Ford Plans To Produce 600,000 EVs a Year By the End of 2023

Ford CEO Jim Farley announced that the automaker is planning to produce 600,000 electric vehicles per year by the end of 2023, “which will double the number of EVs it originally intended to manufacture,” notes Engadget. From the report: According to Automotive News, production will be spread across the Mustang Mach-E, F-150 Lightning and E-Transit. Ford’s current EV lineup is wildly popular, Farley said, and the demand is “so much higher” than the company expected. The Mustang Mach-E is selling on three continents, while the Ford F-150 Lightning has been popular from the time it was announced. Ford received 100,000 reservations within three weeks after it was unveiled, and that number’s now up to 160,000 — all placed with a $100 refundable deposit. Due to the high demand for the F-150, Ford previously decided to invest $250 million to boost its production, creating 450 new jobs to help it make 80,000 trucks a year. It’s unclear how much that target would change now that the company is doubling its manufacturing goal.

Read more of this story at Slashdot.

Thousands of Firefox Users Accidentally Commit Login Cookies On GitHub

Thousands of Firefox cookie databases containing sensitive data are available on request from GitHub repositories, data potentially usable for hijacking authenticated sessions. The Register reports: These cookies.sqlite databases normally reside in the Firefox profiles folder. They’re used to store cookies between browsing sessions. And they’re findable by searching GitHub with specific query parameters, what’s known as a search “dork.” Aidan Marlin, a security engineer at London-based rail travel service Trainline, alerted The Register to the public availability of these files after reporting his findings through HackerOne and being told by a GitHub representative that “credentials exposed by our users are not in scope for our Bug Bounty program.”

Marlin then asked whether he could make his findings public and was told he’s free to do so. “I’m frustrated that GitHub isn’t taking its users’ security and privacy seriously,” Marlin told The Register in an email. “The least it could do is prevent results coming up for this GitHub dork. If the individuals who uploaded these cookie databases were made aware of what they’d done, they’d s*** their pants.”

Marlin acknowledges that affected GitHub users deserve some blame for failing to prevent their cookies.sqlite databases from being included when they committed code and pushed it to their public repositories. “But there are nearly 4.5k hits for this dork, so I think GitHub has a duty of care as well,” he said, adding that he’s alerted the UK Information Commissioner’s Office because personal information is at stake. Marlin speculates that the oversight is a consequence of committing code from one’s Linux home directory. “I imagine in most of the cases, the individuals aren’t aware that they’ve uploaded their cookie databases,” he explained. “A common reason users do this is for a common environment across multiple machines.”

Read more of this story at Slashdot.

Programmer Restores YouTube Dislike Counts With Browser Extension

An anonymous reader quotes a report from The Next Web: YouTube’s decision to hide dislike counts on videos has sparked anger and derision. One inventive programmer has attempted to restore the feature in a browser extension. The plugin currently uses the Google API to generate the dislike count. However, this functionality will be removed from December 13. “I’ll try to scrape as much data as possible until then,” the extension’s creator said on Reddit. “After that — total dislikes will be estimated using extension users as a sample.”

The alpha version isn’t perfect. It currently only works on videos for which the Youtube API returns a valid dislike count. The calculations could also be skewed by the userbase, which is unlikely to represent the average YouTube viewer. The developer said they’re exploring ways to mitigate this, such as comparing the downvotes collected through the public of extension users to a cache of real downvotes. The results should also improve as uptake grows. The plugin could provide a useful service, but its greatest value may be as a potent symbol of protest. You can try it out here — but proceed at your own risk. If you want to check out the code, it’s been published on GitHub. Further reading: YouTube Co-Founder Predicts ‘Decline’ of the Platform Following Removal of Dislikes

Read more of this story at Slashdot.

Starbucks Links With Amazon Go For First Cashierless Cafe

Starbucks has partnered with Amazon Go, the e-commerce giant’s brick-and-mortar convenience store, to open its first ever cashierless cafe. “[C]ustomers can sit at a table with a latte or grab a sandwich from a shelf and walk out,” reports Reuters. From the report: Hit by a U.S. labor crunch, Starbucks and other companies are expanding labor-saving technology like artificial intelligence, robotics and digital touch screens. […] The pandemic pushed people to place more orders online for carry out, delivery and drive-thru. To keep up, Starbucks shifted its development strategy to new store formats, adding pickup-only locations in urban areas, as well as traditional cafes and suburban drive-thrus. Starbucks and Amazon plan to open at least two more U.S. locations together in 2022, said Kathryn Young, Starbucks’ senior vice president of global growth and development.

Starbucks baristas will make drinks and the rest of the chain’s menu at the new location in New York City, which will have the same staffing level as any other Starbucks, she said. Customers can order through the Starbucks app and grab coffee to go from a counter near the door. Or they can use a credit card, Amazon app or Amazon One palm reader to enter the rest of the space, take snacks from shelves, or sit at tables.

Read more of this story at Slashdot.

Tea and Coffee May Be Linked To Lower Risk of Stroke and Dementia, Study Finds

Drinking coffee or tea may be linked with a lower risk of stroke and dementia, according to the largest study of its kind. The Guardian reports: Strokes cause 10% of deaths globally, while dementia is one of the world’s biggest health challenges — 130 million are expected to be living with it by 2050. In the research, 365,000 people aged between 50 and 74 were followed for more than a decade. At the start the participants, who were involved in the UK Biobank study, self-reported how much coffee and tea they drank. Over the research period, 5,079 of them developed dementia and 10,053 went on to have at least one stroke.

Researchers found that people who drank two to three cups of coffee or three to five cups of tea a day, or a combination of four to six cups of coffee and tea, had the lowest risk of stroke or dementia. Those who drank two to three cups of coffee and two to three cups of tea daily had a 32% lower risk of stroke. These people had a 28% lower risk of dementia compared with those who did not drink tea or coffee. The research, by Yuan Zhang and colleagues from Tianjin Medical University, China, suggests drinking coffee alone or in combination with tea is also linked with lower risk of post-stroke dementia. “[W]hat generally happened is that the risk of stroke or dementia was lower in people who drank reasonably small amounts of coffee or tea compared to those who drank none at all, but that after a certain level of consumption, the risk started to increase again until it became higher than the risk to people who drank none,” said professor Kevin McConway, an emeritus professor of applied statistics at the Open University who was not involved in the study.

“Once the coffee consumption got up to seven or eight cups a day, the stroke risk was greater than for people who drank no coffee, and quite a lot higher than for those who drank two or three cups a day.”

The study has been published in the journal PLOS Medicine.

Read more of this story at Slashdot.

US Joins Global Cybersecurity Partnership

The U.S. is now part of an international agreement on cybersecurity that the Trump administration declined to sign up for, Vice President Kamala Harris announced in Paris Wednesday. From a report: 80 countries, along with hundreds of tech companies — including Microsoft and Google — nonprofits and universities have signed the Paris Call for Trust and Security in Cyberspace, established in 2018 to create international norms and laws for cybersecurity and warfare. The U.S. support of the voluntary Paris Call reflects the Biden administration’s “priority to renew and strengthen America’s engagement with the international community on cyber issues,” per a White House statement.

It builds on U.S. efforts to improve cybersecurity for citizens and businesses, the statement continued. This includes “rallying G7 countries to hold accountable nations that harbor cyber criminals, supporting the update of NATO cyber policy for the first time in seven years, and the recent counter-ransomware engagement with over 30 countries around the world to accelerate international cooperation to combat cybercrime.”

Read more of this story at Slashdot.

New Book Warns CS Mindset and VC Industry are Ignoring Competing Values

So apparently three Stanford professors are offering some tough-love to young people in the tech community. Mehran Sahami first worked at Google when it was still a startup (recruited to the company by Sergey Brin). Currently a Stanford CS professor, Sahami explained in 2019 that “I want students who engage in the endeavor of building technology to think more broadly about what are the implications of the things that they’re developing — how do they impact other people? I think we’ll all be better off.”

Now Sahami has teamed up with two more Stanford professors to write a book calling for “a mature reckoning with the realization that the powerful technologies dominating our lives encode within them a set of values that we had no role in choosing and that we often do not even see…”

At a virtual event at Silicon Valley’s Computer History Museum, the three professors discussed their new book, System Error: Where Big Tech Went Wrong and How We Can Reboot — and thoughtfully and succinctly distilled their basic argument. “The System Error that we’re describing is a function of an optimization mindset that is embedded in computer science, and that’s embedded in technology,” says political scientist Jeremy Weinstein (one of the book’s co-authors). “This mindset basically ignores the competing values that need to be ‘refereed’ as new products are designed. It’s also embedded in the structure of the venture capital industry that’s driving the growth of Silicon Valley and the growth of these companies, that prioritizes scale before we even understand anything about the impacts of technology in society. And of course it reflects the path that’s been paved for these tech companies to market dominance by a government that’s largely been in retreat from exercising any oversight.”

Sahami thinks our technological landscape should have a protective infrastructure like the one regulating our roads and highways. “It’s not a free-for all where the ultimate policy is ‘If you were worried about driving safely then don’t drive.'” Instead there’s lanes and traffic lights and speed bumps — an entire safe-driving infrastructure which arrived through regulation.” Or (as their political science professor/co-author Rob Reich tells the site), “Massive system problems should not be framed as choices that can be made by individual consumers.”

Sahami also thinks breaking up big tech monopolies would just leaves smaller “less equipped” companies to deal with the same problems — but that positive changes in behavior might instead come from government scrutiny. But Reich also wants to see professional ethics (like the kind that are well-established in biomedical fields). “In the book we point the way forward on a number of different fronts about how to accelerate that…”

And he argues that at colleges, just one computing-ethics class isn’t enough. “Ethics must be embedded through the entire curriculum.”

Read more of this story at Slashdot.

Trump’s Truth App Bans Criticism of Itself – and Also ‘Excessive Use of Capital Letters’

Time magazine spotted three things in the terms of service for former U.S. president Trump’s “Truth Social” site:

– Despite advertising itself as a platform that will “give a voice to all,” according to a press release, TRUTH Social’s terms of service state that users may not “disparage, tarnish, or otherwise harm, in our opinion, us and/or the Site.” In other words, any user who criticizes Trump or the site can be kicked off the platform…

– [W]hile portraying itself as a refuge for free speech and the “first major rival to ‘Big Tech,'” TRUTH Social’s terms of service make it clear that the platform not only intends to moderate content — just as Twitter and Facebook do — but reserves the right to remove users for any reason it deems necessary. The terms go on to say that if TRUTH Social decides to terminate or suspend your account, the platform may also sue you — something that Twitter and Facebook’s terms don’t say. “In addition to terminating or suspending your account, we reserve the right to take appropriate legal action, including without limitation pursuing civil, criminal, and injunctive redress,” TRUTH Social’s terms state…

– Maybe most notably, the site’s list of prohibited activities includes the “excessive use of capital letters,” an idiosyncrasy that Trump became known for on Twitter and that no other major social network specifically bans. TRUTH Social’s terms also contain some sections written in all-caps.

The terms also specify explicitly that the site considers itself “not responsible” for the accuracy/reliability of what’s posted on the site. Yet the Washington Post reports the newly-formed “Trump Media & Technology Group” has already applied for trademark rights for the terms “truthing,” “post a truth,” and “retruth.”

Meanwhile, the Software Freedom Conservancy believes the end of the site’s public test launch was directly tied to a recently-discovered violation of a Conservancy license. “Once caught in the act, Trump’s Group scrambled and took the site down.”
One of the license’s authors emphasizes that the license “purposefully treats everyone equally (even people we don’t like or agree with), but they must operate under the same rules of the copyleft licenses that apply to everyone else…”

To comply with this important FOSS license, Trump’s Group needs to immediately make that Corresponding Source available to all who used the site today while it was live. If they fail to do this within 30 days, their rights and permissions in the software are automatically and permanently terminated. That’s how AGPLv3’s cure provision works — no exceptions — even if you’re a real estate mogul, reality television star, or even a former POTUS.”

Read more of this story at Slashdot.

DDR4 Memory Protections Are Broken Wide Open By New Rowhammer Technique

“An unprivileged application can corrupt data in memory by accessing ‘hammering’ rows of DDR4 memory in certain patterns millions of times a second, giving those untrusted applications nearly unfettered system privileges,” writes long-time Slashdot reader shoor. Ars Technica reports: Rowhammer attacks work by accessing — or hammering — physical rows inside vulnerable chips millions of times per second in ways that cause bits in neighboring rows to flip, meaning 1s turn to 0s and vice versa. Researchers have shown the attacks can be used to give untrusted applications nearly unfettered system privileges, bypass security sandboxes designed to keep malicious code from accessing sensitive operating system resources, and root or infect Android devices, among other things. All previous Rowhammer attacks have hammered rows with uniform patterns, such as single-sided, double-sided, or n-sided. In all three cases, these “aggressor” rows — meaning those that cause bitflips in nearby “victim” rows — are accessed the same number of times.

Research published on Monday presented a new Rowhammer technique. It uses non-uniform patterns that access two or more aggressor rows with different frequencies. The result: all 40 of the randomly selected DIMMs in a test pool experienced bitflips, up from 13 out of 42 chips tested in previous work (PDF) from the same researchers. “We found that by creating special memory access patterns we can bypass all mitigations that are deployed inside DRAM,” Kaveh Razavi and Patrick Jattke, two of the research authors, wrote in an email. “This increases the number of devices that can potentially be hacked with known attacks to 80 percent, according to our analysis. These issues cannot be patched due to their hardware nature and will remain with us for many years to come.”

The non-uniform patterns work against Target Row Refresh. Abbreviated as TRR, the mitigation works differently from vendor to vendor but generally tracks the number of times a row is accessed and recharges neighboring victim rows when there are signs of abuse. The neutering of this defense puts further pressure on chipmakers to mitigate a class of attacks that many people thought more recent types of memory chips were resistant to. In Monday’s paper, the researchers wrote: “Proprietary, undocumented in-DRAM TRR is currently the only mitigation that stands between Rowhammer and attackers exploiting it in various scenarios such as browsers, mobile phones, the cloud, and even over the network. In this paper, we show how deviations from known uniform Rowhammer access patterns allow attackers to flip bits on all 40 recently-acquired DDR4 DIMMs, 2.6x more than the state of the art. The effectiveness of these new non-uniform patterns in bypassing TRR highlights the need for a more principled approach to address Rowhammer.” While PCs, laptops, and mobile phones are most affected by the new findings, the report notes that cloud services like AWS and Azure “remain largely safe from Rowhammer because they use higher-end chips that include a defense known as ECC, short for Error Correcting Code.”

“Concluding, our work confirms that the DRAM vendors’ claims about Rowhammer protections are false and lure you into a false sense of security,” the researchers wrote. “All currently deployed mitigations are insufficient to fully protect against Rowhammer. Our novel patterns show that attackers can more easily exploit systems than previously assumed.”

Read more of this story at Slashdot.

Report: NVIDIA’s ARM Takeover Faces Second Antitrust/National Security Inquiry

The UK’s digital and cultural secretary will instruct the country’s Competition & Markets Authority to conduct “an in-depth inquiry into antitrust concerns” over NVIDIA’s purchase of ARM, reports the Sunday Times, “as well as scrutinise national security fears raised by the takeover….”

Engadget reports:

A second investigation would reportedly last about six months. After that, officials could either block the deal, approve it as-is or require concessions…

The tech firm has focused its energy so far on downplaying concerns about ARM’s neutrality if the deal closes, promising an open licensing model that treats customers fairly.

Any second investigation wouldn’t necessarily spell doom for NVIDIA’s acquisition. It would suggest the government has some qualms, however, and that NVIDIA might have to make some sacrifices. At the least, the company would have to be patient — it wouldn’t get UK approval until 2022 at the earliest, and it would still have to wait for other regulators before finalizing the merger.

In other news, ARM has joined the Rust Foundation.

Read more of this story at Slashdot.