Mitch Kapor dropped out of MIT's business school in 1979 — and had soon cofounded the pioneering spreadsheet company Lotus. He also cofounded the EFF, was the founding chair of the Mozilla Foundation, and is now a billionaire (and an VC investor at Kapor Capital).

45 years later, when the 74-year-old was invited to give a guest lecture at MIT's business school last year by an old friend (professor Bill Aulet), he'd teased the billionaire that "there's only one problem, Mitch, I see here you haven't graduated from MIT."

The Boston Globe tells the story... After graduating from Yale in 1971 and bouncing around for almost a decade as "a lost and wandering soul," working as a disc jockey, a Transcendental Meditation teacher, and a mental health counselor, Kapor said he became entranced by the possibilities of the new Apple II personal computer. He started writing programs to solve statistics problems and analyze data, which caught the attention of Boston-area software entrepreneurs Dan Bricklin and Bob Frankston, who co-created VisiCalc, one of the first spreadsheet programs. They introduced Kapor to their California-based software publisher, Personal Software.

Midway through Kapor's 12-month master's program, the publisher offered him the then-princely sum of about $20,000 if he'd adapt his stats programs to work with VisiCalc. To finish the project, he took a leave from MIT, but then he decided to leave for good to take a full-time job at Personal. Comparing his decision to those of other famed tech founder dropouts, like Bill Gates, Kapor said he felt the startup world was calling to him. "It was just so irresistible," he said. "It felt like I could not let another moment go by without taking advantage of this opportunity or the window would close...."

When Aulet made his joke on the phone call with his old friend in 2024, Kapor had largely retired from investing and realized that he wanted to complete his degree. "I don't know what prompted me, but it started a conversation" with MIT about the logistics of finally graduating, Kapor said. By the time Kapor gave the lecture in March, Aulet had discovered Kapor was only a few courses short. MIT does not give honorary degrees, but school officials allow students to make up for missing classes with an independent study and a written thesis. Kapor decided to write a paper on the roots and development of his investing strategy. "It's timely, it's highly relevant, and I have things to say," he said.

One 77-page thesis later, Kapor, donning a cap and gown, finally received his master's degree in May, at a ceremony in the Hyatt Regency Hotel in Cambridge, not far from where he founded Lotus.

Montana has enacted SB 282, becoming the first state to prohibit law enforcement from purchasing personal data they would otherwise need a warrant to obtain. The landmark legislation closes what privacy advocates call the "data broker loophole," which previously allowed police to buy geolocation data, electronic communications, and other sensitive information from third-party vendors without judicial oversight.

The new law specifically restricts government access to precise geolocation data, communications content, electronic funds transfers, and "sensitive data" including health status, religious affiliation, and biometric information. Police can still access this information through traditional means: warrants, investigative subpoenas, or device owner consent.

An anonymous reader quotes a report from TechCrunch: A Florida bill, which would have required social media companies to provide an encryption backdoor for allowing police to access user accounts and private messages, has failed to pass into law. The Social Media Use by Minors bill was "indefinitely postponed" and "withdrawn from consideration" in the Florida House of Representatives earlier this week. Lawmakers in the Florida Senate had already voted to advance the legislation, but a bill requires both legislative chambers to pass before it can become law.

The bill would have required social media firms to "provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena," which are typically issued by law enforcement agencies and without judicial oversight. Digital rights group the Electronic Frontier Foundation called the bill "dangerous and dumb." Security professionals have long argued that it is impossible to create a secure backdoor that cannot also be maliciously abused, and encryption backdoors put user data at risk of data breaches.

10 years ago "certificate authorities normally issued certificate lifetimes lasting a year or more," remembers a new blog post Thursday by the EFF's engineering director. So in 2015 when the free cert authority Let's Encrypt first started issuing 90-day TLS certificates for websites, "it was considered a bold move, that helped push the ecosystem towards shorter certificate life times."

And then this January Let's Encrypt announced new six-day certificates...

This week saw a related announcement from the EFF engineering director. More than 31 million web sites maintain their HTTPS certificates using the EFF's Certbot tool (which automatically fetches free HTTPS certificates forever) — and Certbot is now supporting Let's Encrypt's six-day certificates. (It's accomplished through ACME profiles with dynamic renewal at 1/3rd of lifetime left or 1/2 of lifetime left, if the lifetime is shorter than 10 days): There is debate on how short these lifetimes should be, but with ACME profiles you can have the default or "classic" Let's Encrypt experience (90 days) or start actively using other profile types through Certbot with the --preferred-profile and --required-profile flags. For six day certificates, you can choose the "shortlived" profile.
Why shorter lifetimes are better (according to the EFF's engineering director):

• If a certificate's private key is compromised, that compromise can't last as long.

• With shorter life spans for the certificates, automation is encouraged. Which facilitates robust security of web servers.

• Certificate revocation is historically flaky. Lifetimes 10 days and under prevent the need to invoke the revocation process and deal with continued usage of a compromised key.

The French National Assembly has rejected a controversial provision that would have forced messaging platforms like Signal and WhatsApp to allow government access to encrypted private conversations, lawmakers voted Thursday night. The measure, embedded within anti-drug trafficking legislation, would have implemented a "ghost participant model" allowing law enforcement to silently join encrypted chats without users' knowledge.

An anonymous reader quotes a report from the EFF: EFF is deeply saddened to learn of the passing of Mark Klein, a bona fide hero who risked civil liability and criminal prosecution to help expose a massive spying program that violated the rights of millions of Americans. Mark didn't set out to change the world. For 22 years, he was a telecommunications technician for AT&T, most of that in San Francisco. But he always had a strong sense of right and wrong and a commitment to privacy. When the New York Times reported in late 2005 that the NSA was engaging in spying inside the U.S., Mark realized that he had witnessed how it was happening. He also realized that the President was not telling Americans the truth about the program. And, though newly retired, he knew that he had to do something. He showed up at EFF's front door in early 2006 with a simple question: "Do you folks care about privacy?"

We did. And what Mark told us changed everything. Through his work, Mark had learned that the National Security Agency (NSA) had installed a secret, secure room at AT&T's central office in San Francisco, called Room 641A. Mark was assigned to connect circuits carrying Internet data to optical "splitters" that sat just outside of the secret NSA room but were hardwired into it. Those splitters -- as well as similar ones in cities around the U.S. -- made a copy of all data going through those circuits and delivered it into the secret room. Mark not only saw how it works, he had the documents to prove it. He brought us over a hundred pages of authenticated AT&T schematic diagrams and tables. Mark also shared this information with major media outlets, numerous Congressional staffers, and at least two senators personally. One, Senator Chris Dodd, took the floor of the Senate to acknowledge Mark as the great American hero he was.

Equuleus42 (Slashdot reader #723) brings word that the Electronic Frontier Foundation (EFF) is sharing a new tool for fighting back against cellphone surveillance by Stingray cell-site simulators.

Android Authority reports: "Rayhunter" uses an open-source software package designed to look for evidence of IMSI catchers in action, running on an old Orbic Speed RC400L mobile hotspot. The great thing about that choice is that you can pick one up for practically nothing — we're seeing them listed for barely over $10 on Amazon, and you can find them even cheaper on eBay. There's an installation script for Macs and Linux to automate getting set up, but once the Orbic is flashed with the Rayhunter software, it should be ready go, collecting data about sketchy-looking "cell towers" it picks up.

Right now, much of the use of IMSI catchers is still shrouded in mystery, with the groups who regularly employ them extremely hesitant to disclose their methods. As a result, a big focus of this EFF project is just getting more info on how and where these are actually used, giving protestors a better sense of the steps they'll need to take if they want to protect their privacy.

California sued to fine a data-harvesting company, reports the Washington Post, calling it "a rare step to put muscle behind one of the strongest online privacy laws in the United States." Even when states have tried to restrict data brokers, it has been tough to make those laws stick. That has generally been a problem for the 19 states that have passed broad laws to protect personal information, said Matt Schwartz, a policy analyst for Consumer Reports. He said there has been only 15 or so public enforcement actions by regulators overseeing all those laws. Partly because companies aren't held accountable, they're empowered to ignore the privacy standards. "Noncompliance is fairly widespread," Schwartz said. "It's a major problem."

That's why California is unusual with a data broker law that seems to have teeth. To make sure state residents can order all data brokers operating in the state to delete their personal records [with a single request], California is now requiring brokers to register with the state or face a fine of $200 a day. The state's privacy watchdog said Thursday that it filed litigation to force one data broker, National Public Data, to pay $46,000 for failing to comply with that initial phase of the data broker law. NPD declined to comment through an attorney... This first lawsuit for noncompliance, Schwartz said, shows that California is serious about making companies live up to their privacy obligations... "If they can successfully build it and show it works, it will create a blueprint for other states interested in this idea," he said.
Last summer NPD "spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online," according to the blog Krebs on Security, adding that another NPD data broker sharing access to the same consumer records "inadvertently published the passwords to its back-end database in a file that was freely available from its homepage..."

California's attempt to regulate the industry inspired the nonprofit Consumer Reports to create an app called Permission Slip that reveals what data companies collect and, for people in U.S. states, will "work with you to file a request, telling companies to stop selling your personal information."

Other data-protecting options suggested by The Washington Post:

• Use Firefox, Brave or DuckDuckGo, "which can automatically tell websites not to sell or share your data. Those demands from the web browsers are legally binding or will be soon in at least nine states."

• Use Privacy Badger, an EFF browser extension which the EFF says "automatically tells websites not to sell or share your data including where it's required by state law."

Longtime Slashdot reader theodp writes: Monday brought chilling news reports of the all-count trial convictions of three individuals for a conspiracy to rob and drug people outside of LGBTQ+ nightclubs in Manhattan's Hell's Kitchen neighborhood, which led to the deaths of two of their victims. The defendants were found guilty on all 24 counts, which included murder, robbery, burglary, and conspiracy. "As proven at trial," explained the Manhattan District Attorney's Office in a press release, "the defendants lurked outside of nightclubs to exploit intoxicated individuals. They would give them drugs, laced with fentanyl, to incapacitate their victims so they could take the victims' phones and drain their online financial accounts [including unauthorized charges and transfers using Cash App, Apple Cash, Apple Pay]." District Attorney Alvin L. Bragg, Jr. added, "My Office will continue to take every measure possible to protect New Yorkers from this type of criminal conduct. That includes ensuring accountability for those who commit this harm, while also working with financial companies to enhance security measures on their phone apps."

In 2024, D.A. Bragg called on financial companies to better protect consumers from fraud, including: adding a second and separate password for accessing the app on a smartphone as a default security option; imposing lower default limits on the monetary amount of total daily transfers; requiring wait times of up to a day and secondary verification for large monetary transactions; better monitoring of accounts for unusual transfer activities; and asking for confirmation when suspicious transactions occur. "No longer is the smartphone itself the most lucrative target for scammers and robbers -- it's the financial apps contained within," said Bragg as he released letters (PDF) sent to the companies that own Venmo, Zelle, and Cash App. "Thousands or even tens of thousands can be drained from financial accounts in a matter of seconds with just a few taps. Without additional protections, customers' financial and physical safety is being put at risk. I hope these companies accept our request to discuss commonsense solutions to deter scammers and protect New Yorkers' hard-earned money."

"Our cellphones aren't safe," warned the EFF's Cooper Quintin in a 2018 New York Times op-ed. "So why aren't we fixing them?" Any thoughts on what can and should be done with software, hardware, and procedures to stop "bank jackings"?

"The Internet's Own Boy" was inscribed below the bust, according to the San Francisco Standard, adding that the 312-pound marble statue "was crafted using a mix of AI-driven robotic milling and traditional hand carving."

It was unveiled Friday at the Internet Archive auditorium for a crowd of around 300 people. "Aaron's legacy is bringing people together to make change, said Cindy Cohn, the executive director of the Electronic Frontier Foundation. "There's a renaissance happening now in Aaron Swartz-land," said Lisa Rein, the co-founder of Creative Commons, a nonprofit devoted to expanding public access to information. She founded Aaron Swartz Day in 2013, an annual hackathon and tribute held on his birthday. There's now an Aaron Swartz Institute in Brazil, a documentary, multiple books and podcasts — even an Aaron Swartz memecoin ("Do not buy," she warned).

"It's great that people idolize him as long as they get the story right: He was not a martyr," Rein said, her eyes welling with tears. "He stood for freedom of access to information, especially for scientific research — things the public had already paid for."

The evening included a number of video tributes, which Rein played on a large screen behind the stage. They included commentary from science fiction author Cory Doctorow, members of the Aaron Swartz Institute in Brazil, and Cindy Cohn, the executive director of the Electronic Frontier Foundation... Emmett Shear, the former CEO of Twitch and a partner at Y Combinator, was one of the few people who knew Swartz personally. "I'm glad he's become a symbol, he would approve of that," he shared, his voice slightly breaking. "I really miss him."

Starting next week, the bust will be moved to the [Internet Archive] lobby, where it will remain until Peniche secures a permit to place it in a local park [said Evan Sirchuk, the Internet Archive's community and events coordinator]... "Aaron really means something to the San Francisco community," [Rein said]. "He can keep inspiring generations — even the ones who weren't alive when he was."
Tech blogger John Gruber thinks Swartz would appreciate that the bust came from people "aligned with Aaron's own righteous obsessions." But at the same time "I think he'd be a little weirded out. He wasn't a 'I hope they erect a larger-than-life statue of me' sort of guy.

"And if he had been, we wouldn't have loved him like we did. It's just a terrible thing that we lost him so young."

The Register's Thomas Claburn reports: Google's overhaul of Chrome's extension architecture continues to pose problems for developers of ad blockers, content filters, and privacy tools. [...] While Google's desire to improve the security, privacy, and performance of the Chrome extension platform is reasonable, its approach -- which focuses on code and permissions more than human oversight -- remains a work-in-progress that has left extension developers frustrated.

Alexei Miagkov, senior staff technology at the Electronic Frontier Foundation, who oversees the organization's Privacy Badger extension, told The Register, "Making extensions under MV3 is much harder than making extensions under MV2. That's just a fact. They made things harder to build and more confusing." Miagkov said with Privacy Badger the problem has been the slowness with which Google addresses gaps in the MV3 platform. "It feels like MV3 is here and the web extensions team at Google is in no rush to fix the frayed ends, to fix what's missing or what's broken still." According to Google's documentation, "There are currently no open issues considered a critical platform gap," and various issues have been addressed through the addition of new API capabilities.

Miagkov described an unresolved problem that means Privacy Badger is unable to strip Google tracking redirects on Google sites. "We can't do it the correct way because when Google engineers design the [chrome.declarativeNetRequest API], they fail to think of this scenario," he said. "We can do a redirect to get rid of the tracking, but it ends up being a broken redirect for a lot of URLs. Basically, if the URL has any kind of query string parameters -- the question mark and anything beyond that -- we will break the link." Miagkov said a Chrome developer relations engineer had helped identify a workaround, but it's not great. Miagkov thinks these problems are of Google's own making -- the company changed the rules and has been slow to write the new ones. "It was completely predictable because they moved the ability to fix things from extensions to themselves," he said. "And now they need to fix things and they're not doing it."

The EFF has complained that in general "smart" products for babies "collect a ton of information about you and your baby on an ongoing basis". (For this year's "worst in privacy" product at CES they chose a $1,200 baby bassinet equipped with a camera, a microphone, and a radar sensor...)

But today the Washington Post reported on a $1,700 bassinet that surprised the mother of a one-month-old when it "abruptly demanded money for a feature she relied on to soothe her baby to sleep." The internet-connected bassinet... reliably comforted her 1-month-old — just as it had her first child — until it started charging $20 a month for some abilities, including one that keeps the bassinet's motion and sounds at one level all night. The level-lock feature previously was available without a fee. "It all felt really intrusive — like they went into our bedroom and clawed back this feature that we've been depending on...." When the Snoo's maker, Happiest Baby, introduced a premium subscription for some of the bassinet's most popular features in July, owners filed dozens of complaints to the Federal Trade Commission and the Better Business Bureau, coordinated review bombs and vented on social media — saying the company took advantage of their desperation for sleep to bait-and-switch them...

Happiest Baby isn't the only baby gear company that has rolled out a subscription. In 2023, makers of the Miku baby monitor, which retails for up to $400, elicited similar fury from parents when it introduced a $10 monthly subscription for most features. A growing number of internet-connected products have lost software support or functionality after purchase in recent years, such as Spotify's Car Thing — a $90 Bluetooth streaming device that the company announced in May it plans to discontinue — and Levi's $350 smart jacket, which let users control their phones by swiping sensors on its sleeve...

Seventeen consumer protection and tech advocacy groups cited Happiest Baby and Car Thing in a letter urging the FTC to create guidelines that ensure products retain core functionality without the imposition of fees that did not exist when the items were originally bought.
The Times notes that the bassinets are often resold, so the subscription fees are partly to cover the costs of supporting new owners, according to Happiest Baby's vice president for marketing and communications. But the article three additional perspectives:

• "This new technology is actually allowing manufacturers to change the way the status quo has been for decades, which is that once you buy something, you own it and you can do whatever you want. Right now, consumers have no trust that what they're buying is actually going to keep working." — Lucas Gutterman, who leads the Public Interest Research Group's "Design to Last" campaign.

• "It's a shame to be beholden to companies' goodwill, to require that they make good decisions about which settings to put behind a paywall. That doesn't feel good, and you can't always trust that, and there's no guarantee that next week Happiest Baby isn't going to announce that all of the features are behind a paywall." — Elizabeth Chamberlain, sustainability director at iFixit.

• "It's no longer just an out-and-out purchase of something. It's a continuous rental, and people don't know that." — Natasha Tusikov, an associate professor at York University

A federal district court has ruled that backdoor searches of Americans' private communications collected under Section 702 of FISA are unconstitutional without a warrant. "The landmark ruling comes in a criminal case, United States v. Hasbajrami, after more than a decade of litigation, and over four years since the Second Circuit Court of Appeals found that backdoor searches constitute 'separate Fourth Amendment events' and directed the district court to determine a warrant was required," reports the Electronic Frontier Foundation (EFF). "Now, that has been officially decreed." Longtime Slashdot reader schwit1 shares the report: Hasbajrami involves a U.S. resident who was arrested at New York JFK airport in 2011 on his way to Pakistan and charged with providing material support to terrorists. Only after his original conviction did the government explain that its case was premised in part on emails between Mr. Hasbajrami and an unnamed foreigner associated with terrorist groups, emails collected warrantless using Section 702 programs, placed in a database, then searched, again without a warrant, using terms related to Mr. Hasbajrami himself.

The district court found that regardless of whether the government can lawfully warrantlessly collect communications between foreigners and Americans using Section 702, it cannot ordinarily rely on a "foreign intelligence exception" to the Fourth Amendment's warrant clause when searching these communications, as is the FBI's routine practice. And, even if such an exception did apply, the court found that the intrusion on privacy caused by reading our most sensitive communications rendered these searches "unreasonable" under the meaning of the Fourth Amendment. In 2021 alone, the FBI conducted 3.4 million warrantless searches of US person's 702 data.

Richard Stallman founded the Free Software Foundation as a nonprofit in 1985 with four other directors (including MIT computer science professor Gerald Jay Sussman). Sussman remains on the Board of directors, along with EFF co-founder John Gilmore and five others.

Friday the eight directors published a new article explaining how their goal and principles are protected by the nonprofit's governance structure: An obvious option, used by many organizations, was to let supporters sign up as members and have the members' votes control everything about the organization. We rejected that approach because it would have made the organization vulnerable to being taken over by people who disagreed with its mission... [A]ctivist organizations should be steady in their mission. Already in 1985, we could see that many of the people who appreciated the GNU Project's work (developing useful GNU software packages) did not support our goal and values. To look at software issues in terms of freedom was radical and many were reluctant to consider it... So we chose a structure whereby the FSF's governing body would appoint new people to itself... [T]he FSF voting members consist of all the present board members and some past board members. We have found that having some former board members remain as voting members helps stabilize the base of FSF governance.

The divergence between our values and those of most users was expressed differently after 1998, when the term "open source" was coined. It referred to a class of programs which were free/libre or pretty close, but it stood for the same old values of convenience and success, not the goal of freedom for the users of those programs. For them, "scratching your own itch" replaced liberating the community around us. People could become supporters of "open source" without any change in their ideas of right and wrong... It would have been almost inevitable for supporters of "open source" to join the FSF, then vote to convert it into an "open source" organization, if its structure allowed such a course. Fortunately, we had made sure it did not. So we were able to continue spreading the idea that software freedom is a freedom that everyone needs and everyone is entitled to, just like freedom of speech.

In recent years, several influential "open source" organizations have come to be dominated by large companies. Large companies are accustomed to seeking indirect political power, and astroturf campaigns are one of their usual methods. It would be easy for companies to pay thousands of people to join the FSF if by doing so they could alter its goals and values. Once again, our defensive structure has protected us...

A recent source of disagreement with the free software movement's philosophy comes from those who would like to make software licenses forbid the use of programs for various practices they consider harmful. Such license restrictions would not achieve the goal of ending those practices and each restriction would split the free software community. Use restrictions are inimical to the free software community; whatever we think of the practices they try to forbid, we must oppose making software licenses restrict them. Software developers should not have the power to control what jobs people do with their computers by attaching license restrictions. And when some acts that can be done by using computing call for systematic prohibition, we must not allow companies that offer software or online services to decide which ones. Such restrictions, when they are necessary, must be laws, adopted democratically by legislatures...

What new political disagreements will exist in the free software community ten, twenty or thirty years from now? People may try to disconnect the FSF from its values for reasons we have not anticipated, but we can be confident that our structure will give us a base for standing firm. We recently asked our associate members to help us evaluate the current members of the FSF board of directors through a process that will help us preserve the basic structure that protects the FSF from pressure to change its values. A year ago we used this process to select new board members, and it worked very well.

Sincerely,

The Free Software Foundation Board of Directors

While CES wraps up this week, "Not all innovation is good innovation," warns Elizabeth Chamberlain, iFixit's Director of Sustainability (heading their Right to Repair advocacy team). So this year the group held its fourth annual "anti-awards ceremony" to call out CES's "least repairable, least private, and least sustainable products..." (iFixit co-founder Kyle Wiens mocked a $2,200 "smart ring" with a battery that only lasts for 500 charges. "Wanna open it up and change the battery? Well you can't! Trying to open it will completely destroy this device...") There's also a category for the worst in security — plus a special award titled "Who asked for this?" — and then a final inglorious prize declaring "the Overall Worst in Show..."

Thursday their "panel of dystopia experts" livestreamed to iFixit's feed of over 1 million subscribers on YouTube, with the video's description warning about manufacturers "hoping to convince us that they have invented the future. But will their vision make our lives better, or lead humanity down a dark and twisted path?" The video "is a fun and rollicking romp that tries to forestall a future clogged with power-hungry AI and data-collecting sensors," writes The New Stack — though noting one final irony.

"While the ceremony criticized these products, YouTube was displaying ads for them..."

UPDATE: Slashdot reached out to iFixit co-founder Kyle Wiens, who says this teaches us all a lesson. "The gadget industry is insidious and has their tentacles everywhere."

"Of course they injected ads into our video. The beast can't stop feeding, and will keep growing until we knife it in the heart."

Long-time Slashdot reader destinyland summarizes the article: "We're seeing more and more of these things that have basically surveillance technology built into them," iFixit's Chamberlain told The Associated Press... Proving this point was EFF executive director Cindy Cohn, who gave a truly impassioned takedown for "smart" infant products that "end up traumatizing new parents with false reports that their baby has stopped breathing." But worst for privacy was the $1,200 "Revol" baby bassinet — equipped with a camera, a microphone, and a radar sensor. The video also mocks Samsung's "AI Home" initiative which let you answer phone calls with your washing machine, oven, or refrigerator. (And LG's overpowered "smart" refrigerator won the "Overall Worst in Show" award.)

One of the scariest presentations came from Paul Roberts, founder of SecuRepairs, a group advocating both cybersecurity and the right to repair. Roberts notes that about 65% of the routers sold in the U.S. are from a Chinese company named TP-Link — both wifi routers and the wifi/ethernet routers sold for homes and small offices.Roberts reminded viewers that in October, Microsoft reported "thousands" of compromised routers — most of them manufactured by TP-Link — were found working together in a malicious network trying to crack passwords and penetrate "think tanks, government organizations, non-governmental organizations, law firms, defense industrial base, and others" in North America and in Europe. The U.S. Justice Department soon launched an investigation (as did the U.S. Commerce Department) into TP-Link's ties to China's government and military, according to a SecuRepairs blog post.

The reason? "As a China-based company, TP-Link is required by law to disclose flaws it discovers in its software to China's Ministry of Industry and Information Technology before making them public." Inevitably, this creates a window "to exploit the publicly undisclosed flaw... That fact, and the coincidence of TP-Link devices playing a role in state-sponsored hacking campaigns, raises the prospects of the U.S. government declaring a ban on the sale of TP-Link technology at some point in the next year."

TP-Link won the award for the worst in security.

El Salvador secured a $1.4 billion loan deal with the IMF after agreeing to scale back its bitcoin policies, making cryptocurrency acceptance voluntary for businesses and limiting public sector involvement. The deal aims to stabilize the country's economy, with bitcoin's recent rally boosting the value of El Salvador's holdings. The BBC reports: In 2021, El Salvador became the first country in the world to make bitcoin legal tender. This week, the cryptocurrency briefly hit a fresh record high of more than $108,000.

"The potential risks of the Bitcoin project will be diminished significantly in line with Fund policies," the IMF announcement said. "Legal reforms will make acceptance of Bitcoin by the private sector voluntary. For the public sector, engagement in Bitcoin-related economic activities and transactions in and purchases of Bitcoin will be confined." Last Friday, El Salvdaor purchased more than 11 BTC worth $1.07 million and executed another 11 BTC purchase on Sunday, according to crypto data platform Arkham. El Salvador's President, Nayib Bukele, is ramping up buys "with an interim goal of acquiring 20,000 more Bitcoin," reports the Daily Hodl.

Bruce Perens, original co-founder of the Open Source Initiative, has responded to questions from Slashdot readers about a new alternative he's developing that hopefully helps "Post Open" developers get paid.

But first, "One of the things that's clear from the Slashdot patter is that people are not aware of what I've been doing, in general," Perens says. "So, let's start by filling that in..."

Read on for the rest of his wide-ranging answers....

zoobab writes: The US Senate to set to revive Software Patents with the PERA Bill, with a vote on Thursday, November 14, 2024.

A crucial Senate Committee is on the cusp of voting on two bills that would resurrect some of the most egregious software patents and embolden patent trolls. The Patent Eligibility Restoration Act (PERA), S. 2140, would dismantle vital safeguards that prohibit software patents on overly broad concepts. If passed, courts would be compelled to approve software patents on mundane activities like mobile food ordering or basic online financial transactions. This would unleash a torrent of vague and overbroad software patents, which would be wielded by patent trolls to extort small businesses and individuals.

The EFF is inviting members of the public to contact their Senators.

Friday "would have been his 38th birthday," writes the EFF, remembering Aaron Swartz as "a digital rights champion who believed deeply in keeping the internet open..." And they add that today the official web site for Aaron Swartz Day honored his memory with a special podcast "featuring those carrying on the work around issues close to his heart," including an appearance by Brewster Kahle, founder of the Internet Archive.

The first speaker is Ryan Shapiro, FOIA expert and co-founder of the national security transparency non-profit Property of the People. The Aaron Swartz Day site calls him "the researcher who discovered why the FBI had such an interest in Aaron in the years right before the JSTOR fiasco." (That web page calls it an "Al Qaeda phishing expedition that left Aaron with an 'International Terrorism Investigation' code in his FBI database file forever," as reported by Gizmodo.)

Other speakers on the podcast include:

• Nathan Dyer of SecureDrop, Newsroom Support Engineer for the Freedom of the Press Foundation with an update on SecureDrop

• Tracey Jaquith, Founding Coder and TV Architect at the Internet Archive, discussing "Microservices, Monoliths, and Operational Security — The Internet Archive in 2024."

• Tracy Rosenberg, co-founder of the Aaron Swartz Day Police Surveillance Project and Oakland Privacy, with "an update on the latest crop of surveillance battles."

• Ryan Sternlicht, VR developer, educator, researcher, advisor, and maker, on "The Next Layer of Reality: Social Identity and the New Creator Economy."

• Grant Smith Ellis, Chairperson of the Board, MassCann and Legal Intern at the Parabola Center, on "Jury Trials in the Age of Social Media."

• Michael "Mek" Karpeles, Open Library, Internet Archive, on "When it Rains at the Archive, Build an Ark — Book bans, Lawsuits, & Breaches."

The site also seeks to showcase SecureDrop and Open Library, projects started by Aaron before his death, as well as new projects "directly inspired by Aaron and his work."

In 2004 Alaa Abd El Fattah answered questions from Slashdot's readers about organizing the first-ever Linux installfest in Egypt.

In 2014 he was arrested for organizing poltical protests without requesting authorization, according to Wikipedia, and then released on bail — but then sentenced to five years in prison upon retrial. He was released in late March of 2019, but then re-arrested again in September by the National Security Agency, convicted of "spreading fake news" and jailed for five years...

Wikipedia describes Abd El-Fattah as an "Egyptian-British blogger, software developer and a political activist" who has been "active in developing Arabic-language versions of software and platforms." But this week an EFF blog post noticed that his released date had recently passed — and yet he was still in prison: It's been 28 days since September 29, the day that should have seen British-Egyptian blogger, coder, and activist Alaa Abd El Fattah walk free. Egyptian authorities refused to release him at the end of his sentence, in contradiction of the country's own Criminal Procedure Code, which requires that time served in pretrial detention count toward a prison sentence. [Human Rights Watch says Egyptian authorities are refusing to count more than two years of pretrial detention toward his time served. Amnesty International has also called for his release.] In the days since, Alaa's family has been able to secure meetings with high-level British officials, including Foreign Secretary David Lammy, but as of yet, the Egyptian government still has not released Alaa...

Alaa deserves to finally return to his family, now in the UK, and to be reunited with his son, Khaled, who is now a teenager. We urge EFF supporters in the UK to write to their MP to place pressure on the UK's Labour government to use their power to push for Alaa's release.
Last month the EFF wrote:: Over 20 years ago Alaa began using his technical skills to connect coders and technologists in the Middle East to build online communities where people could share opinions and speak freely and privately. The role he played in using technology to amplify the messages of his fellow Egyptians — as well as his own participation in the uprising in Tahrir Square — made him a prominent global voice during the Arab Spring, and a target for the country's successive repressive regimes, which have used antiterrorism laws to silence critics by throwing them in jail and depriving them of due process and other basic human rights.

Alaa is a symbol for the principle of free speech in a region of the world where speaking out for justice and human rights is dangerous and using the power of technology to build community is criminalized...