Computer hardware maker MSI is warning gamers not to visit a website that's impersonating the brand and its graphics card overclocking software, Afterburner, to push malware. From a report: On Thursday, MSI published a press release warning of "a malicious software being disguised as the official MSI Afterburner." "The malicious software is being unlawfully hosted on a suspicious website impersonating as MSI's official website with the domain name https:// afterburner - msi [ . ] space," the company wrote. "MSI has no relation with this website or the aforementioned domain. [...] This webpage is hosting software which may contain virus, trojan, keylogger, or other type of malicious program that have been disguised to look like MSI Afterburner," the company added. "DO NOT DOWNLOAD ANY SOFTWARE FROM THIS WEBSITE."

New submitter imcdona writes: VideoLan has released VLC Media Player 3.0.14 to fix an issue affecting Window users and causing the widely-used software's auto-updater not to launch the new version's installer automatically. "VLC users on Windows might encounter issues when trying to auto update VLC from version 3.0.12 and 3.0.13," VideoLan explained."We are publishing version 3.0.14 to address this problem for future updates."

This issue is caused by a bug introduced in the automatic updater code of VLC 3.0.12 and fixed with the release of VLC 3.0.14. Because of this bug, VLC updates are downloaded to the users' computers, verified for integrity, but will not be installed as the auto-updater fails to launch the VLC 3.0.14 installer.

System76 today unveiled its newest product -- the "Launch Configurable Keyboard." It is a mechanical keyboard made in the USA with a focus on open source. The Launch has both open source firmware and hardware. Even the configuration software -- which runs on Linux, Windows, and macOS -- is open source. From a report: "With a wide swath of customization options, the Launch is flexible to a variety of needs and use cases. The keyboard's thoughtful design keeps everything within reach, vastly reducing awkward hand contortions. Launch comes with additional keycaps and a convenient keycap puller, meaning one can swap keys based on personal workflow preferences to maximize efficiency. Launch also features a novel split Space Bar, which allows the user to swap out one Space Bar keycap for Shift, Backspace, or Function to reduce hand fatigue while typing. Launch uses only three keycap sizes to vastly expand configuration options," says System76. The keyboard, which has a removable USB-C cable for connectivity, is priced at $285.

GasBuddy, an app that helps users find and save money on gas, topped the Apple App Store on Wednesday, as some consumers across the East Coast continue to struggle to find fuel after a cyberattack on Colonial Pipeline. CNBC reports: The company's pipeline has served as a vital link between the Gulf Coast refiners and the Eastern Seaboard, but the company had to take its entire system offline Friday after it fell victim to a ransomware attack. Much of the system is still offline. Now, consumers are flocking to grab gas before tanks run out. Sixty-five percent of stations in North Carolina are out of fuel, according to data from GasBuddy. In South Carolina and Georgia, 43% of stations are without fuel, and 44% of stations are dry in Virginia, according to AAA.

Gas prices have also surged because of the supply issues and fear of shortages. On average, Americans are paying $3.008 for a gallon of gas, up from $2.985 on Tuesday and $2.927 one week ago, AAA said earlier this week. This has all led consumers to seek gas stations that have supply and potentially cheaper prices. That's where GasBuddy comes in.

An Australian computer scientist who alleges he created bitcoin has launched a London High Court lawsuit against 16 software developers in an effort to secure bitcoin worth around 4 billion pounds ($5.7 billion) he says he owns. From a report: In a case that was promptly labelled "bogus" by one defendant, Craig Wright is demanding that developers allow him to retrieve around 111,000 bitcoin held at two digital addresses that he does not have private keys for. In his second London lawsuit in three weeks, Wright alleges he lost the encrypted keys when his home computer network was hacked in February 2020. Police are investigating.

Wright, who is bringing the case through his Seychelles-based Tulip Trading firm, concedes he is a controversial figure since alleging in 2016 that he wrote the bitcoin white paper -- which first outlined the technology behind the digital assets -- under the pseudonym Satoshi Nakamoto in 2008. The claim is hotly disputed. The Australian, who is autistic and lives in Britain with his wife and two of his three children, alleges in his latest lawsuit that developers have breached their duties to act in the best interests of the rightful owner of globally-traded assets.

An anonymous reader quotes a report from The Register: A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef. On Tuesday, Vanhoef, a postdoctoral researcher in computer security at New York University Abu Dhabi, released a paper titled, "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation" [PDF]. Scheduled to be presented later this year at the Usenix Security conference, the paper describes a set of wireless networking vulnerabilities, including three Wi-Fi design flaws and nine implementation flaws. Vanhoef, who in 2017 along with co-author Frank Piessens identified key reinstallation attacks (KRACKs) on the WPA2 protocol (used to secure Wi-Fi communication), has dubbed his latest research project FragAttacks, which stands for fragmentation and aggregation attacks.

The dozen vulnerabilities affect all Wi-Fi security protocols since the wireless networking technology debuted in 1997, from WEP up through WPA3. [...] In total, 75 devices -- network card and operating system combinations (Windows, Linux, Android, macOS, and iOS) -- were tested and all were affected by one or more of the attacks. NetBSD and OpenBSD were not affected because they don't support the reception of A-MSDUs (aggregate MAC service data units). [...]

Patches for many affected devices and software have already been deployed, thanks to a nine-month-long coordinated responsible disclosure overseen by the Wi-Fi Alliance and the Industry Consortium for Advancement of Security on the Internet (ICASI). Linux patches have been applied and the kernel mailing list note mentions that Intel has addressed the flaws in a recent firmware update without mentioning it. Microsoft released its patches on March 9, 2021 when disclosure was delayed tho Redmond had already committed to publication. Vanhoef advises checking with the vendor(s) of Wi-Fi devices about whether the FragAttacks have been addressed. "[F]or some devices the impact is minor, while for others it's disastrous," he said.

An anonymous reader quotes a report from CNET: As of now, California wants to implement an 80-20 mix where 80% of new cars sold will be totally electric or hydrogen-powered, and 20% may still feature a plug-in hybrid powertrain. Essentially, automakers will still be able to plop an engine under the hood come 2035. However, PHEVs will need to follow far more stringent definitions of the powertrain. California wants any plug-in hybrid to achieve 50 miles of all-electric range to meet the categorization -- a huge ask. Only two plug-in hybrids in recent years meet that criteria: the Chevrolet Volt (no longer on sale) and the Polestar 1 (soon to exit production). To achieve such a lofty range, automakers need to fit larger batteries, and when you're talking about a big battery and an internal-combustion engine, things get complex (and costly) quickly.

But, that's not all the state will need. Future PHEVs to qualify under these regulations will need to be capable of driving under only electric power throughout their charged range. So, no software to flick on the engine for a few moments to recoup some lost energy. While these regulations would actually benefit drivers to shift PHEVs away from "compliance cars" to something far more usable, the complexities may just turn automakers to focus exclusively on EVs. It all remains to be seen, however since the plans remain open for public comment until June 11 of this year. After that, the board will vote and detail a full proposal later this year.

Dartmouth college switched to remote tests when the coronavirus ended in-person exams — then accused 17 medical students of cheating, reports the New York Times: At the heart of the accusations is Dartmouth's use of the Canvas system to retroactively track student activity during remote exams without their knowledge. In the process, the medical school may have overstepped by using certain online activity data to try to pinpoint cheating, leading to some erroneous accusations, according to independent technology experts, a review of the software code and school documents obtained by The New York Times.

Dartmouth's drive to root out cheating provides a sobering case study of how the coronavirus has accelerated colleges' reliance on technology, normalizing student tracking in ways that are likely to endure after the pandemic. While universities have long used anti-plagiarism software and other anti-cheating apps, the pandemic has pushed hundreds of schools that switched to remote learning to embrace more invasive tools. Over the last year, many have required students to download software that can take over their computers during remote exams or use webcams to monitor their eye movements for possibly suspicious activity, even as technology experts have warned that such tools can be invasive, insecure, unfair and inaccurate.

Some universities are now facing a backlash over the technology....

While some students may have cheated, technology experts said, it would be difficult for a disciplinary committee to distinguish cheating from noncheating based on the data snapshots that Dartmouth provided to accused students. And in an analysis of the Canvas software code, the Times found instances in which the system automatically generated activity data even when no one was using a device. "If other schools follow the precedent that Dartmouth is setting here, any student can be accused based on the flimsiest technical evidence," said Cooper Quintin, senior staff technologist at the Electronic Frontier Foundation, a digital rights organization, who analyzed Dartmouth's methodology.

Seven of the 17 accused students have had their cases dismissed. In at least one of those cases, administrators said, "automated Canvas processes are likely to have created the data that was seen rather than deliberate activity by the user," according to a school email that students made public. The 10 others have been expelled, suspended or received course failures and unprofessional-conduct marks on their records that could curtail their medical careers... Tensions flared in early April when an anonymous student account on Instagram posted about the cheating charges. Soon after, Dartmouth issued a social media policy warning that students' anonymous posts "may still be traced back" to them.... The conduct review committee then issued decisions in 10 of the cases, telling several students that they would be expelled, suspending others and requiring some to retake courses or repeat a year of school at a cost of nearly $70,000...

Several students said they were now so afraid of being unfairly targeted in a data-mining dragnet that they had pushed the medical school to offer in-person exams with human proctors. Others said they had advised prospective medical students against coming to Dartmouth.

A ransomware attack affecting a pipeline that supplies 45% of the fuel supplies for the Eastern U.S. has now led U.S. president Biden to declare a regional emergency providing "regulatory relief" to expand fuel delivery by other routes.

Axios reports: Friday night's cyberattack is "the most significant, successful attack on energy infrastructure" known to have occurred in the U.S., notes energy researcher Amy Myers Jaffe, per Politico. It follows other significant cyberattacks on the federal government and U.S. companies in recent months... 5,500 miles of pipeline have been shut down in response to the attack.
The BBC reports: Experts say fuel prices are likely to rise 2-3% on Monday, but the impact will be far worse if it goes on for much longer... Colonial Pipeline said it is working with law enforcement, cyber-security experts and the Department of Energy to restore service. On Sunday evening it said that although its four mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational...

Independent oil market analyst Gaurav Sharma told the BBC there is a lot of fuel now stranded at refineries in Texas. "Unless they sort it out by Tuesday, they're in big trouble," said Sharma. "The first areas to be impacted would be Atlanta and Tennessee, then the domino effect goes up to New York..." The temporary waiver issued by the Department of Transportation enables oil products to be shipped in tankers up to New York, but this would not be anywhere near enough to match the pipeline's capacity, Mr Sharma warned.
UPDATE (5/10): "On Monday, U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not been disrupted," reports the Associated Press, "and the company said it was working toward 'substantially restoring operational service' by the weekend."

CNN reports that a criminal group originating from Russia named DarkSide "is believed to be responsible for a ransomware cyberattack on the Colonial Pipeline, according to a former senior cyber official. DarkSide typically targets non-Russian speaking countries, the source said... Bloomberg and The Washington Post have also reported on DarkSide's purported involvement in the cyberattack..."

If so, NBC News adds some sobering thoughts: Although Russian hackers often freelance for the Kremlin, early indications suggest this was a criminal scheme — not an attack by a nation state, the sources said. But the fact that Colonial had to shut down the country's largest gasoline pipeline underscores just how vulnerable American's cyber infrastructure is to both criminals and national adversaries, such as Russia, China and Iran, experts say. "This could be the most impactful ransomware attack in history, a cyber disaster turning into a real-world catastrophe," said Andrew Rubin, CEO and co-founder of Illumio, a cyber security firm...

If the culprit turns out to be a Russian criminal group, it will underscore that Russia gives free reign to criminal hackers who target the West, said Dmitri Alperovitch, co-founder of the cyber firm CrowdStrike and now executive chairman of a think tank, the Silverado Policy Accelerator. "Whether they work for the state or not is increasingly irrelevant, given Russia's obvious policy of harboring and tolerating cyber crime," he said.
Citing multiple sources, the BBC reports that DarkSide "infiltrated Colonial's network on Thursday and took almost 100GB of data hostage. After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the internet... "

The BBC also shares some thoughts from Digital Shadows, a London-based cyber-security firm that tracks global cyber-criminal groups to help enterprises limit their exposure online: Digital Shadows thinks the Colonial Pipeline cyber-attack has come about due to the coronavirus pandemic — the rise of engineers remotely accessing control systems for the pipeline from home. James Chappell, co-founder and chief innovation officer at Digital Shadows, believes DarkSide bought account login details relating to remote desktop software like TeamViewer and Microsoft Remote Desktop.

He says it is possible for anyone to look up the login portals for computers connected to the internet on search engines like Shodan, and then "have-a-go" hackers just keep trying usernames and passwords until they get some to work.

"We're seeing a lot of victims now, this is seriously a big problem now," said Mr Chappell.

This week Linus Torvalds continued a long email interview with Jeremy Andrews, founding partner/CEO of Tag1 (a global technology consulting firm and the second all-time leading contributor to Drupal). In the first part Torvalds had discussed everything from Apple's ARM64 chips and Rust drivers, to his own Fedora-based home work environment — and reflections on the early days of Linux.

But the second part offers some deeper insight into the way Torvalds thinks, some personal insight, what he'd share with other project maintainers — and some thoughts on getting corporations to contribute to open source development: While open source has been hugely successful, many of the biggest users, for example corporations, do nothing or little to support or contribute back to the very open source projects they rely on. Even developers of surprisingly large and successful projects (if measured by number of users) can be lucky to earn enough to buy coffee for the week. Do you think this is something that can be solved? Is the open source model sustainable?

Linus Torvalds: I really don't have an answer to this, and for some reason the kernel has always avoided the problem. Yes, there are companies that are pure "users" of Linux, but they still end up wanting support, so they then rely on contractors or Linux distributions, and those obviously then end up as one of the big sources of kernel developer jobs.

And a fair number of big tech companies that use the kernel end up actively participating in the development process. Sometimes they end up doing a lot of internal work and not being great at feeding things back upstream (I won't name names, and some of them really are trying to do better), but it's actually very encouraging how many big companies are very openly involved with upstream kernel development, and are major parts of the community.

So for some reason, the kernel development community has been pretty successful about integrating with all the commercial interests. Of course, some of that has been very much conscious: Linux has very much always been open to commercial users, and I very consciously avoided the whole anti-corporate mindset that you can most definitely find in some of the "Free Software" groups. I think the GPLv2 is a great license, but at the same time I've been very much against some of the more extreme forms of "Free Software", and I — and Linux — was very much part of the whole rebranding to use "Open Source".

Because frankly, some of the almost religious overtones of rms and the FSF were just nutty, and a certain portion of the community was actively driving commercial use away.

And I say that as somebody who has always been wary of being too tainted by commercial interests... I do think that some projects may have shot themselves in the foot by being a bit too anti-commercial, and made it really hard for companies to participate...

But is it sustainable? Yes. I'm personally 100% convinced that not only is open source sustainable, but for complex technical issues you really need open source simply because the problem space ends up being too complex to manage inside one single company. Even a big and competent tech company.

But it does require a certain openness on both sides. Not all companies will be good partners, and some developers don't necessarily want to work with big companies.
In the interview Torvalds also thanks the generous education system in Finland, and describes what it was like moving from Finland to America. And as for how long he'll continue working on Linux, Torvalds says, "I do enjoy what I do, and as long as I feel I'm actually helping the project, I'll be around...

"in the end, I really enjoy what I do. I'd be bored to tears without kernel development."

This week CNN investigated PimEyes, a "mysterious" but powerful facial-recognition search engine: If you upload a picture of your face to PimEyes' website, it will immediately show you any pictures of yourself that the company has found around the internet. You might recognize all of them, or be surprised (or, perhaps, even horrified) by some; these images may include anything from wedding or vacation snapshots to pornographic images. PimEyes is open to anyone with internet access. It's a stark contrast from Clearview AI, which became well-known for building its enormous stash of faces with images of people from social networks and limits its use to law enforcement (Clearview has said it has hundreds of such customers).

PimEyes' decision to make facial-recognition software available to the general public crosses a line that technology companies are typically unwilling to traverse, and opens up endless possibilities for how it can be used and abused. Imagine a potential employer digging into your past, an abusive ex tracking you, or a random stranger snapping a photo of you in public and then finding you online. This is all possible through PimEyes: Though the website instructs users to search for themselves, it doesn't stop them from uploading photos of anyone. At the same time, it doesn't explicitly identify anyone by name, but as CNN Business discovered by using the site, that information may be just clicks away from images PimEyes pulls up...

PimEyes lets users see a limited number of small, somewhat pixelated search results at no cost, or you can pay a monthly fee, which starts at $29.99, for more extensive search results and features (such as to click through to see full-size images on the websites where PimEyes found them and to set up alerts for when PimEyes finds new pictures of faces online that its software believes match an uploaded face)... Although PimEyes instructs visitors to only search for their own face, there's no mechanism on the site to ensure it's used this way... There's also no way to ensure this facial-recognition technology isn't used to misidentify people...

The website currently lists no information about who owns or runs the search engine, or how to reach them, and users must submit a form to get answers to questions or help with accounts.

As Mother's Day approached, CNN Business Editor Samantha Murphy Kelly clipped a keychain with one of Apple's tiny new "AirTag" Bluetooth trackers onto her son's book bag, in an experiment that "highlighted how easily these trackers could be used to track another person." Location trackers aren't new — there are similar products from Samsung, Sony and Tile — but AirTags' powerful Ultra Wideband technology chip allows it to more accurately determine the location and enables precise augmented reality directional arrows that populate on the iPhone or iPad's screen. While AirTags are explicitly intended for items only, Apple has added safeguards to cut down on unwanted tracking. For example, the company does not store location data, and it will send an alert to an iOS device user if an AirTag appears to be following them when its owner is not around. If the AirTag doesn't re-tether to the owner's iOS device after three days, the tracker will start to make a noise.

"We take customer safety very seriously and are committed to AirTag's privacy and security," the company said in a statement to CNN Business. "AirTag is designed with a set of proactive features to discourage unwanted tracking — a first in the industry — and the Find My network includes a smart, tunable system with deterrents...." The safeguards are a work in progress as the software rolls out and users begin interacting with the devices. When my babysitter recently took my son to an appointment, using my set of keys with an AirTag attached, she was not informed that she was carrying an AirTag — separated from my phone. (She hadn't yet updated her phone's software to iOS 14.5.) Non-iPhone users can hold their phones close to the AirTags and, via short-range wireless technology, information pops up on how to disable the tracker, but that's if the person knows they're being tracked and locates it. In addition, three days is a long time for an AirTag to keep quiet before making a noise....

Apple said one of the main reasons it spent so much time developing safeguards was the sheer size of its Find My app network. But it's the AirTags' reliance on that broader network that creates much of the need for the safeguards in the first place, said Albert Fox Cahn, founder and executive director of the Surveillance Technology Oversight Project and a fellow at the NYU School of Law. "That's because Apple is turning more than a billion iOS devices into a network for tracking AirTags, while Tile will only operate when in range of the small number of people using the Tile app.... The benefits of finding our keys a bit quicker isn't worth the danger of creating a new global tracking network."

"The Linux Foundation has lifted the lid on a new open source digital infrastructure project aimed at the agriculture industry," reports VentureBeat: The AgStack Foundation, as the new project will be known, is designed to foster collaboration among all key stakeholders in the global agriculture space, spanning private business, governments, and academia.

As with just about every other industry in recent years, there has been a growing digital transformation across the agriculture sector that has ushered in new connected devices for farmers and myriad AI and automated tools to optimize crop growth and circumvent critical obstacles, such as labor shortages. Open source technologies bring the added benefit of data and tools that any party can reuse for free, lowering the barrier to entry and helping keep companies from getting locked into proprietary software operated by a handful of big players...

The AgStack Foundation will be focused on supporting the creation and maintenance of free and sector-specific digital infrastructure for both applications and the associated data. It will lean on existing technologies and agricultural standards; public data and models; and other open source projects, such as Kubernetes, Hyperledger, Open Horizon, Postgres, and Django, according to a statement.

"Current practices in AgTech are involved in building proprietary infrastructure and point-to-point connectivity in order to derive value from applications," AgStack executive director Sumer Johal told VentureBeat. "This is an unnecessarily costly use of human capital. Like an operating system, we aspire to reduce the time and effort required by companies to produce their own proprietary applications and for content consumers to consume this interoperably."

NBC News reports more than 440 Americans have now been charged with storming the U.S. Capitol building on January 6th, with charges now filed against people from 44 of America's 50 states. They describe it as "one of the largest criminal investigations in American history." The largest number come from Texas, Pennsylvania, and Florida, in that order. Men outnumber women among those arrested by 7 to 1, with an average age of 39, according to figures compiled by the Program on Extremism at George Washington University in Washington, D.C. A total of 44 are military veterans.
Hundreds of arrests happened because rioters later bragged online: In nearly 90 percent of the cases, charges have been based at least in part on a person's own social media accounts.

A New York man, Robert Chapman, bragged on the dating app Bumble that he'd been in the Capitol during the riot. The person he was seeking to date responded, "We are not a match," and notified the FBI.
In fact, the investigative agency has now received "hundreds of thousands" of tips from the public, and has even posted photos of people who participated in the riots online asking for the public's help to identify them.

But NBC also reports that technology is being used to identify participants:

• "Investigators have also used facial recognition software, comparing images from surveillance cameras and an outpouring of social media and news agency videos against photo databases of the FBI and at least one other federal agency, Customs and Border Protection, according to court documents."

• Investigators "have also subpoenaed records from companies providing cellphone service, allowing agents to tell whether a specific person's phone was inside the Capitol during the siege."

Long-time Slashdot reader AmiMoJo quotes the Verge's warning about "deepfake geography: AI-generated images of cityscapes and countryside." Specifically, geographers are concerned about the spread of fake, AI-generated satellite imagery. Such pictures could mislead in a variety of ways. They could be used to create hoaxes about wildfires or floods, or to discredit stories based on real satellite imagery... Deepfake geography might even be a national security issue, as geopolitical adversaries use fake satellite imagery to mislead foes...

The first step to tackling these issues is to make people aware there's a problem in the first place, says Bo Zhao, an assistant professor of geography at the University of Washington. Zhao and his colleagues recently published a paper on the subject of "deep fake geography," which includes their own experiments generating and detecting this imagery... As part of their study, Zhao and his colleagues created software to generate deepfake satellite images, using the same basic AI method (a technique known as generative adversarial networks, or GANs) used in well-known programs like ThisPersonDoesNotExist.com. They then created detection software that was able to spot the fakes based on characteristics like texture, contrast, and color. But as experts have warned for years regarding deepfakes of people, any detection tool needs constant updates to keep up with improvements in deepfake generation.

The New York Times reports on surprising silver linings of the global chip shortage: Even as a chip shortage is causing trouble for all sorts of industries, the semiconductor field is entering a surprising new era of creativity, from industry giants to innovative start-ups seeing a spike in funding from venture capitalists that traditionally avoided chip makers. Taiwan Semiconductor Manufacturing Company and Samsung Electronics, for example, have managed the increasingly difficult feat of packing more transistors on each slice of silicon. IBM on Thursday announced another leap in miniaturization, a sign of continued U.S. prowess in the technology race. Perhaps most striking, what was a trickle of new chip companies is now approaching a flood.

Equity investors for years viewed semiconductor companies as too costly to set up, but in 2020 plowed more than $12 billion into 407 chip-related companies, according to CB Insights. Though a tiny fraction of all venture capital investments, that was more than double what the industry received in 2019 and eight times the total for 2016. Synopsys, the biggest supplier of software that engineers use to design chip, is tracking more than 200 start-ups designing chips for artificial intelligence, the ultrahot technology powering everything from smart speakers to self-driving cars. Cerebras, a start-up that sells massive artificial-intelligence processors that span an entire silicon wafer, for example, has attracted more than $475 million. Groq, a start-up whose chief executive previously helped design an artificial-intelligence chip for Google, has raised $367 million.

"It's a bloody miracle," said Jim Keller, a veteran chip designer whose resume includes stints at Apple, Tesla and Intel and who now works at the A.I. chip start-up Tenstorrent. "Ten years ago you couldn't do a hardware start-up...."

More companies are concluding that software running on standard Intel-style microprocessors is not the best solution for all problems. For that reason, companies like Cisco Systems and Hewlett Packard Enterprise have long designed specialty chips for products such as networking gear. Giants like Apple, Amazon and Google more recently have gotten into the act. Google's YouTube unit recently disclosed its first internally developed chip to speed video encoding.

And Volkswagen even said last week that it would develop its own processor to manage autonomous driving.

boudie2 writes: According to his own employees, Elon Musk has been exaggerating the capabilities of Tesla's Autopilot system. Documents obtained from the California Department of Motor Vehicles show that despite Musk's tweets to the contrary, "Elon's tweet does not match engineering reality per CJ. Tesla is at Level 2 currently." CJ Moore is the company's director of Autopilot software. "Level 2 technology refers to a semi-automated driving system, which requires supervision by a human driver," reports The Verge. "Tesla is unlikely to achieve Level 5 (L5) autonomy, in which its cars can drive themselves anywhere, under any conditions, without any human supervision, by the end of 2021, Tesla representatives told the DMV.

The U.S. and U.K. released details on Friday about how Russia's foreign intelligence service operates in cyberspace, the latest effort to try to disrupt future attacks. From a report: The report contains technical resources about the group's tactics, including breaching email in order to find passwords and other information to further infiltrate organizations, in addition to providing software flaws commonly exploited by the hackers. It also offers details about how network administrators can counter the attackers' tactics. "The group uses a variety of tools and techniques to predominantly target overseas governmental, diplomatic, think-tank, health-care and energy targets globally for intelligence gain," the two countries wrote in a Friday report authored jointly by the U.K.'s National Cyber Security Centre and three U.S. agencies, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the National Security Agency.

The Federal Trade Commission (FTC) has published its long-awaited report on how manufacturers limit product repairs. From a report: The "Nixing the Fix" [PDF] report details a host of repair restrictions, especially those imposed by mobile phone and car manufacturers. The anticompetitive practices covered by the FTC range from limited availability of spare parts and diagnostic software to designs that make repairs more difficult than they need to be. In response, the FTC wants to develop new laws and rules surrounding repairs, but it also wants better enforcement of existing legislation like the Magnuson-Moss Warranty Act (MMWA). While debates around right to repair rules in the EU have tended to focus on the environmental impact of sending broken devices to landfills, the FTC's report leads with the impacts they have on people. It says repair restrictions are bad for consumers when they can't easily repair their devices, and adds that these "may place a greater financial burden on communities of color and lower-income Americans." Independent repair shops also suffer as a result of repair restrictions, "disproportionately [affecting] small businesses owned by people of color."

[...] According to the FTC, manufacturers are guilty of using numerous tactics that make it difficult for customers and independent businesses to repair their products. Here's the full list from the FTC's report:

Product designs that complicate or prevent repair;
Unavailability of parts and repair information;
Designs that make independent repairs less safe;
Policies or statements that steer consumers to manufacturer repair networks;
Application of patent rights and enforcement of trademarks;
Disparagement of non-OEM parts and independent repair;
Software locks and firmware updates; or
End User License Agreements

LeeLynx shares a report from The Register: The majority of Android and iOS apps created for US public and private schools send student data to assorted third parties, researchers have found, calling into question privacy commitments from Apple and Google as app store stewards. The Me2B Alliance, a non-profit technology policy group, examined a random sample of 73 mobile applications used in 38 different schools across 14 US states and found 60 percent were transmitting student data. The apps in question send data using software development kits or SDKs, which consist of modular code libraries that can be used to implement utility functions, analytics, or advertising without the hassle of creating these capabilities from scratch. Examples include: Google's AdMob, Firebase, and Sign-in SDKs, Square's OK HTTP and Okio SDKs, and Facebook's Bolts SDK, among others.

The data that concerns Me2B includes: identifiers (IDFA, MAID, etc), Calendar, Contacts, Photos/Media Files, Location, Network Data (IP address), permissions related to Camera, Microphone, Device ID, and Calls. About 49 percent of the apps reviewed sent student data to Google and about 14 percent communicated with Facebook, with the balance routing info to advertising and analytics firms, many among them characterized as high risk by the Me2B researchers. Among the public school apps, 67 per cent sent data to third parties; private school apps proved less likely to send data to third parties (57 percent). Interestingly, the research group found a signifiant difference across mobile platforms. According to The Register, "91 percent of student Android apps sent data to high-risk third parties while only 26 percent of iOS apps did so, and 20 percent of Android apps piped data to very high-risk third parties while only 2.6 percent of iOS did so."

The report adds: "Nonetheless, the researchers expressed concern that 95 percent of third-party data channels in the surveyed student apps are active even when the user is not signed in and that these apps send data as soon as the app is loaded."