A commercial military simulation software, originally inspired by Tom Clancy novels, has become an unexpected tool for military training across NATO forces and defense analysts worldwide. Command: Professional Edition, developed by Britain's Slitherine Software, has secured contracts with the U.S. Air Force and British Strategic Command, while Taiwanese analysts use it to war-game potential conflicts with China.

The software's success stems from its vast database of military equipment and capabilities, compiled through contributions from its million-strong user base. Marine Corps University's wargaming director Tim Barrick employs the software to train officers, noting its effectiveness in developing tactical creativity. "These are not simple problems," said Barrick, a retired Marine colonel, told WSJ.

A fascinating excerpt from the report: Command's British publisher, Slitherine Software, stumbled into popularity. The family business got started around 2000 selling retail CD-ROM games like Legion, involving ancient Roman military campaigns. When Defense Department officials in 2016 first contacted Slitherine, which is based in an old house in a leafy London suburb, its father-and-son managers were so stunned they thought the call might be a prank. "Are you taking the piss?" J.D. McNeil, the father, recalled asking near the end of the conversation.

Microsoft took the unusual step on Monday of publicly criticizing longtime rival Google for running "shadow campaigns" in Europe designed to discredit the software giant with regulators. CNBC: Microsoft lawyer Rima Alaily wrote in a blog post that Google hired a firm to recruit European cloud companies to represent the search company's case. "This week an astroturf group organized by Google is launching," Microsoft lawyer Rima Alaily wrote in a blog post. "It is designed to discredit Microsoft with competition authorities, and policymakers and mislead the public. Google has gone through great lengths to obfuscate its involvement, funding, and control, most notably by recruiting a handful of European cloud providers, to serve as the public face of the new organization."

The conflict represents a fresh battle between two companies that do battle in cloud infrastructure as well as online advertising and productivity software. The latest chapter surfaces as Google faces heightened regulatory pressure in Europe and in the U.S., where it's in the midst of its second antitrust trial against the Justice Department. Alaily suggested in Monday's post that Google hired advisory firm DGA Group to set up the Open Cloud Coalition. One company that opted not to participate in the group told Microsoft that the coalition would receive financial backing from Google and criticize Microsoft's practices in Europe, Alaily wrote.

Italian technology firm Bending Spoons has emerged as an unconventional private equity player, acquiring struggling tech companies and dramatically restructuring them for profitability, most notably with its purchase of note-taking app Evernote.

The Milan-based company, valued at $2.6 billion, has acquired six companies since 2022, including WeTransfer and Meetup's assets. CEO Luca Ferrari has told investors the company could deploy up to $2 billion for future acquisitions. Bending Spoons typically targets subscription-based software companies with steady cash flow, implementing steep price hikes and significant staff reductions post-acquisition.

At Evernote, the company dismissed over half the workforce and increased annual subscription costs by 63% to $130. The strategy appears to be working. Bending Spoons reports annual sales have surged to $700 million from $162 million in 2022, with Evernote turning profitable earlier this year.

AmiMoJo shares a report: Tech behemoth OpenAI has touted its artificial intelligence-powered transcription tool Whisper as having near "human level robustness and accuracy." But Whisper has a major flaw: It is prone to making up chunks of text or even entire sentences, according to interviews with more than a dozen software engineers, developers and academic researchers.

Those experts said some of the invented text -- known in the industry as hallucinations -- can include racial commentary, violent rhetoric and even imagined medical treatments. Experts said that such fabrications are problematic because Whisper is being used in a slew of industries worldwide to translate and transcribe interviews, generate text in popular consumer technologies and create subtitles for videos.

[...] It's impossible to compare Nabla's AI-generated transcript to the original recording because Nabla's tool erases the original audio for "data safety reasons," Nabla's chief technology officer Martin Raison said.

Banks and regulators are warning that QR code phishing scams -- also known as "quishing" -- are slipping through corporate cyber defences and increasingly tricking customers into giving up their financial details. From a report: Lenders including Santander, HSBC, and TSB have joined the UK National Cyber Security Centre and US Federal Trade Commission among others to raise concerns about a rise in fraudulent QR codes being deployed for sophisticated fraud campaigns.

The new type of email scam often involves criminals sending QR codes in attached PDFs. Experts said the strategy is effective because the messages frequently get through corporate cyber security filters -- software that typically flags malicious website links, but often does not scan images within attachments. "The appeal for criminals is that it's bypassing all of the [cyber security] training and it's also bypassing our products," said Chester Wisniewski, a senior adviser at security software company Sophos.

When it comes to introducing liability for software products, "the EU and U.S. are taking very different approaches," according to Lawfare's cybersecurity newsletter. "While the U.S. kicks the can down the road, the EU is rolling a hand grenade down it to see what happens." Under the status quo, the software industry is extensively protected from liability for defects or issues, and this results in systemic underinvestment in product security. Authorities believe that by making software companies liable for damages when they peddle crapware, those companies will be motivated to improve product security... [T]he EU has chosen to set very stringent standards for product liability, apply them to people rather than companies, and let lawyers sort it all out.

Earlier this month, the EU Council issued a directive updating the EU's product liability law to treat software in the same way as any other product. Under this law, consumers can claim compensation for damages caused by defective products without having to prove the vendor was negligent or irresponsible. In addition to personal injury or property damages, for software products, damages may be awarded for the loss or destruction of data. Rather than define a minimum software development standard, the directive sets what we regard as the highest possible bar. Software makers can avoid liability if they prove a defect was not discoverable given the "objective state of scientific and technical knowledge" at the time the product was put on the market.

Although the directive is severe on software makers, its scope is narrow. It applies only to people (not companies), and damages for professional use are explicitly excluded. There is still scope for collective claims such as class actions, however. The directive isn't law itself but sets the legislative direction for EU member states, and they have two years to implement its provisions. The directive commits the European Commission to publicly collating court judgements based on the directive, so it will be easy to see how cases are proceeding.

Major software vendors used by the world's most important enterprises and governments are publishing comically vulnerable code without fear of any blowback whatsoever. So yes, the status quo needs change. Whether it needs a hand grenade lobbed at it is an open question. We'll have our answer soon.

In 2004 Alaa Abd El Fattah answered questions from Slashdot's readers about organizing the first-ever Linux installfest in Egypt.

In 2014 he was arrested for organizing poltical protests without requesting authorization, according to Wikipedia, and then released on bail — but then sentenced to five years in prison upon retrial. He was released in late March of 2019, but then re-arrested again in September by the National Security Agency, convicted of "spreading fake news" and jailed for five years...

Wikipedia describes Abd El-Fattah as an "Egyptian-British blogger, software developer and a political activist" who has been "active in developing Arabic-language versions of software and platforms." But this week an EFF blog post noticed that his released date had recently passed — and yet he was still in prison: It's been 28 days since September 29, the day that should have seen British-Egyptian blogger, coder, and activist Alaa Abd El Fattah walk free. Egyptian authorities refused to release him at the end of his sentence, in contradiction of the country's own Criminal Procedure Code, which requires that time served in pretrial detention count toward a prison sentence. [Human Rights Watch says Egyptian authorities are refusing to count more than two years of pretrial detention toward his time served. Amnesty International has also called for his release.] In the days since, Alaa's family has been able to secure meetings with high-level British officials, including Foreign Secretary David Lammy, but as of yet, the Egyptian government still has not released Alaa...

Alaa deserves to finally return to his family, now in the UK, and to be reunited with his son, Khaled, who is now a teenager. We urge EFF supporters in the UK to write to their MP to place pressure on the UK's Labour government to use their power to push for Alaa's release.
Last month the EFF wrote:: Over 20 years ago Alaa began using his technical skills to connect coders and technologists in the Middle East to build online communities where people could share opinions and speak freely and privately. The role he played in using technology to amplify the messages of his fellow Egyptians — as well as his own participation in the uprising in Tahrir Square — made him a prominent global voice during the Arab Spring, and a target for the country's successive repressive regimes, which have used antiterrorism laws to silence critics by throwing them in jail and depriving them of due process and other basic human rights.

Alaa is a symbol for the principle of free speech in a region of the world where speaking out for justice and human rights is dangerous and using the power of technology to build community is criminalized...

Bitwarden describes itself as an "open source password manager for business." But it also made a change to its build requirement which led to an issue on the project's GitHub page titled "Desktop version 2024.10.0 is no longer free software."

In the week that followed Bitwarden's official account on X.com promised a fix was coming. "It seems a packaging bug was misunderstood as something more, and the team plans to resolve it. Bitwarden remains committed to the open source licensing model in place for years, along with retaining a fully featured free version for individual users." And Thursday Bitwarden followed through with new changes to address the concerns.

The Register reports the whole episode started because of a new build requirement added in a pull request a couple of weeks ago titled "Introduce SDK client." This SDK is required to compile the software from source — either the Bitwarden server or any of its client applications... [But the changed license had warned "You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK."]
Phoronix picks up the story: The issue of this effectively not making the Bitwarden client free software was raised in this GitHub issue... Bitwarden founder and CTO Kyle Spearrin has commented on the ticket... "Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug." The ticket was subsequently locked and limited to collaborators.
And Thursday it was Bitwarden founder and CTO Kyle Spearrin who again re-appeared in the Issue — first thanking the user who had highlighted the concerns. "We have made some adjustments to how the SDK code is organized and packaged to allow you to build and run the app with only GPL/OSI licenses included." The sdk-internal package references in the clients now come from a new sdk-internal repository, which follows the licensing model we have historically used for all of our clients (see LICENSE_FAQ.md for more info). The sdk-internal reference only uses GPL licenses at this time. If the reference were to include Bitwarden License code in the future, we will provide a way to produce multiple build variants of the client, similar to what we do with web vault client builds.

The original sdk repository will be renamed to sdk-secrets, and retains its existing Bitwarden SDK License structure for our Secrets Manager business products. The sdk-secrets repository and packages will no longer be referenced from the client apps, since that code is not used there.

An anonymous reader quotes a report from Reuters: Delta Air Lines on Friday sued cybersecurity firm CrowdStrike in a Georgia state court after a global outage in July caused mass flight cancellations, disrupted travel plans of 1.3 million customers and cost the carrier more than $500 million. Delta's lawsuit filed in Fulton County Superior Court called the faulty software update from CrowdStrike "catastrophic" and said the firm "forced untested and faulty updates to its customers, causing more than 8.5 million Microsoft Windows-based computers around the world to crash." [...]

Delta, which has purchased CrowdStrike products since 2022, said the outage forced it to cancel 7,000 flights, impacting 1.3 million passengers over five days. "If CrowdStrike had tested the faulty update on even one computer before deployment, the computer would have crashed," Delta's lawsuit says. "Because the faulty update could not be removed remotely, CrowdStrike crippled Delta's business and created immense delays for Delta customers." Delta said that as part of its IT-planning and infrastructure, it has invested billions of dollars "in licensing and building some of the best technology solutions in the airline industry."

Former Nvidia engineer Luke Durant, working with the Great Internet Mersenne Prime Search (GIMPS), recently discovered the largest known prime number: (2^136,279,841)-1 or M136279841 (where the number following the letter M represents the exponent). The achievement was detailed on Mersenne.org. Tom's Hardware reports: This is the largest prime number we've seen so far, with the last one, M82589933, being discovered six years prior. What makes this discovery particularly fascinating is that this is the first GIMPS discovery that used the power of data center GPUs. Mihai Preda was the first one to harness GPU muscle in 2017, says the GIMPS website, when he "wrote the GpuOwl program to test Mersenne numbers for primarilty, making his software available to all GIMPS users." When Luke joined GIMPS in 2023, they built the infrastructure needed to deploy Preda's software across several GPU servers available in the cloud.

While it took a year of testing, Luke's efforts finally bore fruit when an A100 GPU in Dublin, Ireland gave the M136279841 result last October 11. This was then corroborated by an Nvidia H100 located in San Antonio, Texas, which confirmed its primality with the Lucas-Lehmer test.

An anonymous reader quotes a report from InfoWorld: Select developers now are getting free access to JetBrains' WebStorm and Rider IDEs. The company on October 24 announced it has launched non-commercial licenses for its WebStorm JavaScript and TypeScript IDE and the Rider cross-platform .NET and game development IDE. As of now, developers using these IDEs for non-commercial purposes, such as open source project development or content creation, can use them for free. JetBrains views the move as expanding the availability of these IDEs to a broader swath of developer roles. More than two-thirds of developers code outside of work as a hobby and nearly 40% code for educational and learning purposes outside of work, the company said."Previously this year, JetBrains released other products under the same terms for non-commercial use, including RustRover, an IDE for Rust development, and Aqua, an IDE designed for test automation," notes InfoWorld. "JetBrains also provides community editions of IntelliJ and PyCharm, IDEs for Java and Python, respectively, which can be used to build proprietary and commercial software."

JetBrains has an FAQ section with additional details about the change.

The Librarian of Congress has granted a DMCA exemption allowing independent repair of soft-serve machines, addressing the persistent issue of restricted repairs on McDonald's frequently malfunctioning machines. ExtremeTech reports: Section 1201 of the DMCA makes it illegal to bypass a digital lock protecting copyrighted work. That can be the DRM on a video file you download from iTunes, the carrier locks that prevent you from using a phone on other networks, or even the software running a McDonald's soft serve machine that refuses to accept third-party repairs. By locking down a product with DRM, companies can dictate when and how items are repaired under threat of legal consequences. This is an ongoing issue for people who want to fix all those busted ice cream machines.

Earlier this year, iFixit and Public Knowledge submitted their request for an exemption that would have covered a wide swath of industrial equipment. The request included everything from building management software to the aforementioned ice cream machines. Unfortunately, the Copyright Office was unconvinced on some of these points. However, the Librarian of Congress must be just as sick as the rest of us to hear the ice cream machine is broken. The office granted an exception for "retail-level food preparation equipment."

That means restaurant owners and independent repair professionals will be able to bypass the software locks that keep kitchen machinery offline until the "right" repair services get involved. This should lower prices and speed up repairs in such situations. Public Knowledge and iFixit express disappointment that the wider expansion was not granted, but they're still celebrating with some delicious puns (and probably ice cream). "There's nothing vanilla about this victory; an exemption for retail-level commercial food preparation equipment will spark a flurry of third-party repair activity and enable businesses to better serve their customers," said Meredith Rose, Senior Policy Counsel at Public Knowledge.

An anonymous reader quotes a report from Ars Technica: Earlier this year, we reported on the video game archivists asking for a legal DMCA exemption to share Internet-accessible emulated versions of their physical game collections with researchers. Today, the US Copyright Office announced once again that it was denying that request, forcing researchers to travel to far-flung collections for access to the often-rare physical copies of the games they're seeking.

In announcing its decision, the Register of Copyrights for the Library of Congress sided with the Entertainment Software Association and others who argued that the proposed remote access could serve as a legal loophole for a free-to-access "online arcade" that could harm the market for classic gaming re-releases. This argument resonated with the Copyright Office despite a VGHF study that found 87 percent of those older game titles are currently out of print. "While proponents are correct that some older games will not have a reissue market, they concede there is a 'healthy' market for other reissued games and that the industry has been making 'greater concerted efforts' to reissue games," the Register writes in her decision. "Further, while the Register appreciates that proponents have suggested broad safeguards that could deter recreational uses of video games in some cases, she believes that such requirements are not specific enough to conclude that they would prevent market harms."

A DMCA exemption for remote sharing already exists for non-video-game computer software that is merely "functional," as the Register notes. But the same fair use arguments that allow for that sharing don't apply to video games because they are "often highly expressive in nature," the Register writes. In an odd footnote, the Register also notes that emulation of classic game consoles, while not infringing in its own right, has been "historically associated with piracy," thus "rais[ing] a potential concern" for any emulated remote access to library game catalogs. That footnote paradoxically cites Video Game History Foundation (VGHF) founder and director Frank Cifaldi's 2016 Game Developers Conference talk on the demonization of emulation and its importance to video game preservation. "The moment I became the Joker is when someone in charge of copyright law watched my GDC talk about how it's wrong to associate emulation with piracy and their takeaway was 'emulation is associated with piracy,'" Cifaldi quipped in a social media post.

The top U.S. consumer finance watchdog warned businesses about potential legal problems they could face from using new technology such as artificial intelligence or algorithmic scores to snoop on and evaluate their employees. From a report: The Consumer Financial Protection Bureau on Thursday said "invasive" new tools to monitor workers are governed by a law designed to ensure fairness in credit reporting, giving employees specific rights. Employees have the right to consent to the collection of personal information, to receive detailed information and to dispute inaccurate information, the CFPB said in the newly released guidance.

"Workers shouldn't be subject to unchecked surveillance or have their careers determined by opaque third-party reports without basic protections," CFPB Director Rohit Chopra said. More companies are leaning on AI and other powerful tools throughout the employment process, using software that can, for example, interview candidates and surveillance tools that can look for unsafe behavior. Americans have expressed concerns about Big Brother-style surveillance while they are on the job.

An anonymous reader shares a report: Drivers passing through San Francisco have a new roadside distraction to consider: billboards calling out businesses that don't cough up for the open source code that they use. The signs are the work of the Open Source Pledge -- a group that launched earlier this month. It asks businesses that make use of open source code to pledge $2,000 per developer to support projects that develop the code. So far, 25 companies have signed up -- but project co-founder Chad Whitacre wants bigger firms to pay their dues, too.

Whitacre, whose day job is head of open source at app-monitoring biz Sentry, told The Register his employer has for three years operated a scheme to pay developers who maintain and upgrade open source code. "We do dollars per developer, the thinking being it's the developers and software engineers on the staff at a company who benefit the most from open source, who become more productive because of open source," he said. "I had one conversation with a representative from a larger firm and he's like: 'Chad, you're asking me to spend ten million on maintainers.'" Whitacre affirmed that request, and pointed out the firm "spends ten million on something anyway."

An anonymous reader shares a report: Members of Congress are raising the alarm about new technology at supermarkets: They say Kroger and other major grocery stores are implementing digital price tags that could allow for dynamic pricing, meaning the sticker price on items like eggs and milk could change regularly. They also claim data from facial recognition technology at Kroger could be considered in pricing decisions.

Kroger denied the claims, saying it has no plans to implement dynamic pricing or use facial recognition software. Walmart also said it had no plans for dynamic pricing, and that facial recognition was not being used to affect pricing, but the company did not specify whether the tool was being used for other purposes. Both Walmart, which has 4,606 U.S. stores, and Kroger, which has nearly 2,800 U.S. stores, also suggested that the effects of digital price tags are being exaggerated, and economic experts say that most grocery bills won't be higher as a result of the tags. Still, data privacy experts have concerns about new technology being implemented at grocery stores broadly.

schwit1 shares a report from Nature: Which scientific publishers and journals are worst affected by fraudulent or dubious research papers -- and which have done least to clean up their portfolio? A technology start-up founded to help publishers spot potentially problematic papers says that it has some answers, and has shared its early findings with Nature. The science-integrity website Argos, which was launched in September by Scitility, a technology firm headquartered in Sparks, Nevada, gives papers a risk score on the basis of their authors' publication records, and on whether the paper heavily cites already-retracted research. A paper categorized as 'high risk' might have multiple authors whose other studies have been retracted for reasons related to misconduct, for example. Having a high score doesn't prove that a paper is low quality, but suggests that it is worth investigating.

Argos is one of a growing number of research-integrity tools that look for red flags in papers. These include the Papermill Alarm, made by Clear Skies, and Signals, by Research Signals, both London-based firms. Because creators of such software sell their manuscript-screening tools to publishers, they are generally reluctant to name affected journals. But Argos, which is offering free accounts to individuals and fuller access to science-integrity sleuths and journalists, is the first to show public insights. "We wanted to build a piece of technology that was able to see hidden patterns and bring transparency to the industry," says Scitility co-founder Erik de Boer, who is based in Roosendaal, the Netherlands. By early October, Argos had flagged more than 40,000 high-risk and 180,000 medium-risk papers. It has also indexed more than 50,000 retracted papers.

Adobe's Fresco painting app is now free for everyone, in an attempt to lure illustrators to join its creative software suite. The Verge reports: Fresco is essentially Adobe's answer to apps like Procreate and Clip Studio Paint, which all provide a variety of tools for both digital art and simulating real-world materials like sketching pencils and watercolor paints. Adobe Fresco is designed for touch and stylus-supported devices, and is available on iPad, iPhone, and Windows PCs. The app already had a free-to-use tier, but premium features like access to the full Adobe Fonts library, a much wider brush selection, and the ability to import custom brushes previously required a $9.99 annual subscription. That's pretty affordable for an Adobe subscription, but still couldn't compete with Procreate's $12.99 one-time purchase model.

Starting today, all of Fresco's premium features are no longer locked behind a paywall. The app first launched in 2019 and isn't particularly well-known compared to more established Adobe apps like Photoshop and Illustrator that feature more complex, professional design tools. Fresco still has some interesting features of its own, like reflective and rotation symmetry (which mirror artwork as you draw) and the ability to quickly animate drawings with motion presets like "bounce" and "breathe."

A judge has allowed Saudi dissident Yahya Assiri to sue the kingdom for allegedly targeting his devices with Pegasus spyware and other Israeli-made surveillance tools. Reuters reports: Yahya Assiri, a founder of the opposition National Assembly Party (NAAS) who lives in exile in Britain, alleges his electronic devices were targeted with surveillance software between 2018 and 2020. He is suing Saudi Arabia at London's High Court, saying the country used Pegasus - made by Israeli company NSO Group and sold only to nation states - and other spyware made by lesser-known Israeli firm QuaDream because of his work with dissidents.

Earlier this month, Roger Eastman, a judge in the High Court, gave Assiri permission to serve his lawsuit on the Saudi government, a step that required the court to find Assiri has an arguable case. The decision announced on Monday to allow the case to be served on Saudi Arabia in Riyadh was made on Oct. 11. Assiri said in a statement: "I am fully aware that the authorities will want to target me. However, it is outrageous for them also to target individuals such as the victims of rights abuses and their families in Saudi Arabia simply because these people have been in contact with me."

San Francisco's Municipal Transportation Agency approved a $212 million contract with Hitachi Rail to modernize the Muni Metro system's outdated train control system, which currently uses floppy disks and wire loops. Government Technology reports: The software that runs the system is stored on floppy disks that are loaded each morning and an outdated type of communication using wire loops that are easily disrupted. It was expected to last for 20 to 25 years, according to Muni officials. It moves data more slowly than a wireless modem, they said. By late 2027 and into 2028, a new communications-based system, which employs Wi-Fi and cell signals to precisely track the locations of trains, will be installed by Hitachi, which will provide support services for 20 years under the agreement.

While the current train control system operates only on the Market Street subway and Central Subway, the new system will control Metro light rail trains on the system's surface lines as well. The Hitachi system is said to be five generations ahead of the current system, said Muni Director of Transit Julie Kirschbaum, who described it as the best train control system on the market.