ISPs have asked the US Supreme Court to strike down a New York law that requires broadband providers to offer $15-per-month service to people with low incomes. From a report: On Monday, a Supreme Court petition challenging the state law was filed by six trade groups representing the cable, telecom, mobile, and satellite industries. Although ISPs were recently able to block the FCC's net neutrality rules, this week's petition shows the firms are worried about states stepping into the regulatory vacuum with various kinds of laws targeting broadband prices and practices. A broadband-industry victory over federal regulation could bolster the authority of New York and other states to regulate broadband. To prevent that, ISPs said the Supreme Court should strike down both the New York law and the FCC's broadband regulation, although the rulings would have to be made in two different cases.

A situation in which the New York law is upheld while federal rules are struck down "will likely lead to more rate regulation absent the Court's intervention," ISPs told the Supreme Court. "Other States are likely to copy New York once the Attorney General begins enforcing the ABA [Affordable Broadband Act] and New York consumers can buy broadband at below-market rates. As petitioners' members have shown, New York's price cap will require them to sell broadband at a loss and deter them from investing in expanding their broadband networks. As rate regulation proliferates, those harms will as well, stifling critical investment in bringing broadband to unserved and underserved areas." The New York law was upheld in April by the US Court of Appeals for the 2nd Circuit, which reversed a 2021 District Court ruling. New York Attorney General Letitia James agreed last week not to enforce the $15 broadband law while the Supreme Court considers whether to take up the case.

TechCrunch's Lauren Forristal reports: The U.S. Federal Trade Commission (FTC) announced on Wednesday a final rule that will tackle several types of fake reviews and prohibit marketers from using deceptive practices, such as AI-generated reviews, censoring honest negative reviews and compensating third parties for positive reviews. The decision was the result of a 5-to-0 vote. The new rule will start being enforced 60 days after it's published in the official government publication called Federal Register. [...]

According to the final rule, the maximum civil penalty for fake reviews is $51,744 per violation. However, the courts could impose lower penalties depending on the specific case. "Ultimately, courts will also decide how to calculate the number of violations in a given case," the Commission wrote. [...] The FTC initially proposed the rule on June 30, 2023, following an advanced notice of proposed rulemaking issued in November 2022. You can read the finalized rule here (PDF), but we also included a summary of it below:

- No fake or disingenuous reviews. This includes AI-generated reviews and reviews from anyone who doesn't have experience with the actual product.
- Businesses can't sell or buy reviews, whether negative or positive.
- Company insiders writing reviews need to clearly disclose their connection to the business. Officers or managers are prohibited from giving testimonials and can't ask employees to solicit reviews from relatives.
- Company-controlled review websites that claim to be independent aren't allowed.
- No using legal threats, physical threats or intimidation to forcefully delete or prevent negative reviews. Businesses also can't misrepresent that the review portion of their website comprises all or most of the reviews when it's suppressing the negative ones.
- No selling or buying fake engagement like social media followers, likes or views obtained through bots or hacked accounts.

An anonymous reader quotes a report from ExtremeTech: The family of a French mariner who died on the imploded Titan submersible last year has sued Titan's maker, OceanGate Expeditions, for more than $50 million. The lawsuit claims OceanGate is responsible for explorers' suffering immediately preceding their deaths, as well as for failing to disclose the extent of the submersible's risks. Among those risks are Titan's cheap materials, including the $30 Logitech gaming controller used aboard the vehicle. [...]

The lawsuit points at Titan's "hip, contemporary, wireless electronics system" and then alleges that none of the controllers or gauges inside Titan would operate without a constant source of power and a wireless signal. One of those controllers was a modified Logitech F710 Gamepad, a $30 to $40 device designed for, well, gaming. The gamepad quickly became the subject of internet mockery following the loss of Titan; some speculators said the submersible must have been doomed to fail if it used such cheap components. The lawsuit even claims the controller's Bluetooth (rather than wired) connectivity set it up for failure. Still, other speculators believe the controller wouldn't have had much impact on the submersible's operational durability. Instead, the issue would have been with the vehicle's carbon fiber pressure cylinder, which Rush allegedly bought off Boeing at a discount after the material passed its "airplane shelf life." Regardless of the exact material, it seems the consensus among members of the public is that for OceanGate, quality was an afterthought.

An anonymous reader quotes a report from Ars Technica: Over the past few days, a software package called Deep-Live-Cam has been going viral on social media because it can take the face of a person extracted from a single photo and apply it to a live webcam video source while following pose, lighting, and expressions performed by the person on the webcam. While the results aren't perfect, the software shows how quickly the tech is developing -- and how the capability to deceive others remotely is getting dramatically easier over time. The Deep-Live-Cam software project has been in the works since late last year, but example videos that show a person imitating Elon Musk and Republican Vice Presidential candidate J.D. Vance (among others) in real time have been making the rounds online. The avalanche of attention briefly made the open source project leap to No. 1 on GitHub's trending repositories list (it's currently at No. 4 as of this writing), where it is available for download for free. [...]

Like many open source GitHub projects, Deep-Live-Cam wraps together several existing software packages under a new interface (and is itself a fork of an earlier project called "roop"). It first detects faces in both the source and target images (such as a frame of live video). It then uses a pre-trained AI model called "inswapper" to perform the actual face swap and another model called GFPGAN to improve the quality of the swapped faces by enhancing details and correcting artifacts that occur during the face-swapping process. The inswapper model, developed by a project called InsightFace, can guess what a person (in a provided photo) might look like using different expressions and from different angles because it was trained on a vast dataset containing millions of facial images of thousands of individuals captured from various angles, under different lighting conditions, and with diverse expressions.

During training, the neural network underlying the inswapper model developed an "understanding" of facial structures and their dynamics under various conditions, including learning the ability to infer the three-dimensional structure of a face from a two-dimensional image. It also became capable of separating identity-specific features, which remain constant across different images of the same person, from pose-specific features that change with angle and expression. This separation allows the model to generate new face images that combine the identity of one face with the pose, expression, and lighting of another.

An anonymous reader quotes a report from The Guardian: When "I can has cheezburger?" became one of the first internet memes to blow our minds, it's unlikely that anyone worried about how much energy it would use up. But research has now found that the vast majority of data stored in the cloud is "dark data", meaning it is used once then never visited again. That means that all the memes and jokes and films that we love to share with friends and family -- from "All your base are belong to us", through Ryan Gosling saying "Hey Girl", to Tim Walz with a piglet -- are out there somewhere, sitting in a datacenter, using up energy. By 2030, the National Grid anticipates that datacenters will account for just under 6% of the UK's total electricity consumption, so tackling junk data is an important part of tackling the climate crisis.

Ian Hodgkinson, a professor of strategy at Loughborough University has been studying the climate impact of dark data and how it can be reduced. "I really started a couple of years ago, it was about trying to understand the negative environmental impact that digital data might have," he said. "And at the top of it might be quite an easy question to answer, but it turns out actually, it's a whole lot more complex. But absolutely, data does have a negative environmental impact." He discovered that 68% of data used by companies is never used again, and estimates that personal data tells the same story. [...] One funny meme isn't going to destroy the planet, of course, but the millions stored, unused, in people's camera rolls does have an impact, he explained: "The one picture isn't going to make a drastic impact. But of course, if you maybe go into your own phone and you look at all the legacy pictures that you have, cumulatively, that creates quite a big impression in terms of energy consumption." Since we're paying to store data in the cloud, cloud operators and tech companies have a financial incentive to keep people from deleting junk data, says Hodgkinson. He recommends people send fewer pointless emails and avoid the "dreaded 'reply all' button."

"One [figure] that often does the rounds is that for every standard email, that equates to about 4g of carbon. If we then think about the amount of what we mainly call 'legacy data' that we hold, so if we think about all the digital photos that we have, for instance, there will be a cumulative impact."

Longtime Slashdot reader schwit1 shares a report from Axios: Locking up merchandise at drugstores and discount retailers hasn't curbed retail theft but is driving frustrated consumers to shop online more, retail experts tell Axios. Retail crime is eating into retailers' profits and high theft rates are also leading to a rise in store closures. Secured cases can cause sales to drop 15% to 25%, Joe Budano, CEO of anti-theft technology company Indyme, previously told Axios. Barricading everything from razors to laundry detergent has largely backfired and broken shopping in America, Bloomberg reports.

Aisles full of locked plexiglass cases are common at many CVS and Walgreens stores where consumers have to wait for an employee to unlock them. Target, Walmart, Dollar General and other retailers have also pulled back on self-checkout to deter shoplifting. "Locking up products worsens the shopping experience, and it makes things inconvenient and difficult," GlobalData retail analyst Neil Saunders said, adding it pushes shoppers to other retailers or to move purchases online.

Driving the news: Manmohan Mahajan, Walgreens global chief financial officer, said in a June earnings call that the retailer was experiencing "higher levels of shrink." Amazon CEO Andy Jassy spoke of the "speed and ease" of ordering online versus walking into pharmacies on a call with investors last week. "It's a pretty tough experience with how much is locked behind cabinets, where you have to press a button to get somebody to come out and open the cabinets for you," Jassy said. schwit1 adds: "The American-style retail shopping experience was invented in a high-trust environment. As trust erodes, so does the experience."

In an effort to beef up protections for consumers against corporations, the Biden administration on Monday announced a handful of policies to crack down on "headaches and hassles that waste Americans' time and money." From a report: Through the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC), the administration will ask companies to make it as easy to cancel subscriptions and memberships as it is to sign up for them, and through the Consumer Financial Protection Bureau, a new rule will require companies to let customers cut through automated customer service "doom loops" by pressing a single button to reach a real person.

"For a lot of services, it takes one or two clicks on your phone to sign up. It should take one or two clicks on your phone to end the service," White House Domestic Policy Advisor Neera Tanden said on a call with reporters to discuss the new policies. Consumers could see the new rule applied to gym memberships or subscriptions with phone and internet companies. The administration will also call on health insurance companies to allow claims to be submitted online, rather than requiring insured customers to print out and mail forms in for coverage.

Mozilla's interim CEO Laura Chambers "says the company is reinvesting in Firefox after letting it languish in recent years," reports Fast Company, "hoping to reestablish the browser as independent alternative to the likes of Google's Chrome and Apple's Safari.

"But some of those investments, which also include forays into generative AI, may further upset the community that's been sticking with Firefox all these years..." Chambers acknowledges that Mozilla lost sight of Firefox in recent years as it chased opportunities outside the browser, such as VPN service and email masking. When she replaced Mitchell Baker as CEO in February, the company scaled back those other efforts and made Firefox a priority again. "Yes, Mozilla is refocusing on Firefox," she says. "Obviously, it's our core product, so it's an important piece of the business for us, but we think it's also really an important part of the internet."

Some of that focus involves adding features that have become table-stakes in other browsers. In June, Mozilla added vertical tab support in Firefox's experimental branch, echoing a feature that Microsoft's Edge browser helped popularize three years ago. It's also working on tab grouping features and an easier way to switch between user profiles. Mozilla is even revisiting the concept of web apps, in which users can install websites as freestanding desktop applications. Mozilla abandoned work on Progressive Web Apps in Firefox a few years ago to the dismay of many power users, but now it's talking with community members about a potential path forward.

"We haven't always prioritized those features as highly as we should have," Chambers says. "That's been a real shift that's been very felt in the community, that the things they're asking for . . . are really being prioritized and brought to life."
Firefox was criticized for testing a more private alternative to tracking cookies which could make summaries of aggregated data available to advertisers. (Though it was only tested on a few sites, "Privacy-Preserving Attribution" was enabled by default.) But EFF staff technologist Lena Cohen tells Fast Company that approach was "much more privacy-preserving" than Google's proposal for a "Privacy Sandbox." And according to the article, "Mozilla's system only measures the success rate of ads — it doesn't help companies target those ads in the first place — and it's less susceptible to abuse due to limits on how much data is stored and which parties are allowed to access it." In June, Mozilla also announced its acquisition of Anonym, a startup led by former Meta executives that has its own privacy-focused ad measurement system. While Mozilla has no plans to integrate Anonym's tech in Firefox, the move led to even more anxiety about the kind of company Mozilla was becoming. The tension around Firefox stems in part from Mozilla's precarious financial position, which is heavily dependent on royalty payments from Google. In 2022, nearly 86% of Mozilla's revenue came from Google, which paid $510 million to be Firefox's default search engine. Its attempts to diversify, through VPN service and other subscriptions, haven't gained much traction.

Chambers says that becoming less dependent on Google is "absolutely a priority," and acknowledges that building an ad-tech business is one way of doing that. Mozilla is hoping that emerging privacy regulations and wider adoption of anti-tracking tools in web browsers will increase demand for services like Anonym and for systems like Firefox's privacy-preserving ad measurements. Other revenue-generating ideas are forthcoming. Chambers says Mozilla plans to launch new products outside of Firefox under a "design sprint" model, aimed at quickly figuring out what works and what doesn't. It's also making forays into generative AI in Firefox, starting with a chatbot sidebar in the browser's experimental branch.
Chambers "says to expect a bigger marketing push for Firefox in the United States soon, echoing a 'Challenge the default' ad campaign that was successful in Germany last summer. Mozilla's nonprofit ownership structure, and the idea that it's not beholden to corporate interests, figures heavily into those plans."

Though "It could take years to resolve," the Washington Post imagines six changes that could ultimately result from the two monopoly rulings on Google: Imagine a Google-quality search engine but without ads — or one tailored to children, news junkies or Lego fans. It's possible that Google could be forced to let other companies access its search technology or its essential data to create search engines with the technical chops of Google — but without Google...

Would Apple create a search engine...? The likeliest scenario is you'd need to pick whether to use Google on your iPhone or something else. But technologists and stock analysts have also speculated for years that Apple could make its own search engine. It would be like when Apple started Apple Maps as an alternative to Google Maps.

What if Google weren't allowed to know so much about you? Jason Kint of Digital Content Next, an industry group that includes online news organizations, said one idea is Google's multiple products would no longer be allowed to commingle information about what you do. It would essentially be a divorce of Google's products without breaking the company up. That could mean, for example, that whatever you did on your Android phone or the websites you visit using Chrome would not feed into one giant Google repository about your activities and interests.
The article also wonders if the judge could order Google to be broken up, with separate companies formed out of Android, Google search, and Chrome. (Or if more search competition might make prices drop for the products advertised in search results — or lower the fees charged in Android's app store.) Android's app store might also lose its power to veto apps that compete with Google.

"This is educated speculation," the article acknowledges. "It's also possible that not much will really change. That's what happened after Google was found to have broken the European Union's anti-monopoly laws."

Google has also said it plans to appeal Monday's ruling.

A new article in ScienceAlert describes new research into the dangers of "heavily processed sources of digital nourishment" for generative AI: A new study by researchers from Rice University and Stanford University in the US offers evidence that when AI engines are trained on synthetic, machine-made input rather than text and images made by actual people, the quality of their output starts to suffer.

The researchers are calling this effect Model Autophagy Disorder (MAD). The AI effectively consumes itself, which means there are parallels for mad cow disease — a neurological disorder in cows that are fed the infected remains of other cattle. Without fresh, real-world data, content produced by AI declines in its level of quality, in its level of diversity, or both, the study shows. It's a warning about a future of AI slop from these models.

"Our theoretical and empirical analyses have enabled us to extrapolate what might happen as generative models become ubiquitous and train future models in self-consuming loops," says computer engineer Richard Baraniuk, from Rice University. "Some ramifications are clear: without enough fresh real data, future generative models are doomed to MADness."
The article notes that "faces began to look more and more like each other when fresh, human-generated training data wasn't involved. In tests using handwritten numbers, the numbers gradually became indecipherable.

"Where real data was used but in a fixed way without new data being added, the quality of the output was still degraded, merely taking a little longer to break down. It appears that freshness is crucial."

Thanks to long-time Slashdot reader schwit1 for sharing the news.

Longtime Slashdot reader schwit1 shares a report from Ars Technica: The upper stage from a Chinese rocket that launched a batch of Internet satellites Tuesday has broken apart in space, creating a debris field of at least 700 objects in one of the most heavily-trafficked zones in low-Earth orbit. US Space Command, which tracks objects in orbit with a network of radars and optical sensors, confirmed the rocket breakup Thursday. Space Command initially said the event created more than 300 pieces of trackable debris. The military's ground-based radars are capable of tracking objects larger than 10 centimeters (4 inches). Later Thursday, LeoLabs, a commercial space situational awareness company, said its radars detected at least 700 objects attributed to the Chinese rocket. The number of debris fragments could rise to more than 900, LeoLabs said. The culprit is the second stage of China's Long March 6A rocket, which lifted off Tuesday with the first batch of 18 satellites for a planned Chinese megaconstellation that could eventually number thousands of spacecraft. The Long March 6A's second stage apparently disintegrated after placing its payload of 18 satellites into a polar orbit.

Space Command said in a statement it has "observed no immediate threats" and "continues to conduct routine conjunction assessments to support the safety and sustainability of the space domain." According to LeoLabs, radar data indicated the rocket broke apart at an altitude of 503 miles (810 kilometers) at approximately 4:10 pm EDT (20:10 UTC) on Tuesday, around 13-and-a-half hours after it lifted off from northern China. At this altitude, it will take decades or centuries for the wispy effect of aerodynamic drag to pull the debris back into the atmosphere. As the objects drift lower, their orbits will cross paths with SpaceX's Starlink Internet satellites, the International Space Station and other crew spacecraft, and thousands more pieces of orbital debris, putting commercial and government satellites at risk of collision.

ICON, a construction technology company, is nearing completion of 100 3D-printed homes in Wolf Ranch, Texas, using a massive robotic printer. The 45-foot-wide, 4.75-ton Vulcan printer began constructing the walls of what ICON claims is the world's largest 3D-printed community in November 2022. The printer extrudes a concrete mixture layer by layer, creating corduroy-textured walls. ICON senior project manager Conner Jenkins told Reuters the process is faster and more efficient than traditional construction, requiring fewer workers and reducing material waste.

The single-story homes, priced between $450,000 and $600,000, feature concrete walls resistant to water, mold, termites, and extreme weather. However, homeowners reported weak wireless signals due to the thick walls, necessitating mesh internet routers. ICON, which printed its first home in Austin in 2018, is also developing lunar construction systems for NASA's Artemis program.

The Internet Corporation for Assigned Names and Numbers (ICANN) has agreed to reserve the .internal top-level domain so it can become the equivalent to using the 10.0.0.0, 172.16.0.0 and 192.168.0.0 IPv4 address blocks for internal networks. From a report: Those blocks are reserved for private use by the Internet Assigned Numbers Authority, which requires they never appear on the public internet. As The Register reported when we spotted the proposal last January, ICANN wanted something similar but for DNS, by defining a top-level domain that would never be delegated in the global domain name system (DNS) root.

Doing so would mean the TLD could never be accessed on the open internet -- achieving the org's goal of delivering a domain that could be used for internal networks without fear of conflict or confusion. ICANN suggested such a domain could be useful, because some orgs had already started making up and using their own domain names for private internal use only. Networking equipment vendor D-Link, for example, made the web interface for its products available on internal networks at .dlink. ICANN didn't like that because the org thought ad hoc TLD creation could see netizens assume the TLDs had wider use -- creating traffic that busy DNS servers would have to handle. Picking a string dedicated to internal networks was the alternative. After years of consultation about whether it was a good idea -- and which string should be selected -- ICANN last week decided on .internal. Any future applications to register it as a global TLD won't be allowed.

According to a recent study, SpaceX's new Starlink direct-to-cell (DTC) satellites are nearly five times brighter than traditional Starlinks due to their lower orbit. While these satellites offer the promise of widespread connectivity, their increased brightness poses challenges for astronomical observations, prompting SpaceX to consider applying brightness mitigation techniques. Space.com reports: The higher luminosity of these DTCs compared to regular Starlinks is partly because they circle Earth at just 217 miles (350 kilometers) above the surface, which is lower than traditional Starlink internet satellites, whose altitude is 340 miles (550 kilometers), the study reported. [...] At the time the study was conducted, SpaceX had not yet applied its routine brightness mitigation techniques to the DTCs, such as adjusting their chassis and solar panels to reduce the portion of spacecraft illuminated by the sun, study lead author Anthony Mallama of the IAU Centre for the Protection of Dark and Quiet Skies from Satellite Constellation Interference (IAU-CPS) told Space.com.

SpaceX began applying brightness mitigation techniques to regular Starlinks in 2020, after astronomers voiced serious concerns about the satellites' trails streaking across telescope images, rendering them unusable. Prior to launch, the company now applies a mirror-like dielectric surface to the underside of each Starlink chassis, to help reflect sunlight into space rather than scattering it toward Earth. Post launch, the company adjusts spacecraft chassis and solar panels to further reduce luminosity. Together, these techniques are very effective, reducing Starlink satellites' brightness by a factor of 10, Mallama said. If SpaceX applies these brightness mitigation techniques to the DTCs, which are nearly the same size as the regular Starlinks, the DTCs would still be 2.6 times brighter than their traditional counterparts, Mallama and his colleagues reported in the recent study, which was reviewed internally by IAU-CPS and posted to the preprint server arXiv last month.

However, while DTCs are brighter objects, they move at a faster apparent rate and spend more time in Earth's shadow than regular Starlinks, which would offset some of their negative impact on astronomy observations, the study noted. "I see it as a tradeoff in parameters rather than an absolute better/worse kind of situation," John Barentine, a principal consultant at Arizona-based Dark Sky Consulting who was not involved with the new study, told Space.com.

Mike Masnick, a semi-regular Slashdot contributor and founder of the tech blog Techdirt, is joining the board of Bluesky, where he "will be providing advice and guidance to the company to help it achieve its vision of a more open, more competitive, more decentralized online world." Masnick writes: In the nearly three decades that I've been writing Techdirt I've been writing about what is happening in the world of the internet, but also about how much better the internet can be. That won't change. I will still be writing about what is happening and where I believe we should be going. But given that there are now people trying to turn some of that better vision into a reality, I cannot resist this opportunity to help them achieve that goal. The early internet had tremendous promise as a decentralized system that enabled anyone to build what they wanted on a global open network, opening up all sorts of possibilities for human empowerment and creativity. But over the last couple of decades, the internet has moved away from that democratizing promise. Instead, it has been effectively taken over by a small number of giant companies with centralized, proprietary, closed systems that have supplanted the more open network we were promised.

There are, of course, understandable reasons why those centralized systems have been successful, such as by providing a more user-friendly experience on the front-end. But there was a price to pay: losing user autonomy, privacy and the benefits of decentralization (not to mention losing a highly dynamic, competitive internet). The internet need not be so limited, and over the years I've tried to encourage people and companies to make different choices to return to the original promise and benefits of openness. With Bluesky, we now have one company who is trying. "Mike's work has been an inspiration to us from the start," says Jay Graber, CEO of Bluesky. "Having him join our board feels like a natural progression of our shared vision for a more open internet. His perspective will help ensure we're building something that truly serves users as we continue to evolve Bluesky and the AT Protocol."

An anonymous reader quotes a report from Ars Technica: Hackers delivered malware to Windows and Mac users by compromising their Internet service provider and then tampering with software updates delivered over unsecure connections, researchers said. The attack, researchers from security firm Volexity said, worked by hacking routers or similar types of device infrastructure of an unnamed ISP. The attackers then used their control of the devices to poison domain name system responses for legitimate hostnames providing updates for at least six different apps written for Windows or macOS. The apps affected were the 5KPlayer, Quick Heal, Rainmeter, Partition Wizard, and those from Corel and Sogou.

Because the update mechanisms didn't use TLS or cryptographic signatures to authenticate the connections or downloaded software, the threat actors were able to use their control of the ISP infrastructure to successfully perform machine-in-the-middle (MitM) attacks that directed targeted users to hostile servers rather than the ones operated by the affected software makers. These redirections worked even when users employed non-encrypted public DNS services such as Google's 8.8.8.8 or Cloudflare's 1.1.1.1 rather than the authoritative DNS server provided by the ISP. "That is the fun/scary part -- this was not the hack of the ISPs DNS servers," Volexity CEO Steven Adair wrote in an online interview. "This was a compromise of network infrastructure for Internet traffic. The DNS queries, for example, would go to Google's DNS servers destined for 8.8.8.8. The traffic was being intercepted to respond to the DNS queries with the IP address of the attacker's servers."

In other words, the DNS responses returned by any DNS server would be changed once it reached the infrastructure of the hacked ISP. The only way an end user could have thwarted the attack was to use DNS over HTTPS or DNS over TLS to ensure lookup results haven't been tampered with or to avoid all use of apps that deliver unsigned updates over unencrypted connections. As an example, the 5KPlayer app uses an unsecure HTTP connection rather than an encrypted HTTPS one to check if an update is available and, if so, to download a configuration file named Youtube.config. StormBamboo, the name used in the industry to track the hacking group responsible, used DNS poisoning to deliver a malicious version of the Youtube.config file from a malicious server. This file, in turn, downloaded a next-stage payload that was disguised as a PNG image. In fact, it was an executable file that installed malware tracked under the names MACMA for macOS devices or POCOSTICK for Windows devices. As for the hacked ISP, the security firm said "it's not a huge one or one you'd likely know."

"In our case the incident is contained but we see other servers that are actively serving malicious updates but we do not know where they are being served from. We suspect there are other active attacks around the world we do not have purview into. This could be from an ISP compromise or a localized compromise to an organization such as on their firewall."

An anonymous reader quotes a report from Reuters: Indonesia said it has banned the privacy-oriented search engine DuckDuckGo, citing concerns that it could be used to access pornography and online gambling websites which are illegal in the country, the communications ministry said on Friday. Indonesia, with the world's biggest Muslim population, has strict rules that ban the sharing online of content deemed obscene. Social media platform Reddit and video-hosting platform Vimeo are blocked.

Usman Kansong, a communications ministry official, told Reuters that DuckDuckGo had been blocked "because of the many complaints made to us about the rampant online gambling and pornography content in its search results." The ministry did not say how DuckDuckGo differs from other search engines such as Alphabet's Google but on its website, DuckDuckGo said it offered several products intended to "help people protect their online privacy" including the search engine, which it said has been praised by privacy advocates.

Late Friday Elon Musk appeared on Lex Fridman's podcast for a special eight-hour episode about Neuralink.

It's already been viewed 1,702,036 times on YouTube — and resulted in this report from Reuters: Neuralink has successfully implanted in a second patient its device designed to give paralyzed patients the ability to use digital devices by thinking alone, according to the startup's owner Elon Musk... [Musk] gave few details about the second participant beyond saying the person had a spinal cord injury similar to the first patient, who was paralyzed in a diving accident.

Musk said 400 of the implant's electrodes on the second patient's brain are working. Neuralink on its website states that its implant uses 1,024 electrodes... Musk said he expects Neuralink to provide the implants to eight more patients this year as part of its clinical trials.
Neuralink's device "has allowed the first patient to play video games, browse the internet, post on social media and move a cursor on his laptop," according to the article: The first patient, Noland Arbaugh, was also interviewed on the podcast, along with three Neuralink executives, who gave details about how the implant and the robot-led surgery work. Before Arbaugh received his implant in January, he used a computer by employing a stick in his mouth to tap the screen of a tablet device. Arbaugh said with the implant he now can merely think about what he wants to happen on the computer screen, and the device makes it happen... Arbaugh has improved on his previous world record for the speed at which he can control a cursor with thoughts alone "with only roughly 10, 15% of the electrodes working," Musk said on the podcast.
Fridman said his interview with Musk was "the longest podcast I've ever done," calling their conversation "fascinating, super technical, and wide-ranging... I loved every minute of it."

Seattle is the smartest city in America, with Miami and then Austin close behind. That's according to a promotional study from smart-building tools company ProptechOS. Newsweek reports: The evaluation of tech infrastructure and connectivity was based on several factors, including the number of free Wi-Fi hot spots, the quantity and density of AI and IoT companies, average broadband download speeds, median 5G coverage per network provider, and the number of airports. Meanwhile, green infrastructure was assessed based on air quality, measured by exposure to PM2.5, tiny particles in the air that can harm health. Other factors include 10-year changes in tree coverage, both loss and gain; the number of electric vehicle charging points and their density per 100,000 people; and the number of LEED-certified green buildings. The tech job market was evaluated on the number of tech jobs advertised per 100,000 people.
Seattle came in first after assessing 16 key indicators across connectivity/infrastructure, sustainability, and tech jobs — "boasting 34 artificial intelligence companies and 13 Internet of Things companies per 100,000 residents." In terms of sustainability, Seattle has enhanced its tree coverage by 13,700 hectares from 2010 to 2020 and has established the equivalent of 10 electric vehicle charging points per 100,000 residents. Seattle has edged out last year's top city, Austin, to claim the title of the smartest city in the U.S., with an overall score of 75.7 out of 100. Miami wasn't far behind, achieving a score of 75.4. However, Austin still came out on top for smart city infrastructure, scoring 86.2 out of 100. This is attributed to its high broadband download speed of 275.60 Mbps — well above the U.S. average of 217.14 Mbps — and its concentration of 337 AI companies, or 35 per 100,000 people.
You can see the full listings here. The article notes that the same study also ranked Paris as the smartest city in Europe — slipping ahead of London — thanks to Paris's 99.5% 5G coverage, plus "the second-highest number of AI companies in Europe and the third-highest number of free Wi-Fi hot spots. Paris is also recognized for its traffic management systems, which monitor noise levels and air quality."

Newsweek also shares this statement from ProptechOS's founder/chief ecosystem officer. "Advancements in smart cities and future technologies such as next-generation wireless communication and AI are expected to reduce environmental impacts and enhance living standards."

In April CNBC reported on an alternate list of the smartest cities in the world, created from research by the World Competitiveness Center. It defined smart cities as "an urban setting that applies technology to enhance the benefits and diminish the shortcomings of urbanization for its citizens." And CNBC reported that based on the list, "Smart cities in Europe and Asia are gaining ground globally while North American cities have fallen down the ranks... Of the top 10 smart cities on the list, seven were in Europe." Here are the top 10 smart cities, according to the 2024 Smart City Index.

- Zurich, Switzerland
- Oslo, Norway
- Canberra, Australia
- Geneva, Switzerland
- Singapore
- Copenhagen, Denmark
- Lausanne, Switzerland
- London, England
- Helsinki, Finland
- Abu Dhabi, United Arab Emirates

Notably, for the first time since the index's inception in 2019, there is an absence of North American cities in the top 20... The highest ranking U.S. city this year is New York City which ranked 34th, followed by Boston at 36th and Washington DC, coming in at 50th place.

An anonymous reader shared this report from BleepingComputer: A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. Also tracked as Evasive Panda, Daggerfly, and StormCloud, this cyber-espionage group has been active since at least 2012, targeting organizations across mainland China, Hong Kong, Macao, Nigeria, and various Southeast and East Asian countries.

On Friday, Volexity threat researchers revealed that the Chinese cyber-espionage gang had exploited insecure HTTP software update mechanisms that didn't validate digital signatures to deploy malware payloads on victims' Windows and macOS devices... To do that, the attackers intercepted and modified victims' DNS requests and poisoned them with malicious IP addresses. This delivered the malware to the targets' systems from StormBamboo's command-and-control servers without requiring user interaction.
Volexity's blog post says they observed StormBamboo "targeting multiple software vendors, who use insecure update workflows..." and then "notified and worked with the ISP, who investigated various key devices providing traffic-routing services on their network. As the ISP rebooted and took various components of the network offline, the DNS poisoning immediately stopped."

BleepingComputer notes that "âAfter compromising the target's systems, the threat actors installed a malicious Google Chrome extension (ReloadText), which allowed them to harvest and steal browser cookies and mail data."