‘My Printer Is Extorting Me’, Complains Subscriber to HP’s ‘Instant Ink’ Program

A writer for the Atlantic complains that their HP printer is shaking them down like a loan shark.
I discovered an error message on my computer indicating that my HP OfficeJet Pro had been remotely disabled by the company. When I logged on to HP’s website, I learned why: The credit card I had used to sign up for HP’s Instant Ink cartridge-refill program had expired, and the company had effectively bricked my device in response….

Instant Ink is a monthly subscription program that purports to monitor one’s printer usage and ink levels and automatically send new cartridges when they run low. The name is misleading, because the monthly fee is not for the ink itself but for the number of pages printed. (The recommended household plan is $5.99 a month for 100 pages). Like others, I signed up in haste during the printer-setup process, only slightly aware of what I was purchasing. Getting ink delivered when I need it sounded convenient enough to me….

The monthly fee is incurred whether you print or not, and the ink cartridges occupy some liminal ownership space. You possess them, but you are, in essence, renting both them and your machine while you’re enrolled in the program…. Here was a piece of technology that I had paid more than $200 for, stocked with full ink cartridges. My printer, gently used, was sitting on my desk in perfect working order but rendered useless by Hewlett-Packard, a tech corporation with a $28 billion market cap at the time of writing, because I had failed to make a monthly payment for a service intended to deliver new printer cartridges that I did not yet need….

There are tales of woe across HP’s customer-support site, in Reddit threads, and on Twitter. A pending class-action lawsuit in California alleges that the Instant Ink program has “significant catches” and does not deliver new cartridges on time or allow those enrolled to use cartridges purchased outside the subscription service, rendering the consumer frequently unable to print. Parker Truax, a spokesperson for HP, told me, “Instant Ink cartridges will continue working until the end of the current billing cycle in which [a customer cancels]. To continue printing after they discontinue their Instant Ink subscription and their billing cycle ends, they can purchase and use HP original Standard or XL cartridges.”
“Nobody told me that if I canceled, then all those cartridges would stop working,” complains another owner of an HP printer cited in the article. “I guess this is our future, where your printer ink spies on you.”

But the article ultimately concludes that the printer’s shakedown is “just one example of how digital subscriptions have permeated physical tech so thoroughly that they are blurring the lines of ownership. Even if I paid for it, can I really say that I own my printer if HP can flip a switch and make it inert?”

Read more of this story at Slashdot.

Apple Watches and iPhones are Placing Dozens of False Distress Calls About Skiers

Dispatchers for 911 emergency calls “are being inundated with false, automated distress calls from Apple devices owned by skiers who are very much alive,” reports the New York Times:

“Do you have an emergency?” [911 emergency dispatcher] Betts asked. No, the man said, he was skiing — safely, happily, unharmed. Slightly annoyed, he added, “For the last three days, my watch has been dialing 911.”

Winter has brought a decent amount of snowfall to [Colorado]’s ski resorts, and with it an avalanche of false emergency calls. Virtually all of them have been placed by Apple Watches or iPhone 14s under the mistaken impression that their owners have been debilitated in collisions. As of September, these devices have come equipped with technology meant to detect car crashes and alert 911 dispatchers. It is a more sensitive upgrade to software on Apple devices, now several years old, that can detect when a user falls and then dial for help. But the latest innovation appears to send the device into overdrive: It keeps mistaking skiers, and some other fitness enthusiasts, for car-wreck victims.

Lately, emergency call centers in some ski regions have been inundated with inadvertent, automated calls, dozens or more a week. Phone operators often must put other calls, including real emergencies, on hold to clarify whether the latest siren has been prompted by a human at risk or an overzealous device. “My whole day is managing crash notifications,” said Trina Dummer, interim director of Summit County’s emergency services, which received 185 such calls in the week from Jan. 13 to Jan. 22. (In winters past, the typical call volume on a busy day was roughly half that.) Ms. Dummer said that the onslaught was threatening to desensitize dispatchers and divert limited resources from true emergencies.

“Apple needs to put in their own call center if this is a feature they want,” she said.

Apple acknowledged this was occuring in “some specific scenarios,” the Times reports — but a spokesperson also “noted that when a crash is detected, the watch buzzes and sends a loud warning alerting the user that a call is being placed to 911, and it provides 10 seconds in which to cancel the call.”

But the Times points out that “skiers, in helmets and layers of clothing, often do not to detect the warning, so they may not cancel the call or respond to the 911 dispatcher.”

Read more of this story at Slashdot.

‘Legend of Zelda: A Link to the Past’ Reverse-Engineered for Linux, Switch, Mac, and Windows

More than 30 years ago Nintendo released the third game in its Legend of Zelda series — appropriately titled, “A Link to the Past.”

This week Neowin called it “one of the most beloved video games of all time,” reporting that it’s now been reverse-engineered by a GitHub user named Snesrev, “opening up the possibility of Link to the Past on other platforms, like Sega’s 32X or the Sony Playstation.”

This reimplementation of Link to the Past is written in C and contains an astonishing 80,000 lines of code. This version is also content complete, with all the same levels, enemies, and puzzles that fans of the original game will remember.

In its current state, the game requires the PPU and DSP libraries from LakeSNES, a fast SNES emulator with a number of speed optimizations that make the game run faster and smoother than ever before. Breaking from the LakeSNES dependency, which allows for compatibility on modern operating systems, would allow the code to be built for retro hardware. It also offers one of the craziest features I have seen in a long time; the game can run the original machine code alongside the reverse-engineered C implementation. This works by creating a save-state on both versions of the game after every frame of gameplay, comparing their state and proving that the reimplementation works…. Snesrev now works alongside 19 other contributors.

Despite the immense amount of work that went into this project, the result is brilliant. Not only does the game play just like the original, it also includes a number of new features that were not present in the original. For example, the game now supports pixel shaders, which allow for even more stunning visuals. It also supports widescreen aspect-ratios, giving players a wider field of view, making the game even more immersive on modern displays. Another new feature of this reimplementation is the higher quality world map. The new map is much more detailed and gives players a better sense of the world they are exploring….
The amount of time, effort, and talent that went into creating this is simply astonishing.
Thanks to Slashdot reader segaboy81 for sharing the article.

Read more of this story at Slashdot.

Think Twice Before Using Google To Download Software, Researchers Warn

Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous, according to researchers and a pseudorandom collection of queries. Ars Technica reports: “Threat researchers are used to seeing a moderate flow of malvertising via Google Ads,” volunteers at Spamhaus wrote on Thursday. “However, over the past few days, researchers have witnessed a massive spike affecting numerous famous brands, with multiple malware being utilized. This is not “the norm.'”

The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros. Over the past month, Google Ads has become the go-to place for criminals to spread their malicious wares that are disguised as legitimate downloads by impersonating brands such as Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, Tor, and Thunderbird.

On the same day that Spamhaus published its report, researchers from security firm Sentinel One documented an advanced Google malvertising campaign pushing multiple malicious loaders implemented in .NET. Sentinel One has dubbed these loaders MalVirt. At the moment, the MalVirt loaders are being used to distribute malware most commonly known as XLoader, available for both Windows and macOS. XLoader is a successor to malware also known as Formbook. Threat actors use XLoader to steal contacts’ data and other sensitive information from infected devices. The MalVirt loaders use obfuscated virtualization to evade end-point protection and analysis. To disguise real C2 traffic and evade network detections, MalVirt beacons to decoy command and control servers hosted at providers including Azure, Tucows, Choopa, and Namecheap. “Until Google devises new defenses, the decoy domains and other obfuscation techniques remain an effective way to conceal the true control servers used in the rampant MalVirt and other malvertising campaigns,” concludes Ars. “It’s clear at the moment that malvertisers have gained the upper hand over Google’s considerable might.”

Read more of this story at Slashdot.

Dashlane Publishes Its Source Code To GitHub In Transparency Push

Password management company Dashlane has made its mobile app code available on GitHub for public perusal, a first step it says in a broader push to make its platform more transparent. TechCrunch reports: The Dashlane Android app code is available now alongside the iOS incarnation, though it also appears to include the codebase for its Apple Watch and Mac apps even though Dashlane hasn’t specifically announced that. The company said that it eventually plans to make the code for its web extension available on GitHub too. Initially, Dashlane said that it was planning to make its codebase “fully open source,” but in response to a handful of questions posed by TechCrunch, it appears that won’t in fact be the case.

At first, the code will be open for auditing purposes only, but in the future it may start accepting contributions too –” however, there is no suggestion that it will go all-in and allow the public to fork or otherwise re-use the code in their own applications. Dashlane has released the code under a Creative Commons Attribution-NonCommercial 4.0 license, which technically means that users are allowed to copy, share and build upon the codebase so long as it’s for non-commercial purposes. However, the company said that it has stripped out some key elements from its release, effectively hamstringing what third-party developers are able to do with the code. […]

“The main benefit of making this code public is that anyone can audit the code and understand how we build the Dashlane mobile application,” the company wrote. “Customers and the curious can also explore the algorithms and logic behind password management software in general. In addition, business customers, or those who may be interested, can better meet compliance requirements by being able to review our code.” On top of that, the company says that a benefit of releasing its code is to perhaps draw-in technical talent, who can inspect the code prior to an interview and perhaps share some ideas on how things could be improved. Moreover, so-called “white-hat hackers” will now be better equipped to earn bug bounties. “Transparency and trust are part of our company values, and we strive to reflect those values in everything we do,” Dashlane continued. “We hope that being transparent about our code base will increase the trust customers have in our product.”

Read more of this story at Slashdot.

Startups Capture CO2 and Store It In Concrete

A California startup using rocks to soak up carbon dioxide from the air has teamed up with a Canadian company to mineralize the gas in concrete, a technological tie-up that is a first and they say could provide a model for fighting climate change globally. Reuters reports: Heirloom Carbon Technologies delivered about 30 kg (66 lb) of CO2 collected from the air around its San Francisco Bay Area headquarters to neighboring Central Concrete, a Vulcan Materials’ (VMC.N) subsidiary that on Wednesday incorporated the gas into new concrete. That’s equivalent to tailpipe emissions of driving about 75 miles (120 km) in a car. The joint effort was the first time that carbon dioxide absorbed from the atmosphere using such Direct Air Capture (DAC) technology had been secured in concrete, where the CO2 will stay put for centuries, several scientists said.

Heirloom heats crushed limestone to release naturally absorbed CO2, then puts the CO2-starved rock on columns of huge trays, where they act like sponges, soaking up close to half their weight in the gas over three days. The rock is then heated to release the collected ambient carbon dioxide, and the cycle repeats. Canada’s CarbonCure, the concrete technology company, mixes CO2 with concrete ingredients, turning it into a mineral that strengthens the concrete, cutting the need for cement — the part of concrete with the biggest carbon footprint.

Read more of this story at Slashdot.

Pentagon Elects Not To Shoot Down Chinese Spy Balloon Traveling Over Montana

“A Chinese spy balloon is floating over the continental United States,” writes Slashdot reader q4Fry. “As it headed over Montana, ‘civilian flights in the area were halted and U.S. military aircraft, including advanced F-22 fighter jets, were put in the air.'” The Washington Post reports: The balloon’s flight path takes it over “a number of sensitive sites,” the senior [Pentagon] official said, but it appears it does not have the ability collect information that is “over and above” other tools at China’s disposal, like low-orbit satellites. Nevertheless, the Pentagon is taking undisclosed “mitigation steps” to prevent Beijing from gathering additional intelligence.
“We put some things on station in the event that a decision was made to bring this down,” the official said. “So we wanted to make sure we were coordinating with civil authorities to empty out the airspace around that potential area. But even with those protective measures taken, it was the judgment of our military commanders that we didn’t drive the risk down low enough. So we didn’t take the shot.” “The US believes Chinese spy satellites in low Earth orbit are capable of offering similar or better intelligence, limiting the value of whatever Beijing can glean from the high-altitude balloon, which is the size of three buses,” reports CNN, citing a defense official.

“It does not create significant value added over and above what the PRC is likely able to collect through things like satellites in low Earth orbit,” the senior defense official said. Nevertheless, House Speaker Kevin McCarthy called for a briefing of the “Gang of Eight” — the group of lawmakers charged with reviewing the nation’s most sensitive intelligence information.

Read more of this story at Slashdot.