A group of publishers in the U.S. have filed a lawsuit against the "notorious" online database Library Genesis (Libgen), a website known for providing free access to scientific papers and books. The lawsuit accuses Libgen of facilitating the unauthorized distribution of copyrighted academic materials. The Register reports: The suit, filed in a New York federal court [PDF], asks for a legal order "requiring the transfer of the Libgen domain names to plaintiffs or, at plaintiffs' election, canceling or deleting the Libgen domain names," with the idea of frustrating visitors -- mostly students -- believed to number in their millions. The filing said that according to similarweb.com, the sites collectively were visited by 9 million people from the U.S. each month from March to May 2023. The suit alleges that several of the Libgen websites solicit "donations" from users. "These solicitations are in English and seek payments only in Bitcoin or [Monero]." It adds: "one Libgen Site reports that it has raised $182,540 from donations since January 1, 2023."

The publishers also claim the people who run LibGen -- named in the suit as Does 1-50 and whom it says "are believed to reside outside of the United States at unknown foreign locations" -- derive "revenue from interstate or international commerce, including through advertisements." It goes on to add: "Defendants compete directly with Plaintiffs by distributing infringing copies of their works for free, displacing legitimate sales. When a consumer obtains Plaintiffs' works from the Libgen Sites instead of through legitimate channels, no remuneration is provided to Plaintiffs or their authors for the substantial investments they have made to create and publish the works."

The textbook publishers claim that "through social media and from their peers, students are bombarded with messages to use the Libgen Sites instead of paying for legal copies of textbooks" -- thus depriving the publishers and the authors they represent of their income. The suit also asks for damages without detailing an amount, although it asks for "an accounting and disgorgement of Defendants' profits, gains, and advantages realized from their unlawful conduct." The complaint claims the ads are in English and for various "U.S. products, such as browser extensions and online games". The suit adds that some "also appear to be phishing attempts, which can result in users downloading a virus or other malicious program onto their computers."

The lawsuit also calls out Google and "other intermediaries," U.S. companies it claims help LibGen "conduct their unlawful operations" -- "NameCheap for domain registration services, Cloudflare for proxy services, and Google for search engine services." It goes on to include a screenshot of Google's "knowledge panel," which it says "describes Libgen as a site [that] enables free access to content that is otherwise paywalled or not digitized elsewhere."

Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords, while publishing a storage bucket of open source training data on GitHub. From a report: In research shared with TechCrunch, cloud security startup Wiz said it discovered a GitHub repository belonging to Microsoft's AI research division as part of its ongoing work into the accidental exposure of cloud-hosted data. Readers of the GitHub repository, which provided open source code and AI models for image recognition, were instructed to download the models from an Azure Storage URL. However, Wiz found that this URL was configured to grant permissions on the entire storage account, exposing additional private data by mistake. This data included 38 terabytes of sensitive information, including the personal backups of two Microsoft employees' personal computers. The data also contained other sensitive personal data, including passwords to Microsoft services, secret keys and more than 30,000 internal Microsoft Teams messages from hundreds of Microsoft employees.

China appears to have suspended its global surveillance balloon program after a balloon was spotted drifting over the United States in February.

But now an anonymous reader shares this report from CBS News: Seven months later, Gen. Mark Milley, chairman of the Joint Chiefs of Staff, tells "CBS News Sunday Morning" the balloon wasn't spying. "The intelligence community, their assessment — and it's a high-confidence assessment — [is] that there was no intelligence collection by that balloon," he said.

So, why was it over the United States? There are various theories, with at least one leading theory that it was blown off-track. The balloon had been headed toward Hawaii, but the winds at 60,000 feet apparently took over. "Those winds are very high," Milley said. "The particular motor on that aircraft can't go against those winds at that altitude..."

After the Navy raised the wreckage from the bottom of the Atlantic, technical experts discovered the balloon's sensors had never been activated while over the Continental United States. But by then, the damage to U.S.-China relations had been done.
On the CBS News show Sunday Morning, the host had this exchange with America's chairman of the Joint Chiefs of Staff.

CBS: "Bottom line, it was a spy balloon, but it wasn't spying?"

Chairman of the Joint Chiefs of Staff: "I would say it was a spy balloon that we know with high degree of certainty got no intelligence, and didn't transmit any intelligence back to China."

"Chaos and Concern in Sin City," read this morning's headline on a video report from ABC News about "the massive cyberattack in Las Vegas crippling several hotels and casinos, and putting a damper on getaways for thousands of tourists there." "Today marks a week since that cyberattack hit Las Vegas, and MGM hotels and casinos are still working on getting systems back up and running.. The online reservation site for MGM is still down, ATMs not working, and those playing the slot machines or even video poker having to wait for attendants to pay them out in cash. All of this fiasco leading to long lines at check-in, and now a cyber investigation with the FBI...

Other gaming resorts also having issues. Caesar's entertainment says they too were a victim of a cyberattack, but their online operations were not impacted. Then this weekend at the Venetian, an outage shutting down some slots, but the resort says they're back up, and that at least thankfully was not due to a cyber attack.
They report MGM properties were affected as far away as Atlantic City, New Jersey.

From an EFF announcement this week: Technical standards like fire and electrical codes developed by private organizations but incorporated into public law can be freely disseminated without any liability for copyright infringement, a federal appeals court ruled Tuesday.
The judge ruled that posting the materials constituted fair use — so the nonprofit group doing the posting won't be liable for copyright infringement. The American Bar Association Journal reports: The decision is a victory for public-domain advocate Carl Malamud and the group that he founded, Public.Resource.org. The group posts legal materials on its websites, including the standards developed by the three organizations that sued... "It has been over 10 years since plaintiffs filed suit in this case," said Malamud in a press release by the Electronic Frontier Foundation. "The U.S. Court of Appeals has found decisively in favor of the proposition that citizens must not be relegated to economy-class access to the law."
In 2012 Carl Malamud answered questions from Slashdot readers.

And now, finally, from the EFF's announcement: Tuesday's ruling by a three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit upholds the idea that our laws belong to all of us, and we should be able to find, read, and share them free of registration requirements, fees, and other roadblocks... "In a nation governed by the rule of law, private parties have no business controlling who can read, share, and speak the rules to which we are all subject," EFF Legal Director Corynne McSherry said. "We are pleased that the Court of Appeals upheld what other U.S. courts, including the Supreme Court, have said for almost 200 years: No one should control access to the law."
Or, as the EFF puts it on another page, "Copyright cannot trump the essential public interest..."

Thanks to long-time Slashdot reader schwit1 for sharing the news.

Long-time Slashdot reader destinyland writes: Thursday America's Energy Department released an interactive map showing America's clean energy investments, "for tracking the industrial revitalization happening across the country, fostered by a clean energy transition..."

The map aims to show how both the 2021 Bipartisan Infrastructure Law and the 2022 Inflation Reduction Act "are leading to announcements of historic levels of private sector investments in the United States," which the head of America's Energy Department credited for "a manufacturing renaissance across the U.S." A senior White House energy advisor specifically described it as "a clean energy boom" and called the map "a great resource for understanding the widespread and important impact this boom is having on communities all across our nation."

The announcement notes 500 "planned investments in at least 450 new or expanded clean energy manufacturing facilities, totaling over $160 billion in announced private and public sector investments" in solar, battery, and offshore wind manufacturing projects — as well as in electric vehicle assembly, components, and chargers. Ford received over $12 billion for battery pack/cell projects and EV assembly, along with billions more for Ford's joint venture with BlueOval SK to build a battery plant. And six of the projects are Tesla — totalling over $2 billion for projects in battery materials, cells, packs, and EV assembly.

For over 30 years the EFF has presented awards recognizing those "advancing innovation and championing digital rights," according to its web site, celebrating "the accomplishments of people working toward a better future... both in the public eye and behind the scenes."

This year's ceremony — hosted by Cory Doctorow — didn't just recognize Sci-Hub's founder. The EFF also gave its award for "Communications Policy" to the Signal Foundation — and its "Information Democracy" award to the Library Freedom Project.

From the Electronic Frontier Foundation web site: Since 2013, with the release of the unified app and the game-changing Signal Protocol, Signal has set the bar for private digital communications. With its flagship product, Signal Messenger, Signal provides real communications privacy, offering easy-to-use technology that refuses the surveillance business model on which the tech industry is built. To ensure that the public doesn't have to take Signal's word for it, Signal publishes their code and documentation openly, and licenses their core privacy technology to allow others to add privacy to their own products. Signal is also a 501(c)(3) nonprofit, ensuring that investors and market pressure never provides an incentive to weaken privacy in the name of money and growth. This allows Signal to stand firm against growing international legislative pressure to weaken online privacy, making it clear that end-to-end encryption either works for everyone or is broken for everyone — there is no half measure.

The Library Freedom Project (LFP) is radically rethinking the library professional organization by creating a network of values-driven librarian-activists taking action together to build information democracy. LFP offers trainings, resources, and community building for librarians on issues of privacy, surveillance, intellectual freedom, labor rights, power, technology, and more — helping create safer, more private spaces for library patrons to feed their minds and express themselves. Their work is informed by a social justice, feminist, anti-racist approach, and they believe in the combined power of long-term collective organizing and short-term, immediate harm reduction.

An anonymous reader quotes a report from the International Association of Privacy Professionals: The California State Legislature passed Senate Bill 362, the Delete Act, which is designed to streamline consumers' ability to request the deletion of their personal information collected by data brokers. The bill now awaits the signature of Gov. Gavin Newsom, D-Calif., though he reportedly has given no indication whether he will sign the bill, according to CBS News. Newsom has until 14 Oct. to sign the bill. Should it become law, the Delete Act would empower the CPPA to develop a system by 2026 that allows residents to make a single data deletion request across the nearly 500 registered data brokers operating in the state. The CPPA would also be charged with enforcing provisions of the Delete Act, such as requiring data broker registration and ensuring brokers delete an individual's personal information every 45 days upon receipt of a verified request. [...]

The Delete Act was first introduced by state Sen. Josh Becker, D-Calif., who previously said the legislation patches a loophole in the California Consumer Privacy Act that allowed for consumers to request individual data brokers delete information obtained directly from them but did not require entities to delete personal information aggregated from other sources. "Data brokers spend their days and nights building dossiers with millions of people's reproductive healthcare, geolocation, and purchasing data so they can sell it to the highest bidder," Becker said after the bill originally passed in the Senate in May. "The Delete Act is based on a very simple premise: Every Californian should be able to control who has access to their personal information and what they can do with it."

An anonymous reader quotes a report from Reuters: Google agreed to pay $155 million to settle claims by California and private plaintiffs that the search engine company misled consumers about how it tracks their locations, and used their data without consent. Both settlements resolve claims that the Alphabet unit deceived people into believing they maintained control over how Google collected and used their personal data. The company was accused of being able to "profile" people and target them with advertising even if they turned off their "Location History" setting, and deceive people about their ability to block ads they did not want.

The California settlement requires Google to pay $93 million, and disclose more about how it tracks people's whereabouts and uses data it collects. Money from Google's $62 million settlement with private plaintiffs would, after deducting legal fees, go to court-approved nonprofit groups that track internet privacy concerns. Lawyers for the plaintiffs said this made sense because it was "infeasible" to distribute money to the approximately 247.7 million U.S. adults with mobile devices. "Google was telling its users one thing--that it would no longer track their location once they opted out--but doing the opposite and continuing to track its users' movements for its own commercial gain," California Attorney General Rob Bonta said in a statement. "That's unacceptable."

Plex informed some users this week that it will no longer allow users to run servers at a hosting provider where lots of TOS violations occur. TorrentFreak: In an email to customers who run Plex servers at the large German hosting company Hetzner, Plex said that access will be blocked next month. It's not clear if Hetzner is the only hosting company this applies to, but several customers confirmed that they received the same email. Plex's notice doesn't mention Hetzner by name, nor is piracy cited as the reason. The email simply refers to violations of its Terms of Service.

"You're receiving this notice because the IP address associated with a Plex Media Server on your account appears to come from a service provider that hosts a significant number of Plex Media Servers that violate our Terms of Service," the Plex email reads. "Due to the large-scale violations occurring from that hosting provider, we will be taking action soon to block access and activity from Plex Media Servers hosted by that provider."

California, the home to many of tech's biggest companies and the nation's most populous state, is pushing ahead with a right-to-repair bill for consumer electronics and appliances. From a report: After unanimous votes in the state Assembly and Senate, the bill passed yesterday is expected to move through a concurrence vote and be signed by Governor Gavin Newsom. "Since Right to Repair can pass here, expect it to be on its way to a backyard near you," said iFixit CEO Kyle Wiens in a statement. iFixit, a seller of repair parts and tools and advocate for right-to-repair laws, based in San Luis Obispo, California, was joined in its support for the California repair law by another California company with a history of opposing repair laws: Apple. The consumer tech giant's letter urging passage of the bill was surprising, to say the least, though Apple said that the bill's stipulations for "individual users' safety" and "product manufacturers' intellectual property" were satisfactory.

California's bill goes further than right-to-repair laws in other states. Rather than limiting its demand that companies provide parts, tools, repair manuals, and necessary software for devices that are still actively sold, California requires that vendors provide those items for products sold after July 1, 2021, starting in July 2024. Products costing $50 to $99.99 must be accompanied by those items for three years, and items $100 and more necessitate seven years. The bill also provides for stronger enforcement mechanisms, allowing for municipalities to bring superior court cases rather than contact the state attorney general.

The Justice Department will press its argument Thursday that Google sought to strike agreements with mobile carriers to win powerful default positions on smartphones to dominate search in an antitrust trial that could change the future of the internet. From a report: The government will wrap up questioning Thursday of Antonio Rangel, who teaches behavioral biology at the California Institute of Technology. Other witnesses will be James Kolotouros, for Google, and Brian Higgins, from Verizon Communications. The government says the Alphabet unit paid $10 billion annually to wireless companies like AT&T, device makers like Apple and browser makers like Mozilla to fend off rivals and keep its search engine market share near 90%. The government has also alleged that Google illegally took steps to protect communications about the payments.

The government called witnesses on Tuesday and Wednesday to show that Google, as far back as the mid-2000s, sought to attract a large number of search queries by winning default status on mobile devices. Another witness, Rangel, discussed how powerful default status was, although data he used to show this was largely redacted. Google's clout in search, the government alleges, has helped Google build monopolies in some aspects of online search advertising. Search is free so Google makes money through advertising.

An anonymous reader quotes a report from Ars Technica: A download site surreptitiously served Linux users malware that stole passwords and other sensitive information for more than three years until it finally went quiet, researchers said on Tuesday. The site, freedownloadmanager[.]org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.]org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the /var/tmp/crond and /var/tmp/bs file paths. The script then used the cron job scheduler to cause the file at /var/tmp/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored.

After accessing an IP address for the malicious domain, the backdoor launched a reverse shell that allowed the attackers to remotely control the infected device. Researchers from Kaspersky, the security firm that discovered the malware, then ran the backdoor on a lab device to observe how it behaved. "This stealer collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure)," the researchers wrote in a report on Tuesday. "After collecting information from the infected machine, the stealer downloads an uploader binary from the C2 server, saving it to /var/tmp/atd. It then uses this binary to upload stealer execution results to the attackers' infrastructure."

Criminal gangs behind a rise in bombings and shootings in Sweden in recent years are using fake Spotify streams to launder money, a Swedish newspaper reported earlier this month. From a report: Criminal networks have for several years been using money from drug deals, robberies, fraud and contract killings to pay for false Spotify streams of songs published by artists with ties to the gangs, an investigative report in Svenska Dagbladet claimed. They then get paid by the platform for the high number of streams, thereby laundering the money. The newspaper said its information had been confirmed by four gang members from separate criminal networks in Stockholm, as well as an anonymous police investigator.

The cofounder and main promoter of the $4 billion OneCoin pyramid scheme was sentenced to 20 years in prison for his role in one of the first and biggest criminal frauds involving cryptocurrency. Bloomberg: Karl Sebastian Greenwood, 46, was sentenced in New York Tuesday, after pleading guilty in December to creating and promoting a phony cryptocurrency. Greenwood was the wingman of Ruja Ignatova, the so-called "Cryptoqueen" and most wanted crypto fugitive in the world. US District Judge Edgardo Ramos called the fraud "massive in many respects," noting that OneCoin had no blockchain, no real cryptocoin and no trading market. Victims could not withdraw their investments and most face the likelihood they'll never get any of their money back. "At base, it involved nothing more than old-fashioned snake oil," the judge said. Greenwoood's sentencing closes one chapter of the OneCoin case, which authorities describe as one of the largest pyramid schemes in history. It impacted 3.5 million victims across the globe and foreshadowed a broader crackdown on crime in the cryptocurrency markets.

An anonymous Slashdot reader shared this report from the New York Times: The collapse in cryptocurrency prices last year forced a procession of major firms into bankruptcy, triggering a government crackdown and erasing the savings of millions of inexperienced investors. But for a small group of corporate turnaround specialists, crypto's implosion has become a financial bonanza.

Lawyers, accountants, consultants, cryptocurrency analysts and other professionals have racked up more than $700 million in fees since last year from the bankruptcies of five major crypto firms, including the digital currency exchange FTX, according to a New York Times analysis of court records. That sum is likely to grow significantly as the cases unfold over the coming months. Large fees are common in corporate bankruptcies, which require complex and time-intensive legal work to untangle. But in the crypto world, the mounting fees have sparked widespread outrage because many of the people owed money are amateur traders who lost their personal savings, rather than corporations with the ability to weather a financial crisis. Every dollar in fees is deducted from the pool of funds that will be returned to creditors at the end of the bankruptcies.

The fees are "exorbitant and ridiculous," said Daniel Frishberg, a 19-year-old investor who lost about $3,000 when the crypto company Celsius Network filed for bankruptcy last year. "At every hearing, they have an army of people there, and most of them don't need to be there. You don't need 20 people taking notes."

An anonymous reader shared this report from Bloomberg: China-linked hackers breached the corporate account of a Microsoft engineer and are suspected of using that access to steal a valuable key that enabled the hack of senior U.S. officials' email accounts, the company said in a blog post. The hackers used the key to forge authentication tokens to access email accounts on Microsoft's cloud servers, including those belonging to Commerce Secretary Gina Raimondo, Representative Don Bacon and State Department officials earlier this year.

The U.S. Cybersecurity and Infrastructure Security Agency and Microsoft disclosed the breach in June, but it was still unclear at the time exactly how hackers were able to steal the key that allowed them to access the email accounts. Microsoft said the key had been improperly stored within a "crash dump," which is data stored after a computer or application unexpectedly crashes...

The incident has brought fresh scrutiny to Microsoft's cybersecurity practices.
Microsoft's blog post says they corrected two conditions which allowed this to occur. First, "a race condition allowed the key to be present in the crash dump," and second, "the key material's presence in the crash dump was not detected by our systems." We found that this crash dump, believed at the time not to contain key material, was subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network. This is consistent with our standard debugging processes. Our credential scanning methods did not detect its presence (this issue has been corrected).

After April 2021, when the key was leaked to the corporate environment in the crash dump, the Storm-0558 actor was able to successfully compromise a Microsoft engineer's corporate account. This account had access to the debugging environment containing the crash dump which incorrectly contained the key. Due to log retention policies, we don't have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key.

Slashdot reader quonset writes: Roblox Corporation was to have its award ceremony for developers on Saturday when it cancelled the event at the last moment. According to reports, a game developer was reportedly arrested on gun charges outside the event.
More from MarketWatch: Citing jail records, the San Francisco Chronicle reported Sunday that a man identified as game developer Mikhail Olson, known by the nickname Simbuilder, was arrested by U.S. Park Police on suspicion of having a concealed firearm in his vehicle, along with armor-piercing ammunition and a large-capacity magazine.

The awards ceremony was held at Fort Mason Center, which is on federal property. According to the Chronicle, the suspect was arrested Saturday afternoon after allegedly assaulting U.S. Park Police officers who had been called over a report of a disturbance outside the Roblox conference.

Agence France-Presse reports that "Two years ago, El Salvador shrugged off a chorus of warnings and adopted Bitcoin as legal tender in a bid to revitalize its economy and improve access to financial services.

"It has not worked... Economist Cesar Villalona told AFP that Bitcoin 'does not exist in the local economy' in any significant way, because in El Salvador 'everything' is paid in dollars: wages, services and goods." Bitcoin has lost more than half its value since then and though President Nayib Bukele is wildly popular for his clampdown on criminal gangs, his currency gamble has not gone down equally well... [T]wo years after El Salvador became the first country in the world to adopt Bitcoin as its currency, alongside the U.S. dollar, "the goals that were pursued... have not been achieved, people hardly use it, they don't have much trust" in crypto, economist and former Reserve Bank governor Carlos Acevedo told AFP. "The experiment has not worked, it is a crypto winter," he said.

There are no figures available on how many Salvadorans have taken up Bitcoin. But a poll conducted in May by the Central American University found that 71 percent believed the cryptocurrency "has in no way helped to improve their family economic situation."

On the streets of San Salvador, the verdict is harsh. "I don't see that money working, it's just propaganda. Where's the benefit? There's no benefit. It's a bad investment," newspaper vendor Juan Antonio Salgado, 65, told AFP. "It's robbery," he added, in reference to the currency's volatility.
Even a video report from Al Jazeera opens by asking "So has the experiment succeeded? The general verdict — not yet, at least."

They report that even though one fifth of El Salvador's GDP comes from remittances, less than 2% of its remittances went through crypto currency and digital wallets so far this year. Building has yet to begin on "Bitcoin City" — and the country has yet to actually issue the "Volcano Bonds" that would fund its creation.

And meanwhile, the government's bitcoin purchases have now lost an estimated $45.4 million.

Popular Science reports that America's Department of Energy "is providing a nearly $400 million loan to a startup aimed at scaling the manufacturing and deployment of a zinc-based alternative to rechargeable lithium batteries."

If realized, Eos Energy's utility- and industrial-scale zinc-bromine battery energy storage system could provide cheaper, vastly more sustainable options for the country's burgeoning renewable power infrastructure... Unlike lithium-ion and lithium iron phosphate batteries, alternatives such as the Eos Z3 design rely on zinc-based cathodes alongside a water-based electrolyte, notes MIT Technology Review. This important distinction both increases their stability, as well as makes it incredibly difficult for them to support combustion. Zinc-bromine batteries meanwhile also boast lifespans as long as 20 years, while existing lithium options only manage between 10 and 15 years. What's more, zinc is considered the world's fourth most produced metal...

The U.S. Department of Energy also notes that "over time," Eos expects to source almost all of its materials within the U.S., thus better insulating its product against the market volatility and supply chain issues. While the Department of Energy previously issued similar loans to battery recycling and geothermal energy projects, last week's announcement marks the first funding offered to a manufacturer of lithium-battery alternatives.
MIT's article notes that Eos's semi-autonomous facility in Pennsylvania already produces around 540 megawatt-hours annually — and it isn't operating at full capacity. This new loan could boost factory toward full-power. The $398-million loan funds "up to four state-of-the-art production lines," according to the announcement from the U.S. Energy Department.

It notes that the technology is "specifically designed for long-duration grid-scale stationary battery storage that can assist in meeting the energy grids' growing demand with increasing amounts of renewable energy penetration." If finalized, the project is expected to manufacture 8 GWh of storage capacity annually by 2026. That is enough to provide electricity to over 300,000 average U.S. homes instantaneously or meet the annual electricity needs of approximately 130,000 homes if fully charged and discharged daily. The project is expected to create up to 50 union contractor construction jobs and as many as 650 new operations jobs when at full operational capacity...

Critically, Eos batteries are non-flammable and do not require active cooling to operate. The batteries can achieve 100% depth of discharge...