AI

'Yes, I am a Human': Bot Detection Is No Longer Working 91

The rise of AI has rendered traditional CAPTCHA tests increasingly ineffective, as bots can now "[solve] these puzzles in milliseconds using artificial intelligence (AI)," reports The Conversation. "How ironic. The tools designed to prove we're human are now obstructing us more than the machines they're supposed to be keeping at bay." The report warns that the imminent arrival of AI agents -- software programs designed to autonomously interact with websites on our behalf -- will further complicate matters. From the report: Developers are continually coming up with new ways to verify humans. Some systems, like Google's ReCaptcha v3 (introduced in 2018), don't ask you to solve puzzles anymore. Instead, they watch how you interact with a website. Do you move your cursor naturally? Do you type like a person? Humans have subtle, imperfect behaviors that bots still struggle to mimic. Not everyone likes ReCaptcha v3 because it raises privacy issues -- plus the web company needs to assess user scores to determine who is a bot, and the bots can beat the system anyway. There are alternatives that use similar logic, such as "slider" puzzles that ask users to move jigsaw pieces around, but these too can be overcome.

Some websites are now turning to biometrics to verify humans, such as fingerprint scans or voice recognition, while face ID is also a possibility. Biometrics are harder for bots to fake, but they come with their own problems -- privacy concerns, expensive tech and limited access for some users, say because they can't afford the relevant smartphone or can't speak because of a disability. The imminent arrival of AI agents will add another layer of complexity. It will mean we increasingly want bots to visit sites and do things on our behalf, so web companies will need to start distinguishing between "good" bots and "bad" bots. This area still needs a lot more consideration, but digital authentication certificates are proposed as one possible solution.

In sum, Captcha is no longer the simple, reliable tool it once was. AI has forced us to rethink how we verify people online, and it's only going to get more challenging as these systems get smarter. Whatever becomes the next technological standard, it's going to have to be easy to use for humans, but one step ahead of the bad actors. So the next time you find yourself clicking on blurry traffic lights and getting infuriated, remember you're part of a bigger fight. The future of proving humanity is still being written, and the bots won't be giving up any time soon.
EU

EU Wants Apple To Open AirDrop and AirPlay To Android (9to5google.com) 47

The EU is pushing Apple to make iOS more interoperable with other platforms, requiring features like AirDrop and AirPlay to work seamlessly with Android and third-party devices, while also enabling background app functionality and cross-platform notifications. 9to5Google reports: A new document released (PDF) by the European Commission this week reveals a number of ways the EU wants Apple to change iOS and its features to be more interoperable with other platforms. There are some changes to iOS itself, such as opening up notifications to work on third-party smartwatches as they do with the Apple Watch. Similarly, the EU wants Apple to let iOS apps work in the background as Apple's first-party apps do, as this is a struggle of some apps, especially companion apps for accessories such as smartwatches (other than the Apple Watch, of course). But there are also some iOS features that the EU directly wants Apple to open up to other platforms, including Android. [...]

As our sister site 9to5Mac points out, Apple has responded (PDF) to this EU document, prominently criticizing the EU for putting out a mandate that "could expose your private information." Apple's document primarily focuses in on Meta, which the company says has made "more interoperability requests" than anyone else. Apple says that opening AirPlay to Meta would "[create] a new class of privacy and security issues, while giving them data about users homes." The EU is taking consultation on this case until January 9, 2025, and if Apple doesn't comply when the order is eventually put into effect, it could result in heavy fines.

Security

Hackers Can Jailbreak Digital License Plates To Make Others Pay Their Tolls, Tickets (wired.com) 72

Longtime Slashdot reader sinij shares a report from Wired with the caption: "This story will be an on-going payday for traffic ticket lawyers. I am ordering one now." From the report: Digital license plates, already legal to buy in a growing number of states and to drive with nationwide, offer a few perks over their sheet metal predecessors. You can change their display on the fly to frame your plate number with novelty messages, for instance, or to flag that your car has been stolen. Now one security researcher has shown how they can also be hacked to enable a less benign feature: changing a car's license plate number at will to avoid traffic tickets and tolls -- or even pin them on someone else.

Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to "jailbreak" digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he's able to rewrite a Reviver plate's firmware in a matter of minutes. Then, with that custom firmware installed, the jailbroken license plate can receive commands via Bluetooth from a smartphone app to instantly change its display to show any characters or image. That susceptibility to jailbreaking, Rodriguez points out, could let drivers with the license plates evade any system that depends on license plate numbers for enforcement or surveillance, from tolls to speeding and parking tickets to automatic license plate readers that police use to track criminal suspects. "You can put whatever you want on the screen, which users are not supposed to be able to do," says Rodriguez. "Imagine you are going through a speed camera or if you are a criminal and you don't want to get caught."

Worse still, Rodriguez points out that a jailbroken license plate can be changed not just to an arbitrary number but also to the number of another vehicle -- whose driver would then receive the malicious user's tickets and toll bills. "If you can change the license plate number whenever you want, you can cause some real problems," Rodriguez says. All traffic-related mischief aside, Rodriguez also notes that jailbreaking the plates could also allow drivers to use the plates' features without paying Reviver's $29.99 monthly subscription fee. Because the vulnerability that allowed him to rewrite the plates' firmware exists at the hardware level -- in Reviver's chips themselves -- Rodriguez says there's no way for Reviver to patch the issue with a mere software update. Instead, it would have to replace those chips in each display. That means the company's license plates are very likely to remain vulnerable despite Rodriguez's warning -- a fact, Rodriguez says, that transport policymakers and law enforcement should be aware of as digital license plates roll out across the country. "It's a big problem because now you have thousands of licensed plates with this issue, and you would need to change the hardware to fix it," he says.

Government

Spain Introduces Bill To Combat Online Fake News (theguardian.com) 97

Spain's leftwing government has introduced a bill requiring digital platforms and social media influencers with large followings to publish corrections to false or harmful information. The law intends to "[make] life more difficult for those who dedicate themselves to lies and spreading fake news every day," said justice minister Felix Bolanos. The Guardian reports: The draft law replaces legislation from 1984 and targets internet users who have more than 100,000 followers on a single platform or 200,000 across several, the justice ministry said in a statement. These outlets and the platforms that host them must have a mechanism to facilitate citizens' right to ask that false or inaccurate information that harms them be corrected publicly, the ministry said. The correction request will no longer have to be addressed to the outlet's director because confirming their identity is difficult for many "pseudo media," justice minister Felix Bolanos told a press conference.
EU

EU Signs $1 Billion Deal For Sovereign Satellite Constellation To Rival Starlink (techcrunch.com) 109

An anonymous reader quotes a report from TechCrunch: The European Union is forging ahead with plans for a constellation of internet satellites to rival Elon Musk-owned Starlink, after signing a $11.1 billion deal to launch nearly 300 satellites into low- and medium-Earth orbits by 2030. The bloc wants the space tech to boost its digital sovereignty by providing secure comms to governments.

First announced in 2022, Iris^2 (Infrastructure for Resilience, Interconnectivity and Security by Satellite) is a public-private partnership whose initial cost estimate (6 billion euros) leapt 76% through a fraught negotiation process. In the end, the program will be 61% funded from the public purse; an industry consortium called SpaceRise, selected in October, is making up the difference. This grouping includes French satellite giant Eutelsat, which merged with European rival OneWeb back in 2022.

Books

Bill Gates Recommends Four Books That 'Make Sense of the World' (gatesnotes.com) 130

This month Bill Gates recommended four books about making sense of the world, including The Coming Wave, by Mustafa Suleyman. Gates calls it "the book I recommend more than any other on AI — to heads of state, business leaders, and anyone else who asks — because it offers something rare: a clear-eyed view of both the extraordinary opportunities and genuine risks ahead." After helping build DeepMind from a small startup into one of the most important AI companies of the past decade, [Suleyman] went on to found Inflection AI and now leads Microsoft's AI division. But what makes this book special isn't just Mustafa's firsthand experience — it's his deep understanding of scientific history and how technological revolutions unfold. He's a serious intellectual who can draw meaningful parallels across centuries of scientific advancement. Most of the coverage of The Coming Wave has focused on what it has to say about artificial intelligence — which makes sense, given that it's one of the most important books on AI ever written. And there is probably no one as qualified as Mustafa to write it...

But what sets his book apart from others is Mustafa's insight that AI is only one part of an unprecedented convergence of scientific breakthroughs. Gene editing, DNA synthesis, and other advances in biotechnology are racing forward in parallel. As the title suggests, these changes are building like a wave far out at sea — invisible to many but gathering force. Each would be game-changing on its own; together, they're poised to reshape every aspect of society... [P]rogress is already accelerating as costs plummet and computing power grows. Then there are the incentives for profit and power that are driving development. Countries compete with countries, companies compete with companies, and individuals compete for glory and leadership. These forces make technological advancement essentially unstoppable — and they also make it harder to control...

How do we limit the dangers of these technologies while harnessing their benefits? This is the question at the heart of The Coming Wave, because containment is foundational to everything else. Without it, the risks of AI and biotechnology become even more acute. By solving for it first, we create the stability and trust needed to tackle everything else... [Suleyman] lays out an agenda that's appropriately ambitious for the scale of the challenge — ranging from technical solutions (like building an emergency off switch for AI systems) to sweeping institutional changes, including new global treaties, modernized regulatory frameworks, and historic cooperation among governments, companies, and scientists...

In an accompanying Christmas-themed video, Gates adds that "Of all the books on AI, that's the one I recommend the most."

Gates also recommends The Anxious Generation by Jonathan Haidt, saying it "made me reflect on how much of my younger years — which were often spent running around outside without parental supervision, sometimes getting into trouble — helped shape who I am today. Haidt explains how the shift from play-based childhoods to phone-based childhoods is transforming how kids develop and process emotions." (In the video Gates describes it as "kind of a scary book, but very convincing. [Haidt] writes about the rise of mental illness, and anxiety in children. He, unlike some books, actually has some prescriptions, like kids not using phones until much later, parenting style differences. I think it's a super-important book.")

Gates goes into the book's thesis in a longer blog post: that "we're actually facing two distinct crises: digital under-parenting (giving kids unlimited and unsupervised access to devices and social media) and real-world over-parenting (protecting kids from every possible harm in the real world). The result is young people who are suffering from addiction-like behaviors — and suffering, period — while struggling to handle challenges and setbacks that are part of everyday life." [Haidt] makes a strong case for better age verification on social media platforms and delaying smartphone access until kids are older. Literally and figuratively, he argues, we also need to rebuild the infrastructure of childhood itself — from creating more engaging playgrounds that encourage reasonable risk-taking, to establishing phone-free zones in schools, to helping young people rediscover the joy of in-person interaction.
Gates also recommends Engineering in Plain Sight, by Grady Hillhouse, a book which he says "encourages curiosity." ("Hillhouse takes all of the mysterious structures we see every day, from cable boxes to transformers to cell phone towers, and explains what they are and how they work. It's the kind of read that will reward your curiosity and answer questions you didn't even know you had.")

And finally, Gates recommends an autobiography by 81-year-old Pulitzer Prize-winning historian/biographer/former sports journalist Doris Kearns Goodwin, who assesses the impact of President Lyndon Johnson's policies in a surprising "personal history of the 1960s."
AI

Protecting 'Funko' Brand, AI-Powered 'BrandShield' Knocks Itch.io Offline After Questionable Registrar Communications (polygon.com) 48

Launched in 2013, itch.io lets users host and sell indie video games online — now offering more than 200,000 — as well as other digital content like music and comics. But then someone uploaded a page based on a major videogame title, according to Game Rant. And somehow this provoked a series of overreactions and missteps that eventually knocked all of itch.io offline for several hours...

The page was about the first release from game developer 10:10 — their game Funko Fusion, which features characters in the style of Funko's long-running pop-culture bobbleheads. As a major brand, Funko monitors the web with a "brand protection" partner (named BrandShield). Interestingly, BrandShield's SaaS product "leverages AI-driven online brand protection," according to their site, to "detect and remove" things like brand impersonations "with over 98% success. Our advanced takedown capabilities save you time..." (Although BrandShield's CEO told the Verge that following AI reports "our team of Cybersecurity Threat hunters and IP lawyers decide on what actions should be taken.") This means that after automatically spotting the itch.io page with its web-crawling software, it was BrandShield's "team of Cybersecurity Threat hunters and IP lawyers" who decided to take action (for that specific page). But itch.io founder Leaf Corcoran commented on social media: From what I can tell, some person made a fan page for an existing Funko Pop video game (Funko Fusion), with links to the official site and screenshots of the game. The BrandShield software is probably instructed to eradicate all "unauthorized" use of their trademark, so they sent reports independently to our host and registrar claiming there was "fraud and phishing" going on, likely to cause escalation instead of doing the expected DMCA/cease-and-desist. Because of this, I honestly think they're the malicious actor in all of this.
Corcoran says he replied to both his registrar (iwantmyname) and to his site's host, telling them he'd removed the offending page (and disabled its uploader's account). This satisfied his host, Corcoran writes — but the registrar's owner later told him they'd never received his reply.

"And that's why they took the domain down."

In an interview with Polygon, Corcoran points out that the web page in question had already been dealt with five days before his registrar offlined his entire site. "No communication after that.... No 'We haven't heard from you, we're about to shut your domain down' or anything like that."

Defending themselves over the incident, BrandShield posted on X.com that they'd identified an "infringement" (also calling it an "abuse"), and that they'd requested "a takedown of the URL in question — not of the entire itch.io domain." They don't say this, but it seems like their concern might've been that the page looked official enough to impersonate Funko Fusion. But X.com readers added this context. "Entire domains do not go down on the basis of a copyright takedown request of an individual URL. This is the direct result of a fraudulent claim of malicious activity."

And Corcoran also posted an angry summation on X.com: I kid you not, @itchio has been taken down by @OriginalFunko because they use some trash "AI Powered" Brand Protection Software called @BrandShieldltd that created some bogus Phishing report to our registrar, @iwantmyname, who ignored our response and just disabled the domain.
The next day Funko's official account on X.com also issued their own statement that they "hold a deep respect and appreciation for indie games, indie gamers, and indie developers." (Though "Added Context" from X.com readers notes Funko's statement still claimed a "takedown request" was issued, rather than what Corcoran says was a false "fraud and phishing" report.)

Funko.com also posted that they'd "reached out" to itch.io "to engage with them on this issue." But this just led to another angry post from Corcoran. "This is not a joke, Funko just called my mom." Cocoran then posted what looks like a screenshot of a text message his mother sent him. Though she doesn't say which company was involved, his mother's text says she "Got a strange call from a company about accusatory statements on your social media account. Call me..."

Thanks to ewhac (Slashdot reader #5,844) for sharing the news.
Cellphones

A Fake Uber Driver Borrowed Phones, Then Stole $200K in Cryptocurrency, Police Say (gizmodo.com) 48

"A man is accused of several felony charges after he allegedly posed as an Uber driver and then stole hundreds of thousands of dollars in cryptocurrency from customers in Scottsdale," reports Arizona news channel Fox 10.

"Prosecutors have called it an 'extremely sophisticated electronic fraud,'" reports Gizmodo, " and it's a strange approach to scamming that makes it sound unique in several ways." Nuruhussein Hussein, 40, allegedly picked up two unsuspecting people who were looking for Uber rides they'd ordered in Scottsdale — one in March and the other in October according to Fox 10 — by shouting their names on the street outside a hotel. It's not clear how Hussein may have known these people were looking for rides and court documents give no indication how he accomplished this or knew the victims would have crypto accounts, according to Fox 10, though a hotel does make sense as a target-rich environment for those looking to get picked up.

Once the victims were in the car, Hussein allegedly obtained the phones of the victims through some kind of pretense, including problems with his own phone and the need to look something up as well as a need to connect with the Uber app, according to NBC News. Hussein would then allegedly open up the victim's Coinbase account. "While manipulating the unsuspecting victim's phone the suspect transferred cryptocurrency from their digital wallet to his digital wallet," police reportedly explained in a statement.

Displays

Donald Bitzer, a Pioneer of Cyberspace and Plasma Screens, Dies At 90 (msn.com) 18

The Washington Post reports: Years before the internet was created and the first smartphones buzzed to life, an educational platform called PLATO offered a glimpse of the digital world to come. Launched in 1960 at the University of Illinois at Urbana-Champaign [UIUC], it was the first generalized, computer-based instructional system, and grew into a home for early message boards, emails, chatrooms, instant messaging and multiplayer video games.

The platform's developer, Donald Bitzer, was a handball-playing, magic-loving electrical engineer who opened his computer lab to practically everyone, welcoming contributions from Illinois undergrads as well as teenagers who were still in high school. Dr. Bitzer, who died Dec. 10 at age 90, spent more than two decades working on PLATO, managing its growth and development while also pioneering digital technologies that included the plasma display panel, a forerunner of the ultrathin screens used on today's TVs and tablets. "All of the features you see kids using now, like discussion boards or forums and blogs, started with PLATO," he said during a 2014 return to Illinois, his alma mater. "All of the social networking we take for granted actually started as an educational tool."

Long-time Slashdot reader theodp found another remembrance online. "Ray Ozzie, whose LinkedIn profile dedicates more space to describing his work as a PLATO developer as a UIUC undergrad than it does to his later successes as a creator of Lotus Notes and as Microsoft's Chief Software Architect, offers his own heartfelt mini-obit." Ozzie writes: It's difficult to adequately convey how much impact he had on so many, and I implore you to take a few minutes to honor him by reading a bit about him and his contributions. Links below. As an insecure young CS student at UIUC in 1974, Paul Tenczar, working for/with Don, graciously gave me a chance as a jr. systems programmer on the mind-bogglingly forward thinking system known as PLATO. A global, interactive system for learning, collaboration, and community like no other at the time. We were young and in awe of how Don led, inspired, and managed to keep the project alive. I was introverted; shaking; stage fright. Yeah I could code. But how could such a deeply technical engineer assemble such a strong team to execute on such a totally novel and inspirational vision, secure government funding, and yet also demo the product on the Phil Donahue show?

"Here's to the crazy ones. The misfits. The rebels. The troublemakers. The ones who see things differently. They're not fond of rules." You touched so many of us and shaped who we became and the risks we would take, having an impact well beyond that which you created. You made us think and you made us laugh. I hope we made you proud."

Social Networks

Tech Platforms Diverge on Erasing Criminal Suspects' Digital Footprints (nytimes.com) 99

Social media giants confronted a familiar dilemma over user content moderation after murder suspect Luigi Mangione's arrest in the killing of UnitedHealthcare's CEO on Monday, highlighting the platforms' varied approaches to managing digital footprints of criminal suspects.

Meta quickly removed Mangione's Facebook and Instagram accounts under its "dangerous organizations and individuals" policy, while his account on X underwent a brief suspension before being reinstated with a premium subscription. LinkedIn maintained his profile, stating it did not violate platform policies. His Reddit account was suspended in line with the platform's policy on high-profile criminal suspects, while his Goodreads profile fluctuated between public and private status.

The New York Times adds: When someone goes from having a private life to getting public attention, online accounts they intended for a small circle of friends or acquaintances are scrutinized by curious strangers -- and journalists.

In some cases, these newly public figures or their loved ones can shut down the accounts or make them private. Others, like Mr. Mangione, who has been charged with murder, are cut off from their devices, leaving their digital lives open for the public's consumption. Either way, tech companies have discretion in what happens to the account and its content. Section 230 of the Communications Decency Act protects companies from legal liability for posts made by users.

The Internet

Russia Tests Cutting Off Access To Global Web, and VPNs Can't Get Around It (pcmag.com) 123

An anonymous reader shares a report: Russia has reportedly cut some regions of the country off from the rest of the world's internet for a day, effectively siloing them, according to reports from European and Russian news outlets reshared by the US nonprofit Institute for the Study of War (ISW) and Western news outlets.

Russia's communications authority, Roskomnadzor, blocked residents in Dagestan, Chechnya, and Ingushetia, which have majority-Muslim populations, ISW says. The three regions are in southwest Russia near its borders with Georgia and Azerbaijan. People in those areas couldn't access Google, YouTube, Telegram, WhatsApp, or other foreign websites or apps -- even if they used VPNs, according to a local Russian news site.

Russian digital rights NGO Roskomsvoboda told TechRadar that most VPNs didn't work during the shutdown, but some apparently did. It's unclear which ones or how many actually worked, though. Russia has been increasingly blocking VPNs more broadly, and Apple has helped the country's censorship efforts by taking down VPN apps on its Russian App Store. At least 197 VPNs are currently blocked in Russia, according to Russian news agency Interfax.

Science

New Magnetic Flow Has Potential To Revolutionise Electronic Devices (ft.com) 40

An international research team has for the first time imaged and controlled a type of magnetic flow called altermagnetism, which physicists say could be used to develop faster and more reliable electronic devices. Financial Times: A groundbreaking experiment at a powerful X-ray microscope in Sweden provides direct proof of the existence of altermagnetism, according to a paper published in Nature on Wednesday. Altermagnetic materials can sustain magnetic activity without themselves being magnetic.

The team from the UK's Nottingham university that led the research said the discovery has revolutionary potential for the electronics industry. "Altermagnets have the potential to lead to a thousand-fold increase in the speed of microelectronic components and digital memory, while being more robust and energy-efficient," said senior author Peter Wadley, Royal Society research fellow at Nottingham.

Hard disks and other components underpinning the modern computers industry process data in ferromagnetic materials, whose intrinsic magnetism limits their speed and packing density. Using altermagnetic materials will allow current to flow in non-magnetic products.

Open Source

Slashdot's Interview with Bruce Perens: How He Hopes to Help 'Post Open' Developers Get Paid (slashdot.org) 61

Bruce Perens, original co-founder of the Open Source Initiative, has responded to questions from Slashdot readers about a new alternative he's developing that hopefully helps "Post Open" developers get paid.

But first, "One of the things that's clear from the Slashdot patter is that people are not aware of what I've been doing, in general," Perens says. "So, let's start by filling that in..."

Read on for the rest of his wide-ranging answers....
China

America's Phone Networks Could Soon Face Financial - and Criminal - Penalties for Insecure Networks (msn.com) 55

The head of America's FCC "has drafted plans to regulate the cybersecurity of telecommunications companies," reports the Washington Post, and the plans could include financial penalties phone network operators with insufficient security — "the first time the agency has asserted such powers under federal wiretapping law." Rosenworcel said the FCC's authority in this matter comes from Section 105 of the Communications Assistance for Law Enforcement Act [passed in 1994] — a single sentence that stipulates, without elaboration, that telecommunications carriers should ensure systems security "in accordance with regulations prescribed by the Commission." As one of the measures, she is seeking to require network providers to submit an annual certification to the FCC that they are implementing a cybersecurity risk management plan. In addition to imposing fines, the FCC could coordinate with other agencies to pursue criminal penalties against carriers deemed too careless on cybersecurity...

Biden administration officials said voluntary efforts to protect against aggressive Chinese hacking activity have fallen short. "We've had for the last decade voluntary public-private partnership efforts," Neuberger told The Post in a recent interview. "But we continue to see successful breaches, and in many cases, as with ransomware attacks, we continue to see pretty basic cybersecurity practices not being followed." With China's hackers becoming more brazen, pre-positioning themselves in U.S. critical networks, "we need to lock our digital doors," Neuberger said...

Cyber requirements can make a difference, she said. After the Colonial Pipeline ransomware attack in 2021 shut down one of the nation's largest energy pipelines for several days, creating a national security scare, the Transportation Security Administration issued several security directives, and today, all of the country's several dozen critical pipeline companies are in compliance, she said. Similar directives were subsequently issued for rail and aviation sectors, and the compliance rates in those industries are now at 68 and 57 percent respectively, she said.

Businesses

Drones, Surveillance, and Facial Recognition: Startup Named 'Sauron' Pitches Military-Style Home Security (msn.com) 124

The Washington Post details a vision of home security "pitched by Sauron, a Silicon Valley start-up boasting a waiting list of tech CEOs and venture capitalists." In the future, your home will feel as safe from intruders as a state-of-the-art military base. Cameras and sensors surveil the perimeter, scanning bystanders' faces for potential threats. Drones from a "deterrence pod" scare off trespassers by projecting a searchlight over any suspicious movements. A virtual view of the home is rendered in 3D and updated in real time, just like a Tesla's digital display. And private security agents monitor alerts from a central hub.... By incorporating technology developed for autonomous vehicles, robotics and border security, Sauron has built a supercharged burglar alarm [argued Sauron co-founder Kevin Hartz, a tech entrepreneur and former partner at Peter Thiel's venture firm Founders Fund]...

For many tech elites, security is both a national priority and a growing concern in their personal lives... After the presidential election last month, the start-up incubator Y Combinator put out a request for "public safety technology" companies, such as those that produce tools that facilitate a neighborhood watch or technology that uses computer vision to identify "suspicious activities or people in distress from video feeds...." Sauron has raised $18 million in funding from executives behind Flock Safety and Palantir, the data analytics firm, [and] defense tech investors such as 8VC, a venture firm started by Palantir co-founder Joe Lonsdale... Sauron is targeting homeowners at the high end of the real estate market, beginning with a private event at Abraham's home on Thursday, during Art Basel Miami Beach, the annual art exhibition that attracts collectors from around the world. The company plans to launch in San Francisco early next year, before expanding to Los Angeles and Miami...

Big Tech companies haven't deployed tools such as facial recognition as aggressively as Hartz would like. "If somebody comes onto my property, I feel like I should know who that is," Hartz said... In recent years massive investments have driven down the cost of drones, high-resolution cameras and lidar sensors, which use light detection to create 3D maps. Sauron uses lower-cost hardware and tools like facial recognition, combined with custom-built software adapted for residential use. For facial recognition, it will use a third-party service called Paravision... Sauron is still figuring out how to incorporate drones, but it is already imagining more aggressive countermeasures, Hartz said. "Is it a machine that could take out a bad actor with a bullet or something?"

Mozilla

What Do You Think of Mozilla's New Branding? (itsfoss.com) 101

As a "global crew of activists, technologists and builders," Mozilla open-sourced Firefox more than 25 years ago, notes a new blog post — and their president says Mozilla's mission is the same today: "build and support technology in the public interest, and spark more innovation, more competition and more choice online along the way."

But "Even though we've been at the forefront of privacy and open source, people weren't getting the full picture of what we do. We were missing opportunities to connect with both new and existing users." So this week the company announced a branding refresh, "making sure people know Mozilla for its broader impact, as well as Firefox."

The open-source blog It's FOSS writes: Meant to symbolize their activist spirit, the new brand identity of Mozilla involves a custom semi-slab typeface that spells Mozilla, followed by a flag that was taken from the M of their name. Mozilla points out that this is not just a rebranding, but something that will lay the foundation for the next 25 years, helping them promote the ideals of privacy and open source.
Mozilla teamed up with the design agency used by major brands like Uber and Burger King, for a strategy they say will "embody our role as a leader in digital rights and innovation, putting people over profits through privacy-preserving products, open-source developer tools, and community-building efforts..." We back people and projects that move technology, the internet and AI in the right direction. In a time of privacy breaches, AI challenges and misinformation, this transformation is all about rallying people to take back control of their time, individual expression, privacy, community and sense of wonder... [T]he new brand empowers people to speak up, come together and build a happier, healthier internet — one where we can all shape how our lives, online and off, unfold...

- The flag symbol highlights our activist spirit, signifying a commitment to 'Reclaim the Internet.' A symbol of belief, peace, unity, pride, celebration and team spirit — built from the 'M' for Mozilla and a pixel that is conveniently displaced to reveal a wink to its iconic Tyrannosaurus rex symbol designed by Shepard Fairey. The flag can transform into a more literal interpretation as its new mascot in ASCII art style, and serve as a rallying cry for our cause...

- The custom typefaces are bespoke and an evolution of its Mozilla slab serif today. It stands out in a sea of tech sans. The new interpretation is more innovative and built for its tech platforms. The sans brings character to something that was once hard working but generic. These fonts are interchangeable and allow for a greater degree of expression across its brand experience, connecting everything together.

The blog post at It's FOSS ends with a "trip down memory lane" — showing Mozilla's two previous logos. "I will be honest, I liked the Dino better," they write "the 2024 logo is a nice mix of a custom typeface and a flag, which looks really neat in my opinion."
Microsoft

Thanks to Microsoft Collaboration, iFixit Now Sells Genuine Xbox Repair Parts (theverge.com) 20

"We're excited to be working with Microsoft to keep Xboxes running longer and out of the waste heap," iFixit's director of sustainability told The Verge. iFixit now sells genuine Xbox parts you can use to repair your Xbox Series X or S and offers official guides to help with fixes [including both the all-digital and disk drive editions]...

iFixit's Microsoft Repair Hub also features iFixit's parts for repairing Microsoft Surface devices, which it started selling in 2023. "Since we launched our Surface parts collaboration with Microsoft last year, we've been helping our customers repair their own Microsoft laptops and tablets — and it's awesome to be able to offer Xbox owners the same opportunity," says Elizabeth Chamberlain, iFixit's director of sustainability.

The article points out that iFixit also sells "nearly every part of the Steam Deck" and "a bunch of repair guides for Valve's handheld PC, too," along with genuine repair parts for Google's Pixel phones and the Pixel Tablet.

"With Microsoft, we've created a one-stop place for guides, tools, and spare parts to make self-service repair accessible to anyone," says iFixit's new web page. "Imagine how different the world would be if repairing every device could be this easy."
The Military

NATO Considers Watching Undersea Internet Cables with a Fleet of Unmanned Boats (defensenews.com) 93

An anonymous reader shared this report from Defense News: Following a pattern of undersea cable damage across European waters in the last year, with the most recent disruptions happening just weeks ago, top NATO officials have begun envisioning a capability that would allow the alliance to have permanent eyes above and under the waterline. In an interview with Defense News, Admiral Pierre Vandier, the alliance's Norfolk, Virginia-based commander for concepts and transformation, likened the idea to police CCTV cameras installed on street lights in urban trouble spots for recording evidence of crimes. "The technology is there to make this street-lighting with USVs," he said, using the military's shorthand for unmanned surface vessel. Vandier said his team is in the early stages of developing an unmanned surface vessel fleet so that "NATO can see and monitor daily its environment."

The first step would be to achieve this at a surface level, and then later under water... According to Vandier, the goal is to launch the drone surveillance fleet before the next NATO Summit, which will be held in the Netherlands next June.

The article notes the U.S. Navy's Task Force 59 (launched in 2021) is already "dedicated to integrating unmanned systems and AI in the U.S. Navy's 5th Fleet area of operations." This prompted Admiral Vandier to say the technology for an unmanned cable-watching fleet "already exists... everything is known and sold, so it is much more a matter of adoption than technology."
The Almighty Buck

Backdoor in Compromised Solana Code Library Drains $184,000 from Digital Wallets (bleepingcomputer.com) 22

The Solana JavaScript SDK "was temporarily compromised yesterday in a supply chain attack," reports BleepingComputer, "with the library backdoored with malicious code to steal cryptocurrency private keys and drain wallets." Solana offers an SDK called "@solana/web3.js" used by decentralized applications (dApps) to connect and interact with the Solana blockchain. Supply chain security firm Socket reports that Solana's Web3.js library was hijacked to push out two malicious versions to steal private and secret cryptography keys to secure wallets and sign transactions... Solana confirmed the breach, stating that one of their publish-access accounts was compromised, allowing the attackers to publish two malicious versions of the library... Solana is warning developers who suspect they were compromised to immediately upgrade to the latest v1.95.8 release and to rotate any keys, including multisigs, program authorities, and server keypairs...

Once the threat actors gain access to these keys, they can load them into their own wallets and remotely drain all stored cryptocurrency and NFTs... Socket says the attack has been traced to the FnvLGtucz4E1ppJHRTev6Qv4X7g8Pw6WPStHCcbAKbfx Solana address, which currently contains 674.86 Solana and varying amounts of the Irish Pepe , Star Atlas, Jupiter, USD Coin, Santa Hat, Pepe on Fire, Bonk, catwifhat, and Genopets Ki tokens. Solscan shows that the estimated value of the stolen cryptocurrency is $184,000 at the time of this writing.

For anyone whose wallets were compromised in this supply chain attack, you should immediately transfer any remaining funds to a new wallet and discontinue the use of the old one as the private keys are now compromised.

Ars Technica adds that "In social media posts, one person claimed to have lost $20,000 in the hack."

The compromised library "receives more than ~350,000 weekly downloads on npm," Socket posted. (Although Solana's statement says the compromised versions "were caught within hours and have since been unpublished."
The Internet

Is Europe Better Prepared to Protect Undersea Internet Cables? (carnegieendowment.org) 64

The Carnegie Endowment for Peace, a nonpartisan international affairs think tank, points out that when subsea internet cables were cut in November, Europe was more prepared: Where in the past there were no contingency plans for sabotage, there are now more maritime patrols, an attempt to forge deeper intelligence connections, and the beginnings of a new relationship with the private sector...

Even before the October 2023 incident, NATO, the EU, and certain European governments began to increase their efforts to boost subsea cable resilience and security. In February 2023, NATO stood up a new Critical Undersea Infrastructure Coordination Cell in Brussels to convene stakeholders and enhance coordination between the public and private sectors. In July 2023, NATO allies at the Vilnius Summit established a Maritime Center for the Security of Critical Undersea Infrastructure as part of the alliance's Maritime Command in Northwood, UK. In October 2023, after the first incident, NATO defense ministers endorsed a new Digital Ocean Vision, an initiative aimed at improving undersea surveillance. And in February 2024, the European Commission released its first "Recommendation on Secure and Resilient Submarine Cable Infrastructures," encouraging member states to conduct regular stress tests, improve information sharing amongst themselves, and improve cable maintenance and repair capabilities.

The article points out that the Chinese ship suspected in the 2023 cable cutting "ignored requests from Finnish and Estonian authorities to halt" and returned to China. But the Chinese ship suspected in November's cable-cutting "remains in international waters in the Kattegat, with naval and coast guard vessels from Denmark, Germany, and Sweden circling close by." Yet "Under international maritime law, these countries' authorities are not allowed to board..." Current provisions of international law are neither formulated to adequately protect subsea data cables from sabotage nor hold perpetrators accountable. This reality should lead the EU, as a body inherently focused on the resilience of international legal regimes, to push for updates that are better suited for the current geopolitical reality... Lawmakers should also explore ways to increase penalties for subsea cable damage, in part to deter acts of sabotage in the first place....

A forthcoming Carnegie Endowment report will detail more in-depth recommendations on how Europe can both protect itself against future subsea cable damage and help expand trusted networks around the world.

The article also notes that "Of the hundreds of disruptions to cables that occur each year, the vast majority are caused by accidental human activity, like fishing, or natural events, like earthquakes."

Slashdot Top Deals