hackingbear writes: A team of scientists from China, the U.S., and U.K. successfully turned nitrogen, the dominant gas in Earth's atmosphere, into a metallic fluid by subjecting it to the extreme pressure and temperature conditions found deep inside the Earth and other planets. Their findings have been published in the journal Nature Communications .

"Our findings could inform the efforts to create forms of energetic nitrogen polymers as well as superconducting, metallic states of a sister diatomic molecule, hydrogen or H2, which could revolutionize the energy sector if reliably synthesized," according to team member Nicholas Holtgrewe. The project was funded by by the (U.S.) National Science Foundation, the (U.S.) Army Research Office, the National Natural Science Foundation of China, the Chinese Academy of Science, the British Council Researcher Links Program, and other sources. According to EurekAlert, "The researchers found that the temperature at which nitrogen transitions from insulating to metallic decreases as the pressure increases -- starting at about 1,180,000 times normal atmospheric pressure (120 gigapascals) and 2,720 degrees Celsius (3,000 kelvin)." "This means that, theoretically, nitrogen would remain in its diatomic state in the Earth's mantle but would disassociate into a fluid metal in or just above the core, which potentially has implications for our understanding of the planet's deep nitrogen cycle," said team member Sergey Lobanov.

An anonymous reader quotes a report from Motherboard: Earlier this week, an algorithm made an absurd choice. Google AdSense, Google's advertising program that makes up the bulk of the tech giant's advertising revenue, decided that a web page about a decades-old bill about sexual abuse was "adult content," and wasn't allowed to display ads anymore. The page, which is at least six years old and contains strictly legislative information about a bill called the "Child Sexual Abuse and Pornography Act of 1986" on free legislative research and tracking website GovTrack.us, tripped the AdSense algorithm that decides what pages are allowed to run ads. This single, very dry page being flagged as "adult content" is most likely a minor fluke in the AdSense algorithm, but it's a perfect example of how a tiny tweak in the way a platform uses automation to enforce policies can send a ripple through seemingly-unrelated parts of the internet. The page was flagged by Adsense as "policy non-compliant" on Monday, with Google citing the page's "violations" in a summary of the AdSense adult content policy. Here's what Google told GovTrack: "As stated in our program policies, we may not show Google ads on pages with content that is sexually suggestive or intended to sexually arouse. This includes, but is not limited to: pornographic images, videos, or games; sexually gratifying text, images, audio, or video; pages that provide links for or drive traffic to content that is sexually suggestive or intended to sexually arouse." The GovTrack page contains none of these, yet the page still can't run AdSense.

schwit1 shares a report: The National Security Agency has purged hundreds of millions of records logging phone calls and texts that it had gathered from American telecommunications companies since 2015, the agency has disclosed. It had realized that its database was contaminated with some files the agency had no authority to receive. The agency began destroying the records on May 23, it said in a statement. Officials had discovered "technical irregularities" this year in its collection from phone companies of so-called call record details, or metadata showing who called or texted whom and when, but not what they said. The agency had collected the data from a system it created under the USA Freedom Act. Congress enacted that law in 2015 to end and replace a once-secret program that had systematically collected Americans' domestic calling records in bulk. The National Security Agency uses the data to analyze social links between people in a hunt for hidden associates of known terrorism suspects.

A popular betting platform left a password list for its internal systems on its website for anyone to find. From a report: BetVictor, a Gibraltar-based betting site, has since removed the two-page document containing a list of links to back office systems, including usernames and passwords. Chris Hogben found the document through the customer support search box on the company's homepage. The customer support pop-up allowed users to search the site's knowledge base of questions and answers. "Logins/Links to Back Offices - Internal," read the document's title, which contained over two-dozen passwords to the company's trading platform, ticketing system, and Experian's identity verification service, Hogben told ZDNet.

Fake Fortnite Android apps are spreading around the internet, even though the game has not been officially released for the platform. From a report: Videos on YouTube with links to scam versions of the popular game have been viewed millions of times, according to security experts. None of the fake apps has made it on to the Google Play Store, but they are easy to find on search engines. According to one security firm, the apps look legitimate. Talking about one particular fake app, Nathan Collier, an analyst from security firm Malwarebytes, said: "It's so realistic that some may recognise it from the Apple iOS version. By stealing the icon directly from Apple, how could it not look real? In fact the app redirects users to a browser asking them to download a number of other apps in order to play the game. The scammers are paid each time someone downloads an app from the website.

Some U.S. lawmakers on both sides of the aisle have asked Google on Wednesday to reconsider its work with Chinese telecommunications firm Huawei, citing security concerns. Reuters reports: In a letter to Google Chief Executive Sundar Pichai, the lawmakers said Google recently decided not to renew "Project Maven," an artificial intelligence research partnership with the U.S. Department of Defense. "While we regret that Google did not want to continue a long and fruitful tradition of collaboration between the military and technology companies, we are even more disappointed that Google apparently is more willing to support the Chinese Communist Party than the U.S. military," they wrote. The letter was signed by Republican Senators Tom Cotton and Marco Rubio, Republican Representatives Michael Conaway and Liz Cheney, and Democratic Representative Dutch Ruppersberger.

"Like many U.S. companies, we have agreements with dozens of OEMs (manufacturers) around the world, including Huawei. We do not provide special access to Google user data as part of these agreement, and our agreements include privacy and security protections for use data," she said in an emailed statement.

A sophisticated hacking campaign launched from computers in China burrowed deeply into satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, security researchers at Symantec Corp said on Tuesday. Reuters: Symantec said the effort appeared to be driven by national espionage goals, such as the interception of military and civilian communications. Such interception capabilities are rare but not unheard of, and the researchers could not say what communications, if any, were taken. More disturbingly in this case, the hackers infected computers that controlled the satellites, so that they could have changed the positions of the orbiting devices and disrupted data traffic, Symantec said. "Disruption to satellites could leave civilian as well as military installations subject to huge [real world] disruptions," said Vikram Thakur, technical director at Symantec. "We are extremely dependent on their functionality." Satellites are critical to phone and some internet links as well as mapping and positioning data. Symantec, based in Mountain View, California, described its findings to Reuters exclusively ahead of a planned public release. It said the hackers had been removed from infected systems.

An anonymous reader quotes Ars Technica: Pocket, which lets you save articles and videos you find around the web to consume later, now has a home inside Firefox as the engine powering recommendations to 50 million people a month. By analyzing the articles and videos people save into Pocket, [Pocket founder and CEO Nate] Weiner believes the company can show people the best of the web -- in a personalized way -- without building an all-knowing, Facebook-style profile of the user.

"We're testing this really cool personalization system within Firefox where it uses your browser history to target personalized [recommendations], but none of that data actually comes back to Pocket or Mozilla," Weiner said. "It all happens on the client, inside the browser itself. There is this notion today... I feel like you saw it in the Zuckerberg hearings. It was like, 'Oh, users. They will give us their data in return for a better experience.' That's the premise, right? And yes, you could do that. But we don't feel like that is the required premise. There are ways to build these things where you don't have to trade your life profile in order to actually get a good experience."

Pocket can analyze which articles and videos from around the web are being shared as well as which ones are being read and watched. Over time, that gives the company a good understanding of which links lead to high-quality content that users of either Pocket or Firefox might enjoy.
I use Firefox, but I don't use Pocket. Are there any Slashdot readers who want to share their experiences with read-it-later services, or thoughts about what Firefox is attempting?

Facebook granted a select group of companies special access to its users' records even after the point in 2015 that the company has claimed it stopped sharing such data with app developers. USA Today reports: According to the Wall Street Journal, which cited court documents, unnamed Facebook officials and other unnamed sources, Facebook made special agreements with certain companies called "whitelists," which gave them access to extra information about a user's friends. This includes data such as phone numbers and "friend links," which measure the degree of closeness between users and their friends. These deals were made separately from the company's data-sharing agreements with device manufacturers such as Huawei, which Facebook disclosed earlier this week after a New York Times report on the arrangement. Facebook said following the WSJ report it inked deals with a small number of developers that gave them access to users' friends after the more restrictive policy went into effect.

An anonymous reader shares an excerpt from a report via The Atlantic, written by Alexis C. Madrigal: No one picks up the phone anymore. Even many businesses do everything they can to avoid picking up the phone. Of the 50 or so calls I received in the last month, I might have picked up four or five times. The reflex of answering -- built so deeply into people who grew up in 20th-century telephonic culture -- is gone. There are many reasons for the slow erosion of this commons. The most important aspect is structural: There are simply more communication options. Text messaging and its associated multimedia variations are rich and wonderful: words mixed with emoji, Bitmoji, reaction gifs, regular old photos, video, links. Texting is fun, lightly asynchronous, and possible to do with many people simultaneously. It's almost as immediate as a phone call, but not quite. You've got your Twitter, your Facebook, your work Slack, your email, FaceTimes incoming from family members. So many little dings have begun to make the rings obsolete.

But in the last couple years, there is a more specific reason for eyeing my phone's ring warily. Perhaps 80 or even 90 percent of the calls coming into my phone are spam of one kind or another. [...] There are unsolicited telemarketing calls. There are straight-up robocalls that merely deliver recorded messages. There are the cyborg telemarketers, who sit in call centers playing prerecorded bits of audio to simulate a conversation. There are the spam phone calls, whose sole purpose seems to be verifying that your phone number is real and working.

Unknown third parties appear to be exploiting the Chrome Store's 'theme' section to offer visitors access to a wide range of pirate movies including "Black Panther", "Avengers: Infinity War" and "Rampage." From a report: When clicking through to the page offering Ready Player One, for example, users are presented with a theme that apparently allows them to watch the movie online in "Full HD Online 4k." Of course, the whole scheme is a dubious scam which eventually leads users to Vioos dot co, a platform that tries very hard to give the impression of being a pirate streaming portal but actually provides nothing of use. In fact, as soon as one clicks the play button on movies appearing on Vioos dot co, visitors are re-directed to another site called Zumastar which asks people to "create a free account" to "access unlimited downloads and streaming." Google services have a history of being exploited.

An anonymous reader writes: Democrats on the House Intelligence Committee on Thursday released about 3,400 Facebook ads purchased by Russian agents around the 2016 presidential election on issues from immigration to gun control, a reminder of the complexity of the manipulation that Facebook is trying to contain ahead of the midterm elections. The ads, which span from mid-2015 to mid-2017, illustrate the extent to which Kremlin-aligned forces sought to stoke social, cultural and political unrest on one of the Web's most powerful platforms. With the help of Facebook's targeting tools, Russia's online army reached at least 146 million people on Facebook and Instagram, its photo-sharing service, with ads and other posts, including events promoting protests around the country...

Rep. Adam Schiff of California, the top Democrat on the House Intelligence Committee, said lawmakers would continue probing Russia's online disinformation efforts. In February, Robert S. Mueller III, the special counsel investigating Russia and the 2016 election, indicted individuals tied to the IRA for trying to interfere in the presidential race. "They sought to harness Americans' very real frustrations and anger over sensitive political matters in order to influence American thinking, voting and behavior," Schiff said in a statement. "The only way we can begin to inoculate ourselves against a future attack is to see first-hand the types of messages, themes and imagery the Russians used to divide us...."

The documents released Thursday also reflect that Russian agents continued advertising on Facebook well after the presidential election... They marketed a page called Born Liberal to likely supporters of Sen. Bernie Sanders, I-Vt., the data show, an ad that had more than 49,000 impressions into 2017. Together, the ads affirmed the fears of some lawmakers, including Republicans, that Russian agents have continued to try to influence U.S. politics even after the 2016 election. Russian agents also had created thousands of accounts on Twitter, and in January, the company revealed that it discovered more than 50,000 automated accounts, or bots, with links to Russia.

An anonymous reader quotes Ars Technica: Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were hosted in Google's official Chrome Web Store. The scam was active since at least March with seven malicious extensions known so far, researchers with security firm Radware reported Thursday. Google's security team removed five of the extensions on its own and removed two more after Radware reported them. In all, the malicious add-ons infected more than 100,000 users, at least one inside a "well-protected network" of an unnamed global manufacturing firm, Radware said...

The extensions were being pushed in links sent over Facebook that led people to a fake YouTube page that asked for an extension to be installed. Once installed, the extensions executed JavaScript that made the computers part of a botnet. The botnet stole Facebook and Instagram credentials and collected details from a victim's Facebook account. The botnet then used that pilfered information to send links to friends of the infected person. Those links pushed the same malicious extensions. If any of those friends followed the link, the whole infection process started all over again. The botnet also installed cryptocurrency miners that mined the monero, bytecoin, and electroneum digital coins.

Gmail's new confidential mode lets its users create "expiration dates" for emails, or require recipients to provide an SMS passcode. (And Google also claims they've removed the option to forward, copy, download or print messages.)

But Slashdot reader Lauren Weinstein warns that Google is also opening up a new vector for phishing emails: The problem arises since non-Gmail users cannot directly receive Gmail confidential mode messages. Instead...when a Gmail user wants to send a non-Gmail user such a message, the non-Gmail user is instead sent a link, that when clicked takes them to Google's servers where they can read the confidential mode message in their browser.

The potential risks for any service that operates in this way are obvious. Those of us working on Internet security and privacy have literally spent many years attempting to train users to avoid clicking on "to read the message, click here" links in emails that they receive. Criminals have simply become too adept at creating fraudulent emails that lead to phishing and malware sites.

According to security company Sophos, scam websites have been using obfuscated Google Maps links to redirect users to dodgy websites. The Register reports: The reason for this is Google's recent efforts to get rid of its Goo.gl URL-shortening service. The link-shortening site is a favorite for scammers looking to hide the actual address of pages. Without Goo.gl to pick on, scammers are now abusing a loophole in the Maps API that allows for redirects to be put into Google Maps URLs. This allows the attackers to chain the links to their scam pages within a link to Google Maps, essentially creating a more trustworthy URL that users are more likely to follow. The trick also has the benefit of being harder to catch and shut down than links made with the well-policed Goo.gl service. Because it uses Google Maps, there's no reporting structure in place to get the scammers shut down and the scammers don't have to use a Google-owned interface or API to do it.

schwit1 shares a report from ScienceAlert: For the first time, scientists have managed to show quantum entanglement -- which Einstein famously described as "spooky action at a distance" -- happening between macroscopic objects, a major step forward in our understanding of quantum physics. Quantum entanglement links particles in a way that they instantly affect each other, even over vast distances. On the surface, this powerful bond defies classical physics and, generally, our understanding of reality, which is why Einstein found it so spooky. But the phenomenon has since become a cornerstone of modern technology. Still, up until now quantum entanglement has only been demonstrated to work at the smallest of scales, in systems based on light and atoms, for example. Any attempt to increase the sizes has caused problems with stability, with the slightest of environmental disturbances breaking the connection. But new research changes all of this, by demonstrating that this "spooky action" can indeed be a reality between massive objects. We're not talking massive in the black hole sense but in the macroscopic sense -- two 15-micrometer-wide vibrating drum heads. And the next step will be to test whether those vibrations are being teleported between the two objects. The research has been published in the journal Nature.

Earlier today, Google pushed out the biggest revamp of Gmail in years. In addition to a new material design look, there are quick links to other Google services, such as Calendar, Tasks, and Keep, as well as a new "confidential mode" designed to protect users against certain attacks by having the email(s) automatically expire at a time of the sender's choosing. Long-time Slashdot reader Lauren Weinstein shares their initial impressions of Google's new Gmail UI: Google launched general access to their first significant Gmail user interface (UI) redesign in many years today. It's rolling out gradually -- when it hits your account you'll see a "Try the new Gmail" choice under the settings ("gear") icon on the upper right of the page (you can also revert to the "classic" interface for now, via the same menu). But you probably won't need to revert. Google clearly didn't want to screw up Gmail, and my initial impression is that they've succeeded by avoiding radical changes in the UI. I'll bet that some casual Gmail users might not even immediately notice the differences.

The new Gmail UI is what we could call a "minimally disruptive" redesign of the now "classic" version. The overall design is not altered in major respects. So far I haven't found any notable missing features, options, or settings. My impression is that the back end systems serving Gmail are largely unchanged. Additionally, there are a number of new features (some of which are familiar in design from Google's "Inbox" email interface) that are now surfaced for the new Gmail. Crucially, overall readability and usability (including contrast, font choices, UI selection elements, etc.) seem so close to classic Gmail (at least in my limited testing so far) as to make any differences essentially inconsequential. And it's still possible to select a dark theme from settings if you wish, which results in even higher contrast. Have you tried the new Gmail? If so, how do you like the new interface?

lod123 shares a report from Threatpost: A leaky Mongo database exposed personal information, including scanned passports and driver's licenses, of 25,000 investors and potential investors tied to the Bezop cryptocurrency, according to researchers. Kromtech Security said that it found the unprotected data on March 30, adding that it included a treasure-trove of information ranging from "full names, (street) addresses, email addresses, encrypted passwords, wallet information, along with links to scanned passports, driver's licenses and other IDs," according to the researchers. Kromtech researchers, in their overview of the results of its investigation, said that Bezop.io, the organization behind the currency, immediately secured the data after being notified. Bezop is one of over 1,000 cryptocurrencies in a crowded playing field vying for investor attention. According to Kromtech, the list of 25,000 people included both current and prospective investors promised Bezop cryptocurrency in exchange for promoting the cryptocurrency on social media.

Electronics companies Dyson, LG, and Wahl are fighting right-to-repair legislation, Motherboard reported Wednesday, citing letters it has obtained. From a report: The manufacturers of your appliances do not want you to be able to fix them yourself. Last week, at least three major appliance manufacturers -- Dyson, LG, and Wahl -- sent letters to Illinois lawmakers opposing "fair repair" legislation in that state. The letters were written with the help of a trade group called the Association of Home Appliance Manufacturers (AHAM). All three letters are similar but include slightly different wording and examples in parts. The letters ask lawmakers to "withdraw" a bill that would protect and expand the ability for consumers and independent repair professionals to repair everything from iPhones to robot vacuums, electric shavers, toasters, and tractors. Here are links to the Wahl, Dyson, and LG letters.

NCSA Mosaic 1.0, the first web browser to achieve popularity among the general public, was released on April 22, 1993. It was developed by a team of students at the University of Illinois' National Center for Supercomputing Applications (NCSA), and had the ability to display text and images inline, meaning you could put pictures and text on the same page together, in the same window. Wired reports: It was a radical step forward for the web, which was at that point, a rather dull experience. It took the boring "document" layout of your standard web page and transformed it into something much more visually exciting, like a magazine. And, wow, it was easy. If you wanted to go somewhere, you just clicked. Links were blue and underlined, easy to pick out. You could follow your own virtual trail of breadcrumbs backwards by clicking the big button up there in the corner. At the time of its release, NCSA Mosaic was free software, but it was available only on Unix. That made it common at universities and institutions, but not on Windows desktops in people's homes.

The NCSA team put out Windows and Mac versions in late 1993. They were also released under a noncommercial software license, meaning people at home could download it for free. The installer was very simple, making it easy for just about anyone to get up and running on the web. It was then that the excitement really began to spread. Mosaic made the web come to life with color and images, something that, for many people, finally provided the online experience they were missing. It made the web a pleasure to use.