Sorry, you need to enable JavaScript to visit this website.

More than 4 million electric vehicles are now on America's roads. And Friday the U.S. Energy announced that more than a third of them (1.4 million) were sold within the last year. That's 50% more than were sold in the previous year — and about the same number sold in the entire five years between 2016 and 2021. But the energy secretary's statement also touts the current administrations efforts at "building out a reliable and interoperable nationwide EV charging network — an undertaking never before seen in the United States." Today, the U.S. has close to 170,000 public EV chargers — a 75% increase since the president took office with nearly 900 new chargers coming online per week. These developments are part of an inevitable shift toward a thriving electric transportation sector — a shift that American automakers and battery manufacturers are already carrying forward.

Read more of this story at Slashdot.

"If you have been affected, you will will receive a notification when you open Chrome on either desktop or Android devices," reports Search Engine Land. But they add that "discussions among digital marketers on X indicate that advertisers are still not ready..." An anonymous reader writes: Google started its campaign to phase out of third-party cookies as announced earlier. At the beginning cookies are turned off for 1% of users, and those lucky ones unlock a "tracking protection" in Chrome settings. In agreement with the UK Competitions and Markets Authority, third-party cookies will be completely removed at the end of this year, a move under tight anti-competition scrutiny also in Brussels. Meanwhile, a technology researcher released their privacy audit of Google's third-party cookie replacement, Privacy Sandbox's Protected Audience API, validating its standing against EU data protection, which may even close the ever-present cookie consent popups disliked universally in Europe.

Read more of this story at Slashdot.

This week Harvard's president Claudine Gay resigned "after conservative activists revealed she had plagiarized," writes Business Insider, adding that hedge fund manager/prominent Harvard donor Bill Ackman "helped lead the charge." Then Business Insider "analyzed Ackman's wife's doctoral dissertation and found numerous instances of plagiarism." In most cases Ackman's wife put the author's name and publication date immediately after the material which she used — but did not put quotation marks around it. But according to the Business Insider, "At least 15 passages from her 2010 MIT doctoral dissertation were lifted without any citation from Wikipedia entries." Her husband, Ackman, has taken a hardline stance on plagiarism. On Wednesday, responding to news that Gay is set to remain a part of Harvard's faculty after she resigned as president, he wrote on X that Gay should be fired completely due to "serious plagiarism issues... Students are forced to withdraw for much less," Ackman continued. "Rewarding her with a highly paid faculty position sets a very bad precedent for academic integrity at Harvard." Ackman's wife was a tenured MIT professor from 2017 to 2021, according to the article. "It is unfortunate that my actions to address problems in higher education have led to these attacks on my family," Ackman posted Friday night on Twitter. Then Ackman threatened "a review of the work of all current MIT faculty members. We will begin with a review of the work of all current MIT faculty members, President Kornbluth, other officers of the Corporation, and its board members for plagiarism." Business Insider notes that Ackman "has been vocal about wanting to see MIT's president, Sally Kornbluth, fired since Kornbluth testified on December 5 in front of a congressional panel examining how university presidents handled student protests against Israel's war in Gaza. Kornbluth said in her opening statement that she didn't support 'speech codes' that would restrict what students say during protests."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Russian hackers were inside Ukrainian telecoms giant Kyivstar's system from at least May last year in a cyberattack that should serve as a "big warning" to the West, Ukraine's cyber spy chief told Reuters. The hack, one of the most dramatic since Russia's full-scale invasion nearly two years ago, knocked out services provided by Ukraine's biggest telecoms operator for some 24 million users for days from Dec. 12. In an interview, Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department, disclosed exclusive details about the hack, which he said caused "disastrous" destruction and aimed to land a psychological blow and gather intelligence. "This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," he said. He noted Kyivstar was a wealthy, private company that invested a lot in cybersecurity. The attack wiped "almost everything", including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator." During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier, he said in a Zoom interview on Dec. 27. "For now, we can say securely, that they were in the system at least since May 2023," he said. "I cannot say right now, since what time they had ... full access: probably at least since November." The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and perhaps steal Telegram accounts with the level of access they gained, he said. A Kyivstar spokesperson said the company was working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks, adding: "No facts of leakage of personal and subscriber data have been revealed." Investigating the attack is harder because of the wiping of Kyivstar's infrastructure. Vitiuk said he was "pretty sure" it was carried out by Sandworm, a Russian military intelligence cyberwarfare unit that has been linked to cyberattacks in Ukraine and elsewhere. A year ago, Sandworm penetrated a Ukrainian telecoms operator, but was detected by Kyiv because the SBU had itself been inside Russian systems, Vitiuk said, declining to identify the company. The earlier hack has not been previously reported. Vitiuk said SBU investigators were still working to establish how Kyivstar was penetrated or what type of trojan horse malware could have been used to break in, adding that it could have been phishing, someone helping on the inside or something else. If it was an inside job, the insider who helped the hackers did not have a high level of clearance in the company, as the hackers made use of malware used to steal hashes of passwords, he said. Samples of that malware have been recovered and are being analysed, he added.

Read more of this story at Slashdot.

Business Insider's Kelli Maria Korducki reports on a growing trend happening on LinkedIn: some people are using the professional network for personal connections, fielding romantic offers amid job postings. But that leaves the question: Is it a good idea to mix work and love? From the report: Dustin Kidd, a professor of sociology at Temple University who researches social media and pop culture, said that dating via LinkedIn belonged to a long tradition of "dating hacks" -- using online tools designed for other purposes to snag a date. "In the aughts, this happened with Friendster and then Myspace," Kidd said, but has since spread to myriad platforms that are ostensibly romance-free. Even fitness-tracking sites such as Strava are fair game. The common thread for love-hijacked social-media sites is a single feature, Kidd said: DMs. "The design of LinkedIn helps to maintain its focus on the professional, but any platform with a direct-messaging option is likely to also be used to pursue sex and dating," he told me. The ease and relative privacy of direct messaging help explain how some people are using LinkedIn for romance, but it doesn't explain why. In an age with so many dedicated dating platforms -- from giants such as Tinder, Bumble, and Hinge to niche apps including Feeld (for the unconventional), Pure (for the noncommittal), and NUiT (for the astrologically inclined) -- why mix Cupid's arrow with corporate updates? Any type of social media where you can see people's pictures can turn into a dating app. And LinkedIn is even better because it's not just showing people's fake lives. One answer may be the growing number of Americans who have gotten tired of the roulette-like experience that comes with modern dating apps. In a 2023 Pew survey of US adults, nearly one-third of respondents said they had used an online dating site or app at least once. More than half of women who had used the apps reported feeling overwhelmed by the number of messages they had received in the past year, while 64% of men said they felt insecure from the lack of messages they had gotten. Though an overwhelming majority of men and women said they'd felt excited about people they connected with, an even-larger proportion of respondents said they were sometimes or often disappointed by their matches. [...] LinkedIn's appeal as a dating site, according to people who use it that way, is the platform's ability to give back some of that control and boost the caliber of their prospects. Because the professional-networking site asks users to link to their current and former employers' profile pages, it offers an additional layer of credibility that other social-media platforms lack. Many profiles also include first-person references from former colleagues and managers -- real people with real profile pages. [...] Even for those who shy away from using LinkedIn to angle for dates, the site has become a go-to tool for vetting romantic candidates found through conventional dating apps or in-person encounters. "Social media is just one big dating app," [said Samuela John, a 24-year-old personal organizer in New York City who developed chemistry with an oil-industry man on the platform]. "Any type of social media where you can see people's pictures can turn into a dating app. And LinkedIn is even better because it's not just showing people's fake lives." [...] "I don't think you should go into it like, 'All right, I'm going to find my husband on LinkedIn,'" John said. "I think you should go about it as if you were just networking, like in a casual sense. And then if you end up meeting the person, see the vibes and then go from there."

Read more of this story at Slashdot.

The White House has convened a last-minute meeting to discuss a private lunar mission, Peregrine Mission One, after the Navajo Nation requested a delay due to cultural concerns over the transport of human ashes for burial on the moon. "The moon holds a sacred place in Navajo cosmology," said Navajo Nation President Buu Nygren in a statement. "The suggestion of transforming it into a resting place for human remains is deeply disturbing and unacceptable to our people and many other tribal nations." If successful, the commercial mission scheduled to launch Monday "will be the first time an American-made spacecraft has landed on the lunar surface since the end of the Apollo program in 1972," notes CNN. Longtime Slashdot reader garyisabusyguy shares the report: The private companies providing these lunar burial services, Celestis and Elysium Space, are just two of several paying customers hitching a ride to the moon on Pittsburgh-based Astrobotic Technology's Peregrine lunar lander. The uncrewed spacecraft is expected to lift off on the inaugural flight of the United Launch Alliance's Vulcan Centaur rocket from Florida's Cape Canaveral Space Force Station. Celestis' payload, called Tranquility Flight, includes 66 "memorial capsules" containing "cremated remains and DNA," which will remain on the lunar surface "as a permanent tribute to the intrepid souls who never stopped reaching for the stars," according to the company's website. "We are aware of the concerns expressed by Mr. Nygren, but do not find them substantive," Celestis CEO Charles Chafer told CNN. "We reject the assertion that our memorial spaceflight mission desecrates the moon," Chafer said. "Just as permanent memorials for deceased are present all over planet Earth and not considered desecration, our memorial on the moon is handled with care and reverence, is a permanent monument that does not intentionally eject flight capsules on the moon. It is a touching and fitting celebration for our participants -- the exact opposite of desecration, it is a celebration." Elysium Space has not responded to CNN's request for a comment, but the company's website describes its "Lunar Memorial" as delivering "a symbolic portion of remains to the surface of the Moon, helping to create the quintessential commemoration." "I've been disappointed that this conversation came up so late in the game," John Thornton, Astrobotic Technology CEO, said. "I would have liked to have had this conversation a long time ago. We announced the first payload manifest of this nature to our mission back in 2015. A second in 2020. We really are trying to do the right thing and I hope we can find a good path forward with Navajo Nation." [...] Friday's meeting convened by the White House is scheduled to feature representatives from NASA, the FAA, the US Department of Transportation, and the Department of Commerce. But Navajo Nation officials have little hope that they will be able to stop Monday's launch. "Based off of what we're seeing, and NASA are already having their pre-launch briefing, it doesn't look like they have any intention of stopping the launch or removing the remains," Ahasteen said.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Consumer Reports has found that plastics retain a "widespread" presence in food despite the health risks, and called on regulators to reassess the safety of plastics that come into contact with food during production. The non-profit consumer group said on Thursday that 84 out of 85 supermarket foods and fast foods it recently tested contained "plasticizers" known as phthalates, a chemical used to make plastic more durable. It also said 79% of food samples in its study contained bisphenol A (BPA), another chemical found in plastic, and other bisphenols, though levels were lower than in tests done in 2009. Consumer Reports said none of the phthalate levels it found exceeded limits set by U.S. and European regulators. It also said there was no level of phthalates that scientists confirm is safe, but that does not guarantee the safety of foods you eat. Phthalates and bisphenols can disrupt the production and regulation of estrogen and other hormones, potentially boosting the risk of birth defects, cancer, diabetes, infertility, neurodevelopmental disorders, obesity and other health problems. Among tested supermarket foods, Annie's Organic Cheesy Ravioli contained the most phthalates in nanograms per serving, 53,579, followed by Del Monte sliced peaches and Chicken of the Sea pink salmon.

Read more of this story at Slashdot.

Dan Goodin reports via Ars Technica: Software maker Ivanti is urging users of its end-point security product to patch a critical vulnerability that makes it possible for unauthenticated attackers to execute malicious code inside affected networks. The vulnerability, in a class known as a SQL injection, resides in all supported versions of the Ivanti Endpoint Manager. Also known as the Ivanti EPM, the software runs on a variety of platforms, including Windows, macOS, Linux, Chrome OS, and Internet of Things devices such as routers. SQL injection vulnerabilities stem from faulty code that interprets user input as database commands or, in more technical terms, from concatenating data with SQL code without quoting the data in accordance with the SQL syntax. CVE-2023-39336, as the Ivanti vulnerability is tracked, carries a severity rating of 9.6 out of a possible 10. "If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication," Ivanti officials wrote Friday in a post announcing the patch availability. "This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server." RCE is short for remote code execution, or the ability for off-premises attackers to run code of their choice. Currently, there's no known evidence the vulnerability is under active exploitation. Ivanti has also published a disclosure that is restricted only to registered users. A copy obtained by Ars said Ivanti learned of the vulnerability in October. [...] Putting devices running Ivanti EDM behind a firewall is a best practice and will go a long way to mitigating the severity of CVE-2023-39336, but it would likely do nothing to prevent an attacker who has gained limited access to an employee workstation from exploiting the critical vulnerability. It's unclear if the vulnerability will come under active exploitation, but the best course of action is for all Ivanti EDM users to install the patch as soon as possible.

Read more of this story at Slashdot.

Shortly after the premium email service Hey announced a standalone Hey Calendar app, co-founder David Heinemeier Hansson said it was rejected by Apple for violating App Store rules. "Apple just called to let us know they're rejecting the HEY Calendar app from the App Store (in current form)," wrote DHH on X. "Same bullying tactics as last time: Push delicate rejections to a call with a first-name-only person who'll softly inform you it's your wallet or your kneecaps. Since it's clear we're never going to pay them the extortionate 30% ransom, they're back to the bullshit about 'the app doesn't do anything when you download it.' Despite the fact that after last time, they specifically carved out HEY in App Store Review Guidelines 3.1.3 (f)!" The Verge's Amrita Khalid reports: New users can't sign up for Hey Calendar directly on the app -- Basecamp, which makes Hey, makes users first sign up through a browser. Apple's App Store rules require most paid services to offer users the ability to pay and sign up through the app, ensuring the company gets up to a 30 percent cut. The controversial rule has a ton of gray areas and carve-outs (i.e. reader apps like Spotify and Kindle get an exception) and is the subject of antitrust fights in multiple countries. But as Hansson detailed on X and in a subsequent blog post, he found Apple's rejection insulting for another reason. Close to four years ago, the company rejected Hey's original iOS app for its email service for the exact same reason. The outcome of the 2020 fight actually worked out in Hey's favor. After days of back and forth between Apple's App Store Review Board and Basecamp, the Hey team agreed to a rather creative solution suggested by Apple exec Phil Schiller. Hey would offer a free option for the iOS app, allowing new users to sign up directly. But the company had a slight twist -- users who signed up via the iOS app got a free, temporary randomized email address that worked for 14 days -- after which they had to pay to upgrade. Currently, Hey email users can only pay for an account through the browser. Following the saga with Hey, Apple made a carve-out to its App Store rules that stated that free companion apps to certain types of paid web services were not required to have an in-app payment mechanism. But, as Hansson mentions on X, a calendar app wasn't mentioned in the list of services that Apple now makes an exception for, which includes VOIP, cloud storage, web hosting -- and of course -- email. Hansson plans to fight Apple's decision without elaborating on exactly how he intends to do so.

Read more of this story at Slashdot.