American hospitals and healthcare organizations would be required to adopt multi-factor authentication (MFA) and other minimum cybersecurity standards under new legislation proposed by a bipartisan group of US senators. From a report: The Health Care Cybersecurity and Resiliency Act of 2024 [PDF], introduced on Friday by US Senators Bill Cassidy (R-Louisiana), Mark Warner (D-Virginia), John Cornyn (R-Texas), and Maggie Hassan (D-New Hampshire), would, among other things, require better coordination between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) around cybersecurity in the healthcare and public health sector.

This includes giving HHS a year to implement a cybersecurity incident response plan and update the types of information displayed publicly via the department's breach reporting portal. Currently, all healthcare orgs that are considered "covered entities" under the US Health Insurance Portability and Accountability Act (HIPAA) are required to notify HHS if they are breached. The new law would require breached entities to report how many people were affected by the security incident.

It would also mandate that the portal include details on "any corrective action taken against a covered entity that provided notification of a breach" as well as "recognized security practices that were considered" during the breach investigation, plus any other information that the HHS secretary deems necessary.

Blue Yonder, a Panasonic subsidiary specializing in AI-driven supply chain solutions, experienced a recent ransomware attack that impacted many of its customers. "Among its 3,000 customers are high-profile organizations like DHL, Renault, Bayer, Morrisons, Nestle, 3M, Tesco, Starbucks, Ace Hardware, Procter & Gamble, Sainsbury, and 7-Eleven," reports BleepingComputer. From the report: On Friday, the company warned that it was experiencing disruptions to its managed services hosting environment due to a ransomware incident that occurred the day before, on November 21. "On November 21, 2024, Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident," reads the announcement. "Since learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process. We have implemented several defensive and forensic protocols."

Blue Yonder claims it has detected no suspicious activity in its public cloud environment and is still processing multiple recovery strategies. [...] As expected, this has impacted clients directly, as a spokesperson for UK grocery store chain Morrisons has confirmed to the media they have reverted to a slower backup process. Sainsbury told CNN that it had contingency plans in place to overcome the disruption. A Saturday update informed customers that the restoration of the impacted services continued, but no specific timelines for complete restoration could be shared yet. Another update published on Sunday reiterated the same, urging clients to monitor the customer update page on Blue Yonder's website over the coming days.

An anonymous reader quotes a report from Ars Technica: The Supreme Court signaled it may take up a case that could determine whether Internet service providers must terminate users who are accused of copyright infringement. In an order (PDF) issued today, the court invited the Department of Justice's solicitor general to file a brief "expressing the views of the United States."

In Sony Music Entertainment v. Cox Communications, the major record labels argue that cable provider Cox should be held liable for failing to terminate users who were repeatedly flagged for infringement based on their IP addresses being connected to torrent downloads. There was a mixed ruling at the US Court of Appeals for the 4th Circuit as the appeals court affirmed a jury's finding that Cox was guilty of willful contributory infringement but reversed a verdict on vicarious infringement "because Cox did not profit from its subscribers' acts of infringement." That ruling vacated a $1 billion damages award and ordered a new damages trial. Cox and Sony are both seeking a Supreme Court review. Cox wants to overturn the finding of willful contributory infringement, while Sony wants to reinstate the $1 billion verdict.

The Supreme Court asking for US input on Sony v. Cox could be a precursor to the high court taking up the case. For example, the court last year asked the solicitor general to weigh in on Texas and Florida laws that restricted how social media companies can moderate their platforms. The court subsequently took up the case and vacated lower-court rulings, making it clear that content moderation is protected by the First Amendment.

Some days more than half of California's available solar power goes to waste, according to research from the California Institute for Energy and Environment. "In the last 12 months, California's solar farms have curtailed production of more than 3 million megawatt hours of solar energy," according to a data analysis by the Los Angeles Times — enough to power 518,000 California homes for a year.

And it was curtailed "either on the orders of the state's grid operator or because prices had plummeted because of the glut. The waste would have been even larger if California had not paid utilities in other states to take the excess solar energy, documents from the state's grid operator show." That means green energy paid for by California electricity customers is sent away, lowering bills for residents of other states. Arizona's largest public utility reaped $69 million in savings last year by buying from the market California created to get rid of its excess solar power. The utility returned that money to its customers as a credit on their bills. Also reaping profits are electricity traders, including banks and hedge funds. The increasing oversupply of solar power has created a situation where energy traders can buy the excess at prices so low they become negative, said energy consultant Gary Ackerman, the former executive director of the Western Power Trading Forum. That means the solar plant is paying the traders to take it. "This is all being underwritten by California ratepayers," Ackerman said...

The solar glut also means higher electricity bills for Californians, since they are effectively paying to generate the power but not using it. California's electric rates are roughly twice the nation's average, with only Hawaii having higher rates. Rates at Southern California Edison and Pacific Gas & Electric increased by 51% over the last three years. "Ratepayers aren't getting the energy they've paid for," said Ron Miller, an energy industry consultant in Denver. He calculates that the retail value of the solar energy thrown away in a year would be more than $1 billion.

Gov. Gavin Newsom's advisors and those who manage the state's electric grid say they are working to reduce the curtailments, including by building more industrial-scale battery storage facilities that soak up the excess solar power during the day and then release it at night. Officials in the governor's office declined to be interviewed, but issued a statement saying the curtailments are often because of congestion on transmission lines, rather than a statewide oversupply of power. The state has been spending heavily to upgrade transmission lines to ease the congestion. "It's also important to have extra energy resources available that can help the state during periods of extreme weather and historic heatwaves when demand is particularly high, which have happened the past few years," the statement said...

The commercial solar industry contends that the expansion of storage capacity to bank solar power will eventually eliminate the glut.

June, 2023: "Harvard Scholar Who Studies Honesty Is Accused of Fabricating Findings."

November, 2024: "The Business-School Scandal That Just Keeps Getting Bigger." A senior editor at the Atlantic raises the possibility of systemic dishonesty-rewarding incentives where "a study must be even flashier than all the other flashy findings if its authors want to stand out," writing that "More than a year since all of this began, the evidence of fraud has only multiplied."

And the suspect isn't just Francesca Gino, a Harvard Business School professor. One person deeply affected by all this is Gino's co-author, a business school professor from the University of California at Berkeley — Juliana Schroeder — who launched an audit of all 138 studies conducted by Francesca Gino (called "The Many Coauthors Project"): Gino was accused of faking numbers in four published papers. Just days into her digging, Schroeder uncovered another paper that appeared to be affected — and it was one that she herself had helped write... The other main contributor was Alison Wood Brooks, a young professor and colleague of Gino's at Harvard Business School.... If Brooks did conduct this work and oversee its data, then Schroeder's audit had produced a dire twist. The Many Co-Authors Project was meant to suss out Gino's suspect work, and quarantine it from the rest... But now, to all appearances, Schroeder had uncovered crooked data that apparently weren't linked to Gino.... Like so many other scientific scandals, the one Schroeder had identified quickly sank into a swamp of closed-door reviews and taciturn committees. Schroeder says that Harvard Business School declined to investigate her evidence of data-tampering, citing a policy of not responding to allegations made more than six years after the misconduct is said to have occurred...

In the course of scouting out the edges of the cheating scandal in her field, Schroeder had uncovered yet another case of seeming science fraud. And this time, she'd blown the whistle on herself. That stunning revelation, unaccompanied by any posts on social media, had arrived in a muffled update to the Many Co-Authors Project website. Schroeder announced that she'd found "an issue" with one more paper that she'd produced with Gino... [Schroeder] said that the source of the error wasn't her. Her research assistants on the project may have caused the problem; Schroeder wonders if they got confused...

What feels out of reach is not so much the truth of any set of allegations, but their consequences. Gino has been placed on administrative leave, but in many other instances of suspected fraud, nothing happens. Both Brooks and Schroeder appear to be untouched. "The problem is that journal editors and institutions can be more concerned with their own prestige and reputation than finding out the truth," Dennis Tourish, at the University of Sussex Business School, told me. "It can be easier to hope that this all just goes away and blows over and that somebody else will deal with it...." [Tourish also published a 2019 book decrying "Fraud, Deception and Meaningless Research," which the article notes "cites a study finding that more than a third of surveyed editors at management journals say they've encountered fabricated or falsified data."] Maybe the situation in her field would eventually improve, [Schroeder] said. "The optimistic point is, in the long arc of things, we'll self-correct, even if we have no incentive to retract or take responsibility."

"Do you believe that?" I asked.

"On my optimistic days, I believe it."

"Is today an optimistic day?"

"Not really."

Meta wants to force Apple and Google to verify the ages of people downloading apps from their app stores, reports the Washington Post — and now Meta's campaign "is picking up momentum" with legislators in the U.S. Congress.

Federal and state lawmakers have recently proposed a raft of measures requiring that platforms such as Meta's Facebook and Instagram block users under a certain age from using their sites. The push has triggered fierce debate over the best way to ascertain how old users are online. Last year Meta threw its support behind legislation that would push those obligations onto app stores rather than individual app providers, like itself, as your regular host and Naomi Nix reported. While some states have considered the plan, it has not gained much traction in Washington.

That could be shifting. Two congressional Republicans are preparing a new age verification bill that places the burden on app stores, according to two people familiar with the matter, who spoke on the condition of anonymity to discuss the plans... The bill would be the first of its kind on Capitol Hill, where lawmakers have called for expanding guardrails for children amid concerns about the risks of social media but where political divisions have bogged down talks. The measure would give parents the right to sue an app store if their child was exposed to certain content, such as lewd or sexual material, according to a copy obtained by the Tech Brief. App stores could be protected against legal claims, however, if they took steps to protect children against harms, such as verifying their ages and giving parents the ability to block app downloads.
The article points out that U.S. lawmakers "have the power to set national standards that could override state efforts if they so choose..."

An anonymous reader quotes a report from Reuters: Google has sued one of its former engineers in Texas federal court, accusing him of stealing trade secrets related to its chip designs and sharing them publicly on the internet. The lawsuit, filed on Tuesday (PDF), said that Harshit Roy "touted his dominion" over the secrets in social media posts, tagging competitors and making threatening statements to the company including "I need to take unethical means to get what I am entitled to" and "remember that empires fall and so will you."

Google hired Roy in 2020 to develop computer chips used in Google Pixel devices like smartphones. Google said in the lawsuit that Roy resigned in February and moved from Bangalore, India to the United States in August to attend a doctorate program at the University of Texas at Austin. According to the complaint, Roy began posting confidential Google information to his X account later that month along with "subversive text" directed at the company, such as "don't expect me to adhere to any confidentiality agreement." The posts included photographs of internal Google documents with specifications for Pixel processing chips.

The lawsuit said that Roy ignored Google's takedown requests and has posted additional trade secrets to X and LinkedIn since October. Google alleged that Roy tagged competitors Apple and Qualcomm in some of the posts, "presumably to maximize the potential harm of his disclosure." Google's complaint also said that several news outlets have published stories with confidential details about Google's devices based on the information that Roy leaked. Google asked the court for an unspecified amount of monetary damages and court orders blocking Roy from using or sharing its secrets.

Baidu's new Apollo Go robotaxi brings significant advances in affordability and scalability that should make U.S. competitors like Waymo a bit nervous, according to The Verge's Andrew J. Hawkins. From the report: The RT6 is the sixth generation of Apollo Go's driverless vehicle, which made its official debut in May 2024. It's a purpose-built, Level 4 autonomous vehicle, meaning it's built without the need for a human driver. And here's the thing that should make US competitors nervous: adopting a battery-swapping solution, the price for one individual RT6 is "under $30,000," Baidu CEO Robin Li said in an earnings call. "All the strengths just mentioned above are driving us forward, paving the way to validate our business model," Li added. [...]

We still don't know the net effect of Baidu's cost improvements. But bringing down the upfront cost of each individual vehicle to below $30,000 will go a long way toward improving the company's unit economics, in which each vehicle brings in more money than it costs. There are still a lot of outstanding costs to consider, such as hardware depreciation and fleet maintenance, but from what Baidu is signaling, things are on the right track. From the looks of it, the company is passing those savings along to its customers. Base fares start as low as 4 yuan (around 55 cents), compared with 18 yuan (around $2.48) for a taxi driven by a human, according to state media outlet Global Times. Apollo Go said it has provided 988,000 rides across all of China in Q3 2024 -- a year-over-year growth of 20 percent. And cumulative public rides reached 8 million in October.

An anonymous reader shares a report: Plex is beginning to test its "newly reimagined Plex experience," which will be available first on mobile and is coming to TV platforms "very soon." Plex says the new experience has been in development for almost two years and is "designed to bring everything you love into one seamless interface." But don't worry -- while the new version of the app is currently missing some features, Plex says it will be "closing those gaps" and will keep the current app available during the preview, which will hopefully prevent a Sonos-like debacle.

A big change for the new app is redesigned navigation that more clearly delineates between media you might have on your Plex server and the company's streaming and on-demand offerings. The bottom bar has dedicated tabs for your media libraries, live TV, and on-demand movies and shows. The Watchlist, which lets you make a list of things you want to watch, has a spot at the top of the app. And artwork is shown more prominently.

Longtime Slashdot reader Zarhan writes: On Sunday and Monday, two undersea cables in Baltic sea were cut. There is talk of a hybrid operation by Russia against Europe, and a Chinese ship has been detained by Danish Navy. However, the interesting part is did the cuts really have any effect, or does the internet actually route around damage? RIPE Atlas tests seem to indicate so. RIPE Atlas probes did not observe any noticeable increase of packet loss and only a minimal and perfectly expected increase of latency as traffic automatically switched itself to other available paths. While 20-30% of paths experienced latency increases, the effects were modest and no packet loss was detected. That said, questions remain about the consequences of further cable disruptions. "We are blind on what would happen if another link would be severed, or worse, if many are severed," reports RIPE Labs.

An anonymous reader shares a report: People are using Spotify playlist and podcast descriptions to distribute spam, malware, pirated software and cheat codes for video games. Cybersecurity researcher Karol Paciorek posted an example of this: A Spotify playlist titled "*Sony Vegas Pro*13 C-r-a-c-k Free Download 2024 m-y-s-o-f-t-w-a-r-e-f-r-e-e.com" acts as a free advertisement for piracy website m-y-s-o-f-t-w-a-r-e-f-r-e-e[dot]com, which hosts malicious software.

"Cybercriminals exploit Spotify for #malware distribution," Paciorek posted on X. "Why? Spotify has a strong reputation and its pages are easily indexed by search engines, making it an effective platform to promote malicious links."

"The playlist title in question has been removed," a spokesperson for Spotify told 404 Media in a statement. "Spotify's Platform Rules prohibit posting, sharing, or providing instructions on implementing malware or related malicious practices that seek to harm or gain unauthorized access to computers, networks, systems, or other technologies."

An anonymous reader quotes a report from 404 Media: Instagram is flooded with hundreds of AI-generated influencers who are stealing videos from real models and adult content creators, giving them AI-generated faces, and monetizing their bodies with links to dating sites, Patreon, OnlyFans competitors, and various AI apps. The practice, first reported by 404 Media in April, has since exploded in popularity, showing that Instagram is unable or unwilling to stop the flood of AI-generated content on its platform and protect the human creators on Instagram who say they are now competing with AI content in a way that is impacting their ability to make a living.

According to our review of more than 1,000 AI-generated Instagram accounts, Discord channels where the people who make this content share tips and discuss strategy, and several guides that explain how to make money by "AI pimping," it is now trivially easy to make these accounts and monetize them using an assortment of off-the-shelf AI tools and apps. Some of these apps are hosted on the Apple App and Google Play Stores. Our investigation shows that what was once a niche problem on the platform has industrialized in scale, and it shows what social media may become in the near future: a space where AI-generated content eclipses that of humans. [...]

Out of more than 1,000 AI-generated Instagram influencer accounts we reviewed, 100 included at least some deepfake content which took existing videos, usually from models and adult entertainment performers, and replaced their face with an AI-generated face to make those videos seem like new, original content consistent with the other AI-generated images and videos shared by the AI-generated influencer. The other 900 accounts shared images that in some cases were trained on real photographs and in some cases made to look like celebrities, but were entirely AI-generated, not edited photographs or videos. Out of those 100 accounts that shared deepfake or face-swapped videos, 60 self-identify as being AI-generated, writing in their bios that they are a "virtual model & influencer" or stating "all photos crafted with AI and apps." The other 40 do not include any disclaimer stating that they are AI-generated. Adult content creators like Elaina St James say they're now directly competing with these AI rip-off accounts that often use stolen content. Since the explosion of AI-generated influencer accounts on Instagram, St James said her "reach went down tremendously," from a typical 1 million to 5 million views a month to not surpassing a million in the last 10 months, and sometimes coming in under 500,000 views. While she said changes to Instagram's algorithm could also be at play, these AI-generated influencer accounts are "probably one of the reasons my views are going down," St James told 404 Media. "It's because I'm competing with something that's unnatural."

Alexios Mantzarlis, the director of the security, trust, and safety initiative at Cornell Tech and formerly principal of trust and safety intelligence at Google, started researching the problem to see where AI-generated content is taking social media and the internet. "It felt like a possible sign of what social media is going to look like in five years," said Mantzarlis. "Because this may be coming to other parts of the internet, not just the attractive-people niche on Instagram. This is probably a sign that it's going to be pretty bad."

Comcast plans to spin off several of its cable TV networks into a standalone company as it shifts focus to streaming and other profitable ventures like Peacock, theme parks, and broadband services. The Associated Press reports: Those one-time stars for Comcast's NBCUniversal cable television networks include USA, Oxygen, E!, SYFY and Golf Channel, as well as CNBC and MSNBC. Movie ticketing platform Fandango and the Rotten Tomatoes movie rating site would also become part of the new company. Peacock will remain with Comcast, as will Bravo, which provides significant content for the Peacock streaming service.

Comcast telegraphed the potential shift last month as it released quarterly earnings before confirming Wednesday that it will spin off assets that generated about $7 billion in revenue over he past 12 months ending September 30. That's about 5.5% of Comcast's total revenue during that period, according to the company. But there is a shrinking pool of cable subscribers as millions cut the cord and rely increasingly on streaming platforms for entertainment.

Mark Lazarus, current chairman of NBCUniversal Media Group, will serve as the new entity's chief executive officer. Anand Kini, the current chief financial officer of NBCUniversal, will take on the same title with the new company as well as the chief operating officer role. [...] Comcast expects the new company to have the financial flexibility to be "a potential partner and acquirer of other complementary media businesses." The spin-off is targeted for completion in about a year, the entertainment giant said, pending financing and approval from its board and government regulators. "Like millions of US consumers, Comcast finally cut the cord by divesting itself of most of its cable TV channels," said Paul Verna, principal analyst at market research company eMarketer. "The benefits are clear to Comcast. It's dropping money-losing assets from a technology and media empire that will retain its lucrative (internet service provider) business, theme parks, broadcast networks, and Peacock streaming service."

The Verge's Richard Lawler reports: Strava recently informed its users and partners that new terms for its API restrict the data that third-party apps can show, refrain from replicating Strava's look, and place a ban on using data "for any model training related to artificial intelligence, machine learning or similar applications." The policy is effective as of November 11th, even though Strava's own post about the change is dated November 15th.

There are plenty of posts on social media complaining about the sudden shift, but one place where dissent won't be tolerated is Strava's own forums. The company says, "...posts requesting or attempting to have Strava revert business decisions will not be permitted." Brian Bell, Strava's VP of Communications and Social Impact, said in a statement: "We anticipate that these changes will affect only a small fraction (less than .1 percent) of the applications on the Strava platform -- the overwhelming majority of existing use cases are still allowed, including coaching platforms focused on providing feedback to users and tools that help users understand their data and performance."

TV Time's parent company criticized Apple's App Store control after the tech giant removed its streaming app over an intellectual property dispute. "Apple holds significant power over app developers by controlling access to a massive market and, in this case, seems to have acted on a complaint without requiring robust evidence from the complainant," Jerry Inman, CMO of Whip Media, which operates the app, told TechCrunch.

The app was pulled from the store by Apple after the developer refused to pay a settlement fee related to user-uploaded cover art. The app has since been reinstated.

One of India's largest news agencies, Asian News International, has sued OpenAI in a case that could set a precedent for how AI companies use copyrighted news content in the world's most populous nation. From a report: Asian News International filed a 287-page lawsuit in the Delhi High Court on Monday, alleging the AI company illegally used its content to train its AI models and generated false information attributed to the news agency. The case marks the first time an Indian media organization has taken legal action against OpenAI over copyright claims.

Coca-Cola's latest AI-generated Christmas advertisement has sparked criticism from creative professionals who say the promotional video lacks authenticity and artistic merit.

The video, which depicts Coca-Cola trucks in snowy landscapes and people drinking the beverage, reimagines the company's 1995 "Holidays Are Coming" campaign using AI. Three AI studios - Secret Level, Silverside AI and Wild Card - produced different versions using four generative AI models, according to Forbes.

Critics, including "Gravity Falls" creator Alex Hirsch, have condemned the company's decision to use AI instead of human artists. The controversial video has garnered over 56 million views on social media platform X. Coca-Cola defended the campaign, stating it combines "human storytellers and the power of generative AI."

HarperCollins has partnered with an AI technology company to allow limited use of select nonfiction backlist titles for training AI models, offering authors the choice to opt in for a $2,500 non-negotiable fee. 404 Media reports: On Friday, author Daniel Kibblesmith, who wrote the children's book Santa's Husband and published it with HarperCollins, posted screenshots on Bluesky of an email he received, seemingly from his agent, informing him that the agency was approached by the publisher about the AI deal. "Let me know what you think, positive or negative, and we can handle the rest of this for you," the screenshotted text in an email to Kibblesmith says. The screenshots show the agent telling Kibblesmith that HarperCollins was offering $2,500 (non-negotiable).

"You are receiving this memo because we have been informed by HarperCollins that they would like permission to include your book in an overall deal that they are making with a large tech company to use a broad swath of nonfiction books for the purpose of providing content for the training of an Al language learning model," the screenshots say. "You are likely aware, as we all are, that there are controversies surrounding the use of copyrighted material in the training of Al models. Much of the controversy comes from the fact that many companies seem to be doing so without acknowledging or compensating the original creators. And of course there is concern that these Al models may one day make us all obsolete." Kibblesmith called the deal "abominable."

"It seems like they think they're cooked, and they're chasing short money while they can. I disagree," Kibblesmith told the AV Club. "The fear of robots replacing authors is a false binary. I see it as the beginning of two diverging markets, readers who want to connect with other humans across time and space, or readers who are satisfied with a customized on-demand content pellet fed to them by the big computer so they never have to be challenged again."

The Belgian region of Flanders is rolling out personal data "pods" to 7 million citizens in a trial of World Wide Web inventor Tim Berners-Lee's vision for user-controlled data privacy.

Five Belgian hospitals have begun storing patient visit information in the data pods, developed by Berners-Lee's startup Inrupt over the past five years. The system aims to help compliance with European privacy regulations by giving citizens control over their personal information, from medical records to social media posts.

The initiative counters the current internet landscape dominated by major technology companies like Google and Meta, which store user data across their servers. Berners-Lee, who created the World Wide Web at CERN in 1989, advocates for returning data control to users through decentralized systems rather than leaving it vulnerable to harvesting by tech platforms and governments.

Donald Trump has named FCC Commissioner Brendan Carr to chair the U.S. communications regulator when he takes office in January 2025, citing Carr's stance against what Trump called "regulatory lawfare." Carr, a lawyer and longtime Republican who has served at the FCC under both Trump and Biden administrations, has emerged as a vocal critic of major social media companies' content moderation practices.

"Humbled and honored" by the appointment, Carr pledged on X to "dismantle the censorship cartel." As the FCC's senior Republican commissioner, Carr has advocated for stricter oversight of technology companies, pushing for transparency rules on platforms like Google and Facebook, expanded rural broadband access, and tougher restrictions on Chinese-owned TikTok. Trump praised Carr as a "warrior for free speech" while announcing the appointment. During his campaign, Trump has said he would seek to revoke licenses of television networks he views as biased.