HealthITSecurity writes: The patient data from multiple providers appears to have been captured and subsequently leaked on the data repository GitHub Arctic Code Vault by third-party vendor MedData, according to a new collaborative report from security researcher Jelle Ursem and Dissent Doe of DataBreaches.net. Through his research, Ursem detected troves of protected health information tied to a single developer... The databases were taken down on December 17. MedData recently released a notice that detailed the massive patient data breach, which involved information provided to the vendor for processing services... Officials discovered that an employee had saved files to personal folders created on the GitHub repository between December 2018 and September 2019, during their employment... The impacted data included patient names combined with one or more data elements, such as subscriber ID,Social Security numbers, diagnoses, conditions, claims data, dates of services, medical procedure codes, insurance policy numbers, provider names, contact details, and dates of birth. All affected patients will receive free credit monitoring and identity protection services... This is the second report from Ursem and Dissent on GitHub repositories leaking patient data in the last six months. In August, they reported that at least nine GitHub repositories leveraging improper access controls leaked data from more than 150,000 to 200,000 patients. The data belonged to multiple providers. The incidents highlight the importance of vendor management and the need to ensure security policies are aligned. Previous reports have shown about one-third of healthcare databases stored in the cloud, or even locally, are actively leaking data online. What's worse, misconfigured databases can be hacked in about eight hours. DataBreaches.net wonders what happened after Med-Data reached out to GitHub about the vault's logs and removal of the code. Did GitHub provide the logs? If so, what did they show? Is anyone's Protected Health Information in GitHub's Arctic Code Vault? And if so, what happens? Will GitHub remove it...? Or will code just be left there for researchers to explore in 1,000 years so they can wade through the personal and protected health information or other sensitive information of people who trusted others to protect their privacy? In November, 2020, Ursem posed the question to GitHub on Twitter. They never replied.

Read more of this story at Slashdot.

"AMD and Intel have both proposed better ways of doing interrupt and exception handling the last few months," reports LinuxReviews.org. Then they share this analysis Linus Torvalds posted on the Real World Technologies forum: "The AMD version is essentially "Fix known bugs in the exception handling definition". The Intel version is basically "Yeah, the protected mode 80286 exception handling was bad, then 386 made it odder with the 32-bit extensions, and then syscall/sysenter made everything worse, and then the x86-64 extensions introduced even more problems. So let's add a mode bit where all the crap goes away". In contrast, the AMD one is basically a minimal effort to fix actual fundamental problems with all that legacy-induced crap that are nasty to work around and that have caused issues... Both are valid on their own, and they are actually fairly independent. Honestly, the AMD paper looks like a quick "we haven't even finished thinking all the details through, but we know these parts were broken, so we might as well release this". I don't know how long it has been brewing, but judging by the "TBD" things in that paper, I think it's a "early rough draft"." In the article (shared by long-time Slashdot reader xiando), LinuxReviews.org summarizes the state of the conversation today: Torvalds went on to say that while AMD's proposed "quick fix" would be easier to implement for him and others operating system vendors, it's not ideal in the long run. Intel's proposal throws the entire existing interrupt descriptor table (IDT) delivery system under the bus so it can be replaced with what they call a new "FRED event delivery" system. Torvalds believes this is a better long-term solution... While the pros and cons of Intel and AMD's respective proposals for interrupt and event handling in future processors are worthy of discussion, it's in reality mostly up to Intel. They are the bigger and more powerful corporation. It is more likely than not that future processors from Intel will use their proposed Flexible Return and Event Delivery system. Their next generation processors won't, it will take years not months before consumer CPUs have the FRED technology. Remember, the above-mentioned technical document was published earlier this month [in March]. Things do not magically go from the drawing-board to store-shelves overnight. Intel isn't going to just hand the FRED technology over to AMD and help them implement it. We will likely see both move forward with their own proposals. Intel will have FRED and AMD will have Supervisor Entry Extensions until AMD, inevitably, adopts FRED or some form of it years down the line. They also note that Torvalds took issue with a poster arguing that microkernels are more secure than monolithic kernels like Linux. "Bah, you're just parroting the usual party line that had absolutely no basis in reality and when you look into the details, doesn't actually hold up. It's all theory and handwaving and just repeating the same old FUD that was never actually really relevant."

Read more of this story at Slashdot.

The New York Times tells the story of the Baikal-Gigaton Volume Detector, the largest neutrino telescope in the Northern Hemisphere and one of the world's biggest underwater space telescopes, now submerged in the world's deepest lake in Siberia. The Times includes a quote from 80-year-old Russian physicist Grigori V. Domogatski, who has actually "led the quest" for this underwater telescope for 40 years. "If you take on a project, you must understand that you have to realize it in any conditions that come up," Dr. Domogatski said, banging on his desk for emphasis. "Otherwise, there's no point in even starting." [T]his hunt for neutrinos from the far reaches of the cosmos, spanning eras in geopolitics and in astrophysics, sheds light on how Russia has managed to preserve some of the scientific prowess that characterized the Soviet Union — as well as the limitations of that legacy... In the 1970s, despite the Cold War, the Americans and the Soviets were working together to plan a first deep water neutrino detector off the coast of Hawaii. But after the Soviet Union invaded Afghanistan, the Soviets were kicked out of the project. So, in 1980, the Institute for Nuclear Research in Moscow started its own neutrino-telescope effort, led by Dr. Domogatski. The place to try seemed obvious, although it was about 2,500 miles away: Baikal. The project did not get far beyond planning and design before the Soviet Union collapsed, throwing many of the country's scientists into poverty and their efforts into disarray. But an institute outside Berlin, which soon became part of Germany's DESY particle research center, joined the Baikal effort.... By the mid 1990s, the Russian team had managed to identify "atmospheric" neutrinos — those produced by collisions in Earth's atmosphere — but not ones arriving from outer space. It would need a bigger detector for that. As Russia started to reinvest in science in the 2000s under President Vladimir V. Putin, Dr. Domogatski managed to secure more than $30 million in funding to build a new Baikal telescope... Construction began in 2015, and a first phase encompassing 2,304 light-detecting orbs suspended in the depths is scheduled to be completed by the time the ice melts in April. (The orbs remain suspended in the water year-round, watching for neutrinos and sending data to the scientists' lakeshore base by underwater cable....) The Baikal telescope looks down, through the entire planet, out the other side, toward the center of our galaxy and beyond, essentially using Earth as a giant sieve. For the most part, larger particles hitting the opposite side of the planet eventually collide with atoms. But almost all neutrinos — 100 billion of which pass through your fingertip every second — continue, essentially, on a straight line. Yet when a neutrino, exceedingly rarely, hits an atomic nucleus in the water, it produces a cone of blue light called Cherenkov radiation. The effect was discovered by the Soviet physicist Pavel A. Cherenkov, one of Dr. Domogatski's former colleagues down the hall at his institute in Moscow. If you spend years monitoring a billion tons of deep water for unimaginably tiny flashes of Cherenkov light, many physicists believe, you will eventually find neutrinos that can be traced back to cosmic conflagrations that emitted them billions of light-years away. The orientation of the blue cones even reveals the precise direction from which the neutrinos that caused them came. Business Insider notes it's run by an international team of researchers from the Czech Republic, Germany, Poland, Russia, and Slovakia — and according to Russian news agency TASS cost nearly $34 million. 80-year-old Dr. Domogatski tells the Times, "You should never miss the chance to ask nature any question."

Read more of this story at Slashdot.

The Washington Post explains exactly how the new infrastructure plan of U.S President Joe Biden would "turbocharge" America's transition away from fossil fuels: The linchpin of Biden's plan, which he detailed in a speech Wednesday in Pittsburgh, is the creation of a national standard requiring utilities to use a specific amount of solar, wind and other renewable energy to power American homes, businesses and factories... [Including hydropower and nuclear energy.] Biden has said he wants a carbon-free electricity grid by 2035, so the proposed standard will probably be large... He also plans to ask Congress to provide $174 billion to boost the U.S. market share of electric vehicles and their supply chains, from raw materials to retooled factories. He reiterated that he wants to establish 500,000 electric vehicle charging stations by 2030 and electrify 20 percent of the nation's yellow school buses. Biden also requested $10 billion for a new Civilian Climate Corps, a name designed to echo President Franklin D. Roosevelt's Civilian Conservation Corps. Biden's version would hire an army of young people to work on projects that conserve and restore public lands and waters, increase reforestation, increase carbon sequestration through agriculture, protect biodiversity, improve access to recreation, and build resilience to climate change... Biden is also asking for $16 billion to put "hundreds of thousands" of people to work plugging hundreds of thousands of "orphan" oil and natural gas wells that were largely abandoned after their useful life but which now leak methane, a greenhouse gas 20 times more potent than carbon dioxide. The plan also calls for tax credits for solar panels -- and for companies researching carbon-capture technologies -- as well as new funding tools for power transmission lines. But it also seeks $35 billion to pursue a breakthrough technology (as well as $15 billion for climate-related demonstration projects. This offers a way to commercialize and scale up today's already-existing innovations for clean energy, an official at the Bill Gates-founded Breakthrough Energy told the Post. He suggested the government's purchasing power could ultimately be crucial in lowering the cost of clean technologies like carbon capture and sustainable aviation fuel, and even the cost of producing hydrogen fuel by splitting water molecules. Slashdot reader DanDrollette also adds this note from the Bulletin of the Atomic Scientists: The Biden administration announced what the Washington Post calls "an ambitious plan to expand wind farms along the East Coast and jump-start the country's nascent offshore wind industry," with enough windmills to be built that they could power more than 10 million US homes, and cut 78 million metric tons of greenhouse gas emissions... The Biden administration said it will invest in associated research and development, provide $3 billion in low-interest loans to the offshore wind industry, and fund $230 million in changes to US ports to accommodate the expected influx of shipping and construction... While offshore wind is probably one of the fastest-growing sectors in renewable energy, the United States is still far behind Europe, where windmills are a common sight off the coast and the technology is widely accepted...

Read more of this story at Slashdot.

180 miles east of Seattle, "A pressure vessel from a SpaceX Falcon 9 rocket stage fell on a man's farm in Washington State last week," reports the Verge, "leaving a '4-inch dent in the soil,' the local sheriff's office said Friday." Space.com reports: Although Falcon 9 rocket successfully delivered 60 Starlink satellites to orbit last month, the rocket's second stage didn't deorbit properly after completing the mission. The second stage is the smaller, upper part of the Falcon 9 rocket that separates from the main booster to take satellites to their intended orbit. While the main booster returns to Earth for a landing (so SpaceX can refurbish and reuse it on future launches), once the second stage has completed its role in the mission, it is either intentionally destroyed or left to linger in orbit. Typically it conducts a "deorbit burn" that sends the craft on a safe trajectory to burn up in the atmosphere above the Pacific Ocean. But this time, something went wrong: According to Ars Technica, "there was not enough propellant after this launch to ignite the Merlin engine and complete the burn. So the propellant was vented into space, and the second stage was set to make a more uncontrolled re-entry into the atmosphere." So, instead of burning up over the ocean, the rocket stage ended up breaking up in the sky over the Pacific Northwest — the fiery display visible not only from Washington but also from surrounding states and parts of Canada — just after 9 p.m. local time on Thursday, March 25, or midnight EDT (0400 GMT) on Friday, March 26. Jonathan McDowell, an astrophysicist at the Harvard-Smithsonian Center for Astrophysics, calls it "a bit of a puzzle" that the stage wasn't de-orbited under control back on March 4, telling the Verge that it "looks like something went wrong, but SpaceX has said nothing about it. However, reentries of this kind happen every couple of weeks. It's just unusual that it happens over a densely populated area, just because that's a small fraction of the Earth."

Read more of this story at Slashdot.

Long-time Slashdot reader phalse phace quotes the Washington Post: Phillipe Christodoulou wanted to check his bitcoin balance last month, so he searched the App Store on his iPhone for "Trezor," the maker of a small hardware device he uses to store his cryptocurrency. Up popped the company's padlock logo set against a bright green background. The app was rated close to five stars. He downloaded it and typed in his credentials. In less than a second, nearly all of his life savings — 17.1 bitcoin worth $600,000 at the time — was gone. The app was a fake, designed to trick people into thinking it was a legitimate app. But Christodoulou is angrier at Apple than at the thieves themselves: He says Apple marketed the App Store as a safe and trusted place, where each app is reviewed before it is allowed in the store. Christodoulou, once a loyal Apple customer, said he no longer admires the company. "They betrayed the trust that I had in them," he said in an interview. "Apple doesn't deserve to get away with this." Apple bills its App Store as "the world's most trusted marketplace for apps," where every submission is scanned and reviewed, ensuring they are safe, secure, useful and unique. But in fact, it's easy for scammers to circumvent Apple's rules, according to experts. Criminal app developers can break Apple's rules by submitting seemingly innocuous apps for approval and then transforming them into phishing apps that trick people into giving up their information, according to Apple. When Apple finds out, it removes the apps and bans the developers, the company says. But it's too late for the people who fell for the scam. The Post also points out that the 15 to 30 percent commission Apple collects on all sales in the App Store "goes to fund the 'highly curated' customer experience, the company has said."

Read more of this story at Slashdot.

Slashdot reader quonset quotes Business Insider: A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses. Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users' phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook's password reset feature, which can be used to partially reveal a user's phone number. A Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019.

Read more of this story at Slashdot.

This week the lead consumer technology writer for The New York Times urged readers to switch their browser from Chrome, Safari, or Microsoft Edge to a private browser. "For about a week, I tested three of the most popular options — DuckDuckGo, Brave and Firefox Focus. Even I was surprised that I eventually switched to Brave as the default browser on my iPhone." Firefox Focus, available only for mobile devices like iPhones and Android smartphones, is bare-bones. You punch in a web address and, when done browsing, hit the trash icon to erase the session. Quitting the app automatically purges the history. When you load a website, the browser relies on a database of trackers to determine which to block. The DuckDuckGo browser, also available only for mobile devices, is more like a traditional browser. That means you can bookmark your favorite sites and open multiple browser tabs. When you use the search bar, the browser returns results from the DuckDuckGo search engine, which the company says is more focused on privacy because its ads do not track people's online behavior. DuckDuckGo also prevents ad trackers from loading. When done browsing, you can hit the flame icon at the bottom to erase the session. Brave is also more like a traditional web browser, with anti-tracking technology and features like bookmarks and tabs. It includes a private mode that must be turned on if you don't want people scrutinizing your web history. Brave is also so aggressive about blocking trackers that in the process, it almost always blocks ads entirely. The other private browsers blocked ads less frequently.... In the end, though, you probably would be happy using any of the private browsers... For me, Brave won by a hair. My favorite websites loaded flawlessly, and I enjoyed the clean look of ad-free sites, along with the flexibility of opting in to see ads whenever I felt like it. Brendan Eich, the chief executive of Brave, said the company's browser blocked tracking cookies "without mercy." "If everybody used Brave, it would wipe out the tracking-based ad economy," he said. Count me in.

Read more of this story at Slashdot.

Long-time Slashdot reader xiando quotes the backstory from LinuxReviews.org: CentOS used to be the go-to alternative for those who wanted to use Red Hat Enterprise Linux (RHEL) without having to pay RedHat to use it. It was a almost 1:1 clone until RedHat took control of it and turned it into what is now a RHEL beta-version, not a stable RHEL release without the branding. Almalinux is one of several projects that have made their own RHEL forks in response. The first Almalinux version is now released. ZDNet notes that CentOS co-founder Gregory Kurtzer has announced his own RHEL clone and CentOS replacement named Rocky Linux. But they offer this report on AlmaLinux: CloudLinux — which was founded in 2009 to provide a customized, high-performance, lightweight RHEL/CentOS server clone for multitenancy web and server hosting companies — came ready to deliver. The new free AlmaLinux is now stable and ready for production workloads. The company also announced the formation of a non-profit organization: AlmaLinux Open Source Foundation. This group will take over managing the AlmaLinux project going forward. CloudLinux has committed a $1 million annual endowment to support the project. Jack Aboutboul, former Red Hat and Fedora engineer and architect, will be AlmaLinux's community manager. Altogether, Aboutboul brings over 20 years of experience in open-source communities as a participant, manager, and evangelist... "In an effort to fill the void soon to be left by the demise of CentOS as a stable release, AlmaLinux has been developed in close collaboration with the Linux community," said Aboutaboul in a statement. "These efforts resulted in a production-ready alternative to CentOS that is supported by community members...." In talking with CentOS business users, who deployed CentOS on web and host servers, I found many of them to be very hopeful about AlmaLinux. One from a mid-Atlantic-based Linux hosting company said, "What we want is a stable Linux that our customers can rely on from year to year. Since CentOS Stream can't deliver that, we think — hope — that AlmaLinux can do it for us and our users instead...." This first release of AlmaLinux is a one-to-one binary compatible fork of RHEL 8.3. Looking ahead, AlmaLinux will seek to keep step-in-step with future RHEL releases... The GitHub page has already been published and the completed source code has been published in the main download repository. The CloudLinux engineering team has also published FAQ on AlmaLinux Wiki. "The sudden shift in direction for CentOS that was announced in December created a big void for millions of CentOS users," said Simon Phipps, open source advocate and a former president of the Open Source Initiative who is on the governing board of the AlmaLinux project. In a statement, Phipps said that "As a drop-in open-source replacement, AlmaLinux provides those users with continuity and new opportunity to be part of a vibrant community built around creating and supporting this new Linux distribution under non-profit governance. "I give a lot of credit to CloudLinux for stepping in to offer CentOS users a lifeline to continue with AlmaLinux."

Read more of this story at Slashdot.

"You don't really believe the peeing in bottles thing, do you?" Amazon tweeted last week. But on Friday "The web giant fessed up that its delivery drivers have limited access to bathrooms, meaning that accusations of them urinating in bottles or elsewhere in public are likely to be true," reports the New York Post: "We know that drivers can and do have trouble finding restrooms because of traffic or sometimes rural routes," the online retail giant posted on its AboutAmazon portal. "And this has been especially the case during Covid when many public restrooms have been closed...." Amazon's mea culpa admits that the original response was wrong. "It did not contemplate our large driver population and instead wrongly focused only on our fulfillment centers..." Amazon's original tweet had been attempting to knock down criticism from U.S. congressman Mark Pocan, who'd tweeted that "Paying workers $15/hr doesn't make you a 'progressive workplace' when you union-bust & make workers urinate in water bottles." After Amazon's belated acknowledgement of his original criticism, Pocan responded, "Sigh. This is not about me, this is about your workers — who you don't treat with enough respect or dignity. Start by acknowledging the inadequate working conditions you've created for ALL your workers, then fix that for everyone & finally, let them unionize without interference." Ars Technica notes Amazon's turnabout follows an investigation by Vice which had indeed discovered a Reddit forum for Amazon drivers with "dozens of threads and hundreds of comments" on the issues around finding a bathroom. But Ars also notes the issue appears to extend beyond Amazon: "This is a long-standing, industry-wide issue and is not specific to Amazon," the company added. Amazon says it wants to solve the problem: "We don't yet know how, but will look for solutions." Amazon appears to be right about that. Drivers for Uber, Lyft, and food delivery services have reported trouble finding bathrooms while on the job. Drivers for UPS and FedEx have reported similar difficulties. The problem has gotten worse in the last year as the pandemic has closed a large number of stores and restaurants.

Read more of this story at Slashdot.

Volkswagen's early April Fool's Day prank (pretending to re-name the company "Voltswagen") "may have put the company at risk of running afoul of U.S. securities law by wading into the murky waters of potentially misleading investors," reports CNN: "This is not the sort of thing that a responsible global company should be doing," said Charles Whitehead, Myron C. Taylor Alumni Professor of Business Law at Cornell Law School... Volkswagen is indeed investing heavily in electric vehicles, but confusion over the name change could prompt scrutiny from the Securities and Exchange Commission or litigation from investors who feel misled by the joke. The Securities Exchange Act prohibits companies from making false or misleading statements to investors... Quipping about the status of a business that Volkswagen is positioning as more environmentally friendly also could irk investors, especially in light of the 2015 diesel emissions scandal the company has been trying to put behind it. "Will the SEC inquire? Well, of course they will," Whitehead said. "It's gotten enough publicity and people are concerned about it and there are issues about whether or not companies should be doing this that I'm sure [the SEC is] going to make a phone call." A representative from Volkswagen's headquarters said Wednesday afternoon the company had not been contacted by the SEC. The agency declined to comment on the matter. There is precedent for the SEC taking action against cheeky statements regarding big companies. In 2018, Tesla CEO Elon Musk settled with the SEC for $20 million after the agency said his tweet about securing funding to take the company private at $420 a share — an apparent joke about weed — misled investors... it didn't help that the statement announcing the purported name change included no reference to April Fools' Day — and it landed two days before the holiday... Volkswagen's stock fell nearly 4% on Wednesday in the wake of news of the debacle. And that's no joke. Whitehead doesn't think the SEC would ultimately consider a name change material to investors, though he adds that "These are all kind of gray areas, which is why a responsible company just doesn't go down this path...." But with some VW stock near a six-year high, a Bloomberg columnist calls the episode a reminder "that we now live in the meme-stock age where even bad jokes can add or subtract billions of dollars in market value." They also call it a lesson in just how difficult it is to "be Elon." "Charming young Redditors in an authentic way isn't an easy act to pull off..." Despite being one of the planet's richest people, Musk's counterculture savvy and feisty irreverence has made him a hero for Redditors. Tesla has weaponized its soaring share price to raise billions of dollars in cheap funding. That money pays for new factories and products and is a threat to established carmakers. VW must fund its investments via the cash it generates. Even after this year's blistering run its share price is less than 10 times the value of its earnings. It would be self-defeating if VW didn't try to be a bit "cooler." There's also a double-standard in play. We expect VW to be reliable, while Tesla gets to be quirky. Indeed, Musk gets away with things that others wouldn't. For years Tesla has marketed an autopilot system called "Full Self Driving" that can't yet drive entirely by itself — the timeline for when it will be able to do that always seems to be just around the corner.... Following VW's successful "Power Day" — a straight copy of Musk's "Battery Day" event — I quipped that it wouldn't be long before VW boss Herbert Diess was appointed "TechnoKaiser." Finance blog Zerohedge came up with the better punchline: "VW should go full Elon and file an 8K saying its new title is Voltswagen," it tweeted. VW appears to have taken that tongue-in-cheek advice rather too literally. More fool them. Bloomberg's columnist also acknowledges that Volkswagen "has an ambitious and convincing electric-vehicle plan and may soon leapfrog Tesla to become the world's largest battery-vehicle manufacturer. But being ploddingly German is an impediment in today's stock market."

Read more of this story at Slashdot.

Ashkan Soltani was the Chief Technologist of America's Federal Trade Commission in 2014 — and earlier was a staff technologist in its Division of Privacy and Identity Protection helping investigate tech companies including Google and Facebook Friday on Twitter he accused another group of privacy violations: the nonprofit rights organization, the American Civil Liberties Union. Yesterday, the ACLU updated their privacy statement to finally disclose that they share constituent information with 'service providers' like Facebook for targeted advertising, flying in the face of the org's public advocacy and statements. In fact, I was retained by the ACLU last summer to perform a privacy audit after concerns were raised internally regarding their data sharing practices. I only agreed to do this work on the promisee by ACLU's Executive Director that the findings would be made public. Unfortunately, after reviewing my findings, the ACLU decided against publishing my report and instead sat on it for ~6 months before quietly updating their terms of service and privacy policy without explanation for the context or motivations for doing so. While I'm bound by a nondisclosure agreement to not disclose the information I uncovered or my specific findings, I can say with confidence that the ACLU's updated privacy statements do not reflect the full picture of their practices. For example, public transparency data from Google shows that the ACLU has paid Google nearly half a million dollars to deliver targeted advertisements since 2018 (when the data first was made public). The ACLU also opted to only disclose its advertising relationship with Facebook only began in 2021, when in truth, the relationship spans back years totaling over $5 million in ad-spend. These relationships fly against the principles and public statements of the ACLU regarding transparency, control, and disclosure before use, even as the organization claims to be a strong advocate for privacy rights at the federal and state level. In fact, the NY Attorney General conducted an inquiry into whether the ACLU had violated its promises to protect the privacy of donors and members in 2004. The results of which many aren't aware of. And to be clear, the practices described would very much constitute a 'sale' of members' PII under the California Privacy Rights Act (CPRA). The irony is not lost on me that the ACLU vehemently opposed the CPRA — the toughest state privacy law in the country — when it was proposed. While I have tremendous respect for the work the ACLU and other NGOs do, it's important that nonprofits are bound by the same privacy standards they espouse for everyone else. (Full disclosure: I'm on the EFF advisory board and was recently invited to join EPIC's board.) My experience with the ACLU further amplifies the need to have strong legal privacy protections that apply to nonprofits as well as businesses — partially since many of the underlying practices, particularly in the area of fundraising and advocacy, are similar if not worse. Soltani also re-tweeted an interesting response from Alex Fowler, a former EFF VP who was also Mozilla's chief privacy officer for three years: I'm reminded of EFF co-founder John Gilmore telling me about the Coders' Code: If you find a bug or vulnerability, tell the coder. If coder ignores you or refuses to fix the issue, tell the users.

Read more of this story at Slashdot.

Richard Stallman's name has now been taken off the official web page of the steering committee for GCC, reports IT Wire. But they also note new changes this week in the management team of the Free Software Foundation: A statement from [FSF executive director John] Sullivan, deputy director John Hsieh, and chief technology officer Ruben Rodriguez on 30 March said: "As members of FSF management, we have decided to resign, with specific end dates to be determined. We believe in the importance of the FSF's mission and feel a new team will be better placed to implement recent changes in governance..." The resignations come in the wake of FSF founder Richard Stallman announcing on 19 March, during the organisation's annual LibrePlanet conference this year that he was rejoining the board. "Some of our colleagues in the FSF have decided to resign," reads an official response from the FSF. "We are grateful for the good work they have done for so long, and we will miss them. We regret losing them; we regret the situation that has motivated them to leave." Another FSF board member also resigned last week. Meanwhile, Ars Technica reports the FSF has created a new seat on the board to be filled by someone from FSF union staff, with acting FSF President Geoffrey Knauth calling it "an important step in the FSF's effort to recognize and support new leadership, to connect that leadership to the community, to improve transparency and accountability, and to build trust. There is still considerable work to be done, and that work will continue." Ars Technica adds: The elephant in the room that the FSF's remaining board members seem determined to ignore is the continued presence of Stallman himself — who, along with the rest of the FSF board, will soon need to undergo its new "transparent, formal process for identifying [members] who are wise, capable, and committed to the FSF's mission."

Read more of this story at Slashdot.

An anonymous reader shares an excerpt from a Washington Post article, written by Matthew Cappucci and Jason Samenow: The National Weather Service experienced a major, systemwide Internet failure Tuesday morning, making its forecasts and warnings inaccessible to the public and limiting the data available to its meteorologists. The outage highlights systemic, long-standing issues with its information technology infrastructure, which the agency has struggled to address as demands for its services have only increased. In addition to Tuesday morning's outage, the Weather Service has encountered numerous, repeated problems with its Internet services in recent months, including: a bandwidth shortage that forced it to propose and implement limits to the amount of data its customers can download; the launch of a radar website that functioned inadequately and enraged users; a flood at its data center in Silver Spring, Md., that has stripped access to key ocean buoy observations; and multiple outages to NWS Chat, its program for conveying critical information to broadcasters and emergency managers, relied upon during severe weather events. The Weather Service is working to evaluate and implement solutions to these problems which are, in the meantime, impacting its ability to fulfill its mission of protecting life and property. [...] Problems with the Weather Service's Internet systems have persisted for years, in part because of increasing demand from users, which the agency has struggled to meet. In December, because of an escalating bandwidth shortage, the Weather Service proposed limiting users to 60 connections per minute on a large number of its websites. Constituents complained about the quota and, earlier this month, the Weather Service announced it would instead impose a data limit of 120 requests per minute and only on servers hosting model data, beginning April 20. Meanwhile, on March 9, the Weather Service's headquarters in Silver Spring "experienced a ruptured water pipe, which caused significant and widespread flooding," which affected a data center, the agency said in a statement. "Some NWS data stopped flowing, including data from ocean buoys," the statement said, noting some of the buoys are used "to detect and locate a seismic event that could cause a tsunami." Neil Jacobs, former acting head of the National Oceanic Atmospheric Administration, which oversees the Weather Service, said many of the agency's Internet infrastructure problems are tied to the fact they run on internal hardware rather than through cloud service providers such as Amazon Web Services, Microsoft and Google Cloud. "I've demanded in writing that NWS transition these applications to our Cloud partners. It's part of an internal strategy I've laid out," Jacobs, a Trump administration appointee, told the Capital Weather Gang in an email before he left office. In July, NOAA released its Cloud Strategy, which stated, "the volume and velocity of our data are expected to increase exponentially with the advent of new observing system and data-acquisition capabilities, placing a premium on our capacity and wherewithal to scale the IT infrastructure and services to support this growth. Modernizing our infrastructure requires leveraging cloud services as a solution to meet future demand."

Read more of this story at Slashdot.

whoever57 writes: A blind person with a guide dog was denied rides and harassed because of her guide dog. She sued Uber, which tried to blame its contractors and deny liability. However, an arbitrator has rejected that argument and found the company liable, awarding the blind passenger $1.1 million. The arbitrator found that Uber staffers coached drivers on how to deny rides to disabled passengers without it appearing to be a violation of the law. The staffers also advocated to keep problematic drivers on the platform.

Read more of this story at Slashdot.

A group of scientists from MIT have equipped a robot with a wrist-mounted camera and an RF reader to help it find hidden objects. "As long an item has an RF tag on it, the robot can find it, even if it's hidden behind things like wrapping paper," reports Engadget. From the report: The team told MIT News the most challenging aspect of developing RF Grasp was integrating both sight and RF vision into its decision-making process. They compare the current system to how you might react to a sound in the distance by turning your head to pinpoint its source. RF Grasp will initially use its RF reader to find tagged objects, but the closer it gets to something, the more it depends on the information it collects through its camera to make a decision. Compared to a robot with only a visual system, RF Grasp can locate and pick up an object in about half as many total movements. It also has the unique ability to clean up and declutter its working space as it goes about its tasks. The team sees RF Grasp helping companies like Amazon further automate and streamline their warehouses. "Perception and picking are two roadblocks in the industry today," said Associate Professor Alberto Rodriguez, one of the researchers who worked on the project.

Read more of this story at Slashdot.

CNN has an exclusive look at the supersonic presidential jet currently being developed by a California startup and U.S Air Force. From the report: It's a 31-passenger derivative of Exosonic's 70-passenger commercial airliner concept and is the ultimate in business jets -- luxury leather, oak and quartz fittings, private suites for work and rest, and all at cruise times twice that of existing aircraft. The functions of presidential craft varies according to need, but this plane might primarily be used as Air Force Two, which is the call sign for jets carrying the US vice president. The first of two private suites is the three-passenger meeting room, with secure video teleconferencing so distinguished visitors can work, go online, or address the press. The rotatable seats are leather with wooden shells and the video monitor is capable of being stored in a rolled position so there is space on the credenza sideboard for food platters or presentation equipment. The second eight-passenger suite has lie-flat seats and adjustable table heights and it's where senior staffers can work collaboratively and rest. Then there's the main cabin with 20 business-class seats, plus two galleys, two lavatories and plenty of stowage space. Following the trend in modern aircraft design, the seatbacks have spaces for holding personal electronic devices rather than traditional seat-back monitors. Exosonic's plane boasts a 5,000-nautical-mile range and, thanks to boom-softening techniques, it should be able to fly overland at almost twice the speed of sound without upsetting residents down below. Tie tells CNN that the company expects its supersonic plane to be flying by the mid-2030s.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: More details have emerged about the climate and energy priorities of President Joe Biden's infrastructure plan, and they include support for nuclear power and carbon capture with sequestration (CCS). In a press conference yesterday with reporters, White House climate adviser Gina McCarthy said the administration would seek to implement a clean energy standard that would encourage utilities to use greener power sources. She added that both nuclear and CCS would be included in the administration's desired portfolio. The clean energy standard adds a climate dimension to the Biden administration's recently announced infrastructure plan, seeking to put the US on a path to eliminating carbon pollution. "We think a CES is appropriate and advisable, and we think the industry itself sees it as one of the most flexible and most effective tools," McCarthy told reporters. "The CES is going to be fairly robust and it is going to be inclusive." McCarthy did not provide details about how far a CES would go in supporting nuclear power. It's possible that the policy may only cover plants that are currently operating, but it may also extend to include new plants. The former is more likely than the latter, though, given the challenges and costs involved in building new nuclear capacity. CCS is another technology mentioned, which involves capturing carbon dioxide from power plant exhaust streams and sequestering it underground. "The technology has been condemned for prolonging reliance on fossil fuels, and no commercial power plant in the US currently uses CCS," notes Ars. McCarthy added that they aren't ruling out a carbon tax or fee to get to net-zero.

Read more of this story at Slashdot.

Nearly a third of people who have been in hospital suffering from Covid-19 are readmitted for further treatment within four months of being discharged, and one in eight of patients dies in the same period, doctors have found. From a report: The striking long-term impact of the disease has prompted doctors to call for ongoing tests and monitoring of former coronavirus patients to detect early signs of organ damage and other complications caused by the virus. While Covid is widely known to cause serious respiratory problems, the virus can also infect and damage other organs such as the heart, liver and kidneys. Researchers at University College London, the Office for National Statistics, and the University of Leicester, compared medical records of nearly 48,000 people who had had hospital treatment for Covid and had been discharged by 31 August 2020, with records from a matched control group of people in the general population. The records were used to track rates of readmission, of deaths, and of diagnoses for a range of respiratory, heart, kidney, liver and metabolic diseases, such as diabetes. After an average follow-up time of 140 days, nearly a third of the Covid patients who had been discharged from hospital had been readmitted and about one in eight had died, rates considerably higher than seen in the control group. "This is a concern and we need to take it seriously," said Dr Amitava Banerjee, at the Institute of Health Informatics at University College London. "We show conclusively here that this is very far from a benign illness. We need to monitor post-Covid patients so we can pick up organ impairment early on."

Read more of this story at Slashdot.

French Deliveroo customers who received fake bills for hundreds of euros' worth of pizza have failed to see the funny side of the April Fools' joke. The BBC reports: On April 1, thousands of customers of the delivery platform across France got confirmation emails for orders totaling over $530. Many took to social media to express anger at the stunt. Late on Thursday Deliveroo informed its customers via Twitter and email that it had not been serious. "We confirm that it was an April Fool's joke," the clarification read. "You can enjoy the evening by ordering the pizza of your choice." But few customers were amused. One of them said he had "almost had a stroke" after receiving a 466-euro invoice for 38 pizzas that he had never ordered. Many recipients said they panicked and tried to call their banks to block any payment.

Read more of this story at Slashdot.