An anonymous reader quotes a report from The Verge: Tech workers at The New York Times have formed a union under the NewsGuild of New York, and they are demanding voluntary recognition from the paper's management. The new union, called the Tech Times Guild, represents more than 650 workers from the digital side of the company, including software engineers, designers, and data analysts. Those employees are not included in the editorial union of The New York Times, which represents more than 3,000 reporters and media professionals at the newspaper and is also organized under NewsGuild. The editorial union has historically excluded employees on the digital side of the paper, even as the company has expanded into more ambitious data and digital work. As a result, the Tech Times Guild is seeking a separate bargaining unit, which would negotiate separately with the Times management. "As of now, we face a number of challenges," the Tech Times Guild said in a statement on Twitter, "including sudden or unexplained termination, opaque promotion processes, unpaid overtime, and underinvestment in diverse representation. Without a union, we lack the data or bargaining rights to address these issues." The Times has not formally responded to the union's request for recognition. "Voluntary recognition is a significant decision," The New York Times Company said in a statement. "We have heard questions from colleagues such as what a union would mean for staff, who might be included in the union, and how colleagues would have a say in who might represent them. We want to make sure all voices are heard."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Verge: Tech workers at The New York Times have formed a union under the NewsGuild of New York, and they are demanding voluntary recognition from the paper's management. The new union, called the Tech Times Guild, represents more than 650 workers from the digital side of the company, including software engineers, designers, and data analysts. Those employees are not included in the editorial union of The New York Times, which represents more than 3,000 reporters and media professionals at the newspaper and is also organized under NewsGuild. The editorial union has historically excluded employees on the digital side of the paper, even as the company has expanded into more ambitious data and digital work. As a result, the Tech Times Guild is seeking a separate bargaining unit, which would negotiate separately with the Times management. "As of now, we face a number of challenges," the Tech Times Guild said in a statement on Twitter, "including sudden or unexplained termination, opaque promotion processes, unpaid overtime, and underinvestment in diverse representation. Without a union, we lack the data or bargaining rights to address these issues." The Times has not formally responded to the union's request for recognition. "Voluntary recognition is a significant decision," The New York Times Company said in a statement. "We have heard questions from colleagues such as what a union would mean for staff, who might be included in the union, and how colleagues would have a say in who might represent them. We want to make sure all voices are heard."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Verge: Tech workers at The New York Times have formed a union under the NewsGuild of New York, and they are demanding voluntary recognition from the paper's management. The new union, called the Tech Times Guild, represents more than 650 workers from the digital side of the company, including software engineers, designers, and data analysts. Those employees are not included in the editorial union of The New York Times, which represents more than 3,000 reporters and media professionals at the newspaper and is also organized under NewsGuild. The editorial union has historically excluded employees on the digital side of the paper, even as the company has expanded into more ambitious data and digital work. As a result, the Tech Times Guild is seeking a separate bargaining unit, which would negotiate separately with the Times management. "As of now, we face a number of challenges," the Tech Times Guild said in a statement on Twitter, "including sudden or unexplained termination, opaque promotion processes, unpaid overtime, and underinvestment in diverse representation. Without a union, we lack the data or bargaining rights to address these issues." The Times has not formally responded to the union's request for recognition. "Voluntary recognition is a significant decision," The New York Times Company said in a statement. "We have heard questions from colleagues such as what a union would mean for staff, who might be included in the union, and how colleagues would have a say in who might represent them. We want to make sure all voices are heard."

Read more of this story at Slashdot.

The European Union is poised to ban artificial intelligence systems used for mass surveillance or for ranking social behavior, while companies developing AI could face fines as high as 4% of global revenue if they fail to comply with new rules governing the software applications. From a report: The rules are part of legislation set to be proposed by the European Commission, the bloc's executive body, according to a draft of the proposal obtained by Bloomberg. The details could change before the commission unveils the measure, which is expected to be as soon as next week. The EU proposal is expected to include the following rules: * AI systems used to manipulate human behavior, exploit information about individuals or groups of individuals, used to carry out social scoring or for indiscriminate surveillance would all be banned in the EU. Some public security exceptions would apply. * Remote biometric identification systems used in public places, like facial recognition, would need special authorization from authorities. * AI applications considered to be 'high-risk' would have to undergo inspections before deployment to ensure systems are trained on unbiased data sets, in a traceable way and with human oversight. * High-risk AI would pertain to systems that could endanger people's safety, lives or fundamental rights, as well as the EU's democratic processes -- such as self-driving cars and remote surgery, among others. * Some companies will be allowed to undertake assessments themselves, whereas others will be subject to checks by third-parties. Compliance certificates issued by assessment bodies will be valid for up to five years. * Rules would apply equally to companies based in the EU or abroad.

Read more of this story at Slashdot.

An online tool lets customers pay to unmask the phone numbers of Facebook users that liked a specific Page, and the underlying dataset appears to be separate from the 500 million account database that made headlines last week, signifying another data breach or large scale scraping of Facebook users' data, Motherboard reports. From the report: Motherboard verified the tool, which comes in the form of a bot on the social network and messaging platform Telegram, outputs accurate phone numbers of Facebook users that aren't included in the dataset of 500 million users. The data also appears to be different to another Telegram bot outputting Facebook phone numbers that Motherboard first reported on in January. "Hello, can you tell me how you got my number?" one person included in the dataset asked Motherboard when reached for comment. "Omg, this is insane," they added. Another person returned Motherboard's call and, after confirming their name, said "If you have my number then yes it seems the data is accurate." A description for the bot reads "The bot give [sic] out the phone numbers of users who have liked the Facebook page." To use the bot, customers need to first identify the unique identification code of the Facebook Page they want to get phone numbers from, be that a band, restaurant, or any other sort of Page. This is possible with at least one free to use website. From there, customers enter that code into the bot, which provides a cost of the data in U.S. dollars and the option to proceed with the purchase, according to Motherboard's tests. A Page with tens of thousands of likes from Facebook users can cost a few hundred dollars, the bot shows. The data for Motherboard's own Page would return 134,803 results and cost $539, for example.

Read more of this story at Slashdot.

An online tool lets customers pay to unmask the phone numbers of Facebook users that liked a specific Page, and the underlying dataset appears to be separate from the 500 million account database that made headlines last week, signifying another data breach or large scale scraping of Facebook users' data, Motherboard reports. From the report: Motherboard verified the tool, which comes in the form of a bot on the social network and messaging platform Telegram, outputs accurate phone numbers of Facebook users that aren't included in the dataset of 500 million users. The data also appears to be different to another Telegram bot outputting Facebook phone numbers that Motherboard first reported on in January. "Hello, can you tell me how you got my number?" one person included in the dataset asked Motherboard when reached for comment. "Omg, this is insane," they added. Another person returned Motherboard's call and, after confirming their name, said "If you have my number then yes it seems the data is accurate." A description for the bot reads "The bot give [sic] out the phone numbers of users who have liked the Facebook page." To use the bot, customers need to first identify the unique identification code of the Facebook Page they want to get phone numbers from, be that a band, restaurant, or any other sort of Page. This is possible with at least one free to use website. From there, customers enter that code into the bot, which provides a cost of the data in U.S. dollars and the option to proceed with the purchase, according to Motherboard's tests. A Page with tens of thousands of likes from Facebook users can cost a few hundred dollars, the bot shows. The data for Motherboard's own Page would return 134,803 results and cost $539, for example.

Read more of this story at Slashdot.

The sponge species was unnamed for a decade before nine-year-old Sylvie suggested Parpal Dumplin.

Cory Doctorow, writing at Wired: When we talk about social media monopolies, we focus too much on network effects, and not enough on switching costs. Yes, it's true that all your friends are already stuck in a Big Tech silo that doesn't talk to any of the other Big Tech silos. It needn't be that way: interoperable platforms have existed since the first two Arpanet nodes came online. You can phone anyone with a phone number and email anyone with an email address. The reason you can't talk to Facebook users without having a Facebook account isn't that it's technically impossible -- it's that Facebook forbids it. What's more, Facebook (and its Big Tech rivals) have the law on their side: the once-common practice of making new products that just work with existing ones (like third-party printer ink, or a Mac program that can read Microsoft Office files, or an emulator that can play old games) has been driven to the brink of extinction by Big Tech. They were fine with this kind of "competitive compatibility" when it benefited them, but now that they dominate the digital world, it's time for it to die. To restore competitive compatibility, we would need reform to many laws: software copyright and patents, the anti-circumvention laws that protect digital rights management, and the cybersecurity laws that let companies criminalize violations of their terms of service.

Read more of this story at Slashdot.

Cory Doctorow, writing at Wired: When we talk about social media monopolies, we focus too much on network effects, and not enough on switching costs. Yes, it's true that all your friends are already stuck in a Big Tech silo that doesn't talk to any of the other Big Tech silos. It needn't be that way: interoperable platforms have existed since the first two Arpanet nodes came online. You can phone anyone with a phone number and email anyone with an email address. The reason you can't talk to Facebook users without having a Facebook account isn't that it's technically impossible -- it's that Facebook forbids it. What's more, Facebook (and its Big Tech rivals) have the law on their side: the once-common practice of making new products that just work with existing ones (like third-party printer ink, or a Mac program that can read Microsoft Office files, or an emulator that can play old games) has been driven to the brink of extinction by Big Tech. They were fine with this kind of "competitive compatibility" when it benefited them, but now that they dominate the digital world, it's time for it to die. To restore competitive compatibility, we would need reform to many laws: software copyright and patents, the anti-circumvention laws that protect digital rights management, and the cybersecurity laws that let companies criminalize violations of their terms of service.

Read more of this story at Slashdot.

I'm glad the Free Software Foundation is standing with Richard Stallman. You don't get to destroy someone's life because you don't like him, or the questions he asks, or the things he says. This really is a question of freedom.

Catalin Cimpanu, reporting at Record: Security researchers have found a new set of vulnerabilities that impact hundreds of millions of servers, smart devices, and industrial equipment. Called NAME:WRECK, the vulnerabilities have been discovered by enterprise IoT security firm Forescout as part of its internal research program named Project Memoria -- which the company describes as "an initiative that aims at providing the cybersecurity community with the largest study on the security of TCP/IP stacks." Although never visible to end-users, TCP/IP stacks are libraries that vendors add to their firmware to support internet connectivity and other networking functions for their devices. These libraries are very small but, in most cases, underpin the most basic functions of a device, and any vulnerability here exposes users to remote attacks. The NAME:WRECK research is the fifth set of vulnerabilities impacting TCP/IP libraries that have been disclosed over the past three years, and the third set disclosed part of Project Memoria.

Read more of this story at Slashdot.

Braintrust query: Is there a way to post to WordPress from an external app? If it has an API, I'd like to get support in the first release of Drummer. It's an important connection. For years they had an XML-RPC interface. I think that's gone now. Has something replaced it yet?

Hackers could take control of victims' computers just by tricking them into clicking on a Steam invite to play Counter Strike: Global Offensive, Motherboard reports, citing a bug filing review. From a report: A bug in the game engine used in Counter Strike: Global Offensive could be exploited by hackers to take full control of a target's machine. A security researcher alerted Valve about the bug in June of 2019. Valve is the maker of Source Engine, which is used by CS:GO, Team Fortress 2, and several other games. The researcher, who goes by the name Florian, said that while that the bug has been fixed in some games that use the Source engine, it is still present in CS:GO, and he demonstrated it in a call with Motherboard. Florian's correspondence with Valve occurred on HackerOne, the bug bounty platform used by the company to get reports about vulnerabilities. Valve admitted that it was being slow to respond, even though it classified the bug as "critical" in the thread with the researchers, which Motherboard reviewed. "I am honestly very disappointed because they straight up ignored me most of the time," Florian said in an online chat.

Read more of this story at Slashdot.

Professional political trolling is still a thriving underground industry around the world, despite crackdowns from the biggest tech firms. From a report: Coordinated online disinformation efforts offer governments and political actors a fast, cheap way to get under rivals' skin. They also offer a paycheck to people who are eager for work, typically in developing countries. "It's a more sophisticated means of disinformation to weaken your advisories," said Todd Carroll, CISO and VP of Cyber Operations at CybelAngel. Facebook last week said it had uncovered a massive troll farm in Albania, linked to an Iranian militant group. The operation had the the hallmarks of a typical troll farm, which Facebook defines as "a physical location where a collective of operators share computers and phones to jointly manage a pool of fake accounts as part of an influence operation." "The main thing we saw was strange signals centralized coordination between different fake accounts," said Ben Nimmo, Facebook's global influence operations threat intelligence lead. Like numerous troll farms uncovered over the past few years, there was one easy giveaway: content from the network targeted Iran, but was posted on social media during normal working hours on Central European Time.

Read more of this story at Slashdot.

An Indian security researcher has published today proof-of-concept exploit code for a recently discovered vulnerability impacting Google Chrome, Microsoft Edge, and other Chromium-based browsers like Opera and Brave. From a report: The researcher, Rajvardhan Agarwal, told The Record today that the exploit code is for a Chromium bug that was used during the Pwn2Own hacking contest that took place last week. During the contest, security researchers Bruno Keith (@bkth_) & Niklas Baumstark (@_niklasb) of Dataflow Security used a vulnerability to run malicious code inside Chrome and Edge, for which they received $100,000. Per contest rules, details about this bug were handed over to the Chrome security team so the bug could be patched as soon as possible. While details about the exact nature of the bug were never publicly disclosed, Agarwal told The Record he spotted the patches for this bug by looking at the source code commits to the V8 JavaScript engine, a component of the Chromium open-source browser project, which allowed him to recreate the Pwn2Own exploit, which he uploaded earlier today on GitHub, and shared on Twitter. However, while Chromium developers have patched the V8 bug last week, the patch has not yet been integrated into official releases of downstream Chromium-based browsers such as Chrome, Edge, and others, which are still vulnerable to attacks.

Read more of this story at Slashdot.