The Original Winamp Skin Is Selling As An NFT

Winamp will sell a non-fungible token (NFT) linked to its media player’s original 1997 graphical skin, becoming the latest company to blend nostalgia and crypto. The Verge reports: Winamp will put the NFT up for auction through OpenSea between May 16th and May 22nd, followed by a separate sale of 1997 total NFTs based on 20 artworks derived from the original skin. The proceeds will go to the Winamp Foundation, which promises to donate them to charity projects, starting with the Belgian nonprofit Music Fund.

The NFT sale appears to be a combination of a publicity move and a fundraising effort. Winamp is sourcing the derivative art NFTs by asking artists to submit Winamp-based works between now and April 15th, then giving selected artists 20 percent of the proceeds from each sale of their image as an NFT. Nineteen of the pieces will sell in editions of 100 copies, and the remaining one will have 97; they’ll all sell for 0.08 Ethereum — around $210 at current exchange rates. The artists will get 10 percent of any royalties on later sales, where the seller will set their own price.

Winamp’s head of business development Thierry Ascarez tells The Verge that buyers will get a blockchain token linked to an image of either the original skin seen above or one of its derivatives, which is a common setup for NFTs. Buyers will have the right to “copy, reproduce, and display” the image, but they won’t own the copyright. Likewise, selected artists will agree to transfer all intellectual property for their work to Winamp, according to a page of terms and conditions (PDF).

Read more of this story at Slashdot.

Congressional Bills Would Ban Tech Mergers Over $5 Billion

Senator Elizabeth Warren and House Representative Mondaire Jones have introduced legislation in their respective congressional chambers that would effectively ban large technology mergers. Engadget reports: The Prohibiting Anticompetitive Mergers Act (PAMA) would make it illegal to pursue “prohibited mergers,” including those worth more than $5 billion or which provide market shares beyond 25 percent for employers and 33 percent for sellers. The bills would also give antitrust regulators more power to halt and review mergers. They would have authority to reject mergers outright, without requiring court orders. They would likewise bar mergers from companies with track records of antitrust violations or other instances of “corporate crime” in the past decade. Officials would have to gauge the impact of these acquisition on labor forces, and wouldn’t be allowed to negotiate with the companies to secure “remedies” for clearing mergers.

Crucially, PAMA would formalize procedures for reviewing past mergers and breaking up “harmful deals” that allegedly hurt competition. The Federal Trade Commission has signaled a willingness to split up tech giants like Meta despite approving mergers years earlier. PAMA might make it easier to unwind those acquisitions and force brands like Instagram and WhatsApp to operate as separate businesses.

Read more of this story at Slashdot.

Brain-Imaging Studies Hampered by Small Data Sets, Study Finds

For two decades, researchers have used brain-imaging technology to try to identify how the structure and function of a person’s brain connects to a range of mental-health ailments, from anxiety and depression to suicidal tendencies. But a new paper, published Wednesday in Nature, calls into question whether much of this research is actually yielding valid findings. The New York Times reports: Many such studies, the paper’s authors found, tend to include fewer than two dozen participants, far shy of the number needed to generate reliable results. “You need thousands of individuals,” said Scott Marek, a psychiatric researcher at the Washington University School of Medicine in St. Louis and an author of the paper. He described the finding as a “gut punch” for the typical studies that use imaging to try to better understand mental health.

Studies that use magnetic-resonance imaging technology commonly temper their conclusions with a cautionary statement noting the small sample size. But enlisting participants can be time-consuming and expensive, ranging from $600 to $2,000 an hour, said Dr. Nico Dosenbach, a neurologist at Washington University School of Medicine and another author on the paper. The median number of subjects in mental-health-related studies that use brain imaging is around 23, he added. But the Nature paper demonstrates that the data drawn from just two dozen subjects is generally insufficient to be reliable and can in fact yield ‘massively inflated’ findings,” Dr. Dosenbach said. The findings from the Nature paper can “absolutely” be applied to other fields beyond mental health, said Marek. “My hunch this is much more about population science than it is about any one of those fields,” he said.

Read more of this story at Slashdot.

Google Unveils Its B2B Cloud Gaming Platform Built With Stadia Tech

An anonymous reader quotes a report from Forbes: Google had plenty of news about Stadia, the consumer-facing aspect of its cloud gaming products, at its Google for Games Developer Summit. On the flip side of that is the white-label platform Google’s been working on: a way for other companies to license the game streaming tech that powers Stadia. Previously, that B2B offering was believed to be known as Google Stream. Google has now confirmed more details about the offering, including its name.

It’s now called Immersive Stream for Games (which doesn’t exactly roll off the tongue as smoothly as Google Stream). The Stadia team built it with the help of the folks at Google Cloud. The company says the service will allow companies to run their own game trials, let users play full games, offer subscription bundles or have full storefronts. In other words, publishers might be able to run their own versions of Stadia with their own libraries of games, branding and custom user interface.

We’ve seen a version of Immersive Stream for Games in action. Last year, Google teamed up with AT&T to offer people a way to play Batman: Arkham Knight for free via the cloud. Thousands of folks took advantage of the offer. AT&T plans to offer its customers access to another game soon with the help of Immersive Stream for Games. While that version of Batman: Arkham Knight was only available on desktop and laptop web browsers, the next game will run on mobile devices too. If all goes well, it could be a decent way for AT&T to show off what its 5G network can do. Immersive Stream for Games will include other features Google revealed for Stadia today, including a way to offer free trials of full games and a project aimed at making it easier to port games so they run on Stadia tech, as well as analytics. Developers and publishers can send Google an inquiry for more details.

Read more of this story at Slashdot.

Nasty Linux Netfilter Firewall Security Hole Found

Sophos threat researcher Nick Gregory discovered a hole in Linux’s netfilter firewall program that’s “exploitable to achieve kernel code execution (via ROP [return-oriented programming]), giving full local privilege escalation, container escape, whatever you want.” ZDNet reports: Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux’s network stack. It’s an essential Linux security program, so when a security hole is found in it, it’s a big deal. […] This problem exists because netfilter doesn’t handle its hardware offload feature correctly. A local, unprivileged attacker can use this to cause a denial-of-service (DoS), execute arbitrary code, and cause general mayhem. Adding insult to injury, this works even if the hardware being attacked doesn’t have offload functionality! That’s because, as Gregory wrote to a security list, “Despite being in code dealing with hardware offload, this is reachable when targeting network devices that don’t have offload functionality (e.g. lo) as the bug is triggered before the rule creation fails.”

This vulnerability is present in the Linux kernel versions 5.4 through 5.6.10. It’s listed as Common Vulnerabilities and Exposures (CVE-2022-25636), and with a Common Vulnerability Scoring System (CVSS) score of 7.8), this is a real badie. How bad? In its advisory, Red Hat said, “This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat.” So, yes, this is bad. Worse still, it affects recent major distribution releases such as Red Hat Enterprise Linux (RHEL) 8.x; Debian Bullseye; Ubuntu Linux, and SUSE Linux Enterprise 15.3. While the Linux kernel netfilter patch has been made, the patch isn’t available yet in all distribution releases.

Read more of this story at Slashdot.

Fourth Shot ‘is Necessary’, Pfizer CEO Says

An anonymous reader shares a report: While US health experts closely monitor upticks of COVID-19 cases in Europe as well as the global rise of the omicron subvariant BA.2, Pfizer is renewing calls for fourth doses of COVID-19 vaccine. In an interview Sunday on CBS’ Face the Nation, Pfizer CEO Albert Bourla said that a fourth dose — aka a second booster — is “necessary.”

“The protection what we are getting from the third [doses], it is good enough — actually, quite good for hospitalizations and deaths,” Dr. Bourla said. But, “it’s not that good against infections” with omicron, and “it doesn’t last very long.” He reported that Pfizer is “working very diligently” to come up with a new dose that will protect against all variants and provide longer-lasting protection.

Read more of this story at Slashdot.

TorGuard Settles Piracy Lawsuit, Agrees To Block Torrent Traffic On US Servers

TorGuard has settled a copyright infringement lawsuit filed by several movie companies last year. The VPN provider stood accused of failing to take action against subscribers who were pirating films. As part of the settlement, TorGuard agrees to block BitTorrent traffic on U.S. servers; however, it stresses that user privacy is in no way affected by this decision. TorrentFreak reports: “Pursuant to a confidential settlement agreement, Plaintiffs have requested, and Defendant has agreed to use commercially reasonable efforts to block BitTorrent traffic on its servers in the United States using firewall technology,” a joint statement reads. This is quite a far-reaching measure as a broad BitTorrent blockade will also affect legal traffic, which includes software updates from Twitter and Facebook. That said, people can still use BitTorrent on servers in other regions. […]

The company confirms that it’s blocking torrent traffic on U.S. servers, but that doesn’t change anything for the privacy of users. “TorGuard has not been forced to log network usage data. Due to the nature of shared IP’s and related hardware technicalities of how TorGuard’s network was built it is impossible for us to do so,” the VPN provider writes. “We have a responsibility to provide high quality uninterrupted VPN and proxy services to our client base at large while mitigating any related network abuse that should arise. This commitment to user privacy and service reliability is the reason we have taken measures to block Bittorrent traffic on servers within the United States.”

Read more of this story at Slashdot.

Twitter Rolls Back Its Decision To Force You Into the Out-of-Order Timeline

Last week, Twitter introduced a change to the timeline that “would default to showing the algorithmically served Home feed while the reverse-chronological Latest feed was accessible in a separate tab,” reports The Verge. “The change […] made it more difficult to view tweets in chronological order.” Twitter is now reverting things to the way following significant backlash. From the report: Some users shared criticism of the change almost immediately after its March 10th announcement, as the Latest feed is preferred to the Home feed for many. The out-of-sequence Home feed can, at times, be confusing, especially for people who use Twitter for updates during a breaking news event like the war in Ukraine. However, two Twitter execs noted in replies to Verge contributing editor Casey Newton that they would be working on the problem, and it appears that the original change won’t be going through as planned. “We take feedback seriously, and in this case, we heard the new pinned Home & Latest wasn’t giving you the level of control over your timeline that you want,” Twitter spokesperson Shaokyi Amdo said in a statement to The Verge.

However, based on what the execs said, it seems Twitter may be investigating other possible changes to the timeline in the future. “Giving people choice and control over their Twitter experience is super important,” Twitter’s newly named VP of consumer product, Jay Sullivan, said in a reply to Newton on March 12th. “I’ll be working on this. Stay tuned.” Sullivan added that he was hoping the platform could achieve “a nice balance for all.”

Read more of this story at Slashdot.

New CaddyWiper Data Wiping Malware Hits Ukrainian Networks

Newly discovered data-destroying malware was observed earlier today in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks. BleepingComputer reports: “This new malware erases user data and partition information from attached drives,” ESET Research Labs explained. “ESET telemetry shows that it was seen on a few dozen systems in a limited number of organizations.” While designed to wipe data across Windows domains it’s deployed on, CaddyWiper will use the DsRoleGetPrimaryDomainInformation() function to check if a device is a domain controller. If so, the data on the domain controller will not be deleted. This is likely a tactic used by the attackers to maintain access inside the compromised networks of organizations they hit while still heavily disturbing operations by wiping other critical devices.

While analyzing the PE header of a malware sample discovered on the network of an undisclosed Ukrainian organization, it was also discovered that the malware was deployed in attacks the same day it was compiled. “CaddyWiper does not share any significant code similarity with HermeticWiper, IsaacWiper, or any other malware known to us. The sample we analyzed was not digitally signed,” ESET added. “Similarly to HermeticWiper deployments, we observed CaddyWiper being deployed via GPO, indicating the attackers had prior control of the target’s network beforehand.”

Read more of this story at Slashdot.