The Linkielist

Linking ideas with the world

The Linkielist

Popular Password managers don’t protect secrets if servers are compromised.

Posted on by

[…]The team, comprised of researchers from ETH Zurich and Università della Svizzera italiana (USI), examined the “zero-knowledge encryption” promises made by Bitwarden, LastPass, and Dashlane, finding all three could expose passwords if attackers compromised servers.

The premise of zero-knowledge encryption is that user passwords are encrypted on their device, and the password manager’s server acts merely as a dumb storage box for the encrypted credentials. Therefore, in the event that the vendor’s servers are controlled by malicious parties, attackers wouldn’t be able to view users’ secrets.

As one of the most popular alternatives to Apple and Google’s own password managers, which together dominate the market, the researchers found Bitwarden was most susceptible to attacks, with 12 working against the open-source product. Seven distinct attacks worked against LastPass, and six succeeded in Dashlane.

The attacks don’t exploit weaknesses in the same way that remote attackers could exploit vulnerabilities and target specific users. Instead, the researchers worked to test each platform’s ability to keep secrets safe in the event they were compromised.

In most cases where attacks were successful, the researchers said they could retrieve encrypted passwords from the user, and in some cases, change the entries.

They used a malicious server model to test all of this – setting up servers that behaved like hacked versions of those used by the password managers. Seven of Bitwarden’s 12 successful attacks led to password disclosure, whereas only three of LastPass’s attacks led to the same end, and one for Dashlane.

All three vendors claim their products come with zero-knowledge encryption. The researchers noted that none of them outline the specific threat model their password manager secures against.

The researchers said: “The majority of our attacks require simple interactions which users or their clients perform routinely as part of their usage of the product, such as logging in to their account, opening the vault and viewing the items, or performing periodic synchronization of data.

“We also present attacks that require more complex user actions, such as key rotations, joining an organization, sharing credentials, or even clicking on a misleading dialog. Although assessing the probability of these actions is challenging, we believe that, within a vast user base, many users will likely perform them.”

In the full paper [PDF], they went on to argue that password managers have escaped deep academic scrutiny until now, unlike end-to-end encrypted messaging apps. It is perhaps due to a perception that password managers are simple applications – deriving keys and then encrypting them. However, their codebases are more complex than that, often offering features such as the ability to share accounts with family members and featuring various ways to maintain backward-compatibility with older encryption standards.

Kenneth Paterson, professor of computer science at ETH Zurich, said “we were surprised by the severity of the security vulnerabilities” affecting the password managers.

“Since end-to-end encryption is still relatively new in commercial services, it seems that no one had ever examined it in detail before.”

[…]

Source: Password managers don’t protect secrets if pwned • The Register

Canada Goose says ShinyHunters only breached old data – why did they not disclose this when it happened then?

Posted on by

Canada Goose says an advertised breach of 600,000 records is an old raid and there are no signs of a recent compromise.

The down-filled jacket purveyor did not answer questions about how old the data is or how it was originally taken, but told us it relates to past customer purcahses.

“Canada Goose is aware that a historical dataset relating to past customer transactions has recently been published online,” a spokesperson said. “At this time, we have no indication of any breach of our own systems. We are currently reviewing the newly released dataset to assess its accuracy and scope, and will take any further steps as may be appropriate.”

“To be clear, our review shows no evidence that unmasked financial data was involved. Canada Goose remains committed to protecting customer information.”

ShinyHunters posted the company’s data for download on February 14 via their leak site. The criminals’ advert for the data claimed there were more than 600,000 records, each containing personally identifiable information, as well as payment/financial details.

The Register reviewed a number of the records available online via a JSON file, and ShinyHunters’ description of the data appears accurate.

It includes names and other usual PII data points, as well as partial payment information and order details, such as price and delivery address.

[…]

Source: Canada Goose says ShinyHunters only breached old data • The Register

Watch how capitalism breaks innovation: OpenAI hires OpenClaw AI agent developer Peter Steinberg

Posted on by

OpenClaw is a huge disruptor in the agentic AI space – it has an actual orchestrator, is super easy to implement and destroys many business models. You can bet that despite all the sounds, the open source repository will be laid to rest and all new development will go in to the closed OpenAI space so they can regain their competitive advantage and maybe actually make some money, despite the best efforts of megalomanic compulsive liar and general poor man’s baddie, Sam Altman.

So this move kills a real gamechanger and moves EU top talent to the US in one go. What great things money does for us. Not.

Peter Steinberger, creator of popular open-source artificial intelligence program OpenClaw, will be joining OpenAI Inc. to help bolster the ChatGPT developer’s product offerings.

“OpenClaw will live in a foundation as an open source project that OpenAI will continue to support,” OpenAI Chief Executive Officer Sam Altman wrote in a post on X Sunday, adding that Steinberger is “joining OpenAI to drive the next generation of personal agents.”

Steinberger wrote in a separate post on his website Saturday that he will be joining OpenAI to be “part of the frontier of AI research and development, and continue building.”

“It’s always been important to me that OpenClaw stays open source and given the freedom to flourish,” Steinberger wrote. “Ultimately, I felt OpenAI was the best place to continue pushing on my vision and expand its reach.”

OpenClaw, previously called Clawdbot and Moltbot, has garnered a cult following since launching in November for its ability to operate autonomously, clearing users’ inboxes, making restaurant reservations and checking in for flights, among other tasks. Users can also connect the tool to messaging apps such as WhatsApp and Slack and direct the agent through those platforms.

“My next mission is to build an agent that even my mum can use,” Steinberger wrote. “That’ll need a much broader change, a lot more thought on how to do it safely, and access to the very latest models and research.”

[…]

 

Source: OpenAI hires OpenClaw AI agent developer Peter Steinberg | Fortune

European Parliament bars lawmakers from AI tools over cloud data concerns

Posted on by

Slowly but very slowly Europeans are starting to understand that funding the US software companies, creating a dependency on them and giving them their data to grab in (which they do) is not a good idea.

The European Parliament has reportedly turned off AI features on lawmakers’ devices amid concerns about content going where it shouldn’t.

According to Politico, staff were notified that AI features on corporate devices (including tablets) were disabled because the IT department could not guarantee data security.

The bone of contention is that some AI assistants require the use of cloud services to perform tasks including email summarization, and so send the data off the device – a challenge for data protection.

It’s a unfortunate for device vendors that promote on-device processing, but the European Parliament’s tech support desk reportedly stated: “As these features continue to evolve and become available on more devices, the full extent of data shared with service providers is still being assessed. Until this is fully clarified, it is considered safer to keep such features disabled.”

The Register contacted the European Parliament for comment.

Data privacy and AI services have not been the greatest of bedfellows. Studies have shown that employees regularly leak company secrets via assistants, and on-device AI services are a focus of vendors amid concerns about exactly what is being sent to the cloud.

The thought of confidential data being sent to an unknown location in the cloud to generate a helpful summary has clearly worried lawmakers, which is why there is a blanket ban. However, the issue has less relevance if the process occurs on the device itself.

The Politico report noted that day-to-day tools, such as calendar applications, are not affected by the edict. The ban is temporary until the tech boffins can clarify what is being shared and where it is going.

[…]

Source: European Parliament bars lawmakers from AI tools • The Register

In a blind test, audiophiles couldn’t tell the difference between audio signals sent through copper wire, a banana, or wet mud

Posted on by

A moderator on diyAudio set up an experiment to determine whether listeners could differentiate between audio run through pro audio copper wire, a banana, and wet mud. Spoiler alert: the results indicated that users were unable to accurately distinguish between these different ‘interfaces.’

Pano, the moderator who built the experiment, invited other members on the forum to listen to various sound clips with four different versions: one taken from the original CD file, with the three others recorded through 180cm of pro audio copper wire, via 20cm of wet mud, through 120cm of old microphone cable soldered to US pennies, and via a 13cm banana, and 120cm of the same setup as earlier.

Initial test results showed that it’s extremely difficult for listeners to correctly pick out which audio track used which wiring setup. “The amazing thing is how much alike these files sound. The mud should sound perfectly awful, but it doesn’t,” Pano said. “All of the re-recordings should be obvious, but they aren’t.”

[…]

Source: In a blind test, audiophiles couldn’t tell the difference between audio signals sent through copper wire, a banana, or wet mud — ‘The mud should sound perfectly awful, but it doesn’t,’ notes the experiment creator | Tom’s Hardware

Research: How Product Images Influence Online Purchase Decisions and When They Don’t

Posted on by

Online shopping continues to grow globally, with total e-commerce sales estimated at $6 trillion by 2024 and consumers in Western Europe making nearly 19 online purchases per year. In this rapidly expanding landscape, online retailers are increasingly investing in interactive and contextual product images to capture customer attention. But do these visual strategies actually work? This is what PhD candidate Rowena Summerlin of Tilburg University  investigated .

Summerlin concludes that product images—especially interactive versions—can indeed influence consumer purchase intentions, but that this effect is context-dependent. According to her research, interactive images, especially for individual consumers, increase the perception of a product’s higher quality, which can strengthen purchase intentions. However, the impact depends on factors such as product price, customer type, and the platform on which the images are displayed. For business customers, the effect appears to be virtually nonexistent.

Analyses of real marketplace data show that contextual images can increase sales on some websites, but have little effect on other platforms. The researchers point out that this is likely related to the differing norms and customs of different online environments. The strongest effects occurred with more expensive products and during peak shopping periods, when consumers themselves are more uncertain about their choices.

Source: Research: How Product Images Influence Online Purchase Decisions and When They Don’t – Emerce

AH-64 Apache Is Getting Proximity Fuzed 30mm Cannon Ammo For Swatting Down Drones

Posted on by

The AH-64 Apache attack helicopter has evolved into a counter-drone platform in recent years — something we have been following closely. While the Israeli Air Force had pioneered this role for the AH-64 for years, the U.S. Army has now formally codified it and added new capabilities in the process. Now, as we had suggested some time ago, the Apache is getting proximity-fuzed 30mm cannon shells for its chin-mounted M230 cannon that will add to its drone-killing arsenal, giving it a cheaper and more plentiful engagement option than some of the alternatives.

Apaches live-fire tested the 30x113mm XM1225 Aviation Proximity Explosive (APEX) ammo last December, according to a recent Army release. The trials occurred at the service’s sprawling Yuma Proving Ground (YPG) in southern Arizona. Multiple test engagements occurred against various types of drone targets.

The specialized APEX ammunition works by detonating only when it is close to an object, then it explodes in a spray of shrapnel. This is critical to shooting down drones as they are small, independently moving targets, and the Apache’s monocle-targeted chin gun isn’t exactly a sniper rifle in terms of precision. At the same time, the rounds could also be used against targets on the surface — including personnel, soft-skinned vehicles, and small boats, for instance — offering unique area effects compared to the Apache’s standard impact-detonating, high-explosive ammunition.

[…]

 

Source: AH-64 Apache Is Getting Proximity Fuzed 30mm Cannon Ammo For Swatting Down Drones

F-35 Software Could Be Jailbreaked Like An iPhone: Dutch Defense Secretary

Posted on by

The F-35’s ‘computer brain,’ including its cloud-based components, could be cracked to accept third-party software updates, just like ‘jailbreaking‘ a cellphone, according to the Dutch State Secretary for Defense. The statement comes as foreign operators of the jets continue to be pressed on what could happen if the United States were ever to cut off support. President Donald Trump’s administration has pursued a number of policies that have resulted in new diplomatic strains with some long-time allies, especially in Europe.

“If, despite everything, you still want to upgrade, I’m going to say something I should never say, but I will anyway: you can jailbreak an F-35 just like an iPhone,” Gijs Tuinman said during an episode of BNR Nieuwsradio‘s “Boekestijn en de Wijk” podcast posted online yesterday, according to a machine translation.

[…]

As we have explored in detail in the past, the F-35 program imposes unique limits on the ability of operators to make changes to the jet’s software, as well as to associated systems on the ground. Virtually all F-35s in service today see software updates come through a cloud-based network, the original version of which is known as the Autonomic Logistics Information System (ALIS). Persistent issues with ALIS have led to the development of a follow-on Operational Data Integrated Network (ODIN), the transition to which is still ongoing.

The ALIS/ODIN network is designed to handle much more than just software updates and logistical data. It is also the port used to upload mission data packages containing highly sensitive planning information, including details about enemy air defenses and other intelligence, onto F-35s before missions and to download intelligence and other data after a sortie.

To date, Israel is the only country known to have successfully negotiated a deal giving it the right to install domestically-developed software onto its F-35Is, as well as otherwise operate its jets outside of the ALIS/ODIN network. The Israelis also have the ability to conduct entirely independent depot-level maintenance, something we will come back to later.

Issues with ALIS, as well as concerns about the transfer of nationally sensitive information within the network, have led certain operators, including the Netherlands, to firewall off aspects of their software reprogramming activities in the past.

[…]

TWZ previously explored many of these same issues in detail last year, amid a flurry of reports about the possibility that F-35s have some type of discreet ‘kill switch’ built in that U.S. authorities could use to remotely disable the jets. Rumors of this capability are not new and remain completely unsubstantiated.

At that time, we stressed that a ‘kill switch’ would not even be necessary to hobble F-35s in foreign service. At present, the jets are heavily dependent on U.S.-centric maintenance and logistics chains that are subject to American export controls and agreements with manufacturer Lockheed Martin. Just reliably sourcing spare parts has been a huge challenge for the U.S. military itself, as you can learn more about in this past in-depth TWZ feature. F-35s would be quickly grounded without this sustainment support.

[…]

Source: F-35 Software Could Be Jailbreaked Like An iPhone: Dutch Defense Secretary

Studying Genes that existed before all life on Earth (LUCA – Last Universal Common Ancestor)

Posted on by

Every organism alive today traces its lineage back to a single shared ancestor that lived about four billion years ago. Scientists refer to this organism as the “last universal common ancestor,” and it represents the earliest form of life that can currently be examined using established evolutionary methods.

Research on this ancient ancestor shows that many features seen in modern life were already in place at that time. Cells already had membranes, and genetic information was stored in DNA. Because these essential traits were already established, scientists seeking to understand how life first took shape must look even further back in time, to evolutionary events that occurred before this shared ancestor existed.

Studying Life Before the First Common Ancestor

In a study published in the journal Cell Genomics, researchers Aaron Goldman (Oberlin College), Greg Fournier (MIT), and Betül Kaçar (University of Wisconsin-Madison) describe a way to explore that earlier period of evolution. “While the last universal common ancestor is the most ancient organism we can study with evolutionary methods,” said Goldman, “some of the genes in its genome were much older.” The team focuses on a special group of genes called “universal paralogs,” which preserve evidence of biological changes that took place before the last universal common ancestor.

A paralog is a group of related genes that appear multiple times within a single genome. Humans provide a clear example. Our DNA contains eight different hemoglobin genes, all of which produce proteins that carry oxygen through the blood. These genes all originated from a single ancestral globin gene that existed around 800 million years ago. Over long periods of time, repeated copying errors produced extra versions of the gene, and each copy gradually developed its own specialized role.

What Makes Universal Paralogs Unique

Universal paralogs are much rarer. These gene families appear in at least two copies in the genomes of nearly all living organisms. Their widespread presence suggests that the original gene duplication occurred before the last universal common ancestor emerged. Those duplicated genes were then passed down through countless generations and remain present in life today.

Because of this deep evolutionary reach, the authors argue that universal paralogs are a critical yet often overlooked resource for studying the earliest history of life on Earth. This approach is becoming more practical as new AI-based techniques and AI-optimized hardware make it easier to analyze ancient genetic patterns in detail.

“While there are precious few universal paralogs that we know,” says Goldman, “they can give us a lot of information about what life was like before the time of the last universal common ancestor.” Fournier adds, “The history of these universal paralogs is the only information we will ever have about these earliest cellular lineages, and so we need to carefully extract as much knowledge as we can from them.”

Clues to the First Cellular Functions

In their analysis, Goldman, Fournier, and Kaçar reviewed all known universal paralogs. Every one of these genes plays a role in either building proteins or moving molecules across cell membranes. This finding suggests that protein production and membrane transport were among the first biological functions to evolve.

The researchers also emphasize the importance of reconstructing the ancient forms of these genes. In one study from Goldman’s lab at Oberlin, scientists examined a universal paralog family involved in inserting enzymes and other proteins into cell membranes. Using standard methods from evolutionary biology and computational biology, they reconstructed the protein produced by the original ancestral gene.

Their results showed that this simpler, ancient protein could still attach to cell membranes and interact with the machinery that makes proteins. It likely helped early proteins embed themselves into primitive membranes, offering insight into how the earliest cells may have operated

[…]

Source: Scientists find genes that existed before all life on Earth | ScienceDaily

Claude agent allows allows Google Calendar zero click exploits

Posted on by

LayerX, a security company based in Tel Aviv, says it has identified a zero-click remote code execution vulnerability in Claude Desktop Extensions that can be triggered by processing a Google Calendar entry.

Informed of the issue – worthy of a CVSS score of 10/10, LayerX argues – Anthropic has opted not to address it.

Claude Desktop Extensions, recently renamed MCP Bundles, are packaged applications that extend the capabilities of Claude Desktop using the Model Context Protocol, a standard way to give generative AI models access to other software and data. Stored as .dxt files (with Anthropic transitioning the format to .mcpb), they are ZIP archives that package a local MCP server alongside a manifest.json file describing the extension’s capabilities.

The Claude Desktop Extensions hub webpage claims the extensions are secure and undergo security review. “Extensions run in sandboxed environments with explicit permission controls, and enterprise features include Group Policy support and extension blocklisting,” the FAQs explain.

LayerX argues otherwise. According to principal security researcher Roy Paz, Claude Desktop extensions “execute without sandboxing and with full privileges on the host system.”

Paz told The Register, “By design, you cannot sandbox something if it is expected to have full system access. Perhaps they containerize it but that’s not the same thing. Relative to Windows Sandbox, Sandboxie or VMware, Claude DXT’s container falls noticeably short of what is expected from a sandbox. From an attacker’s point of view it is the equivalent of setting your building code to 1234 and then leaving it unlocked because locking it would prevent delivery people from coming in and out.”

Paz says that the vulnerability arises from the fact that Claude will process input from public-facing connectors like Google Calendar and that the AI model also decides on its own which installed MCP connectors should be used to fulfill that request.

The result is that when extensions with risky capabilities like command line access are present, extensions with less concerning capabilities can present an attack vector. In this instance, a Google Calendar event was used to make malicious instructions available to Claude, which the model then used to download, compile, and execute harmful code.

“There are no hardcoded safeguards that prevent Claude from constructing a malformed or dangerous workflow,” Paz claims. “Consequently, data extracted from a relatively low-risk connector (Google Calendar) can be forwarded directly into a local MCP server with code-execution capabilities.”

What Paz is describing is a form of indirect prompt injection – AI models that read webpages, other documents, or interface elements may interpret that content as instructions. This is a known, unresolved problem, which may explain Anthropic’s apparent disinterest in the LayerX report.

[…]

Source: Claude add-on turns Google Calendar into malware courier • The Register

Specific cognitive training has ‘astonishing’ effect on dementia risk

Posted on by

[…]

a 20-year study of 2832 people aged 65 and older suggests specific exercises may offer benefits.

The participants were randomly assigned to one of three intervention groups or to a control group. One group engaged in speed training, using a computer-based task called Double Decision, which briefly displays a car and a road sign within a scene before they disappear. Participants must then recall which car appeared and where the sign was located. The task is adaptive, becoming harder as performance improves.

The other two groups took part in memory or reasoning training, learning strategies designed to improve those skills.

The participants completed two 60-75-minute sessions per week for five weeks. About half of those in each group were then randomly assigned to receive booster sessions – four additional 1-hour sessions at the end of the first year, and another four at the end of the third year.

Twenty years later, the researchers assessed US Medicare claims data to determine how many of the participants had been diagnosed with dementia. They found that those who completed speed training with booster sessions had a 25 per cent lower risk of diagnosis with Alzheimer’s or a related dementia compared with the control group. No other group – including speed training without boosters – showed a significant change in risk. “The size of the effect is really quite astonishing,” says Albert.

[…]

Source: Specific cognitive training has ‘astonishing’ effect on dementia risk | New Scientist

Ranked: Defense Spending Per Capita, by Country

Posted on by

Ranked defense spending per person shows which countries invest most in their military on a per capita basis.

 

Global military spending is often measured in massive national budgets, where the United States and China dominate the conversation. But looking at defense spending on a per-person basis tells a very different story, one where smaller countries rise to the top.

This visualization ranks major countries by how much they spent on defense per citizen in 2024, revealing which nations invest the most in military power relative to their population — and how countries like the U.S. compare when spending is measured per person rather than in total dollars.

Data comes from the Stockholm International Peace Research Institute (SIPRI).

Why Israel Leads the World in Defense Spending Per Capita

Israel ranks first, spending nearly $5,000 per person on defense in 2024. This figure reflects the country’s ongoing security challenges and mandatory military service. Despite a total defense budget of $47 billion—small compared to global superpowers—the per-person cost is unmatched.

Below are the world’s 30 largest military spenders, ranked by defense spending per capita:

Several smaller or wealthy nations rank near the top of the list. Singapore spends over $2,500 per person, driven by its strategic location and emphasis on technological superiority. Norway and Denmark also appear in the top 10, supported by high incomes and growing commitments to NATO.

How Major Powers Compare

The U.S. ranks second overall, with nearly $2,900 spent per person, reflecting both its enormous military budget and large population. China, by contrast, ranks much lower at $221 per capita despite spending more than $300 billion in total.

Meanwhile, European powers like Germany, France, and the U.K. cluster in the middle of the ranking, balancing defense commitments with larger populations.

Source: Ranked: Defense Spending Per Capita, by Country

Discord will require a face scan or ID for full access next month

Posted on by

The creeps staring into your bedroom brigade is winning and age verification is being normalised by a group of goons who really really want to know every poop you take. It’s a dangerous and insanely bad idea, but fortunately people are starting to wise up.

Discord announced on Monday that it’s rolling out age verification on its platform globally starting next month, when it will automatically set all users’ accounts to a “teen-appropriate” experience unless they demonstrate that they’re adults.

“For most adults, age verification won’t be required, as Discord’s age inference model uses account information such as account tenure, device and activity data, and aggregated, high-level patterns across Discord communities. Discord does not use private messages or any message content in this process,” Savannah Badalich, Discord’s global head of product policy, tells The Verge.

Users who aren’t verified as adults will not be able to access age-restricted servers and channels, won’t be able to speak in Discord’s livestream-like “stage” channels, and will see content filters for any content Discord detects as graphic or sensitive. They will also get warning prompts for friend requests from potentially unfamiliar users, and DMs from unfamiliar users will be automatically filtered into a separate inbox.

Direct messages and servers that are not age-restricted will continue to function normally, but users won’t be able to send messages or view content in an age-restricted server until they complete the age check process, even if it’s a server they were part of before age verification rolled out. Badalich says those servers will be “obfuscated” with a black screen until the user verifies they’re an adult. Users also won’t be able to join any new age-restricted servers without verifying their age.

Discord asking a user for age verification after opening a restricted server
Discord asking a user for age verification to unblur sensitive content
1/2Unverified users won’t be able to enter age-restricted servers. Image: Discord

Discord’s global age verification launch is part of a wave of similar moves at other online platforms, driven by an international legal push for age checks and stronger child safety measures. This is not the first time Discord has implemented some form of age verification, either. It initially rolled out age checks for users in the UK and Australia last year, which some users figured out how to circumvent using Death Stranding’s photo mode. Badalich says Discord “immediately fixed it after a week,” but expects users will continue finding creative ways to try getting around the age checks, adding that Discord will “try to bug bash as much as we possibly can.”

It’s not just teens trying to cheat the system who might attempt to dodge age checks. Adult users could avoid verifying, as well, due to concerns around data privacy, particularly if they don’t want to use an ID to verify their age. In October, one of Discord’s former third-party vendors suffered a data breach that exposed users’ age verification data, including images of government IDs.

If Discord’s age inference model can’t determine a user’s age, a government ID might still be required for age verification in its global rollout. According to Discord, to remove the new “teen-by-default” changes and limitations, “users can choose to use facial age estimation or submit a form of identification to [Discord’s] vendor partners, with more options coming in the future.”

The first option uses AI to analyze a user’s video selfie, which Discord says never leaves the user’s device. If the age group estimate (teen or adult) from the selfie is incorrect, users can appeal it or verify with a photo of an identity document instead. That document will be verified by a third party vendor, but Discord says the images of those documents “are deleted quickly — in most cases, immediately after age confirmation.”

A Discord user profile showing a “teen” age group and age verification options
Users can view and update their age group from their profile. Image: Discord

Badalich also says after the October data breach, Discord “immediately stopped doing any sort of age verification flows with that vendor” and is now using a different third-party vendor. She adds, “We’re not doing biometric scanning [or] facial recognition. We’re doing facial estimation. The ID is immediately deleted. We do not keep any information around like your name, the city that you live in, if you used a birth certificate or something else, any of that information.”

“A majority of people are not going to see a change in their experience.”

Badalich goes on to explain that the addition of age assurance will mainly impact adult content: “A majority of people on Discord are not necessarily looking at explicit or graphic content. When we say that, we’re really talking about things that are truly adult content [and] age inappropriate for a teen. So, the way that it will work is a majority of people are not going to see a change in their experience.”

Even so, there’s still a risk that some users will leave Discord as a result of the age verification rollout. “We do expect that there will be some sort of hit there, and we are incorporating that into what our planning looks like,” Badalich says. “We’ll find other ways to bring users back.”

Source: Discord will require a face scan or ID for full access next month | The Verge

If you want to look at more people blowing up about age verification you can try this Slashdot thread: Discord Will Require a Face Scan or ID for Full Access Next Month

How to Disable Ring’s Creepy ‘Search Party’ Feature – But if you bought a Ring, you probably don’t mind blanket corpo and govt surveillance anyway I guess.

Posted on by

If you tuned into Super Bowl LX on Sunday, you may have caught Ring’s big ad of the night: The company tried to tap into us dog owners’ collective fear of losing our pets, demonstrating how its new “Search Party” feature could reunite missing dogs with its owners. Ring probably thought audiences would love the feature, with existing users happy to know Search Party exists, and new customers looking to buy one of their doorbells to help find lost dogs in the neighborhood.

Of course, that’s not what happened at all. Rather than evoke heartwarming feelings, the ad scared the shit out of many of us who caught it. That’s due to how the feature itself works: Search Party uses AI to identify pets that run in its field of vision. But it’s not just your camera doing this: The feature pools together all of the Ring cameras that have Search Party enabled to look for your lost dog. In effect, it turns all these individual devices into a Ring network, or, perhaps in harsher terms, a surveillance state. It does so in pursuit of a noble goal, sure, but at what cost?

The reactions I saw online ranged from shock to anger. Some were surprised to learn that Ring cameras could even do this, seeing as you might assume your Ring doorbell is, well, yours. Others were furious, lashing out at anyone who thinks Search Party is a good idea, or that the feature isn’t the beginning of a very slippery slope. My favorite take was one comparing Search Party to Batman’s cellphone network surveillance system from The Dark Knight, which famously compromised morals and ethics in the name of catching the bad guy.

According to Ring, Search Party is a perfectly safe and wholesome way to look for lost dogs in the area. The company’s FAQs explain that users can opt-out of the feature at any time, and only Ring doorbells in the area around the home that started the current Search Party will look for the dog. In addition, Ring says the feature works based on saved videos, so Ring doorbells without a subscription and a saved video history won’t be able to participate. (Though I’m not sure the fact that the feature works with saved videos assuages any fears on my end.)

I am not pro-missing dogs. But I am pro-privacy. At the risk of sounding alarmist, Search Party really does seem like a slippery slope. Today, the neighborhood is banding together to find Mrs. Smith’s missing goldendoodle; tomorrow, they’re looking for a “suspicious person.” Innocent until proven guilty, unless caught on your neighbor’s Ring camera.

Can law enforcement request Search Party data?

Here’s the big question regarding Search Party and its slippery slope: Can law enforcement—including local police, FBI, or ICE—request saved videos from Ring cameras participating in Search Party in order to track down people, not pets?

You won’t be surprised to learn that that wasn’t answered by Ring’s Super Bowl ad, nor is it part of the official Search Party FAQs. However, we do know that, as of October 2025, Ring partnered with both Flock Safety as well as Axon. Axon makes and sells equipment for law enforcement, like tasers and body cameras, while Flock Safety is a security company that offers services like license plate recognition and video surveillance. These partnerships allow law enforcement to post requests for Ring footage directly to the Ring app. Ring users in the vicinity of the request have the choice to either share that footage or ignore the petition. Flock Safety says that users who do choose to share footage remain private.

Of course, law enforcement isn’t always going to ask for volunteers. According to Ring’s law enforcement guidelines, the company will comply with “valid and binding search warrants.” That’s not surprising, of course. But the company does note an important distinction in what it will share: Ring will share “non-content” data in response to both subpoenas and warrants, including a user’s name, home address, email address, billing info, date they made the account, purchase history, and service usage data. The company says it will not share “content,” meaning the data you store in your account, like videos and recordings of service calls, for subpoenas, only warrants.

Ring also says it will tell you if it shares your data with law enforcement, unless it is barred from doing so, or it’s clear your Ring data breaks the law. This applies for both standard data requests, as well as “emergency” requests.

Based on its current language, it seems that Ring would give up the footage used in Search Party to law enforcement, assuming they present a valid warrant. The thing is, it’s not clear whether Search Party has any actual impact on that data: For example, imagine a dog runs in front of your Ring doorbell, and the footage is saved to your history. Now, a valid warrant comes through requesting your footage. Whether you have Search Party enabled or disabled, Ring may share that footage with law enforcement—the feature itself had no impact on whether your doorbell saved the footage. The difference would be whether law enforcement has access to the identification data within the footage: Can they see that Ring thinks that dog is, in fact, Mrs. Smith’s goldendoodle, or do they simply see a video of a fluffy pup running past your house? If so, that would be your slippery slope indeed: If law enforcement could obtain your footage with facial recognition data of the suspect they’re looking for, we’d be in particularly dangerous territory.

I’ve reached out to Ring for comment on this side of Search Party, and I hope to hear back to provide a fuller answer to this question.

How to opt-out of Search Party on your Ring cameras

If you’d rather not bother with the feature at all, Ring says it’s easy enough to turn off. To start, open the Ring app, tap the hamburger menu, then choose “Control Center.” Here, choose “Search Party,” then choose the “blue Pet icon” next to each of your cameras for “Search for Lost Pets.”

To be honest, if I had a Ring camera, I’d go one step further and delete my saved videos. Law enforcement can’t obtain what I don’t save. If you want to delete these clips from your Ring account, head to the hamburger menu in the app, tap “History,” choose the “pencil icon,” then tap “Delete All” to wipe your entire history.

Source: How to Disable Ring’s ‘Search Party’ Feature | Lifehacker

135,000 OpenClaw instances open to the internet because default settings

Posted on by

SecurityScorecard’s STRIKE threat intelligence team is sounding the alarm over the sheer volume of internet-exposed OpenClaw instances it discovered, which numbers more than 135,000 as of this writing. When combined with previously known vulnerabilities in the vibe-coded AI assistant platform and links to prior breaches, STRIKE warns that there’s a systemic security failure in the open-source AI agent space.

“Our findings reveal a massive access and identity problem created by poorly secured automation at scale,” the STRIKE team wrote in a report released Monday. “Convenience-driven deployment, default settings, and weak access controls have turned powerful AI agents into high-value targets for attackers.”

[…]

That’s not to say users aren’t at least partially to blame for the issue. Take the way OpenClaw’s default network connection is configured.

“Out of the box, OpenClaw binds to `0.0.0.0:18789`, meaning it listens on all network interfaces, including the public internet,” STRIKE noted. “For a tool this powerful, the default should be `127.0.0.1` (localhost only). It isn’t.”

STRIKE recommends all OpenClaw users, at the very least, immediately change that binding to point it to localhost. Outside of that, however, SecurityScorecard’s VP of threat intelligence and research Jeremy Turner wants users to know that most of the flaws in the system aren’t due to user inattention to defaults. He told The Register in an email that many of OpenClaw’s problems are there by design because it’s built to make system changes and expose additional services to the web by its nature.

“It’s like giving some random person access to your computer to help do tasks,” Turner said. “If you supervise and verify, it’s a huge help. If you just walk away and tell them all future instructions will come via email or text message, they might follow instructions from anyone.”

As STRIKE pointed out, compromising an OpenClaw instance means gaining access to everything the agent can access, be that a credential store, filesystem, messaging platform, web browser, or just its cache of personal details gathered about its user.

And with many of the exposed OpenClaw instances coming from organizational IP addresses and not just home systems, it’s worth pointing out that this isn’t just a problem for individuals mucking around with AI.

[…]

“Consider carefully how you integrate this, and test in a virtual machine or separate system where you limit the data and access with careful consideration,” Turner explained. “Think of it like hiring a worker with a criminal history of identity theft who knows how to code well and might take instructions from anyone.”

That said, Turner isn’t advocating for individuals and organizations to completely abandon agentic AI like OpenClaw – he simply wants potential users to be wary and consider the risks when deploying a potentially revolutionary new tech product that’s rife with vulnerabilities.

“All these new capabilities are incredible, and the researchers deserve a lot of credit for democratizing access to these new technologies,” Turner told us. “Learn to swim before jumping in the ocean.”

[…]

Source: OpenClaw instances open to the internet present ripe targets • The Register

Chat & Ask AI App Exposed 300 Million Private Messages

Posted on by

Have you ever used an application called Chat & Ask AI? If so, there’s a good chance your messages were exposed last month. In January, an independent researcher was able to easily access some 300 million messages on the service, according to 404 Media’s Emanual Maiberg. The data included chat logs related to all kinds of sensitive topics, from drug use to suicide.

Chat & Ask AI, an app offered by the Istanbul-based company Codeway that is available on both Apple and Google app stores, claims to have around 50 million users. The application essentially resells access to large language models from other companies, including OpenAI, Claude, and Google, providing limited free access to its users.

The problem that lead to the data leak was related to an insecure Google Firebase configuration, a relatively common vulnerability. The researcher was easily able to make himself an “authenticated” user, at which point he could read messages from 25 million of the app’s users. He reportedly extracted and analyzed around 60,000 messages before reporting the issue to Codeway.

The good news: The issue was quickly patched. More good news: there have been no reports of these messages leaking to the broader internet. Still, this is yet one more reason to carefully consider the kinds of messages you send AI chatbots. Remember, conversations with AI chatbots aren’t private—by their nature, these systems often save your conversations to “remember” them later. In the case of a data breach, that could potentially lead to embarrassment, or worse—and using an reseller like Chat & Ask AI to access large language models adds another layer of potential security risks, as this recent leak demonstrates.

Source: This Popular AI Chat App Exposed 300 Million Private Messages | Lifehacker

ASUS Zenbook Duo (2026) review: Two screens really are better than one

Posted on by

It takes time for novel designs to catch on. But even so, I am still wondering why the Zenbook Duo hasn’t had a bigger impact on the market after ASUS released its first true dual-screen laptop two years ago. Notebooks like these provide the kind of screen space you’d typically only get from a dual monitor setup, but in a much more compact form factor that you can easily take on the road. It could be that people were wary of an unfamiliar design, shorter battery life or buying a first-gen product — all of which are understandable concerns. However, now that ASUS has given the ZenBook Duo a total redesign for 2026, the company has addressed practically all of those barriers to entry while making it an even more convincing machine for anyone who could use more display space. Which, in my experience, is pretty much everyone.

[…]

ASUS didn’t mess with the laptop’s basic layout too much. Instead, the company polished and tightened everything up, resulting in a system that weighs about the same (3.6 pounds) while reducing its overall size (12.1 x 8.2 x 0.77 to 0.92 inches) by five percent. Critically, you still get a built-in kickstand on the bottom and a detachable keyboard that you move wherever you want. There’s also a decent number of ports, including two USB-C with Thunderbolt 4, one USB-A 3.2 jack, HDMI 2.1 and a combo audio port

[…]

The standout feature on the Zenbook Duo continues to be its dual displays, and now for 2026, they look better than ever. Both OLED panels have a 144Hz refresh rate with a 2,880 x 1,800 resolution while also covering 100 percent of the DCI-P3 spectrum. And while its nominal brightness of 500 nits for SDR content is just OK, ASUS makes up for that with peaks of up to 1,000 nits in HDR. And to make both screens even more enjoyable, ASUS managed to shrink the size of their bezels down to just 8.28mm.

[…]

range of new Intel Core Ultra 7 and Core Ultra 9 processors, including the X9 388H chip used on our review unit. For general use and productivity, the laptop is super smooth and responsive, though that shouldn’t be a surprise coming from Intel’s latest top-of-the-line mobile CPU. However, for those seeking max performance, some of the benchmark numbers aren’t quite as impressive as you might expect. That’s because ASUS has limited the Duo’s TDP (thermal design power) to 45 watts — which is shy of the chip’s 80-watt turbo power limit.

[…]

Another pleasant surprise is that because the Duo’s chip comes with Intel’s upgraded Arc B390 integrated GPU, this thing has plenty of oomph to game on, let alone edit videos or other similar tasks.

[…]

You’d think a laptop with two displays would be super power hungry. However, by increasing the capacity of its cell from 75WHrs to 99WHrs, ASUS has made the Zenbook Duo’s endurance (or lack thereof) a complete non-issue. On PCMark 10’s Modern Office rundown test, the laptop lasted 18 hours and 33 minutes in single-screen mode. Granted, that’s nearly four hours less than what we got from MSI’s Prestige 14 Flip AI+, but considering that’s the longest-lasting notebook we’ve ever tested, I’m not bothered. When compared to ASUS’ own Zenbook A14 (18:16), things are basically a wash, which I think is a win for the Duo, as the A14 is meant to be an ultralight system with an emphasis on portability and longevity.

Obviously, battery life takes a hit when you’re using both displays. However, when I re-ran our battery test with its two displays turned on, the Duo still impressed with a time of 14:23. This is more than enough to give you the confidence to set this thing up in dual-screen mode even when an outlet isn’t close at hand. Thankfully, for times when you do need a power adapter, the charging brick on ASUS’ cable is rather compact, so it’s not a chore to lug it around.

Wrap-up

The Zenbook Duo's battery life is good enough you won't always need its power brick. Thankfully, when you do, ASUS' 100-watt adapter is relatively compact.
The Zenbook Duo’s battery life is good enough you won’t always need its power brick. Thankfully, when you do, ASUS’ 100-watt adapter is relatively compact. (Sam Rutherford for Engadget)
[…]

The 2026 Zenbook Duo combines a compact design with strong performance, plenty of ports and surprisingly good battery life. Sure, it’s a touch heavier than a typical 14-inch laptop, but its two screens more than make up for a little added weight and thickness. That leaves price as the Duo’s remaining drawback, and starting at $2,100 (or $2,300 as reviewed), it certainly isn’t cheap.

However, when you consider that a similarly equipped rival like a Dell XPS 14 costs just $50 less for a single screen, that price difference is rather negligible. Alternatively, if you opt for a more affordable ultraportable and then tack on a decent third-party portable monitor, you’re still likely looking at a package that costs between $1,500 and $1,800. Plus, that setup is significantly bulkier and more annoying to carry around.

[…]

Source: ASUS Zenbook Duo (2026) review: Two screens really are better than one

New research reveals humans could have as many as 33 senses

Posted on by

We don’t experience the world through neat, separate senses—everything blends together. Smell, touch, sound, sight, and balance constantly influence one another, shaping how food tastes, objects feel, and even how heavy our bodies seem. Scientists now believe humans may have more than 20 distinct senses working at once. Everyday illusions and experiences reveal just how surprisingly complex perception really is.

[…]

Nearly everything we experience is multisensory. We do not process sight, sound, smell, and touch in isolation. Instead, they blend together into a single, unified experience of the world and of our own bodies.

How the Senses Influence One Another

What we feel affects what we see and what we see affects what we hear. Different odors in shampoo can affect how you perceive the texture of hair. The fragrance of rose makes hair seem silkier, for instance.

Odors in low-fat yogurts can make them feel richer and thicker on the palate without adding more emulsifiers. Perception of odors in the mouth, rising to the nasal passage, are modified by the viscosity of the liquids we consume.

How Many Senses Do Humans Have

My long-term collaborator, professor Charles Spence from the Crossmodal Laboratory in Oxford, told me his neuroscience colleagues believe there are anywhere between 22 and 33 senses.

These include proprioception, which enables us to know where our limbs are without looking at them. Our sense of balance draws on the vestibular system of ear canals as well as sight and proprioception.

Another example is interoception, by which we sense changes in our own bodies such as a slight increase in our heart rate and hunger. We also have a sense of agency when moving our limbs: a feeling that can go missing in stroke patients who sometimes even believe someone else is moving their arm.

There is the sense of ownership. Stroke patients sometimes feel their, for instance, arm is not their own even though they may still feel sensations in it.

Taste Is Not a Single Sense

Some of the traditional senses are combinations of several senses. Touch, for instance involves pain, temperature, itch and tactile sensations. When we taste something we are actually experiencing a combination of three senses: touch, smell and taste – or gustation – which combine to produce the flavors we perceive in food and drinks.

Gustation, covers sensations produced by receptors on the tongue that enable us to detect salt, sweet, sour, bitter and umami (savory). What about mint, mango, melon, strawberry, raspberry?

We don’t have raspberry receptors on the tongue, nor is raspberry flavor some combination of sweet, sour and bitter. There is no taste arithmetic for fruit flavors.

Why Smell Dominates Flavor

We perceive them through the combined workings of the tongue and the nose. It is smell that contributes the lion’s share to what we call tasting.

This is not inhaling odors from the environment, though. Odor compounds are released as we chew or sip, traveling from the mouth to the nose though the nasal pharynx at the back of throat.

Touch plays its part too, binding tastes and smells together and fixing our preferences for runny or firm eggs, and the velvety, luxuriousness gooeyness of chocolate.

When Balance Changes What You See

Sight is influenced by our vestibular system. When you are on board an aircraft on the ground, look down the cabin. Look again when you are in the climb.

It will “look” to you as though the front of the cabin is higher than you are, although optically, everything is in the same relation to you as it was on the ground. What you “see” is the combined effect of sight and your ear canals telling you that you are titling backwards.

Exploring the Science of the Senses

The senses offer a rich seam of research and philosophers, neuroscientists and psychologists work together at the Centre for the Study of the Senses at the University of London’s School of Advanced Study.

In 2013, the center launched its Rethinking the Senses project, directed by my colleague, the late Professor Sir Colin Blakemore. We discovered how modifying the sound of your own footsteps can make your body feel lighter or heavier.

We learned how audioguides in Tate Britain art museum that address the listener as if the model in a portrait was speaking enable visitors to remember more visual details of the painting. We discovered how aircraft noise interferes with our perception of taste and why you should always drink tomato juice on a plane.

Why Tomato Juice Tastes Better on a Plane

While our perception of salt, sweet and sour is reduced in the presence of white noise, umami is not, and tomatoes, and tomato juice is rich in umami. This means the aircraft’s noise will taste enhance the savory flavor.

Seeing Sensory Illusions for Yourself

At our latest interactive exhibition, Senses Unwrapped at Coal Drops Yard in London’s King’s Cross, people can discover for themselves how their senses work and why they don’t work as we think they do.

Pausing to Notice the Senses

For example, the size-weight illusion is illustrated by a set of small, medium and large curling stones. People can lift each one and decide which is heaviest. The smallest one feels heaviest, but people can them place them on balancing scales and discover that they are all the same weight.

But there are always plenty of things around you to show how intricate your senses are, if you only pause for a moment to take it all in. So next time you walk outside or savor a meal, take a moment to appreciate how your senses are working together to help you feel all the sensations involved.

Materials provided by The Conversation. Original written by Barry Smith, Director of the Institute of Philosophy, School of Advanced Study, University of London. Note: Content may be edited for style and length.

Source: New research reveals humans could have as many as 33 senses | ScienceDaily

HKU and UCLA Scientists Uncover the Mechanism powering “Space Battery” above Auroral Regions

Posted on by

The dazzling lights of the aurora are created when high-energy particles from space collide with Earth’s atmosphere. While scientists have long understood this process, one big mystery remained: What powers the electric fields that accelerate these particles in the first place?

A new study co-led by the Department of Earth and Planetary Sciences at The University of Hong Kong (HKU) and the Department of Atmospheric and Oceanic Sciences at the University of California, Los Angeles (UCLA) now provided an answer. Published in Nature Communications, the research reveals that Alfvén waves — plasma waves travelling along Earth’s magnetic field lines — act like an invisible power source, fueling the stunning auroral displays we see in the sky.

By analysing how charged particles move and gain energy in different regions of space, the researchers demonstrated that these waves act as a natural accelerator, supplying energy that drives charged particles down into the atmosphere and produces the glowing auroral lights.

To confirm their findings, the team analysed data collected by multiple satellites orbiting Earth, including NASA’s Van Allen Probes and the THEMIS mission. The data provided solid evidence that Alfvén waves continuously transfer energy to the auroral acceleration region, maintaining the electric fields that would otherwise dissipate.

“This discovery not only provides a definitive answer to the physics of Earth’s aurora, but also offers a universal model applicable to other planets in our solar system and beyond,” said Professor Zhonghua YAO of the Department of Earth and Planetary Sciences at HKU. Professor Yao leads a dedicated team in space and planetary science at HKU, which has established a reputation for high-impact research on planetary auroras.

With deep expertise in the magnetospheric dynamics of planets like Jupiter and Saturn, the HKU team brought a critical planetary perspective to the study. “Our team at HKU has long focused on the auroral processes of giant planets. By applying this knowledge to the high-resolution data available near Earth, we have bridged the gap between Earth science and planetary exploration.” Professor Yao added.

The research represents a model of interdisciplinary collaboration. The UCLA team, led by Dr Sheng TIAN, contributed extensive expertise in Earth’s auroral physics, while the HKU team provided the broader context of planetary space physics.

The full research paper can be read at: https://www.nature.com/articles/s41467-025-65819-4
For media enquiries, please contact HKU Faculty of Science (tel: 852-3917 4948/ 3917 5286; email: caseyto@hku.hk / cindycst@hku.hk ).
Images download and captions: https://www.scifac.hku.hk/press

Source: HKU and UCLA Scientists Uncover the Mechanism powering “Space Battery” above Auroral Regions – All News – Media – HKU

Neocities founder stuck in chatbot hell after Bing blocked 1.5 million sites

Posted on by

One of the weirdest corners of the Internet is suddenly hard to find on Bing, after the search engine inexplicably started blocking approximately 1.5 million independent websites hosted on Neocities.

Founded in 2013 to archive the “aesthetic awesomeness” of GeoCities websites, Neocities keeps the spirit of the 1990s Internet alive. It lets users design free websites without relying on standardized templates devoid of personality. For hundreds of thousands of people building websites around art, niche fandoms, and special expertise—or simply seeking a place to get a little weird online—Neocities provides a blank canvas that can be endlessly personalized when compared to a Facebook page. Delighted visitors discovering these sites are more likely to navigate by hovering flashing pointers over a web of spinning GIFs than clicking a hamburger menu or infinitely scrolling.

[…]

Monitoring stats, Drake was stunned to see that Bing traffic had suddenly dropped from about half a million daily visitors to zero. He immediately reported the issue using Bing webmaster tools.

[…]

However, weeks went by as Drake hit wall after wall, submitting nearly a dozen tickets while trying to get past the Bing chatbot to find a support member to fix the issue. Frustrated, he tried other internal channels as well, including offering to buy ads to see if an ads team member could help.

[…]

Ars reached Microsoft for comment, and the company took action to remove some inappropriate blocks.

Within 24 hours, the Neocities front page appeared in search results, but Drake ran tests over the next few days that showed that most subdomains are still being blocked, including popular Neocities sites that should garner high rankings.

Pressed to investigate further, Microsoft confirmed that some Neocities sites were delisted for violating policies designed to keep low-quality sites out of search results.

However, Microsoft would not identify which sites were problematic or directly connect with Neocities to resolve a seemingly significant amount of ongoing site blocks that do not appear to be linked to violations. Instead, Microsoft recommended that Neocities find a way to work directly with Microsoft, despite Ars confirming that Microsoft is currently ignoring an open ticket.

For Drake, “the current state of things is unknown.” It’s hard to tell if popular Neocities sites are still being blocked or if possibly Bing’s reindexing process is slow. Microsoft declined to clarify.

He’s still hoping that Microsoft will eventually resolve all the improper blocks

[…]

Drake said that he still believes that Bing is blocking content by mistake, but Bing’s automated support tools aren’t making it easy to defend creators who are randomly blocked by one of the world’s biggest search engines.

“We have one of the lowest ratios of crap to legitimate content, human-made content, on the Internet,” Drake said. “And it’s really frustrating to see that all these human beings making really cool sites that people want to go to are just not available on the default Windows search engine.”

Source: Neocities founder stuck in chatbot hell after Bing blocked 1.5 million sites – Ars Technica

Study confirms experience beats youthful enthusiasm

Posted on by

A growing body of research continues to show that older workers are generally more productive than younger employees.

Annie Coleman, founder of consultancy RealiseLongevity, analyzed the data and highlighted a 2025 study finding peak performance occurs between the ages of 55-60.

Writing in the Stanford Center on Longevity blog, she cited research examining 16 cognitive markers that confirm that although processing speed declines after early adulthood, other dimensions improve, and overall cognition peaks near retirement age.

Studies from the past 15 years show that some qualities like vigilance may worsen with age alongside processing speed, but others improve, including the ability to avoid distractions and accumulated knowledge.

These factors matter more as AI starts to eliminate jobs for grads and entry-level candidates, increasing the value of experienced workers who can mentor other employees.

A 2022 meta-analysis concluded that professional teams tend to function better when they have company veterans among them, as did Bank of America’s findings [PDF] two years later.

Likewise, a Boston Consulting Group study in 2022 showed age-diverse teams outperformed homogeneous ones, with the best results coming when older workers’ judgment combined with younger employees’ digital skills.

So, in a working world that seemingly values youthful forward thinkers over experience – illustrated by the various age discrimination lawsuits across the tech industry – the current data shows organizations should be doing everything they can to keep their older staffers.

“In meeting their responsibility for long-term risk and growth, companies should begin with clarity. Map the age profile of the workforce by role and seniority,” Coleman wrote. “Identify where people in their fifties and early sixties are exiting, and whether those exits reflect performance or design. Treat age as a strategic variable in the same way firms now treat gender, skills, or succession risk.

“Build roles and career paths that assume longer working lives. Invest in mid- and late-career reskilling, not as remediation but as renewal. Structure intergenerational teams deliberately, so experience and speed compound rather than collide. Align product, service, and brand strategy with the realities of an aging, wealthier customer base.

“None of this is about altruism. It is about reclaiming value currently being left on the table.”

Source: Study confirms experience beats youthful enthusiasm • The Register

NAPS2 – Scan documents to PDF and more

Posted on by

NAPS2 is free and open source scanning software for Windows, Mac and Linux.

Easily scan with devices from Canon, Brother, HP, Epson, Fujitsu, and more. Then save to PDF, TIFF, JPEG, or PNG with a single click.

Use the best drivers for your scanner

Choose between WIA and TWAIN drivers, whichever works better for your scanner. Also choose settings like DPI, page size, and bit depth. Scan from a flatbed or automatic document feeder (ADF), including duplex support.

Rotate, crop, and rearrange images

Drag and drop your pages into whatever order you like. Interleave pages for manual duplex scanning. Rotate your pages by hand or automatically deskew to the right angle. Use image editing tools to crop or change brightness and contrast.

Identify text using OCR

Search through text included in your PDFs by using optical character recognition (OCR), in any of over 100 languages.

Use NAPS2 in your native language

Choose from over 40 different languages. If your language isn’t available yet, help translate!

Share scanners across the network

Use scanners connected to other computers on your local network. Turn any scanner into a wireless scanner usable from your laptop or phone. Read more.

Tools for power users and businesses

Source: NAPS2 – Scan documents to PDF and more

We had sex in a Chinese hotel, then found we had been broadcast to thousands

Posted on by

One night in 2023, Eric was scrolling on a social media channel he regularly browsed for porn. Seconds into a video, he froze.

He realised the couple he was watching – entering the room, setting down their bags, and later, having sex – was himself and his girlfriend. Three weeks earlier, they had spent the night in a hotel in Shenzhen, southern China, unaware that they were not alone.

Their most intimate moments had been captured by a camera hidden in their hotel room, and the footage made available to thousands of strangers who had logged in to the channel Eric himself used to access pornography.

Eric (not his real name) was no longer just a consumer of China’s spy-cam porn industry, but a victim.

Warning: This story contains some offensive language

So-called spy-cam porn has existed in China for at least a decade, despite the fact that producing and distributing porn is illegal in the country.

[…]

Much of the material is advertised on the messaging and social media app Telegram. Over 18 months, I discovered six different websites and apps promoted on Telegram. Between them these claimed to operate more than 180 hotel-room spy-cams which were not just capturing, but livestreaming, hotel guests’ activities.

I monitored one of these websites regularly for seven months and found content captured by 54 different cameras, with about half operational at any one time.

That means thousands of guests could have been filmed over that period, the BBC estimates, based on typical occupancy rates. Most are unlikely to know they have been captured on camera.

Eric, from Hong Kong, began watching secretly filmed videos as a teenager, attracted by how “raw” the footage was.

“What drew me in is the fact that the people don’t know they’re being filmed,” says Eric, now in his 30s. “I think traditional porn feels very staged, very fake.”

But he experienced what it feels like to be at the opposite end of the supply chain when he found the video of himself and his girlfriend “Emily” – and he no longer finds gratification in this content.

[…]

Blue Li, from a Hong Kong-based NGO called RainLily – which helps victims remove explicit secretly-filmed footage from the internet – says demand is rising for her group’s services, but the task is proving more difficult.

Telegram never responds to RainLily’s requests for removal, she says, forcing them to contact group administrators – the very people selling or sharing spy-cam pornography – who have little incentive to respond.

“We believe tech companies share the huge responsibility in addressing these problems. Because these companies are not neutral platforms; their policies shape how the content would be spread,” Li says.

The BBC itself told Telegram, via its report function, that AKA and Brother Chun – and the groups they managed – were sharing spy-cam porn via its platforms, but it did not respond or take any action.

[…]

We formally set out our findings to Brother Chun and AKA that they were profiting from exploiting unsuspecting hotel guests. They did not reply, but hours later the Telegram accounts they used to advertise the content appeared to have been deleted. However the website that AKA sold me access to is still livestreaming hotel guests.

[…]

Source: We had sex in a Chinese hotel, then found we had been broadcast to thousands

Posted in Sex

South Korean Crypto Exchange Bitthumb Accidentally Gave Away $43 Billion Worth of Paper Bitcoin – which it didn’t have. Then just looted accounts to reverse the error.

Posted on by

This is called a bank error in your favour. You are liable to return the money, and you should not spend it or use it. But the bank is not allowed to just grab the money from your account. And here is part of the problem: crypto exchanges are not under the same legal restrictions as banks, which allows them to just access your accounts with relative impunity.

Earlier today, reports surfaced regarding a jaw-dropping clerical error at South Korean crypto exchange Bithumb regarding a promotional reward being sent to some customers. According to some early accounts, the reward was supposed to be 2,000 Korean won, but the users were sent 2,000 bitcoin instead. At current prices, this amounts to a roughly $140 million giveaway. That would be bad. But it was apparently much worse.

Bithumb itself has confirmed the error and indicated 620,000 bitcoin (worth around $43 billion) was accidentally sent to 695 users. The amount was large enough to cause a temporary 10% downtick in the price of bitcoin on the exchange, as some of the customers who received the misallocated funds immediately sold them. According to Bithumb, further damage was avoided by limiting withdrawals and transactions for the affected customers, and 99.7% of the errantly sent bitcoin has been recovered.

“We would like to clarify that this matter has nothing to do with external hacking or security breaches, and there are no problems with system security or customer asset management,” reads a translated version of Bithumb’s post on the matter.

The massive amount of bitcoin handed out to Bithumb customers also brings the concept of “paper bitcoin” to the forefront, as the reality is these exchanges do not necessarily have all of the bitcoin to back the amounts shown to their respective customers. This issue was at the heart of the infamous collapse of early bitcoin exchange Mt. Gox in 2014, which was by far the largest crypto exchange at the time. According to blockchain data provider Arkham Intelligence, Bithumb has roughly $5.3 billion in assets, which is nowhere near the $43 billion it says it errantly awarded to some of its customers.

[…]

Source: South Korean Crypto Exchange Accidentally Gave Away $43 Billion Worth of Paper Bitcoin