Ars Technica reports:

Security firm Mandiant [part of Google Cloud] has released a database that allows any administrative password protected by Microsoft’s NTLM.v1 hash algorithm to be hacked in an attempt to nudge users who continue using the deprecated function despite known weaknesses…. a precomputed table of hash values linked to their corresponding plaintext. These generic tables, which work against multiple hashing schemes, allow hackers to take over accounts by quickly mapping a stolen hash to its password counterpart… Mandiant said it had released an NTLMv1 rainbow table that will allow defenders and researchers (and, of course, malicious hackers, too) to recover passwords in under 12 hours using consumer hardware costing less than $600 USD. The table is hosted in Google Cloud. The database works against Net-NTLMv1 passwords, which are used in network authentication for accessing resources such as SMB network sharing.

Despite its long- and well-known susceptibility to easy cracking, NTLMv1 remains in use in some of the world’s more sensitive networks. One reason for the lack of action is that utilities and organizations in industries, including health care and industrial control, often rely on legacy apps that are incompatible with more recently released hashing algorithms. Another reason is that organizations relying on mission-critical systems can’t afford the downtime required to migrate. Of course, inertia and penny-pinching are also causes.

“By releasing these tables, Mandiant aims to lower the barrier for security professionals to demonstrate the insecurity of Net-NTLMv1,” Mandiant said. “While tools to exploit this protocol have existed for years, they often required uploading sensitive data to third-party services or expensive hardware to brute-force keys.”

“Organizations that rely on Windows networking aren’t the only laggards,” the article points out. “Microsoft only announced plans to deprecate NTLMv1 last August.”

Thanks to Slashdot reader joshuark for sharing the news.

Read more of this story at Slashdot.

Friday a federal judge “cleared U.S. power company Dominion Energy to resume work on its Virginia offshore wind project.” But a U.S. federal judge also ruled Thursday that another major offshore wind farm is allowed to resume construction, reports the Hill. “The project, which would supply power to New York, was one of five that were halted by the Trump administration in December….”

In fact, there were three different court rulings this week each allowing construction to continue on a U.S. wind project:

Judge Carl Nichols, a Trump appointee, granted a preliminary injunction allowing Empire Wind to keep building… Another, Revolution Wind, was also allowed to move forward in court this week… The project would provide enough power for up to 500,000 homes, according to its website. The court’s decision allows construction to resume while the underlying case against the Trump order plays out.

Meanwhile, power company Orsted “is also suing over the pause of its Sunrise Wind project for New York,” reports the Associated Press, “with a hearing still to be set.”

The fifth paused project is Vineyard Wind, under construction in Massachusetts. Vineyard Wind LLC, a joint venture between Avangrid and Copenhagen Infrastructure Partners, joined the rest of the developers in challenging the administration on Thursday.

CNN points out that the Vineyard Wind project “has been allowed to send power to the grid even amid Trump’s suspension, a spokesperson for regional grid operator ISO-New England told CNN in an email.”

Residential customers in the mid-Atlantic region, including Virginia, desperately need more energy to service the skyrocketing demand from data centers â” and many are seeing spiking energy bills while they wait for new power to be brought online.

CNN notes that president Trump said last week “My goal is to not let any windmill be built; they’re losers.”

The Associated Press adds that “In contrast to the halted action in the US, the global offshore wind market is growing, with China leading the world in new installations. Nearly all of the new electricity added to the grid in 2024 was renewable. The British government said on Wednesday it had secured a record 8.4 gigawatts of offshore wind in Europe’s largest offshore wind auction, enough clean electricity to power more than 12m homes.”

Read more of this story at Slashdot.

Amazon is reportedly adding Teresa Palmer (The Fall Guy, Warm Bodies, Hacksaw Ridge) to its pantheon of Norse gods for its God of War TV show adaptation. As first reported by Deadline, Palmer will play Sif, Thor’s wife and eventual leader of the Aesir, in the live-action adaptation. It may not carry as much weight as the casting of the video game’s protagonist that was revealed earlier this week to be Ryan Hurst, but it could hint at the direction the TV show may take.

While Sif plays a minor role in the God of War Ragnarok game, the early casting confirmation could indicate that the showrunner, Ronald D. Moore, may give the character a more involved role. In God of War Ragnarok, Sif is known as Odin’s diplomat before the events of Ragnarok, where she becomes the new leader of the Aesir, one of two tribes of Norse gods. Notably, Amazon’s adaptation is still missing the casting confirmations for Atreus, Thor, Odin and many other Norse gods seen in the video game. Even so, the God of War TV show has already secured at least two seasons.

This article originally appeared on Engadget at https://www.engadget.com/entertainment/tv-movies/amazons-live-action-god-of-war-adaptation-adds-teresa-palmer-201604602.html?src=rss

A new article from Bloomberg says dozens of America’s colleges “succumbed to a fundamental problem killing colleges across the US: not enough students. The schools will award their final degrees this spring, stranding students not yet ready to graduate and forcing faculty and staff to hunt for new jobs.”

The country’s tumbling birth rate is pushing schools toward a “demographic cliff,” where a steadily dropping population of people in their late teens and early 20s will leave desks and classrooms empty. Many smaller, lesser-known schools like Cazenovia have already hit the precipice. They’re firing professors, paring back liberal arts courses in favor of STEM — or closing altogether. Others will likely reach the cliff in the next few years… [T]the US birth rate ticked upward slightly before the 2008 financial crisis, and that brief demographic boost has kept enrollment at larger schools afloat. But the nationwide pool of college-aged Americans is expected to shrink after 2025. Schools face the risk that each incoming class could be smaller than the last. The financial pressure will be relentless…

Since 2020, more than 40 schools have announced plans to close, displacing students and faculty and leaving host towns without a key economic engine… Close to 400 schools could vanish in the coming decade, according to Huron Consulting Group. The projected closures and mergers will impact around 600,000 students and redistribute about $18 billion in endowment funds, Huron estimates… Pennsylvania State University, citing falling enrollment at many of its regional branches, plans to shutter seven of its 20 branch campuses after the spring 2027 semester… [C]ampuses in far-flung places, without brand recognition, are falling out of favor with students already questioning the value of a college degree. For example, while Penn State’s flagship University Park campus saw enrollment grow 5% from 2014 to 2024, 12 other Penn State campuses recorded a 35% drop, according to a report tasked with determining whether closures were necessary.

The article notes that “Less than half of students whose schools shut down before they graduate re-enroll in another college or university, according to a 2022 study.”

But even at colleges that remain, “The shrinking supply of students has already sparked a frenzied competition for high school seniors…”

Some public institutions are letting seniors bypass traditional requirements like essays and letters of recommendation to gain entry automatically… Direct-admission programs, which allow students to skip traditional applications, are one potential response. Some 15 states have them, according to Taylor Odle, assistant professor of educational policy studies at the University of Wisconsin-Madison. He found in a 2022 paper that direct admissions increased first-year undergrad enrollment by 4% to 8%… And they don’t require nearly as many paid staff to run, since there are no essays or letters of recommendation to read.

Read more of this story at Slashdot.

In another attempt to reduce our attention spans to mush, TikTok has released the PineDrama app, which offers serialized drama series that are roughly a minute per episode. As first spotted by Business Insider, the app is designed exactly like TikTok, but instead of trendy dance videos, you can scroll through and watch “micro dramas.”

For those new to the category, micro dramas are bite-sized TV shows shot in vertical video and available in minute-long episodes. Don’t expect any nominations for Best Original Screenplay with series like The Officer Fell For Me or Married to my past life’s nemesis, since they typically offer soap opera vibes with cliffhangers that keep users scrolling to the next episode. The app is designed to keep people on it with a Discover tab, a place to save favorites and the ability to react in real time alongside other viewers.

Right now, the micro dramas on PineDrama are all free to watch and don’t have any ads. It’s unclear if TikTok will introduce any costs or ads to the app, since other micro drama options like DramaBox or ReelShort have a paid structure. Late last year, TikTok also introduced a way to watch micro dramas within its own app, with a section called Minis. It’s not the first time we’re seeing shorter TV show formats, since Quibi made waves with a format of episodes that were less than 10 minutes long. However, maybe even 10 minutes was too long since the startup eventually called it quits after eight months.

This article originally appeared on Engadget at https://www.engadget.com/entertainment/tv-movies/tiktoks-latest-spinoff-app-feels-a-lot-like-quibi-but-with-shorter-and-cornier-content-185702010.html?src=rss

“A mega rocket set to take astronauts around the Moon for the first time in decades is being taken to its launch pad,” the BBC reported this morning.

NASA is livestreaming their move of the 11-million-pound “stack” — which includes the Artemis II Space Launch System (SLS) rocket and the Orion spacecraft secured to it, all standing on its Mobile Launch Platform. Travelling at less than 1 mile per hour, the move is expected to take 12 hours.

The mission — which could blast off as soon as 6 February — is expected to take 10 days. It is part of a wider plan aimed at returning astronauts to the lunar surface.

As well as the rocket being ready, the Moon has to be in the right place too, so successive launch windows are selected accordingly. In practice, this means one week at the beginning of each month during which the rocket is pointed in the right direction followed by three weeks where there are no launch opportunities. The potential launch dates are:
— 6, 7, 8, 10 and 11 February BR>
— 6, 7, 8, 9 and 11 March BR>
— 1, 3, 4, 5 and 6 April

“The crew of four will travel beyond the far side of the moon, which could set a new record for the farthest distance humans have ever traveled from Earth, currently held by Apollo 13,” reports CNN:

But why won’t Artemis II land on the lunar surface? “The short answer is because it doesn’t have the capability. This is not a lunar lander,” said Patty Casas Horn, deputy lead for Mission Analysis and Integrated Assessments at NASA. “Throughout the history of NASA, everything that we do is a bit risky, and so we want to make sure that that risk makes sense, and only accept the risk that we have to accept, within reason. So we build out a capability, then we test it out, then we build out a capability, then we test it out. And we will get to landing on the moon, but Artemis II is really about the crew…”
The upcoming flight is the first time that people will be on board the Artemis spacecraft: The Orion capsule will carry the astronauts around the moon, and the SLS rocket will launch Orion into Earth orbit before the crew continues deeper into space… The mission will begin with two revolutions around Earth, before starting the translunar injection — the maneuver that will take the spacecraft out of Earth orbit and on toward the moon — about 26 hours into the flight, Horn said. “That’s when we set up for the big burn — it’s about six minutes in duration. And once we do this, you’re on your way back to Earth. There’s nothing else that you need to do. You’re going to go by the moon, and the moon’s gravity is going to pull you around and swing you back towards the Earth….” Avoiding entering lunar orbit keeps the mission profile simpler, allowing the crew to focus on other tasks as there is no need to pilot the spacecraft in any way.

“The Artemis program’s first planned lunar lander is called the Starship HLS, or Human Landing System, and is currently under development by SpaceX…”

Read more of this story at Slashdot.

A couple months ago, YouTuber Benn Jordan “found vulnerabilities in some of Flock’s license plate reader cameras,” reports 404 Media’s Jason Koebler. “He reached out to me to tell me he had learned that some of Flock’s Condor cameras were left live-streaming to the open internet.”

This led to a remarkable article where Koebler confirmed the breach by visiting a Flock surveillance camera mounted on a California traffic signal. (“On my phone, I am watching myself in real time as the camera records and livestreams me — without any password or login — to the open internet… Hundreds of miles away, my colleagues are remotely watching me too through the exposed feed.”)

Flock left livestreams and administrator control panels for at least 60 of its AI-enabled Condor cameras around the country exposed to the open internet, where anyone could watch them, download 30 days worth of video archive, and change settings, see log files, and run diagnostics. Unlike many of Flock’s cameras, which are designed to capture license plates as people drive by, Flock’s Condor cameras are pan-tilt-zoom (PTZ) cameras designed to record and track people, not vehicles. Condor cameras can be set to automatically zoom in on people’s faces… The exposure was initially discovered by YouTuber and technologist Benn Jordan and was shared with security researcher Jon “GainSec” Gaines, who recently found numerous vulnerabilities in several other models of Flock’s automated license plate reader (ALPR) cameras.
Jordan appeared this week as a guest on Koebler’s own YouTube channel, while Jordan released a video of his own about the experience. titled “We Hacked Flock Safety Cameras in under 30 Seconds.” (Thanks to Slashdot reader beadon for sharing the link.) But together Jordan and 404 Media also created another video three weeks ago titled “The Flock Camera Leak is Like Netflix for Stalkers” which includes footage he says was “completely accessible at the time Flock Safety was telling cities that the devices are secure after they’re deployed.”

The video decries cities “too lazy to conduct their own security audit or research the efficacy versus risk,” but also calls weak security “an industry-wide problem.” Jordan explains in the video how he “very easily found the administration interfaces for dozens of Flock safety cameras…” — but also what happened next:

None of the data or video footage was encrypted. There was no username or password required. These were all completely public-facing, for the world to see…. Making any modification to the cameras is illegal, so I didn’t do this. But I had the ability to delete any of the video footage or evidence by simply pressing a button. I could see the paths where all of the evidence files were located on the file system…

During and after the process of
conducting that research and making that
video, I was visited by the police and
had what I believed to be private
investigators outside my home
photographing me and my property and
bothering my neighbors. John Gaines or
GainSec, the brains behind most of this
research, lost employment within 48
hours of the video being released. And
the sad reality is that I don’t view
these things as consequences or
punishment for researching security
vulnerabilities. I view these as
consequences and punishment for doing it
ethically and transparently.

I’ve been
contacted by people on or communicating
with civic councils who found my videos
concerning, and they shared Flock
Safety’s response with me. The company
claimed that the devices in my video did
not reflect the security standards of
the ones being publicly deployed. The
CEO even posted on LinkedIn and boasted
about Flock Safety’s security policies.
So, I formally and publicly offered to
personally fund security research into
Flock Safety’s deployed ecosystem. But
the law prevents me from touching their
live devices. So, all I needed was their
permission so I wouldn’t get arrested.
And I was even willing to let them
supervise this research.

I got no
response.

So instead, he read Flock’s official response to a security/surveillance industry research group — while standing in front of one of their security cameras, streaming his reading to the public internet.

“Might as well. It’s my tax dollars that paid for it.”

” ‘Flock is committed to continuously improving security…'”

Read more of this story at Slashdot.

We now have some idea of what’s at stake in the longstanding feud between Elon Musk and OpenAI. As first reported by Bloomberg, the latest filing, as part of a lawsuit that accuses the AI giant of abandoning its non-profit status, claims that Musk is owed anywhere between $79 billion and $134 billion in damages from the “wrongful gains” of OpenAI and Microsoft.

Musk claimed in the filing that he’s entitled to a portion of OpenAI’s recent valuation at $500 billion, after contributing $38 million in “seed funding” during the AI company’s startup years. Along with providing “roughly 60 percent of the nonprofit’s seed funding,” Musk offered recruiting of key employees, introductions with business contacts and startup advice, according to the filing. The monetary estimate comes from C. Paul Wazzan, a financial economist who’s serving as Musk’s expert in the case. According to Wazzan’s calculations, OpenAI earned between $65.5 billion and $109.43 billion in wrongful gains, while Microsoft saw between $13.3 billion and $25.06 billion.

The lawsuit between Elon Musk and OpenAI dates back to March 2024, when the xAI CEO first filed a legal action claiming that OpenAI violated its non-profit status. Musk later added Microsoft as another defendant and even tried to get an injunction when OpenAI announced efforts to reorganize its corporate structure. Besides this suit, Musk has named OpenAI in another legal battle, accusing the company, along with Apple, of monopolistic practices that prevent xAI from getting a fair shot in the App Store.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/elon-musk-is-looking-for-a-134-billion-payout-from-openai-and-microsoft-171824945.html?src=rss

After “a decade of deep focus on embedded and server systems,” T2 SDE Linux “is back to the Desktop,” according to its web site, calling the new “T2 Desktop” flavour “ready for everyday home and office use!”

Built on the latest KDE Plasma, systemd, and Wayland, the new T2 Desktop flavour delivers a modern, clean, and performant experience while retaining the project’s trademark portability and reproducible cross-compilation across architectures.
T2 Desktop targets x86_64, arm64, and riscv64, delivering “a fully polished, streamlined out-of-the-box experience,” according to project lead René Rebe (also long-time Slashdot reader ReneR):

I>[T2 Desktop] delivered a full KDE Plasma desktop on RISC-V, reproducibly cross-compiled from source using T2 SDE Linux. The desktop spans more than 600 packages — from toolchain to Qt and KDE and targets a next-generation RVA23 RISC-V flagship desktop, including full multimedia support and AMD RDNA GPU acceleration under Wayland.

As a parallel milestone, the same fully reproducible desktop stack is now also landing on Qualcomm X1 ARM64 platforms, highlighting T2 SDE’s architecture-independent approach and positioning both RISC-V and ARM64 as serious, first-class Linux desktop contenders.

Read more of this story at Slashdot.

An anonymous reader shared this report from the Washington Post:

The U.S. Department of Transportation brought an automated bus to D.C. this week to showcase its work on self-driving vehicles, taking officials from around the country on a ride between agency headquarters at Navy Yard and Union Station. One of those trips was interrupted Sunday when the bus got rear-ended.

The bus, produced by the company Beep, was following its fixed route when it was struck by a Tesla with Maryland plates whose driver was trying to change lanes, officials said. The bus had a human driver behind the wheel for backup as required by the city. The Tesla driver stayed on the scene on H Street for about 10 minutes. No police were called.

“The service was temporarily paused after another vehicle made an illegal lane change and contacted the rear of the autonomous bus, which resulted in minor cosmetic damage to both vehicles,” a spokesman for Beep said in a statement. “The autonomous bus operated appropriately in the moment and, after review, it was determined the autonomous bus was safe to resume service.”

Beep is working with the [U.S.] Transportation Department and Carnegie Mellon University on a pilot program of automated public buses. The vehicle was brought to D.C. for an annual conference that brings together transportation researchers and policymakers…

Read more of this story at Slashdot.

AirPods work most smoothly with Apple hardware, but they also connect reliably to Android phones, Windows laptops and other Bluetooth devices. The pairing process depends on the platform in use although the basics remain the same. Once the AirPods are placed in pairing mode, most devices detect them quickly and handle the remaining steps in the background. The guide below explains how to pair AirPods with Apple products, how the process differs on newer iPhones that support H2 features and how to connect them to non-Apple devices.

How to pair AirPods with Apple devices

Apple builds AirPods to pair almost instantly with devices in its own ecosystem. Opening the charging case near an unlocked iPhone or iPad usually brings up an on-screen prompt. Tapping Connect links the earbuds to the device and to every other Apple product signed into the same iCloud account. After that, switching between devices is automatic. Audio output follows the active device as long as each product is using updated software and is signed in with the same Apple ID.

If the pairing prompt does not appear, there are a few simple checks that help things move along. Opening the Control Center and selecting the audio output menu confirms whether the AirPods already appear as an available device. If they are listed there, choosing them establishes the connection. If they do not appear, opening the Settings app and checking Bluetooth usually reveals whether the AirPods are in range or already recognized. Opening the case while viewing the Bluetooth menu often triggers the pairing card once more.

The process is similar across Apple Watch and Mac. When the AirPods are already linked to an iPhone, they tend to show up automatically on a paired Apple Watch. On Mac, opening System Settings and viewing the Bluetooth section reveals the same device list seen on an iPhone. Selecting the AirPods from that list completes the connection and also syncs the pairing status back to every other Apple device using the same account.

Enhanced pairing with newer iPhones

Some newer iPhones support features enabled by the H2 chip used in newer AirPods models. With compatible AirPods, models such as iPhone 15 Pro, iPhone 15 Pro Max and the iPhone 16 lineup tend to deliver a faster and more responsive setup experience. When an AirPods case is opened near one of these phones, the device quickly detects the earbuds and displays the pairing card with little delay. This also tends to speed up transitions between devices and improves reliability when switching audio sources.

If the fast pairing prompt does not appear on a newer iPhone, reopening the case while the phone is unlocked is usually enough to reinitiate the process. It also helps to confirm that Bluetooth is turned on. Placing the AirPods back in the case for a few seconds and trying again will often reset the pairing state if the earbuds were connected elsewhere.

Engadget

How to put AirPods into pairing mode

Every AirPods model supports a manual pairing mode. This is essential when linking the earbuds to devices outside the Apple ecosystem, or when the automatic prompt fails to appear on an iPhone or Mac. On older AirPods models, pairing mode is activated by opening the lid and pressing and holding the setup button on the back of the case until the LED light flashes white. Newer models, including AirPods 4 and AirPods Pro 3, use a touch-based method instead. With the lid open, tapping the area near the LED light places the earbuds into pairing mode. Leaving the lid open keeps the AirPods discoverable for nearby devices. Closing the case ends the process and requires it to be repeated if the device fails to detect them.

Pairing mode does not remove any previous connections. It simply makes the AirPods available to new devices, which is helpful when switching between ecosystems. However, connecting to a new device usually takes priority. If the AirPods are already linked to something else that is nearby, turning off Bluetooth on the previously connected device prevents interference and helps the new device detect them more easily.

How to pair AirPods with Android devices

Although AirPods are designed for Apple hardware, they function like any other Bluetooth earbuds on Android. Opening the case and placing the AirPods in pairing mode allows Android phones to detect them through the standard Bluetooth menu. The earbuds appear in the list of available devices and selecting them initiates the connection. Once paired, AirPods work for calls and media playback. Some features, such as automatic ear detection and battery status indicators, may require a third-party app on Android and are not supported at a system level. Features such as spatial audio and device switching remain exclusive to Apple’s ecosystem but day-to-day performance is consistent on Android.

If the AirPods fail to appear, refreshing the Bluetooth device list on the Android phone usually helps. Making sure the earbuds are still in pairing mode is essential since the white LED indicator stops flashing after a short period. Reopening the case and holding the button again, or tapping on the front for newer models, restores discoverability.

How to pair AirPods with Windows laptops

Windows 11 handles AirPods as a regular audio device. Opening the Bluetooth and Devices menu in System Settings displays a list of nearby accessories. With the AirPods in pairing mode, the laptop should detect them and display them as an audio device. Selecting them completes the process and adds the earbuds to the device’s known accessories. Windows generally reconnects to AirPods automatically on future sessions as long as Bluetooth remains enabled.

If the earbuds do not appear in the list, toggling Bluetooth off and back on helps the system refresh the device scan. Checking whether the AirPods are already linked to a different device is another useful step. Windows sometimes struggles to take over a connection when the earbuds remain in range of a previously paired phone so disabling Bluetooth on the other device often resolves the issue.

Troubleshooting common pairing issues

Most pairing problems come down to the AirPods not being in discoverable mode or being connected to another device nearby. Resetting the earbuds solves many problems. On AirPods models with a setup button, placing the AirPods in the case, leaving the lid open and holding the button until the LED turns amber then white restores the factory pairing state. On newer models without a physical button, place the AirPods in the case, close the lid for about 30 seconds, then open it and quickly tap the front of the case three times. The status light should then flash amber and then white, to indicate that the reset is complete. This clears previous connections and makes the AirPods behave as if they are new out of the box. 

Low battery levels can also interrupt pairing. Ensuring both the earbuds and the case have enough charge prevents unexpected disconnections during setup. Interference from other wireless accessories affects pairing on crowded networks. Moving to a quieter spot or turning off surrounding Bluetooth devices helps the AirPods stand out when scanning.

AirPods are built to pair quickly with Apple devices but they also integrate smoothly with other platforms. Keeping the earbuds in pairing mode and confirming that Bluetooth is enabled on the device in use ensures a smooth setup every time. Once connected, the AirPods tend to remember the device and reconnect whenever they are nearby which keeps day-to-day use simple regardless of the platform.

This article originally appeared on Engadget at https://www.engadget.com/audio/headphones/how-to-pair-airpods-with-any-device-140000234.html?src=rss