Google is introducing new recovery tools that aim to make it less frustrating to regain access when you're locked out of your account. The Verge: Instead of answering security questions or entering a recovery email address, Google's new security features allow account holders to verify their identity using a linked mobile number, or trusted friends or family members. The Recovery Contacts feature enables users to designate people to confirm their identity in order to regain access to accounts after getting hacked or losing their password or passkey. Google didn't specify how the verification process works, but says the feature provides "a simple and secure way to regain access when standard recovery methods fail." Recovery Contacts is available for eligible personal Google accounts, and can be found under the Security option in the account settings.

Read more of this story at Slashdot.

Alexis Ohanian, who helped build Reddit, says much of the internet has become dominated by bots and AI. Speaking on the podcast TBPN, he described the internet as increasingly "quasi-AI" and filled with what he called "LinkedIn slop." Ohanian referenced dead internet theory, the assertion that bot activity exceeds human activity on the web. In September, Sam Altman, OpenAI's CEO, posted that while he had not taken the theory seriously, he now sees "a lot of LLM-run twitter accounts."

Read more of this story at Slashdot.

The U.S. passport has fallen out of the top 10 most powerful passports globally for the first time in 20 years in the latest edition of the Henley Passport Index, which ranks nations based on the number of destinations a traveler can visit without needing a visa. From a report: The U.S. ranking is on a steep downward trend, with the U.S. passport now in 12th spot, tied with Malaysia, having already fallen from seventh place last year to 10th place in July. A decade ago, the U.S. passport topped the index. Christian H. Kaelin, chairman of Henley & Partners and creator of the index, said in a news release on Tuesday that the declining strength of the U.S. passport signaled a "fundamental shift in global mobility and soft power dynamics." Kaelin added: "Nations that embrace openness and cooperation are surging ahead, while those resting on past privilege are being left behind."

Read more of this story at Slashdot.

The UK should be prepared to cope with weather extremes as a result of at least 2C of global warming by 2050, independent climate advisers have said. BBC: The country was "not yet adapted" to worsening weather extremes already occurring at current levels of warming, "let alone" what was expected to come, the Climate Change Committee (CCC) wrote in a letter addressed to the government. The committee said they would advise that the UK prepare for climate change beyond the long-term temperature goal set out in the Paris Agreement. The letter came as the World Meteorological Organization (WMO) confirmed that 2024 had seen a record rise of carbon dioxide (CO2) in the atmosphere. CO2 is the gas mainly responsible for human-caused climate change and is released when fossil fuels are burnt, as well as other activities.

Read more of this story at Slashdot.

Almost 70% of adults in the US would be deemed to have obesity based on a new definition, research suggests. From a report: The traditional definition of obesity, typically based on having a body mass index (BMI) of 30 or greater, has long been contentious, not least as it does not differentiate between fat and muscle. In an effort to tackle the issue, in January medical experts from around the world called for a new definition to be adopted. This would encompass people either with a BMI greater than 40; or those with a high BMI and at least one raised figure for measures such as waist circumference, waist-to-hip ratio, or waist-to-height ratio; or those with two such raised figures regardless of BMI; or those with direct measures of excess body fat based on scans. In addition, they said obesity should be split into two categories: clinical obesity -- where there are signs of illness -- and pre-clinical obesity, where there are not. Now research suggests the revamped definition could result in a dramatic rise in the prevalence of obesity among adults in the US.

Read more of this story at Slashdot.

Math teachers across American schools are contending with a classroom disruption that has proven impossible to contain. The numbers six and seven now trigger instant pandemonium among students. They scream the phrase and perform a palms-up seesaw hand gesture whenever the numbers appear in equations or instructions. Teachers have begun avoiding breaking students into groups of six or seven or asking them to turn to page 67. The meme has no meaning, reports WSJ. That absence of meaning is the point. The phenomenon traces back to late last year when Philadelphia rapper Skrilla released "Doot Doot (6 7)," a song referencing 67th street where his friends grew up. The phrase spiraled into youth culture in March through a viral video of a boy with forward-swept hair lurching toward a camera to deliver an animated "six seven." Skrilla is now touring venues where audiences wait for the six-seven line. Some teachers have attempted to neutralize the meme by saying it themselves.

Read more of this story at Slashdot.

Apple is releasing its new 14-inch MacBook Pro with the M5 chip in European markets without a charger. Customers in the U.S., Ireland, Germany, Italy, France, Spain, the Netherlands, Norway, and other European countries must supply their own power adapter. Buyers in the U.S. and other regions will receive Apple's 70-watt USB-C adapter. Apple attributed the decision to environmental goals as the European Union implements regulations on electronic waste. A USB-C to MagSafe 3 cable remains included. The adapter costs 59 pounds in the United Kingdom.

Read more of this story at Slashdot.

An anonymous reader shares a report: On Wednesday, Pew Research Center published a survey assessing how parents in the US with children under 12 manage their kids' screen time, which revealed that 61% of respondents overall reported their child ever uses or interacts with smartphones -- including 38% of those with children under 2 years old. Much of this smartphone screen time is likely made up by parents streaming kid-friendly cartoons for their little ones to watch on the go: the study also found that YouTube use among children under 2 has risen sharply from 45% to 62% over the last five years. But it appears that most American toddlers only need to wait a few years before they can get devices of their very own. The same survey showed that almost one in four US parents overall allow their children aged 12 and under to have their own smartphones, and this ballooned to nearly 60% when just looking at kids aged 11-12 years old.

Read more of this story at Slashdot.

The Japanese government has made a formal request asking OpenAI to refrain from copyright infringement. The request came after Sora 2 began generating videos featuring copyrighted characters from anime and video games. Minoru Kiuchi spoke at the Cabinet Office press conference on Friday and described manga and anime as "irreplaceable treasures" that Japan boasts to the world. The request was made online by the Cabinet Office's Intellectual Property Strategy Headquarters. Sora 2, which launched recently, generates twenty-second videos at 1080p resolution. Social media is getting filled with videos showing characters from One Piece, Demon Slayer, Pokemon and Mario. Digital Minister Masaaki Taira expressed hopes that OpenAI would comply voluntarily. He indicated that measures under Japan's AI Promotion Act may be invoked if the issue remains unresolved.

Read more of this story at Slashdot.

Apple will increase investment in China, the company's CEO Tim Cook said during a meeting with the country's industry minister in Beijing on Wednesday, according to an official summary of their exchange. From a report: Many U.S. companies have become cautious about relations with China as the world's two biggest economies have clashed over trade tariffs and as U.S. President Donald Trump seeks to promote manufacture in the United States rather than elsewhere. But Cook told China's industry minister Li Lecheng the iPhone maker will keep investing in China, the Chinese ministry said, although the summary gave no details of the size of the projected investment.

Read more of this story at Slashdot.

Apple unveiled a new 14-inch MacBook Pro on Wednesday that features the company's M5 chip and represents what Apple describes as the next major advancement in AI performance for its Mac lineup. The laptop delivers up to 3.5 times faster AI performance than the M4 chip and up to six times faster performance than the M1 chip through a redesigned 10-core GPU architecture that incorporates a Neural Accelerator in each core. The improvements extend beyond AI processing to include graphics performance that runs up to 1.6 times faster than the previous generation and battery life that reaches up to 24 hours on a single charge. Apple also integrated faster storage technology that performs up to twice as fast as the prior generation and allows configurations up to 4TB. The 10-core CPU delivers up to 20% faster multithreaded performance compared to the M4. The laptop runs macOS Tahoe and includes a Liquid Retina XDR display available in a nano-texture option, a 12MP Center Stage camera, and a six-speaker sound system. The 14-inch MacBook Pro is available for pre-order starting Wednesday in space black and silver finishes and begins shipping October 22. The base model costs $1,599.

Read more of this story at Slashdot.

Several leading news organizations with access to Pentagon briefings have formally said they will not agree to a new defense department policy that requires them to pledge they will not obtain unauthorized material and restricts access to certain areas unless accompanied by an official. The Guardian: The policy, presented last month by the defense secretary, Pete Hegseth, has been widely criticized by media organizations asked to sign the pledge by Tuesday at 5pm or have 24 hours to turn in their press credentials. The move follows a shake-up in February in which long-credentialed media outlets were required to vacate assigned workspaces which was cast as an "annual media rotation program." A similar plan was presented at the White House where some briefing room spots were given to podcasters and other representatives of non-traditional media. On Monday, the Washington Post joined the New York Times, CNN, the Atlantic, the Guardian, Reuters, the Associated Press, NPR, HuffPost and trade publication Breaking Defense in saying it would not sign on to the agreement.

Read more of this story at Slashdot.

The Free Software Foundation (FSF) has launched the LibrePhone Project, an initiative to create a fully free and open-source mobile operating system that eliminates proprietary firmware and binary blobs. From the FSF: "Librephone is a new initiative by the FSF with the goal of bringing full freedom to the mobile computing environment. The vast majority of software users around the world use a mobile phone as their primary computing device. After forty years of advocacy for computing freedom, the FSF will now work to bring the right to study, change, share, and modify the programs users depend on in their daily lives to mobile phones. ... Practically, Librephone aims to close the last gaps between existing distributions of the Android operating system and software freedom. The FSF has hired experienced developer Rob Savoye (DejaGNU, Gnash, OpenStreetMap, and more) to lead the technical project. He is currently investigating the state of device firmware and binary blobs in other mobile phone freedom projects, prioritizing the free software work done by the not entirely free software mobile phone operating system LineageOS." The project site can be found here.

Read more of this story at Slashdot.

A new study shows that common baker's yeast (Saccharomyces cerevisiae) can survive Mars-like conditions, including meteorite shock waves and toxic perchlorate salts found in Martian soil. Phys.org reports: Published in PNAS Nexus, Purusharth I. Rajyaguru and colleagues subjected Saccharomyces cerevisiae, which is a widely used model yeast, to shock waves and perchlorates. The authors chose the yeast in part because it has already been studied in space. When stressed, yeast, humans, and many other organisms form ribonucleoprotein (RNP) condensates, structures made of RNA and proteins that protect RNA and affect the fates of mRNAs. When the stressor passes, the RNP condensates, which include subtypes known as stress granules and P-bodies, disassemble. The authors simulated Martian shock waves at the High-Intensity Shock Tube for Astrochemistry (HISTA) housed in the Physical Research Laboratory in Ahmedabad, India. Yeast exposed to 5.6 Mach intensity shock waves survived with slowed growth, as did yeast subjected to 100 mM sodium salt of perchlorate (NaClO4) -- a concentration similar to that in Martian soils. Yeast cells also survived exposure to the combined stress of shock waves and perchlorate stress. In both cases, the yeast assembled RNP condensates. Shock waves induced the assembly of stress granules and P-bodies; perchlorate caused yeast to make P-bodies but not stress granules. Mutants incapable of assembling RNP condensates were poor at surviving the Martian stress condition. Transcriptome analysis identified specific RNA transcripts perturbed by Mars-like conditions.

Read more of this story at Slashdot.

Dear Third-Party API Support,

You're probably wondering how and why your authorization server has been getting hammered every single day for more than 4 years. It was me. It was us—the company I work for, I mean. Let me explain.

I’m an Anonymous developer at Initech. We have this one mission-critical system which was placed in production by the developer who created it, and then abandoned. Due to its instability, it received frequent patches, but no developer ever claimed ownership. No one ever took on the task of fixing its numerous underlying design flaws.

About 6 months ago, I was put in charge of this thing and told to fix it. There was no way I could do it on my own; I begged management for help and got 2 more developers on board. After we'd released our first major rewrite and fix, there were still a few lingering issues that seemed unrelated to our code. So I began investigating the cause.

This system has 10+ microservices which are connected like meatballs buried deep within a bowl of spaghetti that completely obscures what those meatballs are even doing. Untangling this code has been a chore in and of itself. Within the 3 microservices dedicated to automated tasks, I found a lot of random functionality ... and then I found this!

See, our system extracts data from your API. It takes the refresh token, requests a new access token, and saves it to our database. Our refresh token to this system is only valid for 24 hours; as soon as we get access, we download the data. Before we download the data, we ensure we have a valid access token by refreshing it.

One of our microservice's pointless jobs was to refresh the access token every 5, 15, and 30 minutes for 22 of the 24 hours we had access to it. It was on a job timer, so it just kept going. Every single consent for that day kept getting refreshed, over and over.

Your auditing tools must not have revealed us as the culprit, otherwise we should've heard about this much sooner. You've probably wasted countless hours of your lives sifting through log files with a legion of angry managers breathing down your necks. I’m writing to let you know we killed the thing. You won’t get spammed again on our watch. May this bring you some closure.

Sincerely,

A Developer Who Still Cares

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

An anonymous reader quotes a report from 404 Media: On Monday, a publicly-sourced archive of more than 10,000 national park signs and monument placards went public as part of a massive volunteer project to save historical and educational placards from around the country that risk removal by the Trump administration. Visitors to national parks and other public monuments at more than 300 sites across the U.S. took photos of signs and submitted them to the archive to be saved in case they're ever removed in the wake of the Trump administration's rewriting of park history. The full archive is available here, with submissions from July to the end of September. The signs people have captured include historical photos from Alcatraz, stories from the African American Civil War Memorial, photos and accounts from the Brown v. Board of Education National History Park, and hundreds more sites. "I'm so excited to share this collaborative photo collection with the public. As librarians, our goal is to preserve the knowledge and stories told in these signs. We want to put the signs back in the people's hands," Jenny McBurney, Government Publications Librarian at the University of Minnesota and one of the co-founders of the Save Our Signs project, said in a press release. "We are so grateful for all the people who have contributed their time and energy to this project. The outpouring of support has been so heartening. We hope the launch of this archive is a way for people to see all their work come together."

Read more of this story at Slashdot.

The U.S. Department of Justice seized about $15 billion in bitcoin from wallets tied to Chen Zhi, founder of Cambodia's Prince Holding Group, who is accused of running one of the world's biggest "pig butchering" scams. Prosecutors say Zhi's network trafficked people into forced-labor scam compounds that defrauded victims worldwide through fake crypto investment schemes. CNBC reports: The seizure is the largest forfeiture action by the DOJ in history. An indictment charging the alleged pig butcher, Chen Zhi, was unsealed Tuesday in federal court in Brooklyn, New York. Zhi, who is also known as "Vincent," remains at large, according to the U.S. Attorney's Office for the Eastern District of New York. He was identified in court filings as the founder and chairman of Prince Holding Group, a multinational business conglomerate based in Cambodia, which prosecutors said grew "in secret .... into one of Asia's largest transnational criminal organizations. [...] The scams duped people contacted via social media and messaging applications online into transferring cryptocurrency into accounts controlled by the scheme with false promises that the crypto would be invested and produce profits, according to the office. "In reality, the funds were stolen from the victims and laundered for the benefit of the perpetrators," the release said. "The scam perpetrators often built relationships with their victims over time, earning their trust before stealing their funds." Prosecutors said that hundreds of people were trafficked and forced to work in the scam compounds, "often under the threat of violence." Zhi and a network of top executives in the Prince Group are accused of using political influence in multiple countries to protect their criminal enterprise and paid bribes to public officials to avoid actions by law enforcement authorities targeting the scheme, according to prosecutors.

Read more of this story at Slashdot.

Roughly 200,000 Linux-based Framework laptops shipped with a signed UEFI shell command (mm) that can be abused to bypass Secure Boot protections -- allowing attackers to load persistent bootkits like BlackLotus or HybridPetya. Framework has begun patching affected models, though some fixes and DBX updates are still pending. BleepingComputer reports: According to firmware security company Eclypsium, the problem stems from including a 'memory modify' (mm) command in legitimately signed UEFI shells that Framework shipped with its systems. The command provides direct read/write access to system memory and is intended for low-level diagnostics and firmware debugging. However, it can also be leveraged to break the Secure Boot trust chain by targeting the gSecurity2 variable, a critical component in the process of verifying the signatures of UEFI modules. The mm command can be abused to overwrite gSecurity2 with NULL, effectively disabling signature verification. "This command writes zeros to the memory location containing the security handler pointer, effectively disabling signature verification for all subsequent module loads." The researchers also note that the attack can be automated via startup scripts to persist across reboots.

Read more of this story at Slashdot.

BrianFagioli shares a report from NERDS.xyz: NordVPN has open sourced its Linux GUI on GitHub, giving the community full access to the code behind its graphical client. The move follows a 70 percent surge in daily active Linux users since the GUI's debut earlier this year, showing clear demand for a user friendly VPN experience on the platform. Alongside the previously open sourced command line tool, the GUI codebase is now available for anyone to audit, modify, and contribute to. While NordVPN's core backend infrastructure remains proprietary, the company says the open source release reflects its commitment to transparency and collaboration with the Linux community. The GUI can also now be installed with a single command using Snap, simplifying setup and ensuring automatic updates across distributions.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Associated Press: Google announced on Tuesday that it will invest $15 billion in India over the next five years to establish its first artificial intelligence hub in the country. Located in the southern city of Visakhapatnam, the hub will be one of Google's largest globally. It will feature gigawatt-scale data center operations, extensive energy infrastructure and an expanded fiber-optic network, the company said in a statement. The investment underscores Google's growing reliance on India as a key technology and talent base in the global race for AI dominance. For India, it brings in high-value infrastructure and foreign investment at a scale that can accelerate its digital transformation ambitions. Google said its AI hub investment will include construction of a new international subsea gateway that would connect to the company's more than 2 million miles (3.2 million kilometers) of existing terrestrial and subsea cables. "The initiative creates substantial economic and societal opportunities for both India and the United States, while pioneering a generational shift in AI capability," the company's statement said.

Read more of this story at Slashdot.