"$5,000 in cash had been withdrawn from my checking account — but not by me," writes journalist Linda Matchan in the Boston Globe. A police station manager reviewed footage from the bank — which was 200 miles away — and deduced that "someone had actually come into the bank and spoken to a teller, presented a driver's license, and then correctly answered some authentication questions to validate the account..." "You're pitting a teller against a national crime syndicate with massive resources behind them," says Paul Benda, executive vice president for risk, fraud, and cybersecurity at the American Bankers Association. "They're very well-funded, well-resourced criminal gangs doing this at an industrial scale."
The reporter writes that "For the past two years, I've worked to determine exactly who and what lay behind this crime..." [N]ow I had something new to worry about: Fraudsters apparently had a driver's license with my name on it... "Forget the fake IDs adolescents used to get into bars," says Georgia State's David Maimon, who is also head of fraud insights at SentiLink, a company that works with institutions across the United States to support and solve their fraud and risk issues. "Nowadays fraudsters are using sophisticated software and capable printers to create virtually impossible-to-detect fake IDs." They're able to create synthetic identities, combining legitimate personal information, such as a name and date of birth, with a nine-digit number that either looks like a Social Security number or is a real, stolen one. That ID can then be used to open financial accounts, apply for a bank or car loan, or for some other dodgy purpose that could devastate their victims' financial lives.



And there's a complex supply chain underpinning it all — "a whole industry on the dark web," says Eva Velasquez, president and CEO of the Identity Theft Resource Center, a nonprofit that helps victims undo the damage wrought by identity crime. It starts with the suppliers, Maimon told me — "the people who steal IDs, bring them into the market, and manufacture them. There's the producers who take the ID and fake driver's licenses and build the facade to make it look like they own the identity — trying to create credit reports for the synthetic identities, for example, or printing fake utility bills." Then there are the distributors who sell them in the dark corners of the web or the street or through text messaging apps, and finally the customers who use them and come from all walks of life. "We're seeing females and males and people with families and a lot of adolescents, because social media plays a very important role in introducing them to this world," says Maimon, whose team does surveillance of criminals' activities and interactions on the dark web. "In this ecosystem, folks disclose everything they do."
The reporter writes that "It's horrifying to discover, as I have recently, that someone has set up a tech company that might not even be real, listing my home as its principal address."

Two and a half months after the theft the stolen $5,000 was back in their bank account — but it wasn't until a year later that the thief was identified. "The security video had been shared with New York's Capital Region Crime Analysis Center, where analysts have access to facial recognition technology, and was run through a database of booking photos. A possible match resulted.... She was already in custody elsewhere in New York... Evidently, Deborah was being sought by law enforcement in at least three New York counties. [All three cases involved bank-related identity fraud.]"

Deborah was finally charged with two separate felonies: grand larceny in the third degree for stealing property over $3,000, and identity theft. But Deborah missed her next two court dates, and disappeared. "She never came back to court, and now there were warrants for her arrest out of two separate courts."

After speaking to police officials the reporter concludes "There was a good chance she was only doing the grunt work for someone else, maybe even a domestic or foreign-organized crime syndicate, and then suffering all the consequences."

The UK minister of state for security even says that "in some places people are literally captured and used as unwilling operators for fraudsters."

This week the nonprofit Linux Foundation announced the launch of the High Performance Software Foundation, which "aims to build, promote, and advance a portable core software stack for high performance computing" (or HPC) by "increasing adoption, lowering barriers to contribution, and supporting development efforts."

It promises initiatives focused on "continuously built, turnkey software stacks," as well as other initiatives including architecture support and performance regression testing. Its first open source technical projects are:

- Spack: the HPC package manager.

- Kokkos: a performance-portable programming model for writing modern C++ applications in a hardware-agnostic way.

- Viskores (formerly VTK-m): a toolkit of scientific visualization algorithms for accelerator architectures.

- HPCToolkit: performance measurement and analysis tools for computers ranging from desktop systems to GPU-accelerated supercomputers.

- Apptainer: Formerly known as Singularity, Apptainer is a Linux Foundation project providing a high performance, full featured HPC and computing optimized container subsystem.

- E4S: a curated, hardened distribution of scientific software packages.

As use of HPC becomes ubiquitous in scientific computing and digital engineering, and AI use cases multiply, more and more data centers deploy GPUs and other compute accelerators. The High Performance Software Foundation will provide a neutral space for pivotal projects in the high performance computing ecosystem, enabling industry, academia, and government entities to collaborate on the scientific software.

The High Performance Software Foundation benefits from strong support across the HPC landscape, including Premier Members Amazon Web Services (AWS), Hewlett Packard Enterprise, Lawrence Livermore National Laboratory, and Sandia National Laboratories; General Members AMD, Argonne National Laboratory, Intel, Kitware, Los Alamos National Laboratory, NVIDIA, and Oak Ridge National Laboratory; and Associate Members University of Maryland, University of Oregon, and Centre for Development of Advanced Computing.
In a statement, an AMD vice president said that by joining "we are using our collective hardware and software expertise to help develop a portable, open-source software stack for high-performance computing across industry, academia, and government." And an AWS executive said the high-performance computing community "has a long history of innovation being driven by open source projects. AWS is thrilled to join the High Performance Software Foundation to build on this work. In particular, AWS has been deeply involved in contributing upstream to Spack, and we're looking forward to working with the HPSF to sustain and accelerate the growth of key HPC projects so everyone can benefit."

The new foundation will "set up a technical advisory committee to manage working groups tackling a variety of HPC topics," according to the announcement, following a governance model based on the Cloud Native Computing Foundation.

"Blue Origin's tourism rocket has launched passengers to the edge of space for the first time in nearly two years," reports CNN, "ending a hiatus prompted by a failed uncrewed test flight." The New Shepard rocket and capsule lifted off at 9:36 a.m. CT (10:36 a.m. ET) from Blue Origin's facilities on a private ranch in West Texas.

NS-25, Blue Origin's seventh crewed flight to date, carried six customers aboard the capsule: venture capitalist Mason Angel; Sylvain Chiron, founder of the French craft brewery Brasserie Mont-Blanc; software engineer and entrepreneur Kenneth L. Hess; retired accountant Carol Schaller; aviator Gopi Thotakura; and Ed Dwight, a retired US Air Force captain selected by President John F. Kennedy in 1961 to be the nation's first Black astronaut candidate... Dwight completed that challenge and reached the edge of space at the age of 90, making him the oldest person to venture to such heights, according to a spokesperson from Blue Origin...

"It's a life-changing experience," he said. "Everybody needs to do this."

The rocket booster landed safely a couple minutes prior to the capsule. During the mission, the crew soared to more than three times the speed of sound, or more than 2,000 miles per hour. The rocket vaulted the capsule past the Kármán line, an area 62 miles (100 kilometers) above Earth's surface that is widely recognized as the altitude at which outer space begins...
"And at the peak of the flight, passengers experienced a few minutes of weightlessness and striking views of Earth through the cabin windows."

Jeremy Allison — Sam (Slashdot reader #8,157) is a Distinguished Engineer at Rocky Linux creator CIQ. This week he published a blog post responding to promises of Linux distros "carefully selecting only the most polished and pristine open source patches from the raw upstream open source Linux kernel in order to create the secure distribution kernel you depend on in your business."

But do carefully curated software patches (applied to a known "frozen" Linux kernel) really bring greater security? "After a lot of hard work and data analysis by my CIQ kernel engineering colleagues Ronnie Sahlberg and Jonathan Maple, we finally have an answer to this question. It's no." The data shows that "frozen" vendor Linux kernels, created by branching off a release point and then using a team of engineers to select specific patches to back-port to that branch, are buggier than the upstream "stable" Linux kernel created by Greg Kroah-Hartman. How can this be? If you want the full details the link to the white paper is here. But the results of the analysis couldn't be clearer.

- A "frozen" vendor kernel is an insecure kernel. A vendor kernel released later in the release schedule is doubly so.

- The number of known bugs in a "frozen" vendor kernel grows over time. The growth in the number of bugs even accelerates over time.

- There are too many open bugs in these kernels for it to be feasible to analyze or even classify them....

[T]hinking that you're making a more secure choice by using a "frozen" vendor kernel isn't a luxury we can still afford to believe. As Greg Kroah-Hartman explicitly said in his talk "Demystifying the Linux Kernel Security Process": "If you are not using the latest stable / longterm kernel, your system is insecure."
CIQ describes its report as "a count of all the known bugs from an upstream kernel that were introduced, but never fixed in RHEL 8." For the most recent RHEL 8 kernels, at the time of writing, these counts are: RHEL 8.6 : 5034 RHEL 8.7 : 4767 RHEL 8.8 : 4594

In RHEL 8.8 we have a total of 4594 known bugs with fixes that exist upstream, but for which known fixes have not been back-ported to RHEL 8.8. The situation is worse for RHEL 8.6 and RHEL 8.7 as they cut off back-porting earlier than RHEL 8.8 but of course that did not prevent new bugs from being discovered and fixed upstream....

This whitepaper is not meant as a criticism of the engineers working at any Linux vendors who are dedicated to producing high quality work in their products on behalf of their customers. This problem is extremely difficult to solve. We know this is an open secret amongst many in the industry and would like to put concrete numbers describing the problem to encourage discussion. Our hope is for Linux vendors and the community as a whole to rally behind the kernel.org stable kernels as the best long term supported solution. As engineers, we would prefer this to allow us to spend more time fixing customer specific bugs and submitting feature improvements upstream, rather than the endless grind of backporting upstream changes into vendor kernels, a practice which can introduce more bugs than it fixes.
ZDNet calls it "an open secret in the Linux community." It's not enough to use a long-term support release. You must use the most up-to-date release to be as secure as possible. Unfortunately, almost no one does that. Nevertheless, as Google Linux kernel engineer Kees Cook explained, "So what is a vendor to do? The answer is simple: if painful: Continuously update to the latest kernel release, either major or stable." Why? As Kroah-Hartman explained, "Any bug has the potential of being a security issue at the kernel level...."

Although [CIQ's] programmers examined RHEL 8.8 specifically, this is a general problem. They would have found the same results if they had examined SUSE, Ubuntu, or Debian Linux. Rolling-release Linux distros such as Arch, Gentoo, and OpenSUSE Tumbleweed constantly release the latest updates, but they're not used in businesses.
Jeremy Allison's post points out that "the Linux kernel used by Android devices is based on the upstream kernel and also has a stable internal kernel ABI, so this isn't an insurmountable problem..."

Ars Technica looks at what happened after Google's answer to Amazon's cloud service "accidentally deleted a giant customer account for no reason..."

"[A]ccording to UniSuper's incident log, downtime started May 2, and a full restoration of services didn't happen until May 15." UniSuper, an Australian pension fund that manages $135 billion worth of funds and has 647,000 members, had its entire account wiped out at Google Cloud, including all its backups that were stored on the service... UniSuper's website is now full of must-read admin nightmare fuel about how this all happened. First is a wild page posted on May 8 titled "A joint statement from UniSuper CEO Peter Chun, and Google Cloud CEO, Thomas Kurian...." Google Cloud is supposed to have safeguards that don't allow account deletion, but none of them worked apparently, and the only option was a restore from a separate cloud provider (shoutout to the hero at UniSuper who chose a multi-cloud solution)... The many stakeholders in the service meant service restoration wasn't just about restoring backups but also processing all the requests and payments that still needed to happen during the two weeks of downtime.

The second must-read document in this whole saga is the outage update page, which contains 12 statements as the cloud devs worked through this catastrophe. The first update is May 2 with the ominous statement, "You may be aware of a service disruption affecting UniSuper's systems...." Seven days after the outage, on May 9, we saw the first signs of life again for UniSuper. Logins started working for "online UniSuper accounts" (I think that only means the website), but the outage page noted that "account balances shown may not reflect transactions which have not yet been processed due to the outage...." May 13 is the first mention of the mobile app beginning to work again. This update noted that balances still weren't up to date and that "We are processing transactions as quickly as we can." The last update, on May 15, states, "UniSuper can confirm that all member-facing services have been fully restored, with our retirement calculators now available again."

The joint statement and the outage updates are still not a technical post-mortem of what happened, and it's unclear if we'll get one. Google PR confirmed in multiple places it signed off on the statement, but a great breakdown from software developer Daniel Compton points out that the statement is not just vague, it's also full of terminology that doesn't align with Google Cloud products. The imprecise language makes it seem like the statement was written entirely by UniSuper.
Thanks to long-time Slashdot reader swm for sharing the news.

A blind worker for the National Federation of the Blind said Sonos had a reputation for making products usable for people with disabilities, but that "Overnight they broke that trust," according to the Washington Post.

They're not the only angry customers about the latest update to Sonos's wireless speaker system. The newspaper notes that nonprofit worker Charles Knight is "among the Sonos die-hards who are furious at the new app that crippled their options to stream music, listen to an album all the way through or set a morning alarm clock." After Sonos updated its app last week, Knight could no longer set or change his wake-up music alarm. Timers to turn off music were also missing. "Something as basic as an alarm is part of the feature set that users have had for 15 years," said Knight, who has spent thousands of dollars on six Sonos speakers for his bedroom, home office and kitchen. "It was just really badly thought out from start to finish." Some people who are blind also complained that the app omitted voice-control features they need.

What's happening to Sonos speaker owners is a cautionary tale. As more of your possessions rely on software — including your car, phone, TV, home thermostat or tractor — the manufacturer can ruin them with one shoddy update... Sonos now says it's fixing problems and adding back missing features within days or weeks. Sonos CEO Patrick Spence acknowledged the company made some mistakes and said Sonos plans to earn back people's trust. "There are clearly people who are having an experience that is subpar," Spence said. "I would ask them to give us a chance to deliver the actions to address the concerns they've raised." Spence said that for years, customers' top complaint was the Sonos app was clunky and slow to connect to their speakers. Spence said the new app is zippier and easier for Sonos to update. (Some customers disputed that the new app is faster.)

He said some problems like Knight's missing alarms were flaws that Sonos found only once the app was about to roll out. (Sonos updated the alarm feature this week.) Sonos did remove but planned to add back some lesser-used features. Spence said the company should have told people upfront about the planned timeline to return any missing functions.
In a blog post Sonos thanked customers for "valuable feedback," saying they're "working to address them as quickly as possible" and promising to reintroduce features, fix bugs, and address performance issues. ("Adding and editing alarms" is available now, as well as VoiceOver fixes for the home screen on iOS.)

The Washington Post adds that Sonos "said it initially missed some software flaws and will restore more voice-reader functions next week."

An anonymous reader quotes a report from The New York Times: There's a big debate in the tech world over whether artificial intelligence models should be "open source." Elon Musk, who helped found OpenAI in 2015, sued the startup and its chief executive, Sam Altman, on claims that the company had diverged from its mission of openness. The Biden administration is investigating the risks and benefits of open source models. Proponents of open source A.I. models say they're more equitable and safer for society, while detractors say they are more likely to be abused for malicious intent. One big hiccup in the debate? There's no agreed-upon definition of what open source A.I. actually means. And some are accusing A.I. companies of "openwashing" -- using the "open source" term disingenuously to make themselves look good. (Accusations of openwashing have previously been aimed at coding projects that used the open source label too loosely.)

In a blog post on Open Future, a European think tank supporting open sourcing, Alek Tarkowski wrote, "As the rules get written, one challenge is building sufficient guardrails against corporations' attempts at 'openwashing.'" Last month the Linux Foundation, a nonprofit that supports open-source software projects, cautioned that "this 'openwashing' trend threatens to undermine the very premise of openness -- the free sharing of knowledge to enable inspection, replication and collective advancement." Organizations that apply the label to their models may be taking very different approaches to openness. [...]

The main reason is that while open source software allows anyone to replicate or modify it, building an A.I. model requires much more than code. Only a handful of companies can fund the computing power and data curation required. That's why some experts say labeling any A.I. as "open source" is at best misleading and at worst a marketing tool. "Even maximally open A.I. systems do not allow open access to the resources necessary to 'democratize' access to A.I., or enable full scrutiny," said David Gray Widder, a postdoctoral fellow at Cornell Tech who has studied use of the "open source" label by A.I. companies.

An anonymous reader quotes a report from The Guardian, written by Caroline Haskins: On May 7th and 8th in Washington, D.C., the city's biggest convention hall welcomed America's military-industrial complex, its top technology companies and its most outspoken justifiers of war crimes. Of course, that's not how they would describe it. It was the inaugural "AI Expo for National Competitiveness," hosted by the Special Competitive Studies Project -- better known as the "techno-economic" thinktank created by the former Google CEO and current billionaire Eric Schmidt. The conference's lead sponsor was Palantir, a software company co-founded by Peter Thiel that's best known for inspiring 2019 protests against its work with Immigration and Customs Enforcement (Ice) at the height of Trump's family separation policy. Currently, Palantir is supplying some of its AI products to the Israel Defense Forces.

The conference hall was also filled with booths representing the U.S. military and dozens of its contractors, ranging from Booz Allen Hamilton to a random company that was described to me as Uber for airplane software. At industry conferences like these, powerful people tend to be more unfiltered – they assume they're in a safe space, among friends and peers. I was curious, what would they say about the AI-powered violence in Gaza, or what they think is the future of war?

Attendees were told the conference highlight would be a series of panels in a large room toward the back of the hall. In reality, that room hosted just one of note. Featuring Schmidt and the Palantir CEO, Alex Karp, the fire-breathing panel would set the tone for the rest of the conference. More specifically, it divided attendees into two groups: those who see war as a matter of money and strategy, and those who see it as a matter of death. The vast majority of people there fell into group one. I've written about relationships between tech companies and the military before, so I shouldn't have been surprised by anything I saw or heard at this conference. But when it ended, and I departed DC for home, it felt like my life force had been completely sucked out of my body. Some of the noteworthy quotes from the panel and convention, as highlighted in Haskins' reporting, include:

"It's always great when the CIA helps you out," Schmidt joked when CIA deputy director David Cohen lent him his microphone when his didn't work.

The U.S. has to "scare our adversaries to death" in war, said Karp. On university graduates protesting Israel's war in Gaza, Karp described their views as a "pagan religion infecting our universities" and "an infection inside of our society."

"The peace activists are war activists," Karp insisted. "We are the peace activists."

A huge aspect of war in a democracy, Karp went on to argue, is leaders successfully selling that war domestically. "If we lose the intellectual debate, you will not be able to deploy any armies in the west ever," Karp said.

A man in nuclear weapons research jokingly referred to himself as "the new Oppenheimer."

New submitter txyoji shares a report: Enterprise workplace collaboration platform Slack has sparked a privacy backlash with the revelation that it has been scraping customer data, including messages and files, to develop new AI and ML models. By default, and without requiring users to opt-in, Slack said its systems have been analyzing customer data and usage information (including messages, content and files) to build AI/ML models to improve the software.

The company insists it has technical controls in place to block Slack from accessing the underlying content and promises that data will not lead across workplaces but, despite these assurances, corporate Slack admins are scrambling to opt-out of the data scraping. This line in Slack's communication sparked a social media controversy with the realization that content in direct messages and other sensitive content posted to Slack was being used to develop AI/ML models and that opting out world require sending e-mail requests: "If you want to exclude your Customer Data from Slack global models, you can opt out. To opt out, please have your org, workspace owners or primary owner contact our Customer Experience team at feedback@slack.com with your workspace/org URL and the subject line 'Slack global model opt-out request'. We will process your request and respond once the opt-out has been completed."

Michael Larabel reports via Phoronix: Following Germany's Sovereign Tech Fund providing significant funding for GNOME, Rust Coreutils, PHP, a systemd bug bounty, and numerous other free software projects, the FFmpeg multimedia library is the latest beneficiary to this funding from the Germany government. The Sovereign Tech Fund notes that the FFmpeg project is receiving 157,580 euros for 2024 and 2025.

An announcement on the FFmpeg.org project site notes: "The FFmpeg community is excited to announce that Germany's Sovereign Tech Fund has become its first governmental sponsor. Their support will help sustain the [maintenance] of the FFmpeg project, a critical open-source software multimedia component essential to bringing audio and video to billions around the world everyday."

In a press release today, the best music player of the 1990s announced that it'll open up its source code to developers worldwide. "Winamp will open up its code for the player used on Windows, enabling the entire community to participate in its development," said the company. "This is an invitation to global collaboration, where developers worldwide can contribute their expertise, ideas, and passion to help this iconic software evolve."

Alexandre Saboundjian, CEO of Winamp, explains: "This is a decision that will delight millions of users around the world. Our focus will be on new mobile players and other platforms. We will be releasing a new mobile player at the beginning of July. Still, we don't want to forget the tens of millions of users who use the software on Windows and will benefit from thousands of developers' experience and creativity. Winamp will remain the owner of the software and will decide on the innovations made in the official version."

Palo Alto Networks is acquiring IBM's QRadar cloud software and migrating customers to its Cortex Xsiam platform as part of a broader partnership aimed at expanding its consulting capabilities and customer base. The sum of the deal was not disclosed. CNBC reports: The move normally takes one to three months, Nikesh Arora, Palo Alto's CEO, told CNBC. Also, IBM will train more than 1,000 of its consulting employees on Palo Alto's products. [...] For IBM, a more robust lineup of contemporary security tools for consulting might help the company deliver on its stated goal of revenue growth in the mid-single digits for 2024. In the first quarter, revenue increased 3%, with a 2% bump in the consulting segment.

Palo Alto is growing much faster than IBM. In the January quarter, revenue jumped 19%. The company will report results for the latest quarter on Monday. Palo Alto more than doubled in value last year and its stock is up 6% year to date, lifting the company's market cap past $100 billion. The stock rose more than 1% in extended trading. IBM is up close to 5% this year and is now valued at $154 billion. The companies said the transaction should close by the end of September, subject to regulatory approval and other conditions. [...] IBM will continue to sell its QRadar software for use in on-premises data centers. At the same time, IBM will suggest that clients using it consider switching to Palo Alto's Cortex Xsiam.

Google and Samsung used to update smartphone software for only three years. That has changed. From a report: Every smartphone has an expiration date. That day arrives when the software updates stop coming and you start missing out on new apps and security protections. With most phones, this used to happen after about only three years. But things are finally starting to change. The new number is seven. I first noticed this shift when I reviewed Google's $700 Pixel 8 smartphone in October. Google told me that it had committed to provide software updates for the phone for seven years, up from three years for its previous Pixels, because it was the right thing to do.

I was skeptical that this would become a trend. But this year, Samsung, the most profitable Android phone maker, set a similar software timeline for its $800 Galaxy S24 smartphone. Then Google said it would do the same for its $500 Pixel 8A, the budget version of the Pixel 8, which arrived in stores this week. Both companies said they had expanded their software support to make their phones last longer. This is a change from how companies used to talk about phones. Not long ago, tech giants unveiled new devices that encouraged people to upgrade every two years. But in the last few years, smartphone sales have slowed down worldwide as their improvements have become more marginal. Nowadays, people want their phones to endure.

Samsung and Google, the two most influential Android device makers, are playing catch-up with Apple, which has traditionally provided software updates for iPhones for roughly seven years. These moves will make phones last much longer and give people more flexibility to decide when it's time to upgrade. Google said in a statement that it had expanded its software commitment for the Pixel 8A because it wanted customers to feel confident in Pixel phones. And Samsung said it would deliver seven years of software updates, which increase security and reliability, for all its Galaxy flagship phones from now on.

Microsoft's ambitious goal to be carbon negative by 2030 is threatened by its expanding AI operations, which have increased its carbon footprint by 30% since 2020. To meet its targets, Microsoft must quickly adopt green technologies and improve efficiency in its data centers, which are critical for AI but heavily reliant on carbon-intensive resources. Bloomberg reports: Now to meet its goals, the software giant will have to make serious progress very quickly in gaining access to green steel and concrete and less carbon-intensive chips, said Brad Smith, president of Microsoft, in an exclusive interview with Bloomberg Green. "In 2020, we unveiled what we called our carbon moonshot. That was before the explosion in artificial intelligence," he said. "So in many ways the moon is five times as far away as it was in 2020, if you just think of our own forecast for the expansion of AI and its electrical needs." [...]

Despite AI's ravenous energy consumption, this actually contributes little to Microsoft's hike in emissions -- at least on paper. That's because the company says in its sustainability report that it's 100% powered by renewables. Companies use a range of mechanisms to make such claims, which vary widely in terms of credibility. Some firms enter into long-term power purchase agreements (PPAs) with renewable developers, where they shoulder some of a new energy plant's risk and help get new solar and wind farms online. In other cases, companies buy renewable energy credits (RECs) to claim they're using green power, but these inexpensive credits do little to spur new demand for green energy, researchers have consistently found. Microsoft uses a mix of both approaches. On one hand, it's one of the biggest corporate participants in power purchase agreements, according to BloombergNEF, which tracks these deals. But it's also a huge purchaser of RECs, using these instruments to claim about half of its energy use is clean, according to its environmental filings in 2022. By using a large quantity of RECs, Microsoft is essentially masking an even larger growth in emissions. "It is Microsoft's plan to phase out the use of unbundled RECs in future years," a spokesperson for the company said. "We are focused on PPAs as a primary strategy."

So what else can be done? Smith, along with Microsoft's Chief Sustainability Officer Melanie Nakagawa, has laid out clear steps in the sustainability report. High among them is to increase efficiency, which is to use the same amount of energy or computing to do more work. That could help reduce the need for data centers, which will reduce emissions and electricity use. On most things, "our climate goals require that we spend money," said Smith. "But efficiency gains will actually enable us to save money." Microsoft has also been at the forefront of buying sustainable aviation fuels that has helped reduce some of its emissions from business travel. The company also wants to partner with those who will "accelerate breakthroughs" to make greener steel, concrete and fuels. Those technologies are starting to work at a small scale, but remain far from being available in commercial quantities even if expensive. Cheap renewable power has helped make Microsoft's climate journey easier. But the tech giant's electricity consumption last year rivaled that of a small European country -- beating Slovenia easily. Smith said that one of the biggest bottlenecks for it to keep getting access to green power is the lack of transmission lines from where the power is generated to the data centers. That's why Microsoft says it's going to increase lobbying efforts to get governments to speed up building the grid. If Microsoft's emissions remain high going into 2030, Smith said the company may consider bulk purchases of carbon removal credits, even though it's not "the desired course."

"You've got to be willing to invest and pay for it," said Smith. Climate change is "a problem that humanity created and that humanity can solve."

The recent surge in bitcoin prices has the phones at crypto wallet recovery firms ringing off the hook, as retail investors locked out of their digital vaults make frantic calls to regain access to their accounts. From a report: Cryptocurrencies exist on a decentralized digital ledger known as blockchain and investors may opt to access their holdings either through a locally stored software wallet or a hardware wallet, to avoid risks related to owning crypto with an exchange, as in the case of the former FTX. Losing access to a crypto wallet is a well-known problem. Investors forgetting their intricate passwords is a primary reason, but loss of access to two-factor authentication devices, unexpected shutdowns of cryptocurrency exchanges and cyberattacks are also common.

Wallet passwords are usually alphanumeric and the wallet provider also offers a set of randomized words, known as "seed phrases," for additional security - both these are known only to the user. If investors lose the passwords and phrases, access to their wallets is cut off. With bitcoin prices regaining traction since last October and hitting a record high of $73,803.25 in March, investors seem to be suffering from a classic case of FOMO, or the fear of missing out. Reuters spoke to nearly a dozen retail investors who had lost access to their crypto wallets. Six of them contacted a recovery services firm and managed to regain access to their holdings.

This week, in celebration of Global Accessibility Awareness Day, Apple is introducing several new accessibility features. Noteworthy additions include eye-tracking support for recent iPhone and iPad models, customizable vocal shortcuts, music haptics, and vehicle motion cues. Engadget reports: The most intriguing feature of the set is the ability to use the front-facing camera on iPhones or iPads (at least those with the A12 chip or later) to navigate the software without additional hardware or accessories. With this enabled, people can look at their screen to move through elements like apps and menus, then linger on an item to select it. That pause to select is something Apple calls Dwell Control, which has already been available elsewhere in the company's ecosystem like in Mac's accessibility settings. The setup and calibration process should only take a few seconds, and on-device AI is at work to understand your gaze. It'll also work with third-party apps from launch, since it's a layer in the OS like Assistive Touch. Since Apple already supported eye-tracking in iOS and iPadOS with eye-detection devices connected, the news today is the ability to do so without extra hardware. [...]

There are plenty more features coming to the company's suite of products, including Live Captions in VisionOS, a new Reader mode in Magnifier, support for multi-line braille and a virtual trackpad for those who use Assistive Touch. It's not yet clear when all of these announced updates will roll out, though Apple has historically made these features available in upcoming versions of iOS. With its developer conference WWDC just a few weeks away, it's likely many of today's tools get officially released with the next iOS. Apple detailed all the new features in a press release.

An anonymous reader quotes a report from Ars Technica: Google's I/O conference is still happening, and while the big keynote was yesterday, major Android beta releases have apparently been downgraded to Day 2 of the show. Google really seems to want to be primarily an AI company now. Android already had some AI news yesterday, but now that the code-red requirements have been met, we have actual OS news. One of the big features in this release is "Private Space," which Google says is a place where users can "keep sensitive apps away from prying eyes, under an additional layer of authentication."

First, there's a new hidden-by-default portion of the app drawer that can hold these sensitive apps, and revealing that part of the app drawer requires a second round of lock-screen authentication, which can be different from the main phone lock screen. Just like "Work" apps, the apps in this section run on a separate profile. To the system, they are run by a separate "user" with separate data, which your non-private apps won't be able to see. Interestingly, Google says, "When private space is locked by the user, the profile is paused, i.e., the apps are no longer active," so apps in a locked Private Space won't be able to show notifications unless you go through the second lock screen.

Another new Android 15 feature is "Theft Detection Lock," though it's not in today's beta and will be out "later this year." The feature uses accelerometers and "Google AI" to "sense if someone snatches your phone from your hand and tries to run, bike, or drive away with it." Any of those theft-like shock motions will make the phone auto-lock. Of course, Android's other great theft prevention feature is "being an Android phone." Android 12L added a desktop-like taskbar to the tablet UI, showing recent and favorite apps at the bottom of the screen, but it was only available on the home screen and recent apps. Third-party OEMs immediately realized that this bar should be on all the time and tweaked Android to allow it. In Android 15, an always-on taskbar will be a normal option, allowing for better multitasking on tablets and (presumably) open foldable phones. You can also save split-screen-view shortcuts to the taskbar now.

An Android 13 developer feature, predictive back, will finally be turned on by default. When performing the back gesture, this feature shows what screen will show up behind the current screen you're swiping away. This gives a smoother transition and a bit of a preview, allowing you to cancel the back gesture if you don't like where it's going. [...] Because this is a developer release, there are tons of under-the-hood changes. Google is a big fan of its own next-generation AV1 video codec, and AV1 support has arrived on various devices thanks to hardware decoding being embedded in many flagship SoCs. If you can't do hardware AV1 decoding, though, Android 15 has a solution for you: software AV1 decoding.

Intel unveiled Thunderbolt Share on Wednesday with which it promises to streamline screen and file sharing between two PCs. Tom's Hardware: Thunderbolt Share will allow PC owners to connect their two computers with a wired connection that leverages Thunderbolt's speed (40Gbps or higher), low latency, and built-in security. It allows PC-to-PC access that shares the screen, keyboard, mouse, and storage. The software also enables folder synchronization or easy drag-and-drop file transfer between the computers. [...]

Thunderbolt Share also provides uncompressed screen sharing between two PCs in the original resolution of the source computer. It also claims low latency for a smooth, responsive experience that includes the screen, keyboard, and mouse with full HD screen mirroring at up to 60 frames per second (fps). Higher resolutions could result in fewer frames per second, but Ziller said it would still be a "great experience."

Tech columnist and venture investor MG Siegler, commenting on the new iPad Pro: I love the iPad for the things it's good at. And I love the MacBook for the things it's good at. What I want is less a completely combined device and more a single device that can run both macOS and iPadOS. And this new iPad Pro, again equipped with a chip faster than any MacBook, can do that if Apple allowed it to.

At first, maybe it's dual boot. That is, just let the iPad Pro load up macOS if it's attached to the Magic Keyboard and use the screen as a regular (but beautiful) monitor -- no touch. Over time, maybe macOS is just a "mode" inside of iPadOS -- complete with some elements updated to be touch-friendly, but not touch-first. Steven Sinofsky, the former head of Microsoft's Windows division, chiming in: It is not unusual for customers to want the best of all worlds. It is why Detroit invented convertibles and el caminos.

But the idea of a "dual boot" device is just nuts. It is guaranteed the only reality is it is running the wrong OS all the time for whatever you want to do. It is a toaster-refrigerator. Only techies like devices that "presto-change" into something else. Regular humans never flocked to El Caminos, and even today SUVs just became station wagons and almost none actually go off road :-)

Two things that keep going unanswered if you really want macOS on an iPad device:

1. What software on Mac do you want for an iPad device experience? What software will get rewritten for touch? If you want "touch-enabled" check out what happened on the Windows desktop. Nearly everything people say they want isn't features as much as the mouse interaction model. People want overlapping windows, a desktop of folders, infinitely resizable windows, and so on. These don't work on touch very well and certainly not for people who don't want to futz.
2. Will you be happy with battery life? The physics of an iPad mean the battery is 2/3rds the size of a Mac battery. Do you really want that? I don't. The reason the iPad is the 5.x mm device is because the default doesn't have a keyboard holding the battery. This is about the realities. The metaphors that people like on a desktop, heck that they love, just don't work with the blunt instrument of touch. It might be possible to build all new metaphors that use only tough and thus would be great on an iPad but that isn't what they tried. The device grew out of a phone. It's only their incredible work on iPhone that led to Mx silicon and their tireless work on the Mac-centric frameworks that delivered a big chunk (but not all) the privacy, reliability, battery life, security, etc. of the phone on Mac. [...]

Dan Robinson reports via The Register: VMware has made another small but notable post-merger concession to users: the Workstation Pro and Fusion Pro desktop hypervisor products will now be free for personal use. The cloud and virtualization biz, now a Broadcom subsidiary, has announced that its Pro apps will be available under two license models: a "Free Personal Use" or a "Paid Commercial Use" subscription for organizations. Workstation Pro is available for PC users running Windows or Linux, while Fusion Pro is available for Mac systems with either Intel CPUs or Apple's own processors. The two products allow users to create a virtual machine on their local computer for the purpose of running a different operating system or creating a sandbox in which to run certain software. [...]

According to VMware, users will get to decide for themselves if their use case calls for a commercial subscription. There are no functional differences between the two versions, the company states, and the only visual difference is that the free version displays the text: "This product is licensed for personal use only." "This means that everyday users who want a virtual lab on their Mac, Windows, or Linux computer can do so for free simply by registering and downloading the bits from the new download portal located at support.broadcom.com," VMware says. Customers that require a paid commercial subscription must purchase through an authorized Broadcom Advantage partner.

The move also means that VMware's Workstation Player and Fusion Player products are effectively redundant as the Pro products now serve the same role, and so those will no longer be offered for purchase. Organizations with commercial licenses for Fusion Player 13 or Workstation Player 17 can continue to use these, however, and they will continue to be supported for existing end of life (EOL) and end of general support (EoGS) dates.