Nature magazine reports that "A study that stoked enthusiasm for the now-disproven idea that a cheap malaria drug can treat COVID-19 has been retracted — more than four-and-a-half years after it was published." Researchers had critiqued the controversial paper many times, raising concerns about its data quality and an unclear ethics-approval process. Its eventual withdrawal, on the grounds of concerns over ethical approval and doubts about the conduct of the research, marks the 28th retraction for co-author Didier Raoult, a French microbiologist, formerly at Marseille's Hospital-University Institute Mediterranean Infection (IHU), who shot to global prominence in the pandemic. French investigations found that he and the IHU had violated ethics-approval protocols in numerous studies, and Raoult has now retired.

The paper, which has received almost 3,400 citations according to the Web of Science database, is the highest-cited paper on COVID-19 to be retracted, and the second-most-cited retracted paper of any kind....

Because it contributed so much to the HCQ hype, "the most important unintended effect of this study was to partially side-track and slow down the development of anti-COVID-19 drugs at a time when the need for effective treatments was critical", says Ole Søgaard, an infectious-disease physician at Aarhus University Hospital in Denmark, who was not involved with the work or its critiques. "The study was clearly hastily conducted and did not adhere to common scientific and ethical standards...."

Three of the study's co-authors had asked to have their names removed from the paper, saying they had doubts about its methods, the retraction notice said.
Nature includes this quote from a scientific-integrity consultant in San Francisco, California. "This paper should never have been published — or it should have been retracted immediately after its publication."

"The report caught the eye of the celebrity doctor Mehmet Oz," the Atlantic reported in April of 2020 (also noting that co-author Raoult "has made news in recent years as a pan-disciplinary provocateur; he has questioned climate change and Darwinian evolution...")

And Nature points out that while the study claimed good results for the 20 patients treated with HCQ, six more HCQ-treated people in the study actually dropped out before it was finished. And of those six people, one died, while three more "were transferred to an intensive-care unit."

Thanks to Slashdot reader backslashdot for sharing the news.

Harvard University announced Thursday it's releasing a high-quality dataset of nearly one million public-domain books that could be used by anyone to train large language models and other AI tools. From a report: The dataset was created by Harvard's newly formed Institutional Data Initiative with funding from both Microsoft and OpenAI. It contains books scanned as part of the Google Books project that are no longer protected by copyright.

Around five times the size of the notorious Books3 dataset that was used to train AI models like Meta's Llama, the Institutional Data Initiative's database spans genres, decades, and languages, with classics from Shakespeare, Charles Dickens, and Dante included alongside obscure Czech math textbooks and Welsh pocket dictionaries. Greg Leppert, executive director of the Institutional Data Initiative, says the project is an attempt to "level the playing field" by giving the general public, including small players in the AI industry and individual researchers, access to the sort of highly-refined and curated content repositories that normally only established tech giants have the resources to assemble. "It's gone through rigorous review," he says.

Leppert believes the new public domain database could be used in conjunction with other licensed materials to build artificial intelligence models. "I think about it a bit like the way that Linux has become a foundational operating system for so much of the world," he says, noting that companies would still need to use additional training data to differentiate their models from those of their competitors.

An anonymous reader shared this report from Reuters: The rapid increase in satellites and space junk will make low Earth orbit unusable unless companies and countries cooperate and share the data needed to manage that most accessible region of space, experts and industry insiders said. A United Nations panel on space traffic coordination in late October determined that urgent action was necessary and called for a comprehensive shared database of orbital objects as well as an international framework to track and manage them. More than 14,000 satellites including some 3,500 inactive surround the globe in low Earth orbit, showed data from U.S.-based Slingshot Aerospace. Alongside those are about 120 million pieces of debris from launches, collisions and wear-and-tear of which only a few thousand are large enough to track... [T]here is no centralised system that all space-faring nations can leverage and even persuading them to use such a system has many obstacles. Whereas some countries are willing to share data, others fear compromising security, particularly as satellites are often dual-use and include defence purposes. Moreover, enterprises are keen to guard commercial secrets.

In the meantime, the mess multiplies. A Chinese rocket stage exploded in August, adding thousands of fragments of debris to low Earth orbit. In June, a defunct Russian satellite exploded, scattering thousands of shards which forced astronauts on the International Space Station to take shelter for an hour... Projections point to tens of thousands more satellites entering orbit in the coming years. The potential financial risk of collisions is likely to be $556 million over five years, based on a modelled scenario with a 3.13% annual collision probability and $111 million in yearly damages, said Montreal-based NorthStar Earth & Space...

[Aarti Holla-Maini, director of the U.N . Office for Outer Space Affairs], said the October panel aimed to bring together public- and private-sector experts to outline steps needed to start work on coordination. It will present its findings at a committee meeting next year. Global cooperation is essential to developing enforceable rules akin to those used by the International Civil Aviation Organization for air traffic, industry experts told Reuters. Such effort would involve the use of existing tools, such as databases, telescopes, radars and other sensors to track objects while improving coverage, early detection and data precision. Yet geopolitical tension and reluctance to share data with nations deemed unfriendly as well as commercial concerns over protecting proprietary information and competitive advantages remain significant barriers. That leaves operators of orbital equipment relying on informal or semi-formal methods of avoiding collisions, such as drawing on data from the U.S. Space Force or groups like the Space Data Association. However, this can involve issues such as accountability and inconsistent data standards.

"The top challenges are speed — as consensus-building takes time — and trust," Holla-Maini said. "Some countries simply can't communicate with others, but the U.N. can facilitate this process. Speed is our biggest enemy, but there's no alternative. It must be done."
Data from Slingshot Aerospace shows a 17% rise in close approaches per satellite over the past year, according to the article. (It adds that SpaceX data "showed Starlink satellites performed nearly 50,000 collision-avoidance manoeuvres in the first half of 2024, about double the previous six months...)

The European Space Agency, which has fewer spacecraft than SpaceX, said in 2021 its manoeuvres have increased to three or four times per craft versus a historical average of one."

Slashdot reader sciencehabit writes: Most orange cats are boys, a quirk of feline genetics that also explains why almost all calicos and tortoiseshells are girls. Scientists curious about those sex differences—or perhaps just cat lovers—have spent more than 60 years unsuccessfully seeking the gene that causes orange fur and the striking patchwork of colors in calicos and tortoiseshells. Now, two teams have independently found the long-awaited mutation and discovered a protein that influences hair color in a way never seen before in any animal... Using skin samples collected from various cats, the researchers were able to hone in a mutation on the X chromosome that impacts how much of a protein a gene called Arhgap36 produces. Increasing the amount of the Arhgap36 in pigment producing cells called melanocytes activates a molecular pathway that produces a light red pigment.
"Scanning a database of 188 cat genomes, Barsh's team found every single orange, calico, and tortoiseshell cat had the exact same mutation," writes Science magazine. "The group reports the discovery this month on the preprint server bioRxiv. A separate study, also posted to bioRxiv this month, confirms these findings... They also found that skin from calico cats had more Arghap36 RNA in orange regions than in brown or black regions." Arhgap36's inactivation pattern in calicos and tortoiseshells is typical of a gene on the X chromosome, says Carolyn Brown [a University of British Columbia geneticist who was not involved in either study], but it's unusual that a deletion mutation would make a gene more active, not less. "There is probably something special about cats." Experts are thrilled by the two studies. "It's a long-awaited gene," says Leslie Lyons, a feline geneticist at the University of Missouri. The discovery of a new molecular pathway for hair color was unexpected, she says, but she's not surprised how complex the interactions seem to be. "No gene ever stands by itself."

Lyons would like to know where and when the mutation first appeared: There is some evidence, she says, that certain mummified Egyptian cats were orange. Research into cat color has revealed all kinds of phenomena, she says, including how the environment influences gene expression. "Everything you need to know about genetics you can learn from your cat."

A security researcher discovered an unprotected database belonging to SL Data Services containing over 600,000 sensitive files, including criminal histories and background checks with names, addresses, and social media accounts. The Register reports: We don't know how long the personal information was openly accessible. Infosec specialist Jeremiah Fowler says he found the Amazon S3 bucket in October and reported it to the data collection company by phone and email every few days for more than two weeks. [The info service provider eventually closed up the S3 bucket, says Fowler, although he never received any response.] In addition to not being password protected, none of the information was encrypted, he told The Register. In total, the open bucket contained 644,869 PDF files in a 713.1 GB archive.

Some 95 percent of the documents Fowler saw were labeled "background checks," he said. These contained full names, home addresses, phone numbers, email addresses, employment, family members, social media accounts, and criminal record history belonging to thousands of people. In at least one of these documents, the criminal record indicated that the person had been convicted of sexual misconduct. It included case details, fines, dates, and additional charges. While court records and sex offender status are usually public records in the US, this exposed cache could be combined with other data points to make complete profiles of people -- along with their family members and co-workers -- providing everything criminals would need for targeted phishing and/or social engineering attacks.

An anonymous reader quotes a report from TheGamer: With thousands of cards available in Pokemon's "Pokemon Trading Card Game," it can be hard to remember what is what. After all, since first debuting in the mid 1990s to coincide with the games of the same name, the popular collectible has been going strong ever since, with new releases constantly filling store shelves. That said, one avid Pokemon fan took it upon themselves to archive the card game's unique artwork. After hundreds of hours of work, over 23,000 cards have been archived, along with an additional 2,000 pieces of artwork. The end result is one of the best fan creations around.

Meet Twitter user pkm_jp, who devoted hundreds of hours to learning how to program in order to make their dream of a one-stop shop of all available card art a reality. "I remember the joy of getting the first set page working, displaying a small collection of cards," they wrote on Twitter. "I knew it was just the beginning." The site, artofpkm.com, "is dedicated to bringing artists and fans together," the created said on X (formerly Twitter). They note that there is still "lots of artwork still to be added and labeled," among other features such as "custom lists, voting, and a proper blog."

An anonymous reader quotes a report from Nature: Google Scholar -- the largest and most comprehensive scholarly search engine -- turns 20 this week. Over its two decades, some researchers say, the tool has become one of the most important in science. But in recent years, competitors that use artificial intelligence (AI) to improve the search experience have emerged, as have others that allow users to download their data. The impact that Google Scholar -- which is owned by web giant Google in Mountain View, California -- has had on science is remarkable, says Jevin West, a computational social scientist at the University of Washington in Seattle who uses the database daily. But "if there was ever a moment when Google Scholar could be overthrown as the main search engine, it might be now, because of some of these new tools and some of the innovation that's happening in other places," West says.

Many of Google Scholar's advantages -- free access, breadth of information and sophisticated search options -- "are now being shared by other platforms," says Alberto Martin Martin, a bibliometrics researcher at the University of Granada in Spain. AI-powered chatbots such as ChatGPT and other tools that use large language models have become go-to applications for some scientists when it comes to searching, reviewing and summarizing the literature. And some researchers have swapped Google Scholar for them. "Up until recently, Google Scholar was my default search," says Aaron Tay, an academic librarian at Singapore Management University. It's still top of his list, but "recently, I started using other AI tools." Still, given Google Scholar's size and how deeply entrenched it is in the scientific community, "it would take a lot to dethrone," adds West. Anurag Acharya, co-founder of Google Scholar, at Google, says he welcomes all efforts to make scholarly information easier to find, understand and build on. "The more we can all do, the better it is for the advancement of science." Acharya says Google Scholar uses AI to rank articles, suggest further search queries and recommend related articles. What Google Scholar does not yet provide are AI-generated summaries of search query results. According to Acharya, the company has yet to find "an effective solution" for summarizing conclusions from multiple papers in a brief manner that preserves all the important context.

An anonymous reader quotes a report from 404 Media: Flock is one of the largest vendors of automated license plate readers (ALPRs) in the country. The company markets itself as having the goal to fully "eliminate crime" with the use of ALPRs and other connected surveillance cameras, a target experts say is impossible. [...] Flock and automated license plate reader cameras owned by other companies are now in thousands of neighborhoods around the country. Many of these systems talk to each other and plug into other surveillance systems, making it possible to track people all over the country.

"It went from me seeing 10 license plate readers to probably seeing 50 or 60 in a few days of driving around," [said Alabama resident and developer Will Freeman]. "I wanted to make a record of these things. I thought, 'Can I make a database of these license plate readers?'" And so he made a map, and called it DeFlock. DeFlock runs on Open Street Map, an open source, editable mapping software. He began posting signs for DeFlock (PDF) to the posts holding up Huntsville's ALPR cameras, and made a post about the project to the Huntsville subreddit, which got good attention from people who lived there. People have been plotting not just Flock ALPRs, but all sorts of ALPRs, all over the world. [...]

When I first talked to Freeman, DeFlock had a few dozen cameras mapped in Huntsville and a handful mapped in Southern California and in the Seattle suburbs. A week later, as I write this, DeFlock has crowdsourced the locations of thousands of cameras in dozens of cities across the United States and the world. He said so far more than 1,700 cameras have been reported in the United States and more than 5,600 have been reported around the world. He has also begun scraping parts of Flock's website to give people a better idea of where to look to map them. For example, Flock says that Colton, California, a city with just over 50,000 people outside of San Bernardino, has 677 cameras.

People who submit cameras to DeFlock have the ability to note the direction that they are pointing in, which can help people understand how these cameras are being positioned and the strategies that companies and police departments are using when deploying them. For example, all of the cameras in downtown Huntsville are pointing away from the downtown core, meaning they are primarily focused on detecting cars that are entering downtown Huntsville from other areas.

Friday "would have been his 38th birthday," writes the EFF, remembering Aaron Swartz as "a digital rights champion who believed deeply in keeping the internet open..." And they add that today the official web site for Aaron Swartz Day honored his memory with a special podcast "featuring those carrying on the work around issues close to his heart," including an appearance by Brewster Kahle, founder of the Internet Archive.

The first speaker is Ryan Shapiro, FOIA expert and co-founder of the national security transparency non-profit Property of the People. The Aaron Swartz Day site calls him "the researcher who discovered why the FBI had such an interest in Aaron in the years right before the JSTOR fiasco." (That web page calls it an "Al Qaeda phishing expedition that left Aaron with an 'International Terrorism Investigation' code in his FBI database file forever," as reported by Gizmodo.)

Other speakers on the podcast include:

• Nathan Dyer of SecureDrop, Newsroom Support Engineer for the Freedom of the Press Foundation with an update on SecureDrop

• Tracey Jaquith, Founding Coder and TV Architect at the Internet Archive, discussing "Microservices, Monoliths, and Operational Security — The Internet Archive in 2024."

• Tracy Rosenberg, co-founder of the Aaron Swartz Day Police Surveillance Project and Oakland Privacy, with "an update on the latest crop of surveillance battles."

• Ryan Sternlicht, VR developer, educator, researcher, advisor, and maker, on "The Next Layer of Reality: Social Identity and the New Creator Economy."

• Grant Smith Ellis, Chairperson of the Board, MassCann and Legal Intern at the Parabola Center, on "Jury Trials in the Age of Social Media."

• Michael "Mek" Karpeles, Open Library, Internet Archive, on "When it Rains at the Archive, Build an Ark — Book bans, Lawsuits, & Breaches."

The site also seeks to showcase SecureDrop and Open Library, projects started by Aaron before his death, as well as new projects "directly inspired by Aaron and his work."

spatwei writes: Google has used a large language model (LLM) agent called "Big Sleep" to discover a previously unknown, exploitable memory flaw in a widely used software for the first time, the company announced Friday.

The stack buffer underflow vulnerability in a development version of the popular open-source database engine SQLite was found through variant analysis by Big Sleep, which is a collaboration between Google Project Zero and Google DeepMind.

Big Sleep is an evolution of Project Zero's Naptime project, which is a framework announced in June that enables LLMs to autonomously perform basic vulnerability research. The framework provides LLMs with tools to test software for potential flaws in a human-like workflow, including a code browser, debugger, reporter tool and sandbox environment for running Python scripts and recording outputs.

The researchers provided the Gemini 1.5 Pro-driven AI agent with the starting point of a previous SQLIte vulnerability, providing context for Big Sleep to search for potential similar vulnerabilities in newer versions of the software. The agent was presented with recent commit messages and diff changes and asked to review the SQLite repository for unresolved issues.

Google's Big Sleep ultimately identified a flaw involving the function "seriesBestIndex" mishandling the use of the special sentinel value -1 in the iColumn field. Since this field would typically be non-negative, all code that interacts with this field must be designed to handle this unique case properly, which seriesBestIndex fails to do, leading to a stack buffer underflow.

A commercial military simulation software, originally inspired by Tom Clancy novels, has become an unexpected tool for military training across NATO forces and defense analysts worldwide. Command: Professional Edition, developed by Britain's Slitherine Software, has secured contracts with the U.S. Air Force and British Strategic Command, while Taiwanese analysts use it to war-game potential conflicts with China.

The software's success stems from its vast database of military equipment and capabilities, compiled through contributions from its million-strong user base. Marine Corps University's wargaming director Tim Barrick employs the software to train officers, noting its effectiveness in developing tactical creativity. "These are not simple problems," said Barrick, a retired Marine colonel, told WSJ.

A fascinating excerpt from the report: Command's British publisher, Slitherine Software, stumbled into popularity. The family business got started around 2000 selling retail CD-ROM games like Legion, involving ancient Roman military campaigns. When Defense Department officials in 2016 first contacted Slitherine, which is based in an old house in a leafy London suburb, its father-and-son managers were so stunned they thought the call might be a prank. "Are you taking the piss?" J.D. McNeil, the father, recalled asking near the end of the conversation.

A civil liberties group has filed a lawsuit in Virginia arguing that the widespread use of Flock's automated license plate readers violates the Fourth Amendment's protections against warrantless searches. 404 Media reports: "The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, photographed, and stored in an AI-assisted database that enables the warrantless surveillance of their every move. This civil rights lawsuit seeks to end this dragnet surveillance program," the lawsuit notes (PDF). "In Norfolk, no one can escape the government's 172 unblinking eyes," it continues, referring to the 172 Flock cameras currently operational in Norfolk. The Fourth Amendment protects against unreasonable searches and seizures and has been ruled in many cases to protect against warrantless government surveillance, and the lawsuit specifically says Norfolk's installation violates that. [...]

The lawsuit in Norfolk is being filed by the Institute for Justice, a civil liberties organization that has filed a series of privacy and government overreach lawsuits over the last few years. Two Virginia residents, Lee Schmidt and Crystal Arrington, are listed as plaintiffs in the case. Schmidt is a Navy veteran who alleges in the lawsuit that the cops can easily infer where he is going based on Flock data. "Just outside his neighborhood, there are four Flock Cameras. Lee drives by these cameras (and others he sees around town) nearly every day, and the Norfolk Police Department [NPD] can use the information they record to build a picture of his daily habits and routines," the lawsuit reads. "If the Flock Cameras record Lee going straight through the intersection outside his neighborhood, for example, the NPD can infer that he is going to his daughter's school. If the cameras capture him turning right, the NPD can infer that he is going to the shooting range. If the cameras capture him turning left, the NPD can infer that he is going to the grocery store. The Flock Cameras capture the start of nearly every trip Lee makes in his car, so he effectively cannot leave his neighborhood without the NPD knowing about it." Arrington is a healthcare worker who makes home visits to clients in Norfolk. The lawsuit alleges that it would be trivial for the government to identify her clients. "Fourth Amendment case law overwhelmingly shows that license plate readers do not constitute a warrantless search because they take photos of cars in public and cannot continuously track the movements of any individual," a Flock spokesperson said. "Appellate and federal district courts in at least fourteen states have upheld the use of evidence from license plate readers as Constitutional without requiring a warrant, as well as the 9th and 11th circuits. Since the Bell case, four judges in Virginia have ruled the opposite way -- that ALPR evidence is admissible in court without a warrant."

A post shared Saturday on social media acknowledges those admins and developers at the Internet Archive working "literally round the clock... They have taken no days off this past week. They are taking none this weekend... they are working with all of their energy and considerable talent."

It describes people "working so incredibly hard... putting their all in," with a top priority of "getting the site back secure and safe".

But there's new and continuing problems, reports The Verge's weekend editor: Early this morning, I received an email from "The Internet Archive Team," replying to a message I'd sent on October 9th. Except its author doesn't seem to have been the digital archivists' support team — it was apparently written by the hackers who breached the site earlier this month and who evidently maintain some level of access to its systems.

I'm not alone. Users on the Internet Archive subreddit are reporting getting the replies, as well. Here is the message I received:

It's dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.

As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018.

Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine — your data is now in the hands of some random guy. If not me, it'd be someone else.
The site BleepingComputer believes they know the larger context, starting with the fact that they've also "received numerous messages from people who received replies to their old Internet Archive removal requests... The email headers in these emails also pass all DKIM, DMARC, and SPF authentication checks, proving they were sent by an authorized Zendesk server."

BleepingComputer also writes that they'd "repeatedly tried to warn the Internet Archive that their source code was stolen through a GitLab authentication token that was exposed online for almost two years."

And that "the threat actor behind the actual data breach, who contacted BleepingComputer through an intermediary to claim credit for the attack," has been frustrated by misreporting. (Specifically, they insist there were two separate attacks last week — a DDoS attack and a separate data breach for a 6.4-gigabyte database which includes email addresses for the site's 33 million users.) The threat actor told BleepingComputer that the initial breach of Internet Archive started with them finding an exposed GitLab configuration file on one of the organization's development servers, services-hls.dev.archive.org. BleepingComputer was able to confirm that this token has been exposed since at least December 2022, with it rotating multiple times since then. The threat actor says this GitLab configuration file contained an authentication token allowing them to download the Internet Archive source code. The hacker say that this source code contained additional credentials and authentication tokens, including the credentials to Internet Archive's database management system. This allowed the threat actor to download the organization's user database, further source code, and modify the site.

The threat actor claimed to have stolen 7TB of data from the Internet Archive but would not share any samples as proof. However, now we know that the stolen data also included the API access tokens for Internet Archive's Zendesk support system. BleepingComputer attempted contact the Internet Archive numerous times, as recently as on Friday, offering to share what we knew about how the breach occurred and why it was done, but we never received a response.
"The Internet Archive was not breached for political or monetary reasons," they conclude, "but simply because the threat actor could...

"While no one has publicly claimed this breach, BleepingComputer was told it was done while the threat actor was in a group chat with others, with many receiving some of the stolen data. This database is now likely being traded amongst other people in the data breach community, and we will likely see it leaked for free in the future on hacking forums like Breached."

A new study counters the widely held belief that standing desks are good for your health, discovering that it does not reduce the risk of diseases such as stroke and heart failure. In fact, it "found that being on your feet for more than two hours a day may increase the risk of developing problems such as deep vein thrombosis and varicose veins," reports The Guardian. The findings have been published in the International Journal of Epidemiology. From the report: To establish if standing provided any health benefits, the researchers studied data from 83,013 adults who are part of the UK Biobank health records database. These people did not have heart disease at the start of the study and wore devices on their wrists to track movement. The team found that for every extra 30 minutes spent standing beyond two hours, the risk of circulatory disease increased by 11%. Standing was not found to reduce the risk of heart conditions such as stroke, heart failure and coronary heart disease, the researchers said. "The key takeaway is that standing for too long will not offset an otherwise sedentary lifestyle and could be risky for some people in terms of circulatory health," said Dr Matthew Ahmadi, of the University of Sydney's faculty of medicine and health. "We found that standing more does not improve cardiovascular health over the long-term and increases the risk of circulatory issues."

Longtime Slashdot reader mprindle shares a report from BleepingComputer: Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. [...] This statement comes after a well-known threat actor named "IntelBroker" said that he and two others called "EnergyWeaponUser and "zjj" breached Cisco on October 6, 2024, and stole a large amount of developer data from the company.

"Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!," reads the post to a hacking forum. IntelBroker also shared samples of the alleged stolen data, including a database, customer information, various customer documentation, and screenshots of customer management portals. However, the threat actor did not provide further details about how the data was obtained.

Though native Linux game servers have been scarce over the last two decades, "I've seen people using the Box64 emulator to play x86_64 games on ARM devices," writes Slashdot reader VennStone. "It got me thinking: why not apply this to game servers...?

"I thought it would be fun to see if I could build a super low-power Trackmania 2 server using a Raspberry Pi Zero 2 W."

They dubbed the experiment "Trackberry", and shared all the technical details in a blog post at Interfacing Linux (includinga video). For example, they installed PyEnv so it could create a virtual environment for the PyPlanet server controller. ("That's right, your little Pi Zero 2 W is about to compile some software, slowly....")

But ultimately "it turns out that the A53 can run not only the server but also the server controller, with minimal effort. Five players push one core to around 50% load, while the others handle the database and controller." WHY STOP THERE? There are a gang of x86 Linux servers that could potentially run with Box64. Imagine playing Pirraria, 7 Days to Pi, Counter-Pi 2, Pitorio, and countless others! Granted, you may need a more powerful device than a Raspberry Pi Zero 2 W. I'll leave that research up to you.

My main takeaway from this experiment? Box64 is straight-up Scandinavian witchcraft and is not to be trifled with. Not even a little bit.

That said, it introduces a compelling option for those of us looking to run dedicated game servers that don't require much in the way of system resources. Under load, TrackBerry averages 2.8 watts and, according to the scientific number digits below, ends up running just under $3.00 a year or $0.25 a month. I find the concept of having a stack of microSD cards, each holding a different game server, neat....

You can see TrackBerry in action every Tuesday and Friday on Twitch...

The Wall Street Journal delves into the origin story of that teenaged Grand Theft Auto VI leaker. Arion Kurtaj, now 19 years old, is the most notorious name that has emerged from a sprawling set of online communities called the Com... Their youthful inventiveness and tenacity, as well as their status as minors that make prosecution more complicated, have made the Com especially dangerous, according to law-enforcement officials and cybersecurity investigators. Some kids, they say, are recruited from popular online spaces like Minecraft or Roblox.... [William McKeen, a supervisory special agent with the FBI's Cyber Division] said the average age of anyone arrested for a crime in the U.S. is 37, while the average age of someone arrested for cybercrime is 19. Cybersecurity investigators have found posts they say suggest Kurtaj has been involved in online attacks since he was 11.
"He had limited social skills and trouble developing relationships, records say — and ultimately looked for approval in the booming world of cybercrime..." [When Kurtaj was 14] he landed in a residential school serving children with severe emotional and behavioral needs. Kurtaj was physically assaulted by a staff member at his school who was later convicted as a result, according to a person familiar with the case. In early 2021, his mother brought him home and removed him from government care, court records say. He never returned to school. He was 16.

A month after his mother pulled him out of school, investigators say that Kurtaj was part of a hacking group called Recursion Team that broke into the videogame firm Electronic Arts and stole 780 gigabytes of data. When Electronic Arts refused to engage, they dumped the stolen data online. Within a week of that hack, investigators had identified Kurtaj and provided his name to the FBI. Later in that summer of 2021, according to court records, Kurtaj partnered with another teenager, known as ASyntax, and several Brazilian hackers, and started calling themselves Lapsus$. The group hacked into the British telecommunications giant BT in an effort to steal money using a technique called SIM swapping... The hacks weren't always for money. In late 2021, Lapsus$ hacked into a website operated by Brazil's Ministry of Health and deleted the country's database of Covid vaccinations, according to law enforcement...

If the Com has a social center, it's a website called Doxbin, where users publish personal details, such as home addresses and phone numbers, of their online rivals in an attempt to intimidate each other. Kurtaj bought Doxbin in November 2021 for $75,000, according to Chainalysis. But after a few months, the previous owners accused Kurtaj of mismanaging the site and pressured him to sell it back. He relented. Then in January 2022, cybersecurity investigators say, he doxxed the entire site, publishing a database that included usernames, passwords and email addresses that he'd downloaded when he was the owner. For cybersecurity experts, it was a gold mine. "It helped investigators piece together which crimes were done by who," said Allison Nixon, chief research officer at Unit 221B, an online investigations firm.

Doxbin's owners responded with a dox of Kurtaj and his family, including his home address and photos of him, investigators say — setting up the chain of events that would put Kurtaj in the Travelodge.
After two weeks of "protective custody" there — during which time he was supposed to be computer-free — Kurtaj "was arrested a third time and charged with hacking, fraud and blackmail. Authorities said that while at the Travelodge, he broke into Uber and taunted the company by posting a link to a photo of an erect penis on the company's internal Slack messaging system, then stole software and videos from Rockstar Games. Stolen clips had popped up in a Grand Theft Auto discussion forum from a user named teapotuberhacker and stirred a frenzy.

"As officers collected evidence, the teen stood by, emotionless, police say...."

"Kurtaj's lawyers and some experts on autism have said a potential lifetime of incarceration isn't appropriate for a teenager like Kurtaj..."

Thanks to long-time Slashdot reader SpzToid for sharing the article.

Formed in 2021 by cybersecurity professionals (and backed by high-powered VCs including Dell Technologies Capital), Halcyon sells an enterprise-grade anti-ransomware platform.

And this month they announced they're offering protection against ransomware attacks targeting Linux systems, according to Linux magazine: According to Cynet, Linux ransomware attacks increased by 75 percent in 2023 and are expected to continue to climb as more bad actors target Linux deployments... "While Windows is the favorite for desktops, Linux dominates the market for supercomputers and servers."
Here's how Halcyon's announcement made their pitch: "When it comes to ransomware protection, organizations typically prioritize securing Windows environments because that's where the ransomware operators were focusing most of their attacks. However, Linux-based systems are at the core of most any organization's infrastructure, and protecting these systems is often an afterthought," said Jon Miller, CEO & Co-founder, Halcyon. "The fact that Linux systems usually are always on and available means they provide the perfect beachhead for establishing persistence and moving laterally in a targeted network, and they can be leveraged for data theft where the exfiltration is easily masked by normal network traffic. As more ransomware operators are developing the capability to target Linux systems alongside Windows, it is imperative that organizations have the ability to keep pace with the expanded threat."

Halcyon Linux, powered through the Halcyon Anti-Ransomware Platform, uniquely secures Linux-based systems offering comprehensive protection and rapid response capabilities... Halcyon Linux monitors and detects ransomware-specific behaviors such as unauthorized access, lateral movement, or modification of critical files in real-time, providing instant alerts with critical context... When ransomware is suspected or detected, the Halcyon Ransomware Response Engine allows for rapid response and action.... Halcyon Data Exfiltration Protection (DXP) identifies and blocks unauthorized data transfers to protect sensitive information, safeguarding the sensitive data stored in Linux-based systems and endpoints...

Halcyon Linux runs with minimal resource impact, ensuring critical environments such as database servers or virtualized workloads, maintain the same performance.
And in addition, Halcyon offers "an around the clock Threat Response team, reviewing and responding to alerts," so your own corporate security teams "can attend to other pressing priorities..."

TechCrunch's Carly Page reports: Fidelity Investments, one of the world's largest asset managers, has confirmed that over 77,000 customers had personal information compromised during an August data breach, including Social Security numbers and driver's licenses. The Boston, Massachusetts-based investment firm said in a filing with Maine's attorney general on Wednesday that an unnamed third party accessed information from its systems between August 17 and August 19 "using two customer accounts that they had recently established."

"We detected this activity on August 19 and immediately took steps to terminate the access," Fidelity said in a letter sent to those affected, adding that the incident did not involve any access to customers' Fidelity accounts. Fidelity confirmed that a total of 77,099 customers were affected by the breach, and its completed review of the compromised data determined that customers' personal information was affected. When reached by TechCrunch, Fidelity did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers.

In another data breach notice filed with New Hampshire's attorney general, Fidelity revealed that the third party "accessed and retrieved certain documents related to Fidelity customers and other individuals by submitting fraudulent requests to an internal database that housed images of documents pertaining to Fidelity customers." Fidelity said the data breach included customers' Social Security numbers and driver's licenses, according to a separate data breach notice filed by Fidelity with the Massachusetts' attorney general. No information about the breach was found on Fidelity's website at the time of writing.

BleepingComputer's Lawrence Abrams: Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," reads a JavaScript alert shown on the compromised archive.org site. The text "HIBP" refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.

Hunt told BleepingComputer that the threat actor shared the Internet Archive's authentication database nine days ago and it is a 6.4GB SQL file named "ia_users.sql." The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data. Hunt says there are 31 million unique email addresses in the database, with many subscribed to the HIBP data breach notification service. The data will soon be added to HIBP, allowing users to enter their email and confirm if their data was exposed in this breach.