An anonymous reader quotes a report from the Hill: Two federal employees are suing the Office of Personnel Management (OPM) to block the agency from creating a new email distribution system -- an action that comes as the information will reportedly be directed to a former staffer to Elon Musk now at the agency. The suit (PDF), launched by two anonymous federal employees, ties together two events that have alarmed members of the federal workforce and prompted privacy concerns. That includes an unusual email from OPM last Thursday reviewed by The Hill said the agency was testing "a new capability" to reach all federal employees -- a departure from staffers typically being contacted directly by their agency's human resources department.

Also cited in the suit is an anonymous Reddit post Monday from someone purporting to be an OPM employee, saying a new server was installed at their office after a career employee refused to set up a direct line of communication to all federal employees. According to the post, instructions have been given to share responses to the email to OPM chief of staff Amanda Scales, a former employee at Musk's AI company. Federal agencies have separately been directed to send Scales a list of all employees still on their one-year probationary status, and therefore easier to remove from government. The suit says the actions violate the E-Government Act of 2002, which requires a Privacy Impact Assessment before pushing ahead with creation of databases that store personally identifiable information.

Kel McClanahan, executive director of National Security Counselors, a non-profit law firm, noted that OPM has been hacked before and has a duty to protect employees' information. "Because they did that without any indications to the public of how this thing was being managed -- they can't do that for security reasons. They can't do that because they have not given anybody any reason to believe that this server is secure.that this server is storing this information in the proper format that would prevent it from being hacked," he said. McClanahan noted that the emails appear to be an effort to create a master list of federal government employees, as "System of Records Notices" are typically managed by each department. "I think part of the reason -- and this is just my own speculation -- that they're doing this is to try and create that database. And they're trying to sort of create it by smushing together all these other databases and telling everyone who receives the email to respond," he said.

Earlier this month a major fire erupted at a California battery plant. But several factors contributed to its rapid spread, the fire district's chief told the Los Angeles Times: A fire suppression system that is part of every battery rack at the plant failed and led to a chain reaction of batteries catching on fire, he said at a news conference last week. Then, a broken camera system in the plant and superheated gases made it challenging for firefighters to intervene. Once the fire began spreading, firefighters were not able to use water, because doing so can trigger a violent chemical reaction in lithium-ion batteries, potentially causing more to ignite or explode.
The county's Board of Supervisors has now requested that the plant remain offline until an investigation is completed. A county supervisor told the newspaper "What we're doing with this technology is way ahead of government regulations and ahead of the industry's ability to control it."

And plans for a new battery storage site nearby are now being questioned, with an online petition to halt all new battery-storage facilities in the county drawing over 3,200 signatures. The fire earlier this month was the fourth at Moss Landing since 2019, and the third at buildings owned by Texas-based Vistra Energy... Already, the fire has prompted calls for additional safety regulations around battery storage, and more local control over where storage sites are located...

California Assemblymember Dawn Addis (D-Morro Bay) has introduced Assembly Bill 303 — the Battery Energy Safety & Accountability Act — which would require local engagement in the permitting process for battery or energy storage facilities, and establish a buffer to keep such sites a set distance away from sensitive areas like schools, hospitals and natural habitats... Gov. Gavin Newsom, a fierce advocate of clean energy, agrees an investigation is needed to determine the fire's cause and supports taking steps to make Moss Landing and similar facilities safer, his spokesperson Daniel Villaseñor said in a statement. Addis and two other state legislators sent a letter to the California Public Utilities Commission Thursday requesting an investigation.

"The Moss Landing facility has represented a pivotal piece of our state's energy future, however this disastrous fire has undermined the public's trust in utility scale lithium-ion battery energy storage systems," states the letter. "If we are to ensure California moves its climate and energy goals forward, we must demonstrate a steadfast commitment to safety..."

initial testing from the U.S. Environmental Protection Agency ruled that the levels of toxic gases released by the batteries, including hydrogen fluoride, did not pose a threat to public health during the fire. [The EPA says their monitoring "showed concentrations of particulate matter to be consistent with the air quality index throughout the Monterey Bay and San Francisco Bay regions, with no measurements exceeding the moderate air quality level... In addition to EPA's monitoring, Vistra Energy brought in a third-party environmental consultant with air monitoring expertise, right after the fire started"]

Still, many residents remain on edge about potential long-term impacts on the nearby communities of Watsonville, Castroville, Salinas and the ecologically sensitive Elkhorn Slough estuary.

An anonymous reader shared this report from TechCrunch: The developer behind Pixelfed, Loops, and Sup, open source alternatives to Instagram, TikTok, and WhatsApp, respectively, is now raising funds on Kickstarter to fuel the apps' further development. The trio is part of the growing open social web, also known as the fediverse, powered by the same ActivityPub protocol used by X alternative Mastodon... [and] challenge Meta's social media empire... "Help us put control back into the hands of the people!" [Daniel Supernault, the Canadian-based developer behind the federated apps] said in a post on Mastodon where he announced the Kickstarter's Thursday launch.

As of the time of writing, the campaign has raised $58,383 so far. While the goal on the Kickstarter site has been surpassed, Supernault said that he hopes to raise $1 million or more so he can hire a small team... A fourth project, PubKit, is also a part of these efforts, offering a toolset to support developers building in the fediverse... The stretch goal of the Kickstarter campaign is to register the Pixelfed Foundation as a not-for-profit and grow its team beyond volunteers. This could help address the issue with Supernault being a single point of failure for the project... Mastodon CEO Eugen Rochko made a similar decision earlier this month to transition to a nonprofit structure. If successful, the campaign would also fund a blogging app as an alternative to Tumblr or LiveJournal at some point in the future.

The funds will also help the apps manage the influx of new users. On Pixelfed.social, the main Pixelfed instance, (like Mastodon, anyone can run a Pixelfed server), there are now more than 200,000 users, thanks in part to the mobile app's launch, according to the campaign details shared with TechCrunch. The server is also now the second-largest in the fediverse, behind only Mastodon.social, according to network statistics from FediDB. New funds will help expand the storage, CDNs, and compute power needed for the growing user base and accelerate development. In addition, they'll help Supernault dedicate more of his time to the apps and the fediverse as a whole while also expanding the moderation, security, privacy, and safety programs that social apps need.

As a part of its efforts, Supernault also wants to introduce E2E encryption to the fediverse.
The Kickstarter campaign promises "authentic sharing reimagined," calling the apps "Beautiful sharing platforms that puts you first. No ads, no algorithms, no tracking — just pure photography and authentic connections... More Privacy, More Safety. More Variety. " Pixelfed/Loops/Sup/Pubkit isn't a ambitious dream or vaporware — they're here today — and we need your support to continue our mission and shoot for the moon to be the best social communication platform in the world.... We're following the both the Digital Platform Charter of Rights & Ethical Web Principles of the W3C for all of our projects as guidelines to building platforms that help people and provide a positive social benefit.
The campaign's page says they're building "a future where social networking respects your privacy, values your freedom, and prioritizes your safety."

Sony will cease production of recordable Blu-ray discs at its last factory in February, ending an 18-year manufacturing run amid declining demand for physical media. The Japanese electronics giant will also halt production of MiniDiscs and MiniDV cassettes. The company had already stopped making consumer recordable Blu-ray and optical disks in mid-2024, maintaining production only for business clients.

Intel is advocating for modular PC designs to improve repairability, reduce e-waste, and align with the right-to-repair movement. A trio of executives makes their case for such designs in a recent blog post. The Register reports: Intel's approach to the problem is to draft three proposals targeting different market segments, saying that a one-size-fits-all approach would not be able to address the nuanced demands of these varied segments. Those three segments comprise "Premium Modular PC" (actually a laptop design); "Entry/Mainstream Modular PC" (another laptop); and "Desktop Modular PC."

The first envisages a three-board system, comprising a core motherboard plus universal left and right I/O boards, the latter engineered to be common across fan-less Thin & Light designs with a 10W power envelope, and premium fanned designs for up to 20W or 30W. The Entry/Mainstream Modular PC is similar, with a core motherboard and left and right I/O boards, although in this segment, Intel says these can be redesigned to allow multiple SKUs of the design. The circuit boards are also cost-optimized here to cater to the mainstream segment, it says.

The Desktop Modular PC design appears from Intel's diagram to use a midplane that has the Platform Controller Hub (PCH) silicon, with other modules connecting to this. These include CPU, memory, and GPU modules, removable using slide rails, along with hot-swappable storage, all designed to fit inside a 5 liter desktop chassis. Intel also said it is introducing subsystem-level replaceable modules. In practice, this means something like a Type-C connector on a flexible printed circuit (FPC) or an M.2 circuit board. The idea is that the module can easily be swapped out if the port or connector is damaged.

Longtime Slashdot reader sfcat shares a report from the Associated Press: Hundreds of people were ordered to evacuate and part of Highway 1 in Northern California was closed when a major fire erupted Thursday afternoon at one of the world's largest battery storage plants. As the fire sent up towering flames and black smoke and showed no sign of easing by Thursday night, about 1,500 people were instructed to leave Moss Landing and the Elkhorn Slough area, The Mercury News reported.

The Moss Landing Power Plant, located about 77 miles (about 124 kilometers) south of San Francisco, is owned by Texas-company Vistra Energy and contains tens of thousands of lithium batteries. The batteries are important for storing electricity from such renewable energy sources as solar energy, but if they go up in flames the blazes can be extremely difficult to put out. "There's no way to sugar coat it. This is a disaster, is what it is," Monterey County Supervisor Glenn Church told KSBW-TV. But he said he did not expect the fire to spread beyond the concrete building it was enclosed in. According to reports, the fire originated in the 300-megawatt Phase I section of the 750-megawatt facility, located on the site of a retired PG&E natural gas plant.

It's unclear what caused the fire, but officials said a full investigation will begin after it's out. Thankfully, everyone at the site was evacuated safely. Videos and images of the fire can be found here.

Sweden has begun constructing a long-term storage facility for spent nuclear fuel in Forsmark, making it only the second country after Finland to build such a site. It is not expected to be completed until the 2080s, but once finished, it will securely house radioactive waste for up to 100,000 years. Reuters reports: The Forsmark final repository, about 150 kilometers north of Stockholm on Sweden's east coast, will consist of 60 km of tunnels buried 500 meters down in 1.9 billion year old bedrock. It will be the final home for 12,000 tons of spent nuclear fuel, encased in 5 meter long, corrosion-resistent copper capsules that will be packed in clay and buried. The facility will take its first waste in the late 2030s but will not be completed until around 2080 when the tunnels will be backfilled and closed, Sweden's Nuclear Fuel and Waste Management Company (SKB) said. [...]

The Forsmark repository will cost around 12 billion crowns($1.08 billion) and be paid for by the nuclear industry, SKB said. It will have room to hold all the waste produced by Sweden's nuclear power plants. However, it will not hold fuel from future reactors. Sweden plans to build 10 more reactors by 2045.

A new ransomware group called Codefinger targets AWS S3 buckets by exploiting compromised or publicly exposed AWS keys to encrypt victims' data using AWS's own SSE-C encryption, rendering it inaccessible without the attacker-generated AES-256 keys. While other security researchers have documented techniques for encrypting S3 buckets, "this is the first instance we know of leveraging AWS's native secure encryption infrastructure via SSE-C in the wild," Tim West, VP of services with the Halcyon RISE Team, told The Register. "Historically AWS Identity IAM keys are leaked and used for data theft but if this approach gains widespread adoption, it could represent a significant systemic risk to organizations relying on AWS S3 for the storage of critical data," he warned. From the report: ... in addition to encrypting the data, Codefinder marks the compromised files for deletion within seven days using the S3 Object Lifecycle Management API â" the criminals themselves do not threaten to leak or sell the data, we're told. "This is unique in that most ransomware operators and affiliate attackers do not engage in straight up data destruction as part of a double extortion scheme or to otherwise put pressure on the victim to pay the ransom demand," West said. "Data destruction represents an additional risk to targeted organizations."

Codefinger also leaves a ransom note in each affected directory that includes the attacker's Bitcoin address and a client ID associated with the encrypted data. "The note warns that changes to account permissions or files will end negotiations," the Halcyon researchers said in a report about S3 bucket attacks shared with The Register. While West declined to name or provide any additional details about the two Codefinger victims -- including if they paid the ransom demands -- he suggests that AWS customers restrict the use of SSE-C.

"This can be achieved by leveraging the Condition element in IAM policies to prevent unauthorized applications of SSE-C on S3 buckets, ensuring that only approved data and users can utilize this feature," he explained. Plus, it's important to monitor and regularly audit AWS keys, as these make very attractive targets for all types of criminals looking to break into companies' cloud environments and steal data. "Permissions should be reviewed frequently to confirm they align with the principle of least privilege, while unused keys should be disabled, and active ones rotated regularly to minimize exposure," West said. An AWS spokesperson said it notifies affected customers of exposed keys and "quickly takes any necessary actions, such as applying quarantine policies to minimize risks for customers without disrupting their IT environment."

They also directed users to this post about what to do upon noticing unauthorized activity.

Due to a "rapid expansion of solar capacity," Germany generated 72.2 TWh of solar power in 2024, reports PV magazine, "accounting for 14% of its total electricity output, according to Germany's Fraunhofer Institute for Solar Energy Systems.

"Wind power remained Germany's largest source of electricity in 2024, generating 136.4 TWh..." Hydropower also saw a slight increase, contributing 21.7 TWh in 2024. Total renewable energy generation reached 275.2 TWh, up 4.4% from 2023. Biomass plants, with an installed capacity of 9.1 GW, generated 36 TWh of electricity.

Generation from coal-fired power plants declined sharply in Germany in 2024, with lignite production dropping 8.4% and hard coal falling 27.6%, according to Energy Charts. Lignite-fired plants produced 71.1 TWh, roughly matching the total output from photovoltaic systems, while hard coal plants generated 24.2 TWh... Germany's CO2 emissions continued their downward trend, falling to 152 million tons in 2024, a 58% reduction from 1990 levels and more than half of 2014 levels...

Battery storage capacity saw substantial growth, with installed capacity rising from 8.6 GW to 12.1 GW and associated energy storage increasing from 12.7 GWh to 17.7 GWh. Germany's battery storage capacity now surpasses pumped storage by approximately 10 GW, underscoring the shift toward renewable energy integration.
Thanks to long-time Slashdot reader AmiMoJo for sharing the article.

"Microsoft's Digital Crimes Unit is taking legal action to ensure the safety and integrity of our AI services," according to a Friday blog post by the unit's assistant general counsel. Microsoft blames "a foreign-based threat-actor group" for "tools specifically designed to bypass the safety guardrails of generative AI services, including Microsoft's, to create offensive and harmful content.

Microsoft "is accusing three individuals of running a 'hacking-as-a-service' scheme," reports Ars Technica, "that was designed to allow the creation of harmful and illicit content using the company's platform for AI-generated content" after bypassing Microsoft's AI guardrails: They then compromised the legitimate accounts of paying customers. They combined those two things to create a fee-based platform people could use. Microsoft is also suing seven individuals it says were customers of the service. All 10 defendants were named John Doe because Microsoft doesn't know their identity.... The three people who ran the service allegedly compromised the accounts of legitimate Microsoft customers and sold access to the accounts through a now-shuttered site... The service, which ran from last July to September when Microsoft took action to shut it down, included "detailed instructions on how to use these custom tools to generate harmful and illicit content."

The service contained a proxy server that relayed traffic between its customers and the servers providing Microsoft's AI services, the suit alleged. Among other things, the proxy service used undocumented Microsoft network application programming interfaces (APIs) to communicate with the company's Azure computers. The resulting requests were designed to mimic legitimate Azure OpenAPI Service API requests and used compromised API keys to authenticate them. Microsoft didn't say how the legitimate customer accounts were compromised but said hackers have been known to create tools to search code repositories for API keys developers inadvertently included in the apps they create. Microsoft and others have long counseled developers to remove credentials and other sensitive data from code they publish, but the practice is regularly ignored. The company also raised the possibility that the credentials were stolen by people who gained unauthorized access to the networks where they were stored...

The lawsuit alleges the defendants' service violated the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Lanham Act, and the Racketeer Influenced and Corrupt Organizations Act and constitutes wire fraud, access device fraud, common law trespass, and tortious interference.

Plaintiffs in Kadrey v. Meta allege that Meta CEO Mark Zuckerberg authorized the team behind the company's Llama AI models to use a dataset of pirated ebooks and articles for training. They further accuse the company of concealing its actions by stripping copyright information and torrenting the data. TechCrunch reports: In newly unredacted documents filed (PDF) with the U.S. District Court for the Northern District of California late Wednesday, plaintiffs in Kadrey v. Meta, who include bestselling authors Sarah Silverman and Ta-Nehisi Coates, recount Meta's testimony from late last year, during which it was revealed that Zuckerberg approved Meta's use of a data set called LibGen for Llama-related training. LibGen, which describes itself as a "links aggregator," provides access to copyrighted works from publishers including Cengage Learning, Macmillan Learning, McGraw Hill, and Pearson Education. LibGen has been sued a number of times, ordered to shut down, and fined tens of millions of dollars for copyright infringement.

According to Meta's testimony, as relayed by plaintiffs' counsel, Zuckerberg cleared the use of LibGen to train at least one of Meta's Llama models despite concerns within Meta's AI exec team and others at the company. The filing quotes Meta employees as referring to LibGen as a "data set we know to be pirated," and flagging that its use "may undermine [Meta's] negotiating position with regulators." The filing also cites a memo to Meta AI decision-makers noting that after "escalation to MZ," Meta's AI team "[was] approved to use LibGen." (MZ, here, is rather obvious shorthand for "Mark Zuckerberg.")

The details seemingly line up with reporting from The New York Times last April, which suggested that Meta cut corners to gather data for its AI. At one point, Meta was hiring contractors in Africa to aggregate summaries of books and considering buying the publisher Simon & Schuster, according to the Times. But the company's execs determined that it would take too long to negotiate licenses and reasoned that fair use was a solid defense. The filing Wednesday contains new accusations, like that Meta might've tried to conceal its alleged infringement by stripping the LibGen data of attribution.

An anonymous reader quotes a report from Ars Technica: A federal judge this week rejected Google's motion to throw out a class-action lawsuit alleging that it invaded the privacy of users who opted out of functionality that records a users' web and app activities. A jury trial is scheduled for August 2025 in US District Court in San Francisco. The lawsuit concerns Google's Web & App Activity (WAA) settings, with the lead plaintiff representing two subclasses of people with Android and non-Android phones who opted out of tracking. "The WAA button is a Google account setting that purports to give users privacy control of Google's data logging of the user's web app and activity, such as a user's searches and activity from other Google services, information associated with the user's activity, and information about the user's location and device," wrote (PDF) US District Judge Richard Seeborg, the chief judge in the Northern District Of California.

Google says that Web & App Activity "saves your activity on Google sites and apps, including associated info like location, to give you faster searches, better recommendations, and more personalized experiences in Maps, Search, and other Google services." Google also has a supplemental Web App and Activity setting that the judge's ruling refers to as "(s)WAA." "The (s)WAA button, which can only be switched on if WAA is also switched on, governs information regarding a user's '[Google] Chrome history and activity from sites, apps, and devices that use Google services.' Disabling WAA also disables the (s)WAA button," Seeborg wrote. But data is still sent to third-party app developers through the Google Analytics for Firebase (GA4F), "a free analytical tool that takes user data from the Firebase kit and provides app developers with insight on app usage and user engagement," the ruling said. GA4F "is integrated in 60 percent of the top apps" and "works by automatically sending to Google a user's ad interactions and certain identifiers regardless of a user's (s)WAA settings, and Google will, in turn, provide analysis of that data back to the app developer."

Plaintiffs have brought claims of privacy invasion under California law. Plaintiffs "present evidence that their data has economic value," and "a reasonable juror could find that Plaintiffs suffered damage or loss because Google profited from the misappropriation of their data," Seeborg wrote. The lawsuit was filed in July 2020. The judge notes that summary judgment can be granted when "there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law." Google hasn't met that standard, he ruled. In a statement provided to Ars, Google said that "privacy controls have long been built into our service and the allegations here are a deliberate attempt to mischaracterize the way our products work. We will continue to make our case in court against these patently false claims."

Microsoft will begin enforcing storage limits on unlicensed OneDrive accounts from January 27, 2025, ending a loophole that allowed organizations to retain departed employees' data without cost.

Data from accounts unlicensed for over 93 days will move to recycle bins for another 93 days before permanent deletion, unless under retention policies. Archived data retrieval will cost $0.60 per gigabyte plus $0.05 monthly per gigabyte. Organizations must either retrieve data, add licenses, or risk losing access, Microsoft has warned.

At CES 2025 today, Lenovo introduced the Legion Go S handheld gaming console. It marks the first officially licensed handheld that comes pre-loaded with Valve's Arch Linux based SteamOS operating system. Phoronix reports: This first officially licensed SteamOS handheld is making use of the AMD Ryzen Z1 Extreme SoC with Radeon 700M graphics, an 8-inch 1200p LCD touchscreen with VRR support, up to 32GB of LPDDR5x-6400 memory, up to 1TB of PCIe Gen4 SSD storage, and a 55 Whr battery. Pricing starts at $500 USD with availability beginning in May. Sadly this Lenovo Legion Go handheld running SteamOS is making use of the Ryzen Z1 Extreme and not the Ryzen Z2 announced by AMD yesterday with the Zen 5 cores. But at CES Lenovo is showing off the Lenovo Legion Go (8.8", 2) prototype that uses the AMD Ryzen Z2 Go SoC along with an OLED display albeit a Windows gaming device. Additional details are available in Lenovo's press release.

An anonymous reader quotes a report from Ars Technica: The US Justice Department today announced it filed an antitrust lawsuit against "six of the nation's largest landlords for participating in algorithmic pricing schemes that harmed renters." One of the landlords, Cortland Management, agreed to a settlement "that requires it to cooperate with the government, stop using its competitors' sensitive data to set rents and stop using the same algorithm as its competitors without a corporate monitor," the DOJ said. The pending settlement requires Cortland to "cooperate fully and truthfully... in any civil investigation or civil litigation the United States brings or has brought" on this subject matter.

The US previously sued RealPage, a software maker accused of helping landlords collectively set prices by giving them access to competitors' nonpublic pricing and occupancy information. The original version of the lawsuit described actions by landlords but did not name any as defendants. The Justice Department filed an amended complaint (PDF) today in order to add the landlords as defendants. The landlord defendants are Greystar, LivCor, Camden, Cushman, Willow Bridge, and Cortland, which collectively "operate more than 1.3 million units in 43 states and the District of Columbia," the DOJ said. "The amended complaint alleges that the six landlords actively participated in a scheme to set their rents using each other's competitively sensitive information through common pricing algorithms," the DOJ said. The phrase "price fixing" came up in discussions between landlords, the amended complaint said: "For example, in Minnesota, property managers from Cushman & Wakefield, Greystar, and other landlords regularly discussed competitively sensitive topics, including their future pricing. When a property manager from Greystar remarked that another property manager had declined to fully participate due to 'price fixing laws,' the Cushman & Wakefield property manager replied to Greystar, 'Hmm... Price fixing laws huh? That's a new one! Well, I'm happy to keep sharing so ask away. Hoping we can kick these concessions soon or at least only have you guys be the only ones with big concessions! It's so frustrating to have to offer so much.'"

The Justice Department is joined in the case by the attorneys general of California, Colorado, Connecticut, Illinois, Massachusetts, Minnesota, North Carolina, Oregon, Tennessee, and Washington. The case is in US District Court for the Middle District of North Carolina.

Further reading: Are We Entering an AI Price-Fixing Dystopia?

Nvidia will begin selling a personal AI supercomputer in May that can run sophisticated AI models with up to 200 billion parameters, the chipmaker has announced. The $3,000 Project Digits system is powered by the new GB10 Grace Blackwell Superchip and can operate from a standard power outlet.

The device delivers 1 petaflop of AI performance and includes 128GB of memory and up to 4TB of storage. Two units can be linked to handle models with 405 billion parameters. "AI will be mainstream in every application for every industry," Nvidia CEO Jensen Huang said. The system runs on Linux-based Nvidia DGX OS and supports PyTorch, Python, and Jupyter notebooks.

Apple Intelligence now requires 7GB of free storage per device, nearly doubling the original 4GB requirement from iOS 18.1. This is a result of new AI features like Genmoji, ChatGPT in Siri, and Image Playground. With further updates expected, storage demands could rise to 10GB per device. 9to5Mac reports: Per Apple's website, Apple Intelligence now requires 7GB of free storage. The same 7GB number applies whether you're using an iPhone, iPad, or Mac. But it also, since each product does its own on-device processing, adds up for multi-device use. If you want to use AI features across all three devices (which I'd assume most of us do), that's a grand total of 21GB of free space being used by Apple Intelligence. And unfortunately, if you're tight on storage, there's no way to reduce the requirement by disabling certain features.

An anonymous reader quotes a report from TechCrunch: A U.S. online gift card store has secured an online storage server that was publicly exposing hundreds of thousands of customer government-issued identity documents to the internet. A security researcher, who goes by the online handle JayeLTee, found the publicly exposed storage server late last year containing driving licenses, passports, and other identity documents belonging to MyGiftCardSupply, a company that sells digital gift cards for customers to redeem at popular brands and online services.

MyGiftCardSupply's website says it requires customers to upload a copy of their identity documents as part of its compliance efforts with U.S. anti-money laundering rules, often known as "know your customer" checks, or KYC. But the storage server containing the files had no password, allowing anyone on the internet to access the data stored inside. JayeLTee alerted TechCrunch to the exposure last week after MyGiftCardSupply did not respond to the researcher's email about the exposed data. [...]

According to JayeLTee, the exposed data -- hosted on Microsoft's Azure cloud -- contained over 600,000 front and back images of identity documents and selfie photos of around 200,000 customers. It's not uncommon for companies subject to KYC checks to ask their customers to take a selfie while holding a copy of their identity documents to verify that the customer is who they say they are, and to weed out forgeries. MyGiftCardSupply founder Sam Gastro told TechCrunch: "The files are now secure, and we are doing a full audit of the KYC verification procedure. Going forward, we are going to delete the files promptly after doing the identity verification." It's not known how long the data was exposed or if the company would commit to notifying affected individuals.

It had a 4.8-inch display. Introduced in 1991, Hewlett-Packard's (DOS-based) HP 95LX Palmtop PC — a collaboration with Lotus — was finally discontinued back in 2003.

But one found its way to long-time Slashdot reader Shayde (who in November repaired a 48-year-old handheld videogame console from Mattel). "I really wanted to get this HP95LX talking to the internet at large," they told Slashdot, " but network stacks for DOS in 1991 were pretty limited, and this machine didn't even have the hardware for a network connection.

"It did have a serial port though — a flat 4-pin custom interface. I did a bunch of research and learned how to custom-build an RS-232 hookup for this port, and using an external Wifi module, got it online — and talking to the retrocomputing BBS!"

There's a video documenting the whole experience. (Along the way he uses 20-gauge hook-up wire from Amazon, a zip tie, solder cups, and an internet modem (the WiFi232 Hayes modem emulator). The whole thing is powered by two AA batteries — it has 512K of memory, and about half a meg of storage. My favorite technical detail?

"Conveniently, the HP 95 [Palmtop PC] uses the exact same pinout as the HP 48GX handheld graphing calculator. So looking up on the Internet, we can determine what pins we need to map from the HP unit over to what would be a DB25 serial port..."

The world's first nuclear-powered battery — a diamond with an embedded radioactive isotope — could power small devices for thousands of years, according to scientists at the UK's University of Bristol.

Long-time Slashdot reader fahrbot-bot shared this report from LiveScience: The diamond battery harvests fast-moving electrons excited by radiation, similar to how solar power uses photovoltaic cells to convert photons into electricity, the scientists said.

Scientists from the same university first demonstrated a prototype diamond battery — which used nickel-63 as the radioactive source — in 2017. In the new project, the team developed a battery made of carbon-14 radioactive isotopes embedded in manufactured diamonds. The researchers chose carbon-14 as the source material because it emits short-range radiation, which is quickly absorbed by any solid material — meaning there are no concerns about harm from the radiation. Although carbon-14 would be dangerous to ingest or touch with bare hands, the diamond that holds it prevents any short-range radiation from escaping. "Diamond is the hardest substance known to man; there is literally nothing we could use that could offer more protection," Neil Fox, a professor of materials for energy at the University of Bristol, said in the statement...

A single nuclear-diamond battery containing 0.04 ounce (1 gram) of carbon-14 could deliver 15 joules of electricity per day. For comparison, a standard alkaline AA battery, which weighs about 0.7 ounces (20 grams), has an energy-storage rating of 700 joules per gram. It delivers more power than the nuclear-diamond battery would in the short term, but it would be exhausted within 24 hours. By contrast, the half-life of carbon-14 is 5,730 years, which means the battery would take that long to be depleted to 50% power....

[A] spacecraft powered by a carbon-14 diamond battery would reach Alpha Centauri — our nearest stellar neighbor, which is about 4.4 light-years from Earth — long before its power were significantly depleted.
The battery has no moving parts, according to the article. It "requires no maintenance, nor does it have any carbon emissions."