A billionaire cryptocurrency evangelist may have gotten a tougher reception than he expected when proposing widespread adoption of Bitcoin to a bankrupt country. From a report: Silicon Valley investor Tim Draper was in Sri Lanka to shoot an episode of his "Meet the Drapers" TV show with local entrepreneurs, and met President Ranil Wickremesinghe on Tuesday to proselytize the adoption of cryptocurrency. He journeyed to the central bank the next day with the same pitch -- but embattled Governor Nandalal Weerasinghe, who's still working to calm financial mayhem, was having none of it. "I come to the Central Bank with decentralized currency," proclaimed Draper, dressed in a Bitcoin tie for the meeting that took place in a teak-paneled room overlooking the sea. "We don't accept," Weerasinghe said, taking another sip of fizzy ginger beer.

During the meeting, Draper several times referred to what he described as Sri Lanka's reputation for corruption and argued cryptocurrency was one solution. Colombo could avert graft by keeping perfect records after adopting Bitcoin, he argued. "Have you seen Sri Lanka in the news? It's known as the corruption capital," Draper said. "A country known for corruption will be able to keep perfect records with the adoption of Bitcoin." Sri Lanka's topmost monetary official countered: "Adoption of 100% Bitcoin won't be a Sri Lanka reality ever." [...] He kept trying with Weerasinghe. "Does the administration have the guts to do it?" he asked. "What's the advantage of having your own currency?" Weerasinghe said other technologies could efficiently distribute financial services to foster inclusion and disburse electronic welfare payments, and noted that a country without its own currency couldn't have monetary-policy independence. "We don't want to make the crisis worse by introducing Bitcoin," he said.

Google has disclosed several security flaws for phones that have Mali GPUs, such as those with Exynos chipsets. From a report: The company's Project Zero team says it flagged the problems to ARM (which produces the GPUs) back in the summer. ARM resolved the issues on its end in July and August. However, smartphone manufacturers including Samsung, Xiaomi, Oppo and Google itself hadn't deployed patches to fix the vulnerabilities as of earlier this week, Project Zero said.

Researchers identified five new issues in June and July and promptly flagged them to ARM. "One of these issues led to kernel memory corruption, one led to physical memory addresses being disclosed to userspace and the remaining three led to a physical page use-after-free condition," Project Zero's Ian Beer wrote in a blog post. "These would enable an attacker to continue to read and write physical pages after they had been returned to the system." Beer noted that it would be possible for a hacker to gain full access to a system as they'd be able to bypass the permissions model on Android and gain "broad access" to a user's data. The attacker could do so by forcing the kernel to reuse the afore-mentioned physical pages as page tables.

An anonymous reader quotes a report from Smithsonian Magazine: It's an increasingly common sight on vacation, particularly in tourist destinations: An influencer sets up in front of a popular local landmark, sometimes even using props (coffee, beer, pets) or changing outfits, as a photographer or self-timed camera snaps away. Others are milling around, sometimes watching. But often, unbeknownst to everyone involved, another device is also recording the scene: a surveillance camera. Belgian artist Dries Depoorter is exploring this dynamic in his controversial new online exhibit, The Followers, which he unveiled last week. The art project places static Instagram images side-by-side with video from surveillance cameras, which recorded footage of the photoshoot in question.

To make The Followers, Depoorter started with EarthCam, a network of publicly accessible webcams around the world, to record a month's worth of footage in tourist attractions like New York City's Times Square and Dublin's Temple Bar Pub. Then he enlisted an artificial intelligence (A.I.) bot, which scraped public Instagram photos taken in those locations, and facial-recognition software, which paired the Instagram images with the real-time surveillance footage. Depoorter calls himself a "surveillance artist," and this isn't his first project using open-source webcam footage or A.I. Last year, for a project called The Flemish Scrollers, he paired livestream video of Belgian government proceedings with an A.I. bot he built to determine how often lawmakers were scrolling on their phones during official meetings. "On its face, The Followers is an attempt, like many other studies, art projects and documentaries in recent years, to expose the staged, often unattainable ideals shown in many Instagram and influencer photos posted online," writes Smithsonian's Molly Enking. "But The Followers also tells a darker story: one of increasingly worrisome privacy concerns amid an ever-growing network of surveillance technology in public spaces. And the project, as well as the techniques used to create it, has sparked both ethical and legal controversy."

Depoorter told Vice's Samantha Cole that he got the idea when he "watched an open camera and someone was taking pictures for like 30 minutes." He wondered if he'd be able to find that person on Instagram.

Seven years ago, Slashdot reader #66,542 announced "Panopticlick 2.0," a site showing how your web browser handles trackers.

But it was just one of the many privacy-protecting projects Peter Eckersley worked on, as a staff technologist at the EFF for more than a decade. Eckersley also co-created Let's Encrypt, which today is used by hundreds of millions of people.

Friday the EFF's director of cybersecurity announced the sudden death of Eckersley at age 43. "If you have ever used Let's Encrypt or Certbot or you enjoy the fact that transport layer encryption on the web is so ubiquitous it's nearly invisible, you have him to thank for it," the announcement says. "Raise a glass."

Peter Eckersley's web site is still online, touting "impactful privacy and cybersecurity projects" that he co-created, including not just Let's Encrypt, Certbot, and Panopticlick, but also Privacy Badger and HTTPS Everywhere. And in addition, "During the COVID-19 pandemic he convened the the stop-covid.tech group, advising many groups working on privacy-preserving digital contact tracing and exposure notification, assisting with several strategy plans for COVID mitigation." You can also still find Peter Eckersley's GitHub repositories online.

But Peter "had apparently revealed recently that he had been diagnosed with cancer," according to a tribute posted online by security company Sophos, noting his impact is all around us: If you click on the padlock in your browser [2022-09-0T22:37:00Z], you'll see that this site, like our sister blog site Sophos News, uses a web certificate that's vouched for by Let's Encrypt, now a well-established Certificate Authority (CA). Let's Encrypt, as a CA, signs TLS cryptographic certificates for free on behalf of bloggers, website owners, mail providers, cloud servers, messaging services...anyone, in fact, who needs or wants a vouched-for encryption certificate, subject to some easy-to-follow terms and conditions....

Let's Encrypt wasn't the first effort to try to build a free-as-in-freedom and free-as-in-beer infrastructure for online encryption certificates, but the Let's Encrypt team was the first to build a free certificate signing system that was simple, scalable and solid. As a result, the Let's Encrypt project was soon able to to gain the trust of the browser making community, to the point of quickly getting accepted as a approved certificate signer (a trusted-by-default root CA, in the jargon) by most mainstream browsers....

In recent years, Peter founded the AI Objectives Institute, with the aim of ensuring that we pick the right social and economic problems to solve with AI:

"We often pay more attention to how those goals are to be achieved than to what those goals should be in the first place. At the AI Objectives Institute, our goal is better goals."

1.34 billion people consumed harmful amounts of alcohol in 2020, according to estimates from a new study funded by the Bill and Melinda Gates Foundation.

It also found that 59.1% of those people consuming unsafe amounts were between the ages of 15 and 39, and that for that group "there are no health benefits to drinking alcohol, only health risks.... 60% of alcohol-related injuries occurring among people in this age group, including motor vehicle accidents, suicides, and homicides."

Of the 15 to 39-year-olds consuming unsafe amounts of alcohol, 76.7% were male. For adults over age 40, health risks from alcohol consumption vary by age and region. Consuming a small amount of alcohol (for example, drinking between one and two 3.4-ounce glasses of red wine) for people in this age group can provide some health benefits, such as reducing the risk of cardiovascular disease, stroke, and diabetes...

Authors call for alcohol consumption guidelines to be revised to emphasise consumption levels by age, stressing that the level of alcohol consumption recommended by many existing guidelines is too high for young people in all regions. They also call for policies targeting males under age 40, who are most likely to use alcohol harmfully.

An anonymous reader quotes a report from U.S. News & World Report: More than 80% of Americans have a widely used herbicide lurking in their urine, a new government study suggests. The chemical, known as glyphosate, is "probably carcinogenic to humans," the World Health Organization's International Agency for Research on Cancer has said. Glyphosate is the active ingredient in Roundup, a well-known weed killer. The U.S. National Nutrition Examination Survey found the herbicide in 1,885 of 2,310 urine samples that were representative of the U.S. population. Nearly a third of the samples came from children ages 6 to 18.

Traces of the herbicide have previously been found in kids' cereals, baby formula, organic beer and wine, hummus and chickpeas. In 2020, the EPA determined that the chemical was not a serious health risk and "not likely" to cause cancer in humans. However, a federal appeals court ordered the EPA to reexamine those findings last month, CBS News reported. In 2019, a second U.S. jury ruled Bayer's Roundup weed killer was the cause of a man's cancer. It was only the second of some 11,200 Roundup lawsuits to go to trial in the United States. Another California man was awarded $78 million (originally $289 million) in the first lawsuit alleging a glyphosate link to cancer.

A study published around the same time as those rulings found that glyphosate "destroys specialized gut bacteria in bees, leaving them more susceptible to infection and death from harmful bacteria."

Further reading: 'It's a Non-Party Political Issue': Banning the Weedkiller Glyphosate (The Guardian)

Microsoft has "delayed enforcement" of what could be a controversial policy change, according to the Software Freedom Conservancy: A few weeks ago, Microsoft quietly updated its Microsoft [app] Store Policies, adding new policies (which go into effect next week), that include this text:

all pricing ... must ... [n]ot attempt to profit from open-source or other software that is otherwise generally available for free [meaning, in price, not freedom].

Wednesday, a number of Microsoft Store users discovered this and started asking questions. Quickly, those of us (including our own organization) that provide Free and Open Source Software (FOSS) via the Microsoft Store started asking our own questions too.... Since all (legitimate) FOSS is already available (at least in source code form) somewhere "for free" (as in "free beer"), this term (when enacted) will apply to all FOSS...

Sadly, these days, companies like Microsoft have set up these app stores as gatekeepers of the software industry. The primary way that commercial software distributors reach their customers (or non-profit software distributors reach their donors) is via app stores. Microsoft has closed its iron grasp on the distribution chain of software (again) — to squeeze FOSS from the marketplace. If successful, even app store users will come to believe that the only legitimate FOSS is non-commercial FOSS. This is first and foremost an affront to all efforts to make a living writing open source software. This is not a merely hypothetical consideration. Already many developers support their FOSS development (legitimately so, at least under the FOSS licenses themselves) through app store deployments that Microsoft recently forbid in their Store....

Microsoft counter-argues that this is about curating content for customers and/or limiting FOSS selling to the (mythical) "One True Developer". But, even a redrafted policy (that Giorgio Sardo [General Manager of Apps at Microsoft] hinted at publicly early Thursday) will mandate only toxic business models for FOSS (such as demo-ware, less-featureful versions available as FOSS, while the full-featured proprietary version is available for a charge).
The Conservancy argues that FOSS "was designed specifically to allow both the original developers and downstream redistributors to profit fairly from the act of convenient redistribution (such as on app stores)." But it also speculates about the sincerity of Microsoft's intentions. "We're cognizant that Microsoft probably planned all this, anyway — including the community outrage followed by their usual political theater of feigned magnanimity."

The Conservancy's post Thursday received an update Friday about Microsoft's coming policy update: After we and others pointed out this problem, a Microsoft employee claimed via Twitter that they would "delay enforcement" of their new anti-FOSS regulation [giving as their reason that "it could be perceived differently than intended."]

We do hope Microsoft will ultimately rectify the matter, and look forward to the change they intend to enact later. Twitter is a reasonable place to promote such a change once it's made, but an indication of non-enforcement by one executive on their personal account is a suboptimal approach. This is a precarious situation for FOSS projects who currently raise funds on the Microsoft Store; they deserve a definitive answer.

Given the tight timetable (just five days!) until the problematic policy actually does go into effect, we call on Microsoft to officially publish a corrected policy now that addresses this point and move the roll-out date at least two months into the future. (We suggest September 16, 2022.) This will allow FOSS projects to digest the new policy with a reasonable amount of time, and give Microsoft time to receive feedback from the impacted projects and FOSS experts.

For one brief limited period of time, New Orleans locals "will have a chance to try the first craft beer created by an AI platform," according to a report from local station WGNO: The AI Blonde Ale will be released at a Launch Party at NOLA Brewery on June 20 to coincide with CVPR, the world's premier computer vision event. Derek Lintern, a brewer at NOLA Brewing said he is excited to have a helping hand when it comes to crafting beer.

"It's state-of-the-art technology with the traditional brewing methods, it's pretty unique and it's a recipe I would have never done normally but I really like how it tastes. Its very refreshing and very easy drinking I'm really happy with it," said Lintern....

The technology helps create the recipe, but the beer is still brewed manually.
The name of the company that brought the AI to the brewery? "Deep Liquid.

Would you drink a glass of Klingon Blood Wine? Or Cardassian Kanar Red Blend? Maybe you'd prefer the Andorian Blue Premium Chardonnay, or the United Federation of Planets Special Reserve Sauvignon Blanc...

Star Trek wines — a collaboration between CBS Consumer Products and Wines That Rock — has now added those four new flavors to their original two (which Ars Technica described as "far better than we expected, although very much over-priced.") So Ars hosted a wine tasting including the new wines, with their six testers joining "Q himself — aka actor John de Lancie." Also taste-testing was The Orville writer Andre Bormanis (a former science advisor for Star Trek: The Next Generation, Deep Space Nine, Voyager and Enterprise).

"Wine assessments were anonymous, in keeping with the gathering's super-casual vibe. And the wine was purchased out of pocket, not gifted for promotional purposes."

They'd tried this once before in 2019. Their three-year mission? To explore strange new wines... Next up: A Bordeaux blend from Chateau Picard (although the label claims it's a 2386 vintage to keep the conceit going): 85 percent cabernet and 15 percent merlot. As I noted [in 2019], this is a bona fide winery, with a centuries-old vineyard in the St.-Estephe region. It just so happens that Jean-Luc Picard's family has long run a fictional vineyard of the same name, albeit in the Burgundy region rather than Bordeaux — it features prominently in Picard. The real winery agreed to collaborate on a special edition of their cru bourgeois vintage for the Star Trek collection.

The Bordeaux blend also came out on top with the 2022 tasting crew, who declared it "perfectly quaffable" and "surprisingly good." The wine is light and dry, "easy on the palate," with "a clean finish," and fairly well balanced. It's almost as if Bordeaux wine makers have had centuries of experience to draw upon. This was the only bottle the tasting crew polished off completely.

Alas, the four new varieties in the Star Trek wine collection fall far, far short of their predecessors....

I will give the Star Trek Wine folks props for creative bottle design, especially the corkscrew shape of the Cardassian blend. The broad consensus was that the Klingon Blood Wine is trying to be a pinot noir and falling short; it's basically a very fruity California cabernet, with perhaps a hint of pepper. "Whoever supplied this blood ate nothing but fruit salad the week prior," one taster noted, with another simply writing, "Way too sweet." The most generous assessment was that it is "drinkable but not extraordinary...."

With the evergreen caveat that taste in wine is highly subjective, here's our recommendation. Stick with the original two bottles for your Star Trek wine, or save yourself some money and get something comparable for a fraction of the price — unless, of course, you're really keen to collect the whole set of unusual bottle designs. Or you're a Cardassian who loves really sweet wine.
Meanwhile, William Shatner himself is raising money for charity by auctioning off a bottle of "James T. Kirk" whiskey — the actual prop used on Star Trek: Picard. "The bottle does not contain real Bourbon just a colored liquid," its description notes — but the bottle has actually been autographed by 91-year-old Shatner.

A ban on booze has led to parched throats and dry toast. From a report: The love-it-or-loathe-it spread, invented in Britain at the start of the 20th century, is an extract of yeast. It is most commonly eaten spread thinly on buttered toast, but it can also be used to add a rich, vegan-friendly umami flavour to soups, stews and sauces. In South Africa Marmite is indeed thinly spread. Shoppers first noted shortages at the beginning of the covid-19 pandemic, when South Africa banned alcohol sales in an attempt to free up beds in hospitals that would otherwise be filled with tipsy drivers or drunken brawlers. The ban had an unexpected consequence. With beer sales on ice, South Africa's main breweries sharply reduced their production. With much less lager fermenting in their vats, they were also producing far less brewer's yeast, the beery by-product that is the main ingredient of Marmite.

Through the course of the pandemic, South Africa imposed four separate alcohol bans, each one of which dealt a blow to Marmite production. Nine months since the lifting of the last prohibition, production ought to have recovered, allowing shops to refill their shelves. Yet it has not. When your correspondent recently walked the aisles of 15 grocery stores in Johannesburg, 12 had no Marmite at all. In the three remaining shops a total of just seven jars could be found, of which three appear to have escaped purchase by hiding behind jars of Bovril, a beef-based cousin of Marmite. The branch manager of a large store in eastern Johannesburg says that deliveries still dribble in but fly off the shelves in an instant. That the shortage continues is because of another hiccup in the supply chain. Pioneer Foods, the local manufacturer of Marmite, reportedly said that its production has been slowed by a shortage of sodium carbonate, which is used in the manufacturing process. Muckraking by the Daily Maverick, a local paper better known for exposing political scandals than for scrutinising sandwiches, found that intermittent cuts in the water supply were also affecting the country's only Marmite factory.

An anonymous reader quotes a report from The Verge: A report from Bloomberg details the obstacles hampering Amazon's efforts to get its delivery drone program off the ground, citing a high employee turnover rate and potential safety risks. According to Bloomberg, there were five crashes over the course of a four-month period at the company's testing site in Pendleton, Oregon. A crash in May took place after a drone lost its propeller, but Bloomberg says Amazon cleaned up the wreckage before the Federal Aviation Administration could investigate. The following month, a drone's motor shut off as it switched from an upward flight path to flying straight ahead. Two safety features -- one that's supposed to land the drone in this type of situation and another that stabilizes the drone -- both failed. As a result, the drone flipped upside down and made a fiery descent from 160 feet in the air, leading to a brush fire that stretched across 25 acres. It was later put out by the local fire department.

Last year, a Wired report revealed that Amazon's drone delivery operation is struggling just as much in the UK, despite making its first-ever drone delivery near Cambridge in 2016. Wired's report suggests that the UK outfit is marred by some of the same issues described by Bloomberg, including a high turnover rate and potential safety issues. At a UK-based facility for analyzing drone footage for people and animals, one worker reportedly drank beer on the job, while Wired said another held down the "approve" button on their computer regardless of whether there were hazards in the footage or not.

Former and current employees at Amazon also told Bloomberg that the company is prioritizing the rushed rollout of its drone program over safety. Cheddi Skeete, a former drone project manager at Amazon, said he was fired last month for speaking with his manager about his safety concerns. Skeete told Bloomberg that he was reluctant to continue testing a drone that had crashed five days previously but was told the team had inspected 180 engines on 30 different drones -- Skeete doubted this assertion, as checking the motors is a cumbersome process, Bloomberg reports. David Johnson, a former drone flight assistant for Amazon, told Bloomberg that Amazon would sometimes perform tests "without a full flight team" and with "inadequate equipment." Johnson also said the company often assigned multiple roles to one person, a claim Bloomberg says is corroborated by two other former Amazon employees. "They give people multiple things to do in a very narrow window of time to try to boost their numbers, and people cut corners," Johnson told Bloomberg. "They were more concerned about pumping flights out and didn't want to slow down."

An anonymous reader quotes a report from CNN: Just one pint of beer or average glass of wine a day may begin to shrink the overall volume of the brain, a new study has found, and the damage worsens as the number of daily drinks rises. On average, people at age 50 who drank a pint of beer or 6-ounce glass of wine (two alcohol units) a day in the last month had brains that appeared two years older than those who only drank a half of a beer (one unit), according to the study, which published Friday in the journal Nature. The brains of people that age who said they drank three alcohol units a day had reductions in both white and gray matter that looked as if they had added 3.5 years to the ages of their brains.

One alcohol unit is 10 milligrams or 8 grams of pure alcohol. That means 25 milligrams or a single shot of liquor is one unit; a 16-ounce can of beer or cider is two units; and a standard 6-ounce glass of wine (175 milligrams) is two units. The brains of nondrinkers who began consuming an average of one alcohol unit a day showed the equivalent of a half a year of aging, according to the study. In comparison, drinking four alcohol units a day aged a person's brain by more than 10 years. "The report analyzed data from more than 36,000 people who took part in the UK Biobank study, which houses in-depth genetic and health information on more than 500,000 middle-aged adults living in the United Kingdom," report CNN.

"People in the study had provided information on the number of drinks they had each week in the previous year and had undergone an MRI brain scan. Researchers compared their scans with images of typical aging brains and then controlled for such variables as age, sex, smoking status, socioeconomic status, genetic ancestry and overall head size."

Danish brewer Carlsberg and a Coca-Cola bottler shut their plants in Ukraine on Thursday following Russia's invasion while firms making goods from jet engines to semiconductors warned that supplies of key raw materials could suffer. From a report: Carlsberg, which has a 31% share of Ukraine's beer market, halted production at all three of its breweries in the country, while Coca-Cola said it had triggered its contingency plans which included shutting its bottling plant. Britain's biggest domestic bank Lloyds, meanwhile, warned that it was on heightened alert for cyberattacks from Russia while companies operating in Ukraine were looking at how to shield their staff from the conflict. Russian forces invaded Ukraine by land, air and sea on Thursday, confirming the worst fears of the West with the biggest attack by one state against another in Europe since World War Two. Many companies with significant exposure to Russia said they were still waiting to see the full force of Western sanctions before deciding on any action, although backers of the suspended Nord Stream 2 gas pipeline were already taking a hit. Washington imposed sanctions on the company behind Nord Stream 2 on Wednesday and European Union leaders are meeting later on Thursday to decide what punitive measures they will impose as retribution for Russia's attack

Thousands of people — included hundreds of men — were accused of witchcraft in Scotland, the Guardian reports, "from allegations of cursing the king's ships, to shape-shifting into animals and birds, or dancing with the devil."

Many were executed. Now, three centuries after the Witchcraft Act was repealed, campaigners are on course to win pardons and official apologies for the estimated 3,837 people — 84% of whom were women — tried as witches, of which two-thirds were executed and burned...

[W]ell-known cases include Lilias Adie, from Torryburn, Fife, who was accused of casting a spell to cause a neighbour's hangover; while Issobell Young, executed at Edinburgh Castle in 1629, was said by a stable boy to have shape-shifted into an owl and accused of having a coven....

The [pro-pardon advocacy site] Witches of Scotland notes that signs associated with witchcraft — broomsticks, cauldrons, black cats and black pointed hats — were also associated with "alewives", the name for women who brewed weak beer to combat poor water quality. The broomstick sign was to let people know beer was on sale, the cauldron to brew it, the cat to keep mice down, and the hat to distinguish them at market. Women were ousted from brewing and replaced by men once it became a profitable industry.
Wikipedia has a page with a list of people executed for witchcraft. Citing modern scholars, it places the total number of people executed for witchcraft in Europe and America between 40,000 and 50,000.

But the Guardian also notes a recent statement from the head of the pro-pardon advocacy group Witches of Scotland. "Per capita, during the period between the 16th and 18th century, we [Scotland] executed five times as many people as elsewhere in Europe, the vast majority of them women."

fahrbot-bot writes: The world is full of beautiful equations, numbers and calculations. From counting beads as toddlers to managing finances as adults, we use math every day. But scientists often go beyond these quotidian forms of counting, to measure, weigh and tally far stranger things in the universe. From the number of bubbles in a typical glass of beer to the weight of all the coronavirus particles circulating in the world, LiveScience notes the 10 weird things scientists calculated in 2021.

1. Number of bubbles in a half-pint glass of beer: up to 2 million bubbles, about twice as many as Champagne.
2. Weight of all SARS-CoV-2 particles: between 0.22 and 22 pounds (0.1 and 10 kilograms).
3. Counted African elephants from space for the first time -- Earth elephants (using satellites and AI) not Space Elephants.
4. Acceleration of a finger snap: maximal rotational velocities of 7,800 deg/s and a maximal rotational acceleration of 1.6 million deg/s squared -- in seven milliseconds, more than 20 times faster than the blink of an eye, which takes more than 150 milliseconds.
5. Calculated pi to 62.8 trillion decimal places.
6. Updated the "friendship paradox" equations.
7. Theoretical number and mass of all Black Holes: about 1% of all ordinary matter (not dark matter) in the universe.
8. How long would it take to walk around the moon? At 4 hours a day, it would take about 547 Earth days, or about 1.5 years.
9. How many active satellites currently orbit the planet? As of September 2021, there were around 7,500 active satellites in low Earth orbit.
10. The "absolute limit" on the human life span: probably 120 to 150 years.

wiredmikey shares a report from SecurityWeek: Security researchers at Google's Project Zero have picked apart one of the most notorious in-the-wild iPhone exploits and found a never-before-seen hacking roadmap that included a PDF file pretending to be a GIF image with a custom-coded virtual CPU built out of boolean pixel operations. If that makes you scratch your head, that was exactly the reaction from Google's premier security research team after disassembling the so-called FORCEDENTRY iMessage zero-click exploit used to plant NSO Group's Pegasus surveillance tool on iPhones.

"We assess this to be one of the most technically sophisticated exploits we've ever seen," Google's Ian Beer and Samuel Grob wrote in a technical deep-dive into the remote code execution exploit that was captured during an in-the-wild attack on an activist in Saudi Arabia. In its breakdown, Project Zero said the exploit effectively created "a weapon against which there is no defense," noting that zero-click exploits work silently in the background and does not even require the target to click on a link or surf to a malicious website. "Short of not using a device, there is no way to prevent exploitation by a zero-click exploit," the research team said.

The researchers confirmed the initial entry point for Pegasus was Apple's proprietary iMessage that ships by default on iPhones, iPads and macOS devices. By targeting iMessage, the NSO Group hackers needed only a phone number of an AppleID username to take aim and fire eavesdropping implants. Because iMessage has native support for GIF images (especially those that loop endlessly), Project Zero's researchers found that this expanded the attack surface and ended up being abused in an exploit cocktail that targeted a security defect in Apple's CoreGraphics PDF parser. Within Apple's CoreGraphics PDF parser, the NSO exploit writers abused Apple's implementation of the open-source JBIG2, a domain specific image codec designed to compress images where pixels can only be black or white. Describing the exploit as "pretty terrifying," Google said the NSO Group hackers effectively booby-trapped a PDF file, masquerading as a GIF image, with an encoded virtual CPU to start and run the exploit. Apple patched the exploit in September and filed a lawsuit seeking to hold NSO Group accountable.

An anonymous reader quotes a report from TechRadar: BrewDog, one of the world's largest craft beer brewers, has exposed personally identifiable information (PII) belonging to more than 200,000 of its shareholders and customers, according to cybersecurity researchers. Cybersecurity consulting firm PenTest Partners discovered that a flaw in the official BrewDog app, which persisted for more than 18 months, made it easy for anyone to access the PII of other users. In its detailed report, PenTest Partners notes that the mobile app doled out the same hard coded API Bearer Token, which effectively rendered request authorization useless. The researchers say that, thanks to the flaw, any user could append the customerID of another user to the API endpoint URL to extract their PII and other details. In addition to being damaging to the user, the flaw could've also been used to adversely affect the company since the leaked details could've been used to generate QR codes to get discounted and even free beers. BrewDog started using hard-coded tokens with v2.5.5 of its app, launched in March 2020, before finally patching the flaw in v2.5.13 release in September 2021.

Last month U.S. President Biden issued "a mandate that all companies with more than 100 workers require vaccination or weekly testing," remembers the New York Times, and "also moved to mandate shots for health care workers, federal contractors and a vast majority of federal workers, who could face disciplinary measures if they refuse."

So what happened next? Until now, the biggest unknown about mandating COVID-19 vaccines in workplaces has been whether such requirements would lead to compliance or to significant departures by workers unwilling to get shots — at a time when many places were already facing staffing shortages. So far, a number of early mandates show few indications of large-scale resistance. "Mandates are working," said John Swartzberg, a physician and professor at the School of Public Health at the University of California, Berkeley. "If you define 'working' by the percentage of people getting vaccinated and not leaving their jobs in droves."

Unlike other incentives — "prizes, perks, doughnuts, beer, we've seen just about everything offered to get people vaccinated" — mandates are among the few levers that historically have been effective in increasing compliance, said Swartzberg, who has tracked national efforts to increase rates of inoculation...

[T]he pushback has been less dramatic than initially feared. At Houston Methodist Hospital, which mandated vaccines this summer for 25,000 employees, for example, only about 0.6% of employees quit or were fired. Dorit Reiss, a professor at the University of California Hastings College of the Law in San Francisco who is tracking employer mandates, said that, despite their propensity for backlash and litigation, mandates generally increase vaccine compliance because the knowledge that an order is coming has often been enough to prompt workers to seek inoculation before courts even can weigh in. Mandates are becoming more commonplace as several other states have imposed requirements for workers. In New York, Rhode Island, Maine, Oregon and the District of Columbia, health care workers must get vaccinated to remain employed.
The Times's article (original URL here) provides statistics from specific examples:

• "When Tyson Foods announced Aug. 3 that it would require coronavirus vaccines for all 120,000 of its U.S. employees, less than half of its workforce was inoculated. Nearly two months later, 91% of the company's U.S. workforce is fully vaccinated, said Dr. Claudia Coplein, Tyson's chief medical officer."

• "In New York, where some 650,000 employees at hospitals and nursing homes were to have received at least one vaccine dose by the start of this week, 92% were in compliance, state officials said. That was up significantly from a week ago, when 82% of the state's nursing home workers and at least 84% of its hospital workers had received at least one dose."

• "As California's requirement that all health care workers be vaccinated against the coronavirus took effect Thursday, major health systems reported that the mandate had helped boost their vaccination rates to 90% or higher."

"If you've ever dreamed of living 'a long time ago in a galaxy far, far away,' now is your chance — as long as you've got a spare four to six thousand dollars sitting around," writes SFGate: This week, Walt Disney World announced more details about its new Galactic Starcruiser hotel opening in the spring, an immersive, two-day "Star Wars" experience that evokes the feeling of being in the movies. The tech will be more advanced than any other Disney experience, including Rise of the Resistance at Disneyland and the Star Wars: Galaxy's Edge lands... "Star Wars: Galactic Starcruiser is a revolutionary new 2-night experience where you are the hero," according to Walt Disney World's website. "You and your group will embark on a first-of-its-kind Star Wars adventure that's your own. It's the most immersive Star Wars story ever created — one where you live a bespoke experience and journey further into a Star Wars adventure than you ever dreamed possible."

There are lightsaber experiences, interstellar entertainment, characters hanging around and an overall feeling that you're closer to being in Star Wars than you've ever been in your life. The idea is that you're staying on a luxury space cruise, so immersive that the hotel's windows look out into "space" and you never leave the property unless it's to "board a transport" to Batuu, the land where Star Wars: Galaxy's Edge takes place. Admission to Hollywood Studios is included in the price, as is all of your food and non-alcoholic beverages. But really, for $4,809 for two nights' accommodations for two guests in a studio, they could throw in a space beer or two...

But then again, for some Star Wars fans, you can't put a price on total immersion in the fandom, from cast members acting as though they're really intergalactic travelers to the ability to make infinite Wookee jokes free from the harsh judgements of people who wouldn't spend $4,000 to sleep in a "spaceship."

An anonymous reader quotes a report from Wired: Well over 100 employees at Amazon Prime Air have lost their jobs and dozens of other roles are moving to other projects abroad as the company shutters part of its operation in the UK, WIRED understands. Insiders claim the future of the UK operation, which launched in 2016 to help pioneer Amazon's global drone delivery efforts, is now uncertain. Those working on the UK team in the last few years, who spoke on condition of anonymity, describe a project that was "collapsing inwards," "dysfunctional" and resembled "organized chaos," run by managers that were "detached from reality" in the years building up to the mass redundancies.

They told WIRED about increasing problems within Prime Air in recent years, including managers being appointed who knew so little about the project they couldn't answer basic work questions, an employee drinking beer at their desk in the morning and some staff being forced to train their replacements in Costa Rica. Amazon says it still has staff working for Prime Air in the UK, but has refused to confirm headcount. [...] An Amazon spokesperson says it will still have a Prime Air presence in the UK after the cuts, but refuses to disclose what type of work will take place. The spokesperson also refused to confirm, citing security reasons, if any of the test flights that once filled promotional videos will still take place in the UK. The spokesperson adds that the company has found positions in other parts of its business for some affected employees and that it will keep growing its presence in the region. The spokesperson did not confirm how many employees were offered other jobs internally.