Re-Victimization From Police-Auctioned Cell Phones

An anonymous reader quotes a report from KrebsOnSecurity: Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found (PDF). In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Researchers at the University of Maryland last year purchased 228 smartphones sold “as-is” from PropertyRoom.com, which bills itself as the largest auction house for police departments in the United States. Of phones they won at auction (at an average of $18 per phone), the researchers found 49 had no PIN or passcode; they were able to guess an additional 11 of the PINs by using the top-40 most popular PIN or swipe patterns. Phones may end up in police custody for any number of reasons — such as its owner was involved in identity theft — and in these cases the phone itself was used as a tool to commit the crime. “We initially expected that police would never auction these phones, as they would enable the buyer to recommit the same crimes as the previous owner,” the researchers explained in a paper released this month. “Unfortunately, that expectation has proven false in practice.”

Beyond what you would expect from unwiped second hand phones — every text message, picture, email, browser history, location history, etc. — the 61 phones they were able to access also contained significant amounts of data pertaining to crime — including victims’ data — the researchers found. […] Also, the researchers found that many of the phones clearly had personal information on them regarding previous or intended targets of crime: A dozen of the phones had photographs of government-issued IDs. Three of those were on phones that apparently belonged to sex workers; their phones contained communications with clients. “We informed [PropertyRoom] of our research in October 2022, and they responded that they would review our findings internally,” said Dave Levin, an assistant professor of computer science at University of Maryland. “They stopped selling them for a while, but then it slowly came back, and then we made sure we won every auction. And all of the ones we got from that were indeed wiped, except there were four devices that had external SD [storage] cards in them that weren’t wiped.”

Read more of this story at Slashdot.

Gas-Powered Cars Won’t Die Off Any Time Soon

According to S&P Global Mobility, the average age of light vehicles on the road in the U.S. is now at an all-time high of 12.5 years, up three months from 2022. Two decades ago, their average was 9.7 years. Axios reports: The impact: The transition from gas to electric cars will take decades.

It’ll likely take until at least 2050 — and possibly longer — before most gas-powered cars are off the road, Campau says.

Of note: EV longevity is going in the opposite direction. Their average age fell from 3.7 years in 2022 to 3.6 years in 2023, in part due to an upswing in new purchases.

By the numbers: About 6.6% of battery-powered EVs bought between 2013-2022 have left the passenger fleet, compared with 5.2% of non-EVs — but […] it’s too early to know why. EVs generally come with an 8-year, 100,000-mile warranty — but early evidence suggests they last longer than that, according to an analysis by Recurrent, which tracks battery data. Carmakers say electric cars should last 15 to 20 years, but modern EVs haven’t been around long enough to validate that claim. The report projects that there will be fewer than 100 million passenger cars on the road within the next 18-24 months — a low not seen since 1978. By 2028, at least 7 in 10 vehicles on the road will be pickups, SUVs or crossovers.

Read more of this story at Slashdot.

WHO Warns Against Using Artificial Sweeteners

The World Health Organization (WHO) on Monday released guidance on non-sugar sweeteners (NSS), recommending against using them to control body weight. From the report: The recommendation is based on the findings of a systematic review of the available evidence which suggests that use of NSS does not confer any long-term benefit in reducing body fat in adults or children. Results of the review also suggest that there may be potential undesirable effects from long-term use of NSS, such as an increased risk of type 2 diabetes, cardiovascular diseases, and mortality in adults. The recommendation applies to all people except individuals with pre-existing diabetes and includes all synthetic and naturally occurring or modified non-nutritive sweeteners that are not classified as sugars found in manufactured foods and beverages, or sold on their own to be added to foods and beverages by consumers. Common NSS include acesulfame K, aspartame, advantame, cyclamates, neotame, saccharin, sucralose, stevia and stevia derivatives.

The recommendation does not apply to personal care and hygiene products containing NSS, such as toothpaste, skin cream, and medications, or to low-calorie sugars and sugar alcohols (polyols), which are sugars or sugar derivatives containing calories and are therefore not considered NSS. “Replacing free sugars with NSS does not help with weight control in the long term. People need to consider other ways to reduce free sugars intake, such as consuming food with naturally occurring sugars, like fruit, or unsweetened food and beverages,” says Francesco Branca, WHO Director for Nutrition and Food Safety. “NSS are not essential dietary factors and have no nutritional value. People should reduce the sweetness of the diet altogether, starting early in life, to improve their health.”

Read more of this story at Slashdot.

OpenAI’s Sam Altman Set To Raise $100 Million For Worldcoin

According to the Financial Times, OpenAI CEO Sam Altman is close to raising around $100 million in funding for his Worldcoin cyrpto project. Markets Insider reports: Worldcoin is in advanced talks to raise the cash from both new and existing investors ahead of a potential launch within the next few weeks, the Financial Times said Sunday, citing three people with knowledge of the deal. The startup wants to use eyeball-scanning technology to create a digital identification system that would give people across the globe access to a free crypto token called Worldcoin. It’s previously received backing from Andreessen Horowitz’s crypto fund, Coinbase’s VC arm Coinbase Ventures, and FTX founder Sam Bankman-Fried.

Worldcoin pulled in $100 million from investors last year through a token sale that valued the company at around $3 billion, according to a report by The Information from March 2022. That fundraising effort came before a bruising period for crypto in which flagship tokens like bitcoin and ether cratered in price and high-profile companies including Bankman-Fried’s FTX collapsed. “It’s a bear market, a crypto winter. It’s remarkable for a project in this space to get this amount of investment,” one of the FT’s sources told the publication.

Read more of this story at Slashdot.

Hasselblad Is Reportedly the Latest Camera Maker To Bail On DSLRs

Hasselblad is discontinuing its H-series medium format DSLRs to focus exclusively on mirrorless models. “The move leaves Pentax and Ricoh as the biggest remaining names in the rapidly diminishing DSLR space,” notes Engadget. “Hasselblad’s last H series launch was the H6D system in 2016.” From the report: “While we have been feeling this sting for over the last 18 months with lack of product, today we received official notice that the full product line of the Hasselblad H system has been officially discontinued,” Capture Integration wrote. “All [H system] products are now officially out of stock and Hasselblad will no longer take orders for anything in the H line.” The article continued, “The H system is still very strong and working in so many studios today. However, it’s time to look at replacements. We can’t even order new battery grips today.” The vendor notes that future repairs will likely take longer and grow in difficulty.

Read more of this story at Slashdot.

Somehow Amazon’s Open Source Fork of ElasticSearch Has Succeeded

Long-time open source advocate Matt Asay writes in InfoWorld:

OpenSearch shouldn’t exist. The open source alternative to Elasticsearch started off as Amazon Web Services’ (AWS) answer to getting outflanked by Elastic’s change in Elasticsearch’s license, which was in turn sparked by AWS building a successful Elasticsearch service but contributing little back. In 2019 when AWS launched its then Open Distro for Elasticsearch, I thought its reasons rang hollow and, frankly, sounded sanctimonious. This was, after all, a company that used more open source than it contributed. Two years later, AWS opted to fork Elasticsearch to create OpenSearch, committing to a “long-term investment” in OpenSearch.

I worked at AWS at the time. Privately, I didn’t think it would work.

Rather, I didn’t feel that AWS really understood just how much work was involved in running a successful open source project, and the company would fail to invest the time and resources necessary to make OpenSearch a viable competitor to Elasticsearch. I was wrong. Although OpenSearch has a long way to go before it can credibly claim to have replaced Elasticsearch in the minds and workloads of developers, it has rocketed up the search engine popularity charts, with an increasingly diverse contributor population. In turn, the OpenSearch experience is adding a new tool to AWS’ arsenal of open source strengths….

As part of the AWS OpenSearch team, David Tippett and Eli Fisher laid out a few key indicators of OpenSearch’s success as they gave their 2022 year in review. They topped more than 100 million downloads and gathered 8,760 pull requests from 496 contributors, a number of whom don’t work for AWS. Not stated were other success factors, such as Adobe’s earlier decision to replace Elasticsearch with OpenSearch in its Adobe Commerce suite, or its increasingly open governance with third-party maintainers for the project. Nor did they tout its lightning-fast ascent up the DB-Engines database popularity rankings, hitting the Top 50 databases for the first time.

OpenSearch, in short, is a bonafide open source success story. More surprisingly, it’s an AWS open source success story. For many who have been committed to the “AWS strip mines open source” narrative, such success stories aren’t supposed to exist. Reality bites.
The article notes that OpenSearch’s success “doesn’t seem to be blunting Elastic’s income statement.” But it also points out that Amazon now has many employees actively contributing to open source projects, including PostgreSQL and MariaDB. (Although “If AWS were to turn forking projects into standard operating procedure, that might get uncomfortable.”)

“Fortunately, not only has AWS learned how to build more open source, it has also learned how to partner with open source companies.”

Read more of this story at Slashdot.

Apple Begins Testing Speedy M3 Chips That Could Feature 12 CPU Cores

Engadget writes:

Apple is testing an M3 chipset with a 12-core processor and 18-core GPU, according to Bloomberg’s Mark Gurman. In his latest Power On newsletter, Gurman reports a source sent him App Store developer logs that show the chip running on an unannounced MacBook Pro with macOS 14. He speculates the M3 variant Apple is testing is the base-level M3 Pro the company plans to release sometime next year…

[T]he M3 Pro reportedly features 50 percent more CPU cores than its first-generation predecessor.

From Gurman’s original article:
I’m sure you’re wondering: How can Apple possibly fit that many cores on a chip? The answer is the 3-nanometer manufacturing process, which the company will be switching to with its M3 line. That approach allows for higher-density chips, meaning a designer can fit more cores into an already small processor.

Read more of this story at Slashdot.

Cloudflare CTO Predicts Coding AIs Will Bring More Productivity, Urges ‘Data Fluidity’

Serverless JavaScript is hosted in an edge network or by an HTTP caching service (and only runs when requested), explains Cloudflare. “Developers can write and deploy JavaScript functions that process HTTP requests before they travel all the way to the origin server.”

Their platform for serverless JavaScript will soon have built-in AI features, Cloudflare’s CTO announced today, “so that developers have a rich toolset at their disposal.
A developer platform without AI isn’t going to be much use. It’ll be a bit like a developer platform that can’t do floating point arithmetic, or handle a list of data. We’re going to see every developer platform have AI capability built in because these capabilities will allow developers to make richer experiences for users…

As I look back at 40 years of my programming life, I haven’t been this excited about a new technology… ever. That’s because AI is going to be a pervasive change to how programs get written, who writes programs and how all of us interact with software… I think it’ll make us more productive and make more people programmers.

But in addition, developers on the platform will also be able to train and upload their own models to run on Cloudflare’s global network:
Unlike a database where data might largely be stored and accessed infrequently, AI systems are alive with moving data. To accommodate that, platforms need to stop treating data as something to lock in developers with. Data needs to be free to move from system to system, from platform to platform, without transfer fees, egress or other nonsense. If we want a world of AI, we need a world of data fluidity.

Read more of this story at Slashdot.

Only Cloud Providers Get Security Right. Can IT Vendors Catch Up?

Slashdot reader storagedude writes: If cloud service providers are the only ones who can get security right, will everyone eventually move to the cloud? That’s one of the questions longtime IT systems architect Henry Newman asks in a new article on eSecurity Planet. “The concept of zero trust has been around since 2010, when Forrester Research analyst John Kindervag created the zero trust security model. Yet two years after the devastating Colonial Pipeline attack and strong advocacy from the U.S. government and others, we are still no closer to seeing zero trust architecture widely adopted,” Newman writes. “The only exception, it seems, has been cloud service providers, who boast an enviable record when it comes to cybersecurity, thanks to rigorous security practices like Google’s continuous patching.” “As security breaches continue to happen hourly, sooner or later zero trust requirements are going to be forced upon all organizations, given the impact and cost to society. The Biden Administration is already pushing ambitious cybersecurity legislation, but it’s unlikely to get very far in the current Congress. I am very surprised that the cyber insurance industry has not required zero trust architecture already, but perhaps the $1.4 billion Merck judgment that went against the industry last week will begin to change that.

“The central question is, can any organization implement a full zero trust stack, buy hardware and software from various vendors and put it together, or will we all have to move to cloud service providers (CSPs) to get zero trust security?

“Old arguments that cloud profit margins will eventually make on-premises IT infrastructure seem like the cheaper alternative failed to anticipate an era when security became so difficult that only cloud service providers could get it right.” Cloud service providers have one key advantage when it comes to security, Newman notes: They control, write and build much of their software and hardware stacks.

Newman concludes: “I am somewhat surprised that cloud service providers don’t tout their security advantages more than they do, and I am equally surprised that the commercial off-the-shelf vendors do not band together faster than they have been to work on zero trust. But what surprises me the most is the lack of pressure on everyone to move to zero trust and get a leg or two up on the current attack techniques and make the attack plane much smaller than it is.”

Read more of this story at Slashdot.

Lithium-Ion Battery Fires on Aircraft are Happening ‘Much More Frequently’

As smoke began filling the cabin, an airplane passenger saw sparks and fire bursting from a bag in the seat directly behind her — which turned out to be a “smoky flashing lithium battery, which had begun smoldering in a carry-on bag,” according to CBS News.

The flight crew contained the situation, and “Airport fire trucks met the plane on the runway and everyone evacuated safely.” But a CBS News Investigation “has discovered similar incidents have been happening much more frequently in the skies over the United States.”

The FAA verifies the number of lithium-Ion battery fires jumped more 42% in the last five years. A CBS News analysis of the FAA’s data found that since 2021 there’s been at least one lithium battery incident on a passenger plane somewhere in the U.S., on average, once every week…

Some airlines are taking action to control the growing number of fires. They are using specialized “thermal containment” bags designed for flight crews to use if a lithium battery starts heating up to the point where it’s smoking or burning. Mechanical engineers at the University of Texas at Austin say the bags can effectively contain fire and keep it from spreading, but don’t extinguish it.
In a video accompanying the article, an engineering professor at the university’s Fire Research Group even showed a lithium-ion battery fire that continued burning undewater. “You can’t put it out. It’s a fire within the cell. So, you’ve got fuel, oxygen, heat in the cell, all.” (The article also notes a startup called Pure Lithium is working on a new kind of non-flammable battery using lithium metal cells instead of lithium ion).

Guidelines from America’s Federal Aviation Administration require spare lithium-ion batteries be kept with passengers (and not checked) — and prohibits passengers from bringing onboard damaged or recalled batteries and battery-powered devices.
Thanks to long-time Slashdot reader khb for sharing the article.

Read more of this story at Slashdot.