Slashdot.org

Research shows there is a 'sweet spot' and subjective wellbeing drops off after about five hours. The Guardian: The lesson of Goldilocks, that one can have too much of a good thing, even when it comes to the size of a chair, has applied in fields from astrobiology to economics. Now, it seems it may even govern our free time. Researchers have found that while levels of subjective wellbeing initially rise as free time increases, the trend does not necessarily hold for very high levels of leisure. "The sweet spot is a moderate amount of free time," said Dr Marissa Sharif, a co-author of the study from the University of Pennsylvania. "We found that having too much time was associated with lower subjective wellbeing due to a lacking sense of productivity and purpose." Writing in the Journal of Personality and Social Psychology, Sharif and colleagues reported how they analysed results from two large-scale surveys, involving a combined total of more than 35,000 participants. One was the American Time Use Survey, which was carried out between 2012 and 2013 and asked participants what they had done in the past 24 hours. After crowdsourcing opinions on which activities would be equated with leisure time and then calculating this time for participants, the team found that while subjective wellbeing rose with the amount of free time up to about two hours, it began to drop once it exceeded five hours. Meanwhile data from the National Study of the Changing Workforce, carried out between 1992 and 2008, revealed that beyond a certain point, having more free time was no longer linked to greater subjective wellbeing, but it did not dip -- possibly because few of the participants reported having more than five hours of free time a day.

Read more of this story at Slashdot.

A Pentagon program that delegated management of a huge swath of the Internet to a Florida company in January -- just minutes before President Trump left office -- has ended as mysteriously as it began, with the Defense Department this week retaking control of 175 million IP addresses. New submitter echo123 shares a report: The program had drawn scrutiny because of its unusual timing, starting amid a politically charged changeover of federal power, and because of its enormous scale. At its peak, the company, Global Resource Systems, controlled almost 6 percent of a section of the Internet called IPv4. The IP addresses had been under Pentagon control for decades but left unused, despite being potentially worth billions of dollars on the open market. Adding to the mystery, company registration records showed Global Resource Systems at the time was only a few months old, having been established in September 2020, and had no publicly reported federal contracts, no obvious public-facing website and no sign on the shared office space it listed as its physical address in Plantation, Fla. The company also did not respond to requests for comment, and the Pentagon did not announce the program or publicly acknowledge its existence until The Washington Post reported on it in April. And now it's done. Kind of. On Tuesday, the Pentagon made a technical announcement -- visible mainly to network administrators around the world -- saying it was resuming control of the 175 million IP addresses and directing the traffic to its own servers. On Friday the Pentagon told The Post that the pilot program, which it previously had characterized as a cybersecurity measure designed to detect unspecified "vulnerabilities" and "prevent unauthorized use of DoD IP address space," was over. Parts of the Internet once managed by Global Resource Systems, the Pentagon said, now were being overseen by the Department of Defense Information Network, known by the acronym DODIN and part of U.S. Cyber Command, based at Fort Meade.

Read more of this story at Slashdot.

Lack of communication, confusion about payments and long delays have security researchers fed up with Apple's bug bounty program. The Washington Post: Hoping to discover hidden weaknesses, Apple for five years now has invited hackers to break into its services and its iconic phones and laptops, offering up to $1 million to learn of its most serious security flaws. [...] But many who are familiar with the program say Apple is slow to fix reported bugs and does not always pay hackers what they believe they're owed. Ultimately, they say, Apple's insular culture has hurt the program and created a blind spot on security. "It's a bug bounty program where the house always wins," said Katie Moussouris, CEO and founder of Luta Security, which worked with the Defense Department to set up its first bug bounty program. She said Apple's bad reputation in the security industry will lead to "less secure products for their customers and more cost down the line." Apple said its program, launched in 2016, is a work in progress. Until 2019, the program was not officially opened to the public, although researchers say the program was never exclusive. [...] In interviews with more than two dozen security researchers, some of whom spoke on the condition of anonymity because of nondisclosure agreements, the approaches taken by Apple's rivals were held up for comparison. Facebook, Microsoft and Google publicize their programs and highlight security researchers who receive bounties in blog posts and leader boards. They hold conferences and provide resources to encourage a broad international audience to participate. And most of them pay more money each year than Apple, which is at times the world's most valuable company. Microsoft paid $13.6 million in the 12-month period beginning July 2020. Google paid $6.7 million in 2020. Apple spent $3.7 million last year, Krstic said in his statement. He said that number is likely to increase this year. Payment amounts aren't the only measure of success, however. The best programs support open conversations between the hackers and the companies. Apple, already known for being tight-lipped, limits communication and feedback on why it chooses to pay or not pay for a bug, according to security researchers who have submitted bugs to the bounty program and a former employee who spoke on the condition of anonymity because of a nondisclosure agreement. Apple also has a massive backlog of bugs that it hasn't fixed, according to the former employee and a current employee, who also spoke on the condition of anonymity because of an NDA.

Read more of this story at Slashdot.

A U.S. Securities and Exchange Commission investigation into the SolarWinds Russian hacking operation has dozens of corporate executives fearful information unearthed in the expanding probe will expose them to liability, Reuters reported Friday, citing six people familiar with the inquiry. From the report: The SEC is asking companies to turn over records into "any other" data breach or ransomware attack since October 2019 if they downloaded a bugged network-management software update from SolarWinds, which delivers products used across corporate America, according to details of the letters shared with Reuters. People familiar with the inquiry say the requests may reveal numerous unreported cyber incidents unrelated to the Russian espionage campaign, giving the SEC a rare level of insight into previously unknown incidents that the companies likely never intended to disclose. "I've never seen anything like this," said a consultant who works with dozens of publicly traded companies that recently received the request. "What companies are concerned about is they don't know how the SEC will use this information. And most companies have had unreported breaches since then." The consultant spoke on condition of anonymity to discuss his experience. The requests are voluntary, and companies are obliged to disclose anything material to investors. But the fact the inquiries comes from the SEC's enforcement staff could raise the prospect of investigations and steep penalties if companies fail to disclose breaches or did not have the appropriate controls in place to deal with past attacks, four attorneys who regularly handle SEC cases said. Further reading: What it was like inside Microsoft during the worst cyberattack in history.

Read more of this story at Slashdot.

The company realized months ago that it could be running afoul of pay laws in a number of countries but has been slow to fix the problem, according to internal documents. From a report: In December, a group of Google managers responsible for overseeing thousands of its temporary staff members discovered the company had been underpaying some of those workers for years. The gap in so-called benchmark rates between what it paid full-time employees and temporary workers doing similar work had widened significantly, according to internal company emails and documents reviewed by The New York Times. This was especially problematic in countries with so-called pay parity laws requiring the company to pay temporary workers the same wages as full-time employees in similar positions. But Google's lapse had gone undetected outside the company. The managers worried that fixing the shortfall by suddenly lifting hourly rates by 20 percent to 30 percent would call attention to the problem and invite negative publicity to a company already criticized for creating a two-tier work force of generously compensated full-time employees and less expensive temps and contractors who are easy to hire and fire. So Google landed on a fix that wouldn't call as much attention to the problem: It decided to apply the correct rates for only new hires starting in 2021 but held off on more expensive, wholesale changes, according to company emails reviewed by The Times. Alan Barry, a Google compliance manager based in Ireland, wrote in an email to colleagues that adjusting the rates for all of its temps was the correct move from a "compliance perspective." However, doing so might increase the likelihood that its current temporary staff members could "connect the dots" about the reason behind the pay bump and place the staffing agencies who supply and pay the workers in "a difficult position, legally and ethically." "The cost is significant and it would give rise to a flurry of noise/frustration," Mr. Barry wrote. "I'm also not keen to invite the charge that we've allowed this situation to persist for so long that the correction required is significant."

Read more of this story at Slashdot.

WhatsApp said on Friday it will give its two billion users the option to encrypt their chat backups to the cloud, taking a significant step to put a lid on one of the tricky ways private communication between individuals on the app can be compromised. From a report: The Facebook-owned service has end-to-end encrypted chats between users for more than a decade. But users have had no option but to store their chat backup to their cloud -- iCloud on iPhones and Google Drive on Android -- in an unencrypted format. [...] Now WhatsApp says it is patching this weak link in the system. The company said it has devised a system to enable WhatsApp users on Android and iOS to lock their chat backups with encryption keys. WhatsApp says it will offer users two ways to encrypt their cloud backups, and the feature is optional. In the "coming weeks," users on WhatsApp will see an option to generate a 64-digit encryption key to lock their chat backups in the cloud. Users can store the encryption key offline or in a password manager of their choice, or they can create a password that backs up their encryption key in a cloud-based "backup key vault" that WhatsApp has developed.

Read more of this story at Slashdot.

PCGamer reports: Microsoft continues to double down on its assertion that the Windows 11 system requirements are absolutely necessary, and this whole TPM 2.0 schtick is vital for the safety of you, your PC, and maybe even the world. Okay, I made that last bit up, but the big M is sticking to its guns and has released another video backing its decision on excluding a whole lot of hardware that was fine with Windows 10. The latest claim is that you're going to see fewer blue screens of death -- or maybe black screens of death -- because of the new system requirements, citing a "99.8% crash-free experience in the [Windows 11] preview." Look, there's still a part of us that feels at some point in the future, maybe the distant future, Microsoft will turn around and say 'You know, what? We don't mind what processor you use with Windows 11,' but for right now this is where we're at. You need a modern CPU for Windows 11 for security and reliability. And maybe a little performance. "So the requirement for Intel 8th Gen and AMD Ryzen 2000-series, and newer, chipsets does definitely contribute to performance," states Microsoft VP Steve Dispensa in the recent video. "But the main rationale here is actually the balanced security with performance. Security is at the core of these requirements." He does point to differences in how Windows 11 prioritises apps running in the foreground window. With the system running at 90% CPU load, it's still possible to get a responsive experience opening and using foreground apps thanks to these prioritisations.

Read more of this story at Slashdot.

A crop of companies want to make sperm-freezing a routine procedure for young men, as employers start to offer it as a benefit. From a report: For decades, the conversation about waning fertility has been focused largely on women. Think of Marisa Tomei stomping on the floorboards of a front porch to emulate her biological clock ticking in "My Cousin Vinny." More employers cover the cost of cryogenic egg freezing as a workplace benefit. Recently, a small group of biotech startups have hatched, dedicated to what they say is an underserved market: male fertility. Armed with recent scientific research suggesting that the quality of sperm is declining in the West, the companies are trying to make sperm-freezing a routine procedure for young, healthy men, one covered by health insurance and free of stigma. "My fundamental belief is that if the product is affordable, this should be a no-brainer for every man," says Khaled Kteily, the 32-year-old founder of Legacy, one of the companies that Mr. Alam used to freeze his sperm. "I believe that in the future," he adds, "this will be something that parents will buy for their kids as a not-so-subtle gift." The push to make a case for its business is starting to catch on. The company recently struck a deal to eventually provide free sperm testing and storage to all active duty service members in the U.S. military, starting with the Navy SEALs, of which there are about 1,200 a year, and expanding next to all special operations forces. The Navy didn't respond to a request for comment. Soldiers regularly experience risky situations and time away from their partners, says Ellen Gustafson, a Navy wife and co-founder of the Military Family Coalition, a nonprofit that advocates for coverage of fertility medicine for members of the armed forces.

Read more of this story at Slashdot.

A U.S. judge on Friday issued a ruling in "Fortnite" creator Epic Games' antitrust lawsuit against Apple's App Store, labelling Apple's conduct in enforcing anti-steering restrictions as anticompetitive. From a report: The case may determine whether Apple is allowed to retain control over what apps appear on its iPhones and whether it is allowed to charge commissions to developers. The Verge adds: Judge Yvonne Gonzalez-Rogers issued a permanent injunction in the Epic v. Apple case on Friday morning, handing a major setback to Apple's App Store model. Under the new order, Apple is: "permanently restrained and enjoined from prohibiting developers from including in their apps and their metadata buttons, external links, or other calls to action that direct customers to purchasing mechanisms, in addition to In-App Purchasing and (ii) communicating with customers through points of contact obtained voluntarily from customers through account registration within the app."

Read more of this story at Slashdot.

An anonymous reader shares a report:These are still early days for quantum computing, far too soon to talk about domain-specific quantum systems. But if there are areas hungrier than ever for what quantum is best at -- dense optimization problems at scale -- the future cannot arrive fast enough. More specifically, the golden grail for quantum computing -- the "traveling salesman" problem -- could revolutionize the transportation industry in particular, in addition to the world's largest retailers dependent on accurate shipping data. Quantum capabilities in this arena are so critical that the first production quantum systems at scale could be purpose-designed and optimized simply for this type of problem. While these days we don't think of Amazon's delivery aspects much since the carriers are so often the focus, the combined capability of vast search coupled with near-real-time delivery dates matched to location took Amazon years to get right -- and was a billion-plus dollar effort in compute time. Peter Chapman says "infinite compute" can be brought to bear to refine the entire process that happens the moment you search for "USB drive" on Amazon, confirm your shipping location, and select only products that arrive tomorrow. The density of calculations required -- pulling from warehouse availability to planes, trains, and automobiles and their various routes through your own hometown -- is staggering. "It's the ultimate traveling salesman problem," he laughs. Chapman should know what this takes because he led the development of many of the technologies that became the fast, reliable Amazon Prime service. As director of engineering, his team of 240 engineers took Amazon from requiring customers to search and select a product and wait until checkout to find out how long delivery would take. "That meant a lot of abandoned carts and a bad user experience," he says. With global products, shipping routes, customers, carriers, product availability and warehouse locations, the order was so tall, it took rearchitecting Amazon infrastructure to do it at reasonable enough scale. "There is a practical limit to the computational resources you can apply to this, even at Amazon. We could easily consume 100x the compute but Amazon couldn't afford it," Chapman says. "There is infinite need for compute for this problem so we had to find the right tradeoffs in optimization and find what you can get for a certain amount of money spent -- and we're talking billions here. Our goal was to make sure it wasn't $20 billion." He adds that the cost of these systems were growing faster than the top line of Amazon's sales.

Read more of this story at Slashdot.

Food-delivery companies DoorDash, Grubhub and Uber Eats have sued New York City over a legislation to license food-delivery apps and to permanently cap commissions they can charge restaurants. From a report: The three food-delivery companies filed a lawsuit in federal court in New York late on Thursday. The companies are seeking an injunction that would prevent New York from enforcing the fee-cap ordinance adopted last month, as well as unspecified monetary damages and a jury trial. The New York City Council approved in August a legislation which limits the amount that food-delivery companies can charge restaurants to use their platforms and requires them to obtain operating licenses that are valid for two years. read more "Those permanent price controls will harm not only Plaintiffs, but also the revitalization of the very local restaurants that the City claims to serve," the companies said in the lawsuit filed on Thursday. The suit argues that the legislation is unconstitutional because "it interferes with freely negotiated contracts between platforms and restaurants by changing and dictating the economic terms on which a dynamic industry operates."

Read more of this story at Slashdot.

Here's a sentence that's basically unintelligible to most people: Humans must mitigate global warming by pursuing an unprecedented transition to a carbon neutral economy. A recent study found that some of the most common terms in climate science are confusing to the general public. From a report: The study tested words that are frequently used in international climate reports, and it concluded that the most confusing terms were "mitigation," "carbon neutral" and "unprecedented transition." "I think the main message is to avoid jargon," says Wandi Bruine de Bruin, a behavioral scientist at the University of Southern California and the lead author of the study. "That includes words that may seem like everyone should understand them." For example, participants in the study mixed up the word "mitigation," which commonly refers to efforts that reduce greenhouse gas emissions, with the word "mediation," which is a way to resolve disputes. And even simple terms such as "carbon" can be misleading, the study found. Sometimes, carbon is shorthand for carbon dioxide. Other times, it's used to refer to multiple greenhouse gases. "As experts in a particular field, we may not realize which of the words that we're using are jargon," says Bruine de Bruin. The study is the latest indication that scientists need to do a better job communicating about global warming, especially when the intended audience is the general public. Clear climate communication gets more important every day because climate change is affecting every part of life on Earth. Nurses, doctors, farmers, teachers, engineers and business executives need reliable, accessible information about how global warming is affecting their patients, crops, students, buildings and businesses. And extreme weather this summer -- from floods to fires, hurricanes to droughts -- underscores the urgency of clear climate communication.

Read more of this story at Slashdot.

Apple appointed one of its top software executives, Kevin Lynch, to oversee its nascent self-driving car project after the previous leader left for Ford Motor. From a report: Lynch, an Adobe veteran who joined Apple in 2013 to run the software group for the company's smartwatch and health efforts, replaced Doug Field as the manager in charge of the car work, according to people with knowledge of the matter. The executive first started working on the project earlier this year when he took over teams handling the underlying software. Now he is overseeing the whole group, which also includes hardware engineering and work on self-driving car sensors, said the people, who asked not to be identified because the move isn't public. The change marks the latest shake-up in the project's tumultuous history. Since Apple embarked on its plan to develop a self-driving car around 2014, the endeavor has seen management turnover, layoffs of engineers and strategy shifts -- all while shrouded in secrecy.

Read more of this story at Slashdot.

Jay Leiderman, a California defense attorney known for his whistleblower advocacy and defense of political dissidents and hackers, was confirmed dead in Ventura County on Thursday. He was 50 years old. From a report: Dubbed the "Hacktivist's Advocate" by The Atlantic in 2012, Leiderman gained national attention for his pro-bono work for clients accused of crashing corporate and government websites, including members of the group Anonymous. They were rarely good cases. Leiderman's hacking clients had a nagging habit of openly admitting to the things they were accused of doing. One spent a decade fleeing authorities in several countries, giving interviews, all the while on the lam. (The client was just captured in June.) Still, their causes struck a chord with the Queens-born attorney, who'd long held to a rebellious legal philosophy. After a city in California passed a law criminalizing homelessness, the same client knocked one of its websites offline for half an hour. Where the FBI saw a felony computer crime worth up to 15 years in prison, Leiderman saw a peaceful protest against an unjust law -- a protest, he noted, that caused no perceptible harm.

Read more of this story at Slashdot.

NIST: Using a groundbreaking new technique at the National Institute of Standards and Technology (NIST), an international collaboration led by NIST researchers has revealed previously unrecognized properties of technologically crucial silicon crystals and uncovered new information about an important subatomic particle and a long-theorized fifth force of nature. By aiming subatomic particles known as neutrons at silicon crystals and monitoring the outcome with exquisite sensitivity, the NIST scientists were able to obtain three extraordinary results: the first measurement of a key neutron property in 20 years using a unique method; the highest-precision measurements of the effects of heat-related vibrations in a silicon crystal; and limits on the strength of a possible "fifth force" beyond standard physics theories. In a regular crystal such as silicon, there are many parallel sheets of atoms, each of which forms a plane. Probing different planes with neutrons reveals different aspects of the crystal. The researchers report their findings in the journal Science. To obtain information about crystalline materials at the atomic scale, scientists typically aim a beam of particles (such as X-rays, electrons or neutrons) at the crystal and detect the beam's angles, intensities and patterns as it passes through or ricochets off planes in the crystal's lattice-like atomic geometry. That information is critically important for characterizing the electronic, mechanical and magnetic properties of microchip components and various novel nanomaterials for next-generation applications including quantum computing. A great deal is known already, but continued progress requires increasingly detailed knowledge.

Read more of this story at Slashdot.