Phoronix reports: The GCC Steering Committee has approved of the GCC Rust front-end providing Rust programming language support by the GNU Compiler Collection. This Rust front-end will likely be merged ahead of the GCC 13 release next year. The GCC Steering Committee this morning has announced that the Rust front-end "GCC Rust" is appropriate for inclusion into the GCC mainline code-base. This is the effort that has been in the works for a while as an alternative to Rust's official LLVM-based compiler. GCC Rust is still under active development but is getting into shape for mainlining. The hope is to have at least "beta" level support for the Rust programming language in GCC 13, which will be released as stable around April of next year.

Read more of this story at Slashdot.

Steve Springett is a conscientious senior security architect. And in 2018, he published an essay on GitHub arguing that from a security engineer's perspective, WebAssembly "increases the attack surface of any browser that supports it." Springett wrote that WebAssembly modules are sent in (unsigned) binary format — without a transport-layer security mechanism — and rely on browser sandboxing for safety. But the binary format makes it harder to analyze the code, while sandboxing "is prone to breakouts and effectiveness varies largely by implementation. Adobe Flash is an example of a technology that was sandboxed after a series of exploits, yet exploits and breakouts still occurred." Springett even went so far as to offer the commands for switching off WebAssembly in your browser. Now Tablizer (Slashdot reader #95,088) wants to know what other Slashdot readers think of Spingett's security concrens around WebAssembly. And also offers this suggestion to browser makers: Browsers should have a way to easily disable WebAssembly — including whitelisting. For example, if you need it for specific gaming site, you can whitelist just that site and not have WASM exposed for other sites.

Read more of this story at Slashdot.

"A growing number of cities and towns all over the U.S. are handing out cash grants and other perks aimed at drawing skilled employees of faraway companies to live there and work remotely," reports the Wall Street Journal: A handful of such programs have existed for years, but they have started gaining traction during the pandemic — and have really taken off in just the past year or so. Back in October there were at least 24 such programs in the U.S. Today there are 71, according to the Indianapolis-based company MakeMyMove, which is contracted by cities and towns to set up such programs. Because these programs specifically target remote workers who have high wages, a disproportionate share of those who are taking advantage of them work in tech — and especially for big tech companies. Companies whose employees have participated in one remote worker incentive program in Tulsa, Oklahoma, include Adobe, Airbnb, Amazon, Apple, Dell, Facebook parent Meta Platforms, Google, IBM, Microsoft, Lyft, Netflix, Oracle and Siemens, according to a spokeswoman for the organization. Local governments are offering people willing to move up to $12,000 in cash, along with subsidized gym memberships, free babysitting and office space.... A skeptic might ask why local economic development programs are spending funds to subsidize the lives of people who work for some of the most valuable companies in the world. On the other hand, because these remote workers aren't coming to town seeking local jobs, an argument can be made that they constitute a novel kind of stimulus program for parts of the country that have been left out of the tech boom — courtesy of big tech companies... Every remote worker these places successfully attract and retain is like gaining a fraction of a new factory or corporate office, with much less expenditure and risk, argues Mark Muro, who studies cities and labor at the Brookings Institution. The reporter interviewed an Amazon engineer who moved to Greensburg, Indiana (population: 12,193), and Meta worker David Gora, who moved to Tulsa, Oklahoma and praises its relocation program's sense of mission, possibility, and community. "Even with the pay cuts that Meta has imposed on workers who relocate to areas with a lower cost of living, Mr. Gora is saving a lot more money and has a much higher quality of life than before, he adds." Tulsa's program is unique in that it's funded by a philanthropic organization rather than a local economic-development budget, the article points out. But it adds that "a study conducted by the Economic Innovation Group and commissioned by Tulsa Remote concluded that for every two people the program brings to the city, one new job is created." By contrast, when an office moves to a town, every new high-wage tech job creates an estimated five more jobs in sectors including healthcare, education and service, according to research by economist Enrico Moretti. That's because those deals involve not only people but the money that goes into building and maintaining facilities, paying commercial property taxes and more. Still, for towns that don't have the budget to attract a whole office or factory, the modest impact of bringing in a handful of remote tech workers can be balanced by the much smaller investment required to attract them.

Read more of this story at Slashdot.

"As many as 100 people could be looking at the board and see something different," reports the Michigan news site MLive.com. "Look up at a Detroit Metropolitan Airport departure board and you could see a personalized travel itinerary." Delta's site features a trippy video showing the screen with a different greeting depending on where the camera is positioned. "Hello Liz!" "Hello Albert!" "Hello Cora!" The maker's of the technology envision it someday being used in theme parks, stadiums, and convention centers. But what exactly is happening here? MLive explains: In late June, Delta Airlines launched a beta version of its new Parallel Reality technology that allows dozens of people to simultaneously see unique content on the same digital screen. Detroit is the first, and currently only, airport in the country to experiment with the futuristic technology developed by Misapplied Sciences, based in California... Delta passengers can scan their boarding pass, select a language and test out the system. Using "multi-view pixels and proprietary technology," the board then shows personal flight information, boarding time or even standby status, a news release said... Delta Senior Vice President of Customer Experience Ranjan Goswami said the new system means "customers will no longer have to search for flight and gate information." "This technology truly must be seen to be believed," Goswami said in an announcement. The Parallel Reality displays project up to millions of light rays that can be directed to a specific person. Non-biometric sensors then reportedly track passengers who can see the display even if they move.... Delta says the Parallel Reality experience will "always be opt-in" and customer information is not stored. "If this new technology can make finding your gate and departure information quicker and easier, we're not just showing customers a magic trick — we're solving a real problem," said Delta's senior VP of customer experience. "Customers already rely on personalized navigation via their mobile devices, but this is enabling a public screen to act as a personal one — removing the clutter of information not relevant to you to empower a better journey." The company's statement adds that Delta "is also investing in digital identity technology, which allows customers to move through the airport using facial recognition, eliminating the need to show a boarding pass or government ID." The technology is already available at airports in Atlanta, Detroit, Los Angeles, and New York, "and will eventually be activated in all of Delta's U.S. hubs."

Read more of this story at Slashdot.

"5G iPhones have been slapped with a sales ban in Colombia," reports Digital Trends, "due to a 5G patent infringement dispute between Apple and Ericsson... The ban affects the latest models, including the iPhone 12, iPhone 13, and the iPad Pro, which the court found infringed Ericsson's patent pertaining to 5G tech." They add that in response Apple is now suing Ericsson in Texas, "for damages that resulted from the ruling in Colombia, as well as any fines, fees, penalties, and costs that have been incurred because of it." The site FOSS Patents notes that Colombia reached the "banning" stage less than six months after the beginning of "the current wave of Ericsson v. Apple patent infringement actions." ZDNet explains: The backstory here is somewhat complicated but can be boiled down to the following points: - Apple used to pay Ericsson royalty fees for patented 5G technologies. - Apple failed to renew the licenses when they expired. - Ericsson sued Apple. - Apple then sued Ericsson, claiming that the company was violating FRAND rules, the patents were standard-essential patents, and Ericsson's licensing fees were too high. There followed a whole bunch of legal actions and counteractions, with both companies attempting to get sales bans on the other company's hardware.... This ban is likely no big deal for Apple given the small size of that market. The problem is several more lawsuits are making their way through various courts in various territories. And since Apple isn't disputing the validity of the patents, it's almost certainly opening itself out to bans being enforced in other countries. Thanks to long-time Slashdot reader fermion for sharing the news!

Read more of this story at Slashdot.

The Washington Post reports on a "widely adopted, even codified" trend in recent months: people aren't coming in to their offices on Friday. "The drop-off in office work, particularly on Fridays, has led coffee shops to reduce their hours, delis to rethink staffing and bars like Pat's Tap in Minneapolis to kick off happy hour earlier than ever — starting at 2 p.m." Just 30 percent of office workers swiped into work on Fridays in June, the least of any weekday, according to Kastle Systems, which provides building security services for 2,600 buildings nationwide. That's compared to 41 percent on Mondays, the day with the second-lowest turnout, and 50 percent on Tuesdays, when the biggest share of workers are in the office. "It's becoming a bit of cultural norm: You know nobody else is going to the office on Friday, so maybe you'll work from home, too," said Peter Cappelli, director of the Center for Human Resources at the University of Pennsylvania's Wharton School. "Even before the pandemic, people thought of Friday as a kind of blowoff day. And now there's a growing expectation that you can work from home to jump-start your weekend...." Some start-ups and tech firms have begun doing away with Fridays altogether. Crowdfunding platform Kickstarter and online consignment shop ThredUp are among a small but growing number of firms moving to a four-day workweek that runs from Monday to Thursday. Executives at Bolt, a checkout technology company in San Francisco, began experimenting with no-work Fridays last summer and quickly realized they'd hit a winning formula. Employees were more productive than before, and came back to work on Mondays with new enthusiasm. In January, it switched to a four-day workweek for good. "Managers were onboard, people kept hitting their goals," Bolt's head of employee experience tells the Post. "And they come back on Mondays energized and more engaged." An adviser at the Society of Human Resource Management tells the Post that employers are trying new inducements to get people to return to offices on Fridays. "If you feed them, they will come. Food trucks, special catered events, ice cream socials, that's what's popular right now." And the Post adds that other employers have also tried wine carts, costume contests and karaoke sing-offs — "all aimed at getting workers to give up their couches for cubicles."

Read more of this story at Slashdot.

CNN reports: An "unsubscribe" option that's a little too hard to find. A tiny box you click, thinking it simply takes you to the next page, but it also grants access to your data. And any number of unexpected charges that appear during checkout that weren't made clearer earlier in the process. Countless popular websites and apps, from retailers and travel services to social media companies, make use of so-called "dark patterns," or gently coercive design tactics that critics say are used to manipulate peoples' digital behaviors. The term "dark patterns" was coined by Harry Brignull, a U.K.-based user experience specialist and researcher of human-computer interactions. Brignull began noticing that when he reported to one of his clients that most test subjects felt deceived by an aspect of their website or app design, the client seemed to welcome the feedback. "That was always intriguing for me as a researcher, because normally the name of the game is to find the flaws and fix them," Brignull told CNN Business. "Now we're finding 'flaws' that the client seems to like, and want to keep." To put it in the parlance of Silicon Valley, he realized it was a feature, not a bug.... Brignull, for his part, said he has spent time testifying as an expert witness in some class action lawsuits related to dark patterns in the UK. "The scams don't work when the victim knows what the scammer is trying to do," Brignull said. "If they know what the scam is, then they're not going to get taken in — and that's why I've enjoyed so much exposing these things, and showing it to other consumers." The article notes that America's Federal Trade Commission "is ramping up its enforcement in response to 'a rising number of complaints about the financial harms caused by deceptive sign-up tactics, including unauthorized charges or ongoing billing that is impossible cancel.'"

Read more of this story at Slashdot.

1.34 billion people consumed harmful amounts of alcohol in 2020, according to estimates from a new study funded by the Bill and Melinda Gates Foundation. It also found that 59.1% of those people consuming unsafe amounts were between the ages of 15 and 39, and that for that group "there are no health benefits to drinking alcohol, only health risks.... 60% of alcohol-related injuries occurring among people in this age group, including motor vehicle accidents, suicides, and homicides." Of the 15 to 39-year-olds consuming unsafe amounts of alcohol, 76.7% were male. For adults over age 40, health risks from alcohol consumption vary by age and region. Consuming a small amount of alcohol (for example, drinking between one and two 3.4-ounce glasses of red wine) for people in this age group can provide some health benefits, such as reducing the risk of cardiovascular disease, stroke, and diabetes... Authors call for alcohol consumption guidelines to be revised to emphasise consumption levels by age, stressing that the level of alcohol consumption recommended by many existing guidelines is too high for young people in all regions. They also call for policies targeting males under age 40, who are most likely to use alcohol harmfully.

Read more of this story at Slashdot.

"TikTok is resisting calls to preserve and hand over access to its content for war crime investigations," reports the Financial Times, "as lawyers and activists warn that the Chinese-owned app is a major data challenge in prosecuting atrocities in Russia's invasion of Ukraine." The video app's popularity with young Ukrainians and Russians posting footage of the war has made it a trove of digital intelligence that investigators are attempting to mine and archive as evidence of war crimes, crimes against humanity, and illegal acts of violence in Ukraine.... "I have concerns about the security of data there, and it is not fully clear where the interest and influence in the company is coming from," said Dia Kayyali, associate director for advocacy at Mnemonic, a nonprofit that archives digital documentation of human rights violations. "It is especially concerning that China could directly have access to that data...." Since early 2022, TikTok has met with human rights lawyers, activists, and others involved in Ukraine war crime investigations. However, it has yet to introduce any changes to its process or the product itself. Criminal prosecutors are increasingly relying on social media posts from TikTok and others as a way to "bring the crime scene to the courtroom," said Karim Khan, chief prosecutor of the International Criminal Court. "Any effective investigation anywhere in the world now really requires a very effective harnessing of social media," said Khan. "People... recording killings or attacks or the consequences of attacks in real time, it can have absolutely fantastic probative value...." TikTok said it regularly meets with organizations, government bodies, and third-party experts to gather feedback and is committed to cooperating with law enforcement while respecting the privacy of its users.

Read more of this story at Slashdot.

"Russian President Vladimir Putin approved a law Friday prohibiting the use of digital assets as forms of payments in Russia..." reports the tech/policy news site Protocol. The ban on crypto-form payments also apparently applies to NFTs: The new law also includes a provision that requires crypto exchanges and providers refuse transactions in which digital assets could be construed as a form of payment... The new law is set to take effect in 10 days. There's been some speculation that sanctioned Russian companies or individuals might use crypto to avoid sanctions imposed after the country's invasion of Ukraine. But officials have proven savvy in using on-chain analytics to trace transactions, and industry experts have warned that sanctions evaders would be ill-served by trying to use cryptocurrencies. U.S. and EU bodies have even added specific crypto wallet addresses to sanction lists.

Read more of this story at Slashdot.

This year's "State of WebAssembly" report has been published by Colin Eberhardt (CTO at the U.K.-based software consultancy Scott Logic). Hundreds of people were surveyed for the report, notes this article by Visual Studio Magazine. Published by B2B media company 1105 Media, the magazine notes that Eberhardt's survey included some good news for Rust — and for Microsoft's free open source framework Blazor (for building web apps using C# and HTML): This year, like last year, Rust was found to be the most frequently used and most desired programming language for WebAssembly development.... "Rust once again comes out on top, with 45 percent saying they use it frequently or sometimes," Eberhardt said. "WebAssembly and Rust do have quite a close relationship, most WebAssembly runtimes are written in Rust, as are the various platforms based on wasm. It also enjoys some of the best tooling, so this result doesn't come as a big surprise." While Rust usage and desirability has continued to climb, the Blazor web-dev framework is coming on strong in the report, which treats Blazor as a programming language, though it's not. On that desirability scale, Blazor climbed from sixth spot in 2021 to fourth this year among seven "programming languages" [based on] percentage of respondents who use a given language 'frequently,' or 'sometimes' [for WebAssembly development] compared to last year. Eberhardt said, "Rust has had a modest rise in desirability, but the biggest climber is Blazor, with Go following just behind." Commenting on another graphic that shows which language people most want to use for WebAssembly development, Eberhardt said, "This shows that Rust usage has climbed steadily, but the biggest climbers are Blazor and Python. While you can now compile WebAssembly from a variety of languages (including C, #C, and C++), the report also found that JavaScript has somehow become a viable WebAssembly language — sort of, and even though JavaScript itself can't be compiled to WebAssembly... There's a cunning workaround for this challenge; rather than compiling JS to Wasm, you can instead compile a JavaScript engine to WebAssembly then use that to execute your code. This is actually much more practical than you might think.

Read more of this story at Slashdot.

"Customized action figures at massive scale," promises a video at CNN. They'll be priced at $59.99, and it'll all start happening this fall — thanks to Hasbro's new partnership with 3D printer company Formlabs. Long-time Slashdot reader destinyland explains: "It wasn't until recently that two technologies came into play at once," Brian Chapman, Hasbro's head of global design and development tells CNN. "One is a very simple way to scan someone's face and head" — which can now be accomplished with a Hasbro mobile app (which also allows customers to select other customizations like specific costumes). "And then, a very affordable way to print that head in a one-off way" (so it can be affixed to the standard body of Hasbro's action figures). Imagine your face on Star Wars and Marvel action figures, as well as Power Rangers, Ghostbusters — and more. CNN adds that Hasbro say it will not sell user face data, and will delete it after 60 days.

Read more of this story at Slashdot.

"NASA astronauts will go back to riding Russian rockets under an agreement announced Friday," reports the Associated Press, "and Russian cosmonauts will catch lifts to the International Space Station with SpaceX beginning this fall." The agreement ensures that the space station will always have at least one American and Russian on board to keep both sides of the orbiting outpost running smoothly, according to NASA and Russian officials. The swap had long been in the works and was finalized despite tensions over Moscow's war in Ukraine, a sign of continuing Russia-U.S. cooperation in space.... No money will exchange hands under the agreement, according to NASA.... Friday's news came just hours after the blustery chief of the Russian space agency, Dmitry Rogozin, was replaced by President Vladimir Putin, although the move did not appear to have any connection to the crew swap. Rogozin was expected to be given a new post. CBS News explains the NASA-Roscosmos agreement: "The station was designed to be interdependent and relies on contributions from each space agency to function," the NASA statement said. "No one agency has the capability to function independent of the others..." Russia provides the propellant and thrusters, either on the station or visiting Progress cargo ships, to change the station's orbit and offset the effects of atmospheric drag. NASA provides the bulk of the lab's electrical power, the massive gyroscopes that help maintain the station's orientation and a station-wide computer and communications network. Russian cosmonauts are not trained to operate U.S. systems and vice versa, meaning at least one astronaut and one cosmonaut must be aboard at all times. If either side pulled out, the other likely would have to depart as well, or quickly come up with alternative systems. "NASA wants to operate the space station through 2030," adds CBS, "but Russian cooperation is required. And it's not yet known whether Russia will go along."

Read more of this story at Slashdot.

A senior systems administrator at the Free Software Foundation points out that they're running free software in two data centers and over a hundred virtual machine — each and every one with "a freedom-respecting BIOS." But the "how" is surprisingly intricate: [E]arlier this week, we replaced "Columbia", the last of any FSF-run machines running a nonfree BIOS.... At FSF, our current standard is ASUS KGPE-D16 motherboards with AMD CPUs 6200 series CPUs released in 2012. For the BIOS, we install Libreboot, the easy-to-install, 100% free software replacement for proprietary BIOS/boot programs, or a version of Coreboot that is carefully built to avoid including any nonfree blobs. They are fast enough for our needs, and we expect this to be the case for many more years to come. They are also very affordable systems. We are also working toward supporting Raptor Computer Systems' newer and more powerful Talos II, as well as Blackbird motherboards that use IBM POWER9 CPUs. The POWER9 CPU architecture is called "PowerPC 64-bit little endian," abbreviated "ppc64el...." The Raptor motherboards come with entirely free firmware — and even have free hardware designs! However, this type of migration has its challenges. For example, the first thing we needed to address before using these motherboards is that the main operating system we use, Trisquel GNU/Linux, didn't previously run on pp64el. So, earlier this year, we set up a Raptor POWER9 computer running Debian (without using any nonfree parts of Debian repositories) and loaned it to the maintainers of Trisquel for as long as needed. And now, we are proud to say that the upcoming Trisquel 11 release will support POWER9...! Before I decommissioned Columbia, I ran a dmidecode, which told me that the BIOS program fit within a single megabyte of space. Often, very simplistic firmware becomes more complicated in later models, and that also usually means it has a growing significance for a user's software freedom. Some newer nonfree BIOSes have grown into operating systems in their own right, sometimes with large programs such as a full Web browser. There is no fully-free BIOS available for x86 Intel and AMD CPUs released after about 2013. The key blocking factor is that those CPUs require certain firmware in the BIOS, like Intel Management Engine. Those CPUs will also refuse to run firmware that hasn't been cryptographically signed by private keys controlled by AMD and Intel, and AMD and Intel will only sign their own nonfree firmware. At the FSF, we refuse to run that nonfree firmware, and we applaud the many people who also avoid it. For those people who do run those Intel or AMD systems, running Coreboot or Osboot is still a step up the Freedom Ladder for the software freedom of your BIOS. The road to freedom is a long road. We hope our dedication to achieve milestones like these can inspire the free software movement.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Phys.Org: [N]ew research from the University of California, Irvine reports that trees in California's mountain ranges and open spaces are dying from wildfires and other pressures -- and fewer new trees are filling the void. "The forests are not keeping up with these large fires," said study co-author James Randerson, the Ralph J. and Carol M. Cicerone Professor of Earth system science at UCI. Across the entire state, tree cover area has declined 6.7 percent since 1985. "These are big changes in less than four decades," he said. It's the first time that researchers have been able to measure tree population declines in California, and attribute the changes to such pressures as wildfires, drought stress and logging. For the study, the UCI-led team used satellite data from the USGS and NASA's Landsat mission to study vegetation changes between 1985 and 2021. They found that one of the starkest declines in tree cover was in Southern California, where 14 percent of the tree population in local mountain ranges vanished, potentially permanently. The rate and scale of decline varies across the state. Tree cover in the Sierra Nevada, for instance, stayed relatively stable until around 2010, then began dropping precipitously. The 8.8 percent die-off in the Sierra coincided with a severe drought from 2012 to 2015, followed by some of the worst wildfires in the state's history, including the Creek Fire in 2020. Fortunately "in the north, there's plenty of recovery after fire," said [Jonathan Wang, a postdoctoral researcher in Randerson's research group, who led the study published in AGU Advances], perhaps because of the region's higher rainfall and cooler temperatures. But even there, high fire years in 2018, 2020 and 2021 have taken a visible toll. The tree decline has also affected carbon storage abilities in the state, said Randerson, who added that the next step is to precisely quantify the impact on forests' ability to absorb anthropogenic carbon dioxide.

Read more of this story at Slashdot.

Amazon says it will start contacting customers in College Station, Texas, to gauge their interest in receiving orders via Prime Air. Engadget reports: Amazon says it was impressed by many elements of the city, including the research being conducted by Texas A&M University, such as work on drone technology. The US Census Bureau estimates the population of College Station was 120,000 as of last July, so while it isn't the biggest city around, it seems like a decent size for the initially rollout of Prime Air. "Amazon's new facility presents a tremendous opportunity for College Station to be at the forefront of the development of drone delivery technology," Karl Mooney, the mayor of College Station, said. "We look forward to partnering with Amazon and Texas A&M and are confident that Amazon will be a productive, conscientious, and accountable participant in our community."

Read more of this story at Slashdot.

A new kind of laser uses tiny moving particles to produce beams of light. The laser is more programmable than standard lasers and the approach could be used to create visual displays that are sharp from all angles. New Scientist reports: Conventional lasers repeatedly bounce light between two mirrors until it becomes bright and focused. Riccardo Sapienza at Imperial College London and his colleagues have built a laser that uses particles that can arrange themselves to carry out a similar process. The new type of laser first requires the use of green light from a traditional laser. The researchers shine this light into a small glass box filled with a liquid solution containing particles of titanium oxide and silicon oxide. This warms up the silicon oxide particles and causes the titanium oxide particles to clump around them. The green light then bounces between particles in the clump -- similarly to how light bounces between mirrors in conventional lasers -- until the clump itself starts to emit a laser beam, now in the color red. By nudging the particles into different positions with the green light, the team can program the properties of the light emitted by the laser, such as where in the device it originates from and how pure its color is. By comparison, conventional lasers can't be adjusted after manufacturing. The findings have been published in the journal Nature Physics.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Wired: [R]esearchers from the New Jersey Institute of Technology are warning this week about a novel technique attackers could use to de-anonymize website visitors and potentially connect the dots on many components of targets' digital lives. The findings (PDF), which NJIT researchers will present at the Usenix Security Symposium in Boston next month, show how an attacker who tricks someone into loading a malicious website can determine whether that visitor controls a particular public identifier, like an email address or social media account, thus linking the visitor to a piece of potentially personal data. When you visit a website, the page can capture your IP address, but this doesn't necessarily give the site owner enough information to individually identify you. Instead, the hack analyzes subtle features of a potential target's browser activity to determine whether they are logged into an account for an array of services, from YouTube and Dropbox to Twitter, Facebook, TikTok, and more. Plus the attacks work against every major browser, including the anonymity-focused Tor Browser. "If you're an average internet user, you may not think too much about your privacy when you visit a random website," says Reza Curtmola, one of the study authors and a computer science professor at NJIT. "But there are certain categories of internet users who may be more significantly impacted by this, like people who organize and participate in political protest, journalists, and people who network with fellow members of their minority group. And what makes these types of attacks dangerous is they're very stealthy. You just visit the website and you have no idea that you've been exposed." How this de-anonymization attack works is difficult to explain but relatively easy to grasp once you have the gist. Someone carrying out the attack needs a few things to get started: a website they control, a list of accounts tied to people they want to identify as having visited that site, and content posted to the platforms of the accounts on their target list that either allows the targeted accounts to view that content or blocks them from viewing it -- the attack works both ways. Next, the attacker embeds the aforementioned content on the malicious website. Then they wait to see who clicks. If anyone on the targeted list visits the site, the attackers will know who they are by analyzing which users can (or cannot) view the embedded content. [...] Complicated as it may sound, the researchers warn that it would be simple to carry out once attackers have done the prep work. It would only take a couple of seconds to potentially unmask each visitor to the malicious site -- and it would be virtually impossible for an unsuspecting user to detect the hack. The researchers developed a browser extension that can thwart such attacks, and it is available for Chrome and Firefox. But they note that it may impact performance and isn't available for all browsers.

Read more of this story at Slashdot.

Aiming to produce environmentally friendly alternatives to plastic food wrap and containers, a Rutgers scientist has developed a biodegradable, plant-based coating that can be sprayed on foods, guarding against pathogenic and spoilage microorganisms and transportation damage. From a report: Their article, published in the science journal Nature Food, describes the new kind of packaging technology using the polysaccharide/biopolymer-based fibers. Like the webs cast by the Marvel comic book character Spider-Man, the stringy material can be spun from a heating device that resembles a hair dryer and "shrink-wrapped" over foods of various shapes and sizes, such as an avocado or a sirloin steak. The resulting material that encases food products is sturdy enough to protect bruising and contains antimicrobial agents to fight spoilage and pathogenic microorganisms such as E. coli and listeria. The research paper includes a description of the technology called focused rotary jet spinning, a process by which the biopolymer is produced, and quantitative assessments showing the coating extended the shelf life of avocados by 50 percent. The coating can be rinsed off with water and degrades in soil within three days, according to the study. [...] The paper describes how the new fibers encapsulating the food are laced with naturally occurring antimicrobial ingredients -- thyme oil, citric acid and nisin. Researchers in the Demokritou research team can program such smart materials to act as sensors, activating and destroying bacterial strains to ensure food will arrive untainted. This will address growing concern over food-borne illnesses as well as lower the incidence of food spoilage [...].

Read more of this story at Slashdot.

"The most impactful change to come out of WWDC had nothing to do with APIs, a new framework or any hardware announcement," writes Jordan Morgan via Daring Fireball. "Instead, it was a change I've been clamoring for the last several years -- and it's one that's incredibly indie friendly. As you've no doubt heard by now, I'm of course talking about iCloud enabled apps now allowing app transfers." 9to5Mac explains how it works: According to Apple, you already could transfer an app when you've sold it to another developer or you would want to move it to another App Store Connect account or organization. You can also transfer the ownership of an app to another developer without removing it from the App Store. The company said: "The app retains its reviews and ratings during and after the transfer, and users continue to have access to future updates. Additionally, when an app is transferred, it maintains its Bundle ID -- it's not possible to update the Bundle ID after a build has been uploaded for the app." The news here is that it's easier for developers to transfer the ownership of apps that use iCloud. Apple said that if your app uses any of the following, it will be transferred to the transfer recipient after they accept the app transfer: iCloud to store user data; iCloud containers; and KVS identifiers are associated with the app. The company said: "If multiple apps on your account share a CloudKit container, the transfer of one app will disable the other apps' ability to read or store data using the transferred CloudKit container. Additionally, the transferor will no longer have access to user data for the transferred app via the iCloud dashboard. Any app updates will disable the app's ability to read or store data using the transferred CloudKit container. If your app uses iCloud Key-Value Storage (KVS), the full KVS value will be embedded in any new provisioning profiles you create for the transferred app. Update your entitlements plist with the full KVS value in your provisioning profile." You can learn more about the news via this Apple Developer page.

Read more of this story at Slashdot.