China launched 12 satellites on Wednesday as part of the âoeThree-Body Computing Constellation,â the worldâ(TM)s first dedicated orbital computing network led by ADA Space and Zhejiang Lab. SpaceNews reports: A Long March 2D rocket lifted off at 12:12 a.m. Eastern (0412 UTC) May 14 from Jiuquan Satellite Launch Center in northwest China. Insulation tiles fell away from the payload fairing as the rocket climbed into a clear blue sky above the spaceport. The China Aerospace Science and Technology Corporation (CASC) announced a fully successful launch, revealing the mission to have sent 12 satellites for a space computing constellation into orbit. Commercial company ADA Space released further details, stating that the 12 satellites form the "Three-Body Computing Constellation," which will directly process data in space, rather than on the ground, reducing reliance on ground-based computing infrastructure. The constellation will be capable of a combined 5 peta operations per second (POPS) with 30 terabytes of onboard storage.

The satellites feature advanced AI capabilities, up to 100 Gbps laser inter-satellite links and remote sensing payloads -- data from which will be processed onboard, reducing data transmission requirements. One satellite also carries a cosmic X-ray polarimeter developed by Guangxi University and the National Astronomical Observatories of the Chinese Academy of Sciences (NAOC), which will detect, identify and classify transient events such as gamma-ray bursts, while also triggering messages to enable followup observations by other missions. [...] The company says the constellation can meet the growing demand for real-time computing in space, as well as help China take the lead globally in building space computing infrastructure, seize the commanding heights of this future industry. The development could mark the beginning of space-based cloud computing as a new capability, as well as open a new arena for strategic competition with the U.S. You can watch a recording of the launch here.

Netflix said its cheaper, ad-supporter tier now has 94 million monthly active users -- an increase of more than 20 million since its last public tally in November. CNBC reports: The company and its peers have been increasingly leaning on advertising to boost the profitability of their streaming products. Netflix first introduced the ad-supported plan in November 2022. Netflix's ad-supported plan costs $7.99 per month, a steep discount from its least-expensive ad-free plan, at $17.99 per month. Netflix also said its cheapest tier reaches more 18- to 34-year-olds than any U.S. broadcast or cable network. "When you compare us to our competitors, attention starts higher and ends much higher," Netflix president of advertising Amy Reinhard said in a statement. "Even more impressive, members pay as much attention to mid-roll ads as they do to the shows and movies themselves."

An anonymous reader quotes a report from Ars Technica: Federal Communications Commission Chairman Brendan Carr has threatened to revoke EchoStar licenses for radio frequency bands coveted by rival firms including SpaceX, which alleges that EchoStar is underutilizing the spectrum. "I have directed agency staff to begin a review of EchoStar's compliance with its federal obligations to provide 5G service throughout the United States per the terms of its federal spectrum licenses," Carr wrote in a May 9 letter to EchoStar Chairman Charles Ergen. EchoStar and its affiliates "hold a large number of FCC spectrum licenses that cover a significant amount of spectrum," the letter said.

Ergen defended his company's wireless deployment but informed investors that EchoStar "cannot predict with any degree of certainty the outcome" of the FCC proceedings. The letter from Carr and Ergen's statement is included in a Securities and Exchange Commission filing submitted by EchoStar today. EchoStar's stock price was down about 8 percent in trading today. EchoStar bought Dish Network in December 2023 and offers wireless service under the Boost Mobile brand. As The Wall Street Journal notes, the firm "has spent years wiring thousands of cellphone towers to help Boost become a wireless operator that could rival AT&T, Verizon and T-Mobile, but the project has been slow-going. Boost's subscriber base has shrunk in the five years since Ergen bought the brand from Sprint." [...]

EchoStar will have to prove its case in the two FCC proceedings. The FCC set a May 27 deadline for the first round of comments in both proceedings and a June 6 deadline for reply comments. The proceedings could result in the FCC letting other companies use the spectrum and other remedies. "In particular, we seek information on whether EchoStar is utilizing the 2 GHz band for MSS consistent with the terms of its authorizations and the Commission's rules and policies governing the expectation of robust MSS," the FCC Space Bureau's call for comments said. "We also seek comment on steps the Commission might take to make more intensive use of the 2 GHz band, including but not limited to allowing new MSS entrants in the band." Last month, SpaceX urged the FCC to reallocate the spectrum, saying "the 2 GHz band remains ripe for sharing among next-generation satellite systems that seek to finally make productive use of the spectrum for consumers and first responders."

EchoStar countered that SpaceX's filing is "intended to cloak another land grab for even more free spectrum," and that its "methodology is completely nonsensical, given that EchoStar's terrestrial deployment is subject to population-based milestones that EchoStar has repeatedly demonstrated in status reports."

Cybersecurity researchers have flagged three malicious npm packages that target the macOS version of AI-powered code-editing tool Cursor, reports The Hacker News: "Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's main.js file, and disable auto-updates to maintain persistence," Socket researcher Kirill Boychenko said. All three packages continue to be available for download from the npm registry. "Aiide-cur" was first published on February 14, 2025...

In total, the three packages have been downloaded over 3,200 times to date.... The findings point to an emerging trend where threat actors are using rogue npm packages as a way to introduce malicious modifications to other legitimate libraries or software already installed on developer systems... "By operating inside a legitimate parent process — an IDE or shared library — the malicious logic inherits the application's trust, maintains persistence even after the offending package is removed, and automatically gains whatever privileges that software holds, from API tokens and signing keys to outbound network access," Socket told The Hacker News.

"This campaign highlights a growing supply chain threat, with threat actors increasingly using malicious patches to compromise trusted local software," Boychenko said.
The npm packages "restart the application so that the patched code takes effect," letting the threat actor "execute arbitrary code within the context of the platform."

"Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware," reports Ars Technica, "a strong indication that devices belonging to him have been hacked in recent years." As an employee of DOGE, [30-something Kyle] Schutt accessed FEMA's proprietary software for managing both disaster and non-disaster funding grants [to Dropsite News]. Under his role at CISA, he likely is privy to sensitive information regarding the security of civilian federal government networks and critical infrastructure throughout the U.S. According to journalist Micah Lee, user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware... Besides pilfering login credentials, stealers can also log all keystrokes and capture or record screen output. The data is then sent to the attacker and, occasionally after that, can make its way into public credential dumps...

Lee went on to say that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service Have I Been Pwned. Among the breaches that supplied the credentials is one from 2013 that pilfered password data for 3 million Adobe account holders, one in a 2016 breach that stole credentials for 164 million LinkedIn users, a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.
The credentials may have been exposed when service providers were compromised, the article points out, but the "steady stream of published credentials" is "a clear indication that the credentials he has used over a decade or more have been publicly known at various points.

"And as Lee noted, the four dumps from stealer logs show that at least one of his devices was hacked at some point."

Thanks to Slashdot reader gkelley for sharing the news.

Long-time Slashdot reader smooth wombat writes: Over the past year there have been stories about North Korean spies unknowingly or knowingly being hired to work in western companies. During an interview by Kraken, a crypto exchange, the interviewers became suspicious about the candidate. Instead of cutting off the interview, Kraken decided to continue the candidate through the hiring process to gain more information. One simple question confirmed the user wasn't who they said they were and even worse, was a North Korean spy.
Would-be IT worker "Steven Smith" already had an email address on a "do-not-hire" list from law enforcement agencies, according to CBS News. And an article in Fortune magazine says Kraken asked him to speak to a recruiter and take a technical-pretest, and "I don't think he actually answered any questions that we asked him," according to its chief security officer Nick Percoco — even though the application was claiming 11 years of experience as a software engineer at U.S.-based companies: The interview was scheduled for Halloween, a classic American holiday—especially for college students in New York—that Smith seemed to know nothing about. "Watch out tonight because some people might be ringing your doorbell, kids with chain saws," Percoco said, referring to the tradition of trick or treating. "What do you do when those people show up?"

Smith shrugged and shook his head. "Nothing special," he said.

Smith was also unable to answer simple questions about Houston, the town he had supposedly been living in for two years. Despite having listed "food" as an interest on his résumé, Smith was unable to come up with a straight answer when asked about his favorite restaurant in the Houston area. He looked around for a few seconds before mumbling, "Nothing special here...."

The United Nations estimates that North Korea has generated between $250 million to $600 million per year by tricking overseas firms to hire its spies. A network of North Koreans, known as Famous Chollima, was behind 304 individual incidents last year, cybersecurity company CrowdStrike reported, predicting that the campaigns will continue to grow in 2025.
During a report CBS News actually aired footage of the job interview with the "suspected member of Kim Jong Un's cyberarmy." "Some people might call it trolling as well," one company official told the news outlet. "We call it security research." (And they raise the disturbing possibility that another IT company might very well have hired "Steven Smith"...)

CBS also spoke to CrowdStrike co-founder Dmitri Alperovitch, who says the problem increased with remote work, as is now fueling a state-run weapons program. "It's a huge problem because these people are not just North Koreans — they're North Koreans working for their munitions industry department, they're working for the Korean People's Army." (He says later the results of their work are "going directly" to North Korea's nuclear and ballistic missile programs.)

And when CBS notes that the FBI issued a wanted poster of alleged North Korean agents and arrested Americans hosting laptop farms in Arizona and Tennesse ("computer hubs inside the U.S. that conceal the cybercriminals real identities"), Alperovitch says "They cannot do this fraud without support here in America from witting or unwitting actors. So they have hired probably hundreds of people..." CBS adds that FBI officials say "the IT worker scene is expanding worldwide."

An anonymous reader quotes a report from BleepingComputer: Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. The U.S. Justice Department also indicted three Russian nationals (Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, and Aleksandr Aleksandrovich Shishkin) and a Kazakhstani (Dmitriy Rubtsov) for their involvement in operating, maintaining, and profiting from these two illegal services.

During this joint action dubbed 'Operation Moonlander,' U.S. authorities worked with prosecutors and investigators from the Dutch National Police, the Netherlands Public Prosecution Service (Openbaar Ministerie), and the Royal Thai Police, as well as analysts with Lumen Technologies' Black Lotus Labs. Court documents show that the now-dismantled botnet infected older wireless internet routers worldwide with malware since at least 2004, allowing unauthorized access to compromised devices to be sold as proxy servers on Anyproxy.net and 5socks.net. The two domains were managed by a Virginia-based company and hosted on servers globally.

On Wednesday, the FBI also issued a flash advisory (PDF) and a public service announcement warning that this botnet was targeting patch end-of-life (EoL) routers with a variant of the TheMoon malware. The FBI warned that the attackers are installing proxies later used to evade detection during cybercrime-for-hire activities, cryptocurrency theft attacks, and other illegal operations. The list of devices commonly targeted by the botnet includes Linksys and Cisco router models, including:

- Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550
- Linksys WRT320N, WRT310N, WRT610N
- Cisco M10 and Cradlepoint E100 "The botnet controllers require cryptocurrency for payment. Users are allowed to connect directly with proxies using no authentication, which, as documented in previous cases, can lead to a broad spectrum of malicious actors gaining free access," Black Lotus Labs said. "Given the source range, only around 10% are detected as malicious in popular tools such as VirusTotal, meaning they consistently avoid network monitoring tools with a high degree of success. Proxies such as this are designed to help conceal a range of illicit pursuits including ad fraud, DDoS attacks, brute forcing, or exploiting victim's data."

Alexander Mashinsky, the former CEO of Celsius Network, was sentenced to 12 years in prison on Thursday after pleading guilty to two counts of fraud, a dramatic fall for the leader of a company once hailed as the "bank" of the crypto industry. From a report: Standing before U.S. District Judge John G. Koeltl in Manhattan's Southern District, Mashinsky faced the consequences of what prosecutors described as a sweeping scheme to defraud investors. In December he pleaded guilty to commodities fraud and a scheme to manipulate the Celsius token.

His sentencing took place in courtroom 14A at 500 Pearl Street -- a venue that has seen several crypto executives-turned-felons. Mashinsky's legal troubles began in 2023 when he was arrested on charges of securities, commodities, and wire fraud, just as Celsius reached a $4.7 billion settlement with the Federal Trade Commission -- one of the largest in the FTC's history.

Waymo's autonomous vehicles operating on Uber's platform in Austin are completing more trips per day than over 99% of human drivers in the market, according to Uber's Q1 2025 earnings report [PDF] released Wednesday. The fleet of approximately 100 autonomous Waymo vehicles, launched exclusively on Uber in March, has "exceeded expectations," CEO Dara Khosrowshahi stated in the report.

He cited the performance to "Waymo's safety record and rider experience coupled with Uber's scale and reliability." Uber has rapidly expanded its autonomous vehicle operations, reaching an annual run-rate of 1.5 million mobility and delivery AV trips across its network. The company plans to scale to hundreds of vehicles in Austin in the coming months, while preparing for a launch in Atlanta by early summer. Khosrowshahi said that autonomous vehicle technology represents "the single greatest opportunity ahead for Uber."

New York City's subway system continues to operate largely on analog signal technology installed nearly a century ago, with 85% of the network still relying on mechanical equipment that requires constant human intervention. The outdated system causes approximately 4,000 train delays monthly and represents a technological time capsule in America's largest mass transit system.

Deep inside Brooklyn's Hoyt-Schermerhorn station, transit worker Dyanesha Pryor operates a hulking machine the size of a grand piano by manipulating 24 metal levers that control nearby trains. Each command requires a precise sequence of movements, punctuated by metallic clanking as levers slam into place. When Pryor needs to step away, even for a bathroom break, express service must be rerouted until she returns, forcing all trains onto local tracks.

The antiquated "fixed block" signaling divides tracks into approximately 1,000-foot sections. When a train occupies a block, it cuts off electrical current, providing only a general position rather than precise location data. This imprecision requires maintaining buffer zones between trains, significantly limiting capacity as ridership has grown. Maintenance challenges are also piling up, writes the New York Times. Hundreds of cloth-wrapped wires -- rather than modern rubber insulation -- fill back rooms and are prone to failure. When equipment breaks, replacements often must be custom-made in MTA workshops, as many components have been discontinued for decades.

The Metropolitan Transportation Authority has begun replacing this system with communications-based train control (C.B.T.C.), which uses computers and wireless technology to monitor trains' exact locations. Routes already converted to C.B.T.C., including the L line (2006) and 7 line (2018), consistently show the best on-time performance. However, the $25 million per-mile upgrade program faces uncertain funding after the Trump administration threatened to kill New York's congestion pricing plan, which would provide $3 billion for signal modernization.

Did you know there's an initiative to drive Open Source adoption both within the United Nations — and globally? Launched in March, it's the work of the Digital Technology Network (under the UN's chief executive board) which "works to advance open source technologies throughout UN agencies," promoting "collaboration and scalable solutions to support the UN's digital transformation." Fun fact: The first group to endorse the initiative's principles was the Open Source Initiative...

"The Open Source Initiative applauds the United Nations for recognizing the growing importance of Open Source in solving global challenges and building sustainable solutions, and we are honored to be the first to endorse the UN Open Source Principles," said Stefano Maffulli, executive director of OSI.
But that's just the beginining, writes It's FOSS News: As part of the UN Open Source Principles initiative, the UN has invited other organizations to support and officially endorse these principles. To collect responses, they are using CryptPad instead of Google Forms... If you don't know about CryptPad, it is a privacy-focused, open source online collaboration office suite that encrypts all of its content, doesn't log IP addresses, and supports a wide range of collaborative documents and tools for people to use.

While this happened back in late March, we thought it would be a good idea to let people know that a well-known global governing body like the UN was slowly moving towards integrating open source tech into their organization... I sincerely hope the UN continues its push away from proprietary Big Tech solutions in favor of more open, privacy-respecting alternatives, integrating more of their workflow with such tools.
16 groups have already endorsed the UN Open Source Principles (including the GNOME Foundation, the Linux Foundation, and the Eclipse Foundation).

Here's the eight UN Open Source Principles:

1. Open by default: Making Open Source the standard approach for projects
2. Contribute back: Encouraging active participation in the Open Source ecosystem
3. Secure by design: Making security a priority in all software projects
4. Foster inclusive participation and community building: Enabling and facilitating diverse and inclusive contributions
5. Design for reusability: Designing projects to be interoperable across various platforms and ecosystems
6. Provide documentation: Providing thorough documentation for end-users, integrators and developers
7. RISE (recognize, incentivize, support and empower): Empowering individuals and communities to actively participate
8. Sustain and scale: Supporting the development of solutions that meet the evolving needs of the UN system and beyond.

Slashdot reader Mirnotoriety shared this report from the Register: A proof-of-concept program has been released to demonstrate a so-called monitoring "blind spot" in how some Linux antivirus and other endpoint protection tools use the kernel's io_uring interface.

That interface allows applications to make IO requests without using traditional system calls [to enhance performance by enabling asynchronous I/O operations between user space and the Linux kernel through shared ring buffers]. That's a problem for security tools that rely on syscall monitoring to detect threats... [which] may miss changes that are instead going through the io_uring queues.

To demonstrate this, security shop ARMO built a proof-of-concept named Curing that lives entirely through io_uring. Because it avoids system calls, the program apparently went undetected by tools including Falco, Tetragon, and Microsoft Defender in their default configurations. ARMO claimed this is a "major blind spot" in the Linux security stack... "Not many companies are using it but you don't need to be using it for an attacker to use it as enabled by default in most Linux systems, potentially tens of thousands of servers," ARMO's CEO Shauli Rozen told The Register. "If you're not using io_uring then disable it, but that's not always easy with cloud vendors."

In 2016, an online "swarm intelligence" platform stunned horse-racing fans by making a correct prediction for the Kentucky Derby — naming all four top finishers in order. (But the next year its predictions weren't even close, with TechRepublic suggesting 2016's race just had an unusual cluster of obvious picks.)

Since then it's become almost a tradition — asking AI to predict the winning horses each year, then see how close it came. So before today's race, a horse named "Journalism" was given the best odds of winning by professional bookmakers — but could AI make a better prediction? USA Today reports: The USA TODAY Network asked Microsoft Copilot AI to simulate the order of finish for the 2025 Kentucky Derby field based on the latest, odds, predictions and race factors on Thursday, May 1. Journalism came out on top in its projection. The AI-generated response cited Journalism's favorable post position (No. 8), which has produced the second-most Kentucky Derby winners and a four-race winning streak that includes last month's Santa Anita Derby.
ChatGPT also picked the exact same horse, according to FanDuel. But in fact, the winning horse turned out to be "Sovereignty" (a horse Copilot predicted would finish second). Meanwhile Copilot's pick for first place ("Journalism") finished in second.

But after that Copilot's picks were way off...

• Copilot's pick for third place was a horse named Rodriguez — which hours later was scratched from the race altogether. (And the next day Copilot's pick for 10th place was also scratched.)

• Copilot's pick for fourth place was "Sandman" — who finished in 18th place.

• Copilot's pick for fifth place was "Burnham Square" — who finished in 11th place.

• Copilot's pick for sixth place was "Luxor Cafe" — who finished in 10th place

• Copilot's pick for seventh place was "Render Judgment" — who finished in 16th place...

An online racing publication also asked "a trained AI LLM tool" for their predictions, and received a wildly uneven prediction:

1. Burnham Square (finished 11th)
2. Journalism (finished 2nd)
3. Sandman (finished 18th)
4. Tiztastic (finished 15th)
5. Baeza (finished 3rd)

Threads has now grown to over 350 million monthly active users, reports TechCrunch, citing Mark Zuckerberg's comments on a company earnings call. That means Threads grew by 9.4% in roughly 90 days: That's an increase of 30 million users since the prior quarter, where Meta reported that Threads had 320 million users. The new figure represents increased growth, as Threads added 30 million in the first quarter of this year, compared with 20 million in Q4 2024.

It's also worth noting that in a single quarter, Threads added nearly the same number of users to its network as one of its newer competitors, Bluesky. The latter, a decentralized social app, today has roughly 35 million users.
Zuckerberg also said there's been a 35% increase in time spent on Threads, according to the article, as a result of improvements to its recommendations systems.

The Open Source Initiative is joining "a global community of contributors" for GitHub's annual event "honoring the individuals who steward and sustain Open Source projects."

And the theme of the 5th Annual "Maintainer Month" will be: securing Open Source: Throughout the month, OSI and our affiliates will be highlighting maintainers who prioritize security in their projects, sharing their stories, and providing a platform for collaboration and learning... Maintainer Month is a time to gather, share knowledge, and express appreciation for the people who keep Open Source projects running. These maintainers not only review issues and merge pull requests — they also navigate community dynamics, mentor new contributors, and increasingly, adopt security best practices to protect their code and users....

- OSI will publish a series of articles on Opensource.net highlighting maintainers whose work centers around security...

- As part of our programming for May, OSI will host a virtual Town Hall [May 21st] with our affiliate organizations and invite the broader Open Source community to join....

- Maintainer Month is also a time to tell the stories of those who often work behind the scenes. OSI will be amplifying voices from across our affiliate network and encouraging communities to recognize the people whose efforts are often invisible, yet essential.
"These efforts are not just celebrations — they are opportunities to recognize the essential role maintainers play in safeguarding the Open Source infrastructure that underpins so much of our digital world," according to the OSI's announcement. And this year they're focusing on three key areas of open source security:

• Adopting security best practices in projects and communities

• Recognizing contributors who improve project security

• Collaborating to strengthen the ecosystem as a whole

Uber is partnering with Chinese autonomous driving startup Momenta to launch robotaxi services outside the U.S. and China, starting in Europe in early 2026 with safety operators onboard. CNBC reports: Uber said the goal is to combine its global ridesharing network with Momenta's technology to deliver safe and efficient robotaxi services. "This collaboration brings together Uber's global ridesharing expertise and Momenta's AI-first autonomous driving technology, paving the way for a future where more riders around the world experience the benefits of reliable and affordable autonomous mobility," Uber CEO Dara Khosrowshahi said in the press release. Momenta CEO Xudong Cao said the arrangement "completes the key ecosystem needed to scale autonomous driving globally."

Momenta, based in Beijing, is a leading autonomous driving company known for its "two-leg" product strategy. It offers both Mpilot, a mass-production-ready assisted driving system, and MSD (Momenta Self-Driving), aimed at full autonomy. The company has years of experience operating autonomous vehicles in cities across China and has partnerships with large equipment manufacturers.

A newly revealed set of vulnerabilities dubbed AirBorne in Apple's AirPlay SDK could allow attackers on the same Wi-Fi network to hijack tens of millions of third-party devices like smart TVs and speakers. While Apple has patched its own products, many third-party devices remain at risk, with the most severe (though unproven) threat being potential microphone access. 9to5Mac reports: Wired reports that a vulnerability in Apple's software development kit (SDK) means that tens of millions of those devices could be compromised by an attacker: "On Tuesday, researchers from the cybersecurity firm Oligo revealed what they're calling AirBorne, a collection of vulnerabilities affecting AirPlay, Apple's proprietary radio-based protocol for local wireless communication. Bugs in Apple's AirPlay software development kit (SDK) for third-party devices would allow hackers to hijack gadgets like speakers, receivers, set-top boxes, or smart TVs if they're on the same Wi-Fi network as the hacker's machine [...]

Oligo's chief technology officer and cofounder, Gal Elbaz, estimates that potentially vulnerable third-party AirPlay-enabled devices number in the tens of millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch -- or they will never be patched,' Elbaz says. 'And it's all because of vulnerabilities in one piece of software that affects everything.'"

For consumers, an attacker would first need to gain access to your home Wi-Fi network. The risk of this depends on the security of your router: millions of wireless routers also have serious security flaws, but access would be limited to the range of your Wi-Fi. AirPlay devices on public networks, like those used everywhere from coffee shops to airports, would allow direct access. The researchers say the worst-case scenario would be an attacker gaining access to the microphones in an AirPlay device, such as those in smart speakers. However, they have not demonstrated this capability, meaning it remains theoretical for now.

An anonymous reader quotes a report from ZDNet: Today, open-source software powers the world. It didn't have to be that way. The Open Invention Network's (OIN) origins are rooted in a turbulent era for open source. In the mid-2000s, Linux faced existential threats from copyright and patent litigation. Besides, the infamous SCO lawsuit and Microsoft's claims that Linux infringed on hundreds of its patents cast a shadow over the ecosystem. Business leaders became worried. While SCO's attacks petered out, patent trolls -- formally known as Patent Assertion Entities (PAEs) -- were increasing their attacks. So, open-source friendly industry giants, including IBM, Novell, Philips, Red Hat, and Sony, formed the Open Invention Network (OIN) to create a bulwark against patent threats targeting Linux and open-source technologies. Founded in 2005, the Open Invention Network (OIN) has evolved into a global community comprising over 4,000 participants, ranging from startups to multinational corporations, collectively holding more than three million patents and patent applications.

At the heart of OIN's legal strategy is a royalty-free cross-license agreement. Members agree not to assert their patents against the Linux System, creating a powerful network effect that shields open-source projects from litigation. As OIN CEO Keith Bergelt explained, this model enables "broad-based participation by ensuring patent risk mitigation in key open-source technologies, thereby facilitating open-source adoption." This approach worked then, and it continues to work today. [...] Over the years, OIN's mission has expanded beyond Linux to cover a range of open-source technologies. Its Linux System Definition, which determines the scope of patent cross-licensing, has grown from a few core packages to over 4,500 software components and platforms, including Android, Apache, Kubernetes, and ChromeOS. This expansion has been critical, as open source has become foundational across industries such as finance, automotive, telecommunications, and artificial intelligence.

South Korean telecom network SK Telecom is providing free SIM card replacements to all 25 million mobile subscribers following an April 19 security breach where malware compromised Universal Subscriber Identity Module data.

Despite the company's announcement, only 6 million replacement cards will be available through May 2025. The stolen data potentially includes IMSI numbers, authentication keys, and network usage information, though customer names, identification details, and financial information remain secure. The primary risk is unauthorized SIM swapping attacks, where threat actors could clone SIM cards.

An anonymous reader quotes a report from Wired: Automakers are increasingly pushing consumers to accept monthly and annual fees to unlock preinstalled safety and performance features, from hands-free driving systems and heated seats to cameras that can automatically record accident situations. But the additional levels of internet connectivity this subscription model requires can increase drivers' exposure to government surveillance and the likelihood of being caught up in police investigations. A cache of more than two dozen police records recently reviewed by WIRED show US law enforcement agencies regularly trained on how to take advantage of "connected cars," with subscription-based features drastically increasing the amount of data that can be accessed during investigations. The records make clear that law enforcement's knowledge of the surveillance far exceeds that of the public and reveal how corporate policies and technologies -- not the law -- determine driver privacy.

"Each manufacturer has their whole protocol on how the operating system in the vehicle utilizes telematics, mobile Wi-Fi, et cetera," one law enforcement officer noted in a presentation prepared by the California State Highway Patrol (CHP) and reviewed by WIRED. The presentation, while undated, contains statistics on connected cars for the year 2024. "If the vehicle has an active subscription," they add, "it does create more data." The CHP presentation, obtained by government transparency nonprofit Property of the People via a public records request, trains police on how to acquire data based on a variety of hypothetical scenarios, each describing how vehicle data can be acquired based on the year, make, and model of a vehicle. The presentation acknowledges that access to data can ultimately be limited due to choices made by not only vehicle manufacturers but the internet service providers on which connected devices rely.

One document notes, for instance, that when a General Motors vehicle is equipped with an active OnStar subscription, it will transmit data -- revealing its location -- roughly twice as often as a Ford vehicle. Different ISPs appear to have not only different capabilities but policies when it comes to responding to government requests for information. Police may be able to rely on AT&T to help identify certain vehicles based on connected devices active in the car but lack the ability to do so when the device relies on a T-Mobile or Verizon network instead. [...] Nearly all subscription-based car features rely on devices that come preinstalled in a vehicle, with a cellular connection necessary only to enable the automaker's recurring-revenue scheme. The ability of car companies to charge users to activate some features is effectively the only reason the car's systems need to communicate with cell towers. The police documents note that companies often hook customers into adopting the services through free trial offers, and in some cases the devices are communicating with cell towers even when users decline to subscribe.