An anonymous reader quotes a report from Ars Technica: The Senate Judiciary Committee is scheduled to consider two bills Thursday that would effectively nullify the Supreme Court's rulings against patents on broad software processes and human genes. Open source and Internet freedom advocates are mobilizing and pushing back. The Patent Eligibility Restoration Act (or PERA, S. 2140), sponsored by Sens. Thom Tillis (R-NC) and Chris Coons (D-Del.), would amend US Code such that "all judicial exceptions to patent eligibility are eliminated." That would include the 2014 ruling in which the Supreme Court held, with Justice Clarence Thomas writing, that simply performing an existing process on a computer does not make it a new, patentable invention. "The relevant question is whether the claims here do more than simply instruct the practitioner to implement the abstract idea of intermediated settlement on a generic computer," Thomas wrote. "They do not." That case also drew on Bilski v. Kappos, a case in which a patent was proposed based solely on the concept of hedging against price fluctuations in commodity markets. [...]

Another wrinkle in the PERA bill involves genetic patents. The Supreme Court ruled in June 2013 that pieces of DNA that occur naturally in the genomes of humans or other organisms cannot, themselves, be patented. Myriad Genetics had previously been granted patents on genes associated with breast and ovarian cancer, BRCA1 and BRCA2, which were targeted in a lawsuit led by the American Civil Liberties Union (ACLU). The resulting Supreme Court decision -- this one also written by Thomas -- found that information that naturally occurs in the human genome could not be the subject to a patent, even if the patent covered the process of isolating that information from the rest of the genome. As with broad software patents, PERA would seemingly allow for the patenting of isolated human genes and connections between those genes and diseases like cancer. [...] The Judiciary Committee is set to debate and potentially amend or rewrite PREVAIL and PERA (i.e. mark up) on Thursday.

Snapchat's terms of service for its "My Selfie" tool reserve the right to use users' AI-generated images in ads. While users can opt out by disabling the "See My Selfie in Ads" feature, it is enabled by default. 404 Media's Emanuel Maiberg reports: A support page on the Snapchat website titled "What is My Selfie?" explains further: "You'll take selfies with your Snap camera or select images from your camera roll. These images will be used to understand what you look like to enable you, Snap and your friends to generate novel images of you. If you're uploading images from the camera roll, only add images of yourself," Snapchat's site says. "After you've successfully onboarded, you may have access to some features powered by My Selfie, like Cameos stickers and AI Snaps. We are constantly adding features and functionality so stay tuned for more My Selfie features."

After seeing the popup, I searched for instances of people getting ads featuring their own face on Snapchat, and found this thread on the r/Privacy Reddit community where a user claimed exactly this happened to them. In an email to 404 Media, Snapchat said that it couldn't confirm or deny whether this user was served an ad featuring their face, but if they did, the ad was not using My Selfie images. Snapchat also said that it investigated the claim in the Reddit thread and that the advertiser, yourdreamdegree.com, has a history of advertising on Snapchat and that Snapchat believes the ad in question does not violate any of its policies. "The photo that was used in the advertisement is clearly AI, however, it is very clearly me," the Reddit user said. "It has my face, my hair, the clothing I wear, and even has my lamp & part of a painting on my wall in the background. I have no idea how they got photos of me to be able to generate this ad." Snapchat confirmed the news but emphasized that advertisers do not have access to Snapchat users' generative AI data. "You are correct that our terms do reserve the right, in the future, to offer advertising based on My Selfies in which a Snapchatter can see themselves in a generated image delivered to them," a Snapchat spokesperson said. "As explained in the onboarding modal, Snapchatters have full control over this, and can turn this on and off in My Selfie Settings at any time."

Late last month, Brazilian Justice Alexandre de Moraes ordered X to suspend operations in Brazil after a months-long dispute with X owner Elon Musk. The conflict centered on Musk's refusal to appoint a legal representative in the country and his refusal to take down disinformation and far-right accounts. However, on Wednesday, X bypassed the court-ordered block by utilizing third-party cloud services, allowing many Brazilian users to access the platform without the need for a virtual private network (VPN). From a report: The number of Brazilians accessing X is unknown, according to [Abrint, the Brazilian Association of Internet and Telecommunications Providers]. "I believe the change was probably intentional. Why would X use a third-party service that ends up being slower than its own?" said Basilio Perez, a board member at Abrint.

Any revised order from Brazil's national telecommunications agency Anatel, which is responsible for implementing the court ruling, will need to be more specific, because blocking cloud access is complex and may jeopardize government agencies and financial services providers, Perez said.

Anatel has identified the problem and is working to first notify content delivery network providers, followed by telecom companies to block access again to X in Brazil, according to a person familiar with the situation. The same person said it is not clear how long it will take for the providers to comply with the order...

In a statement tweeted from X's global government affairs account, the company said the restoration of service was an "inadvertent and temporary" side-effect of switching network providers.

The Register's Jessica Lyons reports: Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server. In an exclusive interview with The Register, Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's IT environment for four months while poking around for more boxes to commandeer. It's a tale that should be a warning to those with long- or almost-forgotten machines connected to their networks; those with shadow IT deployments; and those with unmanaged equipment. While the rest of your environment is protected by whatever threat detection you have in place, these legacy services are perfect starting points for miscreants.

This particular company, which Dwyer declined to name, makes components for public and private aerospace organizations and other critical sectors, including oil and gas. The intrusion has been attributed to an unnamed People's Republic of China team, whose motivation appears to be espionage and blueprint theft. It's worth noting the Feds have issued multiple security alerts this year about Beijing's spy crews including APT40 and Volt Typhoon, which has been accused of burrowing into American networks in preparation for destructive cyberattacks.

After discovering China's agents within its network in August, the manufacturer alerted local and federal law enforcement agencies and worked with government cybersecurity officials on attribution and mitigation, we're told. Binary Defense was also called in to investigate. Before being caught and subsequently booted off the network, the Chinese intruders uploaded a web shell and established persistent access, thus giving them full, remote access to the IT network -- putting the spies in a prime position for potential intellectual property theft and supply-chain manipulation. If a compromised component makes it out of the supply chain and into machinery in production, whoever is using that equipment or vehicle will end up feeling the brunt when that component fails, goes rogue, or goes awry.

"The scary side of it is: With our supply chain, we have an assumed risk chain, where whoever is consuming the final product -- whether it is the government, the US Department of the Defense, school systems â" assumes all of the risks of all the interconnected pieces of the supply chain," Dwyer told The Register. Plus, he added, adversarial nations are well aware of this, "and the attacks continually seem to be shifting left." That is to say, attempts to meddle with products are happening earlier and earlier in the supply-chain pipeline, thus affecting more and more victims and being more deep-rooted in systems. Breaking into a classified network to steal designs or cause trouble is not super easy. "But can I get into a piece of the supply chain at a manufacturing center that isn't beholden to the same standards and accomplish my goals and objectives?" Dwyer asked. The answer, of course, is yes. [...]

The House Energy and Commerce Committee has approved the AM for Every Vehicle Act, which mandates that automakers include AM radio in new vehicles without additional charges. The Verge reports: The bill passed the committee on a roll-call vote of 45-2 and now heads to the full House for final approval. The bill, titled the AM for Every Vehicle Act, would direct the National Highway Traffic Safety Administration (NHTSA) to issue a rule that "requires automakers to maintain AM broadcast radio in their vehicles without a separate or additional payment, fee, or surcharge." Supporters say they are pushing the bill out of a concern that the slow demise of AM radio could make it more difficult to broadcast emergency information during a natural disaster or other related events. Conservatives are also worried about losing a lucrative platform for right-wing news and media. [...]

Automakers generally see AM radio as an obsolete technology, arguing that there are other, better technologies, such as internet streaming, HD radio delivered on FM bands, or some apps that provide AM content that will make up for the absence of AM radio in vehicles. Critics say the bill could also add to the costs of producing EVs at a time when many manufacturers are struggling to rein in their costs. "With a new mandate, [EV companies] will have to go through a significant powertrain redesign, vehicle redesign," Albert Gore, executive director of the Zero Emission Transportation Association, said in an interview earlier this year, "because of the degree to which electric motor generates this [electromagnetic] interference."

Longtime Slashdot reader theodp writes: Python in Excel is now generally available for Windows users of Microsoft 365 Business and Enterprise," Microsoft announced in a Monday blog post. "Last August, in partnership with Anaconda, we introduced an exciting new addition to Excel by integrating Python, making it possible to seamlessly combine Python and Excel analytics within the same workbook, no setup required. Since then, we've brought the power of popular Python analytics libraries such as pandas, Matplotlib, and NLTK to countless Excel users." Microsoft also announced the public preview of Copilot in Excel with Python, which will take users' natural language requests for analysis and automatically generate, explain, and insert Python code into Excel spreadsheets.

While drawing criticism for limiting Python execution to locked-down Azure cloud containers, Python in Excel has also earned accolades from the likes of Python creator Guido van Rossum, now a Microsoft Distinguished Engineer, as well as Pandas creator Wes McKinney.

Left unmentioned in Monday's announcement is that Microsoft managed to convince the USPTO to issue it a patent in July 2024 on the Enhanced Integration of Spreadsheets With External Environments (alt. source), which Microsoft explains covers the "implementation of enhanced integrations of native spreadsheet environments with external resources such as-but not limited to-Python." All of which may come as a surprise to software vendors and individuals that were integrating Excel and external programming environments years before Microsoft filed its patent application in September 2022.

Former MoviePass CEO Mitch Lowe pleaded guilty to securities fraud, admitting he misled investors about the viability of the company's $9.95-a-month movie subscription service, and faces up to five years in prison. His co-defendant, former Helios and Matheson CEO Ted Farnsworth, faces similar charges and is scheduled for trial in March 2025; Farnsworth has been in federal custody since August 2023 due to bond violations involving misuse of company funds. Variety reports: Farnsworth and Lowe were the architects of MoviePass' doomed all-you-can-watch offering, which resulted in hundreds of millions of dollars in investor losses in 2017 and 2018. Investigators found that Lowe tried to stem the losses by throttling the service, forcing high-volume users to reset their passwords and verify their tickets. The two men were charged in November 2022 on counts of wire fraud and securities fraud. According to Lowe's plea agreement, the government estimates the total losses from the scheme at $303 million -- though Lowe contends it is less than that. Lowe remains free on bond, and is due back in court in Miami on March 21 for a status conference. Lowe published a memoir in 2022 in which he reflected on the downfall of MoviePass, entitled "Watch and Learn: How I Turned Hollywood Upside Down with Netflix, Redbox, and Moviepass."

Apple has increased its out-of-warranty battery replacement fee for iPhone 16 Pro models. From a report: Apple Stores can replace the battery inside an iPhone 16 Pro or iPhone 16 Pro Max for $119 in the U.S., which is up from $99 for the iPhone 15 Pro and iPhone 15 Pro Max. This is a 20% increase to the fee, which includes the cost of a new battery and service by an Apple Store. The fee may vary at third-party Apple Authorized Service Providers. The fee remains $99 for the standard iPhone 16 and iPhone 16 Plus. Customers with AppleCare+ can still get an iPhone 16 Pro battery replaced for free, but only if the battery retains less than 80% of its original capacity.

Apple says all four iPhone 16 models are equipped with larger batteries, and all of the devices received an internal redesign for improved heat dissipation, according to the company. A metal enclosure was rumored for at least some iPhone 16 batteries, but we are still waiting for teardowns to get a proper look inside of the devices.

An EFF article calls out a "brazen attempt to privatize" a wireless frequency band (900 MHz) which America's FCC's left " as a commons for all... for use by amateur radio operators, unlicensed consumer devices, and industrial, scientific, and medical equipment." The spectrum has also become "a hotbed for new technologies and community-driven projects. Millions of consumer devices also rely on the range, including baby monitors, cordless phones, IoT devices, garage door openers." But NextNav would rather claim these frequencies, fence them off, and lease them out to mobile service providers. This is just another land-grab by a corporate rent-seeker dressed up as innovation. EFF and hundreds of others have called on the FCC to decisively reject this proposal and protect the open spectrum as a commons that serves all.

NextNav [which sells a geolocation service] wants the FCC to reconfigure the 902-928 MHz band to grant them exclusive rights to the majority of the spectrum... This proposal would not only give NextNav their own lane, but expanded operating region, increased broadcasting power, and more leeway for radio interference emanating from their portions of the band. All of this points to more power for NextNav at everyone else's expense.

This land-grab is purportedly to implement a Positioning, Navigation and Timing (PNT) network to serve as a US-specific backup of the Global Positioning System(GPS). This plan raises red flags off the bat. Dropping the "global" from GPS makes it far less useful for any alleged national security purposes, especially as it is likely susceptible to the same jamming and spoofing attacks as GPS. NextNav itself admits there is also little commercial demand for PNT. GPS works, is free, and is widely supported by manufacturers. If Nextnav has a grand plan to implement a new and improved standard, it was left out of their FCC proposal. What NextNav did include however is its intent to resell their exclusive bandwidth access to mobile 5G networks. This isn't about national security or innovation; it's about a rent-seeker monopolizing access to a public resource. If NextNav truly believes in their GPS backup vision, they should look to parts of the spectrum already allocated for 5G.

The open sections of the 900 MHz spectrum are vital for technologies that foster experimentation and grassroots innovation. Amateur radio operators, developers of new IoT devices, and small-scale operators rely on this band. One such project is Meshtastic, a decentralized communication tool that allows users to send messages across a network without a central server. This new approach to networking offers resilient communication that can endure emergencies where current networks fail. This is the type of innovation that actually addresses crises raised by Nextnav, and it's happening in the part of the spectrum allocated for unlicensed devices while empowering communities instead of a powerful intermediary. Yet, this proposal threatens to crush such grassroots projects, leaving them without a commons in which they can grow and improve.

This isn't just about a set of frequencies. We need an ecosystem which fosters grassroots collaboration, experimentation, and knowledge building. Not only do these commons empower communities, they avoid a technology monoculture unable to adapt to new threats and changing needs as technology progresses. Invention belongs to the public, not just to those with the deepest pockets. The FCC should ensure it remains that way.

NextNav's proposal is a direct threat to innovation, public safety, and community empowerment. While FCC comments on the proposal have closed, replies remain open to the public until September 20th. The FCC must reject this corporate land-grab and uphold the integrity of the 900 MHz band as a commons.

The New York Times looks at "a third-generation family firm" in Paraguay "with 280 workers that packages hot sauce, soy beans...and seven kinds of salt for sale in Paraguayan supermarkets."

Its mascot — on t-shirts, coffee cups, and "in heavy demand at Paraguayan weddings" — is a mouse named Mickey. 51-year-old Viviana Blasco — one of five siblings who run the business — told the Times that it all began back in 1935: Ms. Blasco's grandfather, Pascual, the son of Italian immigrants, saw an opportunity to spread some joy — and turn a profit. He opened a tiny shop selling fruit and homemade gelato. It was called Mickey... Pascual, she said, often vacationed in Buenos Aires — Argentina's cosmopolitan capital... "On one of his trips, he must have seen the famous mouse," Ms. Blasco said... A few years later, Pascual opened the Mickey Ice Cream Parlor, Café and Confectioners. By 1969, Mickey was selling rice, sugar and baking soda in packages now decorated with the eponymous mouse.
"Mickey resonates with Paraguayans' sense of nostalgia, said Euge Aquino, a TV chef and social media influencer who uses its ingredients to make comfort food like pastel mandi'o (yuca and beef empanadas)... Mickey's popularity, she said, also has a lot to do with the mascot handing out candy outside the factory gates every Christmas: a tradition dating back to 1983." By now, a "peaceful coexistence" reigns between Mickey and its United States doppelgänger, said Elba Rosa Britez, 72, the smaller company's lawyer. This truce was hard-won. In 1991, Disney filed a trademark violation claim with Paraguay's Ministry of Business and Industry that was rejected. The company then filed a lawsuit, but in 1995 a trademark tribunal ruled in Mickey's favor. There, one judge agreed that Paraguayans could easily confuse the Disney Mickey and the Paraguayan Mickey. But Disney didn't reckon on a "legal loophole," Ms Britez explained. The Mickey trademark had been registered in Paraguay since at least 1956 — and Pascual's descendants had since renewed it — without protest from the multinational. In 1998, Paraguay's Supreme Court issued its final ruling. Through decades of uninterrupted use, Mickey had acquired the right to be Mickey.

"I jumped for joy," Ms Britez said. Mickey's legal immunity in Paraguay, Ms. Blasco acknowledged, might not extend to selling its products abroad. "We've never tried."
"Some lining up to meet the mascot said Mickey's David-vs-Goliath triumph against Disney filled them with national pride..."

Last October Slashdot reported on René Rebe's discovery of a random illegal instruction speculation bug on AMD Ryzen 7000-series and Epyc Zen 4 CPUs — which Rebe discussed on his YouTube channel.

But this week's YouTube episode had a different ending, reports Tom's Hardware... Two days ago, tech streamer and host of Code Therapy René Rebe was streaming one of many T2 Linux (his own custom distribution) development sessions from his office in Germany when he abruptly had to remove his microphone and walk off camera due to the arrival of police officers. The officers subsequently cuffed him and took him to the station for an hour of questioning, a span of time during which the stream continued to run until he made it back...

[T]he police seemingly have no idea who did it and acted based on a tip sent with an email. Finding the perpetrators could take a while, and options will be fairly limited if they don't also live in Germany.
Rebe has been contributing to Linux "since as early as 1998," according to the article, "and started his own T2 SD3 Embedded Linux distribution in 2004, as well." (And he's also a contributor to many other major open source projects.)

The article points out that Linux and other communities "are compelled by little-to-no profit motive, so in essence, René has been providing unpaid software development for the greater good for the past two decades."

In 1980 a 23-year-old woman was shot multiple times by an unknown assailant in a small county in central Kansas.

44 years later, the county sheriff made a Facebook post... Over the years, dozens of law enforcement officers looked at the case to no avail. In mid-2022 I was approached by Detective Sgt. Adam Hales to reopen the case using new techniques and technology that were now available at the time of the murder. In all honesty, it was with some degree of skepticism that I authorized the expenditure of manpower and resources... Many of the witnesses as well as law enforcement officers that were originally involved in the case had died and interviews were not possible.
A statement from the Kansas attorney general's office says the police investigation culminated with an interview with Steven Hanks, a neighbor of the woman, who admitted to the killing. Hanks (who is now 70 years old) was arrested and charged with murder and second-degree, according to the county sheriff's Facebook post: On a personal note, I was 18 years old and a senior in high school when this homicide occurred. I remember it well. By 1982 I had started with the Sheriff's Office as a reserve deputy and have been associated with the Barton County Sheriff's Office ever since. I worked for the four Sheriff's that preceded me and this homicide has haunted all of us. It bothers me that many of the people who were so affected by this tragic crime have since passed away prior to bringing the suspect to justice. I consider myself fortunate that I had the resources and the diligent personnel to close this case.
The Facebook post ends with a 1980 photo of 23-year-old Mary Robin Walter — who besides being a nursing school student was also a wife and mother — next to a booking photo of 70-year-old Steven Hanks.

Hanks has been sentenced to up to 25 years in prison

Police in Italy "smashed" a videogame trafficking ring, reports the BBC. They seized fake vintage Nintendo, Sega and Atari consoles that didn't meet strict safety standards, as well as counterfeit games — including Mario Bros., Street Fighter and Star Wars — that together were worth almost €50m ($55.5m) Around 12,000 consoles holding over 47 million pirated video games were seized by police, Alessandro Langella, head of the economic crime unit for Turin's financial police, told the AFP news agency... They were "all from China" and were imported to be sold in specialised shops or online, Mr Langella said...

The seized games have been destroyed. Nine Italian nationals have been arrested and charged with trading in counterfeited goods. If found guilty, they face up to eight years in prison.

More details on that report about NASA from the Washington Post: NASA is 66 years old and feeling its age. Brilliant engineers are retiring. Others have fled to higher-paying jobs in the private space industry. The buildings are old, their maintenance deferred. The Apollo era, with its huge taxpayer investment, is a distant memory. The agency now pursues complex missions on inadequate budgets. This may be an unsustainable path for NASA, one that imperils long-term success. That is the conclusion of a sweeping report, titled "NASA at a Crossroads," written by a committee of aerospace experts and published Tuesday by the National Academies of Sciences, Engineering and Medicine. The report suggests that NASA prioritizes near-term missions and fails to think strategically. In other words, the space agency isn't sufficiently focused on the future.

NASA's intense focus on current missions is understandable, considering the unforgiving nature of space operations, but "one tends to neglect the probably less glamorous thing that will determine the success in the future," the report's lead author, Norman Augustine, a retired Lockheed Martin chief executive, said Tuesday. He said one solution for NASA's problems is more funding from Congress. But that may be hard to come by, in which case, he said, the agency needs to consider canceling or delaying costly missions to invest in more mundane but strategically important institutional needs, such as technology development and workforce training. Augustine said he is concerned that NASA could lose in-house expertise if it relies too heavily on the private industry for newly emerging technologies. "It will have trouble hiring innovative, creative engineers. Innovative, creative engineers don't want to have a job that consists of overseeing other people's work," he said...

The report is hardly a blistering screed. The tone is parental. It praises the agency — with a budget of about $25 billion — for its triumphs while urging more prudent decision-making and long-term strategizing.

NASA pursues spectacular missions. It has sent swarms of robotic probes across the solar system and even into interstellar space. Astronauts have continuously been in orbit for more than two decades. The most ambitious program, Artemis, aims to put astronauts back on the moon in a few short years. And long-term, NASA hopes to put astronauts on Mars. But a truism in the industry is that space is hard. The new report contends that NASA has a mismatch between its ambitions and its budget, and needs to pay attention to fundamentals such as fixing its aging infrastructure and retaining in-house talent. NASA's overall physical infrastructure is already well beyond its design life, and this fraction continues to grow," the report states.
NASA Administrator Bill Nelson said the report "aligns with our current efforts to ensure we have the infrastructure, workforce, and technology that NASA needs for the decades ahead," according to the article.

Nelson added that the agency "will continue to work diligently to address the committee's recommendations."

Samba is "a free software re-implementation of the SMB networking protocol," according to Wikipedia. And now the Samba project "has secured significant funding (€688,800.00) from the German Sovereign Tech Fund to advance the project," writes Jeremy Allison — Sam (who is Slashdot reader #8,157 — and also a long standing member of Samba's core team): The investment was successfully applied for by [information security service provider] SerNet. Over the next 18 months, Samba developers from SerNet will tackle 17 key development subprojects aimed at enhancing Samba's security, scalability, and functionality.

The Sovereign Tech Fund is a German federal government funding program that supports the development, improvement, and maintenance of open digital infrastructure. Their goal is to sustainably strengthen the open source ecosystem.

The project's focus is on areas like SMB3 Transparent Failover, SMB3 UNIX extensions, SMB-Direct, Performance and modern security protocols such as SMB over QUIC. These improvements are designed to ensure that Samba remains a robust and secure solution for organizations that rely on a sovereign IT infrastructure. Development work began as early as September the 1st and is expected to be completed by the end of February 2026 for all sub-projects.

All development will be done in the open following the existing Samba development process. First gitlab CI pipelines have already been running and gitlab MRs will appear soon!
Back in 2000, Jeremy Allison answered questions from Slashdot readers about Samba.

Allison is now a board member at both the GNOME Foundation and the Software Freedom Conservancy, a distinguished engineer at Rocky Linux creator CIQ, and a long-time free software advocate.

23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. BleepingComputer reports: The proposed class action settlement (PDF), filed Thursday in a San Francisco federal court and awaiting judicial approval, includes cash payments for affected customers, which will be distributed within ten days of final approval. "23andMe believes the settlement is fair, adequate, and reasonable," the company said in a memorandum filed (PDF) Friday.

23andMe has also agreed to strengthen its security protocols, including protections against credential-stuffing attacks, mandatory two-factor authentication for all users, and annual cybersecurity audits. The company must also create and maintain a data breach incident response plan and stop retaining personal data for inactive or deactivated accounts. An updated Information Security Program will also be provided to all employees during annual training sessions. "23andMe denies the claims and allegations set forth in the Complaint, denies that it failed to properly protect the Personal Information of its consumers and users, and further denies the viability of Settlement Class Representatives' claims for statutory damages," the company said in the filed preliminary settlement.

"23andMe denies any wrongdoing whatsoever, and this Agreement shall in no event be construed or deemed to be evidence of or an admission or concession on the part of 23andMe with respect to any claim of any fault or liability or wrongdoing or damage whatsoever."

Former FTX CEO Sam Bankman-Fried's legal team has filed an appeal challenging his conviction on seven felony counts and his 25-year prison sentence. They argue that he was not presumed innocent, that the jury received incomplete information about FTX user funds, and that the prosecution's narrative was biased. CoinTelegraph reports: In a Sept. 13 filing in the United States Court of Appeals for the Second Circuit, SBF's lawyers filed a 102-page brief claiming that the former FTX CEO was "never presumed innocent," subject to scrutiny that allegedly affected prosecutors, the presiding judge, and treatment by the media. Bankman-Fried's legal team announced in April -- a few weeks after a federal judge sentenced him to 25 years in prison -- that they intended to appeal. According to the appeal, SBF's lawyers alleged the jury was "only allowed to see half the picture" with FTX user funds, claiming prosecutors had "presented a false narrative" that the money was permanently lost and Bankman-Fried intentionally caused that loss. They also claimed that counsel for the FTX debtors worked with the US government in a way that was above and beyond "cooperation," providing information allegedly as an "arm of the prosecution."

"From day one, the prevailing narrative -- initially spun by the lawyers who took over FTX, quickly adopted by their contacts at the US Attorney's Office -- was that Bankman-Fried had stolen billions of dollars of customer funds, driven FTX to insolvency, and caused billions in losses," said the appeal. "Now, nearly two years later, a very different picture is emerging -- one confirming FTX was never insolvent, and in fact had assets worth billions to repay its customers. But the jury at Bankman-Fried's trial never got to see that picture." The legal team requested the appellate court grant SBF a new trial with a different judge. It's unclear whether the Second Circuit could rule to affirm Bankman-Fried's conviction in the US District Court for the Southern District of New York or reverse the decision and set the groundwork for a new trial.

An anonymous reader quotes a report from Wired: You can tell a lot about someone from their eyes. They can indicate how tired you are, the type of mood you're in, and potentially provide clues about health problems. But your eyes could also leak more secretive information: your passwords, PINs, and messages you type. Today, a group of six computer scientists are revealing a new attack against Apple's Vision Pro mixed reality headset where exposed eye-tracking data allowed them to decipher what people entered on the device's virtual keyboard. The attack, dubbed GAZEploit and shared exclusively with WIRED, allowed the researchers to successfully reconstruct passwords, PINs, and messages people typed with their eyes. "Based on the direction of the eye movement, the hacker can determine which key the victim is now typing," says Hanqiu Wang, one of the leading researchers involved in the work. They identified the correct letters people typed in passwords 77 percent of the time within five guesses and 92 percent of the time in messages.

To be clear, the researchers did not gain access to Apple's headset to see what they were viewing. Instead, they worked out what people were typing by remotely analyzing the eye movements of a virtual avatar created by the Vision Pro. This avatar can be used in Zoom calls, Teams, Slack, Reddit, Tinder, Twitter, Skype, and FaceTime. The researchers alerted Apple to the vulnerability in April, and the company issued a patch to stop the potential for data to leak at the end of July. It is the first attack to exploit people's "gaze" data in this way, the researchers say. The findings underline how people's biometric data -- information and measurements about your body -- can expose sensitive information and beused as part of the burgeoning surveillance industry.

The GAZEploit attack consists of two parts, says Zhan, one of the lead researchers. First, the researchers created a way to identify when someone wearing the Vision Pro is typing by analyzing the 3D avatar they are sharing. For this, they trained a recurrent neural network, a type of deep learning model, with recordings of 30 people's avatars while they completed a variety of typing tasks. When someone is typing using the Vision Pro, their gaze fixates on the key they are likely to press, the researchers say, before quickly moving to the next key. "When we are typing our gaze will show some regular patterns," Zhan says. Wang says these patterns are more common during typing than if someone is browsing a website or watching a video while wearing the headset. "During tasks like gaze typing, the frequency of your eye blinking decreases because you are more focused," Wang says. In short: Looking at a QWERTY keyboard and moving between the letters is a pretty distinct behavior.

The second part of the research, Zhan explains, uses geometric calculations to work out where someone has positioned the keyboard and the size they've made it. "The only requirement is that as long as we get enough gaze information that can accurately recover the keyboard, then all following keystrokes can be detected." Combining these two elements, they were able to predict the keys someone was likely to be typing. In a series of lab tests, they didn't have any knowledge of the victim's typing habits, speed, or know where the keyboard was placed. However, the researchers could predict the correct letters typed, in a maximum of five guesses, with 92.1 percent accuracy in messages, 77 percent of the time for passwords, 73 percent of the time for PINs, and 86.1 percent of occasions for emails, URLs, and webpages. (On the first guess, the letters would be right between 35 and 59 percent of the time, depending on what kind of information they were trying to work out.) Duplicate letters and typos add extra challenges.

A U.S. District Court judge on Thursday allowed New York-based startup Kalshi to legally offer betting on the outcome of the November Congressional elections (Warning: source paywalled; alternative source), despite opposition from the Commodity Futures Trading Commission (CFTC), which plans to appeal the decision due to concerns about potential market manipulation and public trust in the electoral process. Within minutes of the ruling, people began placing bets on Kalshi's website. It's currently the only legal opportunity for Americans to bet on U.S. elections under government regulation. Fortune reports: A startup company on Thursday began taking what amounts to bets on the outcome of the November Congressional elections after a judge refused to block them from doing so. The ruling by U.S. District Court Judge Jia Cobb in Washington permitted the only legally sanctioned bets on U.S. elections by an American jurisdiction. It enabled, at least temporarily, New York-based Kalshi to offer prediction contracts -- essentially yes-or-no bets -- on which party will win control of the Senate and the House in November. The company and its lawyer did not respond to requests for comment, but within 90 minutes of the judge's ruling, the bets were being advertised on the company's web site. Earlier in the day, the website had said they were "coming soon."

It was not clear how long such betting might last; the Commodity Futures Trading Commission, which last year prohibited the company from offering them, said it would appeal the ruling as quickly as possible. Contrasting his client with foreign companies who take bets from American customers on U.S. elections without U.S. government approval, Roth said Kalshi is trying to do things the right way, under government regulation. "It invested significantly in these markets," he said during Thursday's hearing. "They spent millions of dollars. It would be perverse if all that investment went up in smoke."

But Raagnee Beri, an attorney for the commission, said allowing such bets could invite malicious activities designed to influence the outcome of elections and undermine already fragile public confidence in the voting process. "These contracts would give market participants a $100 million incentive to influence the market on the election," she said. "There is a very severe public interest threat." She used the analogy of someone who has taken an investment position in corn commodities. "Somebody puts out misinformation about a drought, that a drought is coming," she said. "That could move the market on the price of corn. The same thing could happen here. The commission is not required to suffer the flood before building a dam."

Mobile phone location data has linked site visits by US securities watchdogs to the headquarters of companies with measurable drops in their share prices -- even when no enforcement action is taken. From a report: When insiders sold shares right around a non-public visit by staff from the Securities and Exchange Commission, they avoided average losses of 4.9 per cent in the three months after the visit, according to a study led by researchers at four Midwestern universities. By matching commercially available data with share price moves, the study offers a window into the secretive world of securities enforcement beyond publicly announced cases. It also raises questions about the rules around insider trading.

"Maybe we should be thinking about what the rules are when the SEC shows up," said Marcus Painter, assistant professor of finance at Saint Louis University and one of the authors. The research used geolocation data to identify mobile phones that spent significant amounts of time at the SEC's various offices around the country. They then tracked those phones to corporate headquarters around the world in the 12-month period right before Covid-19 lockdowns led to extensive working from home.