has its own processors and storage that perform all fingerprint scanning and matching independently without relying on the host PC's hardware. This ensures that fingerprint data can't be accessed or extracted if the host PC is compromised. If you're familiar with Apple's terminology, this is basically the way its Secure Enclave is set up. Communication between the fingerprint sensor and the rest of the system is supposed to be handled by the Secure Device Connection Protocol (SCDP). This is a Microsoft-developed protocol that is meant to verify that fingerprint sensors are trustworthy and uncompromised, and to encrypt traffic between the fingerprint sensor and the rest of the PC.

Each fingerprint sensor was ultimately defeated by a different weakness. The Dell laptop's Goodix fingerprint sensor implemented SCDP properly in Windows but used no such protections in Linux. Connecting the fingerprint sensor to a Raspberry Pi 4, the team was able to exploit the Linux support plus "poor code quality" to enroll a new fingerprint that would allow entry into a Windows account. As for the Synaptic and ELAN fingerprint readers used by Lenovo and Microsoft (respectively), the main issue is that both sensors supported SCDP but that it wasn't actually enabled. Synaptic's touchpad used a custom TLS implementation for communication that the Blackwing team was able to exploit, while the Surface fingerprint reader used cleartext communication over USB for communication. "In fact, any USB device can claim to be the ELAN sensor (by spoofing its VID/PID) and simply claim that an authorized user is logging in," wrote D'Aguanno and Teras."Though all of these exploits ultimately require physical access to a device and an attacker who is determined to break into your specific laptop, the wide variety of possible exploits means that there's no single fix that can address all of these issues, even if laptop manufacturers are motivated to implement them," concludes Ars.

Blackwing recommends all Windows Hello fingerprint sensors enable SCDP, the protocol Microsoft developed to try to prevent this exploit. PC makers should also "have a qualified expert third party audit [their] implementation" to improve code quality and security.

Google Drive users are reporting files mysteriously disappearing from the service, with some posters on the company's support forums claiming six or more months of work have unceremoniously vanished. From a report: The issue has been rumbling for a few days, with one user logging into Google Drive and finding things as they were in May 2023. According to the poster, almost everything saved since then has gone, and attempts at recovery failed. Others chimed in with similar experiences, and one claimed that six months of business data had gone AWOL. There is little information regarding what has happened; some users reported that synchronization had simply stopped working, so the cloud storage was out of date.

Others could get some of their information back by fiddling with cached files, although the limited advice on offer for the affected was to leave things well alone until engineers come up with a solution. A message purporting to be from Google support also advised not to make changes to the root/data folder while engineers investigate the issue. Some users speculated that it might be related to accounts being spontaneously dropped. We've asked Google for its thoughts and will update should the search giant respond.

"Three out of four of the world's most popular websites are failing to meet minimum requirement standards" for password security, reports Georgia Tech's College of Computing. Which means three out of four of the world's most popular web sites are "allowing tens of millions of users to create weak passwords."

Using a first-of-its-kind automated tool that can assess a website's password creation policies, researchers also discovered that 12% of websites completely lacked password length requirements. Assistant Professor Frank Li and Ph.D. student Suood Al Roomi in Georgia Tech's School of Cybersecurity and Privacy created the automated assessment tool to explore all sites in the Google Chrome User Experience Report (CrUX), a database of one million websites and pages.

Li and Al Roomi's method of inferring password policies succeeded on over 20,000 sites in the database and showed that many sites:

- Permit very short passwords
- Do not block common passwords
- Use outdated requirements like complex characters

The researchers also discovered that only a few sites fully follow standard guidelines, while most stick to outdated guidelines from 2004... More than half of the websites in the study accepted passwords with six characters or less, with 75% failing to require the recommended eight-character minimum. Around 12% of had no length requirements, and 30% did not support spaces or special characters. Only 28% of the websites studied enforced a password block list, which means thousands of sites are vulnerable to cyber criminals who might try to use common passwords to break into a user's account, also known as a password spraying attack.
Georgia Tech describes the new research as "the largest study of its kind." ("The project was 135 times larger than previous works that relied on manual methods and smaller sample sizes.")

"As a security community, we've identified and developed various solutions and best practices for improving internet and web security," said assistant professor Li. "It's crucial that we investigate whether those solutions or guidelines are actually adopted in practice to understand whether security is improving in reality."

The Slashdot community has already noticed the problem, judging by a recent post from eggegick. "Every site I visit has its own idea of the minimum and maximum number of characters, the number of digits, the number of upper/lowercase characters, the number of punctuation characters allowed and even what punctuation characters are allowed and which are not." The limit of password size really torques me, as that suggests they are storing the password (they need to limit storage size), rather than its hash value (fixed size), which is a real security blunder. Also, the stupid dots drive me bonkers, especially when there is no "unhide" button. For crying out loud, nobody is looking over my shoulder! Make the "unhide" default.
"The 'dots' are bad security," agrees long-time Slashdot reader Spazmania. "If you're going to obscure the password you should also obscure the length of the password." But in their comment on the original submission, they also point out that there is a standard for passwords, from the National Institute of Standards and Technology: Briefly:

* Minimum 8 characters
* Must allow at least 64 characters.
* No constraints on what printing characters can be used (including high unicode)
* No requirements on what characters must be used or in what order or proportion

This is expected to be paired with a system which does some additional and critical things:

* Maintain a database of known compromised passwords (e.g. from public password dictionaries) and reject any passwords found in the database.
* Pair the password with a second authentication factor such as a security token or cell phone sms. Require both to log in.
* Limit the number of passwords which can be attempted per time period. At one attempt per second, even the smallest password dictionaries would take hundreds of years to try...

Someone attempting to brute force a password from outside on a rate-limited system is limited to the rate, regardless of how computing power advances. If the system enforces a rate limit of 1 try per second, the time to crack an 8-character password containing only lower case letters is still more than 6,000 years.

America passed a climate bill in August of 2022 with incentives to build wind and solar energy in regions that historically relied on fossil fuels. And sure enough, since then "a disproportionate amount of wind, solar, battery and manufacturing investment is going to areas that used to host fossil fuel plants," reports the Washington Post.

They cite a new analysis of investment trends from independent research firm Rhodium Group and MIT's Center for Energy and Environmental Policy Research: In Carbon County, Wyo. — a county named for its coal deposits — a power company is building hundreds of wind turbines. In Mingo County, W.Va., where many small towns were once coal towns, the Adams Fork Energy plant will sit on a former coal mining site and produce low-carbon ammonia... While communities that once hosted coal, oil or gas infrastructure make up only 18.6 percent of the population, they received 36.8 percent of the clean energy investment in the year after the Inflation Reduction Act's passage. "We're talking about in total $100 billion in investment in these categories," said Trevor Houser, a partner at Rhodium Group. "So $37 billion investment in a year for energy communities — that's a lot of money...."

Most significantly, 56.6 percent of investment in U.S. wind power in the past year has gone to energy communities, as well as 45.5 percent of the storage and battery investment... The analysis also found that significant amounts of clean energy investment were going to disadvantaged communities, defined as communities with environmental or climate burdens, and low-income communities. Many of the states benefiting are solidly Republican...

Josh Freed, senior vice president for climate and energy at the center-left think tank Third Way, is not sure whether the clean energy investments will make a difference for next year's election. But in the long term, he argues, rural Republican areas will become more dependent on clean energy — potentially shifting party alliances and shifting the position of the Republican Party itself. "It's going to change these fossil fuel communities," he said.