An anonymous reader quotes a report from TechCrunch: A hacker has stolen the messages, call logs and locations intercepted by a widely used phone monitoring app called LetMeSpy, according to the company that makes the spyware. The phone monitoring app, which is used to spy on thousands of people using Android phones around the world, said in a notice on its login page that on June 21, "a security incident occurred involving obtaining unauthorized access to the data of website users." "As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts," the notice read.

LetMeSpy is a type of phone monitoring app that is marketed for parental control or employee monitoring. The app is also specifically designed to stay hidden on a phone's home screen, making it difficult to detect and remove. Also known as stalkerware or spouseware, these kinds of phone monitoring apps are often planted by someone -- such as spouses or domestic partners -- with physical access to a person's phone, without their consent or knowledge. Once planted, LetMeSpy silently uploads the phone's text messages, call logs, and precise location data to its servers, allowing the person who planted the app to track the person in real-time.

Polish security research blog Niebezpiecznik first reported the breach. When Niebezpiecznik contacted the spyware maker for comment, the hacker reportedly responded instead, claiming to have seized wide access to the spyware maker's domain. It's not clear who is behind the LetMeSpy hack or their motives. The hacker intimated that they deleted LetMeSpy's databases stored on the server. A copy of the hacked database also appeared online later the same day. TechCrunch reviewed the leaked data, which included years of victims' call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared little to no data with LetMeSpy. (LetMeSpy claims to delete data after two months of account inactivity.)

Jonathan Corbet, writing at LWN: In the fast-moving open-source world, programs can come and go quickly; a tool that has many users today can easily be eclipsed by something better next week. Even in this environment, though, some programs endure for a long time. As an example, consider the PostgreSQL database system, which traces its history back to 1986. Making fundamental changes to a large code base with that much history is never an easy task. As fundamental changes go, moving PostgreSQL away from its process-oriented model is not a small one, but it is one that the project is considering seriously.

A PostgreSQL instance runs as a large set of cooperating processes, including one for each connected client. These processes communicate through a number of shared-memory regions using an elaborate library that enables the creation of complex data structures in a setting where not all processes have the same memory mapped at the same address. This model has served the project well for many years, but the world has changed a lot over the history of this project. As a result, PostgreSQL developers are increasingly thinking that it may be time to make a change.

"I predict that Generative Artificial Intelligence is going to go a long way toward keeping Moore's Law in force," writes long-time tech pundit Robert X. Cringely, "and the way this is going to happen says a lot about the chip business, global economics, and Artificial Intelligence, itself." The current el cheapo AI research frenzy is likely to subside as LLaMA ages into obsolescence and has to be replaced by something more expensive, putting Google, Microsoft and OpenAI back in control. Understand, too, that these big, established companies like the idea of LLMs costing so much to build because that makes it harder for startups to disrupt. It's a form of restraint of trade, though not illegal...

[T]here is an opportunity for vertical LLMs trained on different data — real data from industries like medicine and auto mechanics. Whoever owns this data will own these markets. What will make these models both better and cheaper is they can be built from a LLaMA base because most of that data doesn't have to change over time... Bloomberg has already done this for investment advice using its unique database of historical financial information. With an average of 50 billion nodes, these vertical models will cost only five percent as much to run as OpenAI's one billion node GPT-4...

[I]t ought to be pretty simple to apply AI to chip design, building custom chip design models to iterate into existing simulators and refine new designs that actually have a pretty good chance of being novel.

And who will be the first to leverage this chip AI? China... Look for fabless AI chip startups to spring-up around Chinese universities and for the Chinese Communist Party to put lots of money into this very cost-effective work. Because even if it's used just to slim-down and improve existing designs, that's another generation of chips China might otherwise not have had at all.

20 miles west of Portland, engineers at an Intel lab are dunking expensive racks of servers "in a clear bath" made of motor oil-like petrochemicals, reports the Oregonian, where the servers "give off a greenish glow as they silently labor away on ordinary computing tasks." Intel's submerged computers operate just as they would on a dry server rack because they're not bathing in water, even though it looks just like it. They're soaking in a synthetic oil that doesn't conduct electricity. So the computers don't short out.

They thrive, in fact, because the fluid absorbs the heat from the hardworking computers much better than air does. It's the same reason a hot pan cools off a lot more quickly if you soak it in water than if you leave it on the stove.

As data centers grow increasingly powerful, the computers are generating so much heat that cooling them uses exorbitant amounts of energy. The cooling systems can use as much electricity as the computers themselves. So Intel and other big tech companies are designing liquid cooling systems that could use far less electricity, hoping to lower data centers' energy costs by as much as a third — and reducing the facilities' climate impact. It's a wholesale change in thinking for data centers, which already account for 2% of all the electricity consumption in the U.S... Skeptics caution that it may be difficult or prohibitively expensive to overhaul existing data centers to adapt to liquid cooling. Advocates of the shift, including Intel, say a transition is imperative to accommodate data centers' growing thirst for power. "It's really starting to come to a head as we're hitting the energy crisis and the need for climate action globally," said Jen Huffstetler, Intel's chief product sustainability officer...

Cooler computers can be packed more tightly together in data centers, since they don't need space for airflow. Computer manufacturers can pack chips together more tightly on the motherboard, enabling more computing power in the same space. And liquid cooling could significantly reduce data centers' environmental and economic costs. Conventional data centers' evaporative cooling systems require tremendous volumes of water and huge amounts of electricity...

Many other tech companies are backing immersion cooling, too. Google, Facebook and Microsoft are all helping fund immersion cooling research at Oregon State... [T]he timing may finally be right for data centers operators to make the shift away from air cooling to something far more efficient. Intel's Huffstetler said she expects to see liquid cooling become widespread in the next three to five years.
The article notes other challenges:

• liquid adds more weight than some buildings' upper floors can support
• Some metals degrade faster in liquid than they do in air.
• And the engineers had to modify the servers by removing their fans — "because they serve no purpose while immersed."

An anonymous reader quotes a report from ScienceAlert: Octopuses have found an incredible way to protect the more delicate features of their nervous system against radically changing temperatures. When conditions fluctuate, they can rapidly recode key proteins in their nerve cells, ensuring critical neurological activities remain functional when temperatures drop dramatically. How do they do it? By deploying a rare superpower -- editing their RNA on the fly, an ability found in some species of octopuses, squids and cuttlefish. It's an unusual strategy, but it appears to be an effective one, and scientists believe that it may be widely adopted throughout the world of cephalopods. [...]

Their subjects were California two-spot octopuses (Octopus bimaculoides), whose entire genome was first sequenced in 2005, making it a useful animal for understanding genetic changes. The researchers acclimated these octopuses to warm water at 22 degrees Celsius (71.6 Fahrenheit) or much chillier water at 13 degrees Celsius (55.4 Fahrenheit), then compared their genetic information against the database genome. They specifically looked at over 60,000 known editing sites, and what they found was astonishing. "Temperature-sensitive editing occurred at about one third of our sites -- over 20,000 individual places -- so this is not something that happens here or there; this is a global phenomenon," says physicist Eli Eisenberg of Tel-Aviv University, co-senior author of the paper. "But that being said, it does not happen equally: proteins that are edited tend to be neural proteins, and almost all sites that are temperature sensitive are more highly edited in the cold."

So the editing seemed to be in response to acclimating to cold, rather than warm water, affecting neural proteins that, specifically, are sensitive to cold temperatures. And tests of structural proteins critical for the function of the octopus nervous system -- kinesin and synaptotagmin -- found that the changes wrought would have an impact on their function. It was possible that what the team observed was the result of being in a lab, so they caught wild California two-spot octopuses and Verrill's two-spot octopuses (Octopus bimaculatus) in Summer and Winter and checked their genomes, too. These octopuses had similar patterns of RNA editing that suggested they were optimizing their function for the current temperature conditions.

The team also tested to see how quickly the changes take place. They tweaked the temperature of an octopus's tank from 14 degrees Celsius to 24 degrees Celsius or vice versa, tuning the temperature up or down by 0.5 degrees increments over the course of 20 hours. They tested the extent of RNA editing in each octopus just before starting the temperature change, just after, and four days later. It happens very quickly, the researchers found. "We had no real idea how quickly this can occur: whether it takes weeks or hours," explains [marine biologist Matthew Birk of the Marine Biological Laboratory and Saint Francis University]. "We could see significant changes in less than a day, and within four days, they were at the new steady-state levels that you find them in after a month." The research has been published in the journal Cell.

An anonymous reader quotes a report from Ars Technica: A feature in Nvidia's artificial intelligence software can be manipulated into ignoring safety restraints and reveal private information, according to new research. Nvidia has created a system called the "NeMo Framework," which allows developers to work with a range of large language models -- the underlying technology that powers generative AI products such as chatbots. The chipmaker's framework is designed to be adopted by businesses, such as using a company's proprietary data alongside language models to provide responses to questions -- a feature that could, for example, replicate the work of customer service representatives, or advise people seeking simple health care advice.

Researchers at San Francisco-based Robust Intelligence found they could easily break through so-called guardrails instituted to ensure the AI system could be used safely. After using the Nvidia system on its own data sets, it only took hours for Robust Intelligence analysts to get language models to overcome restrictions. In one test scenario, the researchers instructed Nvidia's system to swap the letter 'I' with 'J.' That move prompted the technology to release personally identifiable information, or PII, from a database.

The researchers found they could jump safety controls in other ways, such as getting the model to digress in ways it was not supposed to. By replicating Nvidia's own example of a narrow discussion about a jobs report, they could get the model into topics such as a Hollywood movie star's health and the Franco-Prussian war -- despite guardrails designed to stop the AI moving beyond specific subjects. In the wake of its test results, the researchers have advised their clients to avoid Nvidia's software product. After the Financial Times asked Nvidia to comment on the research earlier this week, the chipmaker informed Robust Intelligence that it had fixed one of the root causes behind the issues the analysts had raised.

An anonymous reader quotes a report from TechCrunch: Security researchers have linked to the notorious Clop ransomware gang a new wave of mass-hacks targeting a popular file transfer tool, as the first victims of the attacks begin to come forward. It was revealed last week that hackers are exploiting a newly discovered vulnerability in MOVEit Transfer, a file-transfer tool widely used by enterprises to share large files over the internet. The vulnerability allows hackers to gain unauthorized access to an affected MOVEit server's database. Progress Software, which develops the MOVEit software, has already released some patches. Over the weekend, the first victims of the attacks began to come forward.

Zellis, a U.K.-based human resources software maker and payroll provider, confirmed in a statement that its MOVEit system was compromised, with the incident affecting a "small number" of its corporate customers. One of those customers is U.K. airline giant British Airways, which told TechCrunch that the breach included the payroll data of all of its U.K.-based employees. [...] The U.K.'s BBC also confirmed it was affected by the incident affecting Zellis. [...] The government of Nova Scotia, which uses MOVEit to share files across departments, said in a statement that some citizens' personal information may have been compromised. The Nova Scotia government said it took its affected system offline, and is working to determine "exactly what information was stolen, and how many people have been impacted."

It was initially unclear who was behind this new wave of hacks, but Microsoft security researchers are attributing the cyberattacks to a group it tracks as "Lace Tempest." This gang is a known affiliate of the Russia-linked Clop ransomware group, which was previously linked to mass-attacks exploiting flaws in Fortra's GoAnywhere file transfer tool and Accellion's file transfer application. Microsoft researchers said that the exploitation of the MOVEit vulnerability is often followed by data exfiltration. Mandiant isn't yet making the same attribution as Microsoft, but noted in a blog post over the weekend that there are "notable" similarities between a newly created threat cluster it's calling UNC4857 that has as-of-yet "unknown motivations," and FIN11, a well-established ransomware group known to operate Clop ransomware. "Ongoing analysis of emerging activity may provide additional insights," Mandiant said. "It's likely many more victims of the MOVEit breach will come to light over the next few days," adds TechCrunch.

"Shodan, a search engine for publicly exposed devices and databases, showed that more than 2,500 MOVEit Transfer servers were discoverable on the internet."

An anonymous reader quotes a report from Reuters: A federal judge in Texas is now requiring lawyers in cases before him to certify that they did not use artificial intelligence to draft their filings without a human checking their accuracy. U.S. District Judge Brantley Starr of the Northern District of Texas issued the requirement on Tuesday, in what appears to be a first for the federal courts. In an interview Wednesday, Starr said that he created the requirement to warn lawyers that AI tools can create fake cases and that he may sanction them if they rely on AI-generated information without verifying it themselves. "We're at least putting lawyers on notice, who might not otherwise be on notice, that they can't just trust those databases. They've got to actually verify it themselves through a traditional database," Starr said.

In the notice about the requirement on his Dallas court's website, Starr said generative AI tools like ChatGPT are "incredibly powerful" and can be used in the law in other ways, but they should not be used for legal briefing. "These platforms in their current states are prone to hallucinations and bias. On hallucinations, they make stuff up -- even quotes and citations," the statement said. The judge also said that while attorneys swear an oath to uphold the law and represent their clients, the AI platforms do not. "Unbound by any sense of duty, honor, or justice, such programs act according to computer code rather than conviction, based on programming rather than principle," the notice said.

Starr said on Wednesday that he began drafting the mandate while attending a panel on artificial intelligence at a conference hosted by the 5th Circuit U.S. Court of Appeals, where the panelists demonstrated how the platforms made up bogus cases. The judge said he considered banning the use of AI in his courtroom altogether, but he decided not to do so after conversations with Eugene Volokh, a law professor at the UCLA School of Law, and others. Volokh said Wednesday that lawyers who use other databases for legal research might assume they can also rely on AI platforms. "This is a way of reminding lawyers they can't assume that," Volokh said. Starr issued the requirement days after another judge threatened to sanction a lawyer for using ChatGPT to help write court filings that cited six nonexistent cases.

A database containing the details of almost half-a-million RaidForums users has leaked online, a year after the U.S. Department of Justice seized the notorious cybercrime forum. From a report: The leaked database was posted on Exposed, described by security researchers as an up-and-coming forum "wanting to fill the void" left by the recent BreachForums shutdown. An Exposed admin, known as "Impotent," posted the alleged RaidForums user data, which includes the details of 478,000 users, including their usernames, email addresses, hashed passwords and registration dates. "All of the users that were on raidforums may have been infected," the admin's post says. RaidForums had around 550,000 users at the time of its shutdown last year. The admin added that some users' details have been removed from the leak, though it's unclear how many or the reasoning behind this.

According to email addresses associated with Z-Library, more than 600,000 students and teachers are using the pirate eBook repository. TorrentFreak notes that this is "likely an underestimation," especially since the United States is excluded from the analysis. From the report: The team analyzed its user database to check how many user email-addresses are linked to universities, colleges and schools. This gives an impression of how many students and employees use the site but it's likely a low estimate, as students may very well use their personal email addresses to sign up. Still, the overall outcome and the global distribution of users is worth highlighting. China is the top country in absolute numbers, followed by India and Indonesia. This is no surprise, perhaps, as these countries also have the largest populations. Looking at the full database, Z-Library linked 600,000 email addresses to a total of 30,000 educational institutions around the world.

The only country missing from the top list, population-wise, is the United States. Z-Library notes that it intentionally excluded the country due to the criminal prosecution of two of the site's alleged operators. "It should be noted that when compiling statistics, we excluded all data related to the United States due to illegal arrest of two Russian citizens on suspicion of involvement in Z-Library," the shadow library writes on Telegram. There are also some relatively smaller countries in the top list, such as Australia. With a population of just over 25 million, Z-Library is relatively popular there, beating Brazil and Vietnam, which both have much larger populations.

The Australian Monash University also gets a special mention. Apparently, it is the educational institution where users have created the most public booklists. These lists are personal book collections that can be focused on any theme, including educational topics. Trinity College Dublin, in Ireland, is the runner-up based on the number of created booklists. It's worth a separate mention, however, as it also appears in the top 5 universities that donated to Z-Library. The list of most avid Z-Library supported is led by the top Chinese universities, which are grouped for the purpose of this analysis.

Serverless JavaScript is hosted in an edge network or by an HTTP caching service (and only runs when requested), explains Cloudflare. "Developers can write and deploy JavaScript functions that process HTTP requests before they travel all the way to the origin server."

Their platform for serverless JavaScript will soon have built-in AI features, Cloudflare's CTO announced today, "so that developers have a rich toolset at their disposal. A developer platform without AI isn't going to be much use. It'll be a bit like a developer platform that can't do floating point arithmetic, or handle a list of data. We're going to see every developer platform have AI capability built in because these capabilities will allow developers to make richer experiences for users...

As I look back at 40 years of my programming life, I haven't been this excited about a new technology... ever. That's because AI is going to be a pervasive change to how programs get written, who writes programs and how all of us interact with software... I think it'll make us more productive and make more people programmers.
But in addition, developers on the platform will also be able to train and upload their own models to run on Cloudflare's global network: Unlike a database where data might largely be stored and accessed infrequently, AI systems are alive with moving data. To accommodate that, platforms need to stop treating data as something to lock in developers with. Data needs to be free to move from system to system, from platform to platform, without transfer fees, egress or other nonsense. If we want a world of AI, we need a world of data fluidity.

Long-time open source advocate Matt Asay writes in InfoWorld: OpenSearch shouldn't exist. The open source alternative to Elasticsearch started off as Amazon Web Services' (AWS) answer to getting outflanked by Elastic's change in Elasticsearch's license, which was in turn sparked by AWS building a successful Elasticsearch service but contributing little back. In 2019 when AWS launched its then Open Distro for Elasticsearch, I thought its reasons rang hollow and, frankly, sounded sanctimonious. This was, after all, a company that used more open source than it contributed. Two years later, AWS opted to fork Elasticsearch to create OpenSearch, committing to a "long-term investment" in OpenSearch.

I worked at AWS at the time. Privately, I didn't think it would work.

Rather, I didn't feel that AWS really understood just how much work was involved in running a successful open source project, and the company would fail to invest the time and resources necessary to make OpenSearch a viable competitor to Elasticsearch. I was wrong. Although OpenSearch has a long way to go before it can credibly claim to have replaced Elasticsearch in the minds and workloads of developers, it has rocketed up the search engine popularity charts, with an increasingly diverse contributor population. In turn, the OpenSearch experience is adding a new tool to AWS' arsenal of open source strengths....

As part of the AWS OpenSearch team, David Tippett and Eli Fisher laid out a few key indicators of OpenSearch's success as they gave their 2022 year in review. They topped more than 100 million downloads and gathered 8,760 pull requests from 496 contributors, a number of whom don't work for AWS. Not stated were other success factors, such as Adobe's earlier decision to replace Elasticsearch with OpenSearch in its Adobe Commerce suite, or its increasingly open governance with third-party maintainers for the project. Nor did they tout its lightning-fast ascent up the DB-Engines database popularity rankings, hitting the Top 50 databases for the first time.

OpenSearch, in short, is a bonafide open source success story. More surprisingly, it's an AWS open source success story. For many who have been committed to the "AWS strip mines open source" narrative, such success stories aren't supposed to exist. Reality bites.
The article notes that OpenSearch's success "doesn't seem to be blunting Elastic's income statement." But it also points out that Amazon now has many employees actively contributing to open source projects, including PostgreSQL and MariaDB. (Although "If AWS were to turn forking projects into standard operating procedure, that might get uncomfortable.")

"Fortunately, not only has AWS learned how to build more open source, it has also learned how to partner with open source companies."

An anonymous reader shares a report: When Mohamed Maslouh, a London-based contractor, was assigned to enter data into Google's internal gHire recruitment system last September, he noticed something surprising. The database contained the profiles of thousands of people in the EU and U.K. whose names, phone numbers, personal email addresses and resumes dated back as far as 2011. Maslouh knew something was amiss, as he had received data-protection training from Randstad, the European human-resources giant that employed him, and was aware of the EU's five-year-old General Data Protection Regulation (GDPR), which remained part of British law after Brexit.

Under the law, companies in the European Union and U.K. may not hang onto anyone's personal data -- that is, information relating to any identifiable living person -- for longer than is strictly necessary, which generally means a maximum retention time measured in weeks or months. Google may now face investigations over potential violations of the GDPR, after Maslouh filed protected whistleblower complaints with the U.K. Information Commissioner's Office in November and with the Irish Data Protection Commission (DPC) -- which has jurisdiction over Google's activities in the EU -- in February.

A vulnerability in the "Advanced Custom Fields" plugin for WordPress is putting more than two million users at risk of cyberattacks, warns Patchstack researcher Rafie Muhammad. The Register reports: A warning from Patchstack about the flaw claimed there are more than two million active installs of the Advanced Custom Fields and Advanced Custom Fields Pro versions of the plugins, which are used to give site operators greater control of their content and data, such as edit screens and custom field data. Patchstack researcher Rafie Muhammad uncovered the vulnerability on February 5, and reported it to Advanced Custom Fields' vendor Delicious Brains, which took over the software last year from developer Elliot Condon. On May 5, a month after a patched version of the plugins was released by Delicious Brains, Patchstack published details of the flaw. It's recommended users update their plugin to at least version 6.1.6.

The flaw, tracked as CVE-2023-30777 and with a CVSS score of 6.1 out of 10 in severity, leaves sites vulnerable to reflected XSS attacks, which involve miscreants injecting malicious code into webpages. The code is then "reflected" back and executed within the browser of a visitor. Essentially, it allows someone to run JavaScript within another person's view of a page, allowing the attacker to do things like steal information from the page, perform actions as the user, and so on. That's a big problem if the visitor is a logged-in administrative user, as their account could be hijacked to take over the website.

"This vulnerability allows any unauthenticated user [to steal] sensitive information to, in this case, privilege escalation on the WordPress site by tricking the privileged user to visit the crafted URL path," Patchstack wrote in its report. The outfit added that "this vulnerability could be triggered on a default installation or configuration of Advanced Custom Fields plugin. The XSS also could only be triggered from logged-in users that have access to the Advanced Custom Fields plugin."

An anonymous reader quotes a report from KrebsOnSecurity: A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network's chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment websites since 2016. KrebsOnSecurity was recently contacted by a security researcher who said he found a huge tranche of full credit card records exposed online, and that at first glance the domain names involved appeared to be affiliated with the USPS. Further investigation revealed a long-running international operation that has been emailing and text messaging people for years to sign up at a slew of websites that all promise they can help visitors secure employment at the USPS.

Sites like FederalJobsCenter[.]com also show up prominently in Google search results for USPS employment, and steer applicants toward making credit card "registration deposits" to ensure that one's application for employment is reviewed. These sites also sell training, supposedly to help ace an interview with USPS human resources. FederalJobsCenter's website is full of content that makes it appear the site is affiliated with the USPS, although its "terms and conditions" state that it is not. Rather, the terms state that FederalJobsCenter is affiliated with an entity called US Job Services, which says it is based in Lawrenceville, Ga. The site says applicants need to make a credit card deposit to register, and that this amount is refundable if the applicant is not offered a USPS job within 30 days after the interview process. But a review of the public feedback on US Job Services and dozens of similar names connected to this entity over the years shows a pattern of activity: Applicants pay between $39.99 and $100 for USPS job coaching services, and receive little if anything in return. Some reported being charged the same amount monthly. Michael Martel, spokesperson for the United States Postal Inspection Service, said in a written statement that the USPS has no affiliation with the websites or companies named in this story.

"To learn more about employment with USPS, visit USPS.com/careers," Martel wrote. "If you are the victim of a crime online report it to the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov. To report fraud committed through or toward the USPS, its employees, or customers, report it to the United States Postal Inspection Service (USPIS) at www.uspis.gov/report."

A list of all the current sites selling this product can be found in Krebs' report.

Long-time Slashdot reader schwit1 spotted this story in today's New York Times. (Also re-published in the Seattle Times.) In early 2020 a team of U.S. and Chinese scientists "released critical data" on the speedy spread and lethality of the coronavirus, remembers Times, "cited in health warnings around the world... Within days, though, the researchers quietly withdrew the paper, which was replaced online by a message telling scientists not to cite it...

"What is now clear is that the study was not removed because of faulty research. Instead, it was withdrawn at the direction of Chinese health officials amid a crackdown on science."

It's not the only retraction. The Times also points out a paper published on March 9 of 2020 relying on patient samples from mid-December of 2019, which "added to evidence that the virus was spreading widely before the Chinese government took action." Two months later the journal that published an update that "said that the Wuhan samples were not collected in December after all, but weeks later, in January... After Jesse Bloom of the Fred Hutchinson Cancer Center in Seattle tweeted about the discrepancy, the journal's editors posted a third version of the paper, adding yet another timeline. This revision says the samples were collected between Dec. 30 and Jan. 1." Beijing's stranglehold on information goes far deeper than even many pandemic researchers are aware of. Its censorship campaign has targeted international journals and scientific databases, shaking the foundations of shared scientific knowledge, a New York Times investigation found. Under pressure from their government, Chinese scientists have withheld data, withdrawn genetic sequences from public databases and altered crucial details in journal submissions. Western journal editors enabled those efforts by agreeing to those edits or withdrawing papers for murky reasons, a review by The Times of over a dozen retracted papers found.

This scientific censorship has not universally succeeded: The original version of the February 2020 paper, for example, can still be found online with some digging. But the campaign starved doctors and policymakers of critical information about the virus at the moment the world needed it most. It bred mistrust of science in Europe and the United States, as health officials cited papers from China that were then retracted. The crackdown continues to breed misinformation today and has hindered efforts to determine the origins of the virus.
The article notes an international team's discovery last month of genetic sequence data collected in January of 2020 at Wuhan market, "withheld from foreign experts for three years — a delay that global health officials called 'inexcusable.'" The sequences showed that raccoon dogs, a fox-like animal, had deposited genetic signatures in the same place that genetic material from the virus was left, a finding consistent with a scenario in which the virus spread to people from illegally traded market animals... Soon after the group alerted Chinese researchers to their findings, the genetic sequences temporarily disappeared from a global database. "It's just pathetic that we're in this stage where we're having cloak-and-dagger conversations about deleted data," said Edward Holmes, a University of Sydney biologist who was part of the group that analyzed the sequences containing raccoon dog DNA.
The Times cites retracted coronavirus papers flagged by Retraction Watch, which tracks withdrawn research. Amid tighting government censorship in 2020, Chinese researchers began asking journals to retract their work, the Times reports, and "a review of more than a dozen retracted papers from China shows a pattern of revising or suppressing research on early cases, conditions for medical workers and how widely the virus had spread — topics that could make the government look bad." Journals are typically slow to retract papers, even when they are shown to be fraudulent or unethical. But in China, the calculus is different, said Ivan Oransky, a founder of Retraction Watch. Journals that want to sell subscriptions in China or publish Chinese research often bend to the government's demands. "Scientific publishers have really gone out of their way to placate the censorship requests," he said...

The journal retractions continued, and for unusual reasons. One group of authors noted that "our data is not perfect enough." Another warned that its paper "cannot be used as the basis for the origin and evolution of SARS-CoV-2." A third said its findings were "incomplete and not ready for publication." Several scientists promised in retraction notices to update their findings but never did.

Amazon has launched its Anti-Counterfeiting Exchange (ACX), an initiative to help retail stores label and track marketplace counterfeits as part of the e-commerce giant's efforts to crack down on organized crime on its platform, the company announced on Thursday. From a report: Online marketplaces in the United States including Amazon face hurdles in keeping counterfeiters off their platforms and fake merchandise from entering their warehouses. The new program mimics data exchange programs by the credit card industry to find scammers and identify their tactics. Stores and Amazon marketplace sellers can anonymously contribute information and records flagging counterfeiters to a third-party database or use the database to avoid doing business with the bad actors.

"We think it is critical to share information about confirmed counterfeiters to help the entire industry stop these criminals earlier," Dharmesh Mehta, Amazon's vice president of selling partner services, said in a statement. The Seattle-based retail giant piloted the anti-counterfeiting initiative in 2021 with an undisclosed number of apparel, home goods and cosmetics stores, where counterfeiting is most common.

Multiple employees of Samsung's Korea-based semiconductor business plugged lines of confidential code into ChatGPT, effectively leaking corporate secrets that could be included in the chatbot's future responses to other people around the world. PCMag reports: One employee copied buggy source code from a semiconductor database into the chatbot and asked it to identify a fix, according to The Economist Korea. Another employee did the same for a different piece of equipment, requesting "code optimization" from ChatGPT. After a third employee asked the AI model to summarize meeting notes, Samsung executives stepped in. The company limited each employee's prompt to ChatGPT to 1,024 bytes.

Just three weeks earlier, Samsung had lifted its ban on employees using ChatGPT over concerns around this issue. After the recent incidents, it's considering re-instating the ban, as well as disciplinary action for the employees, The Economist Korea says. "If a similar accident occurs even after emergency information protection measures are taken, access to ChatGPT may be blocked on the company network," reads an internal memo. "As soon as content is entered into ChatGPT, data is transmitted and stored to an external server, making it impossible for the company to retrieve it."

The OpenAI user guide warns users against this behavior: "We are not able to delete specific prompts from your history. Please don't share any sensitive information in your conversations." It says the system uses all questions and text submitted to it as training data.

An anonymous reader quotes a report from Ars Technica: What's even harder-core than the IBM Model M? The Model F, the keyboard that launched alongside the IBM PC in 1981. After a 2017 relaunch, new models with the original layout are here. The project, which back in 2017 relaunched a modern keyboard inspired by a compact space-saver version of IBM's classic Model F, is launching its second generation of brand-new premium input devices, and this time, various layouts will be available. [...]

Enter the New Model F Keyboards project. "Ellipse" launched it in 2017 and attracted over $300,000 worth of orders, even at $399 each. Aside from the not-inconsiderable price, what put the author off was the layout. Space-saving and reduced-footprint keyboards are very popular among serious keyboard collectors, and the project chose two space-saver layouts from IBM's 4704 terminal, dubbed the Kishsaver after the collector who described it. The F77 layout has a numeric keypad, but no function keys; the even smaller F62 layout omits the keypad, or as the cool kids call it, it's a TKL layout, which we are informed stands for tenkeyless, presumably because it has 15 fewer keys.

Which is why the FOSS desk's bank account would tremble in fear if it were not an inanimate table in a database somewhere, because the Model F project has announced a new range, including full-size and compact 104-key layouts and most appealing to this large and heavy-handed vulture, a replica of the 122-key IBM Battleship, one of which we've been hunting for over a decade. The project occasionally has refurbished original IBM units. Now, though, a brand-new one is a $420 option. If that isn't exclusive enough, your correspondent also working on a model with beam springs, the mechanism from 1970s IBM business products. The first model of the brand new beam spring units is a mere $579.

Longtime Slashdot reader Esther Schindler writes: When you learn a new tool/technology, you need to create a sample application, which cannot use real in-house data. Why not use something fun for the sample application's data, such as a Star Wars API or a data collection about World Cup contests? Esther Schindler, Slashdot user #16185, assembled a groovy collection of datasets that may be useful but also may be a source of fascinating internet rabbit holes. For those interested in datasets, Esther also recommends the Data is Plural newsletter and the website ResearchBuzz, which shares dataset descriptions as well as archive-related news and tools.

"Google Research maintains a search site for test datasets, too, if you know what you're looking for," adds Esther. There's also, of course, Kaggle.com.