Colorado Approves First-Ever Agricultural Right to Repair Bill

Denver legislators have just passed the first-ever agricultural Right to Repair bill. Today’s landslide 44-16 vote in the House follows a successful vote in the Senate last month. iFixit reports: Once the Agricultural Right to Repair bill passes, manufacturers will be required to share all the parts, embedded software, firmware, tools, and documentation necessary for repair. One critical step remains: a signature by Governor Polis, who has signaled that he supports the legislation.

To support Right to Repair legislation near you, find your state on Repair.org — or, if you’re outside the US, look for your country’s advocacy network here. The summary of HB23-1011 reads: “Starting January 1, 2024, the bill requires a manufacturer to provide parts, embedded software, firmware, tools, or documentation, such as diagnostic, maintenance, or repair manuals, diagrams, or similar information (resources), to independent repair providers and owners of the manufacturer’s agricultural equipment to allow an independent repair provider or owner to conduct diagnostic, maintenance, or repair services on the owner’s agricultural equipment.

The bill folds agricultural equipment into the existing consumer right-to-repair statutes, which statutes provide the following:
– A manufacturer’s failure to comply with the requirement to provide resources is a deceptive trade practice;
– In complying with the requirement to provide resources, a manufacturer need not divulge any trade secrets to independent repair providers and owners; and
– Any new contractual provision or other arrangement that a manufacturer enters into that would remove or limit the manufacturer’s obligation to provide resources to independent repair providers and owners is void and unenforceable; and
– An independent repair provider or owner is not authorized to make modifications to agricultural equipment that permanently deactivate any safety notification system or bring the equipment out of compliance with safety or emissions laws or to engage in any conduct that would evade emissions, copyright, trademark, or patent laws.”

Read more of this story at Slashdot.

Shutting Down Nuclear Power Could Increase Air Pollution, Finds MIT Study

If reactors are retired, polluting energy sources that fill the gap could cause more than 5,000 premature deaths, researchers estimate. The findings appear in the journal Nature Energy. MIT News reports: They lay out a scenario in which every nuclear power plant in the country has shut down, and consider how other sources such as coal, natural gas, and renewable energy would fill the resulting energy needs throughout an entire year. Their analysis reveals that indeed, air pollution would increase, as coal, gas, and oil sources ramp up to compensate for nuclear power’s absence. This in itself may not be surprising, but the team has put numbers to the prediction, estimating that the increase in air pollution would have serious health effects, resulting in an additional 5,200 pollution-related deaths over a single year.

If, however, more renewable energy sources become available to supply the energy grid, as they are expected to by the year 2030, air pollution would be curtailed, though not entirely. The team found that even under this heartier renewable scenario, there is still a slight increase in air pollution in some parts of the country, resulting in a total of 260 pollution-related deaths over one year. When they looked at the populations directly affected by the increased pollution, they found that Black or African American communities — a disproportionate number of whom live near fossil-fuel plants — experienced the greatest exposure. “They also calculated that more people are also likely to die prematurely due to climate impacts from the increase in carbon dioxide emissions, as the grid compensates for nuclear power’s absence,” adds the report. “The climate-related effects from this additional influx of carbon dioxide could lead to 160,000 additional deaths over the next century.”

Lead author Lyssa Freese, a graduate student in MIT’s Department of Earth, Atmospheric and Planetary Sciences (EAPS), said: “We need to be thoughtful about how we’re retiring nuclear power plants if we are trying to think about them as part of an energy system. Shutting down something that doesn’t have direct emissions itself can still lead to increases in emissions, because the grid system will respond.”

Read more of this story at Slashdot.

How Much To Infect Android Phones Via Google Play Store? How About $20K

If you want to sneak malware onto people’s Android devices via the official Google Play store, it may cost you about $20,000 to do so, Kaspersky suggests. The Register reports: This comes after the Russian infosec outfit studied nine dark-web markets between 2019 and 2023, and found a slew of code and services for sale to infect and hijack the phones and tablets of Google Play users. Before cybercriminals can share their malicious apps from Google’s official store, they’ll need a Play developer account, and Kaspersky says those sell for between $60 and $200 each. Once someone’s bought one of these accounts, they’ll be encouraged use something called a loader.

Uploading straight-up spyware to the Play store for people to download and install may attract Google’s attention, and cause the app and developer account to be thrown out. A loader will attempt to avoid that: it’s software a criminal can hide in their otherwise innocent legit-looking app, installed from the official store, and at some convenient point, the loader will fetch and apply an update for the app that contains malicious code that does stuff like steal data or commit fraud. That update may ask for extra permissions to access the victim’s files, and may need to be pulled from an unofficial store with the victim’s blessing; it depends on the set up. The app may refuse to work as normal until the loader is allowed to do its thing, convincing marks into opening up their devices to crooks. These tools are more pricey, ranging from $2,000 to $20,000, depending on the complexity and capabilities required.

Would-be crims who don’t want to pay thousands for a loader can pay substantially less — between $50 and $100 — for a binding service, which hides a malicious APK file in a legitimate application. However, these have lower successful install rates compared to loaders, so even in the criminal underground you get what you pay for. Some other illicit services offered for sale on these forums include virtual private servers ($300), which allow attackers to redirect traffic or control infected devices, and web injectors ($25 to $80) that look out for victims’ visiting selected websites on their infected devices and replacing those pages with malicious ones that steal login info or similar. Criminals can pay for obfuscation of their malware, and they may even get a better price if they buy a package deal. “One of the sellers offers obfuscation of 50 files for $440, while the cost of processing only one file by the same provider is about $30,” Team Kaspersky says. Additionally, to increase the number of downloads to a malicious app, thus making it more attractive to other mobile users, attackers can buy installs for 10 cents to $1 apiece. Kaspersky’s report can be found here.

Read more of this story at Slashdot.

The Biggest EV Battery Recycling Plant In the US Is Open For Business

Ascend Elements opened a recycling plant in Covington, Georgia in late March that it says is the largest electric-vehicle battery recycling facility in North America. “It can process 30,000 metric tons of input each year, breaking down old batteries and prepping the most valuable materials inside to be processed and turned into new batteries,” reports Canary Media. “That capacity equates to breaking down the battery packs from 70,000 electric vehicles annually, said Ascend CEO Mike O’Kronley.” From the report: Recycling can deliver new battery materials without the expense and environmental impact of new mining. It is extremely hard to develop new mines in the U.S., but the federal government is lavishing funds on new battery recycling plants. The revamped EV tax credits also call for increasing shares of domestically sourced batteries and battery materials. Those market and policy shifts made recycling sufficiently desirable that Ascend is paying other companies for their old batteries. At the moment, those deals are mostly with EV or battery makers that have high volumes to get rid of.

“Paying for these spent batteries keeps them from going into the landfill,” O’Kronley told Canary Media. “It’s better to get paid for it rather than throw them away.” Ascend also accepts used consumer electronics from battery-collection programs, such as Call2Recycle. That’s not to say there are enough old batteries coming in to fill the factory. Currently, 80 to 90 percent of what’s going into Ascend’s Covington facility is scrap materials from battery factories, including SK Battery America’s plant in Commerce, Georgia.

That relationship influenced Ascend’s choice of location: Covington sits in the emerging “Battery Belt,” a swath of new battery factories and electric-vehicle plants opening up across the Midwest and the Carolinas, Georgia, Tennessee and Kentucky (look for all the blue icons in this White House map of new industrial investments). Fellow battery-recycling startup Redwood Materials also chose South Carolina for a forthcoming $3.5 billion recycling facility. “There will need to be a recycling plant within about an hour’s drive of every single one of those [new battery gigafactories],” O’Kronley said. “You don’t want to be [long-distance] shipping these very large, heavy EV batteries that are classified as Class 9 hazardous materials.” The report notes that the company’s second commercial-scale facility in Hopkinsville, Kentucky will “introduce a brand-new technique for efficiently extracting cathode materials from black mass, which Ascend has dubbed ‘hydro to cathode.'”

Read more of this story at Slashdot.

FTC Orders Supplement Maker To Pay $600K In First Case Involving Hijacked Amazon Reviews

The U.S. Federal Trade Commission has approved a final consent order in its first-ever enforcement action over a case involving “review hijacking,” or when a marketer steals consumer reviews of another product to boost the sales of its own. TechCrunch reports: In this case, the FTC has ordered supplements retailer The Bountiful Company, the maker of Nature’s Bounty vitamins and other brands, to pay $600,000 for deceiving customers on Amazon where it used a feature to merge the reviews of different products to make some appear to have better ratings and reviews than they otherwise would have had if marketed under their own listings. The case exposes how sellers have been exploiting an Amazon feature that allows sellers to request the creation of “variation” relationships between different products and SKUs. The feature is meant to help marketers and consumers alike as it creates a single detail page on Amazon.com that shows similar products that are different only in narrow, specific ways, the FTC explains — like items that come in a different color, size, quantity or flavor. For instance, a t-shirt may have a dozen SKUs associated with one another because the shirt comes in a wide variety of colors.

For shoppers, it’s helpful to see all the options on one page so you can pick the item that best matches your needs and budget. In the case of supplements, the feature could be used to combine the same products by merging various SKUs featuring different quantities of the item in question, like bottles with 50, 100 or 200 pills, for example. However, The Bountiful Company exploited Amazon’s feature to merge its newer products with older, well-established products which had different formulations, the FTC said. The FTC cited and screenshotted more than a dozen examples from 2020 and 2021 in its original complaint (PDF) against the vitamin and supplement maker, which in 2021 sold its core brands — including Nature’s Bounty and Sundown — to Nestle. As a result of these product merges, consumers who happened across any of the newer products would believe them to be better received than they were in reality, as they were benefiting from the merged ratings and reviews of other, differentiated items.

“Boosting your products by hijacking another product’s ratings or reviews is a relatively new tactic, but is still plain old false advertising,” Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, said this February when the consent order was first announced ahead of its public comment period and finalized version. With today’s decision, Bountiful will have to pay the Commission $600,000 as monetary relief for consumers. It’s also prohibited from making similar types of misrepresentations and barred from using “deceptive review tactics that distort what consumers think about its products or services,” the FTC said in a unanimous 4-0 decision.

Read more of this story at Slashdot.

After Low-Speed Bus Crash, Cruise Recalled Software for Its Self-Driving Taxis in March

San Francisco autonomous vehicle company Cruise recalled and updated the software of its fleet of 300 cars, reports the San Francisco Chronicle, ” after a Cruise taxi rear-ended a local bus “when the car’s software got confused by the articulated vehicle, according to a federal safety report and the company.”
The voluntary report notes that Cruise updated its software on March 25th.

Since last month’s low-speed crash, which resulted in no injuries, Cruise CEO Kyle Vogt said the company chose to conduct a voluntary recall, and the software update assured such a rare incident “would not recur….” As for the March bus collision, Vogt said the software fix was uploaded to Cruise’s entire fleet of 300 cars within two days. He said the company’s probe found the crash scenario “exceptionally rare” with no other similar collisions.

“Although we determined that the issue was rare, we felt the performance of this version of software in this situation was not good enough,” Vogt wrote in a blog post. “We took the proactive step of notifying NHTSA that we would be filing a voluntary recall of previous versions of our software that were impacted by the issue.” The CEO said such voluntary recalls will probably become “commonplace.”

“We believe this is one of the great benefits of autonomous vehicles compared to human drivers; our entire fleet of AVs is able to rapidly improve, and we are able to carefully monitor that progress over time,” he said.

The Cruise car was traveling about 10 miles per hour, and the collision caused only minor damage to its front fender, Vogt’s blog post explained. San Francisco’s buses have front and back coaches connected by articulated rubber, and when the Cruise taxi lost sight of the front half, it made the assumption that it was still moving (rather than recognizing that the back coach had stopped). Or, as Cruise told the National Highway Traffic Safety Administration, their vehicle “”inaccurately predicted the movement” of the bus.

It was not the first San Francisco incident involving Cruise since June, when it became the first company in a major city to win the right to taxi passengers in driverless vehicles — in this case Chevrolet Bolts. The city’s Municipal Transportation Agency and County Transportation Authority recorded at least 92 incidents from May to December 2022 in which autonomous ride-hailing vehicles caused problems on city streets, disrupting traffic, Muni transit and emergency responders, according to letters sent to the California Public Utilities Commission….

Just two days before the Cruise crash in March, the company had more problems with Muni during one of San Francisco’s intense spring storms. A falling tree brought down a Muni line near Clay and Jones streets on March 21, and a witness reported on social media that two Cruise cars drove through caution tape into the downed wire. A company representative said neither car had passengers and teams were immediately dispatched to remove the vehicles.

On Jan. 22, a driverless Cruise car entered an active firefighting scene and nearly ran over hoses. Fire crews broke a car window to try to stop it.

Read more of this story at Slashdot.

Rust Foundation Solicits Feedback on Updated Policy for Trademarks

“Rust” and “Cargo” are registered trademarks held by the Rust Foundation — the independent non-profit supporting Rust’s maintainers. In August 1,000 people responded to the foundation’s Trademark Policy Review Survey, after which the foundation invited any interested individuals to join their Trademark Policy Working Group (which also included Rust Project leaders). They’ve now created a draft of an updated policy for feedback…

Crate, RS, “Rustacean,” and the logo of Ferris the crab are all available for use by anyone consistent with their definition, with no special permission required. Here’s how the document’s quick reference describes other common use-cases:
Selling Goods — Unless explicitly approved, use of the Rust name or Logo is not allowed for the purposes of selling products/promotional goods for gain/profit, or for registering domain names. For example, it is not permitted to sell stickers of the Rust logo in an online shop for your personal profit.
Showing Support of Rust — When showing your support of the Rust Project on a personal site or blog, you may use the Rust name or Logo, as long as you abide by all the requirements listed in the Policy. You may use the Rust name or Logo in social media handles, avatars, and emojis to demonstrate Rust Project support in a manner that is decorative, so long as you don’t suggest commercial Rust affiliation.
Inclusion of the Marks in Educational Materials — You may use the Rust name in book and article titles and the Logo in graphic components, so long as you make it clear that the Rust Project or Foundation has not reviewed/approved/endorsed your content.
There’s also a FAQ, answering questions like “Can I use the Rust logo as my Twitter Avatar?” The updated policy draft says “We consider social media avatars on personal accounts to be fair use. On the other hand, using Rust trademarks in corporate social media bios/profile pictures is prohibited…. In general, we prohibit the modification of the Rust logo for any purpose, except to scale it. This includes distortion, transparency, color-changes affiliated with for-profit brands or political ideologies. On the other hand, if you would like to change the colors of the Rust logo to communicate allegiance with a community movement, we simply ask that you run the proposed logo change by us…”

And for swag at events using the Rust logo, “Merch developed for freebies/giveaways is normally fine, however you need approval to use the Rust Word and/or Logo to run a for-profit event. You are free to use Ferris the crab without permission… If your event is for-profit, you will need approval to use the Rust name or Logo. If you are simply covering costs and the event is non-profit, you may use the Rust name or Logo as long as it is clear that the event is not endorsed by the Rust Foundation. You are free to use Ferris the crab without permission.”

Read more of this story at Slashdot.

Fully Recyclable Printed Electronics Produced Using Water Instead of Toxic Chemicals

Duke University announces their engineers “have produced the world’s first fully recyclable printed electronics that replace the use of chemicals with water in the fabrication process” — bypassing the need for hazardous chemicals.
Electrical/computer engineering professor Aaron Franklin led the study, according to Duke’s announcement:

In previous work, Franklin and his group demonstrated the first fully recyclable printed electronics. The devices used three carbon-based inks: semiconducting carbon nanotubes, conductive graphene and insulating nanocellulose. In trying to adapt the original process to only use water, the carbon nanotubes presented the largest challenge…. In the paper, Franklin and his group develop a cyclical process in which the device is rinsed with water, dried in relatively low heat and printed on again. When the amount of surfactant used in the ink is also tuned down, the researchers show that their inks and processes can create fully functional, fully recyclable, fully water-based transistors….

Franklin explains that, by demonstrating a transistor first, he hopes to signal to the rest of the field that there is a viable path toward making some electronics manufacturing processes much more environmentally friendly. Franklin has already proven that nearly 100% of the carbon nanotubes and graphene used in printing can be recovered and reused in the same process, losing very little of the substances or their performance viability. Because nanocellulose is made from wood, it can simply be recycled or biodegraded like paper. And while the process does use a lot of water, it’s not nearly as much as what is required to deal with the toxic chemicals used in traditional fabrication methods.

According to a United Nations estimate, less than a quarter of the millions of pounds of electronics thrown away each year is recycled. And the problem is only going to get worse as the world eventually upgrades to 6G devices and the Internet of Things (IoT) continues to expand. So any dent that could be made in this growing mountain of electronic trash is important to pursue. While more work needs to be done, Franklin says the approach could be used in the manufacturing of other electronic components like the screens and displays that are now ubiquitous to society. Every electronic display has a backplane of thin-film transistors similar to what is demonstrated in the paper. The current fabrication technology is high-energy and relies on hazardous chemicals as well as toxic gasses. The entire industry has been flagged for immediate attention by the US Environmental Protection Agency.

“The performance of our thin-film transistors doesn’t match the best currently being manufactured, but they’re competitive enough to show the research community that we should all be doing more work to make these processes more environmentally friendly,” Franklin said.

Read more of this story at Slashdot.

Walmart US CEO Says Automation At Stores Won’t Displace Workers

An anonymous reader quotes a report from Insider: Walmart will be increasingly relying on automation at its stores in the coming years — but that won’t diminish the country’s largest private employer’s workforce, company leaders said during an investor event this week. The Bentonville, Arkansas-based retail giant recently made headlines when it announced that 65% of its stores will be “serviced by automation” by the end of fiscal year 2026. Walmart currently has more than 4,700 stores throughout the US and employs roughly 1.6 million people nationwide.

More specifically, one area where Walmart is seeking to increase investment is in market fulfillment centers (MFCs), which are automated fulfillment centers built within, or added to, a store. Walmart piloted this concept at a store in Salem, New Jersey, in 2019, using automated robot technology from Alert Innovation — a robotics company Walmart acquired in October 2022. Since then, Walmart has built MFCs at several stores, such as in Jacksonville, Florida, and Dallas, Texas. Those include “manual MFCs,” where associates pick items for online orders but in a separate area from the sales floor.

Walmart will still need at least the same level of workers to help in stores even as automation picks up, company leaders say. John Furner, Walmart US president and CEO, told investors this week that automation “helps” employees, as it will result in less manual labor. “Over time, we believe we’ll have the same or more associates and a larger business overall,” Furner said. “There will be new roles emerging that are less manual, better designed to serve customers, and pay more.”

Read more of this story at Slashdot.

Crooks Are Using CAN Injection Attacks To Steal Cars

“Thieves has discovered new ways to steal cars by pulling off smart devices (like smart headlights) to get at and attack via the Controller Area Network (CAN) bus,” writes longtime Slashdot reader KindMind. The Register reports: A Controller Area Network (CAN) bus is present in nearly all modern cars, and is used by microcontrollers and other devices to talk to each other within the vehicle and carry out the work they are supposed to do. In a CAN injection attack, thieves access the network, and introduce bogus messages as if it were from the car’s smart key receiver. These messages effectively cause the security system to unlock the vehicle and disable the engine immobilizer, allowing it to be stolen. To gain this network access, the crooks can, for instance, break open a headlamp and use its connection to the bus to send messages. From that point, they can simply manipulate other devices to steal the vehicle.

“In most cars on the road today, these internal messages aren’t protected: the receivers simply trust them,” [Ken Tindell, CTO of Canis Automotive Labs] detailed in a technical write-up this week. The discovery followed an investigation by Ian Tabor, a cybersecurity researcher and automotive engineering consultant working for EDAG Engineering Group. It was driven by the theft of Tabor’s RAV4. Leading up to the crime, Tabor noticed the front bumper and arch rim had been pulled off by someone, and the headlight wiring plug removed. The surrounding area was scuffed with screwdriver markings, which, together with the fact the damage was on the kerbside, seemed to rule out damage caused by a passing vehicle. More vandalism was later done to the car: gashes in the paint work, molding clips removed, and malfunctioning headlamps. A few days later, the Toyota was stolen.

Refusing to take the pilfering lying down, Tabor used his experience to try to figure out how the thieves had done the job. The MyT app from Toyota — which among other things allows you to inspect the data logs of your vehicle — helped out. It provided evidence that Electronic Control Units (ECUs) in the RAV4 had detected malfunctions, logged as Diagnostic Trouble Codes (DTCs), before the theft. According to Tindell, “Ian’s car dropped a lot of DTCs.” Various systems had seemingly failed or suffered faults, including the front cameras and the hybrid engine control system. With some further analysis it became clear the ECUs probably hadn’t failed, but communication between them had been lost or disrupted. The common factor was the CAN bus.

Read more of this story at Slashdot.