Honda Hits 3D Printing Sites With Takedown Orders Over Honda-Compatible Parts

A writer for The Drive reports that “Recently, I noticed a part that I made for my Honda Accord was removed from Printables, the newly rebranded 3D printing repository offered by Prusa.
“There seemed to be no rhyme or reason for it, but I didn’t think anything else about it…until reports of a mass deletion started popping up on Reddit.”

All models referencing the word “Honda” posted prior to March 30, 2022, were seemingly removed from Printables without warning. These included speaker brackets, key housings, hood latches, shifter bushings, washer fluid caps, roof latch handles, and my trunk lid handle — a part not offered on 10th generation Accords sold in the U.S. at all. In fact, many of the removed parts had no Honda branding but were just compatible with Honda vehicles. As it turns out, Prusa says it was issued a takedown notice from Honda and removed all 3D models that referenced the brand.

“I can confirm to you that we have received a letter from a lawyer representing Honda, informing us that we were required to remove any model which used ‘Honda’ in the listing, the model itself, or one of several trademarks/logos also associated with Honda,” a Prusa spokesperson told The Drive in an email. “This will also be related to the naming of the files it self (sic), as for Honda this would be considered as a violation of their trademark/patents.” A Prusa employee responded to a post on the company’s forums, noting that Honda sent a “huge legal document” that covered every model that the company wished to have deleted. The document reportedly included items that did not have Honda logos, but also specific items with certain shapes and dimensions — like a washer fluid reservoir cap, for example.

A response from another employee was posted suggesting other sites that host 3D models were also sent a similar takedown notice.

Read more of this story at Slashdot.

Richard Stallman Speaks on the State of Free Software, and Answers Questions

Richard Stallman celebrated his 69th birthday last month. And Wednesday, he gave a 92-minute presentation called “The State of the Free Software Movement.”

Stallman began by thanking everyone who’s contributed to free software, and encouraged others who want to help to visit gnu.org/help. “The Free Software movement is universal, and morally should not exclude anyone. Because even though there are crimes that should be punished, cutting off someone from contributing to free software punishes the world. Not that person.”

And then he began by noting some things that have gotten better in the free software movement, including big improvements in projects like GNU Emacs when displaying external packages. (And in addition, “GNU Health now has a hospital management facility, which should make it applicable to a lot more medical organizations so they can switch to free software. And [Skype alternative] GNU Jami got a big upgrade.”)

What’s getting worse? Well, the libre-booted machines that we have are getting older and scarcer. Finding a way to support something new is difficult, because Intel and AMD are both designing their hardware to subjugate people. If they were basically haters of the public, it would be hard for them to do it much worse than they’re doing.

And Macintoshes are moving towards being jails, like the iMonsters. It’s getting harder for users to install even their own programs to run them. And this of course should be illegal. It should be illegal to sell a computer that doesn’t let users install software of their own from source code. And probably shouldn’t allow the computer to stop you from installing binaries that you get from others either, even though it’s true in cases like that, you’re doing it at your own risk. But tying people down, strapping them into their chairs so that they can’t do anything that hurts themselves — makes things worse, not better. There are other systems where you can find ways to trust people, that don’t depend on being under the power of a giant company.

We’ve seen problems sometimes where supported old hardware gets de-supported because somebody doesn’t think it’s important any more — it’s so old, how could that matter? But there are reasons…why old hardware sometimes remains very important, and people who aren’t thinking about this issue might not realize that…

Stallman also had some advice for students required by their schools to use non-free software like Zoom for their remote learning. “If you have to use a non-free program, there’s one last thing… which is to say in each class session, ‘I am bitterly ashamed of the fact that I’m using Zoom for this class.’ Just that. It’s a few seconds. But say it each time…. And over time, the fact that this is really important to you will sink in.”

And then halfway through, Stallman began taking questions from the audience…

Read on for Slashdot’s report on Stallman’s remarks, or jump ahead to…
How far should copyright law go? That NPM package that deleted files in Russia Does the free software world need more videogames? Stallman’s upcoming manual for ‘GNU C’ Free Software’s role in protecting our planet’s environment

Read more of this story at Slashdot.

Social Media Made Us Stupid – and How to Fix It

Jonathan Haidt, a social psychologist at the New York University’s School of Business, argues in the Atlantic that social-media platforms “trained users to spend more time performing and less time connecting.” But that was just the beginning.

He now believes this ultimately fueled a viral dynamic leading to “the continual chipping-away of trust” in a democracy which “depends on widely internalized acceptance of the legitimacy of rules, norms, and institutions.”

The most recent Edelman Trust Barometer (an international measure of citizens’ trust in government, business, media, and nongovernmental organizations) showed stable and competent autocracies (China and the United Arab Emirates) at the top of the list, while contentious democracies such as the United States, the United Kingdom, Spain, and South Korea scored near the bottom (albeit above Russia)…. Mark Zuckerberg may not have wished for any of that. But by rewiring everything in a headlong rush for growth — with a naive conception of human psychology, little understanding of the intricacy of institutions, and no concern for external costs imposed on society — Facebook, Twitter, YouTube, and a few other large platforms unwittingly dissolved the mortar of trust, belief in institutions, and shared stories that had held a large and diverse secular democracy together.
In the last 10 years, the article argues, the general public — at least in America — became “uniquely stupid.” And he’s not just speaking about the political right and left, but within both factions, “as well as within universities, companies, professional associations, museums, and even families.” The article quotes former CIA analyst Martin Gurri’s comment in 2019 that the digital revolution has highly fragmented the public into hostile shards that are “mostly people yelling at each other and living in bubbles of one sort or another.”

The article concludes that by now U.S. politics has entered a phase where truth “cannot achieve widespread adherence” and thus “nothing really means anything anymore–at least not in a way that is durable and on which people widely agree.” It even contemplates the idea of “highly believable” disinformation generated by AI, possibly by geopolitical adversaries, ultimately evolving into what the research manager at the Stanford Internet Observatory has described as “an Information World War in which state actors, terrorists, and ideological extremists leverage the social infrastructure underpinning everyday life to sow discord and erode shared reality.”

But then the article also suggests possible reforms:
The Facebook whistleblower Frances Haugen advocates for simple changes to the architecture of the platforms, rather than for massive and ultimately futile efforts to police all content. For example, she has suggested modifying the “Share” function on Facebook so that after any content has been shared twice, the third person in the chain must take the time to copy and paste the content into a new post. Reforms like this…don’t stop anyone from saying anything; they just slow the spread of content that is, on average, less likely to be true.
Perhaps the biggest single change that would reduce the toxicity of existing platforms would be user verification as a precondition for gaining the algorithmic amplification that social media offers. Banks and other industries have “know your customer” rules so that they can’t do business with anonymous clients laundering money from criminal enterprises. Large social-media platforms should be required to do the same…. This one change would wipe out most of the hundreds of millions of bots and fake accounts that currently pollute the major platforms…. Research shows that antisocial behavior becomes more common online when people feel that their identity is unknown and untraceable.

In any case, the growing evidence that social media is damaging democracy is sufficient to warrant greater oversight by a regulatory body, such as the Federal Communications Commission or the Federal Trade Commission. One of the first orders of business should be compelling the platforms to share their data and their algorithms with academic researchers.

The members of Gen Z–those born in and after 1997–bear none of the blame for the mess we are in, but they are going to inherit it, and the preliminary signs are that older generations have prevented them from learning how to handle it…. Congress should update the Children’s Online Privacy Protection Act, which unwisely set the age of so-called internet adulthood (the age at which companies can collect personal information from children without parental consent) at 13 back in 1998, while making little provision for effective enforcement. The age should be raised to at least 16, and companies should be held responsible for enforcing it. More generally, to prepare the members of the next generation for post-Babel democracy, perhaps the most important thing we can do is let them out to play. Stop starving children of the experiences they most need to become good citizens: free play in mixed-age groups of children with minimal adult supervision…

The article closes with its own note of hope — and a call to action:

In recent years, Americans have started hundreds of groups and organizations dedicated to building trust and friendship across the political divide, including BridgeUSA, Braver Angels (on whose board I serve), and many others listed at BridgeAlliance.us. We cannot expect Congress and the tech companies to save us. We must change ourselves and our communities.

Read more of this story at Slashdot.

GitHub Issues Security Alert After Spotting Misuse of Tokens Stolen from OAuth Integrators

GitHub issued a security alert Friday.
GitHub’s chief security officer wrote that on Tuesday, “GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm…”

We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems, because the tokens in question are not stored by GitHub in their original, usable formats. Following immediate investigation, we disclosed our findings to Heroku and Travis-CI on April 13 and 14…

Looking across the entire GitHub platform, we have high confidence that compromised OAuth user tokens from Heroku and Travis-CI-maintained OAuth applications were stolen and abused to download private repositories belonging to dozens of victim organizations that were using these apps. Our analysis of other behavior by the threat actor suggests that the actors may be mining the downloaded private repository contents, to which the stolen OAuth token had access, for secrets that could be used to pivot into other infrastructure.

We are sharing this today as we believe the attacks may be ongoing and action is required for customers to protect themselves.

The initial detection related to this campaign occurred on April 12 when GitHub Security identified unauthorized access to our npm production infrastructure using a compromised AWS API key. Based on subsequent analysis, we believe this API key was obtained by the attacker when they downloaded a set of private npm repositories using a stolen OAuth token from one of the two affected third-party OAuth applications described above. Upon discovering the broader theft of third-party OAuth tokens not stored by GitHub or npm on the evening of April 13, we immediately took action to protect GitHub and npm by revoking tokens associated with GitHub and npm’s internal use of these compromised applications.

We believe that the two impacts to npm are unauthorized access to, and downloading of, the private repositories in the npm organization on GitHub.com and potential access to the npm packages as they exist in AWS S3 storage.

At this point, we assess that the attacker did not modify any packages or gain access to any user account data or credentials. We are still working to understand whether the attacker viewed or downloaded private packages.

npm uses completely separate infrastructure from GitHub.com; GitHub was not affected in this original attack. Though investigation continues, we have found no evidence that other GitHub-owned private repos were cloned by the attacker using stolen third-party OAuth tokens.

Once GitHub identified stolen third-party OAuth tokens affecting GitHub users, GitHub took immediate steps to respond and protect users. GitHub contacted Heroku and Travis-CI to request that they initiate their own security investigations, revoke all OAuth user tokens associated with the affected applications, and begin work to notify their own users…. GitHub is currently working to identify and notify all of the known-affected victim users and organizations that we discovered through our analysis across GitHub.com. These customers will receive a notification email from GitHub with additional details and next steps to assist in their own response within the next 72 hours.
If you do not receive a notification, you and/or your organization have not been identified as affected.

You should, however, periodically review what OAuth applications you’ve authorized or are authorized to access your organization and prune anything that’s no longer needed.
You can also review your organization audit logs and user account security logs for unexpected or anomalous activity….

The security and trustworthiness of GitHub, npm, and the broader developer ecosystem is our highest priority. Our investigation is ongoing, and we will update this blog, and our communications with affected customers, as we learn more.

Read more of this story at Slashdot.

MS Symptoms May Have Been ‘Reversed’ In Immunotherapy Breakthrough

A new immunotherapy that targets cells infected with Epstein-Barr Virus (EBV) has halted the progression of multiple sclerosis (MS) in a small trial. Perhaps even more incredibly, in some patients, it is possible that symptoms of MS were actually reversed, though this was not fully identified in the most recent presentation of results (PDF). IFLScience reports: [S]ignificant evidence has linked infection of EBV and the eventual development of MS. […] Attempting to “transform treatment of Multiple Sclerosis,” Atara Biotherapeutics has developed an allogeneic T-cell therapy called ATA188. The concept is simple — when cells are infected with EBV, they express small proteins called antigens on the cell surface, and the immunotherapy contains immune cells that target and destroy them.

In a trial of 24 patients who received the therapy, 20 saw improvements or stability in their symptoms and no fatal or serious adverse effects were reported. Early brain scans suggest that some damaged nerve cells may have been “repaired” by the therapy in a process called remyelination, which could mean a reversal of damage caused by MS in the nervous system, but this has not yet been confirmed. While the results are extremely promising, it is an early Phase 1 trial with a small sample size and no placebo or control group, so it is unclear whether the results are significant at this stage. However, it is unlikely that this repair would occur naturally, suggesting the therapy is having a beneficial effect on some level.

Read more of this story at Slashdot.

ACE Shuts Down Massive Pirate Site After Locating Owner In Remote Peru

As part of its global anti-piracy mission, the Alliance for Creativity and Entertainment (ACE) has been trying to shut down Pelisplushd.net, a massive pirate streaming site with roughly 70 million visits per month. After tracking down its operator in the remote countryside of Peru, the anti-piracy group says the site is no more. TorrentFreak reports: In a statement published Wednesday, ACE officially announced that it was behind the closure of Pelisplushd.net. The anti-piracy group labeled the platform the second-largest Spanish-language ‘rogue website’ in the entire Latin American region with 383.5 million visits in the past six months and nearly 75 million visits in February 2022. In Mexico alone, the site had more visitors than hbomax.com, disneyplus.com and primevideo.com, a clear problem for those platforms which are all ACE members.

“This is a huge win for the ACE team based in Latin America as we work to protect the legitimate digital ecosystem throughout the region,” said Jan van Voorn, Executive Vice President and Chief of Global Content Protection for the Motion Picture Association. “The successful action against the operator of Pelisplushd.net was only made possible because of evidence that we gathered from previous operations conducted in other countries in Latin America. “This speaks volumes about ACE’s ability to crack current cases utilizing years of past gathered intelligence and highlights the global, strategic approach that determines our actions around the world.”

The operator of Pelisplushd is yet to be named but ACE reveals that after a positive identification, the anti-piracy group tracked him down to the “remote countryside of Peru.” That took place in March and soon after, ACE says the operator agreed to turn over his domains. As far as we can tell the main domain at Pelisplushd.net is not yet completely in ACE/MPA hands but a full transfer will probably take place later.

Read more of this story at Slashdot.

Reddit Adds Comment Searching To Help Improve Search Results

Today, Reddit is updating its search feature to index comments. The Verge reports: For the first time, users will have an option to pull results from replies to posts, making it less of a hassle to find something specific outside of general Reddit posts, communities, and people. The rollout is Reddit’s latest change to help users encounter content from outside their usual subreddits following the addition of a discovery tab on its mobile app in January.

Reddit says that in a user survey last year, the ability to search comments was one of the top results. During “limited initial testing,” Reddit claimed 26,000 users went on to use the feature against five billion comments. Right now, the new ability is available globally for users searching on Reddit’s desktop website, but not via its apps. The company “is also updating its search experience to help users find more relevant search results written by real people,” adds The Verge. “For example, when searching for something, instead of showing search results with that exact wording, related results will pop up instead to make the search less restrictive.”

Read more of this story at Slashdot.

‘Club Penguin Rewritten’ Allegedly Shut Down By Disney, Website Seized By London Police

“Club Penguin Rewritten,” a popular remake of Club Penguin enjoyed by thousands of gamers, has been seized by the City of London Police, with three people in connection with the site’s shuttering reportedly arrested for allegedly distributing copyrighted material. “Over 140,000 users were members of a Discord server for the game until today, when every message on the Discord disappeared,” reports TechCrunch. From the report: In 2007, Disney purchased Club Penguin — the children’s RPG that served as my first introduction to online fandom — for a whopping $700 million. Even then, as a child with little context about tech industry acquisitions, the purchase seemed foreboding (at least my friends thought so on the Miniclip forums, where I fraudulently claimed to be 13). But eventually, those of us who were dedicated fans of virtual sledding games and dance parties grew out of it, and after once boasting 200 million users, the game was shut down due to lack of interest in 2017. Disney tried to shuttle remaining players to a new mobile game called Club Penguin Island, but it only lasted for a year. But ever since the end of Club Penguin — when the iceberg finally tipped in a strangely emotional moment — there have always been remakes out there for nostalgic adults to relive their days of collecting puffles, dancing in the pizza shop and speed-running bans.

Only one message on the Discord remains, posted early this morning by an admin: “CPRewritten is shutting down effective immediately due to a full request by Disney,” the admin said. “We have voluntarily given control over the website to the police for them to continue their copyright investigation.” TechCrunch reached out to the City of London Police and Disney to verify these claims but did not hear back before publication. In 2020, Disney shut down “Club Penguin Online,” another copy of the game that acquired over a million new players during the pandemic.

Read more of this story at Slashdot.

Russian Tech Industry Faces ‘Brain Drain’ As Workers Flee

mspohr shares a report from the New York Times: In early March, days after Russia invaded Ukraine and began cracking down on dissent at home, Konstantin Siniushin, a venture capitalist in Riga, Latvia, helped charter two planes out of Russia to help people flee. Both planes departed from Moscow, carrying tech workers from the Russian capital as well as St. Petersburg, Perm, Ekaterinburg and other cities. Together, the planes moved about 300 software developers, entrepreneurs and other technology specialists out of the country, including 30 Russian workers from start-ups backed by Mr. Siniushin. The planes flew south past the Black Sea to Yerevan, the capital of Armenia, where thousands of other Russian tech workers fled in the weeks after the invasion. Thousands more flew to Georgia, Turkey, the United Arab Emirates and other countries that accept Russian citizens without visas.

By March 22, a Russian tech industry trade group estimated that between 50,000 and 70,000 tech workers had left the country and that an additional 70,000 to 100,000 would soon follow. They are part of a much larger exodus of workers from Russia, but their departure could have an even more lasting impact on the country’s economy. The long-run impact may be more significant than the short-run impact,” said Barry Ickes, head of the economics department at Pennsylvania State University, who specializes in the Russian economy. “Eventually, Russia has to diversify its economy away from oil and gas, and it has to accelerate productivity growth. Tech was a natural way of doing that.” Before all this started, Russia had such a strong technology base,” [Artem Taganov, founder and chief executive of a Russian start-up called HintEd] said. “Now, we have a brain drain that will continue for the next five to 10 years.”

Read more of this story at Slashdot.