Amid fears that technology may be quietly eliminating many basic jobs, late last month several U.S. lawmakers "proposed legislation that would dole out regular stimulus checks — or guaranteed income — through monthly payments of up to $1,200 for adults and $600 for children," according to a local news report from WCCO TV: The program, if the legislation were to pass, would not immediately begin sending out $1,200 checks to most Americans. Instead, it would create a $2.5 billion grant program to fund pilot guaranteed income programs across the country. The programs would be studied from 2023 to 2027 and then the national program would begin in 2028, Minneapolis' WCCO-TV reported. Then the legislation would provide $1,200 per month to people making $75,000 or less per year. The heads of households with an income of up to $112,500 would receive $1,200 under the program. And $600 would be provided for each minor child.
Though it's a long way from becoming law, one of the legislators proposing it says "We need a paradigm shift in how we measure and evaluate our economy. If my district, New York's 16th, was a country, it would have the 8th worst inequality in the world. Our barometers for economic success, as well as our policies, must be centered around meeting basic levels of care and dignity for all of our people."

The bill proposes that a new Office of Guaranteed Income Programs be established in the U.S. Treasury Department to oversee all the payments. Though it seems like this would cost something like a trillion dollars a year...

Workers at an Amazon warehouse in Alabama might hold a second election to decide whether to join a union. But today the New York Times reports Amazon is also facing "a widening campaign to rein in the power it wields over its employees and their workplace conditions." Those efforts include a campaign by the Teamsters that would generally circumvent traditional workplace elections and pressure the company through protests, boycotts and even fights against its expansion efforts at the local level. Legislation in California would force Amazon to reveal its productivity quotas, which unions contend are onerous and put workers at risk... The Teamsters argue that holding union votes at individual work sites is typically futile at a company like Amazon, because labor law allows employers to wage aggressive anti-union campaigns, and because high turnover means union supporters often leave the company before they have a chance to vote.

Instead, the Teamsters favor a combination of tactics like strikes, protests and boycotts that pressure the company to come to the bargaining table and negotiate a contract covering wages, benefits and working conditions. While the union hasn't laid out its tactics in detail, it recently organized walkouts involving drivers and dockworkers at a port in Southern California to protest the drivers' treatment there.

They hope to enlist the help of workers at other companies, sympathetic consumers and even local businesses threatened by a giant like Amazon, partly to mitigate the challenges presented by high employee turnover... The union believes that it can pull a variety of political levers to help put the company on the defensive. Mr. Korgan cited a recent vote by the City Council in Fort Wayne, Ind., denying Amazon a tax abatement after a local Teamsters official spoke out against it, and a vote by the City Council in Arvada, Colo., to reject a more than 100,000-square-foot Amazon delivery station. While the Arvada vote centered on traffic concerns, Teamsters played a role in drumming up opposition...

Other labor groups are pressing ahead with less orthodox efforts to increase the power of Amazon workers. Over the first six months of this year, a group called the Solidarity Fund, which raises money from individual tech workers, distributed over $100,000 in grants to workers seeking to organize their colleagues to push for workplace improvements. About half the money, in $2,500 increments, went to workers at Amazon. It funded a laptop to assist with organizing, as well as hiring a freelance graphic designer to help make pamphlets, among the varied efforts.

Long-time Slashdot reader theodp writes: Just ahead of the new school year, Microsoft and its nonprofit partner Code.org took to Twitter to recruit teens for Microsoft's inaugural MakeCode Insiders Program. Microsoft MakeCode is a code platform that allows kids to write programs for a wide variety of applications even if they have little or no previous coding experience; there's also a College Board-endorsed MakeCode AP CS curriculum, which can earn high school students college credit...

MakeCode Insiders, Microsoft adds, will be recognized for completing key milestones with badges, including MakeCode Influencer ("This badge is earned when a MakeCode Wizard is chosen to represent our product to teens on social media."). MakeCode Influencers, Microsoft explains, "are teens who have graduated from the Insiders program and are selected to represent MakeCode on social media in various forms...

Insider applications are due today, kids!
This is Microsoft's first time running the "Insider" program, and the guidebook promises the larger program's Insiders "will focus on MakeCode Arcade, a coding editor for retro-style video games, offering feedback and ideas that will inform product decision."

Google Chrome will disable JavaScript functions like alert() and confirm() inside cross origin-frames," reports Inside.com's developer newsletter.

"As this is a breaking change, developers are encouraged to update their apps and debugging tools before the update." A Chrome engineering team member said the team is disabling alert() to protect users from being tricked by scammers. Some are complaining this has already affected programming tutorials and Javascript learning sites that sandbox user-provided code in cross-origin frames. For those affected by the changes, Chrome advises the following:

- Get a few months' extension by signing up for the "reverse origin trial" so you can temporarily opt out of the change.

- Check out the enterprise policy.


The move has sparked controversy:

- One Discord engineer criticized the fact such a major breaking change is happening without extensive discussion on the matter.

- Another Twitter user echoed the sentiment of many when he argued the move will just hurt those who can't easily update sites while encouraging attackers to use pseudo alert functionality.
One of Google's Chrome engineers explained on Twitter that "Major browser vendors are generally aligned about wanting to move the platform away from alert() and friends, even though it will unfortunately involve some breakage...

"On breakage in general — breaking changes happen often on the web, and as a developer it's good practice to test against early release channels of major browsers to learn about any compatibility issues upfront."

"Last year, Uber, Lyft, DoorDash and Instacart succeeded in getting Californians to vote in favor of a ballot measure exempting them from classifying drivers and delivery workers as employees," remembers CNN. So after their success with Californian's Proposition 22, "the companies are in the early stages of taking a similar approach in Massachusetts..." The Coalition to Protect Workers' Rights, an alliance that includes labor advocates and community groups, argued this week that the Massachusetts measure would "permanently create a 'second class' status" for the workers... [T]he proposed Massachusetts ballot initiative presents a minimum earnings guarantee of "120 percent of minimum wage" based on "engaged time," meaning the only time counted is when a driver is fulfilling a ride or delivery request but not the time they spend waiting for a gig. (An analysis from UC Berkeley Labor Center had estimated the pay guarantee under Prop 22 for Uber and Lyft drivers would be equivalent to a wage of $5.64 per hour, instead of $15.60 or 120% of a $13 minimum wage, given such loopholes.) Workers would also receive $0.26 reimbursement per engaged mile to cover vehicle upkeep and gas. (The UC Berkeley Labor Center previously pointed out that Prop 22's $0.30 reimbursement is lower than the IRS' estimated $0.58 per mile cost of owning and operating a vehicle.) While the proposal includes a health care contribution from a company for certain qualifying workers, that too is based on "engaged time" and only a small portion of workers would likely qualify, according to the Coalition to Protect Workers' Rights, due to minimum engaged time requirements...

Some workers could also earn paid sick time, paid family and medical leave, and in lieu of worker's compensation, benefits for medical and disability in cases of on-the-job injuries. Workers would have the ability to appeal if their accounts are deactivated, and would receive training on public safety issues. It would also let gig companies avoid contributions to unemployment or Social Security, and deny app-based workers more robust legal protections around discrimination, including when it comes to compensation.
Lyft, Uber and other members of the coalition, want their proposition included on November 2022 ballots, TechCrunch reports. (Though the question still has to pass a legal review and receive enough signatures from voters.)

But a Boston Globe columnist argues the measure isn't just about gig-working conditions. "It's about the future of work in America." If voters side with the tech giants, the labor landscape will be transformed, immuring a giant and growing body of workers in a world with fewer benefits and protections. And where ride-hailing drivers go, nurses, restaurant workers, executive assistants, programmers, and others will surely follow. The tech giants who rule the world are already dreaming of the day when those workers, too, will be classified as mobile, independent contractors, with fewer benefits and less security than employees. "If they get away with this, every industry is going to line up to ask for an exception," said labor attorney Shannon Liss-Riordan, who has battled the gig companies for years. "And before you know it, the entire fabric of workplace protections will be gone..."

Plenty of people are fine with the fact that that means there will always be a bunch of drivers milling around unpaid and unprotected, waiting for us to summon them. But if blue Massachusetts follows liberal California and approves the formal creation of a second-class workforce, the rest of the country will follow, as will other industries. "This is a question of whether we are going to be a society that recognizes the dignity of work," Liss-Riordan said.

"Developers are once again publicly highlighting instances in which Apple has failed to keep scam apps off of the app store," reports Ars Technica: The apps in question charge users unusual fees and siphon revenue from legitimate or higher-quality apps. While Apple has previously come under fire for failing to block apps like these from being published, developers complained this week that Apple was actually actively promoting some of these apps...

Apple continues to play whack-a-mole with these apps, but various developers have both publicly and privately complained that the company takes too long. One developer we exchanged emails with claimed that, when they discovered a scam app that stole assets from their own legitimate app and which was clearly designed to siphon users from the real app, Apple took 10 days to remove the app, while Google only took "1-2 days" on the Android side. The app was allowed back on Apple's App Store once the stolen assets were removed. During the long waiting period, the developer of the legitimate app lost a significant amount of users and revenue, while the developer of the illegitimate app profited.

As Apple fights legal battles to prevent third-party app stores from making their way to iOS on the basis that those alternative app stores may be less secure than Apple's own, claims from developers that scam apps are slipping through may undermine Apple's defense.

Friday a CNN video offered what it calls "an exclusive look into how Space Force is defending America." CNN's Jim Sciutto reported: Inside Mission Control at Buckley Space Force Base in Aurora, Colorado, Space Force Guardians, as they're known, fly the nation's missile warning satellites. Using infrared sensors, these satellites, orbiting 22,000 miles above earth, scour the planet 24/7 for missile launches and nuclear detonations.

Lt. Col. Michael Mariner: "We never stop — always vigilant — and we never fail. Because that's how important this mission is to our nation. We provide decision-quality data to tactical war fighters on the ground, to save their lives."

This satellite dish is in touch with missile-warning satellites deployed in what's known as geosynchronous orbit. If those warning satellites detect a launch anywhere on the surface of the planet, it beams that information back down to this ground station instantaneously, at the speed of light. And then Space Force sends that information, that warning, around the world to U.S. forces deployed aboard or here on the U.S. homeland. In January 2020, these satellites sprang into action, detecting multiple missiles from Iran targetting the Al Asad airbase in Iraq. Before those missiles rained down, within minutes Space Force had delivered a lifesaving warning to units on the ground. Space Force specialist Sally Stevens was on duty. "It is lightning fast."

CNN: "Right. And quick enough to take action to protect themselves."

Stevens: "Absolutely. Especially in the Al Asad night. Not very often do we get reminded of where our end data gets to, and that night was a shocking reality."

Missile-warning satellites are just a fraction of the hundreds of U.S. government and commercial satellites monitored and defended by the Guardians of the Space Force today — defended because U.S. adversaries led by Russia and China have deployed weapons to disable or destroy them. Space Force is now an independent branch of the U.S. military due to this alarming new reality. Space, once relatively peaceful territory, is now considered a potential front in any modern war.

Colonel Matthew Holston: "Space is a war-fighting domain. It's the reason that we set up the United States Space Force as a separate service. So each and every day, we're training our operators to deter conflict, but if deterrence fails, to compete and win in space."

The U.S. has far more satellites than any other nation, some 2,500, compared to 431 for China and 168 for Russia. And a whole range of U.S. military technologies depend on them... The danger for the U.S. is that greater dependence on space equals greater vulnerability to attacks in space.

Lt. Col. Michael Mariner: "When you're at the top, the target's on your back. Everybody's shooting for you."

China is launching kidnapper satellites with grappling arms capable of plucking satellites out of orbit. Russia is deploying kamikaze satellites, capable of ramming and destroying U.S. space assets. And Russia now has a new space weapon that Space Force dubs "the nesting doll."

General John W. Raymond, Space Force Chief of Space Operations: "Back in 2017, Russia launched a satellite, and it opened up and another satellite came out, and then it open up and a projectile came out. That projectile is designed to kill U.S. satellites. So in 2019 they did the same thing, but this time they put it up next to one of our satellites. And then we started talking about it."

CNN: "You warned them away?"

Raymond: "We described what is safe and professional behavior. And it's important. Today there's no rules in space. It's the wild, wild west."

Russia and China also have directed-energy weapons, which can damage or disable U.S. satellites from a distance. The age of lasers in space has already arrived. New satellites are being designed with greater maneuverability, shielding to block directed-energy weapons, and resiliency so that losing one or a few does not disable the entire system. Space Force commanders welcome the private sector's entry into space, since it gives more and cheaper options to get into orbit... Raymond: "I would bet on U.S. industry any day. It's a huge advantage that we have."
A CNN article summarizing the report adds that Ameria's adversaries" have already attempted to use space weapons to temporarily disable US satellites, using lasers and directed-energy weapons to blind or 'dazzle' them."

CNN's report concludes that space war "is not science fiction, but a battle already underway today," adding this quote from Space Force Chief of Space Operations, General John W. Raymond. "We would prefer the domain to remain free of conflict. But like in any other domain — like air, land, sea, and now space — we'll be ready to protect and defend."

While some bitcoin mining operations are now looking to nuclear power, the Associated Press reports, Bill Spence (and his company Stronghold Digital Mining) is creating crypto-mining hubs out of waste coal power plants. (Text-only version here): The plant he had bought was in trouble. It was competing with cheap natural gas on the power grid and losing — endangering the 35 jobs at Scrubgrass Generating Station along with the effort to clean up millions of tons of leaching coal waste left behind by mining companies over the course of decades. The plant couldn't just rely on the grid for revenue anymore, because the grid simply didn't need its power all that often. Mr. Spence started to look for other customers...

Already, some power generators — finding they can make more money supplying electricity to Bitcoin-mining operations than selling it to the grid — are shifting focus. Energy Harbor, which owns the Beaver Valley Nuclear Plant in Beaver County, announced earlier this month that it will supply nuclear power to a Bitcoin-mining data center in Ohio. Talen Energy, owner of the Susquehanna Steam Electric Station in Luzerne County, is doing the same. The company said last month that it will develop a data center to mine digital currency that could use up to 300 megawatts, or 12% of the nuclear plant's capacity. Bitcoin miners, in turn, are hyper cognizant of power prices and availability. Some are taking mobile units into the oil fields, hooking up their machines to run on natural gas, a byproduct of oil product that would otherwise be flared...

Today, Scrubgrass, an 85-megawatt blue box with a black smokestack in the hills of Scrubgrass Township, looks much like it did when it first opened in 1993 — except for the trailers filled with Bitcoin miners in the back... [T]here are about 3,000 cryptocurrency miners packed into retrofitted shipping containers behind the power plant, most of them owned by Stronghold and some that belong to other mining companies that buy power from the plant. Another 5,000 machines are scheduled to arrive next month. According to documents filed with the SEC, Stronghold is planning to operate 57,000 miners by the end of next year. In 2020, when the power plant seldom ran, Stronghold made more money from its Bitcoin operations than by selling Scrubgrass's energy to the grid. During the first three months of this year, the trend reversed. It received almost $2 million from power sales and more than $1 million from its crypto datacenter...

Stronghold is buying another waste coal plant, Panther Creek Energy Facility in Carbon County, with plans to replicate its cryptomining data center there, and is eyeing a third.
The Associated Press notes that the waste-coal plants are powered by those thousands of acres of abandoned (and pollutant-emitting) coal piles left behind by earlier coal-powered plants, finally remediating them into reclaimable land. But with waste coal plants, there's always a trade-off.

"In 2019, the last year with available federal data, Scrubgrass emitted the equivalent of 371,000 tons of CO2 — the greenhouse gas footprint of 80,000 cars driving for a year."

Slashdot reader Thelasko quotes the BBC: A sprawling network of more than 350 fake social media profiles is pushing pro-China narratives and attempting to discredit those seen as opponents of China's government, according to a new study. The aim is to delegitimise the West and boost China's influence and image overseas, the report by the Centre for Information Resilience (CIR) suggests...

Some of the accounts — spread across Twitter, Facebook, Instagram and YouTube — use fake AI-generated profile pictures, while others appear to have been hijacked after previously posting in other languages.

There is no concrete evidence that the network is linked to the Chinese government, but according to the CIR, a non-profit group which works to counter disinformation, it resembles pro-China networks previously taken down by Twitter and Facebook. These networks amplified pro-China narratives similar to those promoted by Chinese state representatives and state media. Much of the content shared by the network focuses on the US, and in particular on divisive issues like gun laws and race politics... Some accounts repeatedly deny human rights abuses in the Xinjiang region, where experts say China has detained at least a million Muslims against their will, calling the allegations "lies fabricated by the United States and the West".

The New York Times reports on what's apparently a new Russia-aligned disinformation campaign to "undermine the effort to immunize people" — and more. (Alternate URL here) Both Russia and China have worked to promote their own vaccines through messaging that undermines American and European vaccination programs, according to the State Department's Global Engagement Center. But in addition to overt messaging promoting their own vaccines, Moscow has also spread conspiracy theories. Last year, the department began warning about how Russia was using fringe websites to promote doubts around vaccinations... The aim of various Russian groups continues to be to exacerbate tensions in Western societies, a key foreign policy goal of Moscow, according to American officials briefed on the disinformation efforts...

In recent weeks, the nature of Russian disinformation has also begun to shift, some officials and outside experts said. Recent postings spreading false information have suggested that the Biden administration is intent on mandating that Americans get vaccines that are failing against the coronavirus. The campaign also comes as President Biden warned President Vladimir V. Putin of Russia last month to rein in ransomware attacks emanating out of Russia and aimed at critical American infrastructure. Though the ransomware attacks are separate from the disinformation campaigns, the warning was the latest effort by United States officials to prod Russia to rein in destructive digital incursions... The Biden administration is actively monitoring Russian misinformation and is trying to counter it by encouraging the public to get vaccinated and promoting the safety and efficacy of Western vaccines, according to an administration official who spoke on condition of anonymity to discuss potentially sensitive information...

Much of the disinformation efforts are posted on websites with little to no moderation... Measuring the impact of the disinformation efforts is difficult, given the deep divisions over vaccinations that already exist in the United States and Europe; exploiting splits among Americans is a typical Russian tactic.

Even on the hard-right discussion forums, some users have fingered the cartoons as being Russian in origin, though the postings have continued.

LTTng has been called "the killer app for system-level debugging and performance tuning." And now long-time Slashdot reader compudj writes: It's the official release of LTTng 2.13 — Nordicité! LTTng is a kernel and user-space tracer for Linux. The most notable features of this release are:

- Event-rule matches condition triggers and new actions, allowing internal actions or external monitoring applications to quickly react when kernel or user-space instrumentation is hit

- Notification payload capture, allowing external monitoring applications to read elements of the instrumentation payload when instrumentation is hit.

- Instrumentation API: vtracef and vtracelog (LTTng-UST)

- User space time namespace context (LTTng-UST and LTTng-modules).

"In 2017, it emerged that Silicon Valley billionaire Peter Thiel had been able to gain New Zealand citizenship six years earlier," reports the Associated Press, "despite never having lived in the country." Thiel was approved after a top lawmaker decided his entrepreneurial skills and philanthropy were valuable to the nation. Thiel didn't even have to leave California for the ceremony — he was granted citizenship during a private ceremony held at the New Zealand Consulate in Santa Monica.
But he's not the only one, Axios reports. "A lot of people who take this drastic step are tech zillionaires: Eric Schmidt, the former Alphabet CEO, has applied to become a citizen of Cyprus..." The number of Americans who renounced their citizenship in favor of a foreign country hit an all-time high in 2020: 6,707, a 237% increase over 2019... The people who flee tend to be ultra-wealthy, and many of them are seeking to reduce their tax burden...

Only the U.S. and Eritrea tax people based on citizenship rather than residency. For most countries, if you are a citizen but don't reside there, you aren't taxed in that country.

The IRS publishes a quarterly list of the names of people who have renounced their citizenship or given up their green cards... But the Wall Street Journal discovered that the lists aren't up to date: A lot of people who were reported to have renounced citizenship in 2020 actually did so years earlier.
Axios also points out that U.K. prime minister Boris Johnson was actually born in America, but only lived there as a small child, and subsequently renounced his U.S. citizenship.

wiredmikey shares a report from SecurityWeek: Researchers have discovered three separate Chinese military affiliated advanced threat groups simultaneously targeting and compromising the same Southeast Asian telcos. The attack groups concerned are Soft Cell, Naikon, and a third group, possibly Emissary Panda (also known as APT27)...

Cybereason released details of a triple-pronged attack by Chinese military-affiliated groups against cellular network providers in southeast Asia. Disturbingly, Yonatan Striem-Amit, CTO and co-founder of Cybereason, told SecurityWeek, "We discovered and have evidence that Chinese advanced groups have been using the Hafnium zero-days since at least 2017." Cellular networks are a prime target for nation states because they provide an excellent steppingstone to many other types of attack and different targets. "At this point," said Striem-Amit, "the attacks seem to be a stepping point for a major espionage campaign. We all carry a device in our pocket that knows where we are, where we have been, and who we are with...."

The surprising feature, apart from their stealthy duration, is that three groups, all associated with the Chinese government and often sharing tactics, techniques and procedures, have attacked the same targets at the same time — and have even been seen on the same endpoints simultaneously. It is consequently unclear whether the groups were separately instructed to target telcos, or whether they were being guided from a single source within the Chinese military... The one thing that is clear is that telcos are a major target for China, and that it has had knowledge of and has used serious Exchange zero-day vulnerabilities for many years.

"The moment you network IoT and hand over control to third parties, you may also give individuals the keys to a digital kingdom — and the ability to cause mischief, or worse," writes ZDNet.

For example, at a hotel where guests control the devices in their room with an iPod Touch... Speaking at Black Hat USA, Las Vegas, security consultant Kya Supa from LEXFO explained how a chain of security weaknesses were combined and exploited to gain control of rooms at a capsule hotel, a budget-friendly type of hotel offering extremely small — and, therefore, cozy — spaces to guests, who are stacked side-by-side... A neighbor, "Bob," kept waking Supa up by making loud phone calls in the early hours of the morning. While Bob had agreed to keep it down, he did not keep his promise — and the researcher set to work since he needed his sleep, especially during his vacation. The first thing Supa did was to explore his room, finding an emergency light installed for safety reasons; a Nasnos automaton center for use in controlling products in case the iPod Touch was lost; an electric motor used to manage the incline of the capsule's bed; and a Nasnos router, hidden in the wall.

If you connected to the router via a smartphone, it was then possible to control other devices on the network, and this was the setup the hotel chose to use... Supa found that two networks were connected — the hotel Wi-Fi and the router. To retrieve the router key, Supa targeted WEP, a protocol that has been known to be weak for years. Access points, each being one of the bedrooms, were found. Supa inspected the traffic and found weak credentials in place — "123" — and you can guess the rest...

By using an Android smartphone, the iPod Touch, and a laptop, the researcher created a Man-in-The-Middle (MiTM) architecture and inspected the network traffic. No encryption was found and he created a simple program to tamper with these connections, allowing the researcher to seize control of his bedroom through his laptop... Now that he could "control every bedroom," and Bob was still there, Supa then tampered with the lights of different bedrooms until he found the right one. He created a script that, every two hours, would change the bed into a sofa and turn the lights on and off. The script was launched at midnight. We can probably assume Bob did not enjoy his stay.

"I hope he will be more respectful in the future," Supa commented.

Long-time Slashdot reader chicksdaddy writes: Sensitive systems and data for the U.S. Department of State could have been exposed by a third party development workstation running the eXide software, according to researchers for the hacking crew Sakura Samurai. According to a report in Forbes, the researchers took advantage of a new State Department Vulnerability Disclosure Program to look for security flaws in one of 8 wild-carded State Department domains included in the program. Using automated tools to do reconnaissance on one of the subdomains the State Department had included in its VDP, researcher Jackson Henry discovered a vulnerable workstation running the open source, web based eXide IDE. It was linked to a third party doing work for the State Department and contained a number of serious security holes including Cross Site Scripting (XSS), Remote File Inclusion (RFI), and Server Side Request Forgery (SSRF) flaws. All are powerful weapons in the hands of a sophisticated cyber adversary.

After reporting their findings to the State Department on April 27th, researcher Jackson Henry and Sakura Samurai received acknowledgement of their report on April 29th. The vulnerable endpoint in question was taken offline by the State Department by May 13th. Henry and Sakura Samurai then began working with the State Department on public disclosure of the vulnerabilities, while also communicating with the developers responsible for the open source project to get the flaws fixed, according to communications shared with Forbes.

The discovery of flaws buried in an open source development tool underscores the risks that federal agencies face as more and more government business shifts to the web. "The State Department can't audit every open source package it uses," Henry said. "That's why the VDP is such a big thing (and) a step in the right direction."

It is also an endorsement of the benefits of a quiet security revolution within the federal government in recent months, as agencies have responded to Binding Operational Directive 20-01, a new requirement from the CISA, the Cybersecurity and Infrastructure Security Agency, that Executive Branch agencies publish and maintain public vulnerability disclosure programs, or VDPs — a kind of front door for bug hunters and "white hat" cybersecurity professionals.

Friday the Perseverance rover on Mars made its first attempt to collect a rock sample and seal it in a tube, reports NASA. But unfortunately, the data "indicate that no rock was collected during the initial sampling activity..."

"The sampling process is autonomous from beginning to end," said Jessica Samuels, the surface mission manager for Perseverance at NASA's Jet Propulsion Laboratory in Southern California. "One of the steps that occurs after placing a probe into the collection tube is to measure the volume of the sample. The probe did not encounter the expected resistance that would be there if a sample were inside the tube."

The Perseverance mission is assembling a response team to analyze the data. One early step will be to use the WATSON (Wide Angle Topographic Sensor for Operations and eNgineering) imager - located at the end of the robotic arm - to take close-up pictures of the borehole. Once the team has a better understanding of what happened, it will be able to ascertain when to schedule the next sample collection attempt. "The initial thinking is that the empty tube is more likely a result of the rock target not reacting the way we expected during coring, and less likely a hardware issue with the Sampling and Caching System," said Jennifer Trosper, project manager for Perseverance at JPL
"Mars keeps surprising us," adds the rover's Twitter feed. "We're working through this new challenge. More to come."

Space.com points out this wasn't a make-or-break moment for the rover, since it's still carrying 42 more sampling tubes. And the plan has always been to leave the sample tubes on the surface of Mars, where they'll be retrieved later by future Mars missions.

In January ElasticSearch made what it calls "an incredibly hard decision" — to change the licensing on its scalable data-search solution. They called this an effort to "stand up to" Amazon's AWS for offering ElasticSearch functionality as a service "without collaborating with us... after years of what we believe to be Amazon/AWS misleading and confusing the community." Amazon then forked ElasticSearch, releasing a new "OpenSearch" product under the original Apache 2.0 licensing. Last month AWS's fork reached General Availability/1.0 status.

Now Mike Melanson's "This Week in Programming" column reports that ElasticSearch is "making further attempts at closing off access to ElasticSearch and shutting out AWS — while AWS is fighting back: AWS says that "OpenSearch aims to provide wire compatibility with open source distributions of Elasticsearch 7.10.2, the software from which it was derived," making it easy to migrate to OpenSearch. While Elastic can't do anything about that, they can make changes to some open source client libraries that are commonly used. "Over the past few weeks, Elastic added new logic to several of these clients that rejects connections to OpenSearch clusters or to clusters running open source distributions of Elasticsearch 7, even those provided by Elastic themselves," AWS writes. "While the client libraries remain open source, they now only let applications connect to Elastic's commercial offerings..."

AWS is again coming out as the savior of open source in this scenario, it would seem, this time promising to offer "a set of new open source clients that make it easy to connect applications to any OpenSearch or Elasticsearch cluster" that "will be derived from the last compatible versions of corresponding Elastic-maintained clients before product checks were added."

"In the spirit of openness and interoperability, we will make reasonable efforts to maintain compatibility with all Elasticsearch distributions, even those produced by Elastic," they write. In the meantime, while the OpenSearch community works on creating the replacement libraries, AWS recommends that users do not update to the latest version of any Elastic-maintained clients, lest their applications potentially cease functioning.
"It's disappointing to see this," reads a comment (upvoted 35 times) on the ElasticSearch repository announcing the change in late June. "You're forcing us as bystanders in a battle to choose sides." And Amazon responded with its own take on the situation in their AWS press release this week. "Our experience at AWS is that developers find it painful to update their already-deployed applications to use new versions of server software, so backward compatibility for clients and APIs weighs heavily in our designs..."

The press release also calls ElasticSearch's changes "disruptive," adding "The most broadly adopted open source projects generally emphasize flexibility, inclusion, and avoidance of lock-in..."

The Washington Post reports: Human-caused warming has led to an "almost complete loss of stability" in the system that drives Atlantic Ocean currents, a new study has found — raising the worrying prospect that this critical aquatic "conveyer belt" could be close to collapse.

In recent years, scientists have warned about a weakening of the Atlantic Meridional Overturning Circulation (AMOC), which transports warm, salty water from the tropics to northern Europe and then sends colder water back south along the ocean floor. Researchers who study ancient climate change have also uncovered evidence that the AMOC can turn off abruptly, causing wild temperature swings and other dramatic shifts in global weather systems. Scientists haven't directly observed the AMOC slowing down. But the new analysis, published Thursday in the journal Nature Climate Change, draws on more than a century of ocean temperature and salinity data to show significant changes in eight indirect measures of the circulation's strength. These indicators suggest that the AMOC is running out of steam, making it more susceptible to disruptions that might knock it out of equilibrium, says study author Niklas Boers, a researcher at the Potsdam Institute for Climate Impact Science in Germany.

If the circulation shuts down, it could bring extreme cold to Europe and parts of North America, raise sea levels along the east coast of the United States and disrupt seasonal monsoons that provide water to much of the world.

"This is an increase in understanding . . . of how close to a tipping point the AMOC might already be," said Levke Caesar, a climate physicist at Maynooth University who was not involved in the study. Boers' analysis doesn't suggest exactly when the switch might happen. But "the mere possibility that the AMOC tipping point is close should be motivation enough for us to take countermeasures," Caesar said. "The consequences of a collapse would likely be far-reaching..." The new analysis suggests "the critical threshold is most likely much closer than we would have expected," Boers said...

[T]he apparent consequences of the AMOC slowing are already being felt. A persistent "cold blob" in the ocean south of Greenland is thought to result from less warm water reaching that region. The lagging Gulf Stream has caused exceptionally high sea level rise along the east coast of the United States. Key fisheries have been upended by the rapid temperature swings, and beloved species are struggling to cope with the changes. If the AMOC does completely shut down, the change would be irreversible in human lifetimes, Boers said. The "bi-stable" nature of the phenomenon means it will find new equilibrium in its "off" state. Turning it back on would require a shift in the climate far greater than the changes that triggered the shutdown.

"It's one of those events that should not happen, and we should try all that we can to reduce greenhouse gas emissions as quickly as possible," Boers said. "This is a system we don't want to mess with."

An anonymous reader quotes a report from Live Science: Scientists have created key parts of synthetic brain cells that can hold cellular "memories" for milliseconds. The achievement could one day lead to computers that work like the human brain. In the new study, published in the journal Science on Aug. 6, researchers at the Centre national de la recherche scientifique in Paris, France created a computer model of artificial neurons that could produce the same sort of electrical signals neurons use to transfer information in the brain; by sending ions through thin channels of water to mimic real ion channels, the researchers could produce these electrical spikes. And now, they have even created a physical model incorporating these channels as part of unpublished, ongoing research. At a finer level, the researchers created a system that mimics the process of generating action potentials -- spikes in electrical activity generated by neurons that are the basis of brain activity. To generate an action potential, a neuron starts to let in more positive ions, which are attracted to the negative ions inside of the cell. The electrical potential, or voltage across the cell membrane, causes doorways on the cell called voltage-gated ion channels to open, raising the charge even more before the cell reaches a peak and returns to normal a few milliseconds later. The signal is then transmitted to other cells, enabling information to travel in the brain.

To mimic voltage-gated ion channels, the researchers modeled a thin layer of water between sheets of graphene, which are extremely thin sheets of carbon. The water layers in the simulations were one, two, or three molecules in depth, which the researchers characterized as a quasi-two-dimension slit. [T]he researchers wanted to use this two-dimensional environment because particles tend to react much more strongly in two dimensions than in three, and they exhibit different properties in two dimensions, which the researchers thought might be useful for their experiment. Testing out the model in a computer simulation, the researchers found that when they applied an electric field to the channel, the ions in the water formed worm-like structures. As the team applied a greater electric field in the simulation, these structures would break up slowly enough to leave behind a "memory," or a hint of the elongated configuration.

When the researchers ran a simulation linking two channels and other components to mimic the behavior of a neuron, they found the model could generate spikes in electrical activity like action potentials, and that it "remembered" consistent properties in two different states -- one where ions conducted more electricity and one where they conducted less. In this simulation, the "memory" of the previous state of the ions lasted a few milliseconds, around the same time as it takes real neurons to produce an action potential and return to a resting state. This is quite a long time for ions, which usually operate on timescales of nanoseconds or less. In a real neuron, an action potential equates to a cellular memory in the neuron; our brains use the opening and closing of ion channels to create this kind of memory. The new model is a version of an electronic component called a memristor, or a memory resistor, which has the unique property of retaining information from its history. But existing memristors don't use liquid, as the brain does.

After a successful sub-orbital test flight last month, Virgin Galactic re-opened ticket sales for rides to space starting at $450,000 per seat. CBS News reports: But Michael Colglazier, CEO of Virgin Galactic, said fully commercial flights are not expected until the third quarter of 2022, after two more test flights of the company's VSS Unity spaceplane and extensive upgrades of Virgin's Eve carrier jet to improve durability and turnaround times between flights. While the start of commercial operations will come a few months later than had been hoped, the results of two piloted test flights earlier this year, including Branson's July 11 trip to space, show the company is close to "completing our test flight program and launching commercial passenger service in '22," Colglazier said. "And as we advance towards that goal, we are excited to announce today that we will immediately open ticket sales to our significant list of early hand raisers, prioritizing our spacefarer community who, as promised, will be given first opportunity to reserve their place to space."

He said Virgin has developed a "purposeful range of product offerings in order to satisfy the different ways people were want to share this experience." "For the private astronaut flights, our products will include a single seat, a multi-seat couples, families and friends package and a full-flight buyout," he said. "Prices for this next phase of private astronaut sales will begin at $450,000 per seat. Microgravity research and professional astronaut training flights remain priced at $600,000 on a per seat equivalent basis." More than 600 space enthusiasts made down payments on flights much earlier in the program, back when tickets were thought to be in the neighborhood of $250,000 per seat. The prices announced Thursday presumably will apply to new customers only.