Communications

FCC 'Rip and Replace' Provision For Chinese Tech Tops Cyber Provisions in Defense Bill (therecord.media) 22

The annual defense policy bill signed by President Joe Biden Monday evening allocates $3 billion to help telecom firms remove and replace insecure equipment in response to recent incursions by Chinese-linked hackers. From a report: The fiscal 2025 National Defense Authorization Act outlines Pentagon policy and military budget priorities for the year and also includes non-defense measures added as Congress wrapped up its work in December. The $895 billion spending blueprint passed the Senate and House with broad bipartisan support.

The $3 billion would go to a Federal Communications Commission program, commonly called "rip and replace," to get rid of Chinese networking equipment due to national security concerns. The effort was created in 2020 to junk equipment made by telecom giant Huawei. It had an initial investment of $1.9 billion, roughly $3 billion shy of what experts said was needed to cauterize the potential vulnerability.

Calls to replenish the fund have increased recently in the wake of two hacking campaigns by China, dubbed Volt Typhoon and Salt Typhoon, that saw hackers insert malicious code in U.S. infrastructure and break into at least eight telecom firms. The bill also includes a watered down requirement for the Defense Department to tap an independent third-party to study the feasibility of creating a U.S. Cyber Force, along with an "evaluation of alternative organizational models for the cyber forces" of the military branches.

Facebook

More Than 140 Kenya Facebook Moderators Diagnosed With Severe PTSD (theguardian.com) 56

An anonymous reader quotes a report from The Guardian: More than 140 Facebook content moderators have been diagnosed with severe post-traumatic stress disorder caused by exposure to graphic social media content including murders, suicides, child sexual abuse and terrorism. The moderators worked eight- to 10-hour days at a facility in Kenya for a company contracted by the social media firm and were found to have PTSD, generalized anxiety disorder (GAD) and major depressive disorder (MDD), by Dr Ian Kanyanya, the head of mental health services at Kenyatta National hospital in Nairobi. The mass diagnoses have been made as part of lawsuit being brought against Facebook's parent company, Meta, and Samasource Kenya, an outsourcing company that carried out content moderation for Meta using workers from across Africa.

The images and videos including necrophilia, bestiality and self-harm caused some moderators to faint, vomit, scream and run away from their desks, the filings allege. The case is shedding light on the human cost of the boom in social media use in recent years that has required more and more moderation, often in some of the poorest parts of the world, to protect users from the worst material that some people post.
The lawsuit claims that at least 40 moderators experienced substance misuse, marital breakdowns, and disconnection from their families, while some feared being hunted by terrorist groups they monitored. Despite being paid eight times less than their U.S. counterparts, moderators worked under intense surveillance in harsh, warehouse-like conditions.
Data Storage

One Third of Adults Can't Delete Device Data 50

The UK's Information Commissioner's Office (ICO) warns that while most adults recognize the importance of wiping personal data from old devices, nearly 30% don't know how, and a significant number of young people either don't care or find it too cumbersome. The Register reports: Clearing personal data off an old device is an important step before ditching it or handing it on to another user. However, almost three in ten (29 percent) of adults don't know how to remove the information, according to a survey of 2,170 members of the UK public. Seventy-one percent agreed that wiping a device was important, but almost a quarter (24 percent) reckoned it was too arduous. This means that the drawer of dusty devices is set to swell -- three-quarters of respondents reported hanging on to at least one old device, and a fifth did so because they were worried about their personal information. [...]

More than one in five (21 percent) of young people in the survey didn't think it was important to wipe personal data, while 23 percent said they didn't care about what might happen to that data. Fourteen percent of people aged 18-34 said they wouldn't bother wiping their devices at all, compared to just 4 percent of people over 55. On the plus side, the majority (84 percent) of respondents said they would ensure data was erased before disposing of a device. Alternatively, some might not worry about it and stick it in that special drawer alongside all the cables that might be needed one day. The survey also found that more than a quarter (27 percent) of UK adults were planning to treat themselves to a new device over the festive season [...].
Censorship

Critics Decry Vietnam's 'Draconian' New Internet Law (theguardian.com) 22

Vietnam's Decree 147 mandates social media users on platforms like Facebook and TikTok to verify their identities and requires tech companies to store and share user data with authorities upon request, sparking concerns over increased censorship, self-censorship, and threats to free expression. Furthermore, the decree imposes restrictions on gaming time for minors and limits livestreaming to verified accounts. It becomes effective on Christmas Day. The Guardian reports: Decree 147, as it is known, builds on a 2018 cybersecurity law that was sharply criticized by the US, EU and internet freedom advocates who said it mimics China's repressive internet censorship. [...] Critics say that decree 147 will also expose dissidents who post anonymously to the risk of arrest. "Many people work quietly but effectively in advancing the universal values of human rights," Ho Chi Minh City-based blogger and rights activist Nguyen Hoang Vi told AFP.

She warned that the new decree "may encourage self-censorship, where people avoid expressing dissenting views to protect their safety -- ultimately harming the overall development of democratic values" in the country. Le Quang Tu Do, of the ministry of information and communications (MIC), told state media that decree 147 would "regulate behavior in order to maintain social order, national security, and national sovereignty in cyberspace." [...]

Human Rights Watch is calling on the government to repeal the "draconian" new decree. "Vietnam's new Decree 147 and its other cybersecurity laws neither protect the public from any genuine security concerns nor respect fundamental human rights," said Patricia Gossman, HRW's associate Asia director. "Because the Vietnamese police treat any criticism of the Communist party of Vietnam as a national security matter, this decree will provide them with yet another tool to suppress dissent."

Facebook

Meta To Add Display To Ray-Bans as Zuckerberg Bets Computing Shift (ft.com) 23

Meta plans to add displays to its Ray-Ban smart glasses as soon as next year, Financial Times reports, as the US tech giant accelerates its plans to build lightweight headsets that can usurp the smartphone as consumers' main computing device. Financial Times: The $1.5tn social media group is planning to add a screen inside the $300 sunglasses it makes and sells in partnership with eyewear group EssilorLuxottica, according to people familiar with the plans. The updated Ray-Bans could be released as early as the second half of 2025, the people said. The small display would be likely to be used to show notifications or responses from Meta's virtual assistant.

The move comes as Meta pushes further into wearable devices and what chief executive Mark Zuckerberg hopes will be the next computing platform, as rivals such as Apple, Google and Snap also race to develop their own similar products.

Businesses

Telegram Turns a Profit for the First Time (nytimes.com) 17

An anonymous reader shares a report: In recent months, Telegram, the lightly moderated social media app, has held discussions with investors who lent it more than $2 billion. The goal: to reassure them that the company remains a viable bet after its founder, Pavel Durov, was arrested in France in August on charges related to illicit activities on the platform.

In the conversations, Telegram told investors that it was tackling its legal troubles head-on by policing more user-generated content. The company also said it had paid down a "meaningful amount" of its debt, according to an investor in the talks who was not authorized to discuss confidential information. Telegram has been under increasing scrutiny around the world this year for hosting illicit content from child predators, drug traffickers and other criminals. The company also faces pressure another way: to prove it can make money.

For years, skeptics have questioned if a platform known for hosting toxic material could turn a profit. Unlike social media companies such as Meta, Telegram took an unusual business path: It did not raise money from venture capitalists, sell advertising based on user data or hire aggressively to accelerate growth. Instead, it relied on Mr. Durov's fame and fortune to sustain its business, took on debt and barreled into the cryptocurrency market. [...] The result: Telegram is set to be profitable this year for the first time, according to a person with knowledge of the finances who declined to be identified discussing internal figures. Revenue is on track to surpass $1 billion, up from nearly $350 million last year, the person said.

DRM

Takedown Notices Hit Luigi Mangione Merchandise and Photos - Including DMCAs (404media.co) 100

Newsweek supplies some context After his arrest, merch — including T-shirts featuring Mangione's booking photos and others taken from his social media accounts — began popping up for sale on several sites. Websites, including Amazon, eBay and Etsy, have moved to take down products that glorify violence or the suspect. An eBay spokesperson told Newsweek that "items that glorify or incite violence, including those that celebrate the recent murder of UHC CEO Brian Thompson, are prohibited."
Inc. magazine adds: Separately, GoFundMe has shuttered several fundraising campaigns created for Mangione. The fundraising site's terms and conditions are pretty clear on the matter, NBC News reports, with a company spokesperson explaining they prohibit "fundraisers for the legal defense of violent crimes."
But one incident was different, according to a post from the law school of the University of British Columbia: To provide a quick summary, Rachel Kenaston, an artist selling merch on TeePublic received an e-mail from the platform regarding intellectual property claim by UnitedHealth Group Inc and decided to remove Kenaston's design from the merch store. Obviously, it is important to point out that it isn't quite clear who is filing those DMCA claims. While TeePublic, in the email, claimed that they have no say in the matter, [an article from 404 Media] goes on to explain that TeePublic has the right to refuse DMCA claims, but often choose not to in order to avoid headache. The design had nothing to do with UnitedHealthcare-it seems to be a picture of the Mangione in a heart frame. Meaning, whether it was UnitedHealthcare or not, the claim shouldn't hold any weight.

Consensus seems to be mostly leaning towards speculation that it is unlikely to be UnitedHealthcare actually filing those DMCA claims, but rather potential competitors... Regardless of whether or not it really was UnitedHealthcare that filed DMCA claims, I think the important point here is that the merch actually did get taken down. In fact, this would be more problematic if it was from a competitor using DMCA as a form of removing competition, because, then it really has nothing to do with intellectual property. I would assume that this happens quite frequently. Especially for YouTubers, it seems that copyright strikes are more than a mere pesky occurrence, but for many, something that affects livelihood...

The difficult part, as always, is finding the balance between protecting the rights of the copyright holders and ensuring that the mechanisms doesn't get abused.

The artist told Gizmodo she was filing a counterclaim to the copyright notice, adding that instead of a DMCA, "I honestly expected the design to be pulled for condoning violence or something..."

Gizmodo published the image — a watercolored rendition of a hostel surveillance-camera photo released by police — adding "UnitedHealth Group didn't respond to questions emailed on Monday [December 16] about how the company could possibly claim a copyright violation had occurred." And while Gizmodo promised they'd update the post if UnitedHealth responded — there has been no update since...

404 Media adds that the watercolor "is not the only United Healthcare or Luigi Mangione-themed artwork on the internet that has been hit with bogus DMCA takedowns in recent days. Several platforms publish the DMCA takedown requests they get on the Lumen Database, which is a repository of DMCA takedowns." On December 7, someone named Samantha Montoya filed a DMCA takedown with Google that targeted eight websites selling "Deny, Defend, Depose" merch that uses elements of the United Healthcare logo... Medium, one of the targeted websites, has deleted the page that the merch was hosted on...

Over the weekend, a lawyer demanded that independent journalist Marisa Kabas take down an image of Luigi Mangione and his family that she posted to Bluesky, which was originally posted on the campaign website of Maryland assemblymember Nino Mangione. The lawyer, Desiree Moore, said she was "acting on behalf of our client, the Doe Family," and claimed that "the use of this photograph is not authorized by the copyright owner and is not otherwise permitted by law..." In a follow-up email to Kabas, Moore said "the owner of the photograph has not authorized anyone to publish, disseminate, or otherwise use the photograph for any purpose, and the photograph has been removed from various digital platforms as a result," which suggests that other websites have also been threatened with takedown requests. Moore also said that her "client seeks to remain anonymous" and that "the photograph is hardly newsworthy."

404 Media believes the takedown request "shows that the Mangione family or someone associated with it is using the prospect of a copyright lawsuit to threaten journalists for reporting on one of the most important stories of the year..."

UPDATE: Long-time Slashdot reader destinyland notes there's an interesting precedent from 2007: [D]eep within the DMCA law is a counter-provision — 512(f), which states that misrepresenting yourself as a copyright owner has consequences. Any damage caused by harmful misrepresentation must be reimbursed. In 2004 the Electronic Frontier Foundation won a six-figure award from Diebold Election Systems, who had claimed a "copyright" on embarrassing internal memos which were published online.
Transportation

Drones Collide, Fall From Sky in Florida Light Show, Seriously Injuring 7-Year-Old Boy (yahoo.com) 79

"Drones collided, fell from the sky and hit a little boy after 'technical difficulties' during a holiday show..." reports the Orlando Sentinel.

They note that a press release from the city said the 8 p.m. show was then cancelled: The company behind the drones, Sky Elements, was in its second year of the contract with the city, the release said. Sky Elements said they operate drone shows throughout the country with millions of viewers annually and are committed to maintaining FAA safety regulations, the company said in a statement released Sunday afternoon. The organization wished for a "speedy recovery" of those impacted by Saturday's show at Lake Eola, the statement said. "The well-being of our audience is our utmost priority, and we regret any distress or inconvenience caused," the statement said. "We are diligently working with the FAA and City of Orlando officials to determine the cause and are committed to establishing a clear picture of what transpired."

The show is in its third year, often drawing crowds of roughly 25,000, according to the city. But there has never been an incident before. The Federal Aviation Administration regulates drones and light shows and permitted the Holiday Drone Show at Lake Eola on Saturday. Now they are investigating the incident which they said began as drones collided and fell into the crowd at the park, spokesperson Kristen Alsop said in an email... Eyewitness videos on social media show multiple green and red drones falling from the sky.

The mother of the 7-year-old boy hit by a falling drone told a local TV station that the holiday show "ended in nightmares," adding that it happened just days before Christmas. She believes big-audience drone light shows need more safety precautions. "This should not happen. No family should be going through this." She added on Facebook that her 7-year-old son is now "going into emergency heart surgery off of just trying to watch a drone show."

She adds that the city of Orlando and the drone company behind the light show "really have some explaining to do." Responding to comments on Facebook, she posted two hours ago: "Thank you everyone. He is still in surgery."
Power

Scientists Build a Nuclear-Diamond Battery That Could Power Devices for Thousands of Years (livescience.com) 89

The world's first nuclear-powered battery — a diamond with an embedded radioactive isotope — could power small devices for thousands of years, according to scientists at the UK's University of Bristol.

Long-time Slashdot reader fahrbot-bot shared this report from LiveScience: The diamond battery harvests fast-moving electrons excited by radiation, similar to how solar power uses photovoltaic cells to convert photons into electricity, the scientists said.

Scientists from the same university first demonstrated a prototype diamond battery — which used nickel-63 as the radioactive source — in 2017. In the new project, the team developed a battery made of carbon-14 radioactive isotopes embedded in manufactured diamonds. The researchers chose carbon-14 as the source material because it emits short-range radiation, which is quickly absorbed by any solid material — meaning there are no concerns about harm from the radiation. Although carbon-14 would be dangerous to ingest or touch with bare hands, the diamond that holds it prevents any short-range radiation from escaping. "Diamond is the hardest substance known to man; there is literally nothing we could use that could offer more protection," Neil Fox, a professor of materials for energy at the University of Bristol, said in the statement...

A single nuclear-diamond battery containing 0.04 ounce (1 gram) of carbon-14 could deliver 15 joules of electricity per day. For comparison, a standard alkaline AA battery, which weighs about 0.7 ounces (20 grams), has an energy-storage rating of 700 joules per gram. It delivers more power than the nuclear-diamond battery would in the short term, but it would be exhausted within 24 hours. By contrast, the half-life of carbon-14 is 5,730 years, which means the battery would take that long to be depleted to 50% power....

[A] spacecraft powered by a carbon-14 diamond battery would reach Alpha Centauri — our nearest stellar neighbor, which is about 4.4 light-years from Earth — long before its power were significantly depleted.

The battery has no moving parts, according to the article. It "requires no maintenance, nor does it have any carbon emissions."
AI

Home Assistant's New Voice Assistant Answers To 'Hey Jarvis' 31

Home Assistant (not to be confused with the Google Assistant on Google Home) has launched the Voice Preview Edition (Voice PE), its first dedicated voice assistant hardware for $59. The device offers a privacy-focused, locally controlled solution that supports over 50 languages and integrates seamlessly with the open-source smart home platform. As The Verge notes, Voice PE supports the wake words "Hey Jarvis" right out of the box. From the report: The Voice PE is a small white box, about the size of your palm, with dual microphones and an audio processor. An internal speaker lets you hear the assistant, but you can also connect a speaker to it via a 3.5 mm headphone jack for better-quality media playback. A colored LED ring on top of the Voice PE indicates when the assistant is listening. It surrounds a rotary dial and a physical button, which is used for setup and to talk to the voice assistant without using the wake word. The button can also be customized to do whatever you want (because this is Home Assistant). A physical mute switch is on the side, and the device is powered by USB-C (charger and cable not included). There's also a Grove port where you can add sensors and other accessories.

For those who don't like the idea of always-listening microphones in their home from companies such as Amazon and Google, but who still want the convenience of controlling their home with their voice, the potential here is huge. But it may be a while until Voice PE is ready to replace your Echo or Nest smart speaker. [...] if you want more features, Voice PE can connect to supported AI models, such as ChatGPT or Gemini, to fully replace Assist or use it as a fallback for commands it doesn't understand. But for many smart home users, there will be plenty of value in a simple, inexpensive device that lets you turn your lights on and off, start a timer, and execute other useful commands with your voice without relying on an internet connection.
United Kingdom

UK Arts and Media Reject Plan To Let AI Firms Use Copyrighted Material (theguardian.com) 52

Writers, publishers, musicians, photographers, movie producers and newspapers have rejected the Labour government's plan to create a copyright exemption to help AI companies train their algorithms. From a report: In a joint statement, bodies representing thousands of creatives dismissed the proposal made by ministers on Tuesday that would allow companies such as Open AI, Google and Meta to train their AI systems on published works unless their owners actively opt out.

The Creative Rights in AI Coalition (Crac) said existing copyright laws must be respected and enforced rather than degraded. The coalition includes the British Phonographic Industry, the Independent Society of Musicians, the Motion Picture Association and the Society of Authors as well as Mumsnet, the Guardian, Financial Times, Telegraph, Getty Images, the Daily Mail Group and Newsquest.

Their intervention comes a day after the technology and culture minister Chris Bryant told parliament the proposed system, subject to a 10-week consultation, would "improve access to content by AI developers, whilst allowing rights holders to control how their content is used for AI training."

Businesses

Ingram Micro To 'Stop Doing Business' With Broadcom, Downgrade To 'Limited Engagement' On VMware (theregister.com) 28

The Register's Simon Sharwood reports: Tech distribution behemoth Ingram Micro will stop doing business with Broadcom and its VMware range in many territories next year. In a statement sent to The Register, an Ingram spokesperson told us: "We were unable to reach an agreement with Broadcom that would help our customers deliver the best technology outcomes now and in the future while providing an appropriate shareholder return." That decision means that from "early January 2025, Ingram Micro will no longer be doing business with Broadcom and have limited engagement with VMware in select regions."

The distie told us this change is not material to its business, and customers and other vendors have been informed. "For us and the more than 1,500 vendors and 161,000 customers we work with, the future of business is focused on transforming relationships, not just transacting sales," the spokesperson explained. Ingram's decision is a challenge to Broadcom, which after acquiring VMware decided to emphasize services delivered through the channel for many customers. However, The Register has heard from VMware users who felt Ingram struggled to handle the increased responsibilities it assumed under this arrangement. We've been told of slow responses, and that Ingram struggled to replicate the expertise that pre-acquisition VMware's support teams delivered. Banter on social media suggests similar experiences were not uncommon.

Ingram's decision means VMware's channel has more change to digest, after a year in which Broadcom cancelled its partner program and created a new one that excluded some existing partners. Some of those partners ran small VMware-powered clouds, and faced being unable to secure licenses â" meaning their customers would have faced unwelcome disruption. Broadcom hastily created a scheme under which small resellers outside its cloud partner program could acquire licenses from bigger players. Another change to Broadcom's plans saw it cordon off 2,000 VMware customers to work with directly, rendering them off limits to its channel. It then diluted that decision by deciding it will work direct with only 500 VMware users. Resellers that don't have relationships with distributors other than Ingram will now need to make friends -- fast.

Government

Spain Introduces Bill To Combat Online Fake News (theguardian.com) 97

Spain's leftwing government has introduced a bill requiring digital platforms and social media influencers with large followings to publish corrections to false or harmful information. The law intends to "[make] life more difficult for those who dedicate themselves to lies and spreading fake news every day," said justice minister Felix Bolanos. The Guardian reports: The draft law replaces legislation from 1984 and targets internet users who have more than 100,000 followers on a single platform or 200,000 across several, the justice ministry said in a statement. These outlets and the platforms that host them must have a mechanism to facilitate citizens' right to ask that false or inaccurate information that harms them be corrected publicly, the ministry said. The correction request will no longer have to be addressed to the outlet's director because confirming their identity is difficult for many "pseudo media," justice minister Felix Bolanos told a press conference.
Wireless Networking

China Kicks Off Homebrew Bluetooth Alternative 'Star Flash' As It Pushes Universal Remotes (theregister.com) 53

An anonymous reader quotes a report from The Register: China's Electronics Video Industry Association last week signed off on a standard for a universal remote control -- a gadget Beijing thinks locals need because they're struggling with multiple remotes, but which is also a little more significant in other ways. The standard requires remote controls to allow voice control, and to use one of three means of wireless comms: Bluetooth, infrared, and Star Flash -- more on that later. It has been hailed as a boon for consumers who apparently struggle to find the right remote control to use as they navigate between televisions and set-top boxes.

This standard reportedly detects which device a user wants to control, makes the connection, and eases the chore of directing a stream from a set-top box to a display. Device-makers have been told that televisions and set-top boxes must support the standard, and they've quickly complied: local media report that Chinese consumer electronics outfit Konka has already delivered the first Smart TV capable of handling the universal remote. Building a standard ecosystem for universal remotes has obvious benefits for consumers, who should be able to use one unit across multiple devices and won't be tied to proprietary tech. But this move has other benefits for Beijing, thanks to its requirement to use China's home-grown Bluetooth alternative, Star Flash.

Star Flash is one of the projects run by the SparkLink Alliance -- a group that lists hundreds of Chinese developers and manufacturers as members. Huawei contributes tech to the group. Chinese IoT hardware vendor Qogrisys has described it as an upgrade to both Bluetooth and Wi-Fi that incorporates ideas used in 5G networks, is capable of handling multiple simultaneous device connections, sips power sparingly so battery-powered devices go longer between recharges, and can stream lossless stereo audio. Chinese consumer electronic and automotive brands are already keen to use Star Flash, and the Alliance is promoting its use in industrial settings too. China will promote use of universal remotes in 2025 -- meaning the protocol may soon appear in millions of domestic devices, giving manufacturers scale to justify further investment.

Businesses

Companies Issuing RTO Mandates 'Lose Their Best Talent': Study (arstechnica.com) 96

An anonymous reader quotes a report from Ars Technica: Return-to-office (RTO) mandates have caused companies to lose some of their best workers, a study tracking over 3 million workers at 54 "high-tech and financial" firms at the S&P 500 index has found. These companies also have greater challenges finding new talent, the report concluded. The paper, Return-to-Office Mandates and Brain Drain [PDF], comes from researchers from the University of Pittsburgh, as well as Baylor University, The Chinese University of Hong Kong, and Cheung Kong Graduate School of Business. The study, which was published in November, spotted this month by human resources (HR) publication HR Dive, and cites Ars Technica reporting, was conducted by collecting information on RTO announcements and sourcing data from LinkedIn.

The researchers said they only examined companies with data available for at least two quarters before and after they issued RTO mandates. The researchers explained: "To collect employee turnover data, we follow prior literature ... and obtain the employment history information of over 3 million employees of the 54 RTO firms from Revelio Labs, a leading data provider that extracts information from employee LinkedIn profiles. We manually identify employees who left a firm during each period, then calculate the firm's turnover rate by dividing the number of departing employees by the total employee headcount at the beginning of the period. We also obtain information about employees' gender, seniority, and the number of skills listed on their individual LinkedIn profiles, which serves as a proxy for employees' skill level."

There are limits to the study, however. The researchers noted that the study "cannot draw causal inferences based on our setting." Further, smaller firms and firms outside of the high-tech and financial industries may show different results. Although not mentioned in the report, relying on data from a social media platform could also yield inaccuracies, and the number of skills listed on a LinkedIn profile may not accurately depict a worker's skill level. [...] The researchers concluded that the average turnover rates for firms increased by 14 percent after issuing return-to-office policies. "We expect the effect of RTO mandates on employee turnover to be even higher for other firms" the paper says.

United States

DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7 (404media.co) 76

The Department of Homeland Security (DHS) believes that China, Russia, Iran, and Israel are the "primary" countries exploiting security holes in telecommunications networks to spy on people inside the United States, which can include tracking their physical movements and intercepting calls and texts, according to information released by Senator Ron Wyden. 404 Media: The news provides more context around use of SS7, the exploited network and protocol, against phones in the country. In May, 404 Media reported that an official inside DHS's Cybersecurity Insurance and Security Agency (CISA) broke with his department's official narrative and publicly warned about multiple SS7 attacks on U.S. persons in recent years. Now, the newly disclosed information provides more specifics on where at least some SS7 attacks are originating from.

The information is included in a letter the Department of Defense (DoD) wrote in response to queries from the office of Senator Wyden. The letter says that in September 2017 DHS personnel gave a presentation on SS7 security threats at an event open to U.S. government officials. The letter says that Wyden staff attended the event and saw the presentation. One slide identified the "primary countries reportedly using telecom assets of other nations to exploit U.S. subscribers," it continues.

Math

Huge Math Error Corrected In Black Plastic Study (arstechnica.com) 105

Ars Technica's Beth Mole reports: Editors of the environmental chemistry journal Chemosphere have posted an eye-catching correction to a study reporting toxic flame retardants from electronics wind up in some household products made of black plastic, including kitchen utensils. The study sparked a flurry of media reports a few weeks ago that urgently implored people to ditch their kitchen spatulas and spoons. Wirecutter even offered a buying guide for what to replace them with. The correction, posted Sunday, will likely take some heat off the beleaguered utensils. The authors made a math error that put the estimated risk from kitchen utensils off by an order of magnitude.

Specifically, the authors estimated that if a kitchen utensil contained middling levels of a key toxic flame retardant (BDE-209), the utensil would transfer 34,700 nanograms of the contaminant a day based on regular use while cooking and serving hot food. The authors then compared that estimate to a reference level of BDE-209 considered safe by the Environmental Protection Agency. The EPA's safe level is 7,000 ng -- per kilogram of body weight -- per day, and the authors used 60 kg as the adult weight (about 132 pounds) for their estimate. So, the safe EPA limit would be 7,000 multiplied by 60, yielding 420,000 ng per day. That's 12 times more than the estimated exposure of 34,700 ng per day. However, the authors missed a zero and reported the EPA's safe limit as 42,000 ng per day for a 60 kg adult. The error made it seem like the estimated exposure was nearly at the safe limit, even though it was actually less than a tenth of the limit.
"We regret this error and have updated it in our manuscript," the authors said in a correction.

"This calculation error does not affect the overall conclusion of the paper," the correction reads. The study maintains that flame retardants "significantly contaminate" the plastic products, which have "high exposure potential."
Books

Bill Gates Recommends Four Books That 'Make Sense of the World' (gatesnotes.com) 130

This month Bill Gates recommended four books about making sense of the world, including The Coming Wave, by Mustafa Suleyman. Gates calls it "the book I recommend more than any other on AI — to heads of state, business leaders, and anyone else who asks — because it offers something rare: a clear-eyed view of both the extraordinary opportunities and genuine risks ahead." After helping build DeepMind from a small startup into one of the most important AI companies of the past decade, [Suleyman] went on to found Inflection AI and now leads Microsoft's AI division. But what makes this book special isn't just Mustafa's firsthand experience — it's his deep understanding of scientific history and how technological revolutions unfold. He's a serious intellectual who can draw meaningful parallels across centuries of scientific advancement. Most of the coverage of The Coming Wave has focused on what it has to say about artificial intelligence — which makes sense, given that it's one of the most important books on AI ever written. And there is probably no one as qualified as Mustafa to write it...

But what sets his book apart from others is Mustafa's insight that AI is only one part of an unprecedented convergence of scientific breakthroughs. Gene editing, DNA synthesis, and other advances in biotechnology are racing forward in parallel. As the title suggests, these changes are building like a wave far out at sea — invisible to many but gathering force. Each would be game-changing on its own; together, they're poised to reshape every aspect of society... [P]rogress is already accelerating as costs plummet and computing power grows. Then there are the incentives for profit and power that are driving development. Countries compete with countries, companies compete with companies, and individuals compete for glory and leadership. These forces make technological advancement essentially unstoppable — and they also make it harder to control...

How do we limit the dangers of these technologies while harnessing their benefits? This is the question at the heart of The Coming Wave, because containment is foundational to everything else. Without it, the risks of AI and biotechnology become even more acute. By solving for it first, we create the stability and trust needed to tackle everything else... [Suleyman] lays out an agenda that's appropriately ambitious for the scale of the challenge — ranging from technical solutions (like building an emergency off switch for AI systems) to sweeping institutional changes, including new global treaties, modernized regulatory frameworks, and historic cooperation among governments, companies, and scientists...

In an accompanying Christmas-themed video, Gates adds that "Of all the books on AI, that's the one I recommend the most."

Gates also recommends The Anxious Generation by Jonathan Haidt, saying it "made me reflect on how much of my younger years — which were often spent running around outside without parental supervision, sometimes getting into trouble — helped shape who I am today. Haidt explains how the shift from play-based childhoods to phone-based childhoods is transforming how kids develop and process emotions." (In the video Gates describes it as "kind of a scary book, but very convincing. [Haidt] writes about the rise of mental illness, and anxiety in children. He, unlike some books, actually has some prescriptions, like kids not using phones until much later, parenting style differences. I think it's a super-important book.")

Gates goes into the book's thesis in a longer blog post: that "we're actually facing two distinct crises: digital under-parenting (giving kids unlimited and unsupervised access to devices and social media) and real-world over-parenting (protecting kids from every possible harm in the real world). The result is young people who are suffering from addiction-like behaviors — and suffering, period — while struggling to handle challenges and setbacks that are part of everyday life." [Haidt] makes a strong case for better age verification on social media platforms and delaying smartphone access until kids are older. Literally and figuratively, he argues, we also need to rebuild the infrastructure of childhood itself — from creating more engaging playgrounds that encourage reasonable risk-taking, to establishing phone-free zones in schools, to helping young people rediscover the joy of in-person interaction.
Gates also recommends Engineering in Plain Sight, by Grady Hillhouse, a book which he says "encourages curiosity." ("Hillhouse takes all of the mysterious structures we see every day, from cable boxes to transformers to cell phone towers, and explains what they are and how they work. It's the kind of read that will reward your curiosity and answer questions you didn't even know you had.")

And finally, Gates recommends an autobiography by 81-year-old Pulitzer Prize-winning historian/biographer/former sports journalist Doris Kearns Goodwin, who assesses the impact of President Lyndon Johnson's policies in a surprising "personal history of the 1960s."
AI

Protecting 'Funko' Brand, AI-Powered 'BrandShield' Knocks Itch.io Offline After Questionable Registrar Communications (polygon.com) 48

Launched in 2013, itch.io lets users host and sell indie video games online — now offering more than 200,000 — as well as other digital content like music and comics. But then someone uploaded a page based on a major videogame title, according to Game Rant. And somehow this provoked a series of overreactions and missteps that eventually knocked all of itch.io offline for several hours...

The page was about the first release from game developer 10:10 — their game Funko Fusion, which features characters in the style of Funko's long-running pop-culture bobbleheads. As a major brand, Funko monitors the web with a "brand protection" partner (named BrandShield). Interestingly, BrandShield's SaaS product "leverages AI-driven online brand protection," according to their site, to "detect and remove" things like brand impersonations "with over 98% success. Our advanced takedown capabilities save you time..." (Although BrandShield's CEO told the Verge that following AI reports "our team of Cybersecurity Threat hunters and IP lawyers decide on what actions should be taken.") This means that after automatically spotting the itch.io page with its web-crawling software, it was BrandShield's "team of Cybersecurity Threat hunters and IP lawyers" who decided to take action (for that specific page). But itch.io founder Leaf Corcoran commented on social media: From what I can tell, some person made a fan page for an existing Funko Pop video game (Funko Fusion), with links to the official site and screenshots of the game. The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this.
Corcoran says he replied to both his registrar (iwantmyname) and to his site's host, telling them he'd removed the offending page (and disabled its uploader's account). This satisfied his host, Corcoran writes — but the registrar's owner later told him they'd never received his reply.

"And that's why they took the domain down."

In an interview with Polygon, Corcoran points out that the web page in question had already been dealt with five days before his registrar offlined his entire site. "No communication after that.... No 'We haven't heard from you, we're about to shut your domain down' or anything like that."

Defending themselves over the incident, BrandShield posted on X.com that they'd identified an "infringement" (also calling it an "abuse"), and that they'd requested "a takedown of the URL in question — not of the entire itch.io domain." They don't say this, but it seems like their concern might've been that the page looked official enough to impersonate Funko Fusion. But X.com readers added this context. "Entire domains do not go down on the basis of a copyright takedown request of an individual URL. This is the direct result of a fraudulent claim of malicious activity."

And Corcoran also posted an angry summation on X.com: I kid you not, @itchio has been taken down by @OriginalFunko because they use some trash "AI Powered" Brand Protection Software called @BrandShieldltd that created some bogus Phishing report to our registrar, @iwantmyname, who ignored our response and just disabled the domain.
The next day Funko's official account on X.com also issued their own statement that they "hold a deep respect and appreciation for indie games, indie gamers, and indie developers." (Though "Added Context" from X.com readers notes Funko's statement still claimed a "takedown request" was issued, rather than what Corcoran says was a false "fraud and phishing" report.)

Funko.com also posted that they'd "reached out" to itch.io "to engage with them on this issue." But this just led to another angry post from Corcoran. "This is not a joke, Funko just called my mom." Cocoran then posted what looks like a screenshot of a text message his mother sent him. Though she doesn't say which company was involved, his mother's text says she "Got a strange call from a company about accusatory statements on your social media account. Call me..."

Thanks to ewhac (Slashdot reader #5,844) for sharing the news.
Transportation

Waymo Robotaxis Pass Emergency Vehicle Review. But One Got Stuck in a Roundabout (techcrunch.com) 36

An anonymous reader shared this report from The Verge: Waymo's driverless vehicles can detect emergency vehicles, know how to respond to hand signals for traffic cops, and can be disabled manually when something goes wrong, according to an independent review of the company's first responder protocols. As such, the Alphabet company's first responder protocols passed an independent review conducted by Tüv Süd, a German tech inspection company. The firm's assessment found that Waymo's First Responder Program "meets industry standards" for responding to emergency situations, which is in line with the best practices set out in the Society of Automotive Engineers (SAE)...

Waymo is staking out the position that it goes beyond what's required to prove that its vehicles are trustworthy... The company has also publicly released its own guide for first responders who are responding to incidents involving autonomous vehicles. The 32-page document includes a toll free number for getting in touch with remote operators, a visual guide for disabling the vehicle's autonomous mode, and instructions for how to disconnect the high-voltage battery. Waymo also hosts training sessions for police and fire officials in the cities in which it operates. The company says it has trained 15,000 first responders from over 75 agencies.

Gizmodo notes that Waymo's self-driving cars are already live for paying customers in San Francisco, Los Angeles, and Austin, "with deployment in Miami coming soon." But Waymo's self-driving cars still attract some mockery online, reports TechCrunch: A video is circulating on social media showing a Waymo robotaxi going round and round on a roundabout — as if it is stuck in a loop. A Waymo spokesperson told TechCrunch there were no passengers onboard the vehicle in the video and said the company has already addressed the issue by deploying a software update to its fleet.

Slashdot Top Deals