"Facebook's corporate parent has reached a tentative settlement in a lawsuit alleging the world's largest social network service allowed millions of its users' personal information to be fed to Cambridge Analytica," reports the Associated Press: Terms of the settlement reached by Meta Platforms, the holding company for Facebook and Instagram, weren't disclosed in court documents filed late Friday. The filing in San Francisco federal court requested a 60-day stay of the action while lawyers finalize the settlement. That timeline suggested further details could be disclosed by late October.

The accord was reached just a few weeks before a Sept. 20 deadline for Meta CEO Mark Zuckerberg and his long-time chief operating officer, Sheryl Sandberg, to submit to depositions during the final phases of pre-trial evidence gathering, according to court documents... The lawsuit, which had been seeking to be certified as a class action representing Facebook users, had asserted the privacy breach proved Facebook is a "data broker and surveillance firm," as well as a social network.
Some background from UPI: The Facebook users sued the platform in June 2018, accusing it of violating privacy rules when it shared personal data with Cambridge Analytica and other third parties.... In March 2018, whistleblower and Cambridge Analytica co-founder Christopher Wylie revealed the data mining company was holding onto Facebook user data without the users' consent even after Facebook told the company to delete it.
Reuters describes Cambridge Analytica as "the now-defunct British political consultancy."

Politico reports that now lawyers for both Facebook and the plaintiffs have "asked the judge to put the lawsuit on hold for 60 days to allow the parties to 'finalize a written settlement agreement' and present it for preliminary approval by the court."

"Google launched a carbon emissions tool for its flight tracker last fall," remembers Gizmodo, "allowing consumers to see the individual emissions created by each flight they were browsing..."

"But last month the tech giant quietly shifted the algorithm to exclude a crucial component of the overall greenhouse gas impact of air travel."

The BBC reports: Flights now appear to have much less impact on the environment than before. "Google has airbrushed a huge chunk of the aviation industry's climate impacts from its pages" says Dr Doug Parr, chief scientist of Greenpeace. With Google hosting nine out of every 10 online searches, this could have wide repercussions for people's travel decisions.

The company said it made the change following consultations with its "industry partners".

It affects the carbon calculator embedded in the company's "Google Flights" search tool.... [I]n July, Google decided to exclude all the global warming impacts of flying except CO2. Some experts say Google's calculations now represent just over half of the real impact on the climate of flights. "It now significantly understates the global impact of aviation on the climate", says Professor David Lee of Manchester Metropolitan University, the author of the most comprehensive scientific assessment of the contribution of air travel to global warming.

Flying affects the climate in lots of ways in addition to the CO2 produced by burning aviation fuel. These include the creation of long thin clouds high up in the atmosphere — known as contrails — which trap heat radiated by the Earth, leading to a net warming effect on our planet. These additional warming impacts mean that although aviation is only responsible for around 2% of global CO2 emissions, the sector is actually responsible for around 3.5% of the warming caused by human activity.

"Since 2012 researchers in the Georgia Tech Cyber Forensics Innovation Laboratory have uncovered 47,337 malicious plugins across 24,931 unique WordPress websites through a web development tool they named YODA," warns an announcement released Friday: According to a newly released paper about the eight-year study, the researchers found that every compromised website in their dataset had two or more infected plugins.

The findings also indicated that 94% of those plugins are still actively infected.

"This is an under-explored space," said Ph.D. student Ranjita Pai Kasturi who was the lead researcher on the project. "Attackers do not try very hard to hide their tracks and often rightly assume that website owners will not find them."

YODA is not only able to detect active malware in plugins, but it can also trace the malicious software back to its source. This allowed the researchers to determine that these malicious plugins were either sold on the open market or distributed from pirating sites, injected into the website by exploiting a vulnerability, or in most cases, infected after the plugin was added to a website. According to the paper written by Kasturi and her colleagues, over 40,000 plugins in their dataset were shown to have been infected after they were deployed. The team found that the malware would attack other plugins on the site to spread the infection.

"These infections were a result of two scenarios. The first is cross-plugin infection, in which case a particular plugin developer cannot do much," said Kasturi. "Or it was infected by exploiting existing plugin vulnerabilities. To fix this, plugin developers can scan for vulnerabilities before releasing their plugins for public use."

Although these malicious plugins can be damaging, Kasturi adds that it's not too late to save a website that has a compromised plugin. Website owners can purge malicious plugins entirely from their websites and reinstall a malware free version that has been scanned for vulnerabilities. To give web developers an edge over this problem, the Cyber Forensics Innovation Laboratory has made the YODA code available to the public on GitHub.

Are there better ways to fight misinformation? "Researchers at Google, the University of Cambridge and the University of Bristol tested a different approach that tries to undermine misinformation before people see it," reports the New York Times. (Alternate URL here.)

Instead of using the term "debunking," they're calling it "pre-bunking...." The researchers found that psychologically "inoculating" internet users against lies and conspiracy theories — by pre-emptively showing them videos about the tactics behind misinformation — made people more skeptical of falsehoods afterward, according to an academic paper published in the journal Science Advances on Wednesday.... The users were taught about tactics such as scapegoating and deliberate incoherence, or the use of conflicting explanations to assert that something is true, so that they could spot lies. Researchers tested some participants within 24 hours of seeing a pre-bunk video and found a 5 percent increase in their ability to recognize misinformation techniques.

One video opens with a mournful piano tune and a little girl grasping a teddy bear, as a narrator says, "What happens next will make you tear up." Then the narrator explains that emotional content compels people to pay more attention than they otherwise would, and that fear-mongering and appeals to outrage are keys to spreading moral and political ideas on social media. The video offers examples, such as headlines that describe a "horrific" accident instead of a "serious" one, before reminding viewers that if something they see makes them angry, "someone may be pulling your strings."

Beth Goldberg, one of the paper's authors and the head of research and development at Jigsaw, a technology incubator within Google, said in an interview that pre-bunking leaned into people's innate desire to not be duped. "This is one of the few misinformation interventions that I've seen at least that has worked not just across the conspiratorial spectrum but across the political spectrum," Ms. Goldberg said.

Jigsaw will start a pre-bunking ad campaign on YouTube, Facebook, Twitter and TikTok at the end of August for users in Poland, Slovakia and the Czech Republic, meant to head off fear-mongering about Ukrainian refugees who entered those countries after Russia invaded Ukraine. It will be done in concert with local fact checkers, academics and disinformation experts. The researchers don't have plans for similar pre-bunking videos ahead of the midterm elections in the United States, but they are hoping other tech companies and civil groups will use their research as a template for addressing misinformation....

The effects of pre-bunking last for only between a few days and a month.... The researchers wrote that pre-bunking worked like medical immunization: "Pre-emptively warning and exposing people to weakened doses of misinformation can cultivate 'mental antibodies' against fake news."

Thursday Ukraine's largest nuclear power plant was cut off from the country's electricity grid, causing "widespread power outages across southern Ukraine," according to the New York Times. Friday afternoon it was reconnected to Ukraine's national power grid, the Times adds — "but its time offline renewed concerns about the safe operation of the plant..."

The Guardian notes it's the first such disconnection in nearly 40 years. Three other power lines connecting the reactors to the grid "had already been taken out during the war," though when the fourth and final line went out, "the plant still received supplies of electricity from one remaining backup line connected to the nearby conventional power plant." (Though two other lines to that power plant were already also down.) "Disconnecting the plant from the grid is dangerous because it raises the risk of catastrophic failure of the electricity-run cooling systems for its reactors and spent fuel rods.... If all external connections go down, it must rely on diesel-fuelled generators for power. If they break down, engineers only have 90 minutes to stave off dangerous overheating." (Ukraine's president Volodymyr Zelenskiy pointed out that during the break in power, back-up diesel generators did indeed immediately kick in to ensure continuous power supply, according to Reuters.)

But is Russia executing a larger strategy here? Earlier, Russian engineers informed plant workers that the nuclear plant would be switched to Russia's power network in the event of an emergency, according to the head of Ukraine's atomic energy company. Speaking to the Guardian, he adds that the plant's workers were told that "The precondition for this plan was heavy damage of all lines which connect Zaporizhzhia nuclear power plant to the Ukrainian system" — and he worries that Russia is now attempting to create those preconditions.

He's not the only one thinking that. Voice of America interviewed a nuclear engineer at the plant who claims that Russian troops have several times "bombed places that cannot affect the safe operation of the power plant. I think that the Russians are trying to discredit the armed forces of Ukraine for the purpose of propaganda.... At the same time, the Russians deliberately damaged the high-voltage power lines that connect the Zaporizhzhia nuclear power plant with the Ukrainian power system.... [T]he Russians want to arrange a small accident and stop Zaporizhzhia for a short time, then supply us with electricity from Crimea and automatically switch the nuclear power plant to the Russian energy system."

He also claims to have seen Russian military equipment stored in the plant. For example, "Different types of Russian artillery and missile installations are located both inside the territory of the nuclear power plant and around it, on the perimeter, near the Kakhovka Reservoir."

The last power line connecting the reactors to the grid was disconnected by fires "caused by shelling," the Guardian reported.

The New York Times reports on the aftermath: Ukrainian engineers were able to restore damaged external power lines after repeated shelling on Thursday, ensuring the facility was able to meet its own power needs and continue to operate safely, according to Ukrainian and international officials, but efforts to reconnect it to the grid took longer. With fires raging around the plant, new shelling in and around the facility on a near daily basis and an exhausted and stressed team of Ukrainian engineers tasked with keeping the Zaporizhzhia Nuclear Power Plant running safely, however, calls for international intervention grew louder.

Negotiations with Ukraine and Russia to allow safety experts from the International Atomic Energy Agency to visit and inspect the plant appeared to be making progress, as U.N. officials indicated they expected an agreement soon. "We are in active consultations for an imminent I.A.E.A. mission," a spokesman for the agency said.

The stakes are high.

"Nowhere in the history of this world has a nuclear power plant become a part of a combat zone, so this really has to stop immediately," Bonnie Denise Jenkins, the State Department's under secretary for arms control and international security, told reporters in Brussels on Thursday. Russian actions, she said, "have created a serious risk of a nuclear incident — a dangerous radiation release — that could threaten not only the people and environment of Ukraine, but also affect neighboring countries and the entire international community."
Here's the opinion of that nuclear engineer at the Ukrainian nuclear plant (interviewed by Voice of America). "The expectation is that after the [International Atomic Energy] agency's conclusion, international pressure on Moscow will intensify, and Russia will be required to withdraw heavy weapons and troops from the nuclear power plant.

"I think this is unrealistic. The Russians will not leave here by their own will. Without a war, it is impossible."

The hackers that breached Twilio earlier this month also compromised more than 130 other organizations during their hacking spree that netted the credentials of close to 10,000 employees. TechCrunch: Twilio's recent network intrusion allowed the hackers to access the data of 125 Twilio customers and companies -- including end-to-end encrypted messaging app Signal -- after tricking employees into handing over their corporate login credentials and two-factor codes from SMS phishing messages that purported to come from Twilio's IT department. At the time, TechCrunch learned of phishing pages impersonating other companies, including a U.S. internet company, an IT outsourcing company and a customer service provider, but the scale of the campaign remained unclear.

Now, cybersecurity company Group-IB says the attack on Twilio was part of a wider campaign by the hacking group it's calling "0ktapus," a reference to how the hackers predominantly target organizations that use Okta as a single sign-on provider. Group-IB, which launched an investigation after one of its customers was targeted by a linked phishing attack, said in findings shared with TechCrunch that the vast majority of the targeted companies are headquartered in the U.S. or have U.S.-based staff. The attackers have stolen at least 9,931 user credentials since March, according to Group-IB's findings, with more than half containing captured multi-factor authentication codes used to access a company's network.

New submitter alfabravoteam writes: Password management company LastPass has published information about a security incident. "We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information," reads the official message published.

They also clarify that no user data was lost. "We never store or have knowledge of your Master Password," the firm said in an FAQ. "We utilize an industry standard Zero Knowledge architecture that ensures LastPass can never know or gain access to our customers' Master Password", they inform. Hence, no action is required to users to follow.

Mark Zuckerberg says waking up every day as chief executive of Meta is like getting punched in the stomach. From a report: "You wake up in the morning, look at my phone, you get like a million messages, right, of stuff that come in. It's usually not good," Mr. Zuckerberg told Joe Rogan in an episode on his show that aired Thursday. "It's almost like every day you wake up and you're, like, punched in the stomach," Mr. Zuckerberg said. "Now I need to, like, go reset myself and be able to kind of be productive and not be stressed about this." After processing the information he's given, he said he spends an hour or two doing physical activity such as surfing or mixed martial arts.

Justice Department lawyers are in the early stages of drafting a potential antitrust complaint against Apple, Politico reported Friday, citing a person with direct knowledge of the matter -- a sign that a long-running investigation may be nearing a decision point and a suit could be coming soon. From the report: Various groups of prosecutors inside DOJ are assembling the pieces for a potential lawsuit, the individual said, adding that the department's antitrust division hopes to file suit by the end of the year. Still, the Justice Department has made no decisions whether or when to sue Apple, the world's most valuable public company, cautioned that person and one other familiar with the probe -- and it's still possible no case will be filed. Both were granted anonymity to discuss a confidential investigation.

The company behind the bright green marijuana-themed trucks that crowd Manhattan's tourist districts is now paying the price for repeatedly breaking the law. They haven't been fined for selling anything illicit, but for being top contributors to one of the city's other infamous scourges: illegal parking. From a report: The New York City department of finance confirmed to the Guardian that Weed World Candies had paid $200,000 in parking fines to get back several vehicles that had been towed in June by the city's sheriff's office.

But while Weed World is apparently getting on the right side of the law, its payments only equal a fraction of the $534.5m the city is owed in unpaid parking fines, according to the agency, as serial offenders skirt the rules in one of the world's most maddening places to get around. In Midtown Manhattan, where competition for parking is cutthroat in a grid of cramped and chaotic roadways, trucks habitually stop in bike lanes, forcing cyclists into busy traffic; cars double-park as drivers sprint into bodegas to buy their increasingly expensive bacon, egg and cheese sandwiches. Police often turn a blind eye, amid allegations that they illegally park their personal cars and harassed a cyclist who reported them.

The vaccine manufacturer Moderna sued Pfizer and BioNTech on Friday, claiming that its rivals' Covid-19 shot violates its patents protecting its groundbreaking technology. NPR reports: The lawsuit alleges the two companies used certain key features of technology Moderna developed to make their COVID-19 vaccine. It argues that Pfizer and BioNtech's vaccine infringes patents Moderna filed between 2010 and 2016 for its messenger RNA or mRNA technology.

All three companies' COVID-19 vaccines used mRNA technology which is a new way to make vaccines. In the past, vaccines were generally made using parts of a virus, or inactivated virus, to stimulate an immune response. With mRNA technology, the vaccine uses messenger RNA created in a lab to send genetic instructions that teach our cells to make a protein or part of a protein that triggers an immune response. In October 2020, Moderna pledged not to enforce its COVID-19 related patents while the pandemic was ongoing, according to a statement from the company. In March this year, it said it will stick to its commitment not to enforce its COVID-19 related patents in low and middle-income countries, but expects rival companies like Pfizer to respect its intellectual property.

Twitter founder and former chief executive Jack Dorsey says he regrets the social media platform became a company. From a report: "The biggest issue and my biggest regret is that it became a company," Dorsey tweeted in response to a question about whether Twitter turned out the way he had envisioned. Dorsey stands to receive $978 million if the agreement for billionaire Elon Musk to buy Twitter is completed. When asked about what structure he wished Twitter would operate under, Dorsey said that it should be "a protocol" and that Twitter should not be owned by a state or another company. If it were a protocol, Twitter would operate much like email, which is not controlled by one centralized entity, and people using different email providers are able to communicate with one another.

U.S wireless carrier T-Mobile will use Elon Musk-owned SpaceX's Starlink satellites to provide mobile users with network access in parts of the United States, the companies announced on Thursday, outlining plans to connect users' mobile phones directly to satellites in orbit. From a report: The new plans, which would exist alongside T-mobile's existing cellular services, would cut out the need for cell towers and offer service for sending texts and images where cell coverage does not currently exist, key for emergency situations in remote areas, Musk said at a flashy event on Thursday at his company's south Texas rocket facility. Starlink's satellites will use T-Mobile's mid-band spectrum to create a new network. Most phones used by the company's customers will be compatible with the new service, which will start with texting services in a beta phase beginning by the end of next year.

joshuark shares a report from PCMag: The official Windows developer documentation team at Microsoft decided to ask Microsoft Archivist Amy Stevenson "What was the largest piece of software we ever shipped?" The answer may surprise you... [T]he award goes to Microsoft C/C++ compiler with the Windows SDK, which was released in 1992 and weighed over 40 pounds. It included Microsoft C/C++ 7.0 in a box that was more than two feet long and allowed a developer to produce MS-DOS, Windows, and OS/2 applications. As Stevenson points out, "we never did that again," and the next product launched was Visual C++.

New research claims that of five major Big Tech firms, Google tracks more private data about users than any other -- and Apple tracks the least. AppleInsider reports: Apple has previously introduced App Tracking Transparency specifically to protect the privacy of users from other companies. However, a new report says that Apple is also avoiding doing any more tracking itself than is needed to run its services. According to StockApps.com, Apple "is the most privacy-conscious firm out there." "Apple only stores the information that is necessary to maintain users' accounts," it continues. "This is because their website is not as reliant on advertising revenue as are Google, Twitter, and Facebook."

The StockApps.com report does not list what it describes as the "data points" that Big Tech firms collect for every user. However, it says they include location details, browser history, activity on third-party websites, and in Google's case, also emails in Gmail. It also doesn't detail its methodology, but does say that it used marketing firm digitalinformationworld to investigate Apple, Amazon, Facebook, Google, and Twitter. Of these five, Google reportedly tracks 39 separate data points per user, while Apple tracks only 12. Unexpectedly, Facebook is stated as tracking only 14 data points, while Amazon tracks 23, and Twitter tracks 24.

Chinese search engine giant Baidu revealed its first quantum computer on Thursday and is ready to make it available to external users, joining the global race to apply the technology to practical uses. Reuters reports: The Baidu-developed quantum computer, dubbed "Qianshi," has a 10-quantum-bit (qubit) processor, Baidu said in a statement. The Beijing-based company has also developed a 36-qubit quantum chip, it said. Governments and companies around the world for years have touted the potential of quantum computing, a form of high-speed calculation at extraordinarily cold temperatures that will bring computers to unprecedented processing speeds. However, current real-world applications in the field are still very basic and limited to a small group of early clients.

It turns out, software testers are relying more on automation than ever before, driven by a desire to lower testing costs and improve software quality and user experience. VentureBeat shares the findings from a new report by Kobiton: Kobiton asked 150 testers in companies with at least 50 employees across a range of industries. [...] For context, there are two kinds of software testing: manual and automated. Manual is still common but it's not ideal for repetitive tests, leading many testers to choose automation, which can expedite development and app performance. To wit, 40% of testers responding to Kobiton's study said their primary motivation for using automation is improving user experience. "In a study we conducted two years ago, half the testers we asked said their automation programs were relatively new, and 76% said they were automating fewer than 50% of all tests," said Kevin Lee, CEO of Kobiton. "Nearly 100% of testers participating in this year's study are using automation, which speaks to how far the industry has come."

Testing managers are prioritizing new hires with automation experience, too. Kobiton's study found that automation experience is one of the three skills managers are most interested in. And how is automation being used? A plurality (34%) of respondents to Kobiton's survey said they are using automation for an equal mix of regression and new feature testing. And it's made them more efficient. Almost half (47%) of survey respondents said it takes 3-5 days for manual testing before a release, whereas automated tests can have it done in 3-6 hours.

An anonymous reader quotes a report from CNN Travel: The future of environmentally friendly travel might just be here -- and it's Germany that's leading the charge, with the first ever rail line to be entirely run on hydrogen-powered trains, starting from Wednesday. Fourteen hydrogen trains powered by fuel cell propulsion will exclusively run on the route in Bremervorde, Lower Saxony. The 93 million euro ($92.3 million) deal has been struck by state subsidiary Landesnahverkehrsgesellschaft Niedersachsen (LVNG), the owners of the railway, and Alstom, builders of the Coradia iLint trains. The Elbe-Weser Railways and Transport Company (EVB), which will operate the trains, and gas and engineering company Linde, are also part of the project.

The trains, five of which which debut Wednesday, will gradually replace the 15 diesel trains that currently run on the route, with all 14 running exclusively by the end of the year. Just 1 kilo of hydrogen fuel can do the same as around 4.5 kilos of diesel. The trains are emissions-free and low-noise, with only steam and condensed water issuing from the exhaust. They have a range of 1,000 kilometers (621 miles), meaning they can run for an entire day on the network on a single tank of hydrogen. A hydrogen filling station has already been established on the route. The trains can go at a maximum of 140 kph, or 87mph, though regular speeds on the line are much less, between 80-120 kph.

The kingdom of Google's third major operating system, Fuchsia, is growing a little wider today. ArsTechnica: 9to5Google reports Google completed the rollout of Fuchsia to the Google Nest Hub Max. Along with the original Nest Hub/Google Home Hub, that puts two of Google's three smart displays on the new OS, with the one holdout being the 2nd Gen Nest Hub. The Nest Hub Max is the first device running Fuchsia that Google is currently selling -- the Home Hub only got Fuchsia after it had been discontinued. The Google smart display user interface is written in Flutter, a Google programming language designed for portability, which runs on Android, iOS, Fuchsia, and the weird cast platform Nest Hubs typically use. So it's not right to describe the user interface as "similar" after the OS swap -- it's the exact same code because Flutter runs on nearly everything.

You are getting a slightly newer code version, though, and it comes with a Bluetooth menu. If you dive into the settings and hit "about device," you'll see a "Fuchsia Version" field that will say something like "6.20211109.1.3166243." It's a bit weird to do an entire OS switch to the futuristic, secretive Fuchsia project and then have basically nothing to show (or say) for it in terms of obvious improvements in performance or security. You can dive into the minutia of the Fuchsia source code, but it continues to be a mystery in terms of what practical benefits it offers consumers. Google never talks about Fuchsia, so not much is known about what, exactly, Google is accomplishing here.

An anonymous reader shares a report: While mostly of benefit to server administrators with large fleets of hardware, Linux 6.1 aims to make it easier to help spot problematic CPUs/cores by reporting the likely socket and core when a segmentation fault occurs, which can help in spotting any trends if routinely finding the same CPU/core is causing problems. Queued up now in TIP's x86/cpu branch for the Linux 6.1 merge window in October is a patch to print the likely CPU at segmentation fault time. Printing the likely CPU core and socket when a seg fault occurs can be beneficial if routinely finding seg faults happening on the same CPU package or particular core.