'Every Message Was Copied to the Police': the Daring Sting Behind the An0m Phone Slashdotby EditorDavid on crime at January 1, 1970, 1:00 am (cached at September 12, 2021, 11:35 pm)

The Guardian tells the story of "a viral sensation in the global underworld," the high-security An0m phones, which launched with "a grassroots marketing campaign, identifying so-called influencers — 'well-known crime figures who wield significant power and influence over other criminal associates', according to a US indictment — within criminal subcultures." An0m could not be bought in a shop or on a website. You had to first know a guy. Then you had to be prepared to pay the astronomical cost: $1,700 for the handset, with a $1,250 annual subscription, an astonishing price for a phone that was unable to make phone calls or browse the internet. Almost 10,000 users around the world had agreed to pay, not for the phone so much as for a specific application installed on it. Opening the phone's calculator allowed users to enter a sum that functioned as a kind of numeric open sesame to launch a secret messaging application. The people selling the phone claimed that An0m was the most secure messaging service in the world. Not only was every message encrypted so that it could not be read by a digital eavesdropper, it could be received only by another An0m phone user, forming a closed loop system entirely separate from the information speedways along which most text messages travel. Moreover, An0m could not be downloaded from any of the usual app stores. The only way to access it was to buy a phone with the software preinstalled... [U]sers could set an option to wipe the phone's data if the device went offline for a specified amount of time. Users could also set especially sensitive messages to self-erase after opening, and could record and send voice memos in which the phone would automatically disguise the speaker's voice. An0m was marketed and sold not so much to the security conscious as the security paranoid... An0m was not, however, a secure phone app at all. Every single message sent on the app since its launch in 2018 — 19.37m of them — had been collected, and many of them read by the Australian federal police (AFP) who, together with the FBI, had conceived, built, marketed and sold the devices. On 7 June 2021, more than 800 arrests were made around the world.... Law enforcement agencies ultimately saw An0m as a creative workaround for unbreakable encryption, according to the Guardian. "Why debate tech companies on privacy issues through costly legal battles if you can simply trick criminals into using your own monitored network?" The Guradian's story was shared by jd (Slashdot user #1,658), who sees an ethical question. "As the article notes, what's to stop a tyrant doing the same against rivals or innocent protestors?"

Read more of this story at Slashdot.

Scientists Probe Whether Uranium Cubes in US Lab Were Produced by Nazis Slashdotby EditorDavid on power at January 1, 1970, 1:00 am (cached at September 12, 2021, 10:05 pm)

The New York Times reports: Scientists at the Pacific Northwest National Laboratory and the University of Maryland are working to determine whether three uranium cubes they have in their possession were produced by Germany's failed nuclear program during World War II. The answer could lead to more questions, such as whether the Nazis might have had enough uranium to create a critical reaction. And if the Nazis had been successful in building an atomic bomb, what would that have meant for the war...? The Nazis produced 1,000 to 1,200 cubes, about half of which were confiscated by the Allied forces, said Jon Schwantes, the project's principal investigator. "The whereabouts of most all of those cubes is unknown today," Schwantes said, adding that "most likely those cubes were folded into our weapons stockpile." Two history professors speculate in the article that the technology ultimately would not have changed outcome of the war. Kate Brown, who teaches environmental and Cold War history at MIT, argues that without planes that could fly long distances without being spotted, "the only target I can think of would be London." Brown said that while a Nazi bomb would not have had much of an impact on the war, the Nazis set the stage for the Cold War simply by trying to build one. The Soviets, who were then U.S. allies in defeating Germany, were aware that the Americans took this uranium out of the country "right out from under them," she said. "That becomes a real engine for suspicion that sets up the Cold War, almost immediately," Brown said. The project's principle investigator tells the Times they're planning to use a process called radiochronometry to date the cubes by measuring how much their uranium has decayed. "We do believe they are from Nazi Germany's nuclear program, but to have scientific evidence of that is really what we're attempting to do."

Read more of this story at Slashdot.

Boeing's Directors Are Now Facing an Investor Lawsuit Over Fatal 737 Max Crashes Slashdotby EditorDavid on court at January 1, 1970, 1:00 am (cached at September 12, 2021, 9:05 pm)

Alain Williams (Slashdot reader #2972) brings this report from the BBC: Boeing's board of directors must face a lawsuit from shareholders over two fatal crashes involving its 737 Max plane, a U.S. judge has ruled. Morgan Zurn said the first crash was a "red flag" about a key safety system on the aircraft "that the board should have heeded but instead ignored". She said the real victims were the dead and their families but investors had also lost billions of dollars... In her ruling the Delaware judge said: "While it may seem callous in the face of [the families'] losses, corporate law recognizes another set of victims: Boeing as an enterprise, and its stockholders...." The crashes have already cost Boeing about $20bn in fines, cancelled orders and other costs.

Read more of this story at Slashdot.

Ask Slashdot: Why Is Firefox Losing Users? Slashdotby EditorDavid on firefox at January 1, 1970, 1:00 am (cached at September 12, 2021, 8:05 pm)

This weekend finds some long-time Slashdot readers debating why research shows Firefox losing market share. Long-time Slashdot reader chiguy shares one theory: "Firefox keeps losing users, according to this rant, because it arrogantly refuses to listen to its users." Slashdot reader BAReFO0t countered that that can't be the reason, "because Google does that too." (They blame Chrome's "feature" addition treadmill, where "they keep adding stupid kitchen sinks for the sole and only purpose to make others unable to keep up.") Long-time Slashdot reader Z00L00K thinks that "All those totally unnecessary UI changes are what REALLY annoys users. Not only the immediately visible things in the header but also the renaming of items in the menus just bugs people." But long-time Slashdot reader AmiMoJo argues that "the most popular browser, Chrome, has all those things. In fact all the browsers that are more popular than Firefox do, so the idea that those are unpopular and driving people away doesn't really hold up... Firefox's decline is mostly due to Chrome just being really good, and not having a decent mobile version." I'm still a loyal Firefox user. (Although the thing that annoyed me was when Firefox suddenly changed the keyboard shortcut for copying a link from CNTRL-A to CNTRL-L.) The "rant" at ItsFoss argues that Firefox's original sin was in 2009 when it decided to move tabs to the top of the browser, and when favorite features could no longer be re-enabled in Firefox's about:config file. But that's what I like about Firefox -- at it's best, it's ultimately customizable, with any feature you want easily enabled in what's essentially an incredibly detailed "preferences" menu. Maybe other browsers are just better at attracting new users through purely mechanical advantages like "default" placement on popular systems? Long-time Slashdot reader zenlessyank is also a long-time Firefox user -- "Been using it since Netscape" -- and countered all the doubters with a comment headlined "Firefox rocks!" "Doesn't matter to me how many other users there are or aren't I will still use it as long as it stays updated." But what are your thoughts? Feel free to share your own opinions and experiences with Firefox in the comments.

Read more of this story at Slashdot.

[no title] Scripting News(cached at September 12, 2021, 7:32 pm)

Public Folder is an app I put together after Dropbox stopped supporting a public folder. It's too important a feature to live without.
[no title] Scripting News(cached at September 12, 2021, 7:32 pm)

The other night I was bored and noticed that The Wire was on HBO, so I watched one episode. Then another. And another. Later I started at Episode 1. I don't know how many times I've watched The Wire. I'm almost at a point where I can recite the lines along with the actors. I've yet to see a flaw in this show, there's nothing I don't follow with rapt attention. I can't believe there are people who haven't seen it. It's as I imagine Shakespeare was in his day.
Personal Data About Millions of Children Stolen from Schools, Leaked onto the Darkw Slashdotby EditorDavid on education at January 1, 1970, 1:00 am (cached at September 12, 2021, 6:35 pm)

Long-time Slashdot reader phalse phace quotes NBC News: Most don't have bank passwords. Few have credit scores yet. And still, parts of the internet are awash in the personal information of millions of schoolchildren. The ongoing wave of ransomware attacks has cost companies and institutions billions of dollars and exposed personal information about everyone from hospital patients to police officers. It's also swept up school districts, meaning files from thousands of schools are currently visible on those hackers' sites. NBC News collected and analyzed school files from those sites and found they're littered with personal information of children. In 2021, ransomware gangs published data from more than 1,200 American K-12 schools, according to a tally provided to NBC News by Brett Callow, a ransomware analyst at the cybersecurity company Emsisoft. Some schools contacted about the leaks appeared unaware of the problem. And even after schools are able to resume operations following an attack, parents have little recourse when their children's information is leaked. Some of the data is personal, like medical conditions or family financial statuses. Other pieces of data, such as Social Security numbers or birthdays, are permanent indicators of who they are, and their theft can set up a child for a lifetime of potential identity theft.

Read more of this story at Slashdot.

Can the US Create Hundreds of Thousands of Jobs With a Civilian Climate Corps? Slashdotby EditorDavid on power at January 1, 1970, 1:00 am (cached at September 12, 2021, 5:35 pm)

ABC News reports: Inspired by the New Deal-era Civilian Conservation Corps, President Joe Biden and congressional Democrats are pushing for a modern counterpart: a Civilian Climate Corps that would create hundreds of thousands of jobs building trails, restoring streams and helping prevent catastrophic wildfires. Building on Biden's oft-repeated comment that when he thinks of climate change, he thinks of jobs, the White House says the multibillion-dollar program would address both priorities as young adults find work installing solar panels, planting trees, digging irrigation ditches and boosting outdoor recreation... Colorado Public Radio reports that there's already a new Colorado Climate Corps, funded by a $1.7 million federal grant, that will place 240 members of America's federally-funded national service program "AmeriCorps" into 55 counties across Colorado "to protect public lands and help low-income communities brace for the climate crisis." And now supporters of the larger federal program "envision climate corps workers installing solar panels, weatherizing buildings and providing water and other supplies during heat waves and storms," reports the New York Times: A new climate corps would help address the growing threat of wildfires in Idaho, according to Jay Satz, senior director for partnerships and innovation at the Northwest Youth Corps and Idaho Conservation Corps. Mr. Satz said his group doesn't have the funding or the staff to meet that need, which includes thinning out dead trees, replanting new trees and rehabilitating land hit by fires.

Read more of this story at Slashdot.

[no title] Scripting News(cached at September 12, 2021, 5:02 pm)

Everyone but silo-builders wins if our products interop.
Amazon Renames Its Open Source Fork of ElasticSearch 'Amazon OpenSearch Service' Slashdotby EditorDavid on business at January 1, 1970, 1:00 am (cached at September 12, 2021, 4:35 pm)

"Amazon Web Services on Thursday fulfilled its commitment to rename Amazon Elasticsearch Service with its expected new identity, Amazon OpenSearch Service," reports the Register in a new update on Amazon's ongoing battle over open source licensing: The name change was necessary because AWS and Elasticsearch BV fell out over the licensing of the Elasticsearch open source software and the eating of one another's lunch.... While AWS promises that OpenSearch Service APIs will be backward-compatible with the existing service APIs (open source Elasticsearch 7.10), meaning no backend or client app changes should be necessary, building against new OpenSearch Service features means there's no going back. AWS says that upgrading from existing Elasticsearch 6.x and 7.x managed clusters to OpenSearch is irreversible. [According to a blog post by Channy Yun, principal developer advocate for AWS], OpenSearch 1.0 (the AWS fork) supports three features unavailable in the legacy Elasticsearch versions still supported in Amazon OpenSearch Service: Transforms, Data Streams, and Notebooks in OpenSearch Dashboards... Amazon OpenSearch Service incorporates various other capabilities not present in the open-source Elasticsearch code, like security integrations (Active Directory, etc), reporting, alerting, and other such things. Cloud provider lock-in can become an issue even when there's compatibility between hosted open source services and the projects they're based upon. What started out as an exercise in copying, the most lucrative form of flattery, has become a race to differentiate, or — to use the words of former Microsoft VP Paul Martiz when telling Intel representatives in 1995 about how Microsoft would deal with Netscape — "Embrace, extend, extinguish."

Read more of this story at Slashdot.

[no title] Scripting News(cached at September 12, 2021, 4:32 pm)

Braintrust query: I want to understand the extended Markdown some outliners use. If you use one of them, you can help.
[no title] Scripting News(cached at September 12, 2021, 4:32 pm)

Drummer has a feature called the glossary, it's been part of every outliner I have done since the mid-90s. It's a very simple idea. A table that associates terms with text. If I use one of the terms in my writing, when it's published, the term is replaced with the text. We use OPML to represent the glossaries. Here's my personal glossary. I wish every place I type text could be configured to use my glossary, so where ever I go I can use my terms. It would also be great to configure my searches to use these terms too, so Google for example would know what I am referring to when I type the name of one of my own products.
Linux For Apple Silicon Macs Gets Closer To Reality Slashdotby EditorDavid on opensource at January 1, 1970, 1:00 am (cached at September 12, 2021, 3:05 pm)

"Asahi Linux for Apple M1 Macs is moving closer to reality," writes Slashdot reader TroysBucket. An Asahi developer posted a detailed status update on Twitter. Linux enthusiast Bryan Lunduke offers this succinct summary: - The Asahi Linux team has Linux (Debian, in this case) booting and usable with network support. - They now have (very early) display drivers which "take full advantage of the display hardware." - They have at least two base distributions — both Arch and Debian — working and functional (to some extent). They also have, according to their latest update, "boot picker" support so that you can manually select which OS / Drive to boot from on the M1 Macs... I, for one, can't wait to see the first public, functional release of Asahi Linux — and will be following it extremely closely.

Read more of this story at Slashdot.

Torvalds Merges Support for Microsoft's NTFS File System, Complains GitHub 'Creates Slashdotby EditorDavid on opensource at January 1, 1970, 1:00 am (cached at September 12, 2021, 1:35 pm)

"Linux creator Linus Torvalds has agreed to include Paragon Software's NTFS3 kernel driver, giving the Linux kernel 5.15 release improved support for Microsoft's NTFS file system..." reports ZDNet, adding that the driver "will make working with Windows' NTFS drives in Linux an easier task — ending decades of difficulties with Microsoft's proprietary file system that succeeded FAT...." "But he also had some process and security lessons to offer developers about how to code submissions to the kernel should be made." "I notice that you have a GitHub merge commit in there," wrote Torvalds. He continued: "That's another of those things that I *really* don't want to see — GitHub creates absolutely useless garbage merges, and you should never ever use the GitHub interfaces to merge anything...GitHub is a perfectly fine hosting site, and it does a number of other things well too, but merges are not one of those things." Torvalds' chief problem with it was that merges need "proper commit messages with information about [what] is being merged and *why* you merge something." He continued: "But it also means proper authorship and committer information etc. All of which GitHub entirely screws up." TechRadar supplies some more context: One of the shortcomings Torvalds highlighted are GitHub's concise, factually correct, but functionally useless, commit messages. For instance, GitHub's commit message for Paragon's merge read "Merge branch 'torvalds:master' into master", which didn't impress Torvalds one bit... Torvalds also had some pertinent security advice, perhaps useful in light of recent software supply chain cyberattacks that the Linux Foundation wants to address by improving supply chain integrity through tools that make it easier to sign software cryptographically. As Torvalds points out, this is particularly important for new contributors to the Linux kernel. "For GitHub accounts (or really, anything but kernel.org where I can just trust the account management), I really want the pull request to be a signed tag, not just a plain branch," Torvalds explains... Torvalds suggests Paragon do future merges from the command-line.

Read more of this story at Slashdot.

Facebook Admits It Sent Misinformation Researchers Flawed Data Slashdotby EditorDavid on facebook at January 1, 1970, 1:00 am (cached at September 12, 2021, 9:35 am)

"Facebook provided a data set to a consortium of social scientists last year that had serious errors," reports the Washington Post, "affecting the findings in an unknown number of academic papers, the company acknowledged Friday." The company used a regular monthly call on Friday with roughly three dozen researchers affiliated with Social Science One, a consortium founded in 2018 that Facebook hails as a model for collaboration with academics, to admit the error and apologize for the impact on their work. The data concerns the effect of social media on elections and democracy and includes what web addresses Facebook users click on, along with other information. The error resulted from Facebook accidentally excluding data from U.S. users who had no detectable political leanings — a group that amounted to roughly half of all of Facebook's users in the United States. Data from users in other countries was not affected... Gary King, a Harvard professor who co-chairs Social Science One... said dozens of papers from researchers affiliated with Social Science One had relied on the data since Facebook shared the flawed set in February 2020, but he said the impact could be determined only after Facebook provided corrected data that could be reanalyzed. He said some of the errors may cause little or no problems, but others could be serious. Social Science One shared the flawed data with at least 110 researchers, King said. The group's former co-chairman, Stanford Law professor Nathaniel Persily, said of the incident: "This is a friggin' outrage and a fundamental breach of promises Facebook made to the research community. It also demonstrates why we need government regulation to force social media companies to develop secure data sharing programs with outside independent researchers." An Italian researcher, Fabio Giglietto, discovered data anomalies last month and brought them to Facebook's attention. The company contacted researchers in recent days with news that they had failed to include roughly half of its U.S. users — a group that likely is less politically polarized than Facebook's overall user base. The New York Times first reported Facebook's error... The anonymized data set is one of the largest in social science history, with 42 trillion numbers. One Social Science One researcher told the New York Times this discovery "undermines trust researchers may have in Facebook... "A lot of concern was initially voiced about whether we should trust that Facebook was giving Social Science One researchers good data. Now we know that we shouldn't have trusted Facebook so much and should have demanded more effort to show validity in the data."

Read more of this story at Slashdot.